lilliput-ae-reference-implementation

Implementations of Lilliput-AE submitted to the NIST LWC standardization process
git clone https://git.kevinlegouguec.net/lilliput-ae-reference-implementation
Log | Files | Refs | README
commit 2c90f8474502559c4314c2e02a4ea76b21ff9509
parent b36b15af3c8e8f1846b82da0ca1942e610666e2f
Author: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date:   Wed, 21 Nov 2018 14:46:17 +0100

Ébauche de déchiffrement

La gestion de la permutation est probablement pas élégante… 🤷

Diffstat:

Mcrypto_aead/lilliputaei128v1/ref/cipher.c | 62++++++++++++++++++++++++++++++++++++++++++++++++--------------


1 file changed, 48 insertions(+), 14 deletions(-)

diff --git a/crypto_aead/lilliputaei128v1/ref/cipher.c b/crypto_aead/lilliputaei128v1/ref/cipher.c
@@ -8,6 +8,25 @@
 #include "tweakey.h"
 
 
+enum permutation
+{
+    PERMUTATION_ENCRYPTION = 0,
+    PERMUTATION_DECRYPTION = 1,
+    PERMUTATION_NONE
+};
+
+typedef enum permutation permutation;
+
+const uint8_t PERMUTATIONS[2][BLOCK_BYTES] = {
+    /* PI(i) */
+    [0] = { 13, 9, 14, 8, 10, 11, 12, 15,
+            4,  5, 3,  1, 2,  6,  0,  7 },
+    /* PI^-1(i) */
+    [1] = { 14, 11, 12, 10, 8, 9, 13, 15,
+            3,  1,  4,  5,  6, 0, 2,  7 }
+};
+
+
 struct cipher_state
 {
     uint8_t X[BLOCK_BYTES];
@@ -53,19 +72,19 @@ static void _linear_layer(__attribute__((unused)) cipher_state *X)
 
 }
 
-static void _permutation_layer(__attribute__((unused)) cipher_state *X)
+static void _permutation_layer(__attribute__((unused)) cipher_state *X, permutation p)
 {
-
+    if (p == PERMUTATION_NONE)
+    {
+        return;
+    }
 }
 
-static void _one_round_egfn(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES], bool permute)
+static void _one_round_egfn(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p)
 {
     _nonlinear_layer(X, RTK);
     _linear_layer(X);
-    if (permute)
-    {
-        _permutation_layer(X);
-    }
+    _permutation_layer(X, p);
 }
 
 
@@ -83,21 +102,36 @@ void lilliput_tbc_encrypt(
     uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES];
     _compute_round_tweakeys(key, tweak, RTK);
 
-    for (uint8_t i=0; i<ROUNDS; i++)
+    for (uint8_t i=0; i<ROUNDS-1; i++)
     {
-        _one_round_egfn(&X, RTK[i], i<ROUNDS-1);
+        _one_round_egfn(&X, RTK[i], PERMUTATION_ENCRYPTION);
     }
 
+    _one_round_egfn(&X, RTK[ROUNDS-1], PERMUTATION_NONE);
+
     memcpy(ciphertext, X.X, BLOCK_BYTES);
 }
 
 void lilliput_tbc_decrypt(
-    __attribute__((unused)) const uint8_t key[KEY_BYTES],
-    __attribute__((unused)) const uint8_t tweak[TWEAK_BYTES],
-    __attribute__((unused)) const uint8_t ciphertext[BLOCK_BYTES],
-    __attribute__((unused)) uint8_t message[BLOCK_BYTES],
-    __attribute__((unused)) FILE *debug
+    const uint8_t key[KEY_BYTES],
+    const uint8_t tweak[TWEAK_BYTES],
+    const uint8_t ciphertext[BLOCK_BYTES],
+    uint8_t message[BLOCK_BYTES],
+    FILE *debug
 )
 {
+    cipher_state X;
+    _state_init(&X, ciphertext, debug);
+
+    uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES];
+    _compute_round_tweakeys(key, tweak, RTK);
+
+    _one_round_egfn(&X, RTK[ROUNDS-1], PERMUTATION_NONE);
+
+    for (uint8_t i=0; i<ROUNDS-1; i++)
+    {
+        _one_round_egfn(&X, RTK[ROUNDS-1-i], PERMUTATION_DECRYPTION);
+    }
 
+    memcpy(message, X.X, BLOCK_BYTES);
 }