From 86082bbc2b778ac98757dc091e191bf1e5dd356d Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 16 Jul 2017 15:06:45 +0100 Subject: [PATCH] Makefile, ocbgen: Handle 512-bit blocks. Introduce a completely crazy 512-bit double-Luby--Rackoff stunt block cipher to demonstrate. --- Makefile | 21 ++++++++++++++++++++- find-stretch.sage | 2 +- ocbgen | 25 +++++++++++++++++++------ 3 files changed, 40 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 229d13b..6f980be 100644 --- a/Makefile +++ b/Makefile @@ -38,11 +38,15 @@ misc192_K1 = 17161514131211100f0e0d0c0b0a09080706050403020100 misc256_K0 = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f misc256_K1 = 1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100 +misc512_K0 = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +misc512_K1 = 3f3e3d3c3b3a393837363534333231302f2e2d2c2b2a292827262524232221201f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100 + b64_N0 = 554433221100 b96_N0 = 887766554433221100 b128_N0 = bbaa99887766554433221100 b192_N0 = 2110ffeeddccbbaa99887766554433221100 b256_N0 = 8776655443322110ffeeddccbbaa99887766554433221100 +b512_N0 = aa9998887776665554443332221110000ffeeddccbbaa9988776655443322110ffeeddccbbaa99887766554433221100 BLKC += des3 des3_PRETTY = 3DES @@ -93,6 +97,14 @@ $(eval $(call def-lraes,128,128)) $(eval $(call def-lraes,192,192)) $(eval $(call def-lraes,256,256)) +BLKC += dlraes512 +dlraes512_PRETTY = DLRAES512 +dlraes512_NAME = dlraes512 +dlraes512_BLKSZ = 512 +dlraes512_K0 = $(misc256_K0) +dlraes512_K1 = $(misc256_K1) +dlraes512_KSZS = $(aes_KSZS) + BLKSZS = $(sort $(foreach c,$(BLKC),$($c_BLKSZ))) auto.mk: Makefile @@ -190,14 +202,21 @@ lraes96_M0 = 00112233445566778899aabb lraes128_M0 = 00112233445566778899aabbccddeeff lraes192_M0 = 00112233445566778899aabbccddeeff0112233445566778 lraes256_M0 = 00112233445566778899aabbccddeeff0112233445566778899aabbccddeeff0 +lraes512_M0 = 00112233445566778899aabbccddeeff0112233445566778899aabbccddeeff00000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff TARGETS += $(LRAESVERBOSE) -LRAESVERBOSE = $(foreach k,$(LRAES), lraes$k.verbose) +LRAESVERBOSE = $(foreach w,$(LRAES), lraes$w.verbose) $(LRAESVERBOSE): lraes%.verbose: ocbgen Makefile $(call v_tag,LRAES)./ocbgen >$@.new ocb3 rijndael lraes $$(( $*/8 )) \ $(lraes$*_K0) $(lraes$*_M0) $(V_AT)mv $@.new $@ +TARGETS += dlraes512.verbose +dlraes512.verbose: ocbgen Makefile + $(call v_tag,LRAES)./ocbgen >$@.new ocb3 lraes256 lraes 64 \ + $(dlraes512_K0) $(lraes512_M0) + $(V_AT)mv $@.new $@ + all:: $(TARGETS) CLEAN += $(TARGETS) diff --git a/find-stretch.sage b/find-stretch.sage index cdd408b..61aef46 100644 --- a/find-stretch.sage +++ b/find-stretch.sage @@ -50,6 +50,6 @@ def stretch_shift(w): elif bits > best_bits: best_bits, best_dom, best_c = bits, d, c return best_c, best_dom -for w in [64, 96, 128, 192, 256]: +for w in [64, 96, 128, 192, 256, 512]: c, dom = stretch_shift(w) print '%3d: %3d [%d]' % (w, c, dom) diff --git a/ocbgen b/ocbgen index acdd997..a0c360f 100755 --- a/ocbgen +++ b/ocbgen @@ -25,6 +25,7 @@ from sys import argv, stderr from struct import pack from itertools import izip +from contextlib import contextmanager import catacomb as C R = C.FibRand(0) @@ -153,25 +154,35 @@ class LubyRackoffCipher (type): me.bc = bc return me +@contextmanager +def muffle(): + global VERBOSE, LRVERBOSE + _v, _lrv = VERBOSE, LRVERBOSE + try: + VERBOSE = LRVERBOSE = False + yield None + finally: + VERBOSE, LRVERBOSE = _v, _lrv + class LubyRackoffBase (object): NR = 4 # for strong-PRP security def __init__(me, k): if LRVERBOSE: print 'K = %s' % hex(k) bc, blksz = me.__class__.bc, me.__class__.blksz - E = bc(k) + with muffle(): E = bc(k) me.f = [] ksz = len(k) i = C.MP(0) for j in xrange(me.NR): b = C.WriteBuffer() while b.size < ksz: - x = E.encrypt(i.storeb(bc.blksz)) + with muffle(): x = E.encrypt(i.storeb(bc.blksz)) b.put(x) if LRVERBOSE: print 'E(K; [%d]) = %s' % (i, hex(x)) i += 1 kj = C.ByteString(C.ByteString(b)[0:ksz]) if LRVERBOSE: print 'K_%d = %s' % (j, hex(kj)) - me.f.append(bc(kj)) + with muffle(): me.f.append(bc(kj)) def encrypt(me, m): bc, blksz = me.__class__.bc, me.__class__.blksz assert len(m) == blksz @@ -179,7 +190,7 @@ class LubyRackoffBase (object): if LRVERBOSE: print 'L_0, R_0 = %s, %s' % (hex(l), hex(r)) for j in xrange(me.NR): l0 = pad0star(l, bc.blksz) - t = me.f[j].encrypt(l0) + with muffle(): t = me.f[j].encrypt(l0) l, r = r ^ t[:blksz/2], l if LRVERBOSE: print 'E(K_%d; L_%d || 0^*) = %s' % (j, j, hex(t)) @@ -191,7 +202,7 @@ class LubyRackoffBase (object): l, r = C.ByteString(c[:blksz/2]), C.ByteString(c[blksz/2:]) for j in xrange(me.NR - 1, -1, -1): l0 = pad0star(l, bc.blksz) - t = me.f[j].encrypt(l0) + with muffle(): t = me.f[j].encrypt(l0) if LRVERBOSE: print 'L_%d, R_%d = %s, %s' % (j + 1, j + 1, hex(l), hex(r)) print 'E(K_%d; L_%d || 0^*) = %s' % (j + 1, j + 1, hex(t)) @@ -202,6 +213,7 @@ class LubyRackoffBase (object): LRAES = {} for i in [8, 12, 16, 24, 32]: LRAES['lraes%d' % (8*i)] = LubyRackoffCipher(C.rijndael, i) +LRAES['dlraes512'] = LubyRackoffCipher(LubyRackoffCipher(C.rijndael, 32), 64) ###-------------------------------------------------------------------------- ### PMAC. @@ -386,7 +398,8 @@ OCB3_STRETCH = { 8: (5, 25), 12: (6, 33), 16: (6, 8), 24: (7, 40), - 32: (7, 120) } + 32: (7, 120), + 64: (8, 240) } def ocb3(E, n, h, m, tsz = None): blksz = E.__class__.blksz -- 2.11.0