Larry Bugbee, November 2007
Python wrappers for various eSTREAM ciphers:
CryptMT, Dragon, HC-256, LEX, NLS, Rabbit, Salsa20 and Sosemanuk
pyEstream is a Python demonstration program that uses ctypes to access a number of the new stream ciphers submitted to the EU eSTREAM competition. Now in Phase 3, the winners are expected to be announced in May 2008.
This program demonstrates a way to access the eSTREAM Phase 3 algorithms CryptMT, Dragon, HC-256, LEX, NLS, and Rabbit using a Python wrapper. Python wrappers for both Salsa20 and Sosemanuk were implemented earlier and may be found at:
Downloading and Preparation:
The ciphers are compiled and installed as shared libraries, not as Python extensions. ctypes provides all the interface glue allowing Python to access common shared libraries without the complexity of SWIG or other interface tools.
Visit the eSTREAM site(s), download the C sources, and unzip each into their own build dir.
CryptMT http://www.ecrypt.eu.org/stream/cryptmtp3.html Dragon http://www.ecrypt.eu.org/stream/dragonp3.html HC http://www.ecrypt.eu.org/stream/hcp3.html LEX http://www.ecrypt.eu.org/stream/lexp3.html NLS http://www.ecrypt.eu.org/stream/nlsp3.html Rabbit http://www.ecrypt.eu.org/stream/rabbitp3.html Salsa20 http://www.ecrypt.eu.org/stream/salsa20p3.html Sosemanuk http://www.ecrypt.eu.org/stream/sosemanukp3.html
Each of those directories will have various files, some by the author(s) implementing the algorithm, and some provided by eSTREAM (but may have been altered). Each algorithm is different and while eSTREAM attempts to provide a uniform interface, be prepared to adapt. At a minimum, expect to find the file "ecrypt-sync.h" in each dir. It should have been tailored to the specifics of that algorithm.
If not present, be prepared to add the following files to each build dir. The first four should not need any alterations to accomodate the algorithm or your host platform. the file, "ecrypt-plus.c", is new and adds a few functions necessary to make available the key, IV and chunk sizes. The last two are a test program and a test file, neither of which should require modification.
Because each algorithm has different source files and each platform's compiler is different, you may need to alter the following compilation commands to suit. These commands worked on my OSX G4 mini-mac and on a Mandriva AMD machine. Sorry, but YMMV.
Some algorithms have highly optimized versions, but compiling them will be left as an exercise for the reader.
CryptMT OSX gcc -bundle -D__ALTIVEC__ -maltivec -O3 -o libcryptmt3.so \
ecrypt-sync.c ecrypt-plus.c cryptmt3.c
Linux TBD (not yet tested) Dragon OSX gcc -O3 -bundle -o libdragon.so ecrypt-sync.c ecrypt-plus.c dragon-ref.c Linux TBD (compilation issues) HC-128 OSX gcc -O3 -bundle -o libhc128.so ecrypt-sync.c ecrypt-plus.c hc-128.c Linux gcc -O3 -shared -o libhc128.so ecrypt-sync.c ecrypt-plus.c hc-128.c HC-256 OSX gcc -O3 -bundle -o libhc256.so ecrypt-sync.c ecrypt-plus.c hc-256.c Linux gcc -O3 -shared -o libhc256.so ecrypt-sync.c ecrypt-plus.c hc-256.c LEX OSX gcc -O3 -bundle -o liblex.so ecrypt-sync.c ecrypt-plus.c lex-alg-fst.c Linux gcc -O3 -shared -o liblex.so ecrypt-sync.c ecrypt-plus.c lex-alg-fst.c NLS OSX gcc -bundle -o libnls.so ecrypt-sync.c ecrypt-plus.c ecrypt-nls.c nlsref.c Linux gcc -shared -o libnls.so ecrypt-sync.c ecrypt-plus.c ecrypt-nls.c nlsref.c Rabbit OSX gcc -O3 -bundle -o librabbit.so ecrypt-sync.c ecrypt-plus.c rabbit.c Linux gcc -O3 -shared -o librabbit.so ecrypt-sync.c ecrypt-plus.c rabbit.c Salsa20 http://bugbee.us/crypto/salsa20 Sosemanuk http://bugbee.us/crypto/sosemanuk
Installation and Testing:
The shared library can be left in the build dir for testing or may, at any time, be moved to /usr/lib. ctypes will find the library in either location. /usr/local/lib is a preferred location but ctypes is dependent on the library search path of the host platform. Some of those names are:
If testing with the shared library in the the build dir and running Mandriva, you may need to set
LD_LIBRARY_PATH Linux DYLD_LIBRARY_PATH Darwin (OSX) SHLIB_PATH HP-UX LD_LIBRARY_PATH_32 32-bit Solaris LD_LIBRARY_PATH_64 64-bit Solaris
./" in the pyEstream.py function
loadLib(). This may hold true for some other OSes as well.
Now you are ready to run
python pyEstream.py <algname>
where algname is the name of the stream cipher.
This is EXPERIMENTAL software and intended for educational purposes only. To make experimentation less cumbersome, pyEstream.py is free for any use.
THIS SOURCE IS PROVIDED WITHOUT WARRANTY OR GUARANTEE OF ANY
KIND. USE AT YOUR OWN RISK.
With that, enjoy,
November 4, 2007