Use PyCryptodome's implementation of TurboSHAKE128

Support for TurboSHAKE was recently (as of version 3.20.0) added to PyCryptodome. Use it instead of our own implementation and remove our implementation. Accordingly, remove the draft-irtf-cfrg-kangarootwelve submodule, as we no longer need it for interop testing with our code. Note that PyCryptodome can be upgraded with: $ sage -pip install --upgrade pycryptodome
cfrg · Jan 11, 2024 · 4b791c4 · 4b791c4
1 parent 97fcdd4
commit 4b791c4
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 204 deletions.
diff --git a/.gitmodules b/.gitmodules
diff --git a/poc/Makefile b/poc/Makefile
@@ -2,7 +2,6 @@ test:
 	sage -python common.py
 	sage -python field.py
 	sage -python xof.py
-	sage -python turboshake.py
 	sage -python flp.py
 	sage -python flp_generic.py
 	sage -python idpf.py

diff --git a/poc/README.md b/poc/README.md
@@ -15,6 +15,8 @@ In order to run the code you will need to install
 sage --pip install pycryptodomex
 ```
 
+Version 3.20.0 or later is required.
+
 ## Generating test vectors
 
 To generate test vectors, set the value of `TEST_VECTOR` in `common.py` to

diff --git a/poc/draft-irtf-cfrg-kangarootwelve b/poc/draft-irtf-cfrg-kangarootwelve
diff --git a/poc/turboshake.py b/poc/turboshake.py
diff --git a/poc/xof.py b/poc/xof.py
@@ -2,12 +2,12 @@
 
 from __future__ import annotations
 
+from Crypto.Hash import TurboSHAKE128
 from Cryptodome.Cipher import AES
 
 from common import (TEST_VECTOR, VERSION, Bytes, Unsigned, concat, format_dst,
                     from_le_bytes, gen_rand, next_power_of_2,
                     print_wrapped_line, to_le_bytes, xor)
-from turboshake import NewTurboSHAKE128, TurboSHAKE128
 
 
 class Xof:
@@ -76,12 +76,11 @@ def __init__(self, seed, dst, binder):
         self.m = to_le_bytes(len(dst), 1) + dst + seed + binder
         '''
         self.length_consumed = 0
-        state = NewTurboSHAKE128(1)
-        state.update(to_le_bytes(len(dst), 1))
-        state.update(dst)
-        state.update(seed)
-        state.update(binder)
-        self.state = state.squeeze()
+        self.h = TurboSHAKE128.new(domain=1)
+        self.h.update(to_le_bytes(len(dst), 1))
+        self.h.update(dst)
+        self.h.update(seed)
+        self.h.update(binder)
 
     def next(self, length):
         '''
@@ -97,7 +96,7 @@ def next(self, length):
         stream = TurboSHAKE128(self.m, 1, self.l)
         return stream[-length:]
         '''
-        return self.state.next(length)
+        return self.h.read(length)
 
 
 class XofFixedKeyAes128(Xof):
@@ -122,8 +121,11 @@ def __init__(self, seed, dst, binder):
         #
         # Implementation note: This step can be cached across XOF
         # evaluations with many different seeds.
-        fixed_key = TurboSHAKE128(
-            to_le_bytes(len(dst), 1) + dst + binder, 2, 16)
+        h = TurboSHAKE128.new(domain=2)
+        h.update(to_le_bytes(len(dst), 1))
+        h.update(dst)
+        h.update(binder)
+        fixed_key = h.read(16)
         self.cipher = AES.new(fixed_key, AES.MODE_ECB)
         # Save seed to be used in `next`.
         self.seed = seed