From e83abe9fdbab07e6df80443240d4d649303a3dd4 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Fri, 22 Mar 2019 16:41:34 +0100 Subject: [implem-python] Déplacement dans le dossier SOUMISSION_NIST MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Et ajout d'un métascript pour vérifier la conformité. Il ne reste plus qu'à… (bis) --- test/python.sh | 11 +++++++++ test/python/compare.sh | 17 ++++++++++++++ test/python/crypto_aead.py | 18 +++++++++++++++ test/python/generate-vectors.sh | 31 ++++++++++++++++++++++++++ test/python/genkat_aead.py | 49 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) create mode 100755 test/python.sh create mode 100755 test/python/compare.sh create mode 100644 test/python/crypto_aead.py create mode 100755 test/python/generate-vectors.sh create mode 100755 test/python/genkat_aead.py (limited to 'test') diff --git a/test/python.sh b/test/python.sh new file mode 100755 index 0000000..ea23caf --- /dev/null +++ b/test/python.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -eu + +TEST_DIR=$(dirname $0) +ROOT_DIR=${TEST_DIR}/.. + +make -C ${ROOT_DIR} nist + +./python/generate-vectors.sh +./python/compare.sh diff --git a/test/python/compare.sh b/test/python/compare.sh new file mode 100755 index 0000000..414eb1e --- /dev/null +++ b/test/python/compare.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +PYTHON_DIR=$(dirname $0) +ROOT_DIR=${PYTHON_DIR}/../../ +RESULTS_DIR=${ROOT_DIR}/results +CRYPTO_AEAD=${ROOT_DIR}/crypto_aead + +set -eu + +mkdir -p ${RESULTS_DIR}/crypto_aead_ref +for d in ${CRYPTO_AEAD}/lilliputaei* +do + mkdir -p ${RESULTS_DIR}/crypto_aead_ref/$(basename $d) + cp $d/LWC*.txt ${RESULTS_DIR}/crypto_aead_ref/$(basename $d)/ +done + +diff -ru ${RESULTS_DIR}/crypto_aead_ref ${RESULTS_DIR}/crypto_aead_py diff --git a/test/python/crypto_aead.py b/test/python/crypto_aead.py new file mode 100644 index 0000000..792369c --- /dev/null +++ b/test/python/crypto_aead.py @@ -0,0 +1,18 @@ +import lilliput +from lilliput.constants import NONCE_BYTES as NPUBBYTES, TAG_BYTES + +# Import KEYBYTES to expose it to genkat_aead. +# Import MODE to provide it to lilliput. +from parameters import KEYBYTES, MODE + + +def encrypt(m, ad, npub, k): + c, tag = lilliput.encrypt(m, ad, k, npub, MODE) + return c+tag + + +def decrypt(c, ad, npub, k): + clen = len(c)-TAG_BYTES + ctext = c[:clen] + tag = c[clen:] + return lilliput.decrypt(ctext, tag, ad, k, npub, MODE) diff --git a/test/python/generate-vectors.sh b/test/python/generate-vectors.sh new file mode 100755 index 0000000..e328c67 --- /dev/null +++ b/test/python/generate-vectors.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -eu + +PYTHON_DIR=$(dirname $0) +ROOT_DIR=${PYTHON_DIR}/../../ +SRC_DIR=${ROOT_DIR}/src/add_python +RESULTS_DIR=${ROOT_DIR}/results +CRYPTO_AEAD=${RESULTS_DIR}/crypto_aead_py + +mkdir -p ${CRYPTO_AEAD}/lilliputae{i,ii}{128,192,256}v1 + +declare -A names=([1]=lilliputaei [2]=lilliputaeii) + +for mode in 1 2 +do + for keylen in 128 192 256 + do + echo generating for ${mode} ${keylen} + + cat < ${RESULTS_DIR}/parameters.py +MODE = ${mode} +KEYBYTES = $((keylen/8)) +EOF + + PYTHONPATH=${RESULTS_DIR}:${SRC_DIR} ${PYTHON_DIR}/genkat_aead.py + + dest=${CRYPTO_AEAD}/${names[${mode}]}${keylen}v1 + mv LWC_AEAD_KAT_${keylen}_120.txt ${dest} + done +done diff --git a/test/python/genkat_aead.py b/test/python/genkat_aead.py new file mode 100755 index 0000000..01bed6f --- /dev/null +++ b/test/python/genkat_aead.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 + +import crypto_aead + + +MAX_MESSAGE_LENGTH = 32 +MAX_ADATA_LENGTH = 32 + + +def print_bstr(output, label, buf): + print('{l} = {b}'.format(l=label, b=buf.hex().upper()), file=output) + + +def generate_test_vectors(): + output_path = 'LWC_AEAD_KAT_{key}_{npub}.txt'.format( + key=crypto_aead.KEYBYTES*8, npub=crypto_aead.NPUBBYTES*8 + ) + + npub = bytes(range(crypto_aead.NPUBBYTES)) + key = bytes(range(crypto_aead.KEYBYTES)) + + with open(output_path, 'w') as output: + + count = 1 + for mlen in range(MAX_MESSAGE_LENGTH+1): + for adlen in range(MAX_ADATA_LENGTH+1): + print('Count = {c}'.format(c=count), file=output) + + msg = bytes(range(mlen)) + ad = bytes(range(adlen)) + + print_bstr(output, 'Key', key) + print_bstr(output, 'Nonce', npub) + print_bstr(output, 'PT', msg) + print_bstr(output, 'AD', ad) + + ct = crypto_aead.encrypt(msg, ad, npub, key) + + print_bstr(output, 'CT', ct) + + crypto_aead.decrypt(ct, ad, npub, key) + + count += 1 + + print(file=output) + + +if __name__ == '__main__': + generate_test_vectors() -- cgit v1.2.3 From c0d7ffb343d38a301773ea49975de6c54c91e264 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Sat, 23 Mar 2019 19:31:06 +0100 Subject: [implem-python] Intégration à la soumission (suite et fin) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit En plus du paquet Python "lilliput", chaque dossier embarque - un script "genkat_aead.py" qui génère les vecteurs de test via l'API du module "crypto_aead", - un module "crypto_aead" servant de point d'entrée générique, - un module "parameters", qui permet à crypto_aead d'instancier Lilliput-AE avec le bon mode et la bonne taille de clé. Livraison dans ./crypto_aead sans se soucier de l'arborescence du dépôt, par homogénéité avec make-package.sh. Quelques ajustement dans genkat_aead.py pour que le lien avec genkat_aead.c soit plus évident. --- nist/package-python.sh | 7 +++++-- test/python/genkat_aead.py | 24 ++++++++++++++++-------- 2 files changed, 21 insertions(+), 10 deletions(-) (limited to 'test') diff --git a/nist/package-python.sh b/nist/package-python.sh index 4813dc7..88c4ef1 100755 --- a/nist/package-python.sh +++ b/nist/package-python.sh @@ -5,7 +5,7 @@ set -eu NIST_DIR=$(dirname $0) ROOT=${NIST_DIR}/.. ADD_PYTHON=${ROOT}/src/add_python -CRYPTO_AEAD=${ROOT}/crypto_aead +PYTHON_RESOURCES=${ROOT}/test/python/ add-variant () @@ -15,7 +15,7 @@ add-variant () local -A names=([1]=lilliputaei [2]=lilliputaeii) - variant_dir=${CRYPTO_AEAD}/${names[${mode}]}${keylen}v1 + variant_dir=crypto_aead/${names[${mode}]}${keylen}v1 cp -r ${ADD_PYTHON} ${variant_dir} @@ -23,6 +23,9 @@ add-variant () MODE = ${mode} KEYBYTES = $((keylen/8)) EOF + + cp ${PYTHON_RESOURCES}/{crypto_aead.py,genkat_aead.py} \ + ${variant_dir}/add_python } diff --git a/test/python/genkat_aead.py b/test/python/genkat_aead.py index 01bed6f..5e953c4 100755 --- a/test/python/genkat_aead.py +++ b/test/python/genkat_aead.py @@ -3,8 +3,13 @@ import crypto_aead +class DecryptionError(Exception): + def __init__(self): + super().__init__('crypto_aead_decrypt did not recover the plaintext') + + MAX_MESSAGE_LENGTH = 32 -MAX_ADATA_LENGTH = 32 +MAX_ASSOCIATED_DATA_LENGTH = 32 def print_bstr(output, label, buf): @@ -12,23 +17,25 @@ def print_bstr(output, label, buf): def generate_test_vectors(): - output_path = 'LWC_AEAD_KAT_{key}_{npub}.txt'.format( + count = 1 + filename = 'LWC_AEAD_KAT_{key}_{npub}.txt'.format( key=crypto_aead.KEYBYTES*8, npub=crypto_aead.NPUBBYTES*8 ) npub = bytes(range(crypto_aead.NPUBBYTES)) key = bytes(range(crypto_aead.KEYBYTES)) - with open(output_path, 'w') as output: + with open(filename, 'w') as output: - count = 1 for mlen in range(MAX_MESSAGE_LENGTH+1): - for adlen in range(MAX_ADATA_LENGTH+1): - print('Count = {c}'.format(c=count), file=output) + for adlen in range(MAX_ASSOCIATED_DATA_LENGTH+1): msg = bytes(range(mlen)) ad = bytes(range(adlen)) + print('Count = {c}'.format(c=count), file=output) + count += 1 + print_bstr(output, 'Key', key) print_bstr(output, 'Nonce', npub) print_bstr(output, 'PT', msg) @@ -38,9 +45,10 @@ def generate_test_vectors(): print_bstr(output, 'CT', ct) - crypto_aead.decrypt(ct, ad, npub, key) + msg2 = crypto_aead.decrypt(ct, ad, npub, key) - count += 1 + if msg != msg2: + raise DecryptionError() print(file=output) -- cgit v1.2.3 From ec43894288a070a04e5ba837602c5eec38f332f2 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Sat, 23 Mar 2019 23:30:57 +0100 Subject: [implem-python] Accélération du test d'implémentation Python MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Idéalement, il faudrait rajouter les bonnes dépendances dans le Makefile… --- test/python.sh | 5 ----- 1 file changed, 5 deletions(-) (limited to 'test') diff --git a/test/python.sh b/test/python.sh index ea23caf..720daaa 100755 --- a/test/python.sh +++ b/test/python.sh @@ -2,10 +2,5 @@ set -eu -TEST_DIR=$(dirname $0) -ROOT_DIR=${TEST_DIR}/.. - -make -C ${ROOT_DIR} nist - ./python/generate-vectors.sh ./python/compare.sh -- cgit v1.2.3 From fad848887249da22a83e4f35dab3d80f8c590d4d Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Sun, 24 Mar 2019 14:15:56 +0100 Subject: [implem-python] Ajustement du script de test Python MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit De sorte à ce qu'on puisse le lancer depuis n'importe quel dossier. --- test/python.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/python.sh b/test/python.sh index 720daaa..df4ce01 100755 --- a/test/python.sh +++ b/test/python.sh @@ -2,5 +2,7 @@ set -eu -./python/generate-vectors.sh -./python/compare.sh +TEST_DIR=$(dirname $0) + +${TEST_DIR}/python/generate-vectors.sh +${TEST_DIR}/python/compare.sh -- cgit v1.2.3 From 97db0c6e5dc3576cdcca339acf3bb33b698dccd0 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Sun, 24 Mar 2019 16:48:46 +0100 Subject: [implem-python] Génération des vecteurs dans une fonction MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pour que ce soit plus simple de remplacer la boucle par generate 2 128 generate 1 256 … ce qui prend 6 minutes au lieu de 20 sur ma machine \o/ --- test/python/generate-vectors.sh | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'test') diff --git a/test/python/generate-vectors.sh b/test/python/generate-vectors.sh index e328c67..d37f15f 100755 --- a/test/python/generate-vectors.sh +++ b/test/python/generate-vectors.sh @@ -10,22 +10,32 @@ CRYPTO_AEAD=${RESULTS_DIR}/crypto_aead_py mkdir -p ${CRYPTO_AEAD}/lilliputae{i,ii}{128,192,256}v1 -declare -A names=([1]=lilliputaei [2]=lilliputaeii) +declare -A NAMES=([1]=lilliputaei [2]=lilliputaeii) -for mode in 1 2 -do - for keylen in 128 192 256 - do - echo generating for ${mode} ${keylen} - cat < ${RESULTS_DIR}/parameters.py +generate () +{ + local mode=$1 + local keylen=$2 + + echo generating for ${mode} ${keylen} + + cat < ${RESULTS_DIR}/parameters.py MODE = ${mode} KEYBYTES = $((keylen/8)) EOF - PYTHONPATH=${RESULTS_DIR}:${SRC_DIR} ${PYTHON_DIR}/genkat_aead.py + PYTHONPATH=${RESULTS_DIR}:${SRC_DIR} ${PYTHON_DIR}/genkat_aead.py - dest=${CRYPTO_AEAD}/${names[${mode}]}${keylen}v1 - mv LWC_AEAD_KAT_${keylen}_120.txt ${dest} + dest=${CRYPTO_AEAD}/${NAMES[${mode}]}${keylen}v1 + mv LWC_AEAD_KAT_${keylen}_120.txt ${dest} +} + + +for mode in 1 2 +do + for keylen in 128 192 256 + do + generate ${mode} ${keylen} done done -- cgit v1.2.3 From 07af965f2687105324e0142270a9e194a5ae6af5 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Mon, 25 Mar 2019 08:38:01 +0100 Subject: [implem-python] Ajout des entêtes manquants MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/add_python/lilliput/ae_common.py | 17 +++++++++++++++ src/add_python/lilliput/helpers.py | 17 +++++++++++++++ src/add_python/lilliput/multiplications.py | 19 +++++++++++++++++ test/python/crypto_aead.py | 33 +++++++++++++++++++++++------- test/python/genkat_aead.py | 17 ++++++++++++++- 5 files changed, 95 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/src/add_python/lilliput/ae_common.py b/src/add_python/lilliput/ae_common.py index 033b5b0..83db056 100644 --- a/src/add_python/lilliput/ae_common.py +++ b/src/add_python/lilliput/ae_common.py @@ -1,3 +1,20 @@ +# Implementation of the Lilliput-AE tweakable block cipher. +# +# Authors, hereby denoted as "the implementer": +# Kévin Le Gouguec, +# Léo Reynaud +# 2019. +# +# For more information, feedback or questions, refer to our website: +# https://paclido.fr/lilliput-ae +# +# To the extent possible under law, the implementer has waived all copyright +# and related or neighboring rights to the source code in this file. +# http://creativecommons.org/publicdomain/zero/1.0/ + +"""Helper functions used in both Lilliput-I and Lilliput-II.""" + + from .constants import BLOCK_BITS, BLOCK_BYTES from .helpers import xor from . import tbc diff --git a/src/add_python/lilliput/helpers.py b/src/add_python/lilliput/helpers.py index 048aac7..41f75a6 100644 --- a/src/add_python/lilliput/helpers.py +++ b/src/add_python/lilliput/helpers.py @@ -1,2 +1,19 @@ +# Implementation of the Lilliput-AE tweakable block cipher. +# +# Authors, hereby denoted as "the implementer": +# Kévin Le Gouguec, +# Léo Reynaud +# 2019. +# +# For more information, feedback or questions, refer to our website: +# https://paclido.fr/lilliput-ae +# +# To the extent possible under law, the implementer has waived all copyright +# and related or neighboring rights to the source code in this file. +# http://creativecommons.org/publicdomain/zero/1.0/ + +"""Helper functions used in Lilliput-AE.""" + + def xor(array1, array2): return [a1^a2 for (a1, a2) in zip(array1, array2)] diff --git a/src/add_python/lilliput/multiplications.py b/src/add_python/lilliput/multiplications.py index dfdc3cb..2dea948 100644 --- a/src/add_python/lilliput/multiplications.py +++ b/src/add_python/lilliput/multiplications.py @@ -1,3 +1,22 @@ +# Implementation of the Lilliput-AE tweakable block cipher. +# +# Authors, hereby denoted as "the implementer": +# Kévin Le Gouguec, +# Léo Reynaud +# 2019. +# +# For more information, feedback or questions, refer to our website: +# https://paclido.fr/lilliput-ae +# +# To the extent possible under law, the implementer has waived all copyright +# and related or neighboring rights to the source code in this file. +# http://creativecommons.org/publicdomain/zero/1.0/ + +"""Multiplications for Lilliput-TBC's tweakey schedule. + +This module provides a list of functions implementing lane multiplications, +from ALPHAS[0] = α₀ = I to ALPHAS[6] = α₆ = M_R³. +""" def _multiply_M(lane): diff --git a/test/python/crypto_aead.py b/test/python/crypto_aead.py index 792369c..6a9b328 100644 --- a/test/python/crypto_aead.py +++ b/test/python/crypto_aead.py @@ -1,9 +1,29 @@ +# Implementation of the Lilliput-AE tweakable block cipher. +# +# Authors, hereby denoted as "the implementer": +# Kévin Le Gouguec, +# 2019. +# +# For more information, feedback or questions, refer to our website: +# https://paclido.fr/lilliput-ae +# +# To the extent possible under law, the implementer has waived all copyright +# and related or neighboring rights to the source code in this file. +# http://creativecommons.org/publicdomain/zero/1.0/ + +"""Python port of the crypto_aead API for Lilliput-AE.""" + import lilliput -from lilliput.constants import NONCE_BYTES as NPUBBYTES, TAG_BYTES -# Import KEYBYTES to expose it to genkat_aead. -# Import MODE to provide it to lilliput. -from parameters import KEYBYTES, MODE +from lilliput.constants import ( + NONCE_BYTES as NPUBBYTES, # Expose to genkat_aead. + TAG_BYTES +) + +from parameters import ( + KEYBYTES, # Expose to genkat_aead. + MODE +) def encrypt(m, ad, npub, k): @@ -12,7 +32,6 @@ def encrypt(m, ad, npub, k): def decrypt(c, ad, npub, k): - clen = len(c)-TAG_BYTES - ctext = c[:clen] - tag = c[clen:] + ctext = c[:-TAG_BYTES] + tag = c[-TAG_BYTES:] return lilliput.decrypt(ctext, tag, ad, k, npub, MODE) diff --git a/test/python/genkat_aead.py b/test/python/genkat_aead.py index 5e953c4..db3a89c 100755 --- a/test/python/genkat_aead.py +++ b/test/python/genkat_aead.py @@ -1,11 +1,26 @@ #!/usr/bin/env python3 +# Python port of genkat_aead.c. +# +# Authors, hereby denoted as "the implementer": +# Kévin Le Gouguec, +# 2019. +# +# For more information, feedback or questions, refer to our website: +# https://paclido.fr/lilliput-ae +# +# To the extent possible under law, the implementer has waived all copyright +# and related or neighboring rights to the source code in this file. +# http://creativecommons.org/publicdomain/zero/1.0/ + +"""Python port of the genkat_aead.c program.""" + import crypto_aead class DecryptionError(Exception): def __init__(self): - super().__init__('crypto_aead_decrypt did not recover the plaintext') + super().__init__('crypto_aead.decrypt did not recover the plaintext') MAX_MESSAGE_LENGTH = 32 -- cgit v1.2.3 From e9682e5ff9946a018e00f513f58b7c7651708a63 Mon Sep 17 00:00:00 2001 From: Kévin Le Gouguec Date: Mon, 25 Mar 2019 10:35:27 +0100 Subject: [implem-python] Construction de _tweak_message par concaténation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Et petits nettoyages par-ci par-là. --- src/add_python/lilliput/__init__.py | 6 +++--- src/add_python/lilliput/ae_mode_1.py | 41 +++++++++++++++++++++++++----------- src/add_python/lilliput/constants.py | 2 +- test/python/crypto_aead.py | 5 ++++- 4 files changed, 37 insertions(+), 17 deletions(-) (limited to 'test') diff --git a/src/add_python/lilliput/__init__.py b/src/add_python/lilliput/__init__.py index dc193c6..870e485 100644 --- a/src/add_python/lilliput/__init__.py +++ b/src/add_python/lilliput/__init__.py @@ -26,7 +26,7 @@ The "mode" argument can be either of the following integers: from . import ae_mode_1 from . import ae_mode_2 -from .constants import NONCE_BYTES +from .constants import NONCE_BITS _AE_MODES = { @@ -43,8 +43,8 @@ def _check_inputs(key, mode, nonce): if mode not in _AE_MODES: raise ValueError('invalid mode: {} not in {}'.format(mode, tuple(_AE_MODES))) - if len(nonce) != NONCE_BYTES: - raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BYTES, len(nonce))) + if len(nonce)*8 != NONCE_BITS: + raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BITS, len(nonce)*8)) def encrypt(plaintext, adata, key, nonce, mode): diff --git a/src/add_python/lilliput/ae_mode_1.py b/src/add_python/lilliput/ae_mode_1.py index b07adf6..1a3c39e 100644 --- a/src/add_python/lilliput/ae_mode_1.py +++ b/src/add_python/lilliput/ae_mode_1.py @@ -20,11 +20,12 @@ using Lilliput-AE's nonce-respecting mode based on ΘCB3. from enum import Enum -from .constants import BLOCK_BYTES, NONCE_BYTES +from .constants import BLOCK_BYTES, NONCE_BITS from .ae_common import ( bytes_to_block_matrix, block_matrix_to_bytes, build_auth, + integer_to_byte_array, pad10, TagValidationError, xor @@ -43,19 +44,33 @@ class _MessageTweak(Enum): FINAL = 0b0101 +def _upper_nibble(i): + return i >> 4 + + +def _lower_nibble(i): + return i & 0b00001111 + + +def _byte_from_nibbles(lower, upper): + return upper<<4 | lower + + def _tweak_message(N, j, padding): - tweak = [0 for byte in range(0, TWEAK_BYTES)] - for byte in range(NONCE_BYTES-1, -1, -1): - tweak[byte + (TWEAK_BYTES-NONCE_BYTES)] |= (N[byte] & 0xf0) >> 4 - tweak[byte + (TWEAK_BYTES-NONCE_BYTES-1)] |= (N[byte] & 0x0f) << 4 + j = integer_to_byte_array(j, (TWEAK_BITS-NONCE_BITS-4)//8+1) + + middle_byte = _byte_from_nibbles( + _lower_nibble(j[-1]), _lower_nibble(N[0]) + ) - tweak[TWEAK_BYTES-NONCE_BYTES-1] |= ((j >> 64) & 0xf) - for byte in range(TWEAK_BYTES-NONCE_BYTES-2, -1, -1): - tweak[byte] = (j >> (8 * byte)) & 0xff + shifted_N = [ + _byte_from_nibbles(_upper_nibble(N[i-1]), _lower_nibble(N[i])) + for i in range(1, NONCE_BITS//8) + ] - tweak[-1] |= padding.value<<4 + last_byte = _byte_from_nibbles(_upper_nibble(N[-1]), padding.value) - return tweak + return j[:-1] + [middle_byte] + shifted_N + [last_byte] def _treat_message_enc(M, N, key): @@ -124,9 +139,10 @@ def _treat_message_dec(C, N, key): def encrypt(A, M, N, key): K = list(key) + N = list(N) Auth = build_auth(TWEAK_BITS, A, K) - (Final, C) = _treat_message_enc(M, N, K) + Final, C = _treat_message_enc(M, N, K) tag = xor(Auth, Final) return block_matrix_to_bytes(C), bytes(tag) @@ -134,10 +150,11 @@ def encrypt(A, M, N, key): def decrypt(A, C, N, tag, key): K = list(key) + N = list(N) tag = list(tag) Auth = build_auth(TWEAK_BITS, A, K) - (Final, M) = _treat_message_dec(C, N, K) + Final, M = _treat_message_dec(C, N, K) tag2 = xor(Auth, Final) if tag != tag2: diff --git a/src/add_python/lilliput/constants.py b/src/add_python/lilliput/constants.py index 5e07e96..e69ca46 100644 --- a/src/add_python/lilliput/constants.py +++ b/src/add_python/lilliput/constants.py @@ -1,6 +1,6 @@ BLOCK_BITS = 128 BLOCK_BYTES = BLOCK_BITS//8 -NONCE_BYTES = 15 +NONCE_BITS = 120 TAG_BYTES = 16 diff --git a/test/python/crypto_aead.py b/test/python/crypto_aead.py index 6a9b328..d2f1896 100644 --- a/test/python/crypto_aead.py +++ b/test/python/crypto_aead.py @@ -16,7 +16,7 @@ import lilliput from lilliput.constants import ( - NONCE_BYTES as NPUBBYTES, # Expose to genkat_aead. + NONCE_BITS, TAG_BYTES ) @@ -26,6 +26,9 @@ from parameters import ( ) +NPUBBYTES = NONCE_BITS//8 + + def encrypt(m, ad, npub, k): c, tag = lilliput.encrypt(m, ad, k, npub, MODE) return c+tag -- cgit v1.2.3