PyCryptoPlus
Back to SAGE & cryptology
Info
Differences with pycrypto
CryptoPlus | PyCrypto | ||||||
Block Ciphers | |||||||
---|---|---|---|---|---|---|---|
Block cipher algorithms | |||||||
Serpent | Py | ||||||
Blowfish | Py | C | |||||
Twofish | Py | ||||||
Idea | C | ||||||
DES | Py | C | |||||
3DES | Py | C | |||||
AES | Py | C | |||||
Rijndael | Py | ||||||
Present | Py | ||||||
Modes of operation | |||||||
CMAC | Py | ||||||
XCBC | |||||||
CBC-MAC | |||||||
CCM | |||||||
GCM | |||||||
ECB | Py | C | |||||
CBC | Py | C | |||||
CTR | Py | C | |||||
LRW | |||||||
XTS | Py | ||||||
MDC-2 | |||||||
Paddings | |||||||
bit padding | Py | ||||||
zeros | Py | ||||||
PKCS7 | Py | ||||||
PKCS12 | Py | ||||||
ISO 10126 | Py | ||||||
ANSI X.923 | Py |
- ciphers from pycrypto are being used with the python chaining modes and not the original pycrypto ones
=> plaintext can be supplied in arbitrary sizes instead of multiples of the blocksize like in pycrypto: the new chaining modes keep a cache to encrypt/decrypt data once the cachesize holds at least a blocksize of data - new possibilities:
- Rijndael, Serpent, Twofish
- Rijndael is limited to blocksizes of 128, 192 and 256 bits
- CMAC, XTS, CTR
- XTS is usable for ciphers with blocksizes of 16 bytes => XTS-AES, Serpent, Twofish
- XTS encrypts the given input at once while all other chain modes encrypt only when a block plaintext is available in the cache
- CMAC is usable for blocksizes of 8 and 16 bytes
- OFB,CFB and CTR can be accessed as a stream cipher (you get the encrypted message immediately, you don't have to wait until a complete block of plaintext has been provided to the cipher)
- Rijndael, Serpent, Twofish
- test functions are available via doctests and extensive tests that loop through dictionary of test vectors
- new pycrypto version will have it's own test bench for ciphers, this is not implemented yet
source structure
root of CryptoPlus package | |
---|---|
src/Hash.py | make all Crypto.Hash modules available under CryptoPlus.Hash |
src/Protocol.py | make all Crypto.Protocol modules available under CryptoPlus.Protocol |
src/PublicKey.py | make all Crypto.PublicKey modules available under CryptoPlus.PublicKey |
src/__init__.py | make the following modules available under the CryptoPlus package: "Cipher","PublicKey","Util","Protocol","Hash","testvectors" |
src/testvectors.py |
|
CryptoPlus.Cipher subpackage | |
src/Cipher/__init__.py | specify all the ciphers in the CryptoPlus.Cipher package + import of the streamcipher ARC4 and XOR |
src/Cipher/blockcipher.py |
|
Wrappers for pycrypto | |
src/Cipher/AES.py |
|
src/Cipher/ARC2.py |
|
src/Cipher/Blowfish.py |
|
src/Cipher/CAST.py |
|
src/Cipher/DES.py |
|
src/Cipher/DES3.py |
|
src/Cipher/IDEA.py |
|
src/Cipher/RC5.py |
|
Wrappers for pure python implementations | |
src/Cipher/python_AES.py |
|
src/Cipher/python_Blowfish.py |
|
src/Cipher/python_DES.py |
|
src/Cipher/python_DES3.py |
|
src/Cipher/python_Rijndael.py |
|
src/Cipher/python_Serpent.py |
|
src/Cipher/python_Twofish.py |
|
src/Cipher/python_PRESENT.py |
|
Pure python implementations for blockciphers | |
src/Cipher/pyDes.py |
|
src/Cipher/pyblowfish.py |
|
src/Cipher/pyserpent.py |
|
src/Cipher/pytwofish.py |
|
src/Cipher/rijndael.py |
|
src/Cipher/pypresent.py |
|
Util subpackage | |
src/Util/__init__.py |
|
src/Util/padding.py |
|
src/Util/util.py |
|
Test scripts | |
test/test.py | runs extensive test with verified test vectors for: CBC, CFB, OFB and CTR with AES, DES,TDES2/3, Serpent128/192/256, CMAC-AES128/192/256, CMAC-TDES2/3, XTS-AES, PRESENT (80 and 128 bit key) |
test/test_doctests.py | script to run all doctest available in every cipher wrapper (pure python and pycrypto wrapper) |
- verified = test vectors are support by an online source. A link is available in the doctest.
TODO
- add chaining modes:
CMAC, CTR mod? further importing of pycryptomake test vectors available as variables- add tests:
CBC for serpent, twofish, blowfish- XTS
is only tested by comparing deciphered ciphertext, not by checking ciphertext: XTS-AES doctest done
- check other implementation of Blowfish
final() method of chainsadd a cipher.final() method? pycrypto doesn't have it, but it doesn't really conflict with the pycrypto API. It will just extend itfinal() method should use padding. Choose padding function at initialization of the cipher => again: extending the API
- XTS
- make other blocksizes available besides 16 bytes?
- CMAC
- make other blocksizes available besides 8 and 16 bytes?
supply XTS keys by splitting 1 big key or by supplying two keys?
add rijndael instead of only AESadd docstring to every "new" function of every module, explaining what should be passed as arguments (probably the same for every function)
Move doctests there so they are easily viewable- check GF2 in XTS + can it be replaced by Sage's implementation of GF2 ( -> [1]? ) ?
decision: stays the way it is. When Sage's GF2 would be used, then CryptoPlus wouldn't work without sage.- GF2 not necessary anymore in XTS
- use unittest for test functions
- check development of pycrypto:
- Util.Counter & Util._counter
- SelfTest: usable to perform the test for python algo's in CryptoPlus if testvectors are in right format?
Tests available
- Doctests
- Blowfish: ECB, CBC, CFB, OFB
- all chain modes in AES
- Extensive external test (via tester.py)
- DES,TDES2,TDES3: ECB
- Serpent 128/192/256: ECB
- CMAC: AES128/192/256
- XTS: AES128/256 and plaintext multiples and non-multiples of 16 bytes
Licenses
- used from python truecrypt implementation
all original code is under MIT license (much freedom according to [2])- pyTwofish (untouched)
python truecrypt author isn't the original author = > extra copyright notice that should be left in place - pyserpent (untouched)
python truecrypt author isn't the original author = > extra copyright notice that should be left in place - XTS (modified)
python truecrypt author is the original author => only MIT License - GF2n.py(untouched)
python truecrypt author is the original author => only MIT License
- pyTwofish (untouched)
- pyblowfish (untouched)
gpl or artistic license
To not affect the rest of the distribution we've to redistribute it only under Artistic license terms - rijndael.py (untouched)
using tls lite (public domain) implementation which uses code from Bram Cohen (public domain) - pyDes (untouched)
public domain according to its homepage - blockciphers CBC, ECB, CTR from [3] (modified)
keep copyright notice in place? - CMAC: omac.py
GPL but not really used it, just used as a starting point
Various info
Python
- absolute relative imports: links with some info
- collect all doctests
- making a package
Setup Script
distutils vs setuptools
Dependencies checking on install: some info here.
- It seems that the 'requires' keyword in distutils has only a purpose of documentation, but 'install_requires' in setuptools really takes care of dependencies: availability of dependencies will be checked. If a package is not available, it will be checked for on pypi and installed automatically.
distutils
- setup.py
- creating a distribution tar.gz: "python setup.py sdist"
- installing the source distribution (sdist):
- untar .tar.gz: "cd dist && tar zxfv CryptoPlus-1.0.tar.gz -C ~/"
- "cd ~/CryptoPlus-1.0 && python setup.py install" - "egg way":
$ python setup.py bdist_egg
$ sudo easy_install dist/CryptoPlus-1.0-py2.5.egg
setuptools
- http://pypi.python.org/pypi/setuptools/
- manual: http://peak.telecommunity.com/DevCenter/setuptools
- it isn't installed by default on debian
- apt-get install python-setuptools
- sage-python has setuptools by default
Test Vectors
- Collection of test vectors for a broad group of ciphers
- AES, DES, 3DES: http://csrc.nist.gov/groups/STM/cavp/standards.html
- AES in CBC, CTR, OFB, CFB: html version of pdf
- CMAC test vectors in Special Publication 800-38B are faulty, use the corrected ones from here
- Rijndael: http://fp.gladman.plus.com/cryptography_technology/rijndael/
- zip file contains a full set of round values for each of the 25 block and key length combinations from 128, 160, 192, 224 and 256 bits for one input block and one key value
- DES (enkel ECB): http://www.skepticfiles.org/faq/testdes.htm
- Blowfish: http://www.schneier.com/code/vectors.txt
- Serpent: http://www.cs.technion.ac.il/~biham/Reports/Serpent/
- Twofish: http://www.schneier.com/code/ecb_ival.txt
- AES, DES: http://svn.python.org/projects/external/openssl-0.9.8a/test/evptests.txt
- CMAC
- AES & TDES: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
- AES, TDES2 & TDES3: http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
- fax folder contains usefull stuff: generation and verification tests with results
generation test: generate a correct mac
verification test: verify if provided mac for plaintext is correct
- fax folder contains usefull stuff: generation and verification tests with results
- XTS-AES: IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices
- ARC2: http://www.ietf.org/rfc/rfc2268.txt
- will be available in pycrypto >2.0.1
- CAST: http://www.rfc-editor.org/rfc/rfc2144.txt
Chaining Modes
- Wikipedia
- NIST
- XTS:
- https://siswg.net/index.php?option=com_content&task=view&id=38&Itemid=73
- http://blog.bjrn.se/2008/02/truecrypt-explained-truecrypt-5-update.html
- http://en.wikipedia.org/wiki/IEEE_P1619 = XTS-AES
- XTS-AES: IEEE P1619TM/D16: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices
- Comments: [4]
- "It should be mentioned explicitly in the description that when enciphering
many blocks, successive T values can and should be computed from prior ones via multiplication by alpha (providing that i remains fixed). This optimization, which is one of the best features of XEX, should be explicitly recommended in the standard."
- CMAC = OMAC1:
- AES-CMAC: http://tools.ietf.org/html/rfc4493#page-2
- NIST:
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication:SP 800-38B.pdf
Updated CMAC Examples - OMAC.py: http://github.com/jlhutch/jac/tree/master/omac.py
- OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
Ciphers
- Serpent
- http://www.cl.cam.ac.uk/~rja14/serpent.html
- python implementation used
at the momentin earlier versions: http://psionicist.online.fr/code/ - alternative python implementation (used in current version): http://www.cl.cam.ac.uk/~fms27/serpent/
- more info on this python implementation: http://www.cl.cam.ac.uk/~fms27/serpent/serpent-abstract.html
- Present
- Article: PRESENT: An Ultra-Lightweight Block Cipher
- Test Vector generator + ANSI-C implementation of present: [5]
- own implementation
- ARC2
- http://www.ietf.org/rfc/rfc2268.txt: publication + testvectors
- current pycrypto implementation fails all testvectors because of not correctly handling the "effective keylength". Fixed in upcoming release (+2.0.1) bugreportbugfix
- CAST
- RC5