Skip to main content

Kveynar - chiffre authentifie original (portage Python), par Memet Jakupi.

Project description

Kveynar — Python port

CI

Author: Memet Jakupi — digital forensics researcher.

A faithful Python port of the reference Rust implementation. It reproduces ../rust/vectors/kat.json byte for byte (interoperability test): a message encrypted by Rust decrypts in Python and vice versa.

The common specification is ../rust/SPEC.md; the honest security analysis is in ../rust/DESIGN.md.

Warning

A home-grown cipher intended for educational / obfuscation / CTF use. Hardened and tested, but not publicly audited. Do not use it alone against a state-level adversary.

Performance note

This port favours readability, not speed. The KDF is memory-hard: at the default factor (2^17 = 16 MiB) it is slow in pure Python. For quick trials, lower the memory factor (--mem 12 or with_work_factor(key, 12)). The Rust implementation remains the performant version.

Usage (library)

from kveynar import Kveynar, encrypt_decoy, decrypt_decoy

kv = Kveynar.with_work_factor("my private key".encode(), 12)
c = kv.encrypt("Pershendetje, bote!".encode())
assert kv.decrypt(c).decode() == "Pershendetje, bote!"

# associated data, text armor, source obfuscation
kv.encrypt_with_ad(b"body", b"public-header")
kv.encrypt_armored(b"data")
kv.obfuscate_source("def f(): return 42")

# "bare" container (no signature) and disguised armors
kv.encrypt_bare(b"looks like random bytes")
kv.encrypt_skin(b"data", "emoji")  # or "mnemonic" / "drita"

# fortress mode (Gjarper + Bora cascade, 100% in-house)
fort = Kveynar.fortress_with_work_factor("key".encode(), 14)

# weak plausible-deniability decoy (two compartments; see ../rust/DESIGN.md section 8bis)
blob = encrypt_decoy(kv, b"real message", fort, b"decoy")
Method Description
new(pass) / with_work_factor(pass, log2_mem) context (memory KDF factor)
fortress(...) / fortress_with_work_factor(...) / set_cascade(bool) cascade mode
encrypt / decrypt (+ _with_ad) binary .kvy container (AEAD)
encrypt_with_params(pt, ad, kripa, fara) deterministic encryption (advanced/tests)
encrypt_bare_with_params(pt, kripa, fara) deterministic bare encryption (advanced/tests)
encrypt_bare / decrypt_bare headerless container, header whitened ⇒ byte-uniform (obfuscation only)
encrypt_skin / decrypt_skin disguised armor (mnemonic / emoji / drita)
encrypt_armored / decrypt_armored text output (Drita armor)
obfuscate_source / deobfuscate_source (+ _bytes) code obfuscation
encrypt_decoy / decrypt_decoy (module functions) weak plausible-deniability decoy

Command line

python -m kveynar enc   -k "my key" --mem 14 secret.txt -o secret.kvy
python -m kveynar enc   -k "my key" --fortress secret.txt -o secret.kvy
python -m kveynar enc   -k "my key" --bare secret.txt -o secret.kvy        # bare container
python -m kveynar dec   -k "my key" secret.kvy -o secret.txt               # mode auto-detected
python -m kveynar obf   -k "my key" --skin emoji app.py -o app.py.kvy
python -m kveynar deobf -k "my key" --skin emoji app.py.kvy -o app.py

Key also via --key-file <file> or the KVEYNAR_KEY environment variable.

Tests

# from the repository root
set PYTHONPATH=python   &  python -m unittest discover -s python/tests -t python   # Windows cmd
PYTHONPATH=python python -m unittest discover -s python/tests -t python            # bash

test_vectors.py proves byte-for-byte interoperability with Rust.

Structure

python/
  kveynar/
    __init__.py     public API (Kveynar class) + bare/skin/decoy
    _u64.py         64-bit arithmetic (mod 2^64)
    _consts.py      constants (forge, IV, RC, ODD, NUMS scalars, rotations, Drita alphabet)
    _vala.py        Vala permutation + sponge
    _kdf.py         Celesi (memory-hard KDF, Mundimi, Argon2id-like)
    _gjarper.py     invertible primary block
    _bora.py        second block (cascade mode)
    _blockutil.py   shared block helper (read4)
    _cipher.py      mode of operation + Vula MAC + container (+ bare)
    _armor.py       Drita base64 armor
    _skin.py        disguised armors (mnemonic / emoji)
    _obfuscate.py   source-obfuscation wrapper
    _rng.py         system randomness (os.urandom)
    errors.py       KveynarError exceptions
    __main__.py     CLI tool
  tools/            gen_constants.py (NUMS constant generator/verifier)
  tests/            test_vectors (KAT interop), roundtrip, tamper, nondeterminism,
                    min_mem, constants, deniable
  examples/         basic, file_encrypt, obfuscate_source
  pyproject.toml

License

MIT.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kveynar-0.3.0.tar.gz (24.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kveynar-0.3.0-py3-none-any.whl (22.1 kB view details)

Uploaded Python 3

File details

Details for the file kveynar-0.3.0.tar.gz.

File metadata

  • Download URL: kveynar-0.3.0.tar.gz
  • Upload date:
  • Size: 24.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for kveynar-0.3.0.tar.gz
Algorithm Hash digest
SHA256 4a874e234512d47237ccf6cd962463c33fa5092778448f73091a7790a5c398f5
MD5 3fee7b17e315d17c6e084660ce5e7ae2
BLAKE2b-256 e18020c0896d00a1b64ed46749483ef6c3fbc01b8d1e25ae4ab373276f123b7f

See more details on using hashes here.

File details

Details for the file kveynar-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: kveynar-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 22.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for kveynar-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9d087012c252fd4702e9d410d05223888c7c16d826d64758521ff522d29a9716
MD5 4191c433cd9a47c50308dbb233326cb2
BLAKE2b-256 8a2c876e2c6b39b212de8a99bef0ffda95df10d0225e05697d60c3c755b082d7

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page