From 8ce57cc683ea1dd69bdde6275ef9b1780bb79147 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABtan=20Cassiers?= Date: Mon, 27 Jan 2020 21:37:11 +0100 Subject: [PATCH] Remove the 'p' parameter from the API surface This matches NIST API and reference implementation. The 'p' public key is now part of the key: * if the key 'k' is 16 bytes, the su mode is selected * if the key 'k' is 32 bytes, the mu mode is selected and p is extracted from 'k'. This a a BREAKING CHANGE. --- LICENSE | 2 +- README.md | 6 ++++++ spook.py | 21 ++++++++++++--------- test.py | 7 ++----- 4 files changed, 21 insertions(+), 15 deletions(-) diff --git a/LICENSE b/LICENSE index d3998e2..e452190 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2019 Gaëtan Cassiers +Copyright (c) 2019, 2020 Gaëtan Cassiers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index daeac0d..5967332 100644 --- a/README.md +++ b/README.md @@ -12,3 +12,9 @@ The `spook_encrypt` and `spook_decrypt` functions take as input bytes objects. T ## License This software distributed under the terms of the MIT license. See [LICENSE](LICENSE) for details. + +## Changelog (see git log for details) + +- `v1.0` Initial version +- `v2.0` Remove the `p` parameter from the API to match the NIST API. + diff --git a/spook.py b/spook.py index e59b586..b58fe07 100644 --- a/spook.py +++ b/spook.py @@ -1,6 +1,6 @@ # MIT License # -# Copyright (c) 2019 Gaëtan Cassiers +# Copyright (c) 2019, 2020 Gaëtan Cassiers # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -38,6 +38,8 @@ Implementation details: of LS states. """ +__version__= '2.0' + SMALL_PERM=False N_STEPS=6 @@ -188,14 +190,15 @@ def shadow(x): def pad_bytes(b,n=LS_SIZE): return b.ljust(n, bytes((0,))) -def init_sponge_state(k, p, n): - if p: - assert len(p) == 16 - p = bytearray(p) +def init_sponge_state(k, n): + if len(k) == 32: + # mu variant + p = bytearray(k[16:]) p[-1] &= 0x7F p[-1] |= 0x40 p = bytes2state(p) else: + assert len(k) == 16 p = (0, 0, 0, 0) n = bytes2state(n) b = clyde_encrypt(n, p, bytes2state(k)) @@ -239,8 +242,8 @@ def compress_data(x, data, mode='ENC'): x = shadow(x) return x, res -def spook_encrypt(ad, m, k, p, n): - x = init_sponge_state(k, p, n) +def spook_encrypt(ad, m, k, n): + x = init_sponge_state(k, n) x, _ = compress_data(x, ad) if m: x[-2][0] ^= 0x1 @@ -251,8 +254,8 @@ def spook_encrypt(ad, m, k, p, n): tag = state2bytes(clyde_encrypt(x[0], x[1], bytes2state(k))) return c+tag -def spook_decrypt(ad, c, k, p, n): - x = init_sponge_state(k, p, n) +def spook_decrypt(ad, c, k, n): + x = init_sponge_state(k, n) x, _ = compress_data(x, ad) if len(c) > LS_SIZE: x[-2][0] ^= 0x1 diff --git a/test.py b/test.py index f1535e9..9fc1b9c 100644 --- a/test.py +++ b/test.py @@ -3,16 +3,13 @@ import spook def test_spook_lwc(ad, m, k, n, c): - p = k[16:] - k = k[:16] print('AD', ad) print('M', m) print('k', k) - print('p', p) print('n', n) print('c', c) - c2 = spook.spook_encrypt(ad, m, k, p, n) - m2 = spook.spook_decrypt(ad, c2, k, p, n) + c2 = spook.spook_encrypt(ad, m, k, n) + m2 = spook.spook_decrypt(ad, c2, k, n) assert m2 == m, 'wrong inverse {} {}'.format(m, m2) assert c2 == c, 'not matching TV {} {}'.format(c, c2) -- GitLab