Commit 8ce57cc6 authored by Gaëtan Cassiers's avatar Gaëtan Cassiers

Remove the 'p' parameter from the API surface

This matches NIST API and reference implementation.
The 'p' public key is now part of the key:
* if the key 'k' is 16 bytes, the su mode is selected
* if the key 'k' is 32 bytes, the mu mode is selected and
p is extracted from 'k'.

This a a BREAKING CHANGE.
parent f2f05422
MIT License
Copyright (c) 2019 Gaëtan Cassiers
Copyright (c) 2019, 2020 Gaëtan Cassiers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
......
......@@ -12,3 +12,9 @@ The `spook_encrypt` and `spook_decrypt` functions take as input bytes objects. T
## License
This software distributed under the terms of the MIT license. See [LICENSE](LICENSE) for details.
## Changelog (see git log for details)
- `v1.0` Initial version
- `v2.0` Remove the `p` parameter from the API to match the NIST API.
# MIT License
#
# Copyright (c) 2019 Gaëtan Cassiers
# Copyright (c) 2019, 2020 Gaëtan Cassiers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
......@@ -38,6 +38,8 @@ Implementation details:
of LS states.
"""
__version__= '2.0'
SMALL_PERM=False
N_STEPS=6
......@@ -188,14 +190,15 @@ def shadow(x):
def pad_bytes(b,n=LS_SIZE):
return b.ljust(n, bytes((0,)))
def init_sponge_state(k, p, n):
if p:
assert len(p) == 16
p = bytearray(p)
def init_sponge_state(k, n):
if len(k) == 32:
# mu variant
p = bytearray(k[16:])
p[-1] &= 0x7F
p[-1] |= 0x40
p = bytes2state(p)
else:
assert len(k) == 16
p = (0, 0, 0, 0)
n = bytes2state(n)
b = clyde_encrypt(n, p, bytes2state(k))
......@@ -239,8 +242,8 @@ def compress_data(x, data, mode='ENC'):
x = shadow(x)
return x, res
def spook_encrypt(ad, m, k, p, n):
x = init_sponge_state(k, p, n)
def spook_encrypt(ad, m, k, n):
x = init_sponge_state(k, n)
x, _ = compress_data(x, ad)
if m:
x[-2][0] ^= 0x1
......@@ -251,8 +254,8 @@ def spook_encrypt(ad, m, k, p, n):
tag = state2bytes(clyde_encrypt(x[0], x[1], bytes2state(k)))
return c+tag
def spook_decrypt(ad, c, k, p, n):
x = init_sponge_state(k, p, n)
def spook_decrypt(ad, c, k, n):
x = init_sponge_state(k, n)
x, _ = compress_data(x, ad)
if len(c) > LS_SIZE:
x[-2][0] ^= 0x1
......
......@@ -3,16 +3,13 @@
import spook
def test_spook_lwc(ad, m, k, n, c):
p = k[16:]
k = k[:16]
print('AD', ad)
print('M', m)
print('k', k)
print('p', p)
print('n', n)
print('c', c)
c2 = spook.spook_encrypt(ad, m, k, p, n)
m2 = spook.spook_decrypt(ad, c2, k, p, n)
c2 = spook.spook_encrypt(ad, m, k, n)
m2 = spook.spook_decrypt(ad, c2, k, n)
assert m2 == m, 'wrong inverse {} {}'.format(m, m2)
assert c2 == c, 'not matching TV {} {}'.format(c, c2)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment