Merge branch 'fix-concatenation'

author: Kévin Le Gouguec <kevin.legouguec@airbus.com> 2019-07-05 14:28:17 +0200
committer: Kévin Le Gouguec <kevin.legouguec@airbus.com> 2019-07-05 14:28:17 +0200
commit: 4f58d99e11e1c412a600f39f32a8d181765f0246 (patch)
tree: 7bd7b860ab8e60105e37c873d134b2d59842b21e /src/add_python
parent: 904b99b495a419fefc666e489c31893f86d5080e (diff)
parent: da895e90ec0db658ce9ebbfe60591c7e88f9d6a3 (diff)
download: lilliput-ae-implem-4f58d99e11e1c412a600f39f32a8d181765f0246.tar.xz
3 files changed, 34 insertions, 33 deletions
diff --git a/src/add_python/lilliput/ae_common.py b/src/add_python/lilliput/ae_common.py
index b94be1b..db14ec3 100644
--- a/src/add_python/lilliput/ae_common.py
+++ b/src/add_python/lilliput/ae_common.py
@@ -15,7 +15,7 @@
 """Helper functions used in both Lilliput-I and Lilliput-II."""
 
 
-from .constants import BLOCK_BITS, BLOCK_BYTES
+from .constants import BLOCK_BYTES
 from .helpers import xor
 from . import tbc
 
@@ -48,11 +48,11 @@ def block_matrix_to_bytes(matrix):
 
 def pad10(X):
     zeroes = [0] * (BLOCK_BYTES-len(X)-1)
-    return zeroes + [0b10000000] + X
+    return X + [0b10000000] + zeroes
 
 
 def integer_to_byte_array(i, n):
-    return list(i.to_bytes(n, 'little'))
+    return list(i.to_bytes(n, 'big'))
 
 
 def _tweak_associated_data(t, i, padded):
@@ -61,8 +61,8 @@ def _tweak_associated_data(t, i, padded):
     prefix = 0b0110 if padded else 0b0010
 
     # Clear upper 4 bits and set them to prefix.
-    tweak[-1] &= 0b00001111
-    tweak[-1] = prefix << 4
+    tweak[0] &= 0b00001111
+    tweak[0] |= prefix << 4
 
     return tweak
 
diff --git a/src/add_python/lilliput/ae_mode_1.py b/src/add_python/lilliput/ae_mode_1.py
index 4a40b78..197bf37 100644
--- a/src/add_python/lilliput/ae_mode_1.py
+++ b/src/add_python/lilliput/ae_mode_1.py
@@ -52,27 +52,26 @@ def _lower_nibble(i):
     return i & 0b00001111
 
 
-def _byte_from_nibbles(lower, upper):
-    return upper<<4 | lower
+def _byte(high, low):
+    return high<<4 ^ low
 
 
 def _tweak_message(N, j, prefix):
-    # j is encoded on 68 bits; get 72 and clear the upper 4.
-    j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1
-    tweak = integer_to_byte_array(j, j_len)
-    tweak[-1] &= 0b00001111
+    tweak = [_byte(prefix.value, _upper_nibble(N[0]))]
 
-    # Add nonce.
-    tweak[-1] |= _lower_nibble(N[0]) << 4
     tweak.extend(
-        _byte_from_nibbles(_upper_nibble(N[i-1]), _lower_nibble(N[i]))
+        _byte(_lower_nibble(N[i-1]), _upper_nibble(N[i]))
         for i in range(1, NONCE_BITS//8)
     )
 
-    # Add last nibble from nonce and prefix.
-    tweak.append(
-        _byte_from_nibbles(_upper_nibble(N[-1]), prefix.value)
-    )
+    # j is encoded on 68 bits; get 72 then set the upper 4 to the
+    # nonce's lower 4.
+    j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1
+    j_array = integer_to_byte_array(j, j_len)
+    j_array[0] &= 0b00001111
+    j_array[0] |= _lower_nibble(N[-1]) << 4
+
+    tweak.extend(j_array)
 
     return tweak
 
diff --git a/src/add_python/lilliput/ae_mode_2.py b/src/add_python/lilliput/ae_mode_2.py
index 79d1bcd..a55ecb8 100644
--- a/src/add_python/lilliput/ae_mode_2.py
+++ b/src/add_python/lilliput/ae_mode_2.py
@@ -18,6 +18,8 @@ This module provides the functions for authenticated encryption and decryption
 using Lilliput-AE's nonce-misuse-resistant mode based on SCT-2.
 """
 
+from enum import Enum
+
 from .constants import BLOCK_BYTES
 from .ae_common import (
     bytes_to_block_matrix,
@@ -35,22 +37,24 @@ TWEAK_BITS = 128
 TWEAK_BYTES = TWEAK_BITS//8
 
 
-def _tweak_tag(j, padded):
-    tweak = integer_to_byte_array(j, TWEAK_BYTES)
+class _TagTweak(Enum):
+    BLOCK = 0b0000
+    PAD = 0b0100
 
-    prefix = 0b0100 if padded else 0b0000
+
+def _tweak_tag(j, prefix):
+    tweak = integer_to_byte_array(j, TWEAK_BYTES)
 
     # Clear upper 4 bits and set them to prefix.
-    tweak[-1] &= 0b00001111
-    tweak[-1] = prefix << 4
+    tweak[0] &= 0b00001111
+    tweak[0] |= prefix.value << 4
 
     return tweak
 
 
 def _add_tag_j(tag, j):
-    array_j = integer_to_byte_array(j, TWEAK_BYTES)
-    tweak = xor(tag, array_j)
-    tweak[-1] |= 0b10000000
+    tweak = xor(tag, integer_to_byte_array(j, TWEAK_BYTES))
+    tweak[0] |= 0b10000000
 
     return tweak
 
@@ -63,18 +67,16 @@ def _message_auth_tag(M, N, Auth, key):
     M = bytes_to_block_matrix(M)
 
     for j in range(0, l):
-        tweak = _tweak_tag(j, False)
+        tweak = _tweak_tag(j, _TagTweak.BLOCK)
         encryption = tbc.encrypt(tweak, key, M[j])
         tag = xor(tag, encryption)
 
     if need_padding:
-        tweak = _tweak_tag(l, True)
+        tweak = _tweak_tag(l, _TagTweak.PAD)
         encryption = tbc.encrypt(tweak, key, pad10(M[l]))
         tag = xor(tag, encryption)
 
-    tweak = N + [0b00010000]
-    encryption = tbc.encrypt(tweak, key, tag)
-    tag = encryption
+    tag = tbc.encrypt([0b00010000]+N, key, tag)
 
     return tag
 
@@ -88,12 +90,12 @@ def _message_encryption(M, N, tag, key):
 
     for j in range(0, l):
         tweak = _add_tag_j(tag, j)
-        encryption = tbc.encrypt(tweak, key, N+[0b00000000])
+        encryption = tbc.encrypt(tweak, key, [0b00000000]+N)
         C.append(xor(M[j], encryption))
 
     if need_padding:
         tweak = _add_tag_j(tag, l)
-        encryption = tbc.encrypt(tweak, key, N+[0b00000000])
+        encryption = tbc.encrypt(tweak, key, [0b00000000]+N)
         C.append(xor(M[l], encryption))
 
     return C
author	Kévin Le Gouguec <kevin.legouguec@airbus.com>	2019-07-05 14:28:17 +0200
committer	Kévin Le Gouguec <kevin.legouguec@airbus.com>	2019-07-05 14:28:17 +0200
commit	4f58d99e11e1c412a600f39f32a8d181765f0246 (patch)
tree	7bd7b860ab8e60105e37c873d134b2d59842b21e /src/add_python
parent	904b99b495a419fefc666e489c31893f86d5080e (diff)
parent	da895e90ec0db658ce9ebbfe60591c7e88f9d6a3 (diff)
download	lilliput-ae-implem-4f58d99e11e1c412a600f39f32a8d181765f0246.tar.xz