From 02eb0c9f257435595889d15577e4641b2242d0a1 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 14 Mar 2019 12:38:36 +0100 Subject: [implem-python] Suppression de paramètres redondants MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Création d'un nouveau module "helpers" qui contiendra les fonctions utilisées par les deux modes. --- python/lilliput_tbc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index 540d956..1ed4d8d 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -2,7 +2,7 @@ Lilliput TBC """ import random -import constant +import constants import multiplications BLOCK_BITS = 128 @@ -19,7 +19,7 @@ KEY_BYTES = int(KEY_BITS / 8) TWEAK_BYTES = int(TWEAK_BITS / 8) TWEAKEY_BYTES = int(TWEAKEY_BITS / 8) -Sbox = constant.Sbox +Sbox = constants.Sbox MultiplyM = multiplications.MultiplyM MultiplyM2 = multiplications.MultiplyM2 MultiplyM3 = multiplications.MultiplyM3 -- cgit v1.2.3 From a1d3889f48a3fffd38a855fc433a9a3d3f649434 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 14 Mar 2019 13:31:50 +0100 Subject: [implem-python] Retrait du main commenté MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- python/lilliput_tbc.py | 51 -------------------------------------------------- 1 file changed, 51 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index 1ed4d8d..78389f9 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -1,7 +1,6 @@ """ Lilliput TBC """ -import random import constants import multiplications @@ -223,53 +222,3 @@ def LilliputTBCDec(tweak, key, cipher) : state_output = LastRoundEGFN(state, RTKs[0], round = ROUNDS - 1) return state_output - -################################################################################ - - -# def main() : -# -# """tweak = [random.randint(0,255) for byte in range(0, number_bytes_tweak)] -# key = [random.randint(0,255) for byte in range(0, number_bytes_key)] -# message = [random.randint(0,255) for byte in range(0, 16)]""" -# #cipher = [204, 93, 118, 73, 153, 116, 241, 228, 56, 160, 234, 207, 42, 199, 19, 147] # null -# #cipher = [104, 79, 113, 74, 255, 166, 160, 78, 195, 74, 93, 105, 73, 157, 113, 228] # order -# #message = [188, 215, 240, 41, 132, 182, 200, 249, 156, 157, 29, 189, 13, 48, 148, 11] -# #cipher = [245, 195, 174, 174, 35, 1, 31, 176, 201, 93, 83, 38, 103, 211, 216, 223] -# #tweak = [168, 67, 243, 16, 129, 17, 28, 132, 223, 248, 46, 250, 144, 144, 38, 33, 125, 141, 67, 18, 42, 179, 210, 77] -# #key = [193, 150, 198, 10, 2, 115, 145, 104, 127, 244, 35, 77, 61, 213, 249, 155] -# global KEY_BITS -# global TWEAK_BITS -# global LANES -# global ROUNDS -# global TWEAKEY_BITS -# global KEY_BYTES -# global TWEAK_BYTES -# global TWEAKEY_BYTES -# KEY_BITS = 256 -# TWEAK_BITS = 128 -# TWEAKEY_BITS = KEY_BITS + TWEAK_BITS -# LANES = int((TWEAKEY_BITS) / LANE_BITS) -# ROUNDS = 42 -# KEY_BYTES = int(KEY_BITS / 8) -# TWEAK_BYTES = int(TWEAK_BITS / 8) -# TWEAKEY_BYTES = int(TWEAKEY_BITS / 8) -# -# tweak = [byte for byte in range(0, TWEAK_BYTES)] -# key = [byte for byte in range(0, KEY_BYTES)] -# message = [byte for byte in range(0, BLOCK_BYTES)] -# -# -# -# cipher = LilliputTBCEnc(tweak, key, message) -# print(message) -# print(cipher) -# print(tweak) -# print(key) -# for index,byte in enumerate(cipher) : -# print("%02x "%(cipher[15-index]), end="") -# print() -# #deciphered = LilliputTBCDec(tweak, key, cipher, verbose = 0) -# #print(deciphered) -# -# #main() -- cgit v1.2.3 From 9f999131bc6798e320432e71f3bfbcfbf20dc295 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 14 Mar 2019 13:47:25 +0100 Subject: [implem-python] Confinement de la gestion des tours au module TBC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Retrait de quelques variables globales par la même occasion. Renommage de "round" en "i" pour 1) coller à la spec 2) éviter le conflit avec le builtin "round". --- python/constants.py | 9 ------ python/lilliput_ae_1.py | 16 +---------- python/lilliput_ae_2.py | 16 ----------- python/lilliput_tbc.py | 73 ++++++++++++++++++++++--------------------------- 4 files changed, 34 insertions(+), 80 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/constants.py b/python/constants.py index 02bbc1f..e8d8d03 100644 --- a/python/constants.py +++ b/python/constants.py @@ -2,15 +2,6 @@ BLOCK_BYTES = 16 NONCE_BYTES = 15 -def rounds(key_bits): - r = { - 128: 32, - 192: 36, - 256: 42 - } - return r[key_bits] - - Sbox = [32, 0, 178, 133, 59, 53, 166, 164, 48, 228, 106, 44, 255, 89, 226, 14, 248, 30, 122, 128, 21, 189, 62, 177, diff --git a/python/lilliput_ae_1.py b/python/lilliput_ae_1.py index 92cfa6e..9eb5460 100644 --- a/python/lilliput_ae_1.py +++ b/python/lilliput_ae_1.py @@ -3,7 +3,7 @@ """ import lilliput_tbc as ltbc -from constants import NONCE_BYTES, rounds +from constants import NONCE_BYTES from helpers import ArrayToBlockbytesMatrix, BlockbytesMatrixToBytes @@ -13,7 +13,6 @@ TWEAK_BITS = 192 TWEAKEY_BITS = KEY_BITS + TWEAK_BITS LANE_BITS = 64 LANES = int((TWEAKEY_BITS) / LANE_BITS) -ROUNDS = 32 BLOCK_BYTES = int(BLOCK_BITS / 8) KEY_BYTES = int(KEY_BITS / 8) @@ -30,12 +29,10 @@ def InitParameters(key_bits) : global TWEAKEY_BITS global TWEAKEY_BYTES global LANES - global ROUNDS KEY_BITS = key_bits TWEAKEY_BITS = KEY_BITS + TWEAK_BITS LANES = int((TWEAKEY_BITS) / LANE_BITS) - ROUNDS = rounds(key_bits) KEY_BYTES = int(KEY_BITS / 8) TWEAKEY_BYTES = int(TWEAKEY_BITS / 8) @@ -230,7 +227,6 @@ def OCB3Enc(A, M, N, key) : M = ArrayToBlockbytesMatrix(M) ltbc.KEY_BITS = KEY_BITS - ltbc.ROUNDS = ROUNDS ltbc.TWEAK_BITS = TWEAK_BITS ltbc.LANES = LANES @@ -239,11 +235,6 @@ def OCB3Enc(A, M, N, key) : ltbc.TWEAK_BYTES = TWEAK_BYTES ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - ltbc.TKs = [[0 for byte in range(0, TWEAKEY_BYTES)] for round in range(0, ROUNDS)] - ltbc.RTKs = [[0 for byte in range(0, 8)] for round in range(0, ROUNDS)] - ltbc.States = [[0 for byte in range(0, BLOCK_BYTES)] for round in range(0, ROUNDS)] - - Auth = BuildAuth(A, key) (Final, C) = TreatMessageEnc(M, N, key) tag = XorState(Auth, Final) @@ -264,7 +255,6 @@ def OCB3Dec(A, C, N, tag, key) : C = ArrayToBlockbytesMatrix(C) ltbc.KEY_BITS = KEY_BITS - ltbc.ROUNDS = ROUNDS ltbc.TWEAK_BITS = TWEAK_BITS ltbc.LANES = LANES @@ -273,10 +263,6 @@ def OCB3Dec(A, C, N, tag, key) : ltbc.TWEAK_BYTES = TWEAK_BYTES ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - ltbc.TKs = [[0 for byte in range(0, TWEAKEY_BYTES)] for round in range(0, ROUNDS)] - ltbc.RTKs = [[0 for byte in range(0, 8)] for round in range(0, ROUNDS)] - ltbc.States = [[0 for byte in range(0, BLOCK_BYTES)] for round in range(0, ROUNDS)] - Auth = BuildAuth(A, key) (Final, M) = TreatMessageDec(C, N, key) tag2 = XorState(Auth, Final) diff --git a/python/lilliput_ae_2.py b/python/lilliput_ae_2.py index d072935..ed57cdf 100644 --- a/python/lilliput_ae_2.py +++ b/python/lilliput_ae_2.py @@ -3,7 +3,6 @@ """ import lilliput_tbc as ltbc -from constants import rounds from helpers import ArrayToBlockbytesMatrix, BlockbytesMatrixToBytes @@ -13,7 +12,6 @@ TWEAK_BITS = 128 TWEAKEY_BITS = KEY_BITS + TWEAK_BITS LANE_BITS = 64 LANES = int((TWEAKEY_BITS) / LANE_BITS) -ROUNDS = 32 BLOCK_BYTES = int(BLOCK_BITS / 8) KEY_BYTES = int(KEY_BITS / 8) @@ -32,12 +30,10 @@ def InitParameters(key_bits) : global TWEAKEY_BITS global TWEAKEY_BYTES global LANES - global ROUNDS KEY_BITS = key_bits TWEAKEY_BITS = KEY_BITS + TWEAK_BITS LANES = int((TWEAKEY_BITS) / LANE_BITS) - ROUNDS = rounds(key_bits) KEY_BYTES = int(KEY_BITS / 8) TWEAKEY_BYTES = int(TWEAKEY_BITS / 8) @@ -227,7 +223,6 @@ def SCT2Enc(A, M, N, key) : M = ArrayToBlockbytesMatrix(M) ltbc.KEY_BITS = KEY_BITS - ltbc.ROUNDS = ROUNDS ltbc.TWEAK_BITS = TWEAK_BITS ltbc.LANES = LANES @@ -236,11 +231,6 @@ def SCT2Enc(A, M, N, key) : ltbc.TWEAK_BYTES = TWEAK_BYTES ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - ltbc.TKs = [[0 for byte in range(0, TWEAKEY_BYTES)] for round in range(0, ROUNDS)] - ltbc.RTKs = [[0 for byte in range(0, 8)] for round in range(0, ROUNDS)] - ltbc.States = [[0 for byte in range(0, BLOCK_BYTES)] for round in range(0, ROUNDS)] - - Auth = BuildAuth(A, key) tag = MesssageAuthTag(M, N, Auth, key) C = MessageEncryption(M, N, tag, key) @@ -261,7 +251,6 @@ def SCT2Dec(A, C, N, tag, key) : C = ArrayToBlockbytesMatrix(C) ltbc.KEY_BITS = KEY_BITS - ltbc.ROUNDS = ROUNDS ltbc.TWEAK_BITS = TWEAK_BITS ltbc.LANES = LANES @@ -270,11 +259,6 @@ def SCT2Dec(A, C, N, tag, key) : ltbc.TWEAK_BYTES = TWEAK_BYTES ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - ltbc.TKs = [[0 for byte in range(0, TWEAKEY_BYTES)] for round in range(0, ROUNDS)] - ltbc.RTKs = [[0 for byte in range(0, 8)] for round in range(0, ROUNDS)] - ltbc.States = [[0 for byte in range(0, BLOCK_BYTES)] for round in range(0, ROUNDS)] - - M = MessageEncryption(C, N, tag, key) Auth = BuildAuth(A, key) tag2 = MesssageAuthTag(M, N, Auth, key) diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index 78389f9..12df2dc 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -10,7 +10,6 @@ TWEAK_BITS = 192 LANE_BITS = 64 LANE_BYTES = LANE_BITS / 8 LANES = int((TWEAK_BITS+KEY_BITS) / LANE_BITS) -ROUNDS = 32 BLOCK_BYTES = int(BLOCK_BITS / 8) TWEAKEY_BITS = KEY_BITS + TWEAK_BITS @@ -29,12 +28,6 @@ MultiplyMR3 = multiplications.MultiplyMR3 permutation = [14, 11, 12, 10, 8, 9, 13, 15, 3, 1, 4, 5, 6, 0, 2, 7] permutationInv = [13, 9, 14, 8, 10, 11, 12, 15, 4, 5, 3, 1, 2, 6 ,0 ,7] -# Personnal global variables to check better -TKs = [[0 for byte in range(0, TWEAKEY_BYTES)] for round in range(0, ROUNDS)] -RTKs = [[0 for byte in range(0, 8)] for round in range(0, ROUNDS)] -States = [[0 for byte in range(0, BLOCK_BYTES)] for round in range(0, ROUNDS)] - - ################################################################################ def BuildTweakey(tweak, key) : @@ -74,26 +67,29 @@ def RoundTweakeySchedule(tweakey) : return tweakey_multiplied ; -def SubTweakeyExtract(tweakey, round) : +def SubTweakeyExtract(tweakey, Ci): subtweakey = [0 for byte in range(0, 8)] for byte in range(0, TWEAKEY_BYTES) : subtweakey[byte % 8] ^= tweakey[byte] - subtweakey[0] ^= round + subtweakey[0] ^= Ci return subtweakey -def TweakeyScheduleWhole(tweakey) : +def TweakeyScheduleWhole(tweakey, r): # store main tweakey in TKs[0] # and corresponding RTKs[0] - TKs[0] = tweakey - RTKs[0] = SubTweakeyExtract(TKs[0], 0) + TKs = [tweakey] + RTKs = [SubTweakeyExtract(TKs[0], 0)] + + for i in range(1, r) : + TKs.append(RoundTweakeySchedule(TKs[i-1])) + RTKs.append(SubTweakeyExtract(TKs[i], i)) + + return RTKs - for round in range(1, ROUNDS) : - TKs[round] = RoundTweakeySchedule(TKs[round - 1]) - RTKs[round] = SubTweakeyExtract(TKs[round], round) ################################################################################ @@ -145,21 +141,21 @@ def PermutationLayerDec(state) : return state_output -def OneRoundEGFNEnc(state, subtweakey, round) : +def OneRoundEGFNEnc(state, subtweakey) : state_non_linear = NonLinearLayer(state, subtweakey) state_linear = LinearLayer(state_non_linear) state_permutation = PermutationLayerEnc(state_linear) return state_permutation -def LastRoundEGFN(state, subtweakey, round) : +def LastRoundEGFN(state, subtweakey) : state_non_linear = NonLinearLayer(state, subtweakey) state_linear = LinearLayer(state_non_linear) return state_linear -def OneRoundEGFNDec(state, subtweakey, round) : +def OneRoundEGFNDec(state, subtweakey) : state_non_linear = NonLinearLayer(state, subtweakey) state_linear = LinearLayer(state_non_linear) state_permutation = PermutationLayerDec(state_linear) @@ -167,58 +163,55 @@ def OneRoundEGFNDec(state, subtweakey, round) : return state_permutation +def _rounds(key_bytes): + rounds = { + 128: 32, + 192: 36, + 256: 42 + } + return rounds[key_bytes*8] + + ################################################################################ # Lilliput TBC def LilliputTBCEnc(tweak, key, message) : - - global TKs - global RTKs - global states - TKs = [[0 for byte in range(0, TWEAKEY_BYTES)] for round in range(0, ROUNDS)] - RTKs = [[0 for byte in range(0, 8)] for round in range(0, ROUNDS)] - States = [[0 for byte in range(0, BLOCK_BYTES)] for round in range(0, ROUNDS)] + r = _rounds(len(key)) tweakey = BuildTweakey(tweak, key) - TweakeyScheduleWhole(tweakey) + RTKs = TweakeyScheduleWhole(tweakey, r) state = [0 for byte in range(0, BLOCK_BYTES)] for byte in range(0, BLOCK_BYTES) : state[byte] = message[byte] - for round in range(0, ROUNDS - 1) : - state_output = OneRoundEGFNEnc(state, RTKs[round], round = round) + for i in range(0, r-1) : + state_output = OneRoundEGFNEnc(state, RTKs[i]) for byte in range(0, BLOCK_BYTES) : state[byte] = state_output[byte] - state_output = LastRoundEGFN(state, RTKs[ROUNDS - 1], round = ROUNDS - 1) + state_output = LastRoundEGFN(state, RTKs[r-1]) return state_output def LilliputTBCDec(tweak, key, cipher) : - - global TKs - global RTKs - global states - TKs = [[0 for byte in range(0, TWEAKEY_BYTES)] for round in range(0, ROUNDS)] - RTKs = [[0 for byte in range(0, 8)] for round in range(0, ROUNDS)] - States = [[0 for byte in range(0, BLOCK_BYTES)] for round in range(0, ROUNDS)] + r = _rounds(len(key)) tweakey = BuildTweakey(tweak, key) - TweakeyScheduleWhole(tweakey) + RTKs = TweakeyScheduleWhole(tweakey, r) state = [0 for byte in range(0, BLOCK_BYTES)] for byte in range(0, BLOCK_BYTES) : state[byte] = cipher[byte] - for round in range(0, ROUNDS - 1) : - state_output = OneRoundEGFNDec(state, RTKs[ROUNDS - round - 1], round = round) + for i in range(0, r-1) : + state_output = OneRoundEGFNDec(state, RTKs[r-i-1]) for byte in range(0, BLOCK_BYTES) : state[byte] = state_output[byte] - state_output = LastRoundEGFN(state, RTKs[0], round = ROUNDS - 1) + state_output = LastRoundEGFN(state, RTKs[0]) return state_output -- cgit v1.2.3 From 864e0bc2a83297bbea069f3fcc6cb333dbc2de19 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 14 Mar 2019 13:51:24 +0100 Subject: [implem-python] Dé-duplication de constantes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- python/lilliput_tbc.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index 12df2dc..515a671 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -1,23 +1,20 @@ """ Lilliput TBC """ -import constants +from constants import BLOCK_BYTES, Sbox import multiplications -BLOCK_BITS = 128 KEY_BITS = 128 TWEAK_BITS = 192 LANE_BITS = 64 LANE_BYTES = LANE_BITS / 8 LANES = int((TWEAK_BITS+KEY_BITS) / LANE_BITS) -BLOCK_BYTES = int(BLOCK_BITS / 8) TWEAKEY_BITS = KEY_BITS + TWEAK_BITS KEY_BYTES = int(KEY_BITS / 8) TWEAK_BYTES = int(TWEAK_BITS / 8) TWEAKEY_BYTES = int(TWEAKEY_BITS / 8) -Sbox = constants.Sbox MultiplyM = multiplications.MultiplyM MultiplyM2 = multiplications.MultiplyM2 MultiplyM3 = multiplications.MultiplyM3 -- cgit v1.2.3 From dc5efdfce750c02d4f3c4b35d5137342002fd78d Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 14 Mar 2019 14:21:39 +0100 Subject: [implem-python] Retrait des variables globales de lilliput_tbc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On peut tout déduire de len(tweak) / len(key) ; la seule raison d'utiliser autant de constantes en C est que les tableaux se dégradent en pointeurs, donc c'est où les constantes, où une tétrachiée d'arguments. --- python/lilliput_ae_1.py | 28 +++++------------------ python/lilliput_ae_2.py | 32 +++++++------------------- python/lilliput_tbc.py | 61 +++++++++++++++++-------------------------------- 3 files changed, 35 insertions(+), 86 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/lilliput_ae_1.py b/python/lilliput_ae_1.py index 9eb5460..4d2d2dc 100644 --- a/python/lilliput_ae_1.py +++ b/python/lilliput_ae_1.py @@ -225,18 +225,10 @@ def OCB3Enc(A, M, N, key) : A = ArrayToBlockbytesMatrix(A) M = ArrayToBlockbytesMatrix(M) + K = list(key) - ltbc.KEY_BITS = KEY_BITS - ltbc.TWEAK_BITS = TWEAK_BITS - ltbc.LANES = LANES - - ltbc.TWEAKEY_BITS = TWEAKEY_BITS - ltbc.KEY_BYTES = KEY_BYTES - ltbc.TWEAK_BYTES = TWEAK_BYTES - ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - - Auth = BuildAuth(A, key) - (Final, C) = TreatMessageEnc(M, N, key) + Auth = BuildAuth(A, K) + (Final, C) = TreatMessageEnc(M, N, K) tag = XorState(Auth, Final) return BlockbytesMatrixToBytes(C), bytes(tag) @@ -253,18 +245,10 @@ def OCB3Dec(A, C, N, tag, key) : A = ArrayToBlockbytesMatrix(A) C = ArrayToBlockbytesMatrix(C) + K = list(key) - ltbc.KEY_BITS = KEY_BITS - ltbc.TWEAK_BITS = TWEAK_BITS - ltbc.LANES = LANES - - ltbc.TWEAKEY_BITS = TWEAKEY_BITS - ltbc.KEY_BYTES = KEY_BYTES - ltbc.TWEAK_BYTES = TWEAK_BYTES - ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - - Auth = BuildAuth(A, key) - (Final, M) = TreatMessageDec(C, N, key) + Auth = BuildAuth(A, K) + (Final, M) = TreatMessageDec(C, N, K) tag2 = XorState(Auth, Final) if(tag == tag2) : diff --git a/python/lilliput_ae_2.py b/python/lilliput_ae_2.py index ed57cdf..aeebe27 100644 --- a/python/lilliput_ae_2.py +++ b/python/lilliput_ae_2.py @@ -221,19 +221,11 @@ def SCT2Enc(A, M, N, key) : A = ArrayToBlockbytesMatrix(A) M = ArrayToBlockbytesMatrix(M) + K = list(key) - ltbc.KEY_BITS = KEY_BITS - ltbc.TWEAK_BITS = TWEAK_BITS - ltbc.LANES = LANES - - ltbc.TWEAKEY_BITS = TWEAKEY_BITS - ltbc.KEY_BYTES = KEY_BYTES - ltbc.TWEAK_BYTES = TWEAK_BYTES - ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - - Auth = BuildAuth(A, key) - tag = MesssageAuthTag(M, N, Auth, key) - C = MessageEncryption(M, N, tag, key) + Auth = BuildAuth(A, K) + tag = MesssageAuthTag(M, N, Auth, K) + C = MessageEncryption(M, N, tag, K) return BlockbytesMatrixToBytes(C), bytes(tag) @@ -249,19 +241,11 @@ def SCT2Dec(A, C, N, tag, key) : A = ArrayToBlockbytesMatrix(A) C = ArrayToBlockbytesMatrix(C) + K = list(key) - ltbc.KEY_BITS = KEY_BITS - ltbc.TWEAK_BITS = TWEAK_BITS - ltbc.LANES = LANES - - ltbc.TWEAKEY_BITS = TWEAKEY_BITS - ltbc.KEY_BYTES = KEY_BYTES - ltbc.TWEAK_BYTES = TWEAK_BYTES - ltbc.TWEAKEY_BYTES = TWEAKEY_BYTES - - M = MessageEncryption(C, N, tag, key) - Auth = BuildAuth(A, key) - tag2 = MesssageAuthTag(M, N, Auth, key) + M = MessageEncryption(C, N, tag, K) + Auth = BuildAuth(A, K) + tag2 = MesssageAuthTag(M, N, Auth, K) if(tag == tag2) : return BlockbytesMatrixToBytes(M) diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index 515a671..0dbfb31 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -4,17 +4,6 @@ from constants import BLOCK_BYTES, Sbox import multiplications -KEY_BITS = 128 -TWEAK_BITS = 192 -LANE_BITS = 64 -LANE_BYTES = LANE_BITS / 8 -LANES = int((TWEAK_BITS+KEY_BITS) / LANE_BITS) - -TWEAKEY_BITS = KEY_BITS + TWEAK_BITS -KEY_BYTES = int(KEY_BITS / 8) -TWEAK_BYTES = int(TWEAK_BITS / 8) -TWEAKEY_BYTES = int(TWEAKEY_BITS / 8) - MultiplyM = multiplications.MultiplyM MultiplyM2 = multiplications.MultiplyM2 MultiplyM3 = multiplications.MultiplyM3 @@ -28,46 +17,38 @@ permutationInv = [13, 9, 14, 8, 10, 11, 12, 15, 4, 5, 3, 1, 2, 6 ,0 ,7] ################################################################################ def BuildTweakey(tweak, key) : - - tweakey = [0 for byte in range(0, TWEAKEY_BYTES)] - for byte in range(0, TWEAK_BYTES) : - tweakey[byte] = tweak[byte] - - for byte in range(0, KEY_BYTES) : - tweakey[byte + TWEAK_BYTES] = key[byte] - - return tweakey + return tweak+key ############################# +def _lane(TK, j): + return TK[j*8:(j+1)*8] + def RoundTweakeySchedule(tweakey) : + p = len(tweakey)//8 # Multiplication - lanes = [tweakey[word * 8:(word+1) * 8] for word in range(0, LANES)] - tweakey_multiplied = [] - for word in range(0, LANES) : - if word == 0 : - tweakey_multiplied += list(lanes[0]) - elif word == 1 : - tweakey_multiplied += MultiplyM(lanes[1]) - elif word == 2 : - tweakey_multiplied += MultiplyM2(lanes[2]) - elif word == 3 : - tweakey_multiplied += MultiplyM3(lanes[3]) - elif word == 4 : - tweakey_multiplied += MultiplyMR(lanes[4]) - elif word == 5 : - tweakey_multiplied += MultiplyMR2(lanes[5]) - elif word == 6 : - tweakey_multiplied += MultiplyMR3(lanes[6]) - - return tweakey_multiplied ; + alphas = ( + list, # Identity. + MultiplyM, + MultiplyM2, + MultiplyM3, + MultiplyMR, + MultiplyMR2, + MultiplyMR3 + ) + + return [ + byte + for j in range(p) + for byte in alphas[j](_lane(tweakey, j)) + ] def SubTweakeyExtract(tweakey, Ci): subtweakey = [0 for byte in range(0, 8)] - for byte in range(0, TWEAKEY_BYTES) : + for byte in range(len(tweakey)): subtweakey[byte % 8] ^= tweakey[byte] subtweakey[0] ^= Ci -- cgit v1.2.3 From 11a1e33e41858d87692a8b6d726d654e292455ec Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 14 Mar 2019 14:40:42 +0100 Subject: [implem-python] Déclaration de "alphas" dans multiplications.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- python/lilliput_tbc.py | 25 ++++--------------------- python/multiplications.py | 23 +++++++++++++++++------ 2 files changed, 21 insertions(+), 27 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index 0dbfb31..fbd1fb3 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -2,14 +2,8 @@ Lilliput TBC """ from constants import BLOCK_BYTES, Sbox -import multiplications +from multiplications import ALPHAS -MultiplyM = multiplications.MultiplyM -MultiplyM2 = multiplications.MultiplyM2 -MultiplyM3 = multiplications.MultiplyM3 -MultiplyMR = multiplications.MultiplyMR -MultiplyMR2 = multiplications.MultiplyMR2 -MultiplyMR3 = multiplications.MultiplyMR3 permutation = [14, 11, 12, 10, 8, 9, 13, 15, 3, 1, 4, 5, 6, 0, 2, 7] permutationInv = [13, 9, 14, 8, 10, 11, 12, 15, 4, 5, 3, 1, 2, 6 ,0 ,7] @@ -27,22 +21,11 @@ def _lane(TK, j): def RoundTweakeySchedule(tweakey) : p = len(tweakey)//8 - # Multiplication - alphas = ( - list, # Identity. - MultiplyM, - MultiplyM2, - MultiplyM3, - MultiplyMR, - MultiplyMR2, - MultiplyMR3 + multiplied_lanes = ( + ALPHAS[j](_lane(tweakey, j)) for j in range(p) ) - return [ - byte - for j in range(p) - for byte in alphas[j](_lane(tweakey, j)) - ] + return [byte for lane in multiplied_lanes for byte in lane] def SubTweakeyExtract(tweakey, Ci): diff --git a/python/multiplications.py b/python/multiplications.py index e753c68..7babd50 100644 --- a/python/multiplications.py +++ b/python/multiplications.py @@ -1,6 +1,6 @@ # Multiply by matrix M -def MultiplyM(lane) : +def _multiplyM(lane) : multiplied_lane = [lane[(byte-1) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[6] << 2) & 0xff) @@ -9,7 +9,7 @@ def MultiplyM(lane) : return multiplied_lane -def MultiplyM2(lane) : +def _multiplyM2(lane) : multiplied_lane = [lane[(byte-2) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[5] << 2) & 0xff) @@ -35,7 +35,7 @@ def MultiplyM2(lane) : return multiplied_lane -def MultiplyM3(lane) : +def _multiplyM3(lane) : multiplied_lane = [lane[(byte-3) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[4] << 2) & 0xff) ^ ((lane[5] << 5) & 0xff) @@ -86,7 +86,7 @@ def MultiplyM3(lane) : return multiplied_lane -def MultiplyMR(lane) : +def _multiplyMR(lane) : multiplied_lane = [lane[(byte+1) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[4] >> 3) & 0xff) @@ -96,7 +96,7 @@ def MultiplyMR(lane) : return multiplied_lane -def MultiplyMR2(lane) : +def _multiplyMR2(lane) : multiplied_lane = [lane[(byte+2) % 8] for byte in range(0, 8)] multiplied_lane[1] ^= ((lane[4] >> 3) & 0xff) @@ -120,7 +120,7 @@ def MultiplyMR2(lane) : return multiplied_lane -def MultiplyMR3(lane) : +def _multiplyMR3(lane) : multiplied_lane = [lane[(byte+3) % 8] for byte in range(0, 8)] multiplied_lane[0] ^= ((lane[4] >> 3) & 0xff) @@ -173,3 +173,14 @@ def MultiplyMR3(lane) : multiplied_lane[2] ^= multi_mat_l3_m4 ^ multi_mat_l6_m1 ^ multi_mat_l7_m3 return multiplied_lane + + +ALPHAS = ( + list, # Identity. + _multiplyM, + _multiplyM2, + _multiplyM3, + _multiplyMR, + _multiplyMR2, + _multiplyMR3 +) -- cgit v1.2.3 From 99c63c6699e6da600348a476ebbc52b783002d1b Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 14 Mar 2019 14:47:10 +0100 Subject: [implem-python] Renommage de variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pour que le lien soit plus facile à faire avec la spec. --- python/lilliput_tbc.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index fbd1fb3..418d083 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -29,19 +29,19 @@ def RoundTweakeySchedule(tweakey) : def SubTweakeyExtract(tweakey, Ci): - subtweakey = [0 for byte in range(0, 8)] + RTKi = [0]*8 - for byte in range(len(tweakey)): - subtweakey[byte % 8] ^= tweakey[byte] + for j, byte in enumerate(tweakey): + RTKi[j%8] ^= byte - subtweakey[0] ^= Ci + RTKi[0] ^= Ci - return subtweakey + return RTKi def TweakeyScheduleWhole(tweakey, r): # store main tweakey in TKs[0] - # and corresponding RTKs[0] + # and corresponding round tweakey in RTKs[0] TKs = [tweakey] RTKs = [SubTweakeyExtract(TKs[0], 0)] -- cgit v1.2.3 From aaf0d2c49f343e909dc69b487056ca31238ffabf Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Thu, 21 Mar 2019 16:04:16 +0100 Subject: [implem-python] Nettoyage PEP8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - espaces avant ':' - espaces en trop après ',' - parenthèses dans les if - levée d'exception plutôt que 'return None' implicite Simplification de genkat_aead.py grâce à l'exception levée par le module. --- python/constants.py | 66 ++++++++++++++++++++++++----------------------- python/genkat_aead.py | 26 ++----------------- python/helpers.py | 23 +++++++++++++---- python/lilliput_ae_1.py | 31 ++++++++++++---------- python/lilliput_ae_2.py | 49 +++++++++++++++++++---------------- python/lilliput_tbc.py | 54 +++++++++++++++++++------------------- python/multiplications.py | 12 ++++----- 7 files changed, 131 insertions(+), 130 deletions(-) (limited to 'python/lilliput_tbc.py') diff --git a/python/constants.py b/python/constants.py index 764febb..c61dfe0 100644 --- a/python/constants.py +++ b/python/constants.py @@ -3,35 +3,37 @@ BLOCK_BYTES = BLOCK_BITS//8 NONCE_BYTES = 15 -Sbox = [32, 0, 178, 133, 59, 53, 166, 164, - 48, 228, 106, 44, 255, 89, 226, 14, - 248, 30, 122, 128, 21, 189, 62, 177, - 232, 243, 162, 194, 218, 81, 42, 16, - 33, 1, 35, 120, 92, 36, 39, 181, - 55, 199, 43, 31, 174, 10, 119, 95, - 111, 9, 157, 129, 4, 90, 41, 220, - 57, 156, 5, 87, 151, 116, 121, 23, - 68, 198, 230, 233, 221, 65, 242, 138, - 84, 202, 110, 74, 225, 173, 182, 136, - 28, 152, 126, 206, 99, 73, 58, 93, - 12, 239, 246, 52, 86, 37, 46, 214, - 103, 117, 85, 118, 184, 210, 97, 217, - 113, 139, 205, 11, 114, 108, 49, 75, - 105, 253, 123, 109, 96, 60, 47, 98, - 63, 34, 115, 19, 201, 130, 127, 83, - 50, 18, 160, 124, 2, 135, 132, 134, - 147, 78, 104, 70, 141, 195, 219, 236, - 155, 183, 137, 146, 167, 190, 61, 216, - 234, 80, 145, 241, 51, 56, 224, 169, - 163, 131, 161, 27, 207, 6, 149, 7, - 158, 237, 185, 245, 76, 192, 244, 45, - 22, 250, 180, 3, 38, 179, 144, 79, - 171, 101, 252, 254, 20, 247, 227, 148, - 238, 172, 140, 26, 222, 203, 40, 64, - 125, 200, 196, 72, 107, 223, 165, 82, - 229, 251, 215, 100, 249, 240, 211, 94, - 102, 150, 143, 29, 69, 54, 204, 197, - 77, 159, 191, 15, 209, 8, 235, 67, - 66, 25, 231, 153, 168, 142, 88, 193, - 154, 212, 24, 71, 170, 175, 188, 91, - 213, 17, 208, 176, 112, 187, 13, 186] +Sbox = [ + 0x20, 0x00, 0xb2, 0x85, 0x3b, 0x35, 0xa6, 0xa4, + 0x30, 0xe4, 0x6a, 0x2c, 0xff, 0x59, 0xe2, 0x0e, + 0xf8, 0x1e, 0x7a, 0x80, 0x15, 0xbd, 0x3e, 0xb1, + 0xe8, 0xf3, 0xa2, 0xc2, 0xda, 0x51, 0x2a, 0x10, + 0x21, 0x01, 0x23, 0x78, 0x5c, 0x24, 0x27, 0xb5, + 0x37, 0xc7, 0x2b, 0x1f, 0xae, 0x0a, 0x77, 0x5f, + 0x6f, 0x09, 0x9d, 0x81, 0x04, 0x5a, 0x29, 0xdc, + 0x39, 0x9c, 0x05, 0x57, 0x97, 0x74, 0x79, 0x17, + 0x44, 0xc6, 0xe6, 0xe9, 0xdd, 0x41, 0xf2, 0x8a, + 0x54, 0xca, 0x6e, 0x4a, 0xe1, 0xad, 0xb6, 0x88, + 0x1c, 0x98, 0x7e, 0xce, 0x63, 0x49, 0x3a, 0x5d, + 0x0c, 0xef, 0xf6, 0x34, 0x56, 0x25, 0x2e, 0xd6, + 0x67, 0x75, 0x55, 0x76, 0xb8, 0xd2, 0x61, 0xd9, + 0x71, 0x8b, 0xcd, 0x0b, 0x72, 0x6c, 0x31, 0x4b, + 0x69, 0xfd, 0x7b, 0x6d, 0x60, 0x3c, 0x2f, 0x62, + 0x3f, 0x22, 0x73, 0x13, 0xc9, 0x82, 0x7f, 0x53, + 0x32, 0x12, 0xa0, 0x7c, 0x02, 0x87, 0x84, 0x86, + 0x93, 0x4e, 0x68, 0x46, 0x8d, 0xc3, 0xdb, 0xec, + 0x9b, 0xb7, 0x89, 0x92, 0xa7, 0xbe, 0x3d, 0xd8, + 0xea, 0x50, 0x91, 0xf1, 0x33, 0x38, 0xe0, 0xa9, + 0xa3, 0x83, 0xa1, 0x1b, 0xcf, 0x06, 0x95, 0x07, + 0x9e, 0xed, 0xb9, 0xf5, 0x4c, 0xc0, 0xf4, 0x2d, + 0x16, 0xfa, 0xb4, 0x03, 0x26, 0xb3, 0x90, 0x4f, + 0xab, 0x65, 0xfc, 0xfe, 0x14, 0xf7, 0xe3, 0x94, + 0xee, 0xac, 0x8c, 0x1a, 0xde, 0xcb, 0x28, 0x40, + 0x7d, 0xc8, 0xc4, 0x48, 0x6b, 0xdf, 0xa5, 0x52, + 0xe5, 0xfb, 0xd7, 0x64, 0xf9, 0xf0, 0xd3, 0x5e, + 0x66, 0x96, 0x8f, 0x1d, 0x45, 0x36, 0xcc, 0xc5, + 0x4d, 0x9f, 0xbf, 0x0f, 0xd1, 0x08, 0xeb, 0x43, + 0x42, 0x19, 0xe7, 0x99, 0xa8, 0x8e, 0x58, 0xc1, + 0x9a, 0xd4, 0x18, 0x47, 0xaa, 0xaf, 0xbc, 0x5b, + 0xd5, 0x11, 0xd0, 0xb0, 0x70, 0xbb, 0x0d, 0xba +] diff --git a/python/genkat_aead.py b/python/genkat_aead.py index daa48f8..8b38d9b 100755 --- a/python/genkat_aead.py +++ b/python/genkat_aead.py @@ -16,27 +16,8 @@ MODE_SUFFIXES = { } -def bstr(buf): - return ''.join('{:02X}'.format(b) for b in buf) - - def print_bstr(output, label, buf): - print('{l} = {b}'.format(l=label, b=bstr(buf)), file=output) - - -class DecryptionError(Exception): - def __init__(self, expected, actual, mode, keylen): - self.expected = expected - self.actual = actual - self.mode = mode - self.keylen = keylen - - def __str__(self): - return '({s.mode} / {s.keylen}) Expected {exp}; got {act}'.format( - s=self, - exp=bstr(self.expected) if self.expected is not None else 'NONE', - act=bstr(self.actual) if self.actual is not None else 'NONE' - ) + print('{l} = {b}'.format(l=label, b=buf.hex().upper()), file=output) def generate_test_vectors(mode, keylen): @@ -74,10 +55,7 @@ def generate_test_vectors(mode, keylen): print_bstr(output, 'CT', ct+tag) - msg2 = decrypt(ct, tag, ad, key, nonce, mode) - - if msg != msg2: - raise DecryptionError(msg, msg2, mode, keylen) + decrypt(ct, tag, ad, key, nonce, mode) count+=1 diff --git a/python/helpers.py b/python/helpers.py index 45c48c9..b02bea4 100644 --- a/python/helpers.py +++ b/python/helpers.py @@ -2,20 +2,20 @@ from constants import BLOCK_BITS, BLOCK_BYTES from lilliput_tbc import LilliputTBCEnc -def ArrayToBlockbytesMatrix(array) : +def ArrayToBlockbytesMatrix(array): length = len(array) pad = 0 - if(length % BLOCK_BYTES == 0) : + if length % BLOCK_BYTES == 0: number_blocks = int(length / BLOCK_BYTES) - else : + else: number_blocks = int((length + (BLOCK_BYTES - (length % BLOCK_BYTES))) / BLOCK_BYTES) pad = 1 matrix = [[0] * BLOCK_BYTES for block in range(0, number_blocks - pad)] - if(pad == 1) : + if pad == 1: matrix.append([0] * (length % BLOCK_BYTES)) - for byte in range(0, length) : + for byte in range(0, length): matrix[int(byte / BLOCK_BYTES)][byte % BLOCK_BYTES] = array[byte] return matrix @@ -85,3 +85,16 @@ def BuildAuth(t, A, key): Auth = XorState(Auth, enc) return Auth + + +class TagValidationError(Exception): + def __init__(self, announced, computed): + msg = '\n'.join(( + 'Invalid tag:', + announced.hex().upper()+' (announced)', + computed.hex().upper()+' (computed)' + )) + + super().__init__(msg) + self._announced = announced + self._computed = computed diff --git a/python/lilliput_ae_1.py b/python/lilliput_ae_1.py index 8b618d9..9aad3a6 100644 --- a/python/lilliput_ae_1.py +++ b/python/lilliput_ae_1.py @@ -11,6 +11,7 @@ from helpers import ( BlockbytesMatrixToBytes, BuildAuth, Padding10LSB, + TagValidationError, XorState ) @@ -19,23 +20,23 @@ TWEAK_BITS = 192 TWEAK_BYTES = TWEAK_BITS//8 -def LowPart(array, number_bits) : +def LowPart(array, number_bits): shifted = 0 - for byte in range(0, len(array)) : + for byte in range(0, len(array)): shifted |= (array[byte] << (8 * byte)) mask = 0 - for bit in range(0, number_bits) : + for bit in range(0, number_bits): mask |= (0x1 << bit) lower_part = shifted & mask will_padd = 0 - if (number_bits % 8) != 0 : + if number_bits % 8 != 0: will_padd = 1 - lower_part_byte = [0 for byte in range(0, int(number_bits / 8) + will_padd)] - for byte in range(0, int(number_bits / 8) + will_padd) : + lower_part_byte = [0 for byte in range(0, int(number_bits / 8) + will_padd)] + for byte in range(0, int(number_bits / 8) + will_padd): lower_part_byte[byte] = lower_part & 0xff lower_part = lower_part >> 8 @@ -50,13 +51,13 @@ class _MessageTweak(Enum): def TweakMessage(N, j, padding): - tweak = [0 for byte in range(0, TWEAK_BYTES)] - for byte in range(NONCE_BYTES-1, -1, -1) : + tweak = [0 for byte in range(0, TWEAK_BYTES)] + for byte in range(NONCE_BYTES-1, -1, -1): tweak[byte + (TWEAK_BYTES-NONCE_BYTES)] |= (N[byte] & 0xf0) >> 4 tweak[byte + (TWEAK_BYTES-NONCE_BYTES-1)] |= (N[byte] & 0x0f) << 4 tweak[TWEAK_BYTES-NONCE_BYTES-1] |= ((j >> 64) & 0xf) - for byte in range(TWEAK_BYTES-NONCE_BYTES-2, -1, -1) : + for byte in range(TWEAK_BYTES-NONCE_BYTES-2, -1, -1): tweak[byte] = (j >> (8 * byte)) & 0xff tweak[-1] |= padding.value<<4 @@ -96,7 +97,7 @@ def TreatMessageEnc(M, N, key): return (Final, C) -def TreatMessageDec(C, N, key) : +def TreatMessageDec(C, N, key): checksum = [0 for byte in range(0, BLOCK_BYTES)] l = len(C)//BLOCK_BYTES @@ -129,7 +130,7 @@ def TreatMessageDec(C, N, key) : ################################################################################ -def encrypt(A, M, N, key) : +def encrypt(A, M, N, key): K = list(key) Auth = BuildAuth(TWEAK_BITS, A, K) @@ -139,7 +140,7 @@ def encrypt(A, M, N, key) : return BlockbytesMatrixToBytes(C), bytes(tag) -def decrypt(A, C, N, tag, key) : +def decrypt(A, C, N, tag, key): K = list(key) tag = list(tag) @@ -147,5 +148,7 @@ def decrypt(A, C, N, tag, key) : (Final, M) = TreatMessageDec(C, N, K) tag2 = XorState(Auth, Final) - if(tag == tag2) : - return BlockbytesMatrixToBytes(M) + if tag != tag2: + raise TagValidationError(tag, tag2) + + return BlockbytesMatrixToBytes(M) diff --git a/python/lilliput_ae_2.py b/python/lilliput_ae_2.py index 624fd93..3f72020 100644 --- a/python/lilliput_ae_2.py +++ b/python/lilliput_ae_2.py @@ -3,12 +3,13 @@ """ import lilliput_tbc as ltbc -from constants import BLOCK_BITS, BLOCK_BYTES +from constants import BLOCK_BYTES from helpers import ( ArrayToBlockbytesMatrix, BlockbytesMatrixToBytes, BuildAuth, Padding10LSB, + TagValidationError, XorState ) @@ -18,30 +19,31 @@ TWEAK_BYTES = TWEAK_BITS//8 def TweakTag(j, padded): - tweak = [0 for byte in range(0, TWEAK_BYTES)] + tweak = [0 for byte in range(0, TWEAK_BYTES)] - tweak[TWEAK_BYTES - 1] |= ((j >> 120) & 0xf) - for byte in range(TWEAK_BYTES - 2, -1, -1) : - tweak[byte] = (j >> (8 * byte)) & 0xff + tweak[TWEAK_BYTES - 1] |= ((j >> 120) & 0xf) + for byte in range(TWEAK_BYTES - 2, -1, -1): + tweak[byte] = (j >> (8 * byte)) & 0xff - if padded: - tweak[TWEAK_BYTES - 1] |= 0x40 + if padded: + tweak[TWEAK_BYTES - 1] |= 0x40 + + return tweak - return tweak -def TweakTagEnd(N) : - tweak = [0 for byte in range(0, TWEAK_BYTES)] +def TweakTagEnd(N): + tweak = [0 for byte in range(0, TWEAK_BYTES)] - for byte in range(0, TWEAK_BYTES - 1) : + for byte in range(0, TWEAK_BYTES - 1): tweak[byte] = N[byte] tweak[TWEAK_BYTES - 1] = 0x10 return tweak -def AddTagJ(tag, j) : +def AddTagJ(tag, j): array_j = [0 for byte in range(0, TWEAK_BYTES)] - for byte in range(0, TWEAK_BYTES) : + for byte in range(0, TWEAK_BYTES): array_j[byte] = (j >> (byte * 8)) xorr = XorState(tag, array_j) @@ -51,19 +53,19 @@ def AddTagJ(tag, j) : return xorr -def MesssageAuthTag(M, N, Auth, key) : +def MesssageAuthTag(M, N, Auth, key): l = len(M)//BLOCK_BYTES padding_bytes = len(M)%BLOCK_BYTES tag = list(Auth) M = ArrayToBlockbytesMatrix(M) - for j in range(0, l) : + for j in range(0, l): tweak = TweakTag(j, False) encryption = ltbc.LilliputTBCEnc(tweak, key, M[j]) tag = XorState(tag, encryption) - if padding_bytes > 0 : + if padding_bytes > 0: tweak = TweakTag(l, True) m_padded = Padding10LSB(M[l], 8*padding_bytes) encryption = ltbc.LilliputTBCEnc(tweak, key, m_padded) @@ -76,14 +78,14 @@ def MesssageAuthTag(M, N, Auth, key) : return tag -def MessageEncryption(M, N, tag, key) : +def MessageEncryption(M, N, tag, key): l = len(M)//BLOCK_BYTES padding_bytes = len(M)%BLOCK_BYTES M = ArrayToBlockbytesMatrix(M) C = [] - for j in range(0, l) : + for j in range(0, l): tweak = AddTagJ(tag, j) padded_nonce = list(N) + [0x00] encryption = ltbc.LilliputTBCEnc(tweak, key, padded_nonce) @@ -97,8 +99,9 @@ def MessageEncryption(M, N, tag, key) : return C + ################################################################################ -def encrypt(A, M, N, key) : +def encrypt(A, M, N, key): K = list(key) Auth = BuildAuth(TWEAK_BITS, A, K) @@ -108,7 +111,7 @@ def encrypt(A, M, N, key) : return BlockbytesMatrixToBytes(C), bytes(tag) -def decrypt(A, C, N, tag, key) : +def decrypt(A, C, N, tag, key): K = list(key) tag = list(tag) @@ -118,5 +121,7 @@ def decrypt(A, C, N, tag, key) : Auth = BuildAuth(TWEAK_BITS, A, K) tag2 = MesssageAuthTag(M, N, Auth, K) - if tag == tag2: - return M + if tag != tag2: + raise TagValidationError(tag, tag2) + + return M diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py index 418d083..9dc7df2 100644 --- a/python/lilliput_tbc.py +++ b/python/lilliput_tbc.py @@ -10,7 +10,7 @@ permutationInv = [13, 9, 14, 8, 10, 11, 12, 15, 4, 5, 3, 1, 2, 6 ,0 ,7] ################################################################################ -def BuildTweakey(tweak, key) : +def BuildTweakey(tweak, key): return tweak+key ############################# @@ -18,7 +18,7 @@ def BuildTweakey(tweak, key) : def _lane(TK, j): return TK[j*8:(j+1)*8] -def RoundTweakeySchedule(tweakey) : +def RoundTweakeySchedule(tweakey): p = len(tweakey)//8 multiplied_lanes = ( @@ -45,7 +45,7 @@ def TweakeyScheduleWhole(tweakey, r): TKs = [tweakey] RTKs = [SubTweakeyExtract(TKs[0], 0)] - for i in range(1, r) : + for i in range(1, r): TKs.append(RoundTweakeySchedule(TKs[i-1])) RTKs.append(SubTweakeyExtract(TKs[i], i)) @@ -54,69 +54,69 @@ def TweakeyScheduleWhole(tweakey, r): ################################################################################ -def NonLinearLayer(state, subtweakey) : +def NonLinearLayer(state, subtweakey): variables_xored = [0 for byte in range(0, 8)] - for byte in range(0,8) : + for byte in range(0,8): variables_xored[byte] = state[byte] ^ subtweakey[byte] variables_sboxed = [0 for byte in range(0, 8)] - for byte in range(0, 8) : + for byte in range(0, 8): variables_sboxed[byte] = Sbox[variables_xored[byte]] state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0,BLOCK_BYTES) : + for byte in range(0,BLOCK_BYTES): state_output[byte] = state[byte] - for byte in range(0, 8) : + for byte in range(0, 8): state_output[15 - byte] ^= variables_sboxed[byte] return state_output -def LinearLayer(state) : +def LinearLayer(state): state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES) : + for byte in range(0, BLOCK_BYTES): state_output[byte] = state[byte] - for byte in range(1, 8) : + for byte in range(1, 8): state_output[15] ^= state[byte] - for byte in range(9, 15) : + for byte in range(9, 15): state_output[byte] ^= state[7] return state_output -def PermutationLayerEnc(state) : +def PermutationLayerEnc(state): state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES) : + for byte in range(0, BLOCK_BYTES): state_output[byte] = state[permutation[byte]] return state_output -def PermutationLayerDec(state) : +def PermutationLayerDec(state): state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES) : + for byte in range(0, BLOCK_BYTES): state_output[byte] = state[permutationInv[byte]] return state_output -def OneRoundEGFNEnc(state, subtweakey) : +def OneRoundEGFNEnc(state, subtweakey): state_non_linear = NonLinearLayer(state, subtweakey) state_linear = LinearLayer(state_non_linear) state_permutation = PermutationLayerEnc(state_linear) return state_permutation -def LastRoundEGFN(state, subtweakey) : +def LastRoundEGFN(state, subtweakey): state_non_linear = NonLinearLayer(state, subtweakey) state_linear = LinearLayer(state_non_linear) return state_linear -def OneRoundEGFNDec(state, subtweakey) : +def OneRoundEGFNDec(state, subtweakey): state_non_linear = NonLinearLayer(state, subtweakey) state_linear = LinearLayer(state_non_linear) state_permutation = PermutationLayerDec(state_linear) @@ -136,20 +136,20 @@ def _rounds(key_bytes): ################################################################################ # Lilliput TBC -def LilliputTBCEnc(tweak, key, message) : +def LilliputTBCEnc(tweak, key, message): r = _rounds(len(key)) tweakey = BuildTweakey(tweak, key) RTKs = TweakeyScheduleWhole(tweakey, r) state = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES) : + for byte in range(0, BLOCK_BYTES): state[byte] = message[byte] - for i in range(0, r-1) : + for i in range(0, r-1): state_output = OneRoundEGFNEnc(state, RTKs[i]) - for byte in range(0, BLOCK_BYTES) : + for byte in range(0, BLOCK_BYTES): state[byte] = state_output[byte] state_output = LastRoundEGFN(state, RTKs[r-1]) @@ -157,20 +157,20 @@ def LilliputTBCEnc(tweak, key, message) : return state_output -def LilliputTBCDec(tweak, key, cipher) : +def LilliputTBCDec(tweak, key, cipher): r = _rounds(len(key)) tweakey = BuildTweakey(tweak, key) RTKs = TweakeyScheduleWhole(tweakey, r) state = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES) : + for byte in range(0, BLOCK_BYTES): state[byte] = cipher[byte] - for i in range(0, r-1) : + for i in range(0, r-1): state_output = OneRoundEGFNDec(state, RTKs[r-i-1]) - for byte in range(0, BLOCK_BYTES) : + for byte in range(0, BLOCK_BYTES): state[byte] = state_output[byte] state_output = LastRoundEGFN(state, RTKs[0]) diff --git a/python/multiplications.py b/python/multiplications.py index 7babd50..c5f1e44 100644 --- a/python/multiplications.py +++ b/python/multiplications.py @@ -1,6 +1,6 @@ # Multiply by matrix M -def _multiplyM(lane) : +def _multiplyM(lane): multiplied_lane = [lane[(byte-1) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[6] << 2) & 0xff) @@ -9,7 +9,7 @@ def _multiplyM(lane) : return multiplied_lane -def _multiplyM2(lane) : +def _multiplyM2(lane): multiplied_lane = [lane[(byte-2) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[5] << 2) & 0xff) @@ -35,7 +35,7 @@ def _multiplyM2(lane) : return multiplied_lane -def _multiplyM3(lane) : +def _multiplyM3(lane): multiplied_lane = [lane[(byte-3) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[4] << 2) & 0xff) ^ ((lane[5] << 5) & 0xff) @@ -86,7 +86,7 @@ def _multiplyM3(lane) : return multiplied_lane -def _multiplyMR(lane) : +def _multiplyMR(lane): multiplied_lane = [lane[(byte+1) % 8] for byte in range(0, 8)] multiplied_lane[2] ^= ((lane[4] >> 3) & 0xff) @@ -96,7 +96,7 @@ def _multiplyMR(lane) : return multiplied_lane -def _multiplyMR2(lane) : +def _multiplyMR2(lane): multiplied_lane = [lane[(byte+2) % 8] for byte in range(0, 8)] multiplied_lane[1] ^= ((lane[4] >> 3) & 0xff) @@ -120,7 +120,7 @@ def _multiplyMR2(lane) : return multiplied_lane -def _multiplyMR3(lane) : +def _multiplyMR3(lane): multiplied_lane = [lane[(byte+3) % 8] for byte in range(0, 8)] multiplied_lane[0] ^= ((lane[4] >> 3) & 0xff) -- cgit v1.2.3 From dd934c63386c8fa22a5b0944e0256c435d55938c Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Fri, 22 Mar 2019 10:34:02 +0100 Subject: [implem-python] Renommage du module TBC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Quand le tout sera packagé sous le namespace "lilliput", le préfixe alourdira plus qu'autre chose. --- python/helpers.py | 6 +- python/lilliput_ae_1.py | 18 ++--- python/lilliput_ae_2.py | 12 ++-- python/lilliput_tbc.py | 178 ------------------------------------------------ python/tbc.py | 178 ++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 196 insertions(+), 196 deletions(-) delete mode 100644 python/lilliput_tbc.py create mode 100644 python/tbc.py (limited to 'python/lilliput_tbc.py') diff --git a/python/helpers.py b/python/helpers.py index be4b406..321b096 100644 --- a/python/helpers.py +++ b/python/helpers.py @@ -1,5 +1,5 @@ from constants import BLOCK_BITS, BLOCK_BYTES -from lilliput_tbc import LilliputTBCEnc +import tbc def ArrayToBlockbytesMatrix(array): @@ -65,7 +65,7 @@ def BuildAuth(t, A, key): for i in range(0, l_a): tweak = _tweakAssociatedData(t, i, padded=False) - enc = LilliputTBCEnc(tweak, key, A[i]) + enc = tbc.encrypt(tweak, key, A[i]) Auth = XorState(Auth, enc) if not need_padding: @@ -73,7 +73,7 @@ def BuildAuth(t, A, key): tweak = _tweakAssociatedData(t, l_a, padded=True) ad_padded = Padding10LSB(A[l_a]) - enc = LilliputTBCEnc(tweak, key, ad_padded) + enc = tbc.encrypt(tweak, key, ad_padded) Auth = XorState(Auth, enc) return Auth diff --git a/python/lilliput_ae_1.py b/python/lilliput_ae_1.py index 5cc263b..8064871 100644 --- a/python/lilliput_ae_1.py +++ b/python/lilliput_ae_1.py @@ -4,7 +4,6 @@ from enum import Enum -import lilliput_tbc as ltbc from constants import BLOCK_BYTES, NONCE_BYTES from helpers import ( ArrayToBlockbytesMatrix, @@ -14,6 +13,7 @@ from helpers import ( TagValidationError, XorState ) +import tbc TWEAK_BITS = 192 @@ -78,22 +78,22 @@ def TreatMessageEnc(M, N, key): for j in range(0, l): checksum = XorState(checksum, M[j]) tweak = TweakMessage(N, j, _MessageTweak.BLOCK) - C.append(ltbc.LilliputTBCEnc(tweak, key, M[j])) + C.append(tbc.encrypt(tweak, key, M[j])) if padding_bytes == 0: tweak = TweakMessage(N, l, _MessageTweak.NO_PADDING) - Final = ltbc.LilliputTBCEnc(tweak, key, checksum) + Final = tbc.encrypt(tweak, key, checksum) else: m_padded = Padding10LSB(M[l]) checksum = XorState(checksum, m_padded) tweak = TweakMessage(N, l, _MessageTweak.PAD) - pad = ltbc.LilliputTBCEnc(tweak, key, [0 for byte in range(0, BLOCK_BYTES)]) + pad = tbc.encrypt(tweak, key, [0 for byte in range(0, BLOCK_BYTES)]) lower_part = LowPart(pad, padding_bytes*8) C.append(XorState(M[l], lower_part)) tweak_final = TweakMessage(N, l+1, _MessageTweak.FINAL) - Final = ltbc.LilliputTBCEnc(tweak_final, key, checksum) + Final = tbc.encrypt(tweak_final, key, checksum) return (Final, C) @@ -109,23 +109,23 @@ def TreatMessageDec(C, N, key): for j in range(0, l): tweak = TweakMessage(N, j, _MessageTweak.BLOCK) - M.append(ltbc.LilliputTBCDec(tweak, key, C[j])) + M.append(tbc.decrypt(tweak, key, C[j])) checksum = XorState(checksum, M[j]) if padding_bytes == 0: tweak = TweakMessage(N, l, _MessageTweak.NO_PADDING) - Final = ltbc.LilliputTBCEnc(tweak, key, checksum) + Final = tbc.encrypt(tweak, key, checksum) else: tweak = TweakMessage(N, l, _MessageTweak.PAD) - pad = ltbc.LilliputTBCEnc(tweak, key, [0 for byte in range(0, BLOCK_BYTES)]) + pad = tbc.encrypt(tweak, key, [0 for byte in range(0, BLOCK_BYTES)]) lower_part = LowPart(pad, padding_bytes*8) M.append(XorState(C[l], lower_part)) m_padded = Padding10LSB(M[l]) checksum = XorState(checksum, m_padded) tweak_final = TweakMessage(N, l+1, _MessageTweak.FINAL) - Final = ltbc.LilliputTBCEnc(tweak_final, key, checksum) + Final = tbc.encrypt(tweak_final, key, checksum) return (Final, M) diff --git a/python/lilliput_ae_2.py b/python/lilliput_ae_2.py index 2e7843b..3c0aa2a 100644 --- a/python/lilliput_ae_2.py +++ b/python/lilliput_ae_2.py @@ -2,7 +2,6 @@ SCT 2 for lilliput ae 2 """ -import lilliput_tbc as ltbc from constants import BLOCK_BYTES from helpers import ( ArrayToBlockbytesMatrix, @@ -12,6 +11,7 @@ from helpers import ( TagValidationError, XorState ) +import tbc TWEAK_BITS = 128 @@ -62,17 +62,17 @@ def MesssageAuthTag(M, N, Auth, key): for j in range(0, l): tweak = TweakTag(j, False) - encryption = ltbc.LilliputTBCEnc(tweak, key, M[j]) + encryption = tbc.encrypt(tweak, key, M[j]) tag = XorState(tag, encryption) if need_padding: tweak = TweakTag(l, True) m_padded = Padding10LSB(M[l]) - encryption = ltbc.LilliputTBCEnc(tweak, key, m_padded) + encryption = tbc.encrypt(tweak, key, m_padded) tag = XorState(tag, encryption) tweak = TweakTagEnd(N) - encryption = ltbc.LilliputTBCEnc(tweak, key, tag) + encryption = tbc.encrypt(tweak, key, tag) tag = encryption return tag @@ -88,13 +88,13 @@ def MessageEncryption(M, N, tag, key): for j in range(0, l): tweak = AddTagJ(tag, j) padded_nonce = list(N) + [0x00] - encryption = ltbc.LilliputTBCEnc(tweak, key, padded_nonce) + encryption = tbc.encrypt(tweak, key, padded_nonce) C.append(XorState(M[j], encryption)) if need_padding: tweak = AddTagJ(tag, l) padded_nonce = list(N) + [0x00] - encryption = ltbc.LilliputTBCEnc(tweak, key, padded_nonce) + encryption = tbc.encrypt(tweak, key, padded_nonce) C.append(XorState(M[l], encryption)) return C diff --git a/python/lilliput_tbc.py b/python/lilliput_tbc.py deleted file mode 100644 index 9dc7df2..0000000 --- a/python/lilliput_tbc.py +++ /dev/null @@ -1,178 +0,0 @@ -""" - Lilliput TBC -""" -from constants import BLOCK_BYTES, Sbox -from multiplications import ALPHAS - - -permutation = [14, 11, 12, 10, 8, 9, 13, 15, 3, 1, 4, 5, 6, 0, 2, 7] -permutationInv = [13, 9, 14, 8, 10, 11, 12, 15, 4, 5, 3, 1, 2, 6 ,0 ,7] - -################################################################################ - -def BuildTweakey(tweak, key): - return tweak+key - -############################# - -def _lane(TK, j): - return TK[j*8:(j+1)*8] - -def RoundTweakeySchedule(tweakey): - p = len(tweakey)//8 - - multiplied_lanes = ( - ALPHAS[j](_lane(tweakey, j)) for j in range(p) - ) - - return [byte for lane in multiplied_lanes for byte in lane] - - -def SubTweakeyExtract(tweakey, Ci): - RTKi = [0]*8 - - for j, byte in enumerate(tweakey): - RTKi[j%8] ^= byte - - RTKi[0] ^= Ci - - return RTKi - - -def TweakeyScheduleWhole(tweakey, r): - # store main tweakey in TKs[0] - # and corresponding round tweakey in RTKs[0] - TKs = [tweakey] - RTKs = [SubTweakeyExtract(TKs[0], 0)] - - for i in range(1, r): - TKs.append(RoundTweakeySchedule(TKs[i-1])) - RTKs.append(SubTweakeyExtract(TKs[i], i)) - - return RTKs - - -################################################################################ - -def NonLinearLayer(state, subtweakey): - - variables_xored = [0 for byte in range(0, 8)] - for byte in range(0,8): - variables_xored[byte] = state[byte] ^ subtweakey[byte] - - variables_sboxed = [0 for byte in range(0, 8)] - for byte in range(0, 8): - variables_sboxed[byte] = Sbox[variables_xored[byte]] - - state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0,BLOCK_BYTES): - state_output[byte] = state[byte] - for byte in range(0, 8): - state_output[15 - byte] ^= variables_sboxed[byte] - - return state_output - - -def LinearLayer(state): - state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES): - state_output[byte] = state[byte] - - for byte in range(1, 8): - state_output[15] ^= state[byte] - - for byte in range(9, 15): - state_output[byte] ^= state[7] - - return state_output - - -def PermutationLayerEnc(state): - state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES): - state_output[byte] = state[permutation[byte]] - - return state_output - -def PermutationLayerDec(state): - state_output = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES): - state_output[byte] = state[permutationInv[byte]] - - return state_output - - -def OneRoundEGFNEnc(state, subtweakey): - state_non_linear = NonLinearLayer(state, subtweakey) - state_linear = LinearLayer(state_non_linear) - state_permutation = PermutationLayerEnc(state_linear) - - return state_permutation - -def LastRoundEGFN(state, subtweakey): - state_non_linear = NonLinearLayer(state, subtweakey) - state_linear = LinearLayer(state_non_linear) - - return state_linear - - -def OneRoundEGFNDec(state, subtweakey): - state_non_linear = NonLinearLayer(state, subtweakey) - state_linear = LinearLayer(state_non_linear) - state_permutation = PermutationLayerDec(state_linear) - - return state_permutation - - -def _rounds(key_bytes): - rounds = { - 128: 32, - 192: 36, - 256: 42 - } - return rounds[key_bytes*8] - - -################################################################################ -# Lilliput TBC - -def LilliputTBCEnc(tweak, key, message): - r = _rounds(len(key)) - - tweakey = BuildTweakey(tweak, key) - RTKs = TweakeyScheduleWhole(tweakey, r) - - state = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES): - state[byte] = message[byte] - - for i in range(0, r-1): - state_output = OneRoundEGFNEnc(state, RTKs[i]) - - for byte in range(0, BLOCK_BYTES): - state[byte] = state_output[byte] - - state_output = LastRoundEGFN(state, RTKs[r-1]) - - return state_output - - -def LilliputTBCDec(tweak, key, cipher): - r = _rounds(len(key)) - - tweakey = BuildTweakey(tweak, key) - RTKs = TweakeyScheduleWhole(tweakey, r) - - state = [0 for byte in range(0, BLOCK_BYTES)] - for byte in range(0, BLOCK_BYTES): - state[byte] = cipher[byte] - - for i in range(0, r-1): - state_output = OneRoundEGFNDec(state, RTKs[r-i-1]) - - for byte in range(0, BLOCK_BYTES): - state[byte] = state_output[byte] - - state_output = LastRoundEGFN(state, RTKs[0]) - - return state_output diff --git a/python/tbc.py b/python/tbc.py new file mode 100644 index 0000000..ca51649 --- /dev/null +++ b/python/tbc.py @@ -0,0 +1,178 @@ +""" + Lilliput TBC +""" +from constants import BLOCK_BYTES, Sbox +from multiplications import ALPHAS + + +permutation = [14, 11, 12, 10, 8, 9, 13, 15, 3, 1, 4, 5, 6, 0, 2, 7] +permutationInv = [13, 9, 14, 8, 10, 11, 12, 15, 4, 5, 3, 1, 2, 6 ,0 ,7] + +################################################################################ + +def BuildTweakey(tweak, key): + return tweak+key + +############################# + +def _lane(TK, j): + return TK[j*8:(j+1)*8] + +def RoundTweakeySchedule(tweakey): + p = len(tweakey)//8 + + multiplied_lanes = ( + ALPHAS[j](_lane(tweakey, j)) for j in range(p) + ) + + return [byte for lane in multiplied_lanes for byte in lane] + + +def SubTweakeyExtract(tweakey, Ci): + RTKi = [0]*8 + + for j, byte in enumerate(tweakey): + RTKi[j%8] ^= byte + + RTKi[0] ^= Ci + + return RTKi + + +def TweakeyScheduleWhole(tweakey, r): + # store main tweakey in TKs[0] + # and corresponding round tweakey in RTKs[0] + TKs = [tweakey] + RTKs = [SubTweakeyExtract(TKs[0], 0)] + + for i in range(1, r): + TKs.append(RoundTweakeySchedule(TKs[i-1])) + RTKs.append(SubTweakeyExtract(TKs[i], i)) + + return RTKs + + +################################################################################ + +def NonLinearLayer(state, subtweakey): + + variables_xored = [0 for byte in range(0, 8)] + for byte in range(0,8): + variables_xored[byte] = state[byte] ^ subtweakey[byte] + + variables_sboxed = [0 for byte in range(0, 8)] + for byte in range(0, 8): + variables_sboxed[byte] = Sbox[variables_xored[byte]] + + state_output = [0 for byte in range(0, BLOCK_BYTES)] + for byte in range(0,BLOCK_BYTES): + state_output[byte] = state[byte] + for byte in range(0, 8): + state_output[15 - byte] ^= variables_sboxed[byte] + + return state_output + + +def LinearLayer(state): + state_output = [0 for byte in range(0, BLOCK_BYTES)] + for byte in range(0, BLOCK_BYTES): + state_output[byte] = state[byte] + + for byte in range(1, 8): + state_output[15] ^= state[byte] + + for byte in range(9, 15): + state_output[byte] ^= state[7] + + return state_output + + +def PermutationLayerEnc(state): + state_output = [0 for byte in range(0, BLOCK_BYTES)] + for byte in range(0, BLOCK_BYTES): + state_output[byte] = state[permutation[byte]] + + return state_output + +def PermutationLayerDec(state): + state_output = [0 for byte in range(0, BLOCK_BYTES)] + for byte in range(0, BLOCK_BYTES): + state_output[byte] = state[permutationInv[byte]] + + return state_output + + +def OneRoundEGFNEnc(state, subtweakey): + state_non_linear = NonLinearLayer(state, subtweakey) + state_linear = LinearLayer(state_non_linear) + state_permutation = PermutationLayerEnc(state_linear) + + return state_permutation + +def LastRoundEGFN(state, subtweakey): + state_non_linear = NonLinearLayer(state, subtweakey) + state_linear = LinearLayer(state_non_linear) + + return state_linear + + +def OneRoundEGFNDec(state, subtweakey): + state_non_linear = NonLinearLayer(state, subtweakey) + state_linear = LinearLayer(state_non_linear) + state_permutation = PermutationLayerDec(state_linear) + + return state_permutation + + +def _rounds(key_bytes): + rounds = { + 128: 32, + 192: 36, + 256: 42 + } + return rounds[key_bytes*8] + + +################################################################################ +# Lilliput TBC + +def encrypt(tweak, key, message): + r = _rounds(len(key)) + + tweakey = BuildTweakey(tweak, key) + RTKs = TweakeyScheduleWhole(tweakey, r) + + state = [0 for byte in range(0, BLOCK_BYTES)] + for byte in range(0, BLOCK_BYTES): + state[byte] = message[byte] + + for i in range(0, r-1): + state_output = OneRoundEGFNEnc(state, RTKs[i]) + + for byte in range(0, BLOCK_BYTES): + state[byte] = state_output[byte] + + state_output = LastRoundEGFN(state, RTKs[r-1]) + + return state_output + + +def decrypt(tweak, key, cipher): + r = _rounds(len(key)) + + tweakey = BuildTweakey(tweak, key) + RTKs = TweakeyScheduleWhole(tweakey, r) + + state = [0 for byte in range(0, BLOCK_BYTES)] + for byte in range(0, BLOCK_BYTES): + state[byte] = cipher[byte] + + for i in range(0, r-1): + state_output = OneRoundEGFNDec(state, RTKs[r-i-1]) + + for byte in range(0, BLOCK_BYTES): + state[byte] = state_output[byte] + + state_output = LastRoundEGFN(state, RTKs[0]) + + return state_output -- cgit v1.2.3