Difference between revisions of "PyCryptoPlus"

From YobiWiki
Jump to navigation Jump to search
(→‎TODO: cleaned up todo list)
m (→‎source structure: removed "verified" testvector status as in all doctest the source of testvectors is mentioned now)
Line 119: Line 119:
 
|
 
|
 
*wraps Crypto.Cipher.AES
 
*wraps Crypto.Cipher.AES
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC (verified)
+
*doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
 
|-
 
|-
 
|src/Cipher/ARC2.py
 
|src/Cipher/ARC2.py
Line 139: Line 139:
 
|
 
|
 
*wraps Crypto.Cipher.DES
 
*wraps Crypto.Cipher.DES
*doctests for: ECB (verified)
+
*doctests for: ECB
 
|-
 
|-
 
|src/Cipher/DES3.py
 
|src/Cipher/DES3.py
 
|
 
|
 
*wraps Crypto.Cipher.DES3
 
*wraps Crypto.Cipher.DES3
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2 (verified)
+
*doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
 
|-
 
|-
 
|src/Cipher/IDEA.py
 
|src/Cipher/IDEA.py
Line 186: Line 186:
 
|
 
|
 
* wraps pyserpent.py
 
* wraps pyserpent.py
* doctests for ECB, CBC (?verified?)
+
* doctests for ECB, CBC
 
|-
 
|-
 
|src/Cipher/python_Twofish.py
 
|src/Cipher/python_Twofish.py
 
|
 
|
 
* wraps pytwofish.py
 
* wraps pytwofish.py
* doctests for ECB (?unverified?)
+
* doctests for ECB
 
|-
 
|-
 
|src/Cipher/python_PRESENT.py
 
|src/Cipher/python_PRESENT.py
Line 272: Line 272:
 
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
 
|script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)
 
|}
 
|}
* verified = test vectors are support by an online source. A link is available in the doctest.
 
   
 
==TODO==
 
==TODO==

Revision as of 21:20, 14 October 2008

Back to SAGE & cryptology

Info

Differences with pycrypto

CryptoPlus PyCrypto
Block Ciphers
Block cipher algorithms
Serpent Py
Blowfish Py C
Twofish Py
Idea C
DES Py C
3DES Py C
AES Py C
Rijndael Py
Present Py
Modes of operation
CMAC Py
XCBC
CBC-MAC
CCM
GCM
ECB Py C
CBC Py C
CTR Py C
LRW
XTS Py
MDC-2
Paddings
bit padding Py
zeros Py
PKCS7 Py
PKCS12 Py
ISO 10126 Py
ANSI X.923 Py


  • ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones
    => plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data
  • new possibilities:
    • Rijndael, Serpent, Twofish
      • Rijndael is limited to blocksizes of 128, 192 and 256 bits
    • CMAC, XTS, CTR
      • XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
      • XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
      • CMAC is usable for blocksizes of 8 and 16 bytes
    • OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
  • test functions are available via doctests and extensive tests that loop through dictionary of test vectors
    • new pycrypto version will have it's own test bench for ciphers, this is not implemented yet

source structure

root of CryptoPlus package
src/Hash.py make all Crypto.Hash modules available under CryptoPlus.Hash
src/Protocol.py make all Crypto.Protocol modules available under CryptoPlus.Protocol
src/PublicKey.py make all Crypto.PublicKey modules available under CryptoPlus.PublicKey
src/__init__.py make the following modules available under the CryptoPlus package:
  • always: "Cipher","PublicKey","Util","Protocol","Hash","testvectors"
  • if pycrypto > 2.0.1: "SelfTest", "Random"
src/testvectors.py
  • contains dictionaries with testvectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES
  • used by test/test.py
CryptoPlus.Cipher subpackage
src/Cipher/__init__.py specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR
src/Cipher/blockcipher.py
  • class BlockCipher: parent class for every cipher you constructs. Holds some variabeles (key, blocksize) and objects (blockcipher, chain mode).
  • classes for every chain mode: the BlockCipher uses one of these as the chaining mode object. They are all own python code but sometimes based on non-complete code that was available.
Wrappers for pycrypto
src/Cipher/AES.py
  • wraps Crypto.Cipher.AES
  • doctests for: ECB, CBC, CFB, OFB, CTR, XTS, CMAC
src/Cipher/ARC2.py
  • wraps Crypto.Cipher.ARC2
  • doctests for: 1 ECB example
src/Cipher/Blowfish.py
  • wraps Crypto.Cipher.Blowfish
  • doctests for: ECB, CBC, CFB, OFB
src/Cipher/CAST.py
  • wraps Crypto.Cipher.CAST
  • doctests for: 2 ECB examples (128 bit and 40 bit key size)
src/Cipher/DES.py
  • wraps Crypto.Cipher.DES
  • doctests for: ECB
src/Cipher/DES3.py
  • wraps Crypto.Cipher.DES3
  • doctests for: CBC, CMAC TDES-EDE3, CMAC TDES-EDE2
src/Cipher/IDEA.py
  • wraps Crypto.Cipher.IDEA
  • doctests for: 1 ECB example
src/Cipher/RC5.py
  • wraps Crypto.Cipher.RC5
  • doctests for: 1 ECB example
Wrappers for pure python implementations
src/Cipher/python_AES.py
  • wraps rijndael.py (only for the AES blocksize of 128bits)
  • doctests same as in the pycrypto wrapper
src/Cipher/python_Blowfish.py
  • wraps pyblowfish.py
  • doctests same as in the pycrypto wrapper
src/Cipher/python_DES.py
  • wraps pyDes.py (only using "des" class)
  • doctests same as in the pycrypto wrapper
src/Cipher/python_DES3.py
  • wraps pyDes.py (only using "triple_des" class)
  • doctests same as in the pycrypto wrapper
src/Cipher/python_Rijndael.py
  • wraps pyrijndael.py
  • doctests for ECB, CBC, XTS (CBC and XTS are AES test vectors)
src/Cipher/python_Serpent.py
  • wraps pyserpent.py
  • doctests for ECB, CBC
src/Cipher/python_Twofish.py
  • wraps pytwofish.py
  • doctests for ECB
src/Cipher/python_PRESENT.py
  • wraps pypresent.py
  • doctests for ECB and with varying amount of rounds (verified with reference C implementation)
Pure python implementations for blockciphers
src/Cipher/pyDes.py
src/Cipher/pyblowfish.py
src/Cipher/pyserpent.py
  • originally found here: http://www.cl.cam.ac.uk/~fms27/serpent/
  • added class to wrap all the functions needed in one class so that the serpent cipher can be accessed like all other pure python ciphers
src/Cipher/pytwofish.py
src/Cipher/rijndael.py
src/Cipher/pypresent.py
CryptoPlus.Random subpackage (only used if pycrypto version > 2.0.1)
src/Util/__init__.py
  • import modules from original Crypto.Random: _UserFriendlyRNG, atfork, random
src/Util/Fortuna.py
  • imports Crypto.Random.Fortuna.*
src/Util/OSRNG.py
  • imports Crypto.Random.OSRNG.*
CryptoPlus.Util subpackage
src/Util/__init__.py
  • import modules from original Crypto.Util: number, randpool, RFC1751, python_compat
  • make new modules available: padding, util
src/Util/number.py
src/Util/randpool.py
src/Util/RFC1751.py
  • wrappers for the respective Crypto.Util modules
src/Util/python_compat.py
  • wrapper for Crypto.Util.python_compat if pycrypto > 2.0.1
src/Util/padding.py
  • own code for (un)padding raw strings
  • doctest for every padding function
src/Util/util.py
  • provides: number2string, roundUp, string2number, xorstring
Test scripts
test/test.py runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key), Twofish (128/192/256bits keys)
test/test_doctests.py script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper)

TODO

  • check other implementation of Blowfish
  • use unittest for test functions
  • check development of pycrypto:
    • Util.Counter & Util._counter
    • SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?

Licenses

http://opensource.org/

Used by others

  • used from python truecrypt implementation
    all original code is under MIT license (much freedom according to [1])
    • pyTwofish (untouched)
      python truecrypt author isn't the original author = > extra copyright notice that should be left in place
    • pyserpent (untouched)
      python truecrypt author isn't the original author = > extra copyright notice that should be left in place
    • XTS (modified)
      python truecrypt author is the original author => only MIT License
    • GF2n.py(untouched)
      python truecrypt author is the original author => only MIT License
  • pyblowfish (untouched)
    gpl or artistic license
    To not affect the rest of the distribution we've to redistribute it only under Artistic license terms
  • rijndael.py (untouched)
    using tls lite (public domain) implementation which uses code from Bram Cohen (public domain)
  • pyDes (untouched)
    public domain according to its homepage
  • blockciphers CBC, ECB, CTR from [2] (modified)
    keep copyright notice in place?
  • CMAC: omac.py
    GPL but not really used it, just used as a starting point

Used in CryptoPlus

  • pypresent.py
    • MIT license

Various info

Python

Setup Script

distutils vs setuptools

Dependencies checking on install: some info here.

It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on pypi and installed automatically.
distutils
  • setup.py
    • creating a distribution tar.gz: "python setup.py sdist"
    • installing the source distribution (sdist):
      - untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/"
      - "cd ~/CryptoPlus-1.0 && python setup.py install"
    • "egg way":
      $ python setup.py bdist_egg
      $ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg
setuptools

Test Vectors

Chaining Modes

Ciphers