From 4fefe35fd63842b827016acecfadae891d0da953 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Tue, 27 Nov 2018 10:37:56 +0100
Subject: Extraction du traitement des données authentifiées
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Commun à ΘCB3 et SCT-2.
---
 src/lilliput-ae-i.c | 64 ++---------------------------------------------------
 1 file changed, 2 insertions(+), 62 deletions(-)

(limited to 'src/lilliput-ae-i.c')

diff --git a/src/lilliput-ae-i.c b/src/lilliput-ae-i.c
index 5d1a630..b1758c9 100644
--- a/src/lilliput-ae-i.c
+++ b/src/lilliput-ae-i.c
@@ -13,33 +13,6 @@ static const uint8_t _0n[BLOCK_BYTES] = {
 };
 
 
-static void _fill_ad_tweak(
-    uint8_t  prefix,
-    uint64_t block_nb,
-    uint8_t  tweak[TWEAK_BYTES]
-)
-{
-    /* The 192-bit tweak is filled as follows:
-     *
-     * - bits   1-188: block number
-     *          1- 64: actual 64-bit block number
-     *         65-188: 0-padding
-     * - bits 189-192: constant 4-bit prefix
-     */
-
-    for (size_t i=0; i<sizeof(block_nb); i++)
-    {
-        uint64_t mask = (uint64_t)0xff << 8*i;
-        uint8_t b = (mask & block_nb) >> 8*i;
-
-        tweak[i] = b;
-    }
-
-    /* Assume padding bytes have already been memset to 0. */
-
-    tweak[TWEAK_BYTES-1] |= prefix << 4;
-}
-
 static void _fill_msg_tweak(
     uint8_t       prefix,
     const uint8_t N[NONCE_BYTES],
@@ -74,39 +47,6 @@ static void _fill_msg_tweak(
     tweak[TWEAK_BYTES-1] = prefix << 4 ^ upper_nibble(N[NONCE_BYTES-1]);
 }
 
-static void _process_associated_data(
-    const uint8_t key[KEY_BYTES],
-    size_t        A_len,
-    const uint8_t A[A_len],
-    uint8_t       Auth[BLOCK_BYTES]
-)
-{
-    uint8_t Ek_Ai[BLOCK_BYTES];
-    uint8_t tweak[TWEAK_BYTES];
-
-    memset(tweak, 0, TWEAK_BYTES);
-    memset(Auth, 0, BLOCK_BYTES);
-
-    size_t l_a = A_len / BLOCK_BYTES;
-    size_t rest = A_len % BLOCK_BYTES;
-
-    for (size_t i=0; i<l_a; i++)
-    {
-        _fill_ad_tweak(0x2, i, tweak);
-        encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai);
-        xor_into(Auth, Ek_Ai);
-    }
-
-    if (rest != 0)
-    {
-        uint8_t A_rest[BLOCK_BYTES];
-        pad10(rest, &A[l_a*BLOCK_BYTES], A_rest);
-        _fill_ad_tweak(0x6, l_a, tweak);
-        encrypt(key, tweak, A_rest, Ek_Ai);
-        xor_into(Auth, Ek_Ai);
-    }
-}
-
 static void _encrypt_message(
     const uint8_t key[KEY_BYTES],
     size_t        M_len,
@@ -223,7 +163,7 @@ void lilliput_ae_encrypt(
 )
 {
     uint8_t auth[BLOCK_BYTES];
-    _process_associated_data(key, auth_data_len, auth_data, auth);
+    process_associated_data(key, auth_data_len, auth_data, auth);
 
     uint8_t final[BLOCK_BYTES];
     _encrypt_message(key, message_len, message, nonce, ciphertext, final);
@@ -243,7 +183,7 @@ bool lilliput_ae_decrypt(
 )
 {
     uint8_t auth[BLOCK_BYTES];
-    _process_associated_data(key, auth_data_len, auth_data, auth);
+    process_associated_data(key, auth_data_len, auth_data, auth);
 
     uint8_t final[BLOCK_BYTES];
     _decrypt_message(key, ciphertext_len, ciphertext, nonce, message, final);
-- 
cgit v1.2.3