This repository has been archived by the owner on May 12, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlioness.go
143 lines (123 loc) · 3.72 KB
/
lioness.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package lioness
import (
"errors"
"fmt"
"git.schwanenlied.me/yawning/chacha20"
"github.com/minio/blake2b-simd"
)
const (
// KeyLen is the length of our Lioness key
KeyLen = 2*streamCipherKeyLen + 2*hashKeyLen
streamCipherKeyLen = 32
hashKeyLen = 64 // blake2b key len
)
// Cipher allows you to encrypt/decrypt large blocks
type Cipher struct {
blockSize int
k1 [streamCipherKeyLen]byte
k2 [hashKeyLen]byte
k3 [streamCipherKeyLen]byte
k4 [hashKeyLen]byte
}
// NewCipher creates a new Cipher struct for encryption/decryption
func NewCipher(key [KeyLen]byte, blockSize int) (*Cipher, error) {
// The block size must accomodate |L| = S_KEY_LEN, along with
// |R| > 0, and the key should be the correct size.
if blockSize <= streamCipherKeyLen {
return nil, fmt.Errorf("LIONESS block size mismatch error: %d <= %d min block size", blockSize, KeyLen)
}
c := Cipher{
blockSize: blockSize,
}
copy(c.k1[:], key[:streamCipherKeyLen])
copy(c.k2[:], key[streamCipherKeyLen:streamCipherKeyLen+hashKeyLen])
copy(c.k3[:], key[streamCipherKeyLen+hashKeyLen:streamCipherKeyLen*2+hashKeyLen])
copy(c.k4[:], key[(2*streamCipherKeyLen+hashKeyLen):hashKeyLen+(2*streamCipherKeyLen+hashKeyLen)])
return &c, nil
}
// Encrypt encrypts a block
func (c *Cipher) Encrypt(block []byte) ([]byte, error) {
if len(block) != c.blockSize {
return nil, errors.New("LIONESS Encrypt failed: input block size is not equal to block size")
}
lSize := streamCipherKeyLen
rSize := c.blockSize - lSize
tmp := make([]byte, lSize)
l := make([]byte, lSize)
r := make([]byte, rSize)
copy(r, block[lSize:lSize+rSize])
// R = R ^ S(L ^ K1)
XorBytes(tmp, block[:lSize], c.k1[:])
var zeroNonce [8]byte
chacha, err := chacha20.NewCipher(tmp[:streamCipherKeyLen], zeroNonce[:])
if err != nil {
return nil, fmt.Errorf("LIONESS Encrypt failed: %v", err)
}
chacha.XORKeyStream(r, r)
// L = L ^ H(K2, R)
h := blake2b.NewMAC(uint8(lSize), c.k2[:hashKeyLen])
h.Reset()
h.Write(r)
tmp1 := h.Sum(nil)
XorBytes(l, block[:lSize], tmp1)
// R = R ^ S(L ^ K3)
XorBytes(tmp, l, c.k3[:])
chacha, err = chacha20.NewCipher(tmp[:streamCipherKeyLen], zeroNonce[:])
if err != nil {
return nil, fmt.Errorf("LIONESS Encrypt failed: %v", err)
}
chacha.XORKeyStream(r, r)
// L = L ^ H(K4, R)
h = blake2b.NewMAC(uint8(lSize), c.k4[:hashKeyLen])
h.Reset()
h.Write(r)
tmp = h.Sum(nil)
XorBytes(l, l, tmp[:lSize])
out := make([]byte, c.blockSize)
copy(out, l)
copy(out[lSize:], r)
return out, nil
}
// Decrypt decrypts a block
func (c *Cipher) Decrypt(block []byte) ([]byte, error) {
if len(block) != c.blockSize {
return nil, errors.New("LIONESS Decrypt failed: input block size is not equal to block size")
}
lSize := streamCipherKeyLen
rSize := c.blockSize - lSize
tmp := make([]byte, lSize)
l := make([]byte, lSize)
r := make([]byte, rSize)
copy(r, block[lSize:lSize+rSize])
// L = L ^ H(K4, R)
h := blake2b.NewMAC(uint8(lSize), c.k4[:hashKeyLen])
h.Reset()
h.Write(r)
tmp = h.Sum(nil)
XorBytes(l, block, tmp[:lSize])
// R = R ^ S(L ^ K3)
XorBytes(tmp, l, c.k3[:])
var zeroNonce [8]byte
chacha, err := chacha20.NewCipher(tmp[:streamCipherKeyLen], zeroNonce[:])
if err != nil {
return nil, fmt.Errorf("LIONESS Decrypt failed: %v", err)
}
chacha.XORKeyStream(r, r)
// L = L ^ H(K2, R)
h = blake2b.NewMAC(uint8(lSize), c.k2[:hashKeyLen])
h.Reset()
h.Write(r)
tmp = h.Sum(nil)
XorBytes(l, l, tmp[:lSize])
// R = R ^ S(L ^ K1)
XorBytes(tmp, l, c.k1[:])
chacha, err = chacha20.NewCipher(tmp[:streamCipherKeyLen], zeroNonce[:])
if err != nil {
return nil, fmt.Errorf("LIONESS Decrypt failed: %v", err)
}
chacha.XORKeyStream(r, r)
out := make([]byte, c.blockSize)
copy(out, l)
copy(out[lSize:], r)
return out, nil
}