[implem-python] Construction de _tweak_message par concaténation

Et petits nettoyages par-ci par-là.

3 files changed, 33 insertions, 16 deletions

diff --git a/src/add_python/lilliput/__init__.py b/src/add_python/lilliput/__init__.py
index dc193c6..870e485 100644
--- a/src/add_python/lilliput/__init__.py
+++ b/src/add_python/lilliput/__init__.py
@@ -26,7 +26,7 @@ The "mode" argument can be either of the following integers:
 
 from . import ae_mode_1
 from . import ae_mode_2
-from .constants import NONCE_BYTES
+from .constants import NONCE_BITS
 
 
 _AE_MODES = {
@@ -43,8 +43,8 @@ def _check_inputs(key, mode, nonce):
     if mode not in _AE_MODES:
         raise ValueError('invalid mode: {} not in {}'.format(mode, tuple(_AE_MODES)))
 
-    if len(nonce) != NONCE_BYTES:
-        raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BYTES, len(nonce)))
+    if len(nonce)*8 != NONCE_BITS:
+        raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BITS, len(nonce)*8))
 
 
 def encrypt(plaintext, adata, key, nonce, mode):
diff --git a/src/add_python/lilliput/ae_mode_1.py b/src/add_python/lilliput/ae_mode_1.py
index b07adf6..1a3c39e 100644
--- a/src/add_python/lilliput/ae_mode_1.py
+++ b/src/add_python/lilliput/ae_mode_1.py
@@ -20,11 +20,12 @@ using Lilliput-AE's nonce-respecting mode based on ΘCB3.
 
 from enum import Enum
 
-from .constants import BLOCK_BYTES, NONCE_BYTES
+from .constants import BLOCK_BYTES, NONCE_BITS
 from .ae_common import (
     bytes_to_block_matrix,
     block_matrix_to_bytes,
     build_auth,
+    integer_to_byte_array,
     pad10,
     TagValidationError,
     xor
@@ -43,19 +44,33 @@ class _MessageTweak(Enum):
     FINAL = 0b0101
 
 
+def _upper_nibble(i):
+    return i >> 4
+
+
+def _lower_nibble(i):
+    return i & 0b00001111
+
+
+def _byte_from_nibbles(lower, upper):
+    return upper<<4 | lower
+
+
 def _tweak_message(N, j, padding):
-    tweak = [0 for byte in range(0, TWEAK_BYTES)]
-    for byte in range(NONCE_BYTES-1, -1, -1):
-        tweak[byte + (TWEAK_BYTES-NONCE_BYTES)] |= (N[byte] & 0xf0) >> 4
-        tweak[byte + (TWEAK_BYTES-NONCE_BYTES-1)] |= (N[byte] & 0x0f) << 4
+    j = integer_to_byte_array(j, (TWEAK_BITS-NONCE_BITS-4)//8+1)
+
+    middle_byte = _byte_from_nibbles(
+        _lower_nibble(j[-1]), _lower_nibble(N[0])
+    )
 
-    tweak[TWEAK_BYTES-NONCE_BYTES-1] |= ((j >> 64) & 0xf)
-    for byte in range(TWEAK_BYTES-NONCE_BYTES-2, -1, -1):
-        tweak[byte] = (j >> (8 * byte)) & 0xff
+    shifted_N = [
+        _byte_from_nibbles(_upper_nibble(N[i-1]), _lower_nibble(N[i]))
+        for i in range(1, NONCE_BITS//8)
+    ]
 
-    tweak[-1] |= padding.value<<4
+    last_byte = _byte_from_nibbles(_upper_nibble(N[-1]), padding.value)
 
-    return tweak
+    return j[:-1] + [middle_byte] + shifted_N + [last_byte]
 
 
 def _treat_message_enc(M, N, key):
@@ -124,9 +139,10 @@ def _treat_message_dec(C, N, key):
 
 def encrypt(A, M, N, key):
     K = list(key)
+    N = list(N)
 
     Auth = build_auth(TWEAK_BITS, A, K)
-    (Final, C) = _treat_message_enc(M, N, K)
+    Final, C = _treat_message_enc(M, N, K)
     tag = xor(Auth, Final)
 
     return block_matrix_to_bytes(C), bytes(tag)
@@ -134,10 +150,11 @@ def encrypt(A, M, N, key):
 
 def decrypt(A, C, N, tag, key):
     K = list(key)
+    N = list(N)
     tag = list(tag)
 
     Auth = build_auth(TWEAK_BITS, A, K)
-    (Final, M) = _treat_message_dec(C, N, K)
+    Final, M = _treat_message_dec(C, N, K)
     tag2 = xor(Auth, Final)
 
     if tag != tag2:
diff --git a/src/add_python/lilliput/constants.py b/src/add_python/lilliput/constants.py
index 5e07e96..e69ca46 100644
--- a/src/add_python/lilliput/constants.py
+++ b/src/add_python/lilliput/constants.py
@@ -1,6 +1,6 @@
 BLOCK_BITS = 128
 BLOCK_BYTES = BLOCK_BITS//8
-NONCE_BYTES = 15
+NONCE_BITS = 120
 TAG_BYTES = 16