cSHAKE is a variant of SHA3 defined in NIST SP800-185. This is different from SHAKE defined in FIPS-202.
I use cSHAKE in a number of my IETF standards (e.g. rfc9374). I would like to be able to have a decent way to perform cSHAKE in a python script, but it does not seem to exist. OpenSSL supports SHAKE but not cSHAKE (it seems).
sooo what to do.
I have found:
https://github.com/Hemoth/cSHAKE
which seems reasonable, but I am not experienced enough with this end of things to do the building of the module to use per the instructions in the script and of course wonder if there is something better out there.
I searched my Fedora mail folder and don't see any thread discussing cSHAKE.
Does anyone have experience/knowledge of how to get a cSHAKE function call on Fedora in python?
thanks
On 2023-04-18 16:43, Robert Moskowitz wrote:
cSHAKE is a variant of SHA3 defined in NIST SP800-185. This is different from SHAKE defined in FIPS-202.
I use cSHAKE in a number of my IETF standards (e.g. rfc9374). I would like to be able to have a decent way to perform cSHAKE in a python script, but it does not seem to exist. OpenSSL supports SHAKE but not cSHAKE (it seems).
Does anyone have experience/knowledge of how to get a cSHAKE function call on Fedora in python?
It looks like the package "python3-pycryptodomex" might have you want. https://pycryptodome.readthedocs.io/en/v3.15.0/src/introduction.html
Samuel,
THANKS!
Not only does it list cSHAKE, but KMAC (which I use elsewhere) but KangarooTwelve (go Team Keccek!), but not ASCON (just selected by NIST for LWC).
It definitely gets me started.
Down the road, I will need x25519. And converting EdDSA25519 curves to x25519 curves...
On 4/18/23 20:05, Samuel Sieb wrote:
On 2023-04-18 16:43, Robert Moskowitz wrote:
cSHAKE is a variant of SHA3 defined in NIST SP800-185. This is different from SHAKE defined in FIPS-202.
I use cSHAKE in a number of my IETF standards (e.g. rfc9374). I would like to be able to have a decent way to perform cSHAKE in a python script, but it does not seem to exist. OpenSSL supports SHAKE but not cSHAKE (it seems).
Does anyone have experience/knowledge of how to get a cSHAKE function call on Fedora in python?
It looks like the package "python3-pycryptodomex" might have you want. https://pycryptodome.readthedocs.io/en/v3.15.0/src/introduction.html _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Tue, Apr 18, 2023 at 10:41 PM Robert Moskowitz rgm@htt-consult.com wrote:
[...] Not only does it list cSHAKE, but KMAC (which I use elsewhere) but KangarooTwelve (go Team Keccek!), but not ASCON (just selected by NIST for LWC).
It definitely gets me started.
Down the road, I will need x25519. And converting EdDSA25519 curves to x25519 curves...
You might take a look at Botan. It is a C++ TLS and crypto library with lots of algorithms. And it has Python bindings.
Botan is carried by Fedora:
$ dnf search Botan ======================== Name & Summary Matched: Botan ========================= botan-devel.i686 : Development files for botan botan-devel.x86_64 : Development files for botan botan-doc.noarch : Documentation for botan botan2-devel.i686 : Development files for botan2 botan2-devel.x86_64 : Development files for botan2 botan2-doc.noarch : Documentation for botan2 python3-botan.x86_64 : Python3 bindings for botan python3-botan2.x86_64 : Python3 bindings for botan2
You want the Botan2 gear. The Botan gear is legacy using the old API.
Jeff
On Tue, Apr 18, 2023 at 7:44 PM Robert Moskowitz rgm@htt-consult.com wrote: [...]
https://github.com/Hemoth/cSHAKE
which seems reasonable, but I am not experienced enough with this end of things to do the building of the module to use per the instructions in the script and of course wonder if there is something better out there.
Caveat - I have not actually tried to use these scripts. Assuming the instructions on the site are correct, I think you only need to grab the pycryptodome library (dnf shows python3-pycryptodomex - no idea if it is the same or compatible with pycryptodome from pip), and then download the source tree. You can download using the git instructions, or you can just download the files directly as long as you recreate the tree - whichever you prefer.
On Tue, Apr 18, 2023 at 8:44 PM Robert Moskowitz rgm@htt-consult.com wrote:
cSHAKE is a variant of SHA3 defined in NIST SP800-185. This is different from SHAKE defined in FIPS-202.
I use cSHAKE in a number of my IETF standards (e.g. rfc9374). I would like to be able to have a decent way to perform cSHAKE in a python script, but it does not seem to exist. OpenSSL supports SHAKE but not cSHAKE (it seems).
sooo what to do.
I have found:
This is for python2., Fedora has python3.
which seems reasonable, but I am not experienced enough with this end of things to do the building of the module to use per the instructions in the script and of course wonder if there is something better out there.
I searched my Fedora mail folder and don't see any thread discussing cSHAKE.
Does anyone have experience/knowledge of how to get a cSHAKE function call on Fedora in python?
https://github.com/lowRISC/opentitan/issues/6694 says cSHAKE from the above has been merged into https://www.pycryptodome.org/.
Looking at the ChangeLog:
3.12.0 (4 December 2021): resolved GH#566: cSHAKE128/256 generated a wrong output for customization strings longer than 255 bytes. 3.11.0 (8 October 2021): Added cSHAKE128 and cSHAKE256 (of SHA-3 family). Thanks to Michael Schaffner.
~% dnf search pycryptodome Last metadata expiration check: 0:34:24 ago on Wed Apr 19 08:10:09 2023. =================== Name & Summary Matched: pycryptodome ======================= python3-pycryptodomex-selftest.x86_64 : PyCryptodome test suite module =================== Name Matched: pycryptodome ================================ python3-pycryptodomex.x86_64 : A self-contained cryptographic library for Python
thanks, George.
The instructions to install pycryptodome says not to install over PyCrypto, but does not tell how to figure this out. I tried a locate on pycrypto and came up empty. I am kind of assuming that means I don't have it install.
Also I am assuming I should run pip as sudo, and should I use pip3?
On 4/19/23 07:48, George N. White III wrote:
On Tue, Apr 18, 2023 at 8:44 PM Robert Moskowitz rgm@htt-consult.com wrote:
cSHAKE is a variant of SHA3 defined in NIST SP800-185. This is different from SHAKE defined in FIPS-202. I use cSHAKE in a number of my IETF standards (e.g. rfc9374). I would like to be able to have a decent way to perform cSHAKE in a python script, but it does not seem to exist. OpenSSL supports SHAKE but not cSHAKE (it seems). sooo what to do. I have found: https://github.com/Hemoth/cSHAKEThis is for python2., Fedora has python3.
which seems reasonable, but I am not experienced enough with this end of things to do the building of the module to use per the instructions in the script and of course wonder if there is something better out there. I searched my Fedora mail folder and don't see any thread discussing cSHAKE. Does anyone have experience/knowledge of how to get a cSHAKE function call on Fedora in python?https://github.com/lowRISC/opentitan/issues/6694 says cSHAKE from the above has been merged into https://www.pycryptodome.org/.
Looking at the ChangeLog:
3.12.0 (4 December 2021): resolved GH#566: cSHAKE128/256 generated a wrong output for customization strings longer than 255 bytes. 3.11.0 (8 October 2021): Added cSHAKE128 and cSHAKE256 (of SHA-3 family). Thanks to Michael Schaffner. ~% dnf search pycryptodome Last metadata expiration check: 0:34:24 ago on Wed Apr 19 08:10:09 2023. =================== Name & Summary Matched: pycryptodome ======================= python3-pycryptodomex-selftest.x86_64 : PyCryptodome test suite module =================== Name Matched: pycryptodome ================================ python3-pycryptodomex.x86_64 : A self-contained cryptographic library for Python
-- George N. White III
users mailing list --users@lists.fedoraproject.org To unsubscribe send an email tousers-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue
On Wed, 19 Apr 2023 08:08:01 -0400 Robert Moskowitz rgm@htt-consult.com wrote:
The instructions to install pycryptodome says not to install over PyCrypto, but does not tell how to figure this out. I tried a locate on pycrypto and came up empty. I am kind of assuming that means I don't have it install.
Also I am assuming I should run pip as sudo, and should I use pip3?
This is a complicated issue. Below is my advice, others may differ.
Use pip3, no sudo. You want to run it as a --user, and put it in a directory in your home directory e.g. pipinstalls. That way you will not interfere with already installed system libraries. man pip3 Fedora pip3 will check if an install will shadow a system library and stop, letting you know when it closes. You will have to add this directory to the end of your $PATH in .bashrc so it can be found by the system when you want to run something from it.
For compatibilty, always use the Fedora package when it is available, barring extenuating circumstances. It is known to be compatible with the rest of the system.
On 2023-04-19 05:08, Robert Moskowitz wrote:
The instructions to install pycryptodome says not to install over PyCrypto, but does not tell how to figure this out. I tried a locate on pycrypto and came up empty. I am kind of assuming that means I don't have it install.
As I mentioned in my earlier reply, it's available in the Fedora repos. "dnf install python3-pycryptodomex" If you follow the link I included, the instructions for how to run it are the ones described for the X version.
Also I am assuming I should run pip as sudo, and should I use pip3?
"pip" in Fedora is "pip3", but you should not run it as sudo, only install locally for your user. But in this case, you don't need to use it at all, since the package is already available.
On 4/19/23 13:28, Samuel Sieb wrote:
On 2023-04-19 05:08, Robert Moskowitz wrote:
The instructions to install pycryptodome says not to install over PyCrypto, but does not tell how to figure this out. I tried a locate on pycrypto and came up empty. I am kind of assuming that means I don't have it install.
As I mentioned in my earlier reply, it's available in the Fedora repos. "dnf install python3-pycryptodomex" If you follow the link I included, the instructions for how to run it are the ones described for the X version.
Also I am assuming I should run pip as sudo, and should I use pip3?
"pip" in Fedora is "pip3", but you should not run it as sudo, only install locally for your user. But in this case, you don't need to use it at all, since the package is already available.
Ah, OK.
I have been using pip3 to install updates, as --user, to xml2rfc. This is for IETF Internet Drafts. Now I know I can just drop the '3'...
Always good to use native Fedora code.
2023-04-19 23:07 UTC+02:00, Robert Moskowitz rgm@htt-consult.com:
I have been using pip3 to install updates, as --user, to xml2rfc. This is for IETF Internet Drafts. Now I know I can just drop the '3'...
And perhaps 'pip', too, and dnf install python3-xml2rfc
On 4/19/23 17:32, Andras Simon wrote:
2023-04-19 23:07 UTC+02:00, Robert Moskowitz rgm@htt-consult.com:
I have been using pip3 to install updates, as --user, to xml2rfc. This is for IETF Internet Drafts. Now I know I can just drop the '3'...
And perhaps 'pip', too, and dnf install python3-xml2rfc
oooh. I never looked. Just did the pip install/update since xml2rfc v2 came out. For v1 I just used the web tool, and then finally switched to local python. Can't even remember how long ago that all was.
So how do I switch from maintaining this via pip and via dnf?
On 2023-04-19 18:26, Robert Moskowitz wrote:
On 4/19/23 17:32, Andras Simon wrote:
2023-04-19 23:07 UTC+02:00, Robert Moskowitz rgm@htt-consult.com:
I have been using pip3 to install updates, as --user, to xml2rfc. This is for IETF Internet Drafts. Now I know I can just drop the '3'...
And perhaps 'pip', too, and dnf install python3-xml2rfc
oooh. I never looked. Just did the pip install/update since xml2rfc v2 came out. For v1 I just used the web tool, and then finally switched to local python. Can't even remember how long ago that all was.
So how do I switch from maintaining this via pip and via dnf?
Most likely "pip uninstall xml2rfc" and "dnf install python3-xml2rfc".
-
Andras Simon -
George N. White III -
Go Canes -
Jeffrey Walton -
Robert Moskowitz -
Samuel Sieb -
stan