Feature request: Threefish 1024

[kangert]

This library is really great.

I would like to use it in cooperation with Bouncy Castle, however it lacks Threefish 1024. It would be great to add Threefish in full length (including 1024 bit CMAC ), when the 512 bits variant is already included.

[randombit]

This would be nice to have. Crypto++ also includes Threefish-1024 these days. We're getting fairly close to feature freeze for 2.5 but I may have time to look at it before then.

It would help if you could post (as an attachment to this issue) some test vectors for Threefish-1024 generated using BC. Inputs could be random or just 0123... Especially useful would be:

• Threefish-1024 tests using the personalization option
• Threefish-1024 tests with a non-zero tweak parameter
• CMAC/Threefish-1024 tests
• EAX/Threefish-1024 tests (assuming BC supports it)
• XTS/Threefish-1024 tests (again assuming BC supports it)

They don't have to match the existing test file format (though that would be nice.)

CMAC support for 1024-bit ciphers just requires finding the correct polynomial and updating poly_dbl.cpp

[kangert]

I think XTS is not supported.

I can make a simple Java application that will take key, tweak, input data + nonce and MAC size (for EAX) and generate appropriate outputs (pure block encryption + EAX output).

[randombit]

OK that works. EAX data would be very helpful for confirming interop.

[kangert]

The utility can be downloaded here: https://drive.google.com/open?id=14SfHmuN_BsU7hvx7OLqYoiquCrRSBTjY

It takes five arguments: key, tweak, input data + nonce and MAC size (for EAX). All in hex, MAC size is in bits.

Example input: java -jar tftest.jar 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00 1024

Produces output:

Block: F05C3D0A3D05B304F785DDC7D1E036015C8AA76E2F217B06C6E1544C0BC1A90DF0ACCB9473C24E0FD54FEA68057F43329CB454761D6DF5CF7B2E9B3614FBD5A20B2E4760B40603540D82EABC5482C171C832AFBE68406BC39500367A592943FA9A5B4A43286CA3C4CF46104B443143D560A4B230488311DF4FEEF7E1DFE8391E

EAX: 391848D95864E84C1E27FBB7E25B032EF281CC7EDC3F434CEB03E665542961B3CCA143A1F597861F8FD7979DC5862855AF8B8D52EB87030B22AD5F90922901F77DFBEAF3C9F47AF9868F344EB723E965F6E4965D901F4256F26E6ADF210245E20C6A37291CB008946F29ECDC9C4D9C69C466454B58D9C0ECD5D93558E7FE21AB623426F20C970ACD84E9FD6A4A3D432344BAC8790F2FFEA2574868A286C561C4D211F3B6F4099BA4FCBC76698C4294E4C3EA00171C5DD29795C9DB33F2185A329E982B0DF7EF5BB0F7CDE5951A8FDA6B1042589253109CB1AF061428C1AE3075F2F3FCA22EE72BCAA3484EBE4CA80F36B5EA955384395B6B337BD04B0884A08C

[randombit]

Thanks for posting the binary, but the whole point of asking for test vectors is so I didn't have to hassle with installing Bouncy Castle.

[kangert]

Installing Bouncy Castle?

Just run the application. If you haven't Java Runtime, install Java (https://java.com) and run the application. That's all.

[randombit]

Ah ok thanks

[noloader]

@randombit,

I can help with CBC and CTR modes, if interested. Crypto++ has a Kalyna wide block implementation. The Kalyna team provided CBC and CTR mode test vectors. Crypto++ Kalyna/CBC and Kalyna/CTR modes are correct for all block sizes using the Kalyna team vectors.

The Crypto++ CBC and CTR modes are most likely correct for other block ciphers. The pedigree is not as direct as it should be, but it is probably better than nothing. Crypto++ can generate CBC and CTR mode vectors, if interested.

Would you like 10 each CBC and CTR mode vectors? Random keys and iv's?

[randombit]

@noloader Perfect thank you! Would certainly be good to cross check against multiple implementations to the extent possible.

Update on schedule, I will definitely not have time to address this in time for 2.5 feature freeze. Maybe for 2.6