diff options
Diffstat (limited to 'src/add_python/lilliput')
| -rw-r--r-- | src/add_python/lilliput/ae_common.py | 10 | ||||
| -rw-r--r-- | src/add_python/lilliput/ae_mode_1.py | 25 | ||||
| -rw-r--r-- | src/add_python/lilliput/ae_mode_2.py | 32 |
3 files changed, 34 insertions, 33 deletions
diff --git a/src/add_python/lilliput/ae_common.py b/src/add_python/lilliput/ae_common.py index b94be1b..db14ec3 100644 --- a/src/add_python/lilliput/ae_common.py +++ b/src/add_python/lilliput/ae_common.py @@ -15,7 +15,7 @@ """Helper functions used in both Lilliput-I and Lilliput-II.""" -from .constants import BLOCK_BITS, BLOCK_BYTES +from .constants import BLOCK_BYTES from .helpers import xor from . import tbc @@ -48,11 +48,11 @@ def block_matrix_to_bytes(matrix): def pad10(X): zeroes = [0] * (BLOCK_BYTES-len(X)-1) - return zeroes + [0b10000000] + X + return X + [0b10000000] + zeroes def integer_to_byte_array(i, n): - return list(i.to_bytes(n, 'little')) + return list(i.to_bytes(n, 'big')) def _tweak_associated_data(t, i, padded): @@ -61,8 +61,8 @@ def _tweak_associated_data(t, i, padded): prefix = 0b0110 if padded else 0b0010 # Clear upper 4 bits and set them to prefix. - tweak[-1] &= 0b00001111 - tweak[-1] = prefix << 4 + tweak[0] &= 0b00001111 + tweak[0] |= prefix << 4 return tweak diff --git a/src/add_python/lilliput/ae_mode_1.py b/src/add_python/lilliput/ae_mode_1.py index 4a40b78..197bf37 100644 --- a/src/add_python/lilliput/ae_mode_1.py +++ b/src/add_python/lilliput/ae_mode_1.py @@ -52,27 +52,26 @@ def _lower_nibble(i): return i & 0b00001111 -def _byte_from_nibbles(lower, upper): - return upper<<4 | lower +def _byte(high, low): + return high<<4 ^ low def _tweak_message(N, j, prefix): - # j is encoded on 68 bits; get 72 and clear the upper 4. - j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1 - tweak = integer_to_byte_array(j, j_len) - tweak[-1] &= 0b00001111 + tweak = [_byte(prefix.value, _upper_nibble(N[0]))] - # Add nonce. - tweak[-1] |= _lower_nibble(N[0]) << 4 tweak.extend( - _byte_from_nibbles(_upper_nibble(N[i-1]), _lower_nibble(N[i])) + _byte(_lower_nibble(N[i-1]), _upper_nibble(N[i])) for i in range(1, NONCE_BITS//8) ) - # Add last nibble from nonce and prefix. - tweak.append( - _byte_from_nibbles(_upper_nibble(N[-1]), prefix.value) - ) + # j is encoded on 68 bits; get 72 then set the upper 4 to the + # nonce's lower 4. + j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1 + j_array = integer_to_byte_array(j, j_len) + j_array[0] &= 0b00001111 + j_array[0] |= _lower_nibble(N[-1]) << 4 + + tweak.extend(j_array) return tweak diff --git a/src/add_python/lilliput/ae_mode_2.py b/src/add_python/lilliput/ae_mode_2.py index 79d1bcd..a55ecb8 100644 --- a/src/add_python/lilliput/ae_mode_2.py +++ b/src/add_python/lilliput/ae_mode_2.py @@ -18,6 +18,8 @@ This module provides the functions for authenticated encryption and decryption using Lilliput-AE's nonce-misuse-resistant mode based on SCT-2. """ +from enum import Enum + from .constants import BLOCK_BYTES from .ae_common import ( bytes_to_block_matrix, @@ -35,22 +37,24 @@ TWEAK_BITS = 128 TWEAK_BYTES = TWEAK_BITS//8 -def _tweak_tag(j, padded): - tweak = integer_to_byte_array(j, TWEAK_BYTES) +class _TagTweak(Enum): + BLOCK = 0b0000 + PAD = 0b0100 - prefix = 0b0100 if padded else 0b0000 + +def _tweak_tag(j, prefix): + tweak = integer_to_byte_array(j, TWEAK_BYTES) # Clear upper 4 bits and set them to prefix. - tweak[-1] &= 0b00001111 - tweak[-1] = prefix << 4 + tweak[0] &= 0b00001111 + tweak[0] |= prefix.value << 4 return tweak def _add_tag_j(tag, j): - array_j = integer_to_byte_array(j, TWEAK_BYTES) - tweak = xor(tag, array_j) - tweak[-1] |= 0b10000000 + tweak = xor(tag, integer_to_byte_array(j, TWEAK_BYTES)) + tweak[0] |= 0b10000000 return tweak @@ -63,18 +67,16 @@ def _message_auth_tag(M, N, Auth, key): M = bytes_to_block_matrix(M) for j in range(0, l): - tweak = _tweak_tag(j, False) + tweak = _tweak_tag(j, _TagTweak.BLOCK) encryption = tbc.encrypt(tweak, key, M[j]) tag = xor(tag, encryption) if need_padding: - tweak = _tweak_tag(l, True) + tweak = _tweak_tag(l, _TagTweak.PAD) encryption = tbc.encrypt(tweak, key, pad10(M[l])) tag = xor(tag, encryption) - tweak = N + [0b00010000] - encryption = tbc.encrypt(tweak, key, tag) - tag = encryption + tag = tbc.encrypt([0b00010000]+N, key, tag) return tag @@ -88,12 +90,12 @@ def _message_encryption(M, N, tag, key): for j in range(0, l): tweak = _add_tag_j(tag, j) - encryption = tbc.encrypt(tweak, key, N+[0b00000000]) + encryption = tbc.encrypt(tweak, key, [0b00000000]+N) C.append(xor(M[j], encryption)) if need_padding: tweak = _add_tag_j(tag, l) - encryption = tbc.encrypt(tweak, key, N+[0b00000000]) + encryption = tbc.encrypt(tweak, key, [0b00000000]+N) C.append(xor(M[l], encryption)) return C |