1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# Implementation of the Lilliput-AE tweakable block cipher.
#
# Authors, hereby denoted as "the implementer":
# Kévin Le Gouguec,
# Léo Reynaud
# 2019.
#
# For more information, feedback or questions, refer to our website:
# https://paclido.fr/lilliput-ae
#
# To the extent possible under law, the implementer has waived all copyright
# and related or neighboring rights to the source code in this file.
# http://creativecommons.org/publicdomain/zero/1.0/
"""Lilliput-AE tweakable block cipher.
This module provides the high-level functions for authenticated encryption and
decryption. Both functions take and return bytestring values.
The "mode" argument can be either of the following integers:
- 1, for the ΘCB3 nonce-respecting mode,
- 2, for the SCT-2 nonce-misuse-resistant mode.
"""
from . import lilliput_ae_1
from . import lilliput_ae_2
from .constants import NONCE_BYTES
_AE_MODES = {
1: lilliput_ae_1,
2: lilliput_ae_2
}
def _check_inputs(key, mode, nonce):
valid_key_lengths = (128, 192, 256)
if len(key)*8 not in valid_key_lengths:
raise ValueError('invalid key size: {} not in {}'.format(len(key)*8, valid_key_lengths))
if mode not in _AE_MODES:
raise ValueError('invalid mode: {} not in {}'.format(mode, tuple(_AE_MODES)))
if len(nonce) != NONCE_BYTES:
raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BYTES, len(nonce)))
def encrypt(plaintext, adata, key, nonce, mode):
_check_inputs(key, mode, nonce)
return _AE_MODES[mode].encrypt(adata, plaintext, nonce, key)
def decrypt(ciphertext, tag, adata, key, nonce, mode):
_check_inputs(key, mode, nonce)
return _AE_MODES[mode].decrypt(adata, ciphertext, nonce, tag, key)
|
