Merge remote-tracking branch 'origin/master' into fix-vhdltbc

1 files changed, 12 insertions, 13 deletions

diff --git a/src/add_python/lilliput/ae_mode_1.py b/src/add_python/lilliput/ae_mode_1.py
index 4a40b78..197bf37 100644
--- a/src/add_python/lilliput/ae_mode_1.py
+++ b/src/add_python/lilliput/ae_mode_1.py
@@ -52,27 +52,26 @@ def _lower_nibble(i):
     return i & 0b00001111
 
 
-def _byte_from_nibbles(lower, upper):
-    return upper<<4 | lower
+def _byte(high, low):
+    return high<<4 ^ low
 
 
 def _tweak_message(N, j, prefix):
-    # j is encoded on 68 bits; get 72 and clear the upper 4.
-    j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1
-    tweak = integer_to_byte_array(j, j_len)
-    tweak[-1] &= 0b00001111
+    tweak = [_byte(prefix.value, _upper_nibble(N[0]))]
 
-    # Add nonce.
-    tweak[-1] |= _lower_nibble(N[0]) << 4
     tweak.extend(
-        _byte_from_nibbles(_upper_nibble(N[i-1]), _lower_nibble(N[i]))
+        _byte(_lower_nibble(N[i-1]), _upper_nibble(N[i]))
         for i in range(1, NONCE_BITS//8)
     )
 
-    # Add last nibble from nonce and prefix.
-    tweak.append(
-        _byte_from_nibbles(_upper_nibble(N[-1]), prefix.value)
-    )
+    # j is encoded on 68 bits; get 72 then set the upper 4 to the
+    # nonce's lower 4.
+    j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1
+    j_array = integer_to_byte_array(j, j_len)
+    j_array[0] &= 0b00001111
+    j_array[0] |= _lower_nibble(N[-1]) << 4
+
+    tweak.extend(j_array)
 
     return tweak