On 9/26/2022 1:09 PM, Ben Bacarisse wrote:
> "Chris M. Thomasson" <
chris.m.t...@gmail.com> writes:
>
>> On 9/25/2022 2:02 PM, Ben Bacarisse wrote:
>>> "Chris M. Thomasson" <
chris.m.t...@gmail.com> writes:
>>>
>>>> On 9/19/2022 4:25 PM, Ben Bacarisse wrote:
>>>
>>>>> I mean, rather, what sort of a look are you interested in.
>>>>
>>>> A slaughter fest of a code review would be great. How bad is it? Would
>>>> you print out my code just to catch it on fire and watch it burn as
>>>> you drink a glass of wine?
>>> Why not post the links to the source here to keep them all on one place
>>> (you have three versions I think)? I spotted one small error in one
>>> version (the JavaScript one I think) but it's not easy for me to find
>>> out where it was.
>
>> Main code:
>>
>>
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1/ct_main.js
>
> I thought you had three versions (this + Python and C++)?
I do. Here is the crude C version, I posted a link to it up thread but
is sort of, buried. Sorry for that. I need to get them all up on GitHub
and make a new post. But, there they are over on PasteBin via raw links
that go to text only, no ads and shit like that:
(C version)
https://pastebin.com/raw/feUnA3kP
(A Python test vector for the C code above)
https://pastebin.com/raw/NAnsBJAZ
The Python test vector tests out a very specific plaintext, "Plaintext",
and uses a very specific nonce:
__________________________________
# Generate n random bytes
# These need should ideally be from a truly random, non-repeatable
# source. TRNG!
def ct_rand_bytes(n):
rb = "";
for i in range(n):
#rb = rb + chr(random.randint(0, 255));
# HACK to get the same numbers
rb = rb + chr(i);
return rb;
__________________________________
The "# HACK to get the same numbers" comment is meant to sync up with
the C code when PYTHON_TEST_VECTOR is defined. Here is a comment in my C
code that mentions it:
__________________________________
// Uncomment PYTHON_TEST_VECTOR to sync with the Python 3 test vector
// Python code:
https://pastebin.com/raw/NAnsBJAZ
// plaintext 9 bytes at: "Plaintext"
// ciphertext bytes:
//723f811f5eb43df4e0dd50cc2016ff8f14f53137143135f31c99eb0030da44cbc6ace1d9be236858de
__________________________________
The ciphertext bytes are the same between the C and Python test vector
when these very specific rules are followed. Here is the part of the C
code that uses the PYTHON_TEST_VECTOR macro:
__________________________________
// return value ct_buf.p needs to be freed!
struct ct_buf
ct_prepend_from_file(
struct ct_secret_key const* const SK,
const char* fname
) {
FILE* file = fopen(fname, "rb");
assert(file);
size_t file_sz = ct_file_get_size(file) + SK->rand_n;
struct ct_buf buf = { calloc(1, file_sz), file_sz };
if (buf.p)
{
// Prepend the random bytes.
// These should be drawn from a TRNG!!!
srand((unsigned int)time(NULL));
#if defined (PYTHON_TEST_VECTOR)
for (size_t i = 0; i < SK->rand_n; ++i)
{
buf.p[i] = (unsigned char)i;
}
#else
for (size_t i = 0; i < SK->rand_n; ++i)
{
buf.p[i] = rand() % 256;
}
#endif
// Append the original plaintext
for (size_t i = SK->rand_n; i < file_sz; ++i)
{
int byte = fgetc(file);
assert(byte != EOF);
buf.p[i] = byte;
}
}
fclose(file);
return buf;
}
__________________________________
Well, I can see an annoying bugger in here. What was the return value
for fclose? Yikes! However, I admit that the C code is crude, and not
meant for a "bullet-proof" impl. Just a proof of concept. How does
anybody know if ct_prepend_from_file fails! Humm... Okay. I need to fix
these.
>> Please point out any bug you find. :^)
>
> Small bug: Math.floor(Math.random() * 255) will never be 255 so one byte
> value is never generated. Since this is for a nonce, it won't affect
> how the code works.
Ahhh! For some reason I thought that Math.random() could return 1. Damn.
Thanks Ben. I was going for a "random" unsigned integer from [0...255].
Actually, for my algorithm, a TRNG should be used.
> Bigger issues:
>
> Separate the algorithm from the GUI. Having an encrypt function that
> calls a function named ct_gui_parse_append_element_to_string is just
> yucky.
Yeah. Oh shit. I put the cipher logic in functions that are meant for
gui. Okay. Makes total sense to me. Thanks again, Ben. :^)
> I'd try to avoid all those ct_ prefixes. They don't fully avoid name
> clashes and after a while they make the reader's eyes bleed (or they do
> mine). Use one of the standard JS tricks to expose only one name. And
> if you can rely on a modern browser, you could use JS modules.
>
Okay. Basically, a ct namespace instead of ct_ all over the damn place.
Got it.
Excellent advise! Perfect. This is exactly what I am looking for. Some
smart eyes on my work, helping me out. Great.
:^)