lc4.py

#!/usr/bin/python2
# -*- coding: utf-8 -*-
# This software is hereby released into public domain. Use it wisely.
#
# ElsieFour (LC4) and its enhancement LS47
# version 2.8.1 (2018-07-24)
#
# Original paper by Alan Kaminsky: https://eprint.iacr.org/2017/339.pdf
# Original LC4 Java source: https://www.cs.rit.edu/~ark/parallelcrypto/elsiefour/
#
# - Python 2 script for LS47 originally written by Mirek Kratochvil (2017)
#   See https://gitea.blesmrt.net/exa/ls47
# - Python 3 port by Bernhard Esslinger / AK (Feb 2018)
#   See www.mysterytwisterc3.org
# - New options by CrypTool project (www.cryptool.org) (Feb 2018) in order to
#   support both ciphers LC4 and LS47 in one program, to support both ways to
#   deal with nonces and keywords, to support reading from file and commandline,
#   and to extend test outputs (v2.7).
# - v2.8 extended the testcase and added the fix of the fixpoint-ish problem for ls47 (option -m1):
#   python lc4.py -6 -ws thisismysecretkey -es ############## -ns igxf5e -m1
#   igxf5egcyhoo#ny#o5i5
#   python lc4.py -6 -ws thisismysecretkey -es ############## -ns igxf5e -m0
#   igxf5e##############
#
# Sample calls:
#
# 1) Using cipher LC4, enforced with option -6:
# // encrypt (key, message). Following example returns tk5j23tq94_gw9c#lhzs
# python lc4.py -6 -ks s2ferw_nx346ty5odiupq#lmz8ajhgcvk79b  -es aaaaaaaaaaaaaaaaaaaa
# // decrypt (key, message). Following example returns aaaaaaaaaaaaaaaaaaaa
# python lc4.py -6 -ks s2ferw_nx346ty5odiupq#lmz8ajhgcvk79b  -ds tk5j23tq94_gw9c#lhzs
# python lc4.py -6 -ws thisismysecretkey -es its_my_fathers_son_but_not_my_brother
# python lc4.py -6 -ws thisismysecretkey -ds 6dudfy3u7omoxy4jbscgn37c2se_d8gx6ogk9
# python lc4.py -6 -ws thisismysecretkey -es its_my_fathers_son_but_not_my_brother -v -nl 6
# python lc4.py -6 -ws thisismysecretkey -ds q6xojffkncfyz#f5czs49#3mbsco#2iscvbnm#bymaf -v -nl 6
#
# 2) Using cipher LS47, enforced with option -7:
# python lc4.py -7 -ws s3cret_p4ssw0rd/31337 -es conflagrate_the_rose_bush_at_six!---peace-vector-3  -v -ns 8y(l._4ct'  -m0
# python lc4.py -7 -ws s3cret_p4ssw0rd/31337 -ds y'zbvvs+d2,ky4sy?w(_wkz*7'90v:./s)kcz?mj+gyu8-'h(y,i+v,z+1ws -v -nl 10  -m0
# python lc4.py -7 -ws s3cret_p4ssw0rd/31337 -ds y'zbvvs+d2,ky4sy?w(_wkz*7'90v:./s)kcz?mj+gyu8-'h(y,i+v,z+1ws -v -ns 8y(l._4ct'  -m0
#
# 3) Using the automatic test (option -t can be combined with options -s and -ws)
# python lc4.py -t
# python lc4.py -t  -ws s3cret_p4sswxyz  -s peacevector_34


from __future__ import print_function
import sys
import os
import random
import argparse


version = "v2.8.1 (2018-07-24)"

# define alphabet
letters6     = "#_23456789abcdefghijklmnopqrstuvwxyz"
letters6card = "abcdefghijklmnopqrstuvwxyz_23456789#"
letters7     = "_abcdefghijklmnopqrstuvwxyz.0123456789,-+*/:?!'()"
letters7card = "abcdefghijklmnopqrstuvwxyz_.,-+*/:?!'()1234567890"


def missing_letters(s,t):
    return ''.join(sorted(set(c for c in s if c not in t)))


def check_key(key):
    illegal = missing_letters(key,letters)
    missing = missing_letters(letters,key)
    duplicates = ''.join(sorted(c for c in letters if key.count(c)>1))

    errors = []
    if illegal: errors.append( "Key contains illegal letters: '%s'" % illegal )
    if missing: errors.append( "Key misses some letters: '%s'" % missing )
    if duplicates: errors.append( "Key contains duplicate letters: '%s'" % duplicates )

    if errors:
        errors.append( "The key must be a permutation of the alphabet: %s" % letters )
        raise ValueError("\n".join(errors))


def check_nonce(nonce):
    illegal = missing_letters(nonce,letters)
    if illegal:
        raise ValueError("Nonce contains illegal letters: '%s'" % illegal)


def check_plaintext(s):
    illegal = missing_letters(s,letters)
    if illegal:
        raise ValueError("Plaintext contains illegal letters: '%s'" % illegal)


def check_ciphertext(s):
    illegal = missing_letters(s,letters)
    if illegal:
        raise ValueError("Ciphertext contains illegal letters: '%s'" % illegal)


def find_ix(letter):
    m = [l[1] for l in tiles if l[0] == letter]
    if len(m) != 1:
        raise ValueError("Letter '%c' not in the alphabet!" % letter)
    return m[0]


def find_pos(key, letter):
    p = key.find(letter)
    if not (0 <= p < size * size):
        raise ValueError("Letter '%c' not in key?!" % letter)
    return (p // size, p % size)


def add_pos(a, b):
    return ((a[0] + b[0]) % size, (a[1] + b[1]) % size)


def sub_pos(a, b):
    return ((a[0] - b[0]) % size, (a[1] - b[1]) % size)


def find_at_pos(key, coord):
    return key[coord[1] + coord[0] * size]


def rotate_right(key, row, n):
    mid = key[size * row:size * (row + 1)]
    return key[:size * row] + mid[-n:] + mid[:-n] + key[size * (row + 1):]


def rotate_down(key, col, n):
    lines  = [key[i * size:(i + 1) * size] for i in range(size)]
    lefts  = [l[:col] for l in lines]
    mids   = [l[col] for l in lines]
    rights = [l[col + 1:] for l in lines]
    mids = mids[-n:] + mids[:-n]
    return ''.join(lefts[i] + mids[i] + rights[i] for i in range(size))


def rotate_marker_right(m, row, n):
    if m[0] != row:
        return (m[0], m[1])
    else:
        return (m[0], (m[1] + n) % size)


def rotate_marker_down(m, col, n):
    if m[1] != col:
        return (m[0], m[1])
    else:
        return ((m[0] + n) % size, m[1])


def derive_key(password, one_indexed):
    i = 0
    k = letters
    # if using one-indexed arrays, moves the zero element to the end
    if one_indexed: k = k[1:]+k[0]
    for c in password:
        (row, col) = find_ix(c)
        k = rotate_down(rotate_right(k, i, col), i, row)
        i = (i + 1) % size
    return k


def encrypt(plaintext):
    global key, mp

    ciphertext = ''
    for p in plaintext:
        pp = find_pos(key, p)
        mix = find_ix(find_at_pos(key, mp))
        cp = add_pos(pp, mix)
        c = find_at_pos(key, cp)
        ciphertext += c

        key = rotate_right(key, pp[0], 1)
        if marker_mode==1: mp = rotate_marker_right(mp, pp[0], 1)
        cp = find_pos(key, c)
        key = rotate_down(key, cp[1], 1)
        if marker_mode==1: mp = rotate_marker_down(mp, cp[1], 1)
        mp = add_pos(mp, find_ix(c))
    return ciphertext


def decrypt(ciphertext):
    global key, mp

    plaintext = ''
    for c in ciphertext:
        cp = find_pos(key, c)
        mix = find_ix(find_at_pos(key, mp))
        pp = sub_pos(cp, mix)
        p = find_at_pos(key, pp)
        plaintext += p

        key = rotate_right(key, pp[0], 1)
        if marker_mode==1: mp = rotate_marker_right(mp, pp[0], 1)
        cp = find_pos(key, c)
        key = rotate_down(key, cp[1], 1)
        if marker_mode==1: mp = rotate_marker_down(mp, cp[1], 1)
        mp = add_pos(mp, find_ix(c))
    return plaintext


def create_random_nonce(size):
    return ''.join(random.choice(letters) for i in range(size))


def encrypt_with_nonce(plaintext):
    global nonce, nonce_enc

    ciphertext = encrypt(nonce + plaintext)
    nonce_enc = ciphertext[:nonce_size]

    if nonce_mode==1:
        return nonce + ciphertext[nonce_size:]
    else:
        return ciphertext


def decrypt_with_nonce(ciphertext):
    global nonce, nonce_enc

    if nonce_mode==1:
        nonce = ciphertext[:nonce_size]
        nonce_enc = encrypt(nonce)
        return decrypt(ciphertext[nonce_size:])
    else:
        plaintext = decrypt(ciphertext)
        nonce = plaintext[:nonce_size]
        nonce_enc = ciphertext[:nonce_size]
        return plaintext[nonce_size:]


def eprint(*args, **kwargs):
    print(*args, file=sys.stderr, **kwargs)


def printinfo(enc=False):  # used by test1() and when option -v
    eprint('CIPHER    : ' + ("LC4" if size==6 else "LS47"))
    eprint('ALPHABET  : ' + letters)
    if szkeyword:
        eprint('KEYWORD   : ' + szkeyword)
    eprint('KEY       : ' + initialkey)  # key variable modified during process?
    eprint('NONCE     : ' + nonce)
    eprint('NONCE ENC : ' + nonce_enc)
    eprint('NONCEMODE : ' + ("Kaminsky" if nonce_mode==1 else "Kratochvil"))
    eprint('MARKER    : ' + ("Kaminsky" if marker_mode==1 else "Kratochvil"))
    if enc:
        # if args.signature: print ("args.SIGNA:", args.signature)
        if szsignature: print ("SIGNATURE: ", szsignature)
        eprint('PLAINTEXT : ' + plaintext)
        eprint('CIPHERTEXT: ' + ciphertext)
    else:
        eprint('CIPHERTEXT: ' + ciphertext)
        eprint('PLAINTEXT : ' + plaintext)


def test1(size, fixednonce):
    # Declaration "global" only needed if you like to write to a global variable
    # [here, this is necessary only if the global var. is used within a fct. called by test1()]
    # As test1() is called several times don't change args components within this fct.
    global letters, nonce_mode, marker_mode, tiles, noncelen, nonce, nonce_size, nonce_enc
    global ciphertext, plaintext, key, initialkey, mp
    global szkeyword, szsignature

    if size == 7:
        CIPHERNAME = "LS47"
        letters = letters7
        nonce_mode = 2
        marker_mode = 2
        if fixednonce == 0:
            noncelen=10; nonce = create_random_nonce(noncelen)
        else:
            nonce = 'dr0+:_pij2'  # just a sample for testing fixed nonce
    else:
        CIPHERNAME = "LC4"
        letters = letters6
        nonce_mode = 1
        marker_mode = 1
        if fixednonce == 0:
            noncelen=6; nonce = create_random_nonce(noncelen)
        else:
            nonce = 'pjpm5i'  # just a sample for testing fixed nonce

    tiles = list(zip(letters, [(x // size, x % size) for x in range(size * size)]))
    check_nonce(nonce)
    nonce_size = len(nonce)
    nonce_enc = ""

    print('\n' + CIPHERNAME)

    if size == 7:
        if args.keywordstring:
            keyword = args.keywordstring  # Allows to use -ws besides -t
        else:
            keyword = 's3cret_p4ssw0rd/31337'
        szkeyword = keyword # This statement needed to show keyword in printinfo() [don't change args.keywordstring within test1()!]
        key = derive_key(keyword, false)
    else:
        key = letters
    initialkey = key
    check_key(key)
    mp = (0, 0)

    if size == 7:
        # signature = 'peace-vector-3'   # just to name a meaningful value for size=7
        plaintext = 'conflagrate_the_rose_bush_at_six!'
        if szsignature: plaintext += szsignature
    else:
        # signature = '#its_me'  # Notice: with size=6 the chars "#", "0", "1", "-" aren't part of the alphabet
        plaintext = 'its_my_fathers_son_but_not_my_brother'
        if szsignature: plaintext += szsignature

    check_plaintext(plaintext)
    ciphertext = encrypt_with_nonce(plaintext)

    key = initialkey; mp = (0, 0)  # initialization again
    check_ciphertext(ciphertext)
    decryptedtext = decrypt_with_nonce(ciphertext)
    print('decrypted text: ' + decryptedtext)

    printinfo(True) # Called from test1() with arg TRUE = assume to do decryption

    szkeyword=''



if __name__ == '__main__':

    parser = argparse.ArgumentParser() # how to enforce, that (either no arg), (or only one arg -t, -v), (or give key and enc mode)

    parser.add_argument("-v", "--verbose", help="output additional information on stderr", action="count", default=0)

    mgroup1 = parser.add_mutually_exclusive_group()
    mgroup1.add_argument("-6", "--lc4", help="use ElsieFour cipher (6x6 table) (default)", action="store_true")
    mgroup1.add_argument("-7", "--ls47", help="use LS47 cipher (7x7 table)", action="store_true")

    parser.add_argument("-pc", "--playingcard", help="Use the \"playing card\" character tables (default: standard tables)", action="store_true")

    mgroup2 = parser.add_mutually_exclusive_group()
    mgroup2.add_argument("-ks", "--keystring", metavar="STRING", help="use STRING as key")
    mgroup2.add_argument("-kf", "--keyfile", metavar="FILE", help="read key from FILE")
    mgroup2.add_argument("-ws", "--keywordstring", metavar="STRING", help="generate key from keyword STRING", default=None)
    mgroup2.add_argument("-wf", "--keywordfile", metavar="FILE", help="read keyword from FILE to generate key", default=None)

    mgroup4 = parser.add_mutually_exclusive_group()
    mgroup4.add_argument("-es", "--encryptstring", metavar="STRING", help="encrypt STRING")
    mgroup4.add_argument("-ef", "--encryptfile", metavar="FILE", help="read plaintext from FILE and encrypt it")
    mgroup4.add_argument("-ds", "--decryptstring", metavar="STRING", help="decrypt STRING")
    mgroup4.add_argument("-df", "--decryptfile", metavar="FILE", help="read ciphertext from FILE and decrypt it")
    mgroup4.add_argument("-t", "--test", help="encrypt and decrypt a string with a given key (with LC4, the given key equals the alphabet). Four cases tested: random/fixed nonce, each with LC4 and LS47", action="store_true")

    mgroup3 = parser.add_mutually_exclusive_group()
    mgroup3.add_argument("-nl", "--noncelen", metavar="LENGTH", help="use random nonce of length LENGTH (default: no nonce)", type=int, default=0)
    mgroup3.add_argument("-ns", "--noncestring", metavar="STRING", help="use STRING as nonce (default: no nonce)")

    mgroup5 = parser.add_mutually_exclusive_group()
    mgroup5.add_argument("-n0", "--nKaminsky", help="use nonce in Kaminsky mode (default for LC4)", action="store_true")
    mgroup5.add_argument("-n1", "--nKratochvil", help="use nonce in Kratochvil mode (default for LS47)", action="store_true")

    mgroup6 = parser.add_mutually_exclusive_group()
    mgroup6.add_argument("-m0", "--mKaminsky", help="use marker in Kaminsky mode (default for LC4)", action="store_true")
    mgroup6.add_argument("-m1", "--mKratochvil", help="use marker in Kratochvil mode (default for LS47)", action="store_true")


    parser.add_argument("-s", "--signature", help="append SIGNATURE to plaintext when encrypting (default: no signature)")

    args = parser.parse_args()

    if len(sys.argv)==1:
        parser.print_help()
        sys.exit(1)
    if args.verbose and len(sys.argv)==2:
        print('Version: ' + version)
        # parser.print_help()
        sys.exit(1)

    # set cipher

    if args.ls47:
        size = 7
        if args.playingcard:
            letters = letters7card
        else:
            letters = letters7
    else:
        size = 6
        if args.playingcard:
            letters = letters6card
        else:
            letters = letters6

    tiles = list(zip(letters, [(x // size, x % size) for x in range(size * size)]))

    # set nonce

    if args.noncestring:
        nonce = args.noncestring
    elif args.noncelen:
        nonce = create_random_nonce(args.noncelen)
    else:
        nonce = ""

    check_nonce(nonce)
    nonce_size = len(nonce)
    nonce_enc = ""

    # set nonce mode

    nonce_mode = 1 if size==6 else 2
    if args.nKaminsky: nonce_mode = 1
    if args.nKratochvil: nonce_mode = 2

    # set marker mode

    marker_mode = 1 if size==6 else 2
    if args.mKaminsky: marker_mode = 1
    if args.mKratochvil: marker_mode = 2

    # set key

    key = letters

    # helper variables for verbose printing via printinfo()

    szkeyword = '' # global variable which can be changed in test1() [so it can be used as test condition in printinfo() instead of args.keywordstring and instead of test1() manipulating args.keywordstring]
    szsignature = '' # global variable which can be changed in test1() [so it can be used as test condition in printinfo() instead of args.keywordstring and instead of test1() manipulating args.keywordstring].  # Allows to use -s besides -t

    if args.signature: # This case here is only necessary if -s should be used together with -t
        szsignature = args.signature


    if args.keywordfile: args.keywordstring = open(args.keywordfile, 'r').read().rstrip('\r\n')
    if args.keywordstring:
        szkeyword = args.keywordstring
        key = derive_key(args.keywordstring, args.playingcard)

    if args.keyfile: args.keystring = open(args.keyfile, 'r').read().rstrip('\r\n')
    if args.keystring: key = args.keystring;

    initialkey = key
    check_key(key)

    mp = (0, 0)

    # encrypt / decrypt / test

    if args.encryptfile:
        args.encryptstring = open(args.encryptfile, 'r').read().rstrip('\r\n')

    if args.decryptfile:
        args.decryptstring = open(args.decryptfile, 'r').read().rstrip('\r\n')

    if args.encryptstring:
        plaintext = args.encryptstring
        if args.signature:
            plaintext += args.signature
        check_plaintext(plaintext)
        ciphertext = encrypt_with_nonce(plaintext)
        if args.verbose:
            printinfo(True)
        else:
            print(ciphertext)

    elif args.decryptstring:
        ciphertext = args.decryptstring
        check_ciphertext(ciphertext)
        plaintext = decrypt_with_nonce(ciphertext)
        if args.signature and args.verbose:
            eprint("--Warning--: the given signature is ignored during decryption")
            # Maybe later return result of a check whether given signature equals the end of the decrypted string.
        if args.verbose:
            printinfo()
        else:
            print(plaintext)

    elif args.test:
        print('\nVersion: ' + version)
        print('\n---Test: No nonce provided (only its length), so each call will produce a different ciphertext.')
        size = 7; test1(size, 0)
        size = 6; test1(size, 0)
        print('\n---Test: Nonce provided as string.')
        size = 7; test1(size, 1)
        size = 6; test1(size, 1)
        sys.exit(1)

    else: # you'll never get here (handled via argparse)
        # if args.verbose: print('Version   : ' + version)
        print('ALPHABET  : ' + letters)
        print('KEY       : ' + initialkey)
        print('NONCE     : ' + nonce)