Difference between revisions of "PyCryptoPlus"

From YobiWiki
Jump to navigation Jump to search
 
(9 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.
 
This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.
   
The code is available [http://repo.or.cz/w/python-cryptoplus.git here]
+
The code is available [http://repo.or.cz/w/python-cryptoplus.git on repo.or.cz] and [https://github.com/doegox/python-cryptoplus on github], which may be easier if you wan to submit pull requests.
   
 
=== Differences with pycrypto ===
 
=== Differences with pycrypto ===
Line 70: Line 70:
 
|-
 
|-
 
| ANSI X.923 || Py ||
 
| ANSI X.923 || Py ||
  +
|- style="background-color:#dddddd;"
  +
! align="left" colspan="8"|One-way Functions
 
|-
  +
| MD5 || Py || C
  +
|-
  +
| SHA Family || Py (SHA1 & SHA2 family)|| C (SHA-1 & 256)
  +
|-
  +
| Whirlpool || Py ||
  +
|-
  +
| RipeMD || Py || Py
  +
|-
  +
| RadioGatun || Py ||
  +
|-
  +
| HMAC || Py || Py
  +
|-
  +
| PBKDF2 || Py ||
 
|}
 
|}
   
Line 82: Line 98:
 
*** CMAC is usable for blocksizes of 8 and 16 bytes
 
*** CMAC is usable for blocksizes of 8 and 16 bytes
 
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
 
** OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
  +
** new Hash functions: extended SHA family, Whirpool, RadioGatùn, PBKDF2
 
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
 
* test functions are available via doctests and extensive tests that loop through dictionary of test vectors
 
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet
 
** new pycrypto version will have it's own test bench for ciphers, this is not implemented yet
Line 89: Line 106:
 
|-style="background-color:#dddddd;"
 
|-style="background-color:#dddddd;"
 
! align="left" colspan="2"| root of CryptoPlus package
 
! align="left" colspan="2"| root of CryptoPlus package
|-
 
|src/Hash.py
 
|make all Crypto.Hash modules available under CryptoPlus.Hash
 
 
|-
 
|-
 
|src/Protocol.py
 
|src/Protocol.py
Line 230: Line 244:
 
* own implementation
 
* own implementation
 
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
 
* based on documentation here: http://www.crypto.ruhr-uni-bochum.de/en_publications.html
  +
|-style="background-color:#dddddd;"
  +
! align="left" colspan="2"| CryptoPlus.Hash subpackage
  +
|-
  +
|src/Hash/__init__.py
  +
|specify all the ciphers in the CryptoPlus.Hash package (new implementations and imports from pycrypto
  +
|-
  +
|src/Hash/python_*.py
  +
|
  +
* wrappers for the pure python (py*.py) implementations of hash functions
  +
* provide "new()" function and some doctests
  +
|-
 
|src/Hash/py*.py
  +
|
  +
*pure python implementations of hash functions
  +
*pyradiogatun.py is own code, the rest is gathered from other sources
 
|-style="background-color:#dddddd;"
 
|-style="background-color:#dddddd;"
 
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
 
! align="left" colspan="2"| CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
Line 396: Line 425:
 
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
 
**implementation from new pycrypto developer: http://www.dlitz.net/software/python-pbkdf2/
 
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]
 
**standard + testvectors: [http://www.ietf.org/rfc/rfc3962.txt RFC 3962]
  +
  +
== Stream Ciphers ==
  +
*SNOW2 / SNOW3G
  +
**http://www.it.lth.se/cryptology/snow/
  +
**Snow 3G
  +
***www.gsmworld.com/using/algorithms/docs/snow_3g_spec.pdf
  +
***"The main difference in SNOW 3G is the addition of a second S-box giving higher resistance against possible future advances in algebraic cryptanalysis"[http://www.ecrypt.eu.org/documents/D.SPA.21-1.1.pdf]
  +
**LFSR, FSM, S-Box
  +
*Grain
  +
**http://www.ecrypt.eu.org/stream/grainpf.html
  +
**LFSR, NFSR, output function
  +
*Trivium
  +
**http://www.ecrypt.eu.org/stream/triviumpf.html
  +
*LFSR
  +
*(self)Shrinking Generator
  +
*ARC4
  +
**http://en.wikipedia.org/wiki/RC4
  +
*XOR
   
 
== Various info ==
 
== Various info ==

Latest revision as of 22:46, 21 March 2014

Back to SAGE & cryptology

Info

Author & Download

This is a development done by Christophe Oosterlynck under my supervision during his thesis work & internship at NXP.

The code is available on repo.or.cz and on github, which may be easier if you wan to submit pull requests.

Differences with pycrypto

CryptoPlus PyCrypto
Block Ciphers
Block cipher algorithms
Serpent Py
Blowfish Py C
Twofish Py
Idea C
DES Py C
3DES Py C
AES Py C
Rijndael Py
Present Py
Modes of operation
CMAC Py
XCBC
CBC-MAC
CCM
GCM
ECB Py C
CBC Py C
CTR Py C
LRW
XTS Py
MDC-2
Paddings
bit padding Py
zeros Py
PKCS7 Py
PKCS12 Py
ISO 10126 Py
ANSI X.923 Py
One-way Functions
MD5 Py C
SHA Family Py (SHA1 & SHA2 family) C (SHA-1 & 256)
Whirlpool Py
RipeMD Py Py
RadioGatun Py
HMAC Py Py
PBKDF2 Py


  • ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones
    => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
  • new possibilities:
    • Rijndael, Serpent, Twofish
      • Rijndael is limited to blocksizes of 128, 192 and 256 bits
    • CMAC, XTS, CTR
      • XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
      • XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
      • CMAC is usable for blocksizes of 8 and 16 bytes
    • OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
    • new Hash functions: extended SHA family, Whirpool, RadioGatùn, PBKDF2
  • test functions are available via doctests and extensive tests that loop through dictionary of test vectors
    • new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

source structure

root of CryptoPlus package
src/Protocol.py make all Crypto.Protocol modules available under CryptoPlus.Protocol
src/PublicKey.py make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
src/__init__.py make the following modules available under the CryptoPlus package:
  • always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
  • if pycrypto > 2.0.1: "SelfTest", "Random"
src/testvectors.py
  • contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
  • used by test/test.py
CryptoPlus.Cipher subpackage
src/Cipher/__init__.py specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
src/Cipher/blockcipher.py
  • class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
  • classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
Wrappers for pycrypto
src/Cipher/AES.py
  • wraps Crypto.Cipher.AES
  • doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
src/Cipher/ARC2.py
  • wraps Crypto.Cipher.ARC2
  • doctests for: 1 ECB example
src/Cipher/Blowfish.py
  • wraps Crypto.Cipher.Blowfish
  • doctests for: ECB, CBC, CFB, OFB
src/Cipher/CAST.py
  • wraps Crypto.Cipher.CAST
  • doctests for: 2 ECB examples (128 bit and 40 bit key size)
src/Cipher/DES.py
  • wraps Crypto.Cipher.DES
  • doctests for: ECB
src/Cipher/DES3.py
  • wraps Crypto.Cipher.DES3
  • doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
src/Cipher/IDEA.py
  • wraps Crypto.Cipher.IDEA
  • doctests for: 1 ECB example
src/Cipher/RC5.py
  • wraps Crypto.Cipher.RC5
  • doctests for: 1 ECB example
Wrappers for pure python implementations
src/Cipher/python_AES.py
  • wraps rijndael.py (only for the AES blocksize of 128bits)
  • doctests same as in the pycrypto wrapper
src/Cipher/python_Blowfish.py
  • wraps pyblowfish.py
  • doctests same as in the pycrypto wrapper
src/Cipher/python_DES.py
  • wraps pyDes.py (only using "des" class)
  • doctests same as in the pycrypto wrapper
src/Cipher/python_DES3.py
  • wraps pyDes.py (only using "triple_des" class)
  • doctests same as in the pycrypto wrapper
src/Cipher/python_Rijndael.py
  • wraps pyrijndael.py
  • doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
src/Cipher/python_Serpent.py
  • wraps pyserpent.py
  • doctests for ECB, CBC
src/Cipher/python_Twofish.py
  • wraps pytwofish.py
  • doctests for ECB
src/Cipher/python_PRESENT.py
  • wraps pypresent.py
  • doctests for ECB and with varying amount of rounds (verified with reference C implementation)
Pure python implementations for blockciphers
src/Cipher/pyDes.py
src/Cipher/pyblowfish.py
src/Cipher/pyserpent.py
  • originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
  • added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
src/Cipher/pytwofish.py
src/Cipher/rijndael.py
src/Cipher/pypresent.py
CryptoPlus.Hash subpackage
src/Hash/__init__.py specify all the ciphers in the CryptoPlus.Hash package (new implementations and imports from pycrypto
src/Hash/python_*.py
  • wrappers for the pure python (py*.py) implementations of hash functions
  • provide "new()" function and some doctests
src/Hash/py*.py
  • pure python implementations of hash functions
  • pyradiogatun.py is own code, the rest is gathered from other sources
CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
src/Util/__init__.py
  • import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
src/Util/Fortuna.py
  • imports Crypto.Random.Fortuna.*
src/Util/OSRNG.py
  • imports Crypto.Random.OSRNG.*
CryptoPlus.Util subpackage
src/Util/__init__.py
  • import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
  • make new modules available: padding, util
src/Util/number.py
src/Util/randpool.py
src/Util/RFC1751.py
  • wrappers for the respective Crypto.Util modules
src/Util/python_compat.py
  • wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
src/Util/padding.py
  • own code for (un)padding raw strings
  • doctest for every padding function
src/Util/util.py
  • provides: number2string, roundUp, string2number, xorstring
Test scripts
test/test.py runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
test/test_doctests.py script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)

TODO

  • check other implementation of Blowfish
  • use unittest for test functions
  • check development of pycrypto:
    • Util.Counter & Util._counter
    • SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

Licenses

http://opensource.org/

Used by others

  • used from python truecrypt implementation
    all original code is under MIT license (much freedom according to [1])
    • pyTwofish (untouched)
      python truecrypt author isn't the original author = > extra copyright notice that should be left in place
    • pyserpent (untouched)
      python truecrypt author isn't the original author = > extra copyright notice that should be left in place
    • XTS (modified)
      python truecrypt author is the original author => only MIT License
    • GF2n.py(untouched)
      python truecrypt author is the original author => only MIT License
  • pyblowfish (untouched)
    gpl or artistic license
    To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
  • rijndael.py (untouched)
    using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
  • pyDes (untouched)
    public domain according to its homepage
  • blockciphers CBC, ECB, CTR from [2] (modified)
    keep copyright notice in place?
  • CMAC: omac.py
    GPL but not really used it, just used as a starting point

Used in CryptoPlus

  • pypresent.py
    • MIT license

Cipher module

Test Vectors

Chaining Modes

Ciphers

Hash Module

Current Situation

Stream Ciphers

Various info

Python