[implem-python] Création de la surcouche "crypto_aead"

Il ne reste  plus qu'à générer les  dossiers lilliputae*/add_python et
les fichiers parameters.py correspondants, et  on peut ajouter le tout
à l'archive à soumettre au NIST.

7 files changed, 76 insertions, 49 deletions

diff --git a/python/.gitignore b/python/.gitignore
new file mode 100644
index 0000000..d9aa5d4
--- /dev/null
+++ b/python/.gitignore
@@ -0,0 +1,2 @@
+__pycache__
+results
\ No newline at end of file
diff --git a/python/compare.sh b/python/compare.sh
index 7a9cdc7..41f27b6 100755
--- a/python/compare.sh
+++ b/python/compare.sh
@@ -5,11 +5,11 @@
 
 set -eux
 
-mkdir -p crypto_aead_ref
+mkdir -p results/crypto_aead_ref
 for d in ../../SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/crypto_aead/lilliputaei*
 do
-    mkdir -p crypto_aead_ref/$(basename $d)
-    cp $d/LWC*.txt crypto_aead_ref/$(basename $d)/
+    mkdir -p results/crypto_aead_ref/$(basename $d)
+    cp $d/LWC*.txt results/crypto_aead_ref/$(basename $d)/
 done
 
-diff -ru crypto_aead_ref crypto_aead
+diff -ru results/crypto_aead_ref results/crypto_aead
diff --git a/python/crypto_aead.py b/python/crypto_aead.py
new file mode 100644
index 0000000..792369c
--- /dev/null
+++ b/python/crypto_aead.py
@@ -0,0 +1,18 @@
+import lilliput
+from lilliput.constants import NONCE_BYTES as NPUBBYTES, TAG_BYTES
+
+# Import KEYBYTES to expose it to genkat_aead.
+# Import MODE to provide it to lilliput.
+from parameters import KEYBYTES, MODE
+
+
+def encrypt(m, ad, npub, k):
+    c, tag = lilliput.encrypt(m, ad, k, npub, MODE)
+    return c+tag
+
+
+def decrypt(c, ad, npub, k):
+    clen = len(c)-TAG_BYTES
+    ctext = c[:clen]
+    tag = c[clen:]
+    return lilliput.decrypt(ctext, tag, ad, k, npub, MODE)
diff --git a/python/generate-vectors.sh b/python/generate-vectors.sh
new file mode 100755
index 0000000..90b5840
--- /dev/null
+++ b/python/generate-vectors.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -eu
+
+rm -rf results
+
+mkdir -p results/crypto_aead/lilliputae{i,ii}{128,192,256}v1
+
+declare -A names=([1]=lilliputaei [2]=lilliputaeii)
+
+for mode in 1 2
+do
+    for keylen in 128 192 256
+    do
+        echo generating for ${mode} ${keylen}
+
+        cat <<EOF > results/parameters.py
+MODE = ${mode}
+KEYBYTES = $((keylen/8))
+EOF
+
+        PYTHONPATH=results ./genkat_aead.py
+
+        dest=results/crypto_aead/${names[${mode}]}${keylen}v1
+        mv LWC_AEAD_KAT_${keylen}_120.txt ${dest}
+    done
+done
diff --git a/python/genkat_aead.py b/python/genkat_aead.py
index 8b38d9b..01bed6f 100755
--- a/python/genkat_aead.py
+++ b/python/genkat_aead.py
@@ -1,40 +1,23 @@
 #!/usr/bin/env python3
 
-from lilliput import encrypt, decrypt, LilliputAeMode
-from os import makedirs, path
+import crypto_aead
 
 
 MAX_MESSAGE_LENGTH = 32
 MAX_ADATA_LENGTH = 32
 
-CRYPTO_NPUBBYTES = 120//8
-
-
-MODE_SUFFIXES = {
-    LilliputAeMode.lilliput_1: 'i',
-    LilliputAeMode.lilliput_2: 'ii'
-}
-
 
 def print_bstr(output, label, buf):
     print('{l} = {b}'.format(l=label, b=buf.hex().upper()), file=output)
 
 
-def generate_test_vectors(mode, keylen):
-    print('generating for', mode, keylen)
-
-    directory = 'crypto_aead/lilliputae{mode}{keylen}v1'.format(
-        mode=MODE_SUFFIXES[mode], keylen=keylen
-    )
-
-    makedirs(directory, exist_ok=True)
-
-    output_path = path.join(
-        directory, 'LWC_AEAD_KAT_{keylen}_120.txt'.format(keylen=keylen)
+def generate_test_vectors():
+    output_path = 'LWC_AEAD_KAT_{key}_{npub}.txt'.format(
+        key=crypto_aead.KEYBYTES*8, npub=crypto_aead.NPUBBYTES*8
     )
 
-    nonce = bytes(range(CRYPTO_NPUBBYTES))
-    key = bytes(range(keylen//8))
+    npub = bytes(range(crypto_aead.NPUBBYTES))
+    key = bytes(range(crypto_aead.KEYBYTES))
 
     with open(output_path, 'w') as output:
 
@@ -47,22 +30,20 @@ def generate_test_vectors(mode, keylen):
                 ad = bytes(range(adlen))
 
                 print_bstr(output, 'Key', key)
-                print_bstr(output, 'Nonce', nonce)
+                print_bstr(output, 'Nonce', npub)
                 print_bstr(output, 'PT', msg)
                 print_bstr(output, 'AD', ad)
 
-                ct, tag = encrypt(msg, ad, key, nonce, mode)
+                ct = crypto_aead.encrypt(msg, ad, npub, key)
 
-                print_bstr(output, 'CT', ct+tag)
+                print_bstr(output, 'CT', ct)
 
-                decrypt(ct, tag, ad, key, nonce, mode)
+                crypto_aead.decrypt(ct, ad, npub, key)
 
-                count+=1
+                count += 1
 
                 print(file=output)
 
 
 if __name__ == '__main__':
-    for mode in LilliputAeMode:
-        for keylen in 128, 192, 256:
-            generate_test_vectors(mode, keylen)
+    generate_test_vectors()
diff --git a/python/lilliput/__init__.py b/python/lilliput/__init__.py
index 43179f8..5fbc0de 100644
--- a/python/lilliput/__init__.py
+++ b/python/lilliput/__init__.py
@@ -1,33 +1,31 @@
-from enum import Enum
-
 from . import lilliput_ae_1
 from . import lilliput_ae_2
 from .constants import NONCE_BYTES
 
 
-class LilliputAeMode(Enum):
-    lilliput_1 = lilliput_ae_1
-    lilliput_2 = lilliput_ae_2
+_AE_MODES = {
+    1: lilliput_ae_1,
+    2: lilliput_ae_2
+}
 
 
-def _checkInputs(key, mode, nonce):
+def _check_inputs(key, mode, nonce):
     valid_key_lengths = (128, 192, 256)
-
     if len(key)*8 not in valid_key_lengths:
         raise ValueError('invalid key size: {} not in {}'.format(len(key)*8, valid_key_lengths))
 
-    if mode.name not in LilliputAeMode.__members__:
-        raise ValueError('invalid mode: use a member of the LilliputAeMode enumeration')
+    if mode not in _AE_MODES:
+        raise ValueError('invalid mode: {} not in {}'.format(mode, tuple(_AE_MODES)))
 
     if len(nonce) != NONCE_BYTES:
-        raise ValueError('nonce must be {}-byte long'.format(NONCE_BYTES))
+        raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BYTES, len(nonce)))
 
 
 def encrypt(plaintext, adata, key, nonce, mode):
-    _checkInputs(key, mode, nonce)
-    return mode.value.encrypt(adata, plaintext, nonce, key)
+    _check_inputs(key, mode, nonce)
+    return _AE_MODES[mode].encrypt(adata, plaintext, nonce, key)
 
 
 def decrypt(ciphertext, tag, adata, key, nonce, mode):
-    _checkInputs(key, mode, nonce)
-    return mode.value.decrypt(adata, ciphertext, nonce, tag, key)
+    _check_inputs(key, mode, nonce)
+    return _AE_MODES[mode].decrypt(adata, ciphertext, nonce, tag, key)
diff --git a/python/lilliput/constants.py b/python/lilliput/constants.py
index c61dfe0..0c9b89f 100644
--- a/python/lilliput/constants.py
+++ b/python/lilliput/constants.py
@@ -1,6 +1,7 @@
 BLOCK_BITS = 128
 BLOCK_BYTES = BLOCK_BITS//8
 NONCE_BYTES = 15
+TAG_BYTES = 16
 
 
 Sbox = [