About to move to CBC

sphinxmix/SphinxClient.py

@@ -136,6 +136,7 @@ def create_header(params, nodelist, keys, dest, assoc=None):
         alpha = group.expon_base(blind_factors)
         s = group.expon(k, blind_factors)
         aes_s = p.get_aes_key(s)
+        assert type(aes_s) == bytes
 
         b = p.hb(aes_s)
         # blind_factor = blind_factor.mod_mul(b, p.group.G.order())
@@ -148,9 +149,12 @@ def create_header(params, nodelist, keys, dest, assoc=None):
     phi = b''
     min_len = (max_len - 32)
     for i in range(1,nu):
-
         plain = phi + (b"\x00" * (p.k + len(node_meta[i])))
-        phi = p.xor_rho(p.hrho(asbtuples[i-1].aes), (b"\x00"*min_len)+plain)
+
+        kx = p.hrho(asbtuples[i-1].aes)
+        mx = (b"\x00"*min_len)+plain
+
+        phi = p.xor_rho(kx, mx)
         phi = phi[min_len:]
 
         min_len -= len(node_meta[i]) + p.k

sphinxmix/SphinxParams.py

@@ -73,6 +73,7 @@ class SphinxParams:
 
     def __init__(self, group=None, header_len = 192, body_len = 1024, assoc_len=0, k=16, dest_len=16):
         self.aes = Cipher("AES-128-CTR")
+        self.cbc = Cipher("AES-128-CBC")
 
         self.assoc_len = assoc_len
         self.max_len = header_len
@@ -89,13 +90,28 @@ def __init__(self, group=None, header_len = 192, body_len = 1024, assoc_len=0, k
 
 
     # The LIONESS PRP
-    def aes_ctr(self, k, m, iv = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"):
-        k = bytes(k)
-        m = bytes(m)
-        assert type(k) is bytes and type(m) is bytes
+    def aes_ctr(self, k, m, iv = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"):      
+        #k = bytes(k)
+        #m = bytes(m)  
         c = self.aes.enc(k, iv).update(m)
         return bytes(c)
 
+    # The LIONESS PRP
+    def aes_cbc_enc(self, k, m, iv = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"):        
+        cipher = self.cbc.enc(k, iv)
+        cipher.set_padding(False)
+        c = cipher.update(m)
+        c = c + cipher.finalize()
+        return bytes(c)
+
+    # The LIONESS PRP
+    def aes_cbc_dec(self, k, m, iv = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"):        
+        cipher = self.cbc.dec(k, iv)
+        cipher.set_padding(False)
+        c = cipher.update(m)
+        c = c + cipher.finalize()
+        return bytes(c)
+
     def lioness_enc(self, key, message):
         assert len(key) == self.k
         assert len(message) >= self.k * 2
@@ -196,7 +212,7 @@ def hash(self, data):
 
     def get_aes_key(self, s):
         group = self.group
-        return self.hash(b"aes_key:" + group.printable(s))[:self.k]
+        return bytes(self.hash(b"aes_key:" + group.printable(s))[:self.k])
 
     def get_aes_key_all(self, s):
         group = self.group
@@ -256,9 +272,12 @@ def h_root_K(self, k):
         K = self.derive_key(k, b"UrooUrooUrooUroo")
         return K
 
-    def derive_user_keys(self, k, iv):
-        material = self.aes.enc(k, iv).update(b"\x00" * self.k * 2)
-        return (material[:self.k], material[self.k:])
+    def derive_user_keys(self, k, iv, number=2):
+        material = self.aes.enc(k, iv).update(b"\x00" * self.k * number)
+        st_ranges = range(0, self.k * number, self.k)
+
+
+        return [ material[st:st+self.k] for st in st_ranges ]
 
 # All tests
 
@@ -297,3 +316,11 @@ def test_params():
     c = params.aes_ctr(k, plain)
     p = params.aes_ctr(k, c)
     assert p == b"Bob"
+
+    plain = b"ACB" * 16
+    k = urandom(16)
+    iv = urandom(16)
+    ctxt = params.aes_cbc_enc(k, plain)
+    assert len(ctxt) == len(plain)
+    ptxt = params.aes_cbc_dec(k, ctxt)
+    assert ptxt == plain

sphinxmix/UltrixClient.py

@@ -73,9 +73,11 @@ def create_header(params, nodelist, keys, assoc=None, secrets = None, gamma=None
     for k in keys:
         alpha = group.expon_base(blind_factors)
         s = group.expon(k, blind_factors)
-        aes_s, (hrho, hmu, htau) = p.get_aes_key_all(s)
+        aes_s = p.get_aes_key(s)
+        (hrho, hmu, htau, b_factor) = p.derive_user_keys(k=aes_s, iv = b"_master_________", number = 4)
+        b = p.group.makeexp(b_factor)
 
-        b = p.hb(aes_s)
+        #b = p.hb(aes_s)
         blind_factors += [ b ] 
 
         hr = ultrix_hdr_record(alpha, s, b, aes_s, hrho, hmu, htau)
@@ -124,9 +126,9 @@ def create_header(params, nodelist, keys, assoc=None, secrets = None, gamma=None
     for beta_i, k in zip(beta_all, asbtuples):
         xgamma = gamma
         round_mac_key = k.hmu
-        gamma = p.mu(round_mac_key, xgamma + beta_i)
+        inner_mac = p.mu(round_mac_key, xgamma + beta_i)
 
-        root_K, body_K = p.derive_user_keys(k.hmu, gamma)
+        root_K, body_K, gamma = p.derive_user_keys(inner_mac, b"_fragile________", 3)
 
         root_keys += [ root_K ]
         new_keys += [ body_K ]

sphinxmix/UltrixNode.py

@@ -21,6 +21,9 @@
 
 from . import SphinxException
 
+_master = b"_master_________"
+_fragile = b"_fragile________"
+
 # Core Process function -- devoid of any chrome
 def ultrix_process(params, secret, header, delta, assoc=b''):
     """ The heart of a Ultrix server, that processes incoming messages.
@@ -41,12 +44,16 @@ def ultrix_process(params, secret, header, delta, assoc=b''):
 
     # Compute the shared secret
     s = p.group.expon(alpha, [ secret ])
-    aes_s, (header_enc_key, round_mac_key, tag) = p.get_aes_key_all(s)
+    #aes_s, (header_enc_key, round_mac_key, tag) = p.get_aes_key_all(s)
+    aes_s = p.get_aes_key(s)
+    (header_enc_key, round_mac_key, tag, b_factor) = p.derive_user_keys(k=aes_s, iv = _master, number = 4)
+    b = p.group.makeexp(b_factor)
+
     assert len(beta) == p.max_len - 32
 
     # Compute the secrets based on the header too
-    gamma = p.mu(round_mac_key, gamma + beta)
-    root_K, body_K = p.derive_user_keys(round_mac_key, gamma)
+    inner_mac = p.mu(round_mac_key, gamma + beta)
+    root_K, body_K, gamma = p.derive_user_keys(k=inner_mac, iv = _fragile, number = 3)
 
     # Decrypt the header
     beta_pad = beta + p.zero_pad
@@ -57,7 +64,7 @@ def ultrix_process(params, secret, header, delta, assoc=b''):
     rest = B[1+length:]
 
     # Recode the alpha and beta
-    b = p.hb(aes_s)
+    #b = p.hb(aes_s)
     alpha = p.group.expon(alpha, [ b ])
     beta = rest[:(p.max_len - 32)]
 

timings_ultrix.py

@@ -2,4 +2,15 @@
 
 if __name__ == "__main__":
     from sphinxmix.UltrixClient import profile_ultrix_c25519
-    profile_ultrix_c25519(rep=10000, payload_size=1024) 
+
+    if __debug__:
+        import cProfile, pstats
+        pr = cProfile.Profile()
+        pr.enable()
+
+    profile_ultrix_c25519(rep=10000, payload_size=1024) 
+
+    if __debug__:
+        pr.disable()
+        ps = pstats.Stats(pr).strip_dirs().sort_stats('time')
+        ps.print_callers()