YobiWiki - User contributions [en]

PyCryptoPlus

2008-11-10T09:21:20Z

Tiftof: /* source structure */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|One-way Functions
|-
| MD5 || Py || C
|-
| SHA Family || Py (SHA1 & SHA2 family)|| C (SHA-1 & 256)
|-
| Whirlpool || Py ||
|-
| RipeMD || Py || Py
|-
| RadioGatun || Py ||
|-
| HMAC || Py || Py
|-
| PBKDF2 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
** new Hash functions: extended SHA family, Whirpool, RadioGatùn, PBKDF2
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Hash subpackage
|-
|src/Hash/__init__.py
|specify all the ciphers in the CryptoPlus.Hash package (new implementations and imports from pycrypto
|-
|src/Hash/python_*.py
|
* wrappers for the pure python (py*.py) implementations of hash functions
* provide "new()" function and some doctests
|-
|src/Hash/py*.py
|
*pure python implementations of hash functions
*pyradiogatun.py is own code, the rest is gathered from other sources
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**Snow 3G
***www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
***"The main difference in SNOW 3G is the addition of a second S-box giving higher resistance against possible future advances in algebraic cryptanalysis"[http://www.ecrypt.eu.org/documents/D.SPA.21-1.1.pdf]
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-11-10T09:11:24Z

Tiftof: /* Differences with pycrypto */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|One-way Functions
|-
| MD5 || Py || C
|-
| SHA Family || Py (SHA1 & SHA2 family)|| C (SHA-1 & 256)
|-
| Whirlpool || Py ||
|-
| RipeMD || Py || Py
|-
| RadioGatun || Py ||
|-
| HMAC || Py || Py
|-
| PBKDF2 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
** new Hash functions: extended SHA family, Whirpool, RadioGatùn, PBKDF2
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**Snow 3G
***www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
***"The main difference in SNOW 3G is the addition of a second S-box giving higher resistance against possible future advances in algebraic cryptanalysis"[http://www.ecrypt.eu.org/documents/D.SPA.21-1.1.pdf]
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-11-10T09:11:00Z

Tiftof: /* One-way Functions */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
One-way Functions
|-
| MD5 || Py || C
|-
| SHA Family || Py (SHA1 & SHA2 family)|| C (SHA-1 & 256)
|-
| Whirlpool || Py ||
|-
| RipeMD || Py || Py
|-
| RadioGatun || Py ||
|-
| HMAC || Py || Py
|-
| PBKDF2 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
** new Hash functions: extended SHA family, Whirpool, RadioGatùn, PBKDF2
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**Snow 3G
***www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
***"The main difference in SNOW 3G is the addition of a second S-box giving higher resistance against possible future advances in algebraic cryptanalysis"[http://www.ecrypt.eu.org/documents/D.SPA.21-1.1.pdf]
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-11-10T09:10:31Z

Tiftof: /* Differences with pycrypto */ added Hash functions

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===One-way Functions===
|-
| MD5 || Py || C
|-
| SHA Family || Py (SHA1 & SHA2 family)|| C (SHA-1 & 256)
|-
| Whirlpool || Py ||
|-
| RipeMD || Py || Py
|-
| RadioGatun || Py ||
|-
| HMAC || Py || Py
|-
| PBKDF2 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
** new Hash functions: extended SHA family, Whirpool, RadioGatùn, PBKDF2
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**Snow 3G
***www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
***"The main difference in SNOW 3G is the addition of a second S-box giving higher resistance against possible future advances in algebraic cryptanalysis"[http://www.ecrypt.eu.org/documents/D.SPA.21-1.1.pdf]
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-29T19:58:09Z

Tiftof: /* Stream Ciphers */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**Snow 3G
***www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
***"The main difference in SNOW 3G is the addition of a second S-box giving higher resistance against possible future advances in algebraic cryptanalysis"[http://www.ecrypt.eu.org/documents/D.SPA.21-1.1.pdf]
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-29T16:04:03Z

Tiftof: /* Stream Ciphers */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**Snow 3G
***www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
***"The main difference in SNOW 3G is the addition of a second S-box giving higher resistance against possible future advances in algebraic cryptanalysis"[www.ecrypt.eu.org/documents/D.SPA.21-1.1.pdf]
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-29T15:29:21Z

Tiftof: /* Stream Ciphers */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-28T19:28:28Z

Tiftof:

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Stream Ciphers ==
*SNOW2 / SNOW3G
**http://www.it.lth.se/cryptology/snow/
**LFSR, FSM, S-Box
*Grain
**http://www.ecrypt.eu.org/stream/grainpf.html
**LFSR, NFSR, output function
*Trivium
**http://www.ecrypt.eu.org/stream/triviumpf.html
*LFSR
*(self)Shrinking Generator
*ARC4
**http://en.wikipedia.org/wiki/RC4
*XOR
== Various info ==

=== [[Python]] ===

Python

2008-10-25T12:52:56Z

Tiftof: added section "Installing another Python version"

==Misc links==
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

== Installing another Python version ==
When installing a python version not available as a package for your linux distribution:
$ ./configure
$ make
# make altinstall
this newly installed python version will then be available in your path as pythonX.X (with X.X being the python version) 
 
When you want to be able to use '''setuptools''', you also need zlib. zlib will be compiled with python if the zlib-dev package is available on your system. On debian/ubuntu:
# apt-get install zlib1g-dev
and then install python. Python setup will find zlib by itself. Installing setuptools:
*[http://pypi.python.org/pypi/setuptools download] the appropriate egg
*install it by running it as a shell script
# sh setuptools-x.x-pyx.x.egg
 
Python can be installed with every module available on your systems python install by first doing:
# apt-get build-dep python2.5

== Setup Script ==
=== distutils vs setuptools ===
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
=== distutils ===
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

=== setuptools ===
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default
==Installing development Python packages==
 During development, it's painful to install the package every time you're doing sth on it.
 There are various ways to import a module actually
===Basic import from a local directory===
In your code, e.g. mycode.py:
from Module1 import Function1
Usage: pointing to the path containing the module
PYTHONPATH=/path/to/src/directory/above/Module1 python mycode.py
===Import from a local directory, using egg_info===
This is using python-pkg-resources

Installing (locally):
python setup.py egg_info

In your code, e.g. mycode.py:
from pkg_resources import require
require("Module1>=1.0")
from Module1 import Function1

Usage: pointing to the path containing the egg_info
PYTHONPATH=/path/to/src/directory/containing/egg_info python mycode.py

Cleaning:
rm -rf /path/to/src/directory/containing/egg_info/Module1.egg-info
===Install a development version===
Actually symlinking to the working directory
 This is using python-pkg-resources

Installing (symlink):
sudo python setup.py develop

Usage:
python mycode.py

Cleaning:
sudo python setup.py develop --uninstall
rm -rf /path/to/src/directory/containing/egg_info/Module1.egg-info
===Create and installing an egg===
This is using python-pkg-resources

Installing:
python setup.py bdist_egg
sudo easy_install dist/Module1-1.0-py2.5.egg

Usage:
python mycode.py

Cleaning:
sudo rm /usr/lib/python2.5/site-packages/Module1-1.0-py2.5.egg
===Create and using locally an egg===
This is using python-pkg-resources

Creating:
python setup.py bdist_egg

In your code, e.g. mycode.py:
from pkg_resources import require
require("Module1>=1.0")
from Module1 import Function1

Usage: pointing to the path containing the egg file
PYTHONPATH=/path/to/your/dist/ python mycode.py

PyCryptoPlus

2008-10-23T20:15:06Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**http://www.rfc-editor.org/rfc/rfc1321.txt
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**[http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf FIPS 180-2]
**SHA1: http://www.rfc-editor.org/rfc/rfc3174.txt
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**[http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html Homepage]
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-23T15:55:40Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-16T15:24:03Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
***uses same API as standard python hashing modules
***MIT License
*Whirlpool
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-16T15:20:09Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA-256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
**SHA-224, 256, 384, and 512 at http://reikon.us/sha2/
***less readable than pypy implementation (pypy is using same structure for md5 and sha1)
*Whirlpool
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-16T13:32:53Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
*Whirlpool
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto: no need to copy it again in cryptoplus?
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/

== Various info ==

=== [[Python]] ===

PyCryptoPlus

2008-10-16T09:55:57Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Author & Download ===
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git here]

=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (Python License)
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (Python License)
***can be modified for other SHA's
***uses standard python hash api
**SHA256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
*Whirlpool
**available here: [http://www.bjrn.se/code/whirlpoolpy.txt python truecrypt implementation]
*RipeMD
**RipeMD-160 available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
**modify to add RipeMD-128?
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/

== Various info ==

=== [[Python]] ===

Present python implementation

2008-10-16T00:00:10Z

Tiftof: deleted comments from during development

This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available [http://repo.or.cz/w/python-cryptoplus.git?a=blob;f=src/CryptoPlus/Cipher/pypresent.py;hb=HEAD here]

Features:
* calculating round keys
* encrypting a block
* decrypting a block
* supports amount of rounds different from the standard amount of 32
** tested with 32, 64, 128 and 65534 rounds
** PRESENT reference implementation supports amount of rounds up to 65534

PyCryptoPlus

2008-10-15T16:21:35Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (MIT License)
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (MIT License)
***can be modified for other SHA's
***uses standard python hash api
**SHA256 implementation: https://vcs.slash-me.net/snippets/sha256/sha256.py
***short code but less readable than the one from pypy
*Whirlpool
**available at [python truecrypt implementation http://www.bjrn.se/code/whirlpoolpy.txt]
*RipeMD
**available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

Sage Cross Reference Table of Wishes and Availability

2008-10-15T16:19:22Z

Tiftof: /* One-way Functions */

'''Back to [[SAGE & cryptology]]
==Table==
'''Legend'''
* C: wrapped C code
* Py: pure python code
* Sage: sage code

{|border="1"
!
!Sage
! colspan="2"|optional packages
! colspan="2"|other python packages
! rowspan="2"|python code available
|-
!
!
!PyCrypto
!PyOpenSSL
!M2Crypto
!TLS Lite
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Block Ciphers===
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Block cipher algorithms====
|-
| Serpent || || || || || ||[http://psionicist.online.fr/code/][http://www.cl.cam.ac.uk/~fms27/serpent/serpent.py.html]
|-
| Blowfish || || C || C || || ||[http://www.4dsolutions.net/cgi-bin/py2html.cgi?script=/ocn/python/blowfish.py] [http://www.michaelgilfix.com/files/blowfish.py] [http://ivoras.sharanet.org/projects/blowfish.html]
|-
| Twofish || || || || || ||[http://psionicist.online.fr/code/]
|-
| Idea || || C || || C || ||
|-
| DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| 3DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| AES || || C || || C || Py ||[http://psionicist.online.fr/code/] [http://jclement.ca/software/pyrijndael/][http://bitconjurer.org/rijndael.py tlslite implementation]
|-
| Present || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Modes of operation====
|-
| CMAC || || || || || ||
|-
| XCBC || || || || book* || ||
|-
| CBC-MAC || || || || book* || ||
|-
| CCM || || || || || ||
|-
| GCM || || || || || ||
|-
| ECB || || C || || C || ||
|-
| CBC || || C || || C || Py ||
|-
| CTR || || C || || || ||
|-
| LRW || || || || || ||
|-
| XTS || || || || || ||[http://psionicist.online.fr/code/pytruecrypt/]
|-
| MDC-2 || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Paddings====
|-
| bit padding || || || || || ||
|-
| zeros || || || || || ||
|-
| PKCS7 || || || || C || ||
|-
| PKCS12 || || || || || ||
|-
| ISO 10126 || || || || || ||
|-
| ANSI X.923 || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Stream Ciphers===
|-
| RC4 || || C || || C || Py ||[http://www.amk.ca/python/writing/crypto-curiosa.html]
|-
| A5/1 A5/2 || || || || || ||
|-
| SNOW2 SNOW3G || || || || || ||
|-
| HC-128 || || || || || ||
|-
| RABBIT || || || || || ||
|-
| Salsa 20/12 || || || || || ||
|-
| SOSEMANUK || || || || || ||
|-
| F-FCSR || || || || || ||
|-
| Grain || || || || || ||
|-
| MICKEY || || || || || ||
|-
| Trivium || || || || || ||
|-
| LFSR || Sage || || || || ||
|-
| Shrinking generator|| Sage || || || || ||
|-
| Self-Shrinking generator|| || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===One-way Functions===
|-
| MD5 || Py(C) || C || || C || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy]
|-
| SHA Family || Py(C) || C (SHA-1 & 256)|| || C (only SHA1) || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy(SHA1)][https://vcs.slash-me.net/snippets/sha256/sha256.py SHA256]
|-
| Whirlpool || || || || || ||[http://psionicist.online.fr/code/]
|-
| RipeMD || || Py || || C (ripemd-160) || ||[http://psionicist.online.fr/code/]
|-
| MDC-2 || || || || || ||
|-
| RadioGatun || || || || || ||
|-
| Davies-Meyer || || || || || ||
|-
| Matyas-Meyer-Oseas || || || || || ||
|-
| Miyaguchi-Preneel || || || || || ||
|-
| HMAC || Py || Py || || C*** || Py ||
|-
| NMAC || || || || || ||
|-
| KDF family || || || || || ||
|-
| PBKDF2 || || || || C*** || ||[http://www.dlitz.net/software/python-pbkdf2/]
|- style="background-color:#dddddd;"
! align="left" colspan="8"|

===Public-key cryptography===
|-
| Misc || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====ECC====
|-
| all coordinate sys. || || || || || ||
|-
|cf [http://www.hyperelliptic.org/EFD/ EFD] || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Other====
|-
| RSA || || C** || || C (PKCS1) || Py ||[http://pypi.python.org/pypi/asym/0.1.0] [http://www.stuvel.eu/rsa]
|-
| DSA || || C || || C || ||
|-
| ElGamal || || C || || || ||
|-
| DH || || || || C || ||
|-
| XTR || || || || || ||
|-
| Paillier || || || || || ||
|-
| NTRUE || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Pseudo-random generators===
|-
| cf NIST || || || || || ||
|-
| Mersenne Twister || Py || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Cryptanalysis tools===
|-
| align="left" colspan="8"|Entropy finder: [http://deadhacker.com/2007/05/13/finding-entropy-in-binary-files/] and [http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html] then [http://blog.dkbza.org/2007/07/scanning-data-for-entropy-anomalies-ii.html]
|}

/**Check if PKCS#1 v1.5/v2.1 and if CTR 
/***See EVP.py 
book*: C-code available in Oreilly's OpenSSL book

PyCryptoPlus

2008-10-15T16:02:55Z

Tiftof: /* Current Situation */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy] (MIT License)
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy] (MIT License)
***can it be modified for other SHA's?
*Whirlpool
**available at [python truecrypt implementation http://www.bjrn.se/code/whirlpoolpy.txt]
*RipeMD
**available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

Sage Cross Reference Table of Wishes and Availability

2008-10-15T14:45:58Z

Tiftof: /* One-way Functions */

'''Back to [[SAGE & cryptology]]
==Table==
'''Legend'''
* C: wrapped C code
* Py: pure python code
* Sage: sage code

{|border="1"
!
!Sage
! colspan="2"|optional packages
! colspan="2"|other python packages
! rowspan="2"|python code available
|-
!
!
!PyCrypto
!PyOpenSSL
!M2Crypto
!TLS Lite
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Block Ciphers===
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Block cipher algorithms====
|-
| Serpent || || || || || ||[http://psionicist.online.fr/code/][http://www.cl.cam.ac.uk/~fms27/serpent/serpent.py.html]
|-
| Blowfish || || C || C || || ||[http://www.4dsolutions.net/cgi-bin/py2html.cgi?script=/ocn/python/blowfish.py] [http://www.michaelgilfix.com/files/blowfish.py] [http://ivoras.sharanet.org/projects/blowfish.html]
|-
| Twofish || || || || || ||[http://psionicist.online.fr/code/]
|-
| Idea || || C || || C || ||
|-
| DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| 3DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| AES || || C || || C || Py ||[http://psionicist.online.fr/code/] [http://jclement.ca/software/pyrijndael/][http://bitconjurer.org/rijndael.py tlslite implementation]
|-
| Present || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Modes of operation====
|-
| CMAC || || || || || ||
|-
| XCBC || || || || book* || ||
|-
| CBC-MAC || || || || book* || ||
|-
| CCM || || || || || ||
|-
| GCM || || || || || ||
|-
| ECB || || C || || C || ||
|-
| CBC || || C || || C || Py ||
|-
| CTR || || C || || || ||
|-
| LRW || || || || || ||
|-
| XTS || || || || || ||[http://psionicist.online.fr/code/pytruecrypt/]
|-
| MDC-2 || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Paddings====
|-
| bit padding || || || || || ||
|-
| zeros || || || || || ||
|-
| PKCS7 || || || || C || ||
|-
| PKCS12 || || || || || ||
|-
| ISO 10126 || || || || || ||
|-
| ANSI X.923 || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Stream Ciphers===
|-
| RC4 || || C || || C || Py ||[http://www.amk.ca/python/writing/crypto-curiosa.html]
|-
| A5/1 A5/2 || || || || || ||
|-
| SNOW2 SNOW3G || || || || || ||
|-
| HC-128 || || || || || ||
|-
| RABBIT || || || || || ||
|-
| Salsa 20/12 || || || || || ||
|-
| SOSEMANUK || || || || || ||
|-
| F-FCSR || || || || || ||
|-
| Grain || || || || || ||
|-
| MICKEY || || || || || ||
|-
| Trivium || || || || || ||
|-
| LFSR || Sage || || || || ||
|-
| Shrinking generator|| Sage || || || || ||
|-
| Self-Shrinking generator|| || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===One-way Functions===
|-
| MD5 || Py(C) || C || || C || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy]
|-
| SHA Family || Py(C) || C (SHA-1 & 256)|| || C (only SHA1) || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy]
|-
| Whirlpool || || || || || ||[http://psionicist.online.fr/code/]
|-
| RipeMD || || Py || || C (ripemd-160) || ||[http://psionicist.online.fr/code/]
|-
| MDC-2 || || || || || ||
|-
| RadioGatun || || || || || ||
|-
| Davies-Meyer || || || || || ||
|-
| Matyas-Meyer-Oseas || || || || || ||
|-
| Miyaguchi-Preneel || || || || || ||
|-
| HMAC || Py || Py || || C*** || Py ||
|-
| NMAC || || || || || ||
|-
| KDF family || || || || || ||
|-
| PBKDF2 || || || || C*** || ||[http://www.dlitz.net/software/python-pbkdf2/]
|- style="background-color:#dddddd;"
! align="left" colspan="8"|

===Public-key cryptography===
|-
| Misc || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====ECC====
|-
| all coordinate sys. || || || || || ||
|-
|cf [http://www.hyperelliptic.org/EFD/ EFD] || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Other====
|-
| RSA || || C** || || C (PKCS1) || Py ||[http://pypi.python.org/pypi/asym/0.1.0] [http://www.stuvel.eu/rsa]
|-
| DSA || || C || || C || ||
|-
| ElGamal || || C || || || ||
|-
| DH || || || || C || ||
|-
| XTR || || || || || ||
|-
| Paillier || || || || || ||
|-
| NTRUE || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Pseudo-random generators===
|-
| cf NIST || || || || || ||
|-
| Mersenne Twister || Py || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Cryptanalysis tools===
|-
| align="left" colspan="8"|Entropy finder: [http://deadhacker.com/2007/05/13/finding-entropy-in-binary-files/] and [http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html] then [http://blog.dkbza.org/2007/07/scanning-data-for-entropy-anomalies-ii.html]
|}

/**Check if PKCS#1 v1.5/v2.1 and if CTR 
/***See EVP.py 
book*: C-code available in Oreilly's OpenSSL book

PyCryptoPlus

2008-10-15T14:45:40Z

Tiftof: /* Hash Module */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==
=== Current Situation ===
*MD5
**good implementation in [http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy]
*SHA family
**SHA-1 available in [http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy]
***can it be modified for other SHA's?
*Whirlpool
**available at [python truecrypt implementation http://www.bjrn.se/code/whirlpoolpy.txt]
*RipeMD
**available as pure python implementation in current pycrypto development =>RipeMD and python_RipeMD will point to the same pycrypto ripemd implementation
*RadioGatun
**http://radiogatun.noekeon.org/
***reference C-code
***testvectors
*HMAC
**available in python and pypy as pure python -> same implementation used in pycrypto
*PBKDF2
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

Sage Cross Reference Table of Wishes and Availability

2008-10-15T14:35:32Z

Tiftof: /* One-way Functions */

'''Back to [[SAGE & cryptology]]
==Table==
'''Legend'''
* C: wrapped C code
* Py: pure python code
* Sage: sage code

{|border="1"
!
!Sage
! colspan="2"|optional packages
! colspan="2"|other python packages
! rowspan="2"|python code available
|-
!
!
!PyCrypto
!PyOpenSSL
!M2Crypto
!TLS Lite
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Block Ciphers===
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Block cipher algorithms====
|-
| Serpent || || || || || ||[http://psionicist.online.fr/code/][http://www.cl.cam.ac.uk/~fms27/serpent/serpent.py.html]
|-
| Blowfish || || C || C || || ||[http://www.4dsolutions.net/cgi-bin/py2html.cgi?script=/ocn/python/blowfish.py] [http://www.michaelgilfix.com/files/blowfish.py] [http://ivoras.sharanet.org/projects/blowfish.html]
|-
| Twofish || || || || || ||[http://psionicist.online.fr/code/]
|-
| Idea || || C || || C || ||
|-
| DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| 3DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| AES || || C || || C || Py ||[http://psionicist.online.fr/code/] [http://jclement.ca/software/pyrijndael/][http://bitconjurer.org/rijndael.py tlslite implementation]
|-
| Present || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Modes of operation====
|-
| CMAC || || || || || ||
|-
| XCBC || || || || book* || ||
|-
| CBC-MAC || || || || book* || ||
|-
| CCM || || || || || ||
|-
| GCM || || || || || ||
|-
| ECB || || C || || C || ||
|-
| CBC || || C || || C || Py ||
|-
| CTR || || C || || || ||
|-
| LRW || || || || || ||
|-
| XTS || || || || || ||[http://psionicist.online.fr/code/pytruecrypt/]
|-
| MDC-2 || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Paddings====
|-
| bit padding || || || || || ||
|-
| zeros || || || || || ||
|-
| PKCS7 || || || || C || ||
|-
| PKCS12 || || || || || ||
|-
| ISO 10126 || || || || || ||
|-
| ANSI X.923 || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Stream Ciphers===
|-
| RC4 || || C || || C || Py ||[http://www.amk.ca/python/writing/crypto-curiosa.html]
|-
| A5/1 A5/2 || || || || || ||
|-
| SNOW2 SNOW3G || || || || || ||
|-
| HC-128 || || || || || ||
|-
| RABBIT || || || || || ||
|-
| Salsa 20/12 || || || || || ||
|-
| SOSEMANUK || || || || || ||
|-
| F-FCSR || || || || || ||
|-
| Grain || || || || || ||
|-
| MICKEY || || || || || ||
|-
| Trivium || || || || || ||
|-
| LFSR || Sage || || || || ||
|-
| Shrinking generator|| Sage || || || || ||
|-
| Self-Shrinking generator|| || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===One-way Functions===
|-
| MD5 || Py || C || || C || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy]
|-
| SHA Family || Py || C (SHA-1 & 256)|| || C (only SHA1) || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy]
|-
| Whirlpool || || || || || ||[http://psionicist.online.fr/code/]
|-
| RipeMD || || Py || || C (ripemd-160) || ||[http://psionicist.online.fr/code/]
|-
| MDC-2 || || || || || ||
|-
| RadioGatun || || || || || ||
|-
| Davies-Meyer || || || || || ||
|-
| Matyas-Meyer-Oseas || || || || || ||
|-
| Miyaguchi-Preneel || || || || || ||
|-
| HMAC || Py || Py || || C*** || Py ||
|-
| NMAC || || || || || ||
|-
| KDF family || || || || || ||
|-
| PBKDF2 || || || || C*** || ||[http://code.google.com/p/uliweb/source/browse/trunk/lib/beaker/crypto/pbkdf2.py?r=119]
|- style="background-color:#dddddd;"
! align="left" colspan="8"|

===Public-key cryptography===
|-
| Misc || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====ECC====
|-
| all coordinate sys. || || || || || ||
|-
|cf [http://www.hyperelliptic.org/EFD/ EFD] || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Other====
|-
| RSA || || C** || || C (PKCS1) || Py ||[http://pypi.python.org/pypi/asym/0.1.0] [http://www.stuvel.eu/rsa]
|-
| DSA || || C || || C || ||
|-
| ElGamal || || C || || || ||
|-
| DH || || || || C || ||
|-
| XTR || || || || || ||
|-
| Paillier || || || || || ||
|-
| NTRUE || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Pseudo-random generators===
|-
| cf NIST || || || || || ||
|-
| Mersenne Twister || Py || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Cryptanalysis tools===
|-
| align="left" colspan="8"|Entropy finder: [http://deadhacker.com/2007/05/13/finding-entropy-in-binary-files/] and [http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html] then [http://blog.dkbza.org/2007/07/scanning-data-for-entropy-anomalies-ii.html]
|}

/**Check if PKCS#1 v1.5/v2.1 and if CTR 
/***See EVP.py 
book*: C-code available in Oreilly's OpenSSL book

PyCryptoPlus

2008-10-15T13:52:18Z

Tiftof: restructered: various info splitted in "cipher module" and "various info" & "hash module" section added

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

==Cipher module==

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

== Hash Module ==

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

Sage Cross Reference Table of Wishes and Availability

2008-10-15T13:40:40Z

Tiftof: /* One-way Functions */

'''Back to [[SAGE & cryptology]]
==Table==
'''Legend'''
* C: wrapped C code
* Py: pure python code
* Sage: sage code

{|border="1"
!
!Sage
! colspan="2"|optional packages
! colspan="2"|other python packages
! rowspan="2"|python code available
|-
!
!
!PyCrypto
!PyOpenSSL
!M2Crypto
!TLS Lite
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Block Ciphers===
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Block cipher algorithms====
|-
| Serpent || || || || || ||[http://psionicist.online.fr/code/][http://www.cl.cam.ac.uk/~fms27/serpent/serpent.py.html]
|-
| Blowfish || || C || C || || ||[http://www.4dsolutions.net/cgi-bin/py2html.cgi?script=/ocn/python/blowfish.py] [http://www.michaelgilfix.com/files/blowfish.py] [http://ivoras.sharanet.org/projects/blowfish.html]
|-
| Twofish || || || || || ||[http://psionicist.online.fr/code/]
|-
| Idea || || C || || C || ||
|-
| DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| 3DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| AES || || C || || C || Py ||[http://psionicist.online.fr/code/] [http://jclement.ca/software/pyrijndael/][http://bitconjurer.org/rijndael.py tlslite implementation]
|-
| Present || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Modes of operation====
|-
| CMAC || || || || || ||
|-
| XCBC || || || || book* || ||
|-
| CBC-MAC || || || || book* || ||
|-
| CCM || || || || || ||
|-
| GCM || || || || || ||
|-
| ECB || || C || || C || ||
|-
| CBC || || C || || C || Py ||
|-
| CTR || || C || || || ||
|-
| LRW || || || || || ||
|-
| XTS || || || || || ||[http://psionicist.online.fr/code/pytruecrypt/]
|-
| MDC-2 || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Paddings====
|-
| bit padding || || || || || ||
|-
| zeros || || || || || ||
|-
| PKCS7 || || || || C || ||
|-
| PKCS12 || || || || || ||
|-
| ISO 10126 || || || || || ||
|-
| ANSI X.923 || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Stream Ciphers===
|-
| RC4 || || C || || C || Py ||[http://www.amk.ca/python/writing/crypto-curiosa.html]
|-
| A5/1 A5/2 || || || || || ||
|-
| SNOW2 SNOW3G || || || || || ||
|-
| HC-128 || || || || || ||
|-
| RABBIT || || || || || ||
|-
| Salsa 20/12 || || || || || ||
|-
| SOSEMANUK || || || || || ||
|-
| F-FCSR || || || || || ||
|-
| Grain || || || || || ||
|-
| MICKEY || || || || || ||
|-
| Trivium || || || || || ||
|-
| LFSR || Sage || || || || ||
|-
| Shrinking generator|| Sage || || || || ||
|-
| Self-Shrinking generator|| || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===One-way Functions===
|-
| MD5 || Py || C || || C || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py pypy]
|-
| SHA Family || Py || C (SHA-1 & 256)|| || C (only SHA1) || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py pypy]
|-
| Whirlpool || || || || || ||[http://psionicist.online.fr/code/]
|-
| RipeMD || || Py || || C (ripemd-160) || ||[http://psionicist.online.fr/code/]
|-
| MDC-2 || || || || || ||
|-
| RadioGatun || || || || || ||
|-
| Davies-Meyer || || || || || ||
|-
| Matyas-Meyer-Oseas || || || || || ||
|-
| Miyaguchi-Preneel || || || || || ||
|-
| HMAC || Py || || || C*** || Py ||
|-
| NMAC || || || || || ||
|-
| KDF family || || || || || ||
|-
| PBKDF2 || || || || C*** || ||[http://code.google.com/p/uliweb/source/browse/trunk/lib/beaker/crypto/pbkdf2.py?r=119]
|- style="background-color:#dddddd;"
! align="left" colspan="8"|

===Public-key cryptography===
|-
| Misc || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====ECC====
|-
| all coordinate sys. || || || || || ||
|-
|cf [http://www.hyperelliptic.org/EFD/ EFD] || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Other====
|-
| RSA || || C** || || C (PKCS1) || Py ||[http://pypi.python.org/pypi/asym/0.1.0] [http://www.stuvel.eu/rsa]
|-
| DSA || || C || || C || ||
|-
| ElGamal || || C || || || ||
|-
| DH || || || || C || ||
|-
| XTR || || || || || ||
|-
| Paillier || || || || || ||
|-
| NTRUE || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Pseudo-random generators===
|-
| cf NIST || || || || || ||
|-
| Mersenne Twister || Py || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Cryptanalysis tools===
|-
| align="left" colspan="8"|Entropy finder: [http://deadhacker.com/2007/05/13/finding-entropy-in-binary-files/] and [http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html] then [http://blog.dkbza.org/2007/07/scanning-data-for-entropy-anomalies-ii.html]
|}

/**Check if PKCS#1 v1.5/v2.1 and if CTR 
/***See EVP.py 
book*: C-code available in Oreilly's OpenSSL book

Sage Cross Reference Table of Wishes and Availability

2008-10-15T13:39:14Z

Tiftof: added headings to the cross reference table

'''Back to [[SAGE & cryptology]]
==Table==
'''Legend'''
* C: wrapped C code
* Py: pure python code
* Sage: sage code

{|border="1"
!
!Sage
! colspan="2"|optional packages
! colspan="2"|other python packages
! rowspan="2"|python code available
|-
!
!
!PyCrypto
!PyOpenSSL
!M2Crypto
!TLS Lite
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Block Ciphers===
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Block cipher algorithms====
|-
| Serpent || || || || || ||[http://psionicist.online.fr/code/][http://www.cl.cam.ac.uk/~fms27/serpent/serpent.py.html]
|-
| Blowfish || || C || C || || ||[http://www.4dsolutions.net/cgi-bin/py2html.cgi?script=/ocn/python/blowfish.py] [http://www.michaelgilfix.com/files/blowfish.py] [http://ivoras.sharanet.org/projects/blowfish.html]
|-
| Twofish || || || || || ||[http://psionicist.online.fr/code/]
|-
| Idea || || C || || C || ||
|-
| DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| 3DES || || C || || C || ||[http://twhiteman.netfirms.com/des.html]
|-
| AES || || C || || C || Py ||[http://psionicist.online.fr/code/] [http://jclement.ca/software/pyrijndael/][http://bitconjurer.org/rijndael.py tlslite implementation]
|-
| Present || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Modes of operation====
|-
| CMAC || || || || || ||
|-
| XCBC || || || || book* || ||
|-
| CBC-MAC || || || || book* || ||
|-
| CCM || || || || || ||
|-
| GCM || || || || || ||
|-
| ECB || || C || || C || ||
|-
| CBC || || C || || C || Py ||
|-
| CTR || || C || || || ||
|-
| LRW || || || || || ||
|-
| XTS || || || || || ||[http://psionicist.online.fr/code/pytruecrypt/]
|-
| MDC-2 || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Paddings====
|-
| bit padding || || || || || ||
|-
| zeros || || || || || ||
|-
| PKCS7 || || || || C || ||
|-
| PKCS12 || || || || || ||
|-
| ISO 10126 || || || || || ||
|-
| ANSI X.923 || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Stream Ciphers===
|-
| RC4 || || C || || C || Py ||[http://www.amk.ca/python/writing/crypto-curiosa.html]
|-
| A5/1 A5/2 || || || || || ||
|-
| SNOW2 SNOW3G || || || || || ||
|-
| HC-128 || || || || || ||
|-
| RABBIT || || || || || ||
|-
| Salsa 20/12 || || || || || ||
|-
| SOSEMANUK || || || || || ||
|-
| F-FCSR || || || || || ||
|-
| Grain || || || || || ||
|-
| MICKEY || || || || || ||
|-
| Trivium || || || || || ||
|-
| LFSR || Sage || || || || ||
|-
| Shrinking generator|| Sage || || || || ||
|-
| Self-Shrinking generator|| || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===One-way Functions===
|-
| MD5 || Py || C || || C || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/md5.py]
|-
| SHA Family || Py || C (SHA-1 & 256)|| || C (only SHA1) || ||[http://codespeak.net/svn/pypy/dist/pypy/lib/sha.py]
|-
| Whirlpool || || || || || ||[http://psionicist.online.fr/code/]
|-
| RipeMD || || C || || C (ripemd-160) || ||[http://psionicist.online.fr/code/]
|-
| MDC-2 || || || || || ||
|-
| RadioGatun || || || || || ||
|-
| Davies-Meyer || || || || || ||
|-
| Matyas-Meyer-Oseas || || || || || ||
|-
| Miyaguchi-Preneel || || || || || ||
|-
| HMAC || Py || || || C*** || Py ||
|-
| NMAC || || || || || ||
|-
| KDF family || || || || || ||
|-
| PBKDF2 || || || || C*** || ||[http://code.google.com/p/uliweb/source/browse/trunk/lib/beaker/crypto/pbkdf2.py?r=119]
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Public-key cryptography===
|-
| Misc || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====ECC====
|-
| all coordinate sys. || || || || || ||
|-
|cf [http://www.hyperelliptic.org/EFD/ EFD] || || || || || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|
====Other====
|-
| RSA || || C** || || C (PKCS1) || Py ||[http://pypi.python.org/pypi/asym/0.1.0] [http://www.stuvel.eu/rsa]
|-
| DSA || || C || || C || ||
|-
| ElGamal || || C || || || ||
|-
| DH || || || || C || ||
|-
| XTR || || || || || ||
|-
| Paillier || || || || || ||
|-
| NTRUE || || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Pseudo-random generators===
|-
| cf NIST || || || || || ||
|-
| Mersenne Twister || Py || || || || ||
|- style="background-color:#dddddd;"
! align="left" colspan="8"|
===Cryptanalysis tools===
|-
| align="left" colspan="8"|Entropy finder: [http://deadhacker.com/2007/05/13/finding-entropy-in-binary-files/] and [http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html] then [http://blog.dkbza.org/2007/07/scanning-data-for-entropy-anomalies-ii.html]
|}

/**Check if PKCS#1 v1.5/v2.1 and if CTR 
/***See EVP.py 
book*: C-code available in Oreilly's OpenSSL book

PyCryptoPlus

2008-10-14T20:20:33Z

Tiftof: /* source structure */ removed "verified" testvector status as in all doctest the source of testvectors is mentioned now

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-14T20:01:55Z

Tiftof: /* TODO */ cleaned up todo list

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*check other implementation of Blowfish
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-14T19:49:45Z

Tiftof: /* Tests available */ Not needed anymore -> available in the source structure table

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-14T19:48:34Z

Tiftof: /* source structure */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package:
*always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
*if pycrypto > 2.0.1: "SelfTest", "Random"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
|-
|src/Util/Fortuna.py
|
*imports Crypto.Random.Fortuna.*
|-
|src/Util/OSRNG.py
|
*imports Crypto.Random.OSRNG.*
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
*make new modules available: padding, util
|-
|src/Util/number.py src/Util/randpool.py src/Util/RFC1751.py
|
*wrappers for the respective Crypto.Util modules
|-
|src/Util/python_compat.py
|
*wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*doctest for every padding function
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

Git

2008-10-13T17:21:11Z

Tiftof:

==Links==
* [http://en.wikipedia.org/wiki/Git_(software) Git on Wikipedia]
* [http://www.kernel.org/pub/software/scm/git/docs/user-manual.html Git User Manual]
* [http://git.or.cz/course/svn.html Git - SVN Crash Course] Explaining Git by using SVN equivalences
* [http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html man gittutorial]
* [http://www-cs-students.stanford.edu/~blynn/gitmagic/ Git Magic] tips compilation
* [http://sysmonblog.co.uk/misc/git_by_example/ Git by example]
* [http://utsl.gen.nz/talks/git-svn/intro.html An introduction to git-svn for Subversion/SVK users and deserters]
* [http://git.or.cz/gitwiki/InterfacesFrontendsAndTools Interfaces, frontends & tools]
* [http://ktown.kde.org/~zrusin/git/git-cheat-sheet.svg Git Cheat Sheet (svg)]
* [http://jan-krueger.net/development/git-cheat-sheet-extended-edition Git cheat sheet, extended edition] which I prefer

==Install==
sudo apt-get install git-svn git-doc git-gui tig
Writing to global ~/.gitconfig file:
git config --global user.name "Your Name Comes Here"
git config --global user.email you@yourdomain.example.com
git config --global color.diff auto
git config --global color.status auto
git config --global color.branch auto
Creating a .git in the current (project) directory:
git init
==Working on a project==
===Initial project===
Add manually files/directories e.g. with
git init
git add .
git commit

===Copying existing project===
Clone an existing Git repository into a to-be-created target directory:
git clone /path/to/other/repository target
Remote repositories can also be accessed with paths like
ssh://login@host/path/to/repository
git://git.software.org/trunk
http://git.software.org/trunk
Later to update the local repository according to the remote repository:
git pull
Symmetrically the remote repository owner could also get the changes we've done locally if she does:
git pull /path/to/our/target
Or we could send them ourselves if we've write access on the remote:
git push
BTW the remote can create a shortcut to us to not have to provide our full path everytime
git remote add ourshortcut /path/to/our/target
And now use directly
git remote show ourshortcut
git pull ourshortcut
Note that git pull ourshortcut ==
git fetch ourshortcut
git merge ourshortcut/master
===Using a Subversion server===
Using [http://www.kernel.org/pub/software/scm/git/docs/git-svn.html git-svn]:

Getting the full project:
# git clone =>
git-svn clone http://subversion.server.com/project -T trunk -b branches -t tags
(git-gc to compress if it took a big room)
Updating the local repository according to the subversion server:
# git pull =>
git-svn rebase
Some tips from [http://tech.hickorywind.org/articles/2008/06/10/larry-vs-the-git-rebase-merge-conflict here]:
* While doing a rebase, if anything bad happens, you end up on a "(no-branch)" branch.
* When doing a "git status", you'll see a ".dotest" file in your working directory. Just ignore it.
* If you want to bail, do a "git rebase --abort". (Note there is no "git svn rebase --abort".)
* Fix the merge conflict file manually, then do a "git add [file]".
* Next do a "git rebase --continue". (Note there's no "svn" version of this either.)
* If it complains about "did you forget to call 'git add'?", then evidently your edit turned the conflict into a no-op change. Do a "git rebase --skip" to skip it. (Very weird, but true.)
* Rinse and repeat until the lather is gone, your scalp silky smooth, and the rebase is complete. At any time you can "git rebase --abort" to bail.

Sending the local changes to the subversion server:
# git push =>
git-svn dcommit

By error I did
git commit --amend
on a synchronized git repository, so I lost remotes/trunk in the gitk view but the remote branch is still visible with git branch -r, strange...
$ git-svn rebase
First, rewinding head to replay your work on top of it...
Nothing to do.
solved the problem

One day you'll be bored of SVN and want to get rid of it completely :-)

Create a new git repository remotely somewhere else (see above), which will become the origin we didn't have.

git remote add origin ssh://myuser@repo.or.cz/srv/git/myproject.git
git pull origin master
git push
Now it's better to make sure git-svn cannot interfere with it anymore:
 Fetch the project in a new place
git clone ssh://myuser@repo.or.cz/srv/git/myproject.git
git pull
And drop your old git-svn working directory

=== Using repo.or.cz ===
http://repo.or.cz/ can be used to make a publicly available git repo.
# Create a new user: http://repo.or.cz/m/reguser.cgi When creating a user you need a public ssh key to authenticate yourself.
# Create a new repo: http://repo.or.cz/m/regproj.cgi
#* two different modes are available for a new repo:
#** mirror mode: the new repo will mirror an existing repo by checking it every hour for changes
#** push mode: users you give permission to can push to the repo
#* all the info asked when you register your repo can be changed afterwards on the project admin page
#**http://repo.or.cz/m/editproj.cgi?name=<project name>
# Add yourself and other users you want to give "push" access to the admin page
# Git repo is accesible via
#* git+ssh://<user>@repo.or.cz/srv/git/<project name>.git

==Basic usage==
===Edition===
Schedule a file for committing
git add <file>
Committing
git commit
Note that a modified file must be explicitly added every time, unless you use
git commit -a
Or
git commit <file>
File renaming is implicit, so you don't have to take care, just rename your files if you want (really??), but there is also the explicit commands
git mv <file>
git rm <file>

===Diff/patch===
Diff between working files & to-be-committed index
git diff
Diff between to-be-committed index & repository
git diff --cached
Diff between working files & repository
git diff HEAD
With specific revision or path
git diff <rev> <path>
E.g with one but last commit
git diff HEAD~1
This provides usage patches, including metadata, can be applied with
git apply

===Status & revert===
Status of local working files
git status
To restore (revert) a file from the last revision
git checkout <path>
Revert all changes (!)
git checkout -f
You can amend your latest commit (re-edit the metadata as well as update the tree) using this (it is only safe to amend the commit messages that have not been seen by anyone else, aka, you've not pushed, nobody else has pulled from you).
git commit --amend
Or toss your latest commit away completely using
git reset HEAD^
This will not change the working tree.

To unstage a change to-be-committed (e.g. git add *)
git reset HEAD <file>

===History===
git log
With nice stats:
git log --stat --summary
See from which revision came the lines of a file
git blame <file>
Or search for commits affecting a specific line
git log -S"string"
You can see the contents of a file
git show rev:path/to/file
The listing of a directory
git show rev:path/to/directory
Or a commit with:
git show rev

===Tags & branches===
Create a tag:
git tag -a <name>
List tags and show the tag message:
git tag -l
git show <tag>
Create a branch:
git branch <branch> [<rev>]
Switch to the branch
git checkout <branch>
List branches (current is flagged by a *)
git branch
To move your tree to some older revision, use:
git checkout <rev>
git checkout <prevbranch>
Default branch is "master"

===Merge===
Assuming you are in the trunk and want to merge a given branch here:
git merge branch
If the merge went nice automatically, a commit is done automatically too, to avoid it:
git merge --no-commit branch
Aside from merging, sometimes you want to just pick one commit from a different branch. To apply the changes in revision rev and commit them to the current branch use:
git cherry-pick rev
===Rebase===
Not yet clear what's the diff with merge...

* Find all your (committed) changes, since you branched
* Reset your branch, so that it's an exact copy of the current master
* Re-apply all your changes again
git checkout branch_name
git rebase master
If conflicts occur, and sooner or later they will,
# manually edit the conflicting files
git add file(s)
git rebase --continue
See also "git-mergetool"

===Rework commit history===

You want:
* Two different commits to be combined into a single commit
* Remove a commit entirely from the history
* Change the commit message
* Change the order that commits appear in the history
* Split one big commit into multiple smaller commits

git rebase --interactive COMMIT_ID

COMMIT_ID should be the one BEFORE you want to fiddle with.

To learn about splitting a single commit up into multiple commits:
man git-rebase
# see "SPLITTING COMMITS" section

===Ignoring some files===
cat > .gitignore <<EOF
*.pyc
*~
EOF
git add .gitignore
Now you can also delete all files neither tracked nor ignored with:
git clean

==Misc==
* Revisions are SHA-1 hashes, not incremental numbers. You can refer to the latest revision by HEAD, its parent as HEAD^ and its parent as HEAD^^ = HEAD~2 You can also just type the first digits of the hash (if it's enough to get a unique ID) man git-rev-parse for more details
* The Git commands are in the form git command. You can interchangeably use the git-command form as well.
* [http://www.kernel.org/pub/software/scm/git/docs/user-manual.html#setting-up-a-public-repository Setting up a public repository] where you'll push your stuff
** git --bare init --shared ??
* Though not required, it's a good idea to begin the commit message with a single short (less than 50 character) line summarizing the change, followed by a blank line and then a more thorough description.

==etckeeper==
Description: store /etc in git, mercurial, or bzr
 The etckeeper program is a tool to let /etc be stored in a git, mercurial, or bzr repository. It hooks into APT to automatically commit changes made to /etc during package upgrades. It tracks file metadata that version control systems do not normally support, but that is important for /etc, such as the permissions of /etc/shadow. It's quite modular and configurable, while also being simple to use if you understand the basics of working with version control.
apt-get install etckeeper
Read this!!!
zless /usr/share/doc/etckeeper/README.gz

Crash course:
etckeeper init
cd /etc
git commit -m "initial checkin"
git gc
For the rest, read /usr/share/doc/etckeeper/README.gz

Git

2008-10-13T16:59:40Z

Tiftof: /* Basic usage */

==Links==
* [http://en.wikipedia.org/wiki/Git_(software) Git on Wikipedia]
* [http://www.kernel.org/pub/software/scm/git/docs/user-manual.html Git User Manual]
* [http://git.or.cz/course/svn.html Git - SVN Crash Course] Explaining Git by using SVN equivalences
* [http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html man gittutorial]
* [http://www-cs-students.stanford.edu/~blynn/gitmagic/ Git Magic] tips compilation
* [http://sysmonblog.co.uk/misc/git_by_example/ Git by example]
* [http://utsl.gen.nz/talks/git-svn/intro.html An introduction to git-svn for Subversion/SVK users and deserters]
* [http://git.or.cz/gitwiki/InterfacesFrontendsAndTools Interfaces, frontends & tools]
* [http://ktown.kde.org/~zrusin/git/git-cheat-sheet.svg Git Cheat Sheet (svg)]
* [http://jan-krueger.net/development/git-cheat-sheet-extended-edition Git cheat sheet, extended edition] which I prefer

==Install==
sudo apt-get install git-svn git-doc git-gui tig
Writing to global ~/.gitconfig file:
git config --global user.name "Your Name Comes Here"
git config --global user.email you@yourdomain.example.com
git config --global color.diff auto
git config --global color.status auto
git config --global color.branch auto
Creating a .git in the current (project) directory:
git init
==Working on a project==
===Initial project===
Add manually files/directories e.g. with
git init
git add .
git commit

===Copying existing project===
Clone an existing Git repository into a to-be-created target directory:
git clone /path/to/other/repository target
Remote repositories can also be accessed with paths like
ssh://login@host/path/to/repository
git://git.software.org/trunk
http://git.software.org/trunk
Later to update the local repository according to the remote repository:
git pull
Symmetrically the remote repository owner could also get the changes we've done locally if she does:
git pull /path/to/our/target
Or we could send them ourselves if we've write access on the remote:
git push
BTW the remote can create a shortcut to us to not have to provide our full path everytime
git remote add ourshortcut /path/to/our/target
And now use directly
git remote show ourshortcut
git pull ourshortcut
Note that git pull ourshortcut ==
git fetch ourshortcut
git merge ourshortcut/master
===Using a Subversion server===
Using [http://www.kernel.org/pub/software/scm/git/docs/git-svn.html git-svn]:

Getting the full project:
# git clone =>
git-svn clone http://subversion.server.com/project -T trunk -b branches -t tags
(git-gc to compress if it took a big room)
Updating the local repository according to the subversion server:
# git pull =>
git-svn rebase
Some tips from [http://tech.hickorywind.org/articles/2008/06/10/larry-vs-the-git-rebase-merge-conflict here]:
* While doing a rebase, if anything bad happens, you end up on a "(no-branch)" branch.
* When doing a "git status", you'll see a ".dotest" file in your working directory. Just ignore it.
* If you want to bail, do a "git rebase --abort". (Note there is no "git svn rebase --abort".)
* Fix the merge conflict file manually, then do a "git add [file]".
* Next do a "git rebase --continue". (Note there's no "svn" version of this either.)
* If it complains about "did you forget to call 'git add'?", then evidently your edit turned the conflict into a no-op change. Do a "git rebase --skip" to skip it. (Very weird, but true.)
* Rinse and repeat until the lather is gone, your scalp silky smooth, and the rebase is complete. At any time you can "git rebase --abort" to bail.

Sending the local changes to the subversion server:
# git push =>
git-svn dcommit

By error I did
git commit --amend
on a synchronized git repository, so I lost remotes/trunk in the gitk view but the remote branch is still visible with git branch -r, strange...
$ git-svn rebase
First, rewinding head to replay your work on top of it...
Nothing to do.
solved the problem

One day you'll be bored of SVN and want to get rid of it completely :-)

Create a new git repository remotely somewhere else (see above).

git remote add origin ssh://myuser@repo.or.cz/srv/git/myproject.git
git push
Now it's better to make sure git-svn cannot interfere with it anymore:
 Fetch the project in a new place
git clone ssh://myuser@repo.or.cz/srv/git/myproject.git
git pull
And drop your old git-svn working directory

==Basic usage==
===Edition===
Schedule a file for committing
git add <file>
Committing
git commit
Note that a modified file must be explicitly added every time, unless you use
git commit -a
Or
git commit <file>
File renaming is implicit, so you don't have to take care, just rename your files if you want (really??), but there is also the explicit commands
git mv <file>
git rm <file>

===Diff/patch===
Diff between working files & to-be-committed index
git diff
Diff between to-be-committed index & repository
git diff --cached
Diff between working files & repository
git diff HEAD
With specific revision or path
git diff <rev> <path>
E.g with one but last commit
git diff HEAD~1
This provides usage patches, including metadata, can be applied with
git apply

===Status & revert===
Status of local working files
git status
To restore (revert) a file from the last revision
git checkout <path>
Revert all changes (!)
git checkout -f
You can amend your latest commit (re-edit the metadata as well as update the tree) using this (it is only safe to amend the commit messages that have not been seen by anyone else, aka, you've not pushed, nobody else has pulled from you).
git commit --amend
Or toss your latest commit away completely using
git reset HEAD^
This will not change the working tree.

To unstage a change to-be-committed (e.g. git add *)
git reset HEAD <file>

===History===
git log
With nice stats:
git log --stat --summary
See from which revision came the lines of a file
git blame <file>
Or search for commits affecting a specific line
git log -S"string"
You can see the contents of a file
git show rev:path/to/file
The listing of a directory
git show rev:path/to/directory
Or a commit with:
git show rev

===Tags & branches===
Create a tag:
git tag -a <name>
List tags and show the tag message:
git tag -l
git show <tag>
Create a branch:
git branch <branch> [<rev>]
Switch to the branch
git checkout <branch>
List branches (current is flagged by a *)
git branch
To move your tree to some older revision, use:
git checkout <rev>
git checkout <prevbranch>
Default branch is "master"

===Merge===
Assuming you are in the trunk and want to merge a given branch here:
git merge branch
If the merge went nice automatically, a commit is done automatically too, to avoid it:
git merge --no-commit branch
Aside from merging, sometimes you want to just pick one commit from a different branch. To apply the changes in revision rev and commit them to the current branch use:
git cherry-pick rev
===Rebase===
Not yet clear what's the diff with merge...

* Find all your (committed) changes, since you branched
* Reset your branch, so that it's an exact copy of the current master
* Re-apply all your changes again
git checkout branch_name
git rebase master
If conflicts occur, and sooner or later they will,
# manually edit the conflicting files
git add file(s)
git rebase --continue
See also "git-mergetool"

=== working with a remote repository ===
adding the default upstream repository
git remote add origin <url>
fetching updates from the remote branch (origin)
git fetch
merging origin with local working branch (master)
git merge origin master
OR: fetch and merge in one go
git pull
pushin changes to the default upstream repository (origin)
git push

===Rework commit history===

You want:
* Two different commits to be combined into a single commit
* Remove a commit entirely from the history
* Change the commit message
* Change the order that commits appear in the history
* Split one big commit into multiple smaller commits

git rebase --interactive COMMIT_ID

COMMIT_ID should be the one BEFORE you want to fiddle with.

To learn about splitting a single commit up into multiple commits:
man git-rebase
# see "SPLITTING COMMITS" section

===Ignoring some files===
cat > .gitignore <<EOF
*.pyc
*~
EOF
git add .gitignore
Now you can also delete all files neither tracked nor ignored with:
git clean

==Misc==
* Revisions are SHA-1 hashes, not incremental numbers. You can refer to the latest revision by HEAD, its parent as HEAD^ and its parent as HEAD^^ = HEAD~2 You can also just type the first digits of the hash (if it's enough to get a unique ID) man git-rev-parse for more details
* The Git commands are in the form git command. You can interchangeably use the git-command form as well.
* [http://www.kernel.org/pub/software/scm/git/docs/user-manual.html#setting-up-a-public-repository Setting up a public repository] where you'll push your stuff
** git --bare init --shared ??
* Though not required, it's a good idea to begin the commit message with a single short (less than 50 character) line summarizing the change, followed by a blank line and then a more thorough description.

==etckeeper==
Description: store /etc in git, mercurial, or bzr
 The etckeeper program is a tool to let /etc be stored in a git, mercurial, or bzr repository. It hooks into APT to automatically commit changes made to /etc during package upgrades. It tracks file metadata that version control systems do not normally support, but that is important for /etc, such as the permissions of /etc/shadow. It's quite modular and configurable, while also being simple to use if you understand the basics of working with version control.
apt-get install etckeeper
Read this!!!
zless /usr/share/doc/etckeeper/README.gz

Crash course:
etckeeper init
cd /etc
git commit -m "initial checkin"
git gc
For the rest, read /usr/share/doc/etckeeper/README.gz

PyCryptoPlus

2008-10-13T14:59:04Z

Tiftof: /* Licenses */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
http://opensource.org/
=== Used by others ===
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point
=== Used in CryptoPlus ===
*pypresent.py
** MIT license

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-09T21:07:55Z

Tiftof: /* source structure */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-09T12:06:17Z

Tiftof: /* Chaining Modes */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
***"It should be mentioned explicitly in the description that when enciphering many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-09T12:05:42Z

Tiftof: /* Chaining Modes */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
** Comments: [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/XTS_comments-Liskov_Minematsu.pdf]
*"It should be mentioned explicitly in the description that when enciphering
many blocks, successive T values can and should be computed
from prior ones via multiplication by alpha (providing that i remains
fixed). This optimization, which is one of the best features of
XEX, should be explicitly recommended in the standard."
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-09T09:48:41Z

Tiftof: /* Ciphers */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt
*RC5
**http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5
**http://people.csail.mit.edu/rivest/Rivest-rc5.pdf
**ftp://ftp.nordu.net/rfc/rfc2040.txt

PyCryptoPlus

2008-10-07T19:39:15Z

Tiftof: /* distutils */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
** "egg way": $ python setup.py bdist_egg $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg

===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt

PyCryptoPlus

2008-10-06T14:45:18Z

Tiftof: /* source structure */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key)
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt

PyCryptoPlus

2008-10-06T12:12:22Z

Tiftof: /* source structure */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-
|src/Cipher/python_PRESENT.py
|
* wraps pypresent.py
* doctests for ECB and with varying amount of rounds (verified with reference C implementation)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-
|src/Cipher/pypresent.py
|
* own implementation
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt

PyCryptoPlus

2008-10-06T12:09:19Z

Tiftof: /* Differences with pycrypto */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || Py ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: padding, util
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: number2string, roundUp, string2number, xorstring
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementation | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt

Present python implementation

2008-10-06T11:39:28Z

Tiftof:

what should be working (only tested with 1 or 2 test vectors yet):
* calculating round keys
** to have the same results as the reference C implementation, salting the roundkeys should only XOR 5 bits with roundkey when using 128bits key (line 95 in code) but should XOR with no 5bits limit when using 80bits key (line 76 in code). But the standard describes that it should be limited to 5 bits for both key generators...
* encrypting a block
* decrypting a block
* should support rounds up to 65534 (tested with 32, 64, 128 and 65534 rounds)
** decryption testvectors have errors: the sbox on decryption behaves like the inverse of the p-box... every S-Box value is incorrect in the testvectors. Example:
Round 1
Subkey: 6dab31744f41d700
Text after...
...Key-Xor: 38d2f04c34635345
.....P-Box: 45ef82118f2845a3
.....S-Box: 38d2f04c34635345
{{#fileanchor: pypresent.py}}
<source lang=python>
# fully based on standard specifications: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf
# test vectors: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip

class Present:

def __init__(self,key,rounds=32):
"""Generating roundkeys

When a Present class initialized, the roundkeys will be generated.
You can supply the key as a 128bit or 80bit rawstring.
"""
self.rounds = rounds
self.key = key.encode('hex')
if len(self.key) == 80/4:
self.roundkeys = generateRoundkeys80(self.key,self.rounds)
elif len(self.key) == 128/4:
self.roundkeys = generateRoundkeys128(self.key,self.rounds)
else:
pass

def encrypt(self,block):
"""Encrypting 1 block (8 bytes)

Supply the plaintext block as a raw string and the raw
ciphertext will be returned.
"""
state = block.encode('hex')
for i in range (1,self.rounds):
state = addRoundKey(state,self.roundkeys[i-1])
state = sBoxLayer(state)
state = pLayer(state)
cipher = addRoundKey(state,self.roundkeys[self.rounds-1])
return cipher.decode('hex')

def decrypt(self,block):
"""Decrypting 1 block (8 bytes)

Supply the ciphertext block as a raw string and the raw
plaintext will be returned.
"""
state = block.encode('hex')
for i in range (1,self.rounds):
state = addRoundKey(state,self.roundkeys[self.rounds-i])
state = pLayer_dec(state)
state = sBoxLayer_dec(state)
decipher = addRoundKey(state,self.roundkeys[0])
return decipher.decode('hex')

def get_block_size(self):
return 8

# 0 1 2 3 4 5 6 7 8 9 a b c d e f
SBox = ['c','5','6','b','9','0','a','d','3','e','f','8','4','7','1','2']
PBox = [0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63]

def generateRoundkeys80(key,rounds):
"""Generate the roundkeys for a 80 bit key

Give a 80bit hex string as input and get a list of roundkeys in return"""
roundkeys = []
for i in range(1,rounds+1): # (K0 ... K32)
# rawKey[0:63]
roundkeys.append(("%x" % (int(key,16) >>16 )).zfill(64/4))
#1. Shift
#rawKey[19:(len(rawKey)-1)]+rawKey[0:18]
key = ("%x" % ( ((int(key,16) & (pow(2,19)-1)) << 61) + (int(key,16) >> 19))).zfill(80/4)
#2. SBox
#rawKey[76:79] = S(rawKey[76:79])
key = SBox[int(key[0],16)]+key[1:20]
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 15)
temp = temp ^ i
key = ( int(key,16) & (pow(2,15)-1) ) + (temp << 15)
key = ("%x" % key).zfill(80/4)
return roundkeys

def generateRoundkeys128(key,rounds):
"""Generate the roundkeys for a 128 bit key

Give a 128bit hex string as input and get a list of roundkeys in return"""
roundkeys = []
for i in range(1,rounds+1): # (K0 ... K32)
roundkeys.append(("%x" % (int(key,16) >>64)).zfill(64/4))
#1. Shift
key = ("%x" % ( ((int(key,16) & (pow(2,67)-1)) << 61) + (int(key,16) >> 67))).zfill(128/4)
#2. SBox
key = SBox[int(key[0],16)]+SBox[int(key[1],16)]+key[2:]
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 62)
temp = temp ^ (i%32)
key = ( int(key,16) & (pow(2,62)-1) ) + (temp << 62)
key = ("%x" % key).zfill(128/4)
return roundkeys

def addRoundKey(state,roundkey):
return ( "%x" % ( int(state,16) ^ int(roundkey,16) ) ).zfill(16)

def sBoxLayer(state):
"""SBox function for encryption

Takes a hex string as input and will output a hex string"""
output =''
for i in range(len(state)):
output += SBox[int(state[i],16)]
return output

def sBoxLayer_dec(state):
"""Inverse SBox function for decryption

Takes a hex string as input and will output a hex string"""
output =''
for i in range(len(state)):
output += hex( SBox.index(state[i]) )[2:]
return output

def pLayer(state):
"""Permutation layer for encryption

Takes a 64bit hex string as input and will output a 64bit hex string"""
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox.index(i)]
return ("%x" % int(output[::-1],2)).zfill(16)

def pLayer_dec(state):
"""Permutation layer for decryption

Takes a 64bit hex string as input and will output a 64bit hex string"""
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox[i]]
return ("%x" % int(output[::-1],2)).zfill(16)

def bin(a):
"""Convert an integer to a bin string (1 char represents 1 bit)"""
#http://wiki.python.org/moin/BitManipulation
s=''
t={'0':'000','1':'001','2':'010','3':'011','4':'100','5':'101','6':'110','7':'111'}
for c in oct(a).rstrip('L')[1:]:
s+=t[c]
return s
</source>
Download code: [{{#filelink: pypresent.py}} pypresent.py]

Present python implementation

2008-10-05T11:45:39Z

Tiftof: code update

what should be working (only tested with 1 or 2 test vectors yet):
* calculating round keys
* encrypting a block
* decrypting a block
* should support rounds up to 65534 (tested with 32 and 64 rounds only)
** decryption testvectors have errors: the sbox on decryption behaves like the inverse of the p-box... every S-Box value is incorrect in the testvectors. Example:
Round 1
Subkey: 6dab31744f41d700
Text after...
...Key-Xor: 38d2f04c34635345
.....P-Box: 45ef82118f2845a3
.....S-Box: 38d2f04c34635345
{{#fileanchor: pypresent.py}}
<source lang=python>
# fully based on standard specifications: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf
# test vectors: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip

class Present:

def __init__(self,key,rounds=32):
"""Generating roundkeys

When a Present class initialized, the roundkeys will be generated.
You can supply the key as a 128bit or 80bit rawstring.
"""
self.rounds = rounds
self.key = key.encode('hex')
if len(self.key) == 80/4:
self.roundkeys = generateRoundkeys80(self.key,self.rounds)
elif len(self.key) == 128/4:
self.roundkeys = generateRoundkeys128(self.key,self.rounds)
else:
pass

def encrypt(self,block):
"""Encrypting 1 block (8 bytes)

Supply the plaintext block as a raw string and the raw
ciphertext will be returned.
"""
state = block.encode('hex')
for i in range (1,self.rounds):
state = addRoundKey(state,self.roundkeys[i-1])
state = sBoxLayer(state)
state = pLayer(state)
cipher = addRoundKey(state,self.roundkeys[self.rounds-1])
return cipher.decode('hex')

def decrypt(self,block):
"""Decrypting 1 block (8 bytes)

Supply the ciphertext block as a raw string and the raw
plaintext will be returned.
"""
state = block.encode('hex')
for i in range (1,self.rounds):
state = addRoundKey(state,self.roundkeys[self.rounds-i])
state = pLayer_dec(state)
state = sBoxLayer_dec(state)
decipher = addRoundKey(state,self.roundkeys[0])
return decipher.decode('hex')

def get_block_size(self):
return 16

# 0 1 2 3 4 5 6 7 8 9 a b c d e f
SBox = ['c','5','6','b','9','0','a','d','3','e','f','8','4','7','1','2']
PBox = [0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63]

def generateRoundkeys80(key,rounds):
"""Generate the roundkeys for a 80 bit key

Give a 80bit hex string as input and get a list of roundkeys in return"""
roundkeys = []
for i in range(1,rounds+1): # (K0 ... K32)
print i
# rawKey[0:63]
roundkeys.append(("%x" % (int(key,16) >>16 )).zfill(64/4))
#1. Shift
#rawKey[19:(len(rawKey)-1)]+rawKey[0:18]
key = ("%x" % ( ((int(key,16) & (pow(2,19)-1)) << 61) + (int(key,16) >> 19))).zfill(80/4)
#2. SBox
#rawKey[76:79] = S(rawKey[76:79])
key = SBox[int(key[0],16)]+key[1:20]
#print "sbox"
#print key
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 15)
temp = (temp ^ i )
key = ( int(key,16) & (pow(2,15)-1) ) + (temp << 15)
key = ("%x" % key).zfill(80/4)
return roundkeys

def generateRoundkeys128(key,rounds):
"""Generate the roundkeys for a 128 bit key

Give a 80bit hex string as input and get a list of roundkeys in return"""
roundkeys = []
for i in range(1,rounds+1): # (K0 ... K32)
roundkeys.append(("%x" % (int(key,16) >>64)).zfill(64/4))
#1. Shift
key = ("%x" % ( ((int(key,16) & (pow(2,67)-1)) << 61) + (int(key,16) >> 67))).zfill(128/4)
#2. SBox
key = SBox[int(key[0],16)]+SBox[int(key[1],16)]+key[2:]
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 62) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,62)-1) ) + (temp << 62) + ( (int(key,16) >> 67) <<67 )
key = "%x" % key
return roundkeys

def addRoundKey(state,roundkey):
return ( "%x" % ( int(state,16) ^ int(roundkey,16) ) ).zfill(16)

def sBoxLayer(state):
"""SBox function for encryption

Takes a hex string as input and will output a hex string"""
output =''
for i in range(len(state)):
output += SBox[int(state[i],16)]
return output

def sBoxLayer_dec(state):
"""Inverse SBox function for decryption

Takes a hex string as input and will output a hex string"""
output =''
for i in range(len(state)):
output += hex( SBox.index(state[i]) )[2:]
return output

def pLayer(state):
"""Permutation layer for encryption

Takes a 64bit hex string as input and will output a 64bit hex string"""
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox.index(i)]
return ("%x" % int(output[::-1],2)).zfill(16)

def pLayer_dec(state):
"""Permutation layer for decryption

Takes a 64bit hex string as input and will output a 64bit hex string"""
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox[i]]
return ("%x" % int(output[::-1],2)).zfill(16)

def bin(a):
"""Convert an integer to a bin string (1 char represents 1 bit)"""
#http://wiki.python.org/moin/BitManipulation
s=''
t={'0':'000','1':'001','2':'010','3':'011','4':'100','5':'101','6':'110','7':'111'}
for c in oct(a).rstrip('L')[1:]:
s+=t[c]
return s
</source>
Download code: [{{#filelink: pypresent.py}} pypresent.py]

Present python implementation

2008-10-04T10:16:30Z

Tiftof:

what should be working (only tested with 1 or 2 test vectors yet):
* calculating round keys
* encrypting a block
* decrypting a block
** decryption testvectors have errors: the sbox on decryption behaves like the inverse of the p-box... every S-Box value is incorrect in the testvectors. Example:
Round 1
Subkey: 6dab31744f41d700
Text after...
...Key-Xor: 38d2f04c34635345
.....P-Box: 45ef82118f2845a3
.....S-Box: 38d2f04c34635345
{{#fileanchor: pypresent.py}}
<source lang=python>
# fully based on standard specifications: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf
# test vectors: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip

class Present:

def __init__(self,key):
self.key = key.encode('hex')
if len(self.key) == 80/4:
self.roundkeys = generateRoundkeys80(self.key)
elif len(self.key) == 128/4:
self.roundkeys = generateRoundkeys128(self.key)
else:
pass

def encrypt(self,block):
state = block.encode('hex')
for i in range (1,32):
state = addRoundKey(state,self.roundkeys[i-1])
state = sBoxLayer(state)
state = pLayer(state)
cipher = addRoundKey(state,self.roundkeys[31])
return cipher

def decrypt(self,block):
state = block.encode('hex')
for i in range (1,32):
state = addRoundKey(state,self.roundkeys[32-i])
state = pLayer_dec(state)
state = sBoxLayer_dec(state)
decipher = addRoundKey(state,self.roundkeys[0])
return decipher

def get_block_size(self):
return 16

# 0 1 2 3 4 5 6 7 8 9 a b c d e f
SBox = ['c','5','6','b','9','0','a','d','3','e','f','8','4','7','1','2']
PBox = [0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63]

def generateRoundkeys80(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
# rawKey[0:63]
roundkeys.append(("%x" % (int(key,16) >>16 )).zfill(64/4))
#1. Shift
#rawKey[19:(len(rawKey)-1)]+rawKey[0:18]
key = ("%x" % ( ((int(key,16) & (pow(2,19)-1)) << 61) + (int(key,16) >> 19))).zfill(80/4)
#2. SBox
#rawKey[76:79] = S(rawKey[76:79])
key = S(key[0])+key[1:20]
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 15) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,15)-1) ) + (temp << 15) + ( (int(key,16) >> 20) <<20 )
key = "%x" % key
return roundkeys

def generateRoundkeys128(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
roundkeys.append(("%x" % (int(key,16) >>64)).zfill(64/4))
#1. Shift
key = ("%x" % ( ((int(key,16) & (pow(2,67)-1)) << 61) + (int(key,16) >> 67))).zfill(128/4)
#2. SBox
key = S(key[0])+S(key[1])+key[2:]
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 62) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,62)-1) ) + (temp << 62) + ( (int(key,16) >> 67) <<67 )
key = "%x" % key
return roundkeys

def addRoundKey(state,roundkey):
return ( "%x" % ( int(state,16) ^ int(roundkey,16) ) ).zfill(16)

def sBoxLayer(state):
output =''
for i in range(len(state)):
output += SBox[int(state[i],16)]
return output

def sBoxLayer_dec(state):
output =''
for i in range(len(state)):
output += hex( SBox.index(state[i]) )[2:]
return output

def pLayer(state):
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox.index(i)]
return ("%x" % int(output[::-1],2)).zfill(16)

def pLayer_dec(state):
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox[i]]
return ("%x" % int(output[::-1],2)).zfill(16)

def bin(a):
#int to bin
#http://wiki.python.org/moin/BitManipulation
s=''
t={'0':'000','1':'001','2':'010','3':'011','4':'100','5':'101','6':'110','7':'111'}
for c in oct(a).rstrip('L')[1:]:
s+=t[c]
return s
</source>
Download code: [{{#filelink: pypresent.py}} pypresent.py]

Present python implementation

2008-10-04T10:12:01Z

Tiftof:

what should be working (only tested with 1 or 2 test vectors yet):
* calculating round keys
* encrypting a block
{{#fileanchor: pypresent.py}}
<source lang=python>
# fully based on standard specifications: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf
# test vectors: http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip

class Present:

def __init__(self,key):
self.key = key.encode('hex')
if len(self.key) == 80/4:
self.roundkeys = generateRoundkeys80(self.key)
elif len(self.key) == 128/4:
self.roundkeys = generateRoundkeys128(self.key)
else:
pass

def encrypt(self,block):
state = block.encode('hex')
for i in range (1,32):
state = addRoundKey(state,self.roundkeys[i-1])
state = sBoxLayer(state)
state = pLayer(state)
cipher = addRoundKey(state,self.roundkeys[31])
return cipher

def decrypt(self,block):
state = block.encode('hex')
for i in range (1,32):
state = addRoundKey(state,self.roundkeys[32-i])
state = pLayer_dec(state)
state = sBoxLayer_dec(state)
decipher = addRoundKey(state,self.roundkeys[0])
return decipher

def get_block_size(self):
return 16

# 0 1 2 3 4 5 6 7 8 9 a b c d e f
SBox = ['c','5','6','b','9','0','a','d','3','e','f','8','4','7','1','2']
PBox = [0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63]

def generateRoundkeys80(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
# rawKey[0:63]
roundkeys.append(("%x" % (int(key,16) >>16 )).zfill(64/4))
#1. Shift
#rawKey[19:(len(rawKey)-1)]+rawKey[0:18]
key = ("%x" % ( ((int(key,16) & (pow(2,19)-1)) << 61) + (int(key,16) >> 19))).zfill(80/4)
#2. SBox
#rawKey[76:79] = S(rawKey[76:79])
key = S(key[0])+key[1:20]
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 15) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,15)-1) ) + (temp << 15) + ( (int(key,16) >> 20) <<20 )
key = "%x" % key
return roundkeys

def generateRoundkeys128(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
roundkeys.append(("%x" % (int(key,16) >>64)).zfill(64/4))
#1. Shift
key = ("%x" % ( ((int(key,16) & (pow(2,67)-1)) << 61) + (int(key,16) >> 67))).zfill(128/4)
#2. SBox
key = S(key[0])+S(key[1])+key[2:]
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 62) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,62)-1) ) + (temp << 62) + ( (int(key,16) >> 67) <<67 )
key = "%x" % key
return roundkeys

def addRoundKey(state,roundkey):
return ( "%x" % ( int(state,16) ^ int(roundkey,16) ) ).zfill(16)

def sBoxLayer(state):
output =''
for i in range(len(state)):
output += SBox[int(state[i],16)]
return output

def sBoxLayer_dec(state):
output =''
for i in range(len(state)):
output += hex( SBox.index(state[i]) )[2:]
return output

def pLayer(state):
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox.index(i)]
return ("%x" % int(output[::-1],2)).zfill(16)

def pLayer_dec(state):
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox[i]]
return ("%x" % int(output[::-1],2)).zfill(16)

def bin(a):
#int to bin
#http://wiki.python.org/moin/BitManipulation
s=''
t={'0':'000','1':'001','2':'010','3':'011','4':'100','5':'101','6':'110','7':'111'}
for c in oct(a).rstrip('L')[1:]:
s+=t[c]
return s
</source>
Download code: [{{#filelink: pypresent.py}} pypresent.py]

Present python implementation

2008-10-04T08:50:18Z

Tiftof:

what should be working (only tested with 1 or 2 test vectors yet):
* calculating round keys
* encrypting a block
{{#fileanchor: pypresent.py}}
<source lang=python>
class Present:

def __init__(self,key):
self.key = key.encode('hex')
if len(self.key) == 80/4:
self.roundkeys = generateRoundkeys80(self.key)
elif len(self.key) == 128/4:
self.roundkeys = generateRoundkeys128(self.key)
else:
pass

def encrypt(self,block):
state = block.encode('hex')

for i in range (1,32):
state = addRoundKey(state,self.roundkeys[i-1])
#print "roundkey"
#print state
state = sBoxLayer(state)
#print "sbox"
#print state
state = pLayer(state)
#print "pLayer"
#print state
cipher = addRoundKey(state,self.roundkeys[31])

return cipher

def decrypt(self,block):
pass

def get_block_size(self):
return 16

SBox = ('c','5','6','b','9','0','a','d','3','e','f','8','4','7','1','2')
PBox = [0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63]

def generateRoundkeys80(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
# rawKey[0:63]
roundkeys.append(("%x" % (int(key,16) >>16 )).zfill(64/4))
#1. Shift
#rawKey[19:(len(rawKey)-1)]+rawKey[0:18]
key = ("%x" % ( ((int(key,16) & (pow(2,19)-1)) << 61) + (int(key,16) >> 19))).zfill(80/4)
#print "shift"
#print key
#2. SBox
#rawKey[76:79] = S(rawKey[76:79])
key = S(key[0])+key[1:20]
#print "sbox"
#print key
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 15) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,15)-1) ) + (temp << 15) + ( (int(key,16) >> 20) <<20 )
key = "%x" % key
#print "salt"
#print key
return roundkeys

def generateRoundkeys128(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
roundkeys.append(("%x" % (int(key,16) >>64)).zfill(64/4))
#1. Shift
key = ("%x" % ( ((int(key,16) & (pow(2,67)-1)) << 61) + (int(key,16) >> 67))).zfill(128/4)
print "shift"
print key
#2. SBox
key = S(key[0])+S(key[1])+key[2:]
print "sbox"
print key
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 62) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,62)-1) ) + (temp << 62) + ( (int(key,16) >> 67) <<67 )
key = "%x" % key
print "salt"
print key
return roundkeys

def S(toS):
#apply 4bit Sbox to a hexstring
final =''
for i in range (0,len(toS)):
final += SBox[int(toS[i],16)]
#return convertToBitstring(final,len(toS)*8)[::-1]
return final

def addRoundKey(state,roundkey):
return ( "%x" % ( int(state,16) ^ int(roundkey,16) ) ).zfill(16)

def sBoxLayer(state):
output =''
for i in range(len(state)):
output += S(state[i])
return output

def pLayer(state):
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox.index(i)]
return "%x" % int(output[::-1],2)

def bin(a):
#int to bin
#http://wiki.python.org/moin/BitManipulation
s=''
t={'0':'000','1':'001','2':'010','3':'011','4':'100','5':'101','6':'110','7':'111'}
for c in oct(a).rstrip('L')[1:]:
s+=t[c]
return s
</source>
Download code: [{{#filelink: pypresent.py}} pypresent.py]

Present python implementation

2008-10-02T18:51:41Z

Tiftof: New page: what should be working (only tested with 1 or 2 test vectors yet): * calculating round keys * encrypting a block {{#fileanchor: pyserpent.py}} <source lang=python> class Present: def __i...

what should be working (only tested with 1 or 2 test vectors yet):
* calculating round keys
* encrypting a block
{{#fileanchor: pyserpent.py}}
<source lang=python>
class Present:

def __init__(self,key):
self.key = key.encode('hex')
if len(self.key) == 80/4:
self.roundkeys = generateRoundkeys80(self.key)
elif len(self.key) == 128/4:
self.roundkeys = generateRoundkeys128(self.key)
else:
pass

def encrypt(self,block):
state = block.encode('hex')

for i in range (1,32):
state = addRoundKey(state,self.roundkeys[i-1])
#print "roundkey"
#print state
state = sBoxLayer(state)
#print "sbox"
#print state
state = pLayer(state)
#print "pLayer"
#print state
cipher = addRoundKey(state,self.roundkeys[31])

return cipher

def decrypt(self,block):
pass

def get_block_size(self):
return 16

SBox = ('c','5','6','b','9','0','a','d','3','e','f','8','4','7','1','2')
PBox = [0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63]

def generateRoundkeys80(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
# rawKey[0:63]
roundkeys.append(("%x" % (int(key,16) >>16 )).zfill(64/4))
#1. Shift
#rawKey[19:(len(rawKey)-1)]+rawKey[0:18]
key = ("%x" % ( ((int(key,16) & (pow(2,19)-1)) << 61) + (int(key,16) >> 19))).zfill(80/4)
#print "shift"
#print key
#2. SBox
#rawKey[76:79] = S(rawKey[76:79])
key = S(key[0])+key[1:20]
#print "sbox"
#print key
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 15) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,15)-1) ) + (temp << 15) + ( (int(key,16) >> 20) <<20 )
key = "%x" % key
#print "salt"
#print key
return roundkeys

def generateRoundkeys128(key):
# input: hex string ex. 'ffff'
roundkeys = []
for i in range(1,33): # (K0 ... K32)
roundkeys.append(("%x" % (int(key,16) >>64)).zfill(64/4))
#1. Shift
key = ("%x" % ( ((int(key,16) & (pow(2,67)-1)) << 61) + (int(key,16) >> 67))).zfill(128/4)
print "shift"
print key
#2. SBox
key = S(key[0])+S(key[1])+key[2:]
print "sbox"
print key
#3. Salt
#rawKey[15:19] ^ i
temp = (int(key,16) >> 62) & (pow(2,5)-1) # rawKey[15:19]
temp = temp ^ i
key = ( int(key,16) & (pow(2,62)-1) ) + (temp << 62) + ( (int(key,16) >> 67) <<67 )
key = "%x" % key
print "salt"
print key
return roundkeys

def S(toS):
#apply 4bit Sbox to a hexstring
final =''
for i in range (0,len(toS)):
final += SBox[int(toS[i],16)]
#return convertToBitstring(final,len(toS)*8)[::-1]
return final

def addRoundKey(state,roundkey):
return ( "%x" % ( int(state,16) ^ int(roundkey,16) ) ).zfill(16)

def sBoxLayer(state):
output =''
for i in range(len(state)):
output += S(state[i])
return output

def pLayer(state):
output = ''
state_bin = bin(int(state,16)).zfill(64)[::-1][0:64]
for i in range(64):
output += state_bin[PBox.index(i)]
return "%x" % int(output[::-1],2)

def bin(a):
#int to bin
#http://wiki.python.org/moin/BitManipulation
s=''
t={'0':'000','1':'001','2':'010','3':'011','4':'100','5':'101','6':'110','7':'111'}
for c in oct(a).rstrip('L')[1:]:
s+=t[c]
return s
</source>
Download code: [{{#filelink: pyserpent.py}} pyserpent.py]

PyCryptoPlus

2008-10-02T18:50:22Z

Tiftof: /* Ciphers */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: gf2n, padding, util
|-
|src/Util/gf2n.py
|
*found here: http://www.bjrn.se/code/pytruecrypt/gf2npy.txt (python truecrypt)
*used for XTS chain mode
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: gf2pow128powof2, number2string, roundUp, string2number, xorstring, xorstring16
*gf2pow128powof2, xorstring16 are originally from the python truecrypt XTS implementation
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
**[[Present python implementatin | own implementation]]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt

PyCryptoPlus

2008-10-02T18:46:37Z

Tiftof: /* Ciphers */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: gf2n, padding, util
|-
|src/Util/gf2n.py
|
*found here: http://www.bjrn.se/code/pytruecrypt/gf2npy.txt (python truecrypt)
*used for XTS chain mode
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: gf2pow128powof2, number2string, roundUp, string2number, xorstring, xorstring16
*gf2pow128powof2, xorstring16 are originally from the python truecrypt XTS implementation
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*[[Present]]
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt

PyCryptoPlus

2008-10-02T09:41:20Z

Tiftof: /* TODO */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: gf2n, padding, util
|-
|src/Util/gf2n.py
|
*found here: http://www.bjrn.se/code/pytruecrypt/gf2npy.txt (python truecrypt)
*used for XTS chain mode
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: gf2pow128powof2, number2string, roundUp, string2number, xorstring, xorstring16
*gf2pow128powof2, xorstring16 are originally from the python truecrypt XTS implementation
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**<del>CBC for serpent, twofish, blowfish</del>
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
**<del> decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.</del>
**GF2 not necessary anymore in XTS
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt

PyCryptoPlus

2008-10-01T12:55:36Z

Tiftof: /* setuptools */

Back to [[SAGE & cryptology]]
== Info ==
=== Differences with pycrypto ===
{|border="1"
|-
| ||CryptoPlus||PyCrypto
|- style="background-color:#dddddd;"
! align="left" colspan="8"|Block Ciphers
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Block cipher algorithms
|-
| Serpent || Py ||
|-
| Blowfish || Py || C
|-
| Twofish || Py ||
|-
| Idea || || C
|-
| DES || Py || C
|-
| 3DES || Py || C
|-
| AES || Py || C
|-
| Rijndael || Py ||
|-
| Present || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Modes of operation
|-
| CMAC || Py ||
|-
| XCBC || ||
|-
| CBC-MAC || ||
|-
| CCM || ||
|-
| GCM || ||
|-
| ECB || Py || C
|-
| CBC || Py || C
|-
| CTR || Py || C
|-
| LRW || ||
|-
| XTS || Py ||
|-
| MDC-2 || ||
|- style="background-color:#eeeeee;"
| align="left" colspan="8"|Paddings
|-
| bit padding || Py ||
|-
| zeros || Py ||
|-
| PKCS7 || Py ||
|-
| PKCS12 || Py ||
|-
| ISO 10126 || Py ||
|-
| ANSI X.923 || Py ||
|}

*ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
* new possibilities:
** Rijndael, Serpent, Twofish
*** Rijndael is limited to blocksizes of 128, 192 and 256 bits
** CMAC, XTS, CTR
*** XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
*** XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
*** CMAC is usable for blocksizes of 8 and 16 bytes
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

=== source structure ===
{|border="1" cellpadding="5"
|-style="background-color:#dddddd;"
! align="left" colspan="2"| root of CryptoPlus package
|-
|src/Hash.py
|make all Crypto.Hash modules available under CryptoPlus.Hash
|-
|src/Protocol.py
|make all Crypto.Protocol modules available under CryptoPlus.Protocol
|-
|src/PublicKey.py
|make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
|-
|src/__init__.py
|make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
|-
|src/testvectors.py
|
*contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
*used by test/test.py
|-style="background-color:#dddddd;"
! align="left" colspan="2"| CryptoPlus.Cipher subpackage
|-
|src/Cipher/__init__.py
|specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
|-
|src/Cipher/blockcipher.py
|
* class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
* classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pycrypto
|-
|src/Cipher/AES.py
|
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
|-
|src/Cipher/ARC2.py
|
*wraps Crypto.Cipher.ARC2
*doctests for: 1 ECB example
|-
|src/Cipher/Blowfish.py
|
*wraps Crypto.Cipher.Blowfish
*doctests for: ECB, CBC, CFB, OFB
|-
|src/Cipher/CAST.py
|
*wraps Crypto.Cipher.CAST
*doctests for: 2 ECB examples (128 bit and 40 bit key size)
|-
|src/Cipher/DES.py
|
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
|-
|src/Cipher/DES3.py
|
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
|-
|src/Cipher/IDEA.py
|
*wraps Crypto.Cipher.IDEA
*doctests for: 1 ECB example
|-
|src/Cipher/RC5.py
|
*wraps Crypto.Cipher.RC5
*doctests for: 1 ECB example
|-style="background-color:#eeeeee;"
! colspan="2"| Wrappers for pure python implementations
|-
|src/Cipher/python_AES.py
|
* wraps rijndael.py (only for the AES blocksize of 128bits)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Blowfish.py
|
* wraps pyblowfish.py
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES.py
|
* wraps pyDes.py (only using "des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_DES3.py
|
* wraps pyDes.py (only using "triple_des" class)
* doctests same as in the pycrypto wrapper
|-
|src/Cipher/python_Rijndael.py
|
* wraps pyrijndael.py
* doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
|-
|src/Cipher/python_Serpent.py
|
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
|-
|src/Cipher/python_Twofish.py
|
* wraps pytwofish.py
* doctests for ECB (?unverified?)
|-style="background-color:#eeeeee;"
! colspan="2"| Pure python implementations for blockciphers
|-
|src/Cipher/pyDes.py
|
* originally found here: http://twhiteman.netfirms.com/des.html
|-
|src/Cipher/pyblowfish.py
|
* originally found here: http://www.michaelgilfix.com/files/blowfish.py
|-
|src/Cipher/pyserpent.py
|
* originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
* added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
|-
|src/Cipher/pytwofish.py
|
* originally found here: http://psionicist.online.fr/code/ (python truecrypt)
|-
|src/Cipher/rijndael.py
|
* originally found here: http://bitconjurer.org/rijndael.py but using the modified version of tlslite (compatibility fix with python 2.4)
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Util subpackage
|-
|src/Util/__init__.py
|
*import modules from original Crypto.Util: number, randpool, RFC1751
*make new modules available: gf2n, padding, util
|-
|src/Util/gf2n.py
|
*found here: http://www.bjrn.se/code/pytruecrypt/gf2npy.txt (python truecrypt)
*used for XTS chain mode
|-
|src/Util/padding.py
|
*own code for (un)padding raw strings
*testbench that will pad/unpad a string with all available methods and check for errors between original and unpadded string
|-
|src/Util/util.py
|
*provides: gf2pow128powof2, number2string, roundUp, string2number, xorstring, xorstring16
*gf2pow128powof2, xorstring16 are originally from the python truecrypt XTS implementation
|-style="background-color:#dddddd;"
! align="left" colspan="2"| Test scripts
|-
|test/test.py
|runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
|-
|test/test_doctests.py
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
|}
* verified = test vectors are support by an online source. A link is available in the doctest.

==TODO==
*add chaining modes: <del>CMAC</del>, CTR mod?
*<del>further importing of pycrypto</del>
*<del>make test vectors available as variables</del>
*add tests:
**CBC for serpent, twofish, blowfish
**XTS <del>is only tested by comparing deciphered ciphertext, not by checking ciphertext</del>: XTS-AES doctest done
*check other implementation of Blowfish
*<del>final() method of chains</del>
**<del>add a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend it</del>
**<del>final() method should use padding. Choose padding function at initialization of the cipher => again: extending the API</del>
* XTS
** make other blocksizes available besides 16 bytes?
* CMAC
** make other blocksizes available besides 8 and 16 bytes?
** <del>supply XTS keys by splitting 1 big key or by supplying two keys?</del>
* <del>add rijndael instead of only AES</del>
* <del>add docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function) Move doctests there so they are easily viewable</del>
* check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [http://modular.math.washington.edu/sage/doc/tut/node55.html]? ) ?
** decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.
* use unittest for test functions
* check development of pycrypto:
** Util.Counter & Util._counter
** SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

== Tests available ==
* Doctests
** Blowfish: ECB, CBC, CFB, OFB
** all chain modes in AES
* Extensive external test (via tester.py)
** DES,TDES2,TDES3: ECB
** Serpent 128/192/256: ECB
** CMAC: AES128/192/256
** XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes

==Licenses==
*used from [http://psionicist.online.fr/code/pytruecrypt/ python truecrypt implementation] all original code is under MIT license (much freedom according to [http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html])
**pyTwofish (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**pyserpent (untouched) python truecrypt author isn't the original author = > extra copyright notice that should be left in place
**XTS (modified) python truecrypt author is the original author => only MIT License
**GF2n.py(untouched) python truecrypt author is the original author => only MIT License
*pyblowfish (untouched) gpl or artistic license To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
*rijndael.py (untouched) using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
*pyDes (untouched) public domain according to its homepage
*blockciphers CBC, ECB, CTR from [http://www.nightsong.com/phr/crypto/blockcipher.tgz] (modified) keep copyright notice in place?
*CMAC: [http://github.com/jlhutch/jac/tree/master/omac.py omac.py] GPL but not really used it, just used as a starting point

== Various info ==

=== Python ===
*absolute relative imports: links with some info
** http://bugs.python.org/issue1510172
** http://www.python.org/dev/peps/pep-0366/
** http://www.python.org/dev/peps/pep-0328/
** http://groups.google.com/group/comp.lang.python/msg/e35b1746b425b4c1
* collect all doctests
** http://docs.python.org/lib/doctest-unittest-api.html
* making a package
** http://docs.python.org/dist/

==== Setup Script ====
===== distutils vs setuptools =====
Dependencies checking on install: some info [http://blog.doughellmann.com/2007/11/requiring-packages-with-distutils.html here].
:It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on [http://pypi.python.org/pypi pypi] and installed automatically.
===== distutils =====
* setup.py
** creating a distribution tar.gz: "python setup.py sdist"
** installing the source distribution (sdist): - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/" - "cd ~/CryptoPlus-1.0 && python setup.py install"
===== setuptools =====
* http://pypi.python.org/pypi/setuptools/
* manual: http://peak.telecommunity.com/DevCenter/setuptools
* it isn't installed by default on debian
** apt-get install python-setuptools
** sage-python has setuptools by default

===Test Vectors===
*Collection of test vectors for a broad group of ciphers
** http://www.3amsystems.com/monetics/vectors.htm
** https://www.cosic.esat.kuleuven.be/nessie/testvectors/
*AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
**AES in CBC, CTR, OFB, CFB: [http://cryptome.org/bcm/sp800-38a.htm html version of pdf]
**CMAC test vectors in ''Special Publication 800-38B'' are faulty, use the corrected ones from [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf here]
*Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
**zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for '''one input block''' and one key value
*DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
*Blowfish: http://www.schneier.com/code/vectors.txt
*Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
*Twofish: http://www.schneier.com/code/ecb_ival.txt
*AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
*CMAC
**AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
**AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
***fax folder contains usefull stuff: generation and verification tests with results generation test: generate a correct mac verification test: verify if provided mac for plaintext is correct
*XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*ARC2: http://www.ietf.org/rfc/rfc2268.txt
** will be available in pycrypto >2.0.1
*CAST: http://www.rfc-editor.org/rfc/rfc2144.txt

===Chaining Modes===
*[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Wikipedia]
*[http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html NIST]
*XTS:
**https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
**http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
**http://en.wikipedia.org/wiki/IEEE_P1619 = [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf XTS-AES]
**XTS-AES: [http://grouper.ieee.org/groups/1619/email/pdf00086.pdf IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices]
*CMAC = OMAC1:
** AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
** NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:[http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38B.pdf] [http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf Updated CMAC Examples]
** OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
** OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

===Ciphers===
*Serpent
** http://www.cl.cam.ac.uk/~rja14/serpent.html
** python implementation used <del>at the moment</del> in earlier versions: http://psionicist.online.fr/code/
** alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
*** more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
*Present
**Article: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf PRESENT: An Ultra-Lightweight Block Cipher]
**Test Vector generator + ANSI-C implementation of present: [http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/slides/present_testvectors.zip]
*ARC2
** http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
** current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) [https://bugs.launchpad.net/pycrypto/+bug/269843 bugreport][http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=4820664350a42ecca81cede53a6cb349fcffacde bugfix]
*CAST
**http://www.rfc-editor.org/rfc/rfc2144.txt