finish lioness implementation, add basic test

2025-04-03 17:40:38 +02:00 · 2015-10-14 23:43:07 -07:00 · 2015-10-14 23:43:07 -07:00 · 98b228d77e
commit 98b228d77e
parent 05d034e3ef
3 changed files with 101 additions and 46 deletions
--- a/lionness.go
+++ b/lionness.go
@ -0,0 +1,78 @@
+package main
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+)
+
+// lionEncode...
+// block cipher with a block size equivalent to our message size
+// http://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf (section 6)
+func lionessEncode(key [securityParameter]byte, message [messageSize]byte) [messageSize]byte {
+	var cipherText [messageSize]byte
+	copy(cipherText[:], message[:])
+
+	L := cipherText[:securityParameter]
+	R := cipherText[securityParameter:]
+
+	// Round 1.
+	// L = L XOR H_k1(R)
+	h := hmac.New(sha256.New, append(key[:], 0x01))
+	h.Write(R)
+	xor(L[:], h.Sum(nil)[:securityParameter], L[:])
+
+	// Round 2.
+	// R = R XOR S(L XOR K_2)
+	var k2 [securityParameter]byte
+	xor(k2[:], L[:], key[:])
+	xor(R[:], R[:], generateCipherStream(k2, uint(len(R))))
+
+	// Round 3.
+	// L = L XOR H_k3(R)
+	h = hmac.New(sha256.New, append(key[:], 0x03))
+	h.Write(R)
+	xor(L[:], h.Sum(nil)[:securityParameter], L[:])
+
+	// Round 4.
+	// R = R XOR S(L XOR K_4)
+	var k4 [securityParameter]byte
+	xor(k4[:], L[:], key[:])
+	xor(R[:], R[:], generateCipherStream(k4, uint(len(R))))
+
+	return cipherText
+}
+
+// lionDecode...
+func lionessDecode(key [securityParameter]byte, cipherText [messageSize]byte) [messageSize]byte {
+	var message [messageSize]byte
+	copy(message[:], cipherText[:])
+
+	L := message[:securityParameter]
+	R := message[securityParameter:]
+
+	// Round 4.
+	// R = R XOR S(L XOR K_4)
+	var k4 [securityParameter]byte
+	xor(k4[:], L[:], key[:])
+	xor(R[:], R[:], generateCipherStream(k4, uint(len(R))))
+
+	// Round 3.
+	// L = L XOR H_k3(R)
+	h := hmac.New(sha256.New, append(key[:], 0x03))
+	h.Write(R)
+	xor(L[:], h.Sum(nil)[:securityParameter], L[:])
+
+	// Round 2.
+	// R = R XOR S(L XOR K_2)
+	var k2 [securityParameter]byte
+	xor(k2[:], L[:], key[:])
+	xor(R[:], R[:], generateCipherStream(k2, uint(len(R))))
+
+	// Round 1.
+	// L = L XOR H_k1(R)
+	h = hmac.New(sha256.New, append(key[:], 0x01))
+	h.Write(R)
+	xor(L[:], h.Sum(nil)[:securityParameter], L[:])
+
+	return message
+}
--- a/lionness_test.go
+++ b/lionness_test.go
@ -0,0 +1,23 @@
+package main
+
+import (
+	"bytes"
+	"crypto/rand"
+	"testing"
+)
+
+func TestLionnessCorrectness(t *testing.T) {
+	var m [messageSize]byte
+	msg := []byte("hello")
+	copy(m[:], msg)
+
+	var key [securityParameter]byte
+	rand.Read(key[:])
+
+	cipherText := lionessEncode(key, m)
+	plainText := lionessDecode(key, cipherText)
+
+	if !bytes.Equal(m[:], plainText[:]) {
+		t.Fatalf("texts not equal")
+	}
+}
--- a/sphinx.go
+++ b/sphinx.go
@ -238,52 +238,6 @@ func CreateForwardingMessage(route []*btcec.PublicKey, dest LnAddr,
 	return mixHeader, &onion, nil
 }

-// lionEncode...
-// block cipher with a block size equivalent to our message size
-// http://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf (section 6)
-func lionessEncode(key [securityParameter]byte, message [messageSize]byte) [messageSize]byte {
-	//var l [securityParameter]byte
-	//var r [messageSize + securityParameter]byte
-
-	sha := sha256.New()
-	var cipherText [messageSize]byte
-
-	// Round 1.
-	sha.Write(message[securityParameter:])
-	sha.Write(key[:])
-	sha.Write([]byte{1})
-	xor(cipherText[:], sha.Sum(nil)[:securityParameter], message[:securityParameter])
-	copy(cipherText[securityParameter:], message[securityParameter:])
-
-	// Round 2.
-	var k2 [securityParameter]byte
-	xor(k2[:], cipherText[:securityParameter], key[:])
-	block, _ := aes.NewCipher(k2[:])
-	stream := cipher.NewCTR(block, bytes.Repeat([]byte{0}, aes.BlockSize))
-	stream.XORKeyStream(cipherText[securityParameter:], cipherText[securityParameter:])
-
-	sha.Reset()
-
-	// Round 3.
-	sha.Write(cipherText[securityParameter:])
-	sha.Write(key[:])
-	sha.Write([]byte{3})
-	xor(cipherText[:], sha.Sum(nil)[:securityParameter], cipherText[:securityParameter])
-
-	// Round 4.
-	var k4 [securityParameter]byte
-	xor(k4[:], cipherText[:securityParameter], key[:])
-	block, _ = aes.NewCipher(k4[:])
-	stream = cipher.NewCTR(block, bytes.Repeat([]byte{0}, aes.BlockSize))
-	stream.XORKeyStream(cipherText[securityParameter:], cipherText[securityParameter:])
-
-	return cipherText
-}
-
-// lionDecode...
-func lionessDecode() {
-}
-
 // calcMac....
 func calcMac(key [securityParameter]byte, msg []byte) [securityParameter]byte {
 	hmac := hmac.New(sha256.New, key[:])