diff options
| author | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2019-03-14 09:02:07 +0100 |
|---|---|---|
| committer | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2019-03-14 09:02:07 +0100 |
| commit | 2be282051a89cd69eba40aca79bb17daebb72dab (patch) | |
| tree | 41739b6579aabc2c11a043ca20a104a37c68dc89 | |
| parent | 499a04c70519f114ad14d9bbb01207a5fa9a15c3 (diff) | |
| download | lilliput-ae-implem-2be282051a89cd69eba40aca79bb17daebb72dab.tar.xz | |
Correction de la génération du tweak pour ΘCB3
L'implémentation de référence se basait sur les indices figurant dans
le papier de Deoxys. Deux questions à résoudre, que d'autres se sont
sans doute déjà posées :
- Est-ce que ce l-1 est normal dans le papier de Deoxys ?
- Est-ce que nos changements d'indices sont bien tous corrects ?
En tout cas, les implémentations Python et C sont maintenant d'accord.
| -rw-r--r-- | python/lilliput_ae_1.py | 8 | ||||
| -rw-r--r-- | src/ref/lilliput-i.c | 8 | ||||
| -rw-r--r-- | test/i-128/test-ae-decrypt.c | 11 | ||||
| -rw-r--r-- | test/i-128/test-ae-encrypt.c | 8 |
4 files changed, 17 insertions, 18 deletions
diff --git a/python/lilliput_ae_1.py b/python/lilliput_ae_1.py index 6d060bb..cd7fc82 100644 --- a/python/lilliput_ae_1.py +++ b/python/lilliput_ae_1.py @@ -167,7 +167,7 @@ def TreatMessageEnc(M, N, key) : C[j] = ltbc.LilliputTBCEnc(tweak, key, M[j]) if will_padd == 0 : - tweak = TweakMessage(N, l - 1, null = 1) + tweak = TweakMessage(N, l, null = 1) Final = ltbc.LilliputTBCEnc(tweak, key, checksum) else : @@ -177,7 +177,7 @@ def TreatMessageEnc(M, N, key) : pad = ltbc.LilliputTBCEnc(tweak, key, [0 for byte in range(0, BLOCK_BYTES)]) lower_part = LowPart(pad, M_BITS % BLOCK_BITS) C[l] = XorState(M[l], lower_part) - tweak_final = TweakMessage(N, l, final_padded = 1) + tweak_final = TweakMessage(N, l+1, final_padded = 1) Final = ltbc.LilliputTBCEnc(tweak_final, key, checksum) return (Final, C) @@ -201,7 +201,7 @@ def TreatMessageDec(C, N, key) : if will_padd == 0 : - tweak = TweakMessage(N, l - 1, null = 1) + tweak = TweakMessage(N, l, null = 1) Final = ltbc.LilliputTBCEnc(tweak, key, checksum) else : @@ -211,7 +211,7 @@ def TreatMessageDec(C, N, key) : M[l] = XorState(C[l], lower_part) m_padded = Padding10LSB(M[l], M_BITS % BLOCK_BITS) checksum = XorState(checksum, m_padded) - tweak_final = TweakMessage(N, l, final_padded = 1) + tweak_final = TweakMessage(N, l+1, final_padded = 1) Final = ltbc.LilliputTBCEnc(tweak_final, key, checksum) return (Final, M) diff --git a/src/ref/lilliput-i.c b/src/ref/lilliput-i.c index 74248a9..97c2117 100644 --- a/src/ref/lilliput-i.c +++ b/src/ref/lilliput-i.c @@ -93,7 +93,7 @@ static void _encrypt_message( if (rest == 0) { - _fill_msg_tweak(0x1, N, l-1, tweak); + _fill_msg_tweak(0x1, N, l, tweak); encrypt(key, tweak, checksum, Final); } else @@ -108,7 +108,7 @@ static void _encrypt_message( encrypt(key, tweak, _0n, Pad); xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Pad); - _fill_msg_tweak(0x5, N, l, tweak); + _fill_msg_tweak(0x5, N, l+1, tweak); encrypt(key, tweak, checksum, Final); } } @@ -140,7 +140,7 @@ static void _decrypt_message( if (rest == 0) { - _fill_msg_tweak(0x1, N, l-1, tweak); + _fill_msg_tweak(0x1, N, l, tweak); encrypt(key, tweak, checksum, Final); } else @@ -155,7 +155,7 @@ static void _decrypt_message( pad10(rest, &M[l*BLOCK_BYTES], M_rest); xor_into(checksum, M_rest); - _fill_msg_tweak(0x5, N, l, tweak); + _fill_msg_tweak(0x5, N, l+1, tweak); encrypt(key, tweak, checksum, Final); } } diff --git a/test/i-128/test-ae-decrypt.c b/test/i-128/test-ae-decrypt.c index d835342..043185b 100644 --- a/test/i-128/test-ae-decrypt.c +++ b/test/i-128/test-ae-decrypt.c @@ -57,10 +57,9 @@ const vector VECTORS[] = { 0x47, 0x6b, 0xe5, 0x6a, 0x97, 0x07, 0xc0, 0x87 }, .tag = { - 0x69, 0xb6, 0x26, 0x07, 0x4f, 0x76, 0xc6, 0x3a, - 0x0e, 0x0e, 0xcd, 0xa4, 0x4b, 0xad, 0x77, 0x1f - } - , + 0x2e, 0xe5, 0xbf, 0x50, 0x87, 0x71, 0x17, 0x40, + 0x1b, 0xa7, 0xe9, 0xed, 0xd5, 0xcb, 0xec, 0x6d + }, .message = (uint8_t[]) { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, @@ -107,8 +106,8 @@ const vector VECTORS[] = { 0x4f, 0x09 }, .tag = { - 0xbf, 0xe3, 0x8e, 0x6f, 0xda, 0x02, 0x5a, 0x63, - 0x34, 0x20, 0x4a, 0x43, 0xc2, 0x54, 0x3e, 0x5b + 0x04, 0x10, 0xbc, 0x6f, 0xe5, 0x88, 0xe0, 0xd5, + 0x09, 0x59, 0x26, 0x17, 0x12, 0x49, 0x35, 0x9a }, .message = (uint8_t[]) { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, diff --git a/test/i-128/test-ae-encrypt.c b/test/i-128/test-ae-encrypt.c index 442d621..522a3e6 100644 --- a/test/i-128/test-ae-encrypt.c +++ b/test/i-128/test-ae-encrypt.c @@ -67,8 +67,8 @@ const vector VECTORS[] = { 0x47, 0x6b, 0xe5, 0x6a, 0x97, 0x07, 0xc0, 0x87 }, .tag = { - 0x69, 0xb6, 0x26, 0x07, 0x4f, 0x76, 0xc6, 0x3a, - 0x0e, 0x0e, 0xcd, 0xa4, 0x4b, 0xad, 0x77, 0x1f + 0x2e, 0xe5, 0xbf, 0x50, 0x87, 0x71, 0x17, 0x40, + 0x1b, 0xa7, 0xe9, 0xed, 0xd5, 0xcb, 0xec, 0x6d } }, { @@ -117,8 +117,8 @@ const vector VECTORS[] = { 0x4f, 0x09 }, .tag = { - 0xbf, 0xe3, 0x8e, 0x6f, 0xda, 0x02, 0x5a, 0x63, - 0x34, 0x20, 0x4a, 0x43, 0xc2, 0x54, 0x3e, 0x5b + 0x04, 0x10, 0xbc, 0x6f, 0xe5, 0x88, 0xe0, 0xd5, + 0x09, 0x59, 0x26, 0x17, 0x12, 0x49, 0x35, 0x9a } } }; |