From 676fa9dd9590cf7056908b4c095dc5f437d59530 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Tue, 2 Jul 2019 17:39:18 +0200 Subject: Mise à jour temporaire de l'implémentation Python MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/add_python/lilliput/multiplications.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/add_python') diff --git a/src/add_python/lilliput/multiplications.py b/src/add_python/lilliput/multiplications.py index a5faa55..65c75ab 100644 --- a/src/add_python/lilliput/multiplications.py +++ b/src/add_python/lilliput/multiplications.py @@ -135,7 +135,6 @@ def _multiplication(m, reverse=True): ALPHAS = ( - list, # Identity. _multiplication(M), _multiplication(M2), _multiplication(M3), @@ -143,3 +142,5 @@ ALPHAS = ( _multiplication(MR2, reverse=False), _multiplication(MR3, reverse=False) ) + +ALPHAS = ALPHAS[:3] + (lambda x: ALPHAS[1](ALPHAS[1](x)),) + ALPHAS[3:] -- cgit v1.2.3 From d80664df1e12e4fa1bcf6d57e2f3665c8d750fd8 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Wed, 3 Jul 2019 14:22:22 +0200 Subject: Implémentation de M⁴ à l'aide de sa matrice MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/add_python/lilliput/multiplications.py | 42 +++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 10 deletions(-) (limited to 'src/add_python') diff --git a/src/add_python/lilliput/multiplications.py b/src/add_python/lilliput/multiplications.py index 65c75ab..09eaa08 100644 --- a/src/add_python/lilliput/multiplications.py +++ b/src/add_python/lilliput/multiplications.py @@ -23,8 +23,11 @@ from functools import reduce from operator import xor +def _shl(xi, n): + return (xi << n) & 0xff + def _Sl(n): - return lambda xi: (xi<>n @@ -36,16 +39,25 @@ def _0(xi): return 0 def _M1(xi): - return (xi<<3 ^ xi>>3) & 0xff + return _shl(xi, 3) ^ xi>>3 def _M2(xi): - return (xi<<6 ^ (xi&0b11111000) ^ xi>>6) & 0xff + return _shl(xi, 6) ^ xi&0b11111000 ^ xi>>6 def _M3(xi): - return xi & 0b00011111 + return _shl(xi>>3, 6) ^ xi>>6<<3 def _M4(xi): - return ((xi<<2) & 0xff) >> 3 + return _shl(xi, 2) >> 3 + +def _M5(xi): + return _shl(xi, 5) ^ xi>>3<<2 + +def _M6(xi): + return xi & 0b00011111 + +def _M7(xi): + return _shl(xi, 2) >> 3 M = ( @@ -81,6 +93,17 @@ M3 = ( ( _0, _0, _Id, _0, _0, _0, _0, _0), ) +M4 = ( + ( _0, _0, _Sl(6), _M1, _Id, _0, _0, _0), + ( _0, _0, _0, _M2, _M1, _Id, _0, _0), + ( _0, _Sl(2), _0, _M3, _M2, _M1, _Id, _0), + ( _0, _M4, _Sl(2), _0, _0, _Sr(6), _Sr(3), _Id), + (_Id, _0, _Sl(5), _Sl(2), _0, _0, _0, _0), + ( _0, _Id, _0, _M5, _Sl(2), _0, _0, _0), + ( _0, _0, _Id, _0, _0, _0, _0, _0), + ( _0, _0, _Sl(3), _Id, _0, _0, _0, _0), +) + # NB: shift directions are reversed with respect to the specification # for powers of M_R, since the specification reverses the byte order # for those matrices. @@ -99,7 +122,7 @@ MR = ( MR2 = ( ( _0, _0, _Id, _0, _0, _0, _0, _0), ( _0, _0, _0, _Id, _Sr(3), _0, _0, _0), - ( _0, _0, _0, _0, _Id, _Sr(3), _M3, _0), + ( _0, _0, _0, _0, _Id, _Sr(3), _M6, _0), ( _0, _0, _0, _0, _0, _Id, _Sl(3), _0), ( _0, _0, _0, _Sl(2), _0, _0, _Id, _Sl(3)), ( _0, _0, _0, _0, _Sl(2), _0, _0, _Id), @@ -109,8 +132,8 @@ MR2 = ( MR3 = ( ( _0, _0, _0, _Id, _Sr(3), _0, _0, _0), - ( _0, _0, _0, _0, _Id, _Sr(3), _M3, _0), - ( _0, _0, _0, _M4, _0, _Id, _M1, _M3), + ( _0, _0, _0, _0, _Id, _Sr(3), _M6, _0), + ( _0, _0, _0, _M7, _0, _Id, _M1, _M6), ( _0, _0, _0, _Sl(2), _0, _0, _Id, _Sl(3)), (_Sl(3), _0, _0, _0, _Sl(2), _0, _0, _Id), ( _Id, _0, _0, _0, _0, _Sl(2), _Sl(5), _0), @@ -138,9 +161,8 @@ ALPHAS = ( _multiplication(M), _multiplication(M2), _multiplication(M3), + _multiplication(M4), _multiplication(MR, reverse=False), _multiplication(MR2, reverse=False), _multiplication(MR3, reverse=False) ) - -ALPHAS = ALPHAS[:3] + (lambda x: ALPHAS[1](ALPHAS[1](x)),) + ALPHAS[3:] -- cgit v1.2.3 From a8da992171ac09ccca931f9909f5b199042b2ea8 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Fri, 14 Jun 2019 09:08:43 +0200 Subject: Adaptation de l'implémentation Python MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/add_python/lilliput/ae_common.py | 10 +++++----- src/add_python/lilliput/ae_mode_1.py | 25 ++++++++++++------------- src/add_python/lilliput/ae_mode_2.py | 32 +++++++++++++++++--------------- 3 files changed, 34 insertions(+), 33 deletions(-) (limited to 'src/add_python') diff --git a/src/add_python/lilliput/ae_common.py b/src/add_python/lilliput/ae_common.py index b94be1b..db14ec3 100644 --- a/src/add_python/lilliput/ae_common.py +++ b/src/add_python/lilliput/ae_common.py @@ -15,7 +15,7 @@ """Helper functions used in both Lilliput-I and Lilliput-II.""" -from .constants import BLOCK_BITS, BLOCK_BYTES +from .constants import BLOCK_BYTES from .helpers import xor from . import tbc @@ -48,11 +48,11 @@ def block_matrix_to_bytes(matrix): def pad10(X): zeroes = [0] * (BLOCK_BYTES-len(X)-1) - return zeroes + [0b10000000] + X + return X + [0b10000000] + zeroes def integer_to_byte_array(i, n): - return list(i.to_bytes(n, 'little')) + return list(i.to_bytes(n, 'big')) def _tweak_associated_data(t, i, padded): @@ -61,8 +61,8 @@ def _tweak_associated_data(t, i, padded): prefix = 0b0110 if padded else 0b0010 # Clear upper 4 bits and set them to prefix. - tweak[-1] &= 0b00001111 - tweak[-1] = prefix << 4 + tweak[0] &= 0b00001111 + tweak[0] |= prefix << 4 return tweak diff --git a/src/add_python/lilliput/ae_mode_1.py b/src/add_python/lilliput/ae_mode_1.py index 4a40b78..197bf37 100644 --- a/src/add_python/lilliput/ae_mode_1.py +++ b/src/add_python/lilliput/ae_mode_1.py @@ -52,27 +52,26 @@ def _lower_nibble(i): return i & 0b00001111 -def _byte_from_nibbles(lower, upper): - return upper<<4 | lower +def _byte(high, low): + return high<<4 ^ low def _tweak_message(N, j, prefix): - # j is encoded on 68 bits; get 72 and clear the upper 4. - j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1 - tweak = integer_to_byte_array(j, j_len) - tweak[-1] &= 0b00001111 + tweak = [_byte(prefix.value, _upper_nibble(N[0]))] - # Add nonce. - tweak[-1] |= _lower_nibble(N[0]) << 4 tweak.extend( - _byte_from_nibbles(_upper_nibble(N[i-1]), _lower_nibble(N[i])) + _byte(_lower_nibble(N[i-1]), _upper_nibble(N[i])) for i in range(1, NONCE_BITS//8) ) - # Add last nibble from nonce and prefix. - tweak.append( - _byte_from_nibbles(_upper_nibble(N[-1]), prefix.value) - ) + # j is encoded on 68 bits; get 72 then set the upper 4 to the + # nonce's lower 4. + j_len = (TWEAK_BITS-NONCE_BITS-4)//8 + 1 + j_array = integer_to_byte_array(j, j_len) + j_array[0] &= 0b00001111 + j_array[0] |= _lower_nibble(N[-1]) << 4 + + tweak.extend(j_array) return tweak diff --git a/src/add_python/lilliput/ae_mode_2.py b/src/add_python/lilliput/ae_mode_2.py index 79d1bcd..a55ecb8 100644 --- a/src/add_python/lilliput/ae_mode_2.py +++ b/src/add_python/lilliput/ae_mode_2.py @@ -18,6 +18,8 @@ This module provides the functions for authenticated encryption and decryption using Lilliput-AE's nonce-misuse-resistant mode based on SCT-2. """ +from enum import Enum + from .constants import BLOCK_BYTES from .ae_common import ( bytes_to_block_matrix, @@ -35,22 +37,24 @@ TWEAK_BITS = 128 TWEAK_BYTES = TWEAK_BITS//8 -def _tweak_tag(j, padded): - tweak = integer_to_byte_array(j, TWEAK_BYTES) +class _TagTweak(Enum): + BLOCK = 0b0000 + PAD = 0b0100 - prefix = 0b0100 if padded else 0b0000 + +def _tweak_tag(j, prefix): + tweak = integer_to_byte_array(j, TWEAK_BYTES) # Clear upper 4 bits and set them to prefix. - tweak[-1] &= 0b00001111 - tweak[-1] = prefix << 4 + tweak[0] &= 0b00001111 + tweak[0] |= prefix.value << 4 return tweak def _add_tag_j(tag, j): - array_j = integer_to_byte_array(j, TWEAK_BYTES) - tweak = xor(tag, array_j) - tweak[-1] |= 0b10000000 + tweak = xor(tag, integer_to_byte_array(j, TWEAK_BYTES)) + tweak[0] |= 0b10000000 return tweak @@ -63,18 +67,16 @@ def _message_auth_tag(M, N, Auth, key): M = bytes_to_block_matrix(M) for j in range(0, l): - tweak = _tweak_tag(j, False) + tweak = _tweak_tag(j, _TagTweak.BLOCK) encryption = tbc.encrypt(tweak, key, M[j]) tag = xor(tag, encryption) if need_padding: - tweak = _tweak_tag(l, True) + tweak = _tweak_tag(l, _TagTweak.PAD) encryption = tbc.encrypt(tweak, key, pad10(M[l])) tag = xor(tag, encryption) - tweak = N + [0b00010000] - encryption = tbc.encrypt(tweak, key, tag) - tag = encryption + tag = tbc.encrypt([0b00010000]+N, key, tag) return tag @@ -88,12 +90,12 @@ def _message_encryption(M, N, tag, key): for j in range(0, l): tweak = _add_tag_j(tag, j) - encryption = tbc.encrypt(tweak, key, N+[0b00000000]) + encryption = tbc.encrypt(tweak, key, [0b00000000]+N) C.append(xor(M[j], encryption)) if need_padding: tweak = _add_tag_j(tag, l) - encryption = tbc.encrypt(tweak, key, N+[0b00000000]) + encryption = tbc.encrypt(tweak, key, [0b00000000]+N) C.append(xor(M[l], encryption)) return C -- cgit v1.2.3