Resync w/cryptmt, wanderer repos

Signed-off-by: Russ Magee <rmagee@gmail.com>
This commit is contained in:
Russ Magee 2020-02-05 21:26:03 -08:00
parent 7d22a38b1a
commit 7ecac5c2ee
7 changed files with 92 additions and 85 deletions

24
go.mod
View file

@ -3,28 +3,28 @@ module blitter.com/go/xs
go 1.12
require (
blitter.com/go/cryptmt v1.0.0
blitter.com/go/cryptmt v1.0.1
blitter.com/go/goutmp v1.0.2
blitter.com/go/herradurakex v1.0.0
blitter.com/go/kyber v0.0.0-20200130200857-6f2021cb88d9
blitter.com/go/mtwist v1.0.1 // indirect
blitter.com/go/mtwist v1.0.1
blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae
blitter.com/go/wanderer v0.8.1
blitter.com/go/wanderer v0.8.2
github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
github.com/klauspost/cpuid v1.2.2 // indirect
github.com/klauspost/reedsolomon v1.9.3 // indirect
github.com/klauspost/cpuid v1.2.2
github.com/klauspost/reedsolomon v1.9.3
github.com/kr/pty v1.1.4
github.com/mattn/go-isatty v0.0.7
github.com/pkg/errors v0.8.1 // indirect
github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect
github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b // indirect
github.com/tjfoc/gmsm v1.0.1 // indirect
github.com/pkg/errors v0.8.1
github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161
github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b
github.com/tjfoc/gmsm v1.0.1
github.com/xtaci/kcp-go v5.4.19+incompatible
github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae // indirect
golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d
golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 // indirect
golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
golang.org/x/sys v0.0.0-20190902133755-9109b7679e13
gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect
gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect
gopkg.in/hlandau/easymetric.v1 v1.0.0
gopkg.in/hlandau/measurable.v1 v1.0.1
gopkg.in/hlandau/passlib.v1 v1.0.10
)

4
go.sum
View file

@ -2,6 +2,8 @@ blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c h1:LcnFFg6MCIJHf26P7e
blitter.com/go/chacha20 v0.0.0-20200130200441-214e4085f54c/go.mod h1:EMJtRcf22WCtHGiXCw+NB/Sb/PYcXtUgUql6LDEwyXo=
blitter.com/go/cryptmt v1.0.0 h1:n+cNP/ReZrNe/w5FbD8DSfv0Wpj48nxhmMoLEk4hPXs=
blitter.com/go/cryptmt v1.0.0/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84=
blitter.com/go/cryptmt v1.0.1 h1:NAi4FrZqo52bhPJopYw1jbausj1NnHEWELaINC60Nk0=
blitter.com/go/cryptmt v1.0.1/go.mod h1:tdME2J3O4agaDAYIYNQzzuB28yVGnPSMmV3a/ucSU84=
blitter.com/go/goutmp v1.0.1 h1:jBqtp6pDwSbF4QEC3DjNfyaS8Nv5dFCOyaTfSbbb7TU=
blitter.com/go/goutmp v1.0.1/go.mod h1:gtlbjC8xGzMk/Cf0BpnVltSa3awOqJ+B5WAxVptTMxk=
blitter.com/go/goutmp v1.0.2 h1:oCc/dt9TlTOP2kvmX1Y7J/wSQUhywjcyF101jXuLxZ8=
@ -16,6 +18,8 @@ blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae h1:YBBaCcdYRrI1btsmcMT
blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae/go.mod h1:ywoxfDBqInPsqtnxYsmS4SYMJ5D/kNcrFgpvI+Xcun0=
blitter.com/go/wanderer v0.8.1 h1:oQw8yASM7iI+S8GIgf3cUFdkJ8Sy/UQxRDJqhTswgwM=
blitter.com/go/wanderer v0.8.1/go.mod h1:FX1pAnZ5woEavy5CUIZco0/Gc2Msb3U0zsmi+6Hs4Rw=
blitter.com/go/wanderer v0.8.2 h1:fzwRn60RDDxy4GEYxSyfA4gXkkZb33WQRk/Fv5ugPAI=
blitter.com/go/wanderer v0.8.2/go.mod h1:FX1pAnZ5woEavy5CUIZco0/Gc2Msb3U0zsmi+6Hs4Rw=
git.schwanenlied.me/yawning/chacha20.git v0.0.0-20170904085104-e3b1f968fc63 h1:bwZNsbw3qFbg6ox55HrA37nPmh+/wtJxZ7uWeiAdUUc=
git.schwanenlied.me/yawning/chacha20.git v0.0.0-20170904085104-e3b1f968fc63/go.mod h1:NYi4Ifd1g/YbhIDgDfw6t7QdsW4tofQWMX/+FiDtJWs=
git.schwanenlied.me/yawning/kyber.git v0.0.0-20180530164001-a270899bd22c h1:SGOx1s56QSOmuCegRcG3yvOG7W8PvRS9ZVnFQl5K2aQ=

View file

@ -20,21 +20,21 @@ type Cipher struct {
m *mtwist.MT19937_64
}
func (c *Cipher) yield8() (r byte) {
func (c *Cipher) yield() (r byte) {
c.accum = c.accum * (c.m.Int63() | 1)
r = byte(c.accum>>56) & 0xFF
return
}
// NewCipher creates and returns a Cipher. The key argument should be the
// New creates and returns a Cipher. The key argument should be the
// CryptMT key, 64 bytes.
func NewCipher(key []byte) (c *Cipher) {
func New(key []byte) (c *Cipher) {
c = &Cipher{m: mtwist.New()}
c.m.SeedFullState(key)
c.accum = 1
// from paper, discard first 64 bytes of output
for idx := 0; idx < 64; idx++ {
_ = c.yield8()
_ = c.yield()
}
return c
}
@ -55,6 +55,6 @@ func (c *Cipher) XORKeyStream(dst, src []byte) {
}
for i, b := range src {
dst[i] = b ^ c.yield8()
dst[i] = b ^ c.yield()
}
}

View file

@ -10,8 +10,8 @@ Golang bindings for basic login/utmp accounting
type UtmpEntry struct{ ... }
func Put_lastlog_entry(app string, usr string, host string)
func Put_lastlog_entry(app, usr, ptsname, host string)
func Unput_utmp(entry UtmpEntry)
func Put_utmp(user string, host string) UtmpEntry
func Put_utmp(user, ptsname, host string) UtmpEntry
```

View file

@ -1,4 +1,4 @@
// WANDERER - a crypto doodle that appears to give adequate
// Package wanderer - a crypto doodle that appears to give adequate
// protection to data in a stream cipher context
//
// Properties visualized using https://github.com/circulosmeos/circle
@ -23,6 +23,20 @@ const (
sboxCount = keylen / 8
)
type Cipher struct {
prng *mtwist.MT19937_64
r io.Reader
w io.Writer
k []byte
kidx uint
sboxen [][]byte
sw int
sh int
sctr int // TODO: used to count down to re-keying & sbox regen
mode int
n byte
}
// Given input byte x (treated as 2-bit dirs),
// 'walk' box applying XOR of each position (E/S/W/N) given box
// dimensions w,h
@ -74,53 +88,7 @@ func (c *Cipher) genSBoxen(n uint) {
//fmt.Fprintf(os.Stderr, "sboxen[0]:%v\n", c.sboxen[0])
}
// Mutate the session key (intended to be called as encryption
// proceeds), so that the 'walk path' through sboxes also does so.
func (c *Cipher) keyUpdate(perturb byte) {
c.k[c.kidx] = c.k[c.kidx] ^ c.k[(c.kidx+1)%uint(len(c.k))]
c.k[c.kidx] = c.k[c.kidx] ^ byte((c.prng.Int63()>>4)%256)
c.kidx = (c.kidx + uint(perturb)) % uint(len(c.k))
}
// slow - perturb a single octet of a single sbox for each octet
// (CV = ~8.725% over 700 MiB of 0-byte pt)
func (c *Cipher) sboxUpdateA(perturb byte) {
c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
perturb
}
// slower - perturb a single sbox for each octet
// (CV = ~?% over 700 MiB of 0-byte pt)
func (c *Cipher) sboxUpdateB(perturb byte) {
lim := c.sw * c.sh
for idx := 0; idx < lim; idx++ {
c.sboxen[perturb%sboxCount][idx] ^= perturb
}
}
// slowest -- full sbox re-gen after each octet
// (but lowest CV, ~0.05% over 700MiB of 0-byte pt)
func (c *Cipher) sboxUpdateC(perturb byte) {
c.genSBoxen(sboxCount)
//c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
// perturb
}
type Cipher struct {
prng *mtwist.MT19937_64
r io.Reader
w io.Writer
k []byte
kidx uint
sboxen [][]byte
sw int
sh int
sctr int // TODO: used to count down to re-keying & sbox regen
mode int
n byte
}
func NewCodec(r io.Reader, w io.Writer, mode int, key []byte, width, height int) (c *Cipher) {
func New(r io.Reader, w io.Writer, mode int, key []byte, width, height int) (c *Cipher) {
c = &Cipher{}
c.prng = mtwist.New()
if len(key) == 0 {
@ -163,20 +131,55 @@ func (c *Cipher) Write(p []byte) (n int, err error) {
return n, err
}
func (c *Cipher) yield(pt byte) (ct byte) {
ct = walkingXOR(c.k, c.sboxen[c.n], c.sw, c.sh, pt)
// Mutate the session key (intended to be called as encryption
// proceeds), so that the 'walk path' through sboxes also does so.
func (c *Cipher) keyUpdate(perturb byte) {
c.k[c.kidx] = c.k[c.kidx] ^ c.k[(c.kidx+1)%uint(len(c.k))]
c.k[c.kidx] = c.k[c.kidx] ^ byte((c.prng.Int63()>>4)%256)
c.kidx = (c.kidx + uint(perturb)) % uint(len(c.k))
//for idx := 0; idx < len(c.k); idx++ {
// c.k[idx] = c.k[idx] ^ byte(c.prng.Int63() % 256)
//}
}
// slow - perturb a single octet of a single sbox for each octet
// (CV = ~8.725% over 700 MiB of 0-byte pt)
func (c *Cipher) sboxUpdateA(perturb byte) {
c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
perturb
}
// slower - perturb a single sbox for each octet
// (CV = ~5.6369% over 700 MiB of 0-byte pt)
func (c *Cipher) sboxUpdateB(perturb byte) {
lim := c.sw * c.sh
for idx := 0; idx < lim; idx++ {
c.sboxen[perturb%sboxCount][idx] ^= perturb
}
}
// slowest -- full sbox re-gen after each octet
// (but lowest CV, ~0.0554% over 700MiB of 0-byte pt)
func (c *Cipher) sboxUpdateC(perturb byte) {
c.genSBoxen(sboxCount)
//c.sboxen[perturb%sboxCount][int(perturb)%(c.sw+c.sh)] ^=
// perturb
}
func (c *Cipher) yield(ib byte) (ob byte) {
ob = walkingXOR(c.k, c.sboxen[c.n], c.sw, c.sh, ib)
c.n = (c.n + 1) % byte(len(c.sboxen))
c.keyUpdate(ct ^ pt) // must be equal in either encrypt/decrypt dirs
c.keyUpdate(ob ^ ib) // must be equal in either encrypt/decrypt dirs
switch c.mode {
case 0:
// [nothing - varA]
break
case 1:
c.sboxUpdateA(ct ^ pt) // varA
c.sboxUpdateA(ob ^ ib) // varA
case 2:
c.sboxUpdateB(ct ^ pt) // varB
c.sboxUpdateB(ob ^ ib) // varB
case 3:
c.sboxUpdateC(ct ^ pt) // varC
c.sboxUpdateC(ob ^ ib) // varC
default:
// [nothing]
}
@ -185,7 +188,7 @@ func (c *Cipher) yield(pt byte) (ct byte) {
// c.genSBoxen(sboxCount)
// c.sctr = c.sw
// }
return ct
return ob
}
// XORKeyStream XORs each byte in the given slice with a byte from the

18
vendor/modules.txt vendored
View file

@ -3,9 +3,9 @@ blitter.com/go/chacha20
blitter.com/go/chacha20/internal/api
blitter.com/go/chacha20/internal/hardware
blitter.com/go/chacha20/internal/ref
# blitter.com/go/cryptmt v1.0.0
# blitter.com/go/cryptmt v1.0.1
blitter.com/go/cryptmt
# blitter.com/go/goutmp v1.0.1
# blitter.com/go/goutmp v1.0.2
blitter.com/go/goutmp
# blitter.com/go/herradurakex v1.0.0
blitter.com/go/herradurakex
@ -15,7 +15,7 @@ blitter.com/go/kyber
blitter.com/go/mtwist
# blitter.com/go/newhope v0.0.0-20200130200750-192fc08a8aae
blitter.com/go/newhope
# blitter.com/go/wanderer v0.8.1
# blitter.com/go/wanderer v0.8.2
blitter.com/go/wanderer
# github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
github.com/jameskeane/bcrypt
@ -39,19 +39,19 @@ github.com/tjfoc/gmsm/sm4
github.com/xtaci/kcp-go
# golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d
golang.org/x/crypto/blowfish
golang.org/x/crypto/pbkdf2
golang.org/x/crypto/twofish
golang.org/x/crypto/sha3
golang.org/x/crypto/cast5
golang.org/x/crypto/pbkdf2
golang.org/x/crypto/salsa20
golang.org/x/crypto/tea
golang.org/x/crypto/twofish
golang.org/x/crypto/xtea
golang.org/x/crypto/argon2
golang.org/x/crypto/bcrypt
golang.org/x/crypto/blake2b
golang.org/x/crypto/internal/subtle
golang.org/x/crypto/salsa20/salsa
golang.org/x/crypto/blake2b
golang.org/x/crypto/argon2
golang.org/x/crypto/bcrypt
golang.org/x/crypto/scrypt
golang.org/x/crypto/sha3
# golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
golang.org/x/net/ipv4
golang.org/x/net/ipv6

View file

@ -103,10 +103,10 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
rc = cipher.NewOFB(block, iv)
log.Printf("[cipher BLOWFISH_64 (%d)]\n", copts)
case CAlgCryptMT1:
rc = cryptmt.NewCipher(keymat)
rc = cryptmt.New(keymat)
log.Printf("[cipher CRYPTMT1 (%d)]\n", copts)
case CAlgWanderer:
rc = wanderer.NewCodec(nil, nil, 1, keymat, 3, 3)
rc = wanderer.New(nil, nil, 1, keymat, 3, 3)
log.Printf("[cipher WANDERER mode 1 (%d)]\n", copts)
default:
log.Printf("[invalid cipher (%d)]\n", copts)