diff options
| author | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-11-27 16:47:59 +0100 |
|---|---|---|
| committer | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-11-27 16:47:59 +0100 |
| commit | a6246a810859c09d12c928d5f95a897ecca18cb9 (patch) | |
| tree | d743a12b684f5102e49bb9672f0d90af0348d260 /src/lilliput-ae-ii.c | |
| parent | 1f359c1cdbb7a9bd41f3cb9717187e8aeacce43b (diff) | |
| download | lilliput-ae-implem-a6246a810859c09d12c928d5f95a897ecca18cb9.tar.xz | |
Correction de la génération du tag SCT-2
C'est pour *ça* que j'avais mis le nonce dans la signature de la
fonction…
🤦
Diffstat (limited to 'src/lilliput-ae-ii.c')
| -rw-r--r-- | src/lilliput-ae-ii.c | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/src/lilliput-ae-ii.c b/src/lilliput-ae-ii.c index e0e268e..26885e5 100644 --- a/src/lilliput-ae-ii.c +++ b/src/lilliput-ae-ii.c @@ -31,19 +31,33 @@ static void _fill_msg_tweak(const uint8_t tag[TAG_BYTES], uint64_t block_index, } } +static void _fill_tag_tweak(const uint8_t N[NONCE_BYTES], uint8_t tweak[TWEAK_BYTES]) +{ + /* The t-bit tweak is filled as follows: + * + * - bits [ 1, t-7]: N + * - bits [t-7, t]: 0001||0^4 + */ + + memcpy(tweak, N, TWEAK_BYTES-1); + tweak[TWEAK_BYTES-1] = 0x10; +} + static void _generate_tag( const uint8_t key[KEY_BYTES], size_t M_len, const uint8_t M[M_len], + const uint8_t N[NONCE_BYTES], const uint8_t Auth[BLOCK_BYTES], uint8_t tag[TAG_BYTES] ) { uint8_t Ek_Mj[BLOCK_BYTES]; + uint8_t tag_tmp[TAG_BYTES]; uint8_t tweak[TWEAK_BYTES]; - memset(tweak, 0, TWEAK_BYTES); - memcpy(tag, Auth, TAG_BYTES); + memset(tweak, 0, TWEAK_BYTES); + memcpy(tag_tmp, Auth, TAG_BYTES); size_t l = M_len / BLOCK_BYTES; size_t rest = M_len % BLOCK_BYTES; @@ -52,7 +66,7 @@ static void _generate_tag( { fill_index_tweak(0x0, j, tweak); encrypt(key, tweak, &M[j*BLOCK_BYTES], Ek_Mj); - xor_into(tag, Ek_Mj); + xor_into(tag_tmp, Ek_Mj); } if (rest != 0) @@ -61,8 +75,11 @@ static void _generate_tag( pad10(rest, &M[l*BLOCK_BYTES], M_rest); fill_index_tweak(0x4, l, tweak); encrypt(key, tweak, M_rest, Ek_Mj); - xor_into(tag, Ek_Mj); + xor_into(tag_tmp, Ek_Mj); } + + _fill_tag_tweak(N, tweak); + encrypt(key, tweak, tag_tmp, tag); } static void _encrypt_message( @@ -115,7 +132,7 @@ void lilliput_ae_encrypt( uint8_t auth[BLOCK_BYTES]; process_associated_data(key, auth_data_len, auth_data, auth); - _generate_tag(key, message_len, message, auth, tag); + _generate_tag(key, message_len, message, nonce, auth, tag); _encrypt_message(key, message_len, message, nonce, tag, ciphertext); } @@ -137,7 +154,7 @@ bool lilliput_ae_decrypt( process_associated_data(key, auth_data_len, auth_data, auth); uint8_t effective_tag[TAG_BYTES]; - _generate_tag(key, ciphertext_len, message, auth, effective_tag); + _generate_tag(key, ciphertext_len, message, nonce, auth, effective_tag); return memcmp(tag, effective_tag, TAG_BYTES) == 0; } |