lilliput-ae-reference-implementation

Implementations of Lilliput-AE submitted to the NIST LWC standardization process
git clone https://git.kevinlegouguec.net/lilliput-ae-reference-implementation
Log | Files | Refs | README
commit ad7bfa1e842c8493880a860b7275048ba5dc730c
parent 6c7cceee3c7627d3c26dd3c064183d8a26d7fca5
Author: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date:   Thu, 22 Nov 2018 10:31:37 +0100

Ajout du test de déchiffrement et correction de l'implémentation

J'étais parti du principe que pour inverser

        non-linear layer
    r0  linear layer
        permutation layer
    …
        non-linear layer
    r31 linear layer
        /

Il allait falloir faire

        non-linear layer
    r0  linear layer
        /
    …
        non-linear layer
    r31 linear layer
        permutation layer

Mais en fait  non, on procède comme au chiffrement  : c'est le dernier
tour   qui   saute   la   permutation.   C'est   bien   précisé   dans
Lilliput (annexe B, figure 8).

✨ MathéMagie ✨

Diffstat:

Mcrypto_aead/lilliputaei128v1/ref/Makefile | 4+++-


Mcrypto_aead/lilliputaei128v1/ref/cipher.c | 12++++++++++--


2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/crypto_aead/lilliputaei128v1/ref/Makefile b/crypto_aead/lilliputaei128v1/ref/Makefile
@@ -1,4 +1,4 @@
-tests = test-tweakey test-tbc-encrypt
+tests = test-tweakey test-tbc-encrypt test-tbc-decrypt
 
 .PHONY: clean test $(tests)
 
@@ -27,10 +27,12 @@ $(tests): %: results/%
 	diff -ru test/$*-ref results/$@-output
 
 
+results/test-tbc-decrypt: results/cipher.o results/tweakey.o results/constants.o | results
 results/test-tbc-encrypt: results/cipher.o results/tweakey.o results/constants.o | results
 results/test-tweakey: results/tweakey.o results/constants.o | results
 
 results/test-*.o: test/helpers.h parameters.h
+results/test-tbc-decrypt.o: cipher.h
 results/test-tbc-encrypt.o: cipher.h
 results/test-tweakey.o: tweakey.h
 
diff --git a/crypto_aead/lilliputaei128v1/ref/cipher.c b/crypto_aead/lilliputaei128v1/ref/cipher.c
@@ -194,18 +194,26 @@ void lilliput_tbc_decrypt(
     FILE *debug
 )
 {
+    debug_dump_lanes(debug, "Tweak :", TWEAK_BYTES, tweak, 0);
+    debug_dump_lanes(debug, "Key :", KEY_BYTES, key, 0);
+    debug_dump_buffer(debug, "Ciphertext :", BLOCK_BYTES, ciphertext, 0);
+
     cipher_state X;
     _state_init(&X, ciphertext, debug);
 
     uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES];
     _compute_round_tweakeys(key, tweak, RTK);
 
-    _one_round_egfn(&X, RTK[ROUNDS-1], PERMUTATION_NONE);
-
     for (uint8_t i=0; i<ROUNDS-1; i++)
     {
+        _debug_announce_round(debug, i);
         _one_round_egfn(&X, RTK[ROUNDS-1-i], PERMUTATION_DECRYPTION);
     }
 
+    _debug_announce_round(debug, ROUNDS-1);
+    _one_round_egfn(&X, RTK[0], PERMUTATION_NONE);
+
     memcpy(message, X.X, BLOCK_BYTES);
+
+    debug_dump_buffer(debug, "\nDeciphered :", BLOCK_BYTES, message, 0);
 }