Commit 8ce57cc6 authored by Gaëtan Cassiers's avatar Gaëtan Cassiers

Remove the 'p' parameter from the API surface

This matches NIST API and reference implementation.
The 'p' public key is now part of the key:
* if the key 'k' is 16 bytes, the su mode is selected
* if the key 'k' is 32 bytes, the mu mode is selected and
p is extracted from 'k'.

This a a BREAKING CHANGE.
parent f2f05422
MIT License MIT License
Copyright (c) 2019 Gaëtan Cassiers Copyright (c) 2019, 2020 Gaëtan Cassiers
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal
......
...@@ -12,3 +12,9 @@ The `spook_encrypt` and `spook_decrypt` functions take as input bytes objects. T ...@@ -12,3 +12,9 @@ The `spook_encrypt` and `spook_decrypt` functions take as input bytes objects. T
## License ## License
This software distributed under the terms of the MIT license. See [LICENSE](LICENSE) for details. This software distributed under the terms of the MIT license. See [LICENSE](LICENSE) for details.
## Changelog (see git log for details)
- `v1.0` Initial version
- `v2.0` Remove the `p` parameter from the API to match the NIST API.
# MIT License # MIT License
# #
# Copyright (c) 2019 Gaëtan Cassiers # Copyright (c) 2019, 2020 Gaëtan Cassiers
# #
# Permission is hereby granted, free of charge, to any person obtaining a copy # Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal # of this software and associated documentation files (the "Software"), to deal
...@@ -38,6 +38,8 @@ Implementation details: ...@@ -38,6 +38,8 @@ Implementation details:
of LS states. of LS states.
""" """
__version__= '2.0'
SMALL_PERM=False SMALL_PERM=False
N_STEPS=6 N_STEPS=6
...@@ -188,14 +190,15 @@ def shadow(x): ...@@ -188,14 +190,15 @@ def shadow(x):
def pad_bytes(b,n=LS_SIZE): def pad_bytes(b,n=LS_SIZE):
return b.ljust(n, bytes((0,))) return b.ljust(n, bytes((0,)))
def init_sponge_state(k, p, n): def init_sponge_state(k, n):
if p: if len(k) == 32:
assert len(p) == 16 # mu variant
p = bytearray(p) p = bytearray(k[16:])
p[-1] &= 0x7F p[-1] &= 0x7F
p[-1] |= 0x40 p[-1] |= 0x40
p = bytes2state(p) p = bytes2state(p)
else: else:
assert len(k) == 16
p = (0, 0, 0, 0) p = (0, 0, 0, 0)
n = bytes2state(n) n = bytes2state(n)
b = clyde_encrypt(n, p, bytes2state(k)) b = clyde_encrypt(n, p, bytes2state(k))
...@@ -239,8 +242,8 @@ def compress_data(x, data, mode='ENC'): ...@@ -239,8 +242,8 @@ def compress_data(x, data, mode='ENC'):
x = shadow(x) x = shadow(x)
return x, res return x, res
def spook_encrypt(ad, m, k, p, n): def spook_encrypt(ad, m, k, n):
x = init_sponge_state(k, p, n) x = init_sponge_state(k, n)
x, _ = compress_data(x, ad) x, _ = compress_data(x, ad)
if m: if m:
x[-2][0] ^= 0x1 x[-2][0] ^= 0x1
...@@ -251,8 +254,8 @@ def spook_encrypt(ad, m, k, p, n): ...@@ -251,8 +254,8 @@ def spook_encrypt(ad, m, k, p, n):
tag = state2bytes(clyde_encrypt(x[0], x[1], bytes2state(k))) tag = state2bytes(clyde_encrypt(x[0], x[1], bytes2state(k)))
return c+tag return c+tag
def spook_decrypt(ad, c, k, p, n): def spook_decrypt(ad, c, k, n):
x = init_sponge_state(k, p, n) x = init_sponge_state(k, n)
x, _ = compress_data(x, ad) x, _ = compress_data(x, ad)
if len(c) > LS_SIZE: if len(c) > LS_SIZE:
x[-2][0] ^= 0x1 x[-2][0] ^= 0x1
......
...@@ -3,16 +3,13 @@ ...@@ -3,16 +3,13 @@
import spook import spook
def test_spook_lwc(ad, m, k, n, c): def test_spook_lwc(ad, m, k, n, c):
p = k[16:]
k = k[:16]
print('AD', ad) print('AD', ad)
print('M', m) print('M', m)
print('k', k) print('k', k)
print('p', p)
print('n', n) print('n', n)
print('c', c) print('c', c)
c2 = spook.spook_encrypt(ad, m, k, p, n) c2 = spook.spook_encrypt(ad, m, k, n)
m2 = spook.spook_decrypt(ad, c2, k, p, n) m2 = spook.spook_decrypt(ad, c2, k, n)
assert m2 == m, 'wrong inverse {} {}'.format(m, m2) assert m2 == m, 'wrong inverse {} {}'.format(m, m2)
assert c2 == c, 'not matching TV {} {}'.format(c, c2) assert c2 == c, 'not matching TV {} {}'.format(c, c2)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment