From cf6ffb5ef3b50fb6485f3e669c28156c03a5420c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 12 Feb 2014 16:17:04 -0600 Subject: add cast5 (cbc, cfb, ofb) vector source info to docs --- docs/development/custom-vectors/cast5.rst | 31 +++++ .../custom-vectors/cast5/generate_cast5.py | 58 +++++++++ .../custom-vectors/cast5/verify_cast5.go | 141 +++++++++++++++++++++ 3 files changed, 230 insertions(+) create mode 100644 docs/development/custom-vectors/cast5.rst create mode 100644 docs/development/custom-vectors/cast5/generate_cast5.py create mode 100644 docs/development/custom-vectors/cast5/verify_cast5.go (limited to 'docs/development/custom-vectors') diff --git a/docs/development/custom-vectors/cast5.rst b/docs/development/custom-vectors/cast5.rst new file mode 100644 index 00000000..bbe155c8 --- /dev/null +++ b/docs/development/custom-vectors/cast5.rst @@ -0,0 +1,31 @@ +CAST5 Vector Creation +===================== + +This page documents the code that was used to generate the CAST5 CBC, CFB, and +OFB test vectors as well as the code used to verify them against another +implementation. For CAST5 the vectors were generated using OpenSSL and verified +with Go. + +Creation +-------- + +``cryptography`` was modified to support CAST5 in CBC, CFB, and OFB modes. Then +the following python script was run to generate the vector files. + +.. literalinclude:: /development/custom-vectors/cast5/generate_cast5.py + :linenos: + :lines: 7-16 + +Full code: :download:`generate_cast5.py ` + + +Verification +------------ + +The following go code was used to verify the vectors. + +.. literalinclude:: /development/custom-vectors/cast5/verify_cast5.go + :linenos: + :lines: 36-52 + +Full code: :download:`verify_cast5.go ` diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py new file mode 100644 index 00000000..f038825a --- /dev/null +++ b/docs/development/custom-vectors/cast5/generate_cast5.py @@ -0,0 +1,58 @@ +import binascii + +from cryptography.hazmat.backends.openssl.backend import backend +from cryptography.hazmat.primitives.ciphers import base, algorithms, modes + + +def encrypt(mode, key, iv, plaintext): + cipher = base.Cipher( + algorithms.CAST5(binascii.unhexlify(key)), + mode(binascii.unhexlify(iv)), + backend + ) + encryptor = cipher.encryptor() + ct = encryptor.update(binascii.unhexlify(plaintext)) + ct += encryptor.finalize() + return binascii.hexlify(ct) + + +def build_vectors(mode, filename): + vector_file = open(filename, "r") + + count = 0 + output = [] + key = None + iv = None + plaintext = None + ct = None + for line in vector_file: + line = line.strip() + if line.startswith("KEY"): + if count != 0: + output.append("CIPHERTEXT = {}".format(encrypt(mode, key, iv, plaintext))) + output.append("\nCOUNT = {}".format(count)) + count += 1 + name, key = line.split(" = ") + output.append("KEY = {}".format(key)) + elif line.startswith("IV"): + name, iv = line.split(" = ") + iv = iv[0:16] + output.append("IV = {}".format(iv)) + elif line.startswith("PLAINTEXT"): + name, plaintext = line.split(" = ") + output.append("PLAINTEXT = {}".format(plaintext)) + + output.append("CIPHERTEXT = {}".format(encrypt(mode, key, iv, plaintext))) + return "\n".join(output) + + +def write_file(data, filename): + with open(filename, "w") as f: + f.write(data) + +cbc_path = "tests/hazmat/primitives/vectors/ciphers/AES/CBC/CBCMMT128.rsp" +write_file(build_vectors(modes.CBC, cbc_path), "cast5-cbc.txt") +ofb_path = "tests/hazmat/primitives/vectors/ciphers/AES/OFB/OFBMMT128.rsp" +write_file(build_vectors(modes.OFB, ofb_path), "cast5-ofb.txt") +cfb_path = "tests/hazmat/primitives/vectors/ciphers/AES/CFB/CFB128MMT128.rsp" +write_file(build_vectors(modes.CFB, cfb_path), "cast5-cfb.txt") diff --git a/docs/development/custom-vectors/cast5/verify_cast5.go b/docs/development/custom-vectors/cast5/verify_cast5.go new file mode 100644 index 00000000..1ea10538 --- /dev/null +++ b/docs/development/custom-vectors/cast5/verify_cast5.go @@ -0,0 +1,141 @@ +package main + +import ( + "bufio" + "bytes" + "code.google.com/p/go.crypto/cast5" + "crypto/cipher" + "encoding/hex" + "fmt" + "os" + "strings" +) + +func unhexlify(s string) []byte { + bytes, err := hex.DecodeString(s) + if err != nil { + panic(err) + } + return bytes +} + +type VectorArgs struct { + count string + key string + iv string + plaintext string + ciphertext string +} + +type VectorVerifier interface { + validate(count string, key, iv, plaintext, expected_ciphertext []byte) +} + +type ofbVerifier struct{} + +func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { + block, err := cast5.NewCipher(key) + if err != nil { + panic(err) + } + + ciphertext := make([]byte, len(plaintext)) + stream := cipher.NewOFB(block, iv) + stream.XORKeyStream(ciphertext, plaintext) + + if !bytes.Equal(ciphertext, expected_ciphertext) { + panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", + count, + hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(ciphertext))) + } +} + +type cbcVerifier struct{} + +func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { + block, err := cast5.NewCipher(key) + if err != nil { + panic(err) + } + + ciphertext := make([]byte, len(plaintext)) + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(ciphertext, plaintext) + + if !bytes.Equal(ciphertext, expected_ciphertext) { + panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", + count, + hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(ciphertext))) + } +} + +type cfbVerifier struct{} + +func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { + block, err := cast5.NewCipher(key) + if err != nil { + panic(err) + } + + ciphertext := make([]byte, len(plaintext)) + stream := cipher.NewCFBEncrypter(block, iv) + stream.XORKeyStream(ciphertext, plaintext) + + if !bytes.Equal(ciphertext, expected_ciphertext) { + panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", + count, + hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(ciphertext))) + } +} + +func validateVectors(verifier VectorVerifier, filename string) { + vectors, err := os.Open(filename) + if err != nil { + panic(err) + } + defer vectors.Close() + + var segments []string + var vector *VectorArgs + + scanner := bufio.NewScanner(vectors) + for scanner.Scan() { + segments = strings.Split(scanner.Text(), " = ") + + switch { + case strings.ToUpper(segments[0]) == "COUNT": + if vector != nil { + verifier.validate(vector.count, + unhexlify(vector.key), + unhexlify(vector.iv), + unhexlify(vector.plaintext), + unhexlify(vector.ciphertext)) + } + vector = &VectorArgs{count: segments[1]} + case strings.ToUpper(segments[0]) == "IV": + vector.iv = segments[1][:16] + case strings.ToUpper(segments[0]) == "KEY": + vector.key = segments[1] + case strings.ToUpper(segments[0]) == "PLAINTEXT": + vector.plaintext = segments[1] + case strings.ToUpper(segments[0]) == "CIPHERTEXT": + vector.ciphertext = segments[1] + } + } + +} + +func main() { + validateVectors(ofbVerifier{}, + "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ofb.txt") + fmt.Println("OFB OK.") + validateVectors(cfbVerifier{}, + "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cfb.txt") + fmt.Println("CFB OK.") + validateVectors(cbcVerifier{}, + "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt") + fmt.Println("CBC OK.") +} -- cgit v1.2.3 From 9f540f2bdc70bed5bb06d96c70e45955cb45e5f1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 12 Feb 2014 17:51:57 -0600 Subject: improve formatting and fix pep8 for generate/verify cast5 scripts --- .../custom-vectors/cast5/generate_cast5.py | 4 +- .../custom-vectors/cast5/verify_cast5.go | 212 ++++++++++----------- 2 files changed, 109 insertions(+), 107 deletions(-) (limited to 'docs/development/custom-vectors') diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py index f038825a..fe898ff2 100644 --- a/docs/development/custom-vectors/cast5/generate_cast5.py +++ b/docs/development/custom-vectors/cast5/generate_cast5.py @@ -29,7 +29,9 @@ def build_vectors(mode, filename): line = line.strip() if line.startswith("KEY"): if count != 0: - output.append("CIPHERTEXT = {}".format(encrypt(mode, key, iv, plaintext))) + output.append("CIPHERTEXT = {}".format( + encrypt(mode, key, iv, plaintext)) + ) output.append("\nCOUNT = {}".format(count)) count += 1 name, key = line.split(" = ") diff --git a/docs/development/custom-vectors/cast5/verify_cast5.go b/docs/development/custom-vectors/cast5/verify_cast5.go index 1ea10538..49e1023d 100644 --- a/docs/development/custom-vectors/cast5/verify_cast5.go +++ b/docs/development/custom-vectors/cast5/verify_cast5.go @@ -1,141 +1,141 @@ package main import ( - "bufio" - "bytes" - "code.google.com/p/go.crypto/cast5" - "crypto/cipher" - "encoding/hex" - "fmt" - "os" - "strings" + "bufio" + "bytes" + "code.google.com/p/go.crypto/cast5" + "crypto/cipher" + "encoding/hex" + "fmt" + "os" + "strings" ) func unhexlify(s string) []byte { - bytes, err := hex.DecodeString(s) - if err != nil { - panic(err) - } - return bytes + bytes, err := hex.DecodeString(s) + if err != nil { + panic(err) + } + return bytes } type VectorArgs struct { - count string - key string - iv string - plaintext string - ciphertext string + count string + key string + iv string + plaintext string + ciphertext string } type VectorVerifier interface { - validate(count string, key, iv, plaintext, expected_ciphertext []byte) + validate(count string, key, iv, plaintext, expected_ciphertext []byte) } type ofbVerifier struct{} func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { - block, err := cast5.NewCipher(key) - if err != nil { - panic(err) - } - - ciphertext := make([]byte, len(plaintext)) - stream := cipher.NewOFB(block, iv) - stream.XORKeyStream(ciphertext, plaintext) - - if !bytes.Equal(ciphertext, expected_ciphertext) { - panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", - count, - hex.EncodeToString(expected_ciphertext), - hex.EncodeToString(ciphertext))) - } + block, err := cast5.NewCipher(key) + if err != nil { + panic(err) + } + + ciphertext := make([]byte, len(plaintext)) + stream := cipher.NewOFB(block, iv) + stream.XORKeyStream(ciphertext, plaintext) + + if !bytes.Equal(ciphertext, expected_ciphertext) { + panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", + count, + hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(ciphertext))) + } } type cbcVerifier struct{} func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { - block, err := cast5.NewCipher(key) - if err != nil { - panic(err) - } - - ciphertext := make([]byte, len(plaintext)) - mode := cipher.NewCBCEncrypter(block, iv) - mode.CryptBlocks(ciphertext, plaintext) - - if !bytes.Equal(ciphertext, expected_ciphertext) { - panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", - count, - hex.EncodeToString(expected_ciphertext), - hex.EncodeToString(ciphertext))) - } + block, err := cast5.NewCipher(key) + if err != nil { + panic(err) + } + + ciphertext := make([]byte, len(plaintext)) + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(ciphertext, plaintext) + + if !bytes.Equal(ciphertext, expected_ciphertext) { + panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", + count, + hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(ciphertext))) + } } type cfbVerifier struct{} func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) { - block, err := cast5.NewCipher(key) - if err != nil { - panic(err) - } - - ciphertext := make([]byte, len(plaintext)) - stream := cipher.NewCFBEncrypter(block, iv) - stream.XORKeyStream(ciphertext, plaintext) - - if !bytes.Equal(ciphertext, expected_ciphertext) { - panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", - count, - hex.EncodeToString(expected_ciphertext), - hex.EncodeToString(ciphertext))) - } + block, err := cast5.NewCipher(key) + if err != nil { + panic(err) + } + + ciphertext := make([]byte, len(plaintext)) + stream := cipher.NewCFBEncrypter(block, iv) + stream.XORKeyStream(ciphertext, plaintext) + + if !bytes.Equal(ciphertext, expected_ciphertext) { + panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n", + count, + hex.EncodeToString(expected_ciphertext), + hex.EncodeToString(ciphertext))) + } } func validateVectors(verifier VectorVerifier, filename string) { - vectors, err := os.Open(filename) - if err != nil { - panic(err) - } - defer vectors.Close() - - var segments []string - var vector *VectorArgs - - scanner := bufio.NewScanner(vectors) - for scanner.Scan() { - segments = strings.Split(scanner.Text(), " = ") - - switch { - case strings.ToUpper(segments[0]) == "COUNT": - if vector != nil { - verifier.validate(vector.count, - unhexlify(vector.key), - unhexlify(vector.iv), - unhexlify(vector.plaintext), - unhexlify(vector.ciphertext)) - } - vector = &VectorArgs{count: segments[1]} - case strings.ToUpper(segments[0]) == "IV": - vector.iv = segments[1][:16] - case strings.ToUpper(segments[0]) == "KEY": - vector.key = segments[1] - case strings.ToUpper(segments[0]) == "PLAINTEXT": - vector.plaintext = segments[1] - case strings.ToUpper(segments[0]) == "CIPHERTEXT": - vector.ciphertext = segments[1] - } - } + vectors, err := os.Open(filename) + if err != nil { + panic(err) + } + defer vectors.Close() + + var segments []string + var vector *VectorArgs + + scanner := bufio.NewScanner(vectors) + for scanner.Scan() { + segments = strings.Split(scanner.Text(), " = ") + + switch { + case strings.ToUpper(segments[0]) == "COUNT": + if vector != nil { + verifier.validate(vector.count, + unhexlify(vector.key), + unhexlify(vector.iv), + unhexlify(vector.plaintext), + unhexlify(vector.ciphertext)) + } + vector = &VectorArgs{count: segments[1]} + case strings.ToUpper(segments[0]) == "IV": + vector.iv = segments[1][:16] + case strings.ToUpper(segments[0]) == "KEY": + vector.key = segments[1] + case strings.ToUpper(segments[0]) == "PLAINTEXT": + vector.plaintext = segments[1] + case strings.ToUpper(segments[0]) == "CIPHERTEXT": + vector.ciphertext = segments[1] + } + } } func main() { - validateVectors(ofbVerifier{}, - "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ofb.txt") - fmt.Println("OFB OK.") - validateVectors(cfbVerifier{}, - "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cfb.txt") - fmt.Println("CFB OK.") - validateVectors(cbcVerifier{}, - "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt") - fmt.Println("CBC OK.") + validateVectors(ofbVerifier{}, + "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ofb.txt") + fmt.Println("OFB OK.") + validateVectors(cfbVerifier{}, + "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cfb.txt") + fmt.Println("CFB OK.") + validateVectors(cbcVerifier{}, + "tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt") + fmt.Println("CBC OK.") } -- cgit v1.2.3 From 89d0506b3044aa49a7ddd1fba9de1c39fa3eb7e7 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 12 Feb 2014 18:02:45 -0600 Subject: remove unused var --- docs/development/custom-vectors/cast5/generate_cast5.py | 1 - 1 file changed, 1 deletion(-) (limited to 'docs/development/custom-vectors') diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py index fe898ff2..c3f579e7 100644 --- a/docs/development/custom-vectors/cast5/generate_cast5.py +++ b/docs/development/custom-vectors/cast5/generate_cast5.py @@ -24,7 +24,6 @@ def build_vectors(mode, filename): key = None iv = None plaintext = None - ct = None for line in vector_file: line = line.strip() if line.startswith("KEY"): -- cgit v1.2.3 From af6ad144eff9636013f7c21e198a8acab7a510b2 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 12 Feb 2014 18:02:51 -0600 Subject: show the entire files --- docs/development/custom-vectors/cast5.rst | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'docs/development/custom-vectors') diff --git a/docs/development/custom-vectors/cast5.rst b/docs/development/custom-vectors/cast5.rst index bbe155c8..7f1d72c1 100644 --- a/docs/development/custom-vectors/cast5.rst +++ b/docs/development/custom-vectors/cast5.rst @@ -13,10 +13,8 @@ Creation the following python script was run to generate the vector files. .. literalinclude:: /development/custom-vectors/cast5/generate_cast5.py - :linenos: - :lines: 7-16 -Full code: :download:`generate_cast5.py ` +Download link: :download:`generate_cast5.py ` Verification @@ -25,7 +23,5 @@ Verification The following go code was used to verify the vectors. .. literalinclude:: /development/custom-vectors/cast5/verify_cast5.go - :linenos: - :lines: 36-52 -Full code: :download:`verify_cast5.go ` +Download link: :download:`verify_cast5.go ` -- cgit v1.2.3