summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto_aead/lilliputaei128v1/ref/parameters.h3
-rw-r--r--crypto_aead/lilliputaeii128v1/ref/Makefile43
-rw-r--r--crypto_aead/lilliputaeii128v1/ref/parameters.h23
l---------crypto_aead/lilliputaeii128v1/ref/src1
-rw-r--r--crypto_aead/lilliputaeii128v1/ref/test/helpers.h33
-rw-r--r--crypto_aead/lilliputaeii128v1/ref/test/test-ae-roundtrip.c118
-rw-r--r--src/lilliput-ae-ii.c35
7 files changed, 253 insertions, 3 deletions
diff --git a/crypto_aead/lilliputaei128v1/ref/parameters.h b/crypto_aead/lilliputaei128v1/ref/parameters.h
index 492a884..d4d55c2 100644
--- a/crypto_aead/lilliputaei128v1/ref/parameters.h
+++ b/crypto_aead/lilliputaei128v1/ref/parameters.h
@@ -1,9 +1,6 @@
#ifndef PARAMETERS_H
#define PARAMETERS_H
-#include <stdint.h>
-
-
#define TWEAK_LENGTH_BITS 192
#define KEY_LENGTH_BITS 128
#define TWEAKEY_LENGTH_BITS (TWEAK_LENGTH_BITS+KEY_LENGTH_BITS)
diff --git a/crypto_aead/lilliputaeii128v1/ref/Makefile b/crypto_aead/lilliputaeii128v1/ref/Makefile
new file mode 100644
index 0000000..90f2a75
--- /dev/null
+++ b/crypto_aead/lilliputaeii128v1/ref/Makefile
@@ -0,0 +1,43 @@
+tests = test-ae-roundtrip
+
+nist_flags = -std=c99 -Wall -Wextra -Wshadow -fsanitize=address,undefined -O2
+CFLAGS += -I. -Isrc $(nist_flags) -Werror
+LDFLAGS += $(nist_flags)
+
+
+.PHONY: clean test $(tests)
+
+
+clean:
+ -rm -r results
+
+results:
+ mkdir -p $@
+
+results/%.o: %.c
+ @mkdir -p $(dir $@)
+ gcc -c $< $(CFLAGS) -o $@
+
+results/test-%: results/test/test-%.o
+ gcc $^ $(LDFLAGS) -o $@
+
+test: $(tests)
+
+$(tests): %: results/%
+ ./results/$@
+
+results/test-ae-roundtrip: results/src/lilliput-ae-ii.o results/src/cipher.o results/src/tweakey.o results/src/constants.o | results
+
+results/test-*.o: test/helpers.h parameters.h
+results/test-ae-roundtrip.o: src/lilliput-ae.h
+
+results/src/cipher.o: src/cipher.h src/tweakey.h src/constants.h parameters.h
+results/src/constants.o: src/constants.h
+results/src/lilliput-ae-ii.o: src/lilliput-ae.h src/cipher.h src/constants.h
+results/src/tweakey.o: src/tweakey.h src/constants.h parameters.h
+
+# TODO: should add order-only prerequisites to remove mkdirs inside recipes
+# TODO: add valgrind, although it does not seem to play well with ASAN
+# TODO: should use gcc -M... to generate .o -> .h dependencies
+
+results/src/lilliput-ae-ii.o: CFLAGS += -Wno-unused # FIXME: remove once implemented
diff --git a/crypto_aead/lilliputaeii128v1/ref/parameters.h b/crypto_aead/lilliputaeii128v1/ref/parameters.h
new file mode 100644
index 0000000..f2ebe0a
--- /dev/null
+++ b/crypto_aead/lilliputaeii128v1/ref/parameters.h
@@ -0,0 +1,23 @@
+#ifndef PARAMETERS_H
+#define PARAMETERS_H
+
+#define TWEAK_LENGTH_BITS 128
+#define KEY_LENGTH_BITS 128
+#define TWEAKEY_LENGTH_BITS (TWEAK_LENGTH_BITS+KEY_LENGTH_BITS)
+#define ROUND_TWEAKEY_LENGTH_BITS 64
+#define BLOCK_LENGTH_BITS 128
+#define NONCE_LENGTH_BITS 120
+#define TAG_LENGTH_BITS 128
+
+#define TWEAK_BYTES (TWEAK_LENGTH_BITS/8)
+#define KEY_BYTES (KEY_LENGTH_BITS/8)
+#define TWEAKEY_BYTES (TWEAKEY_LENGTH_BITS/8)
+#define ROUND_TWEAKEY_BYTES (ROUND_TWEAKEY_LENGTH_BITS/8)
+#define BLOCK_BYTES (BLOCK_LENGTH_BITS/8)
+#define NONCE_BYTES (NONCE_LENGTH_BITS/8)
+#define TAG_BYTES (TAG_LENGTH_BITS/8)
+
+
+#define ROUNDS 32
+
+#endif /* PARAMETERS_H */
diff --git a/crypto_aead/lilliputaeii128v1/ref/src b/crypto_aead/lilliputaeii128v1/ref/src
new file mode 120000
index 0000000..006f0fe
--- /dev/null
+++ b/crypto_aead/lilliputaeii128v1/ref/src
@@ -0,0 +1 @@
+/home/klegouguec/projects/paclido/sp3/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src \ No newline at end of file
diff --git a/crypto_aead/lilliputaeii128v1/ref/test/helpers.h b/crypto_aead/lilliputaeii128v1/ref/test/helpers.h
new file mode 100644
index 0000000..0e1b3c2
--- /dev/null
+++ b/crypto_aead/lilliputaeii128v1/ref/test/helpers.h
@@ -0,0 +1,33 @@
+#ifndef HELPERS_H
+#define HELPERS_H
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include "parameters.h"
+
+
+#define ARRAY_NB(A) (sizeof(A)/sizeof(A[0]))
+#define ARRAY_END(A) (A+ARRAY_NB(A))
+
+#define REPORT_DIFFERENCE(VECTOR, ELEMENT) do { \
+ fprintf(stderr, "%s: vector %s: %s differs from expected\n", \
+ __FILE__, (VECTOR), (ELEMENT)); \
+ } while (0)
+
+#define REPORT_INVALID(VECTOR) do { \
+ fprintf(stderr, "%s: vector %s: ciphertext/tag invalid\n", \
+ __FILE__, (VECTOR)); \
+ } while (0)
+
+
+static inline FILE* open_dump_file(const char *folder, const char* vector, const char *name)
+{
+ size_t filename_len = snprintf(NULL, 0, "%s/%s_%s.txt", folder, vector, name);
+ char filename[filename_len+1];
+ snprintf(filename, sizeof(filename), "%s/%s_%s.txt", folder, vector, name);
+ return fopen(filename, "w");
+}
+
+
+#endif /* HELPERS_H */
diff --git a/crypto_aead/lilliputaeii128v1/ref/test/test-ae-roundtrip.c b/crypto_aead/lilliputaeii128v1/ref/test/test-ae-roundtrip.c
new file mode 100644
index 0000000..c9b2a1c
--- /dev/null
+++ b/crypto_aead/lilliputaeii128v1/ref/test/test-ae-roundtrip.c
@@ -0,0 +1,118 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "lilliput-ae.h"
+
+#include "helpers.h"
+
+
+struct vector
+{
+ char *name;
+ uint8_t key[KEY_BYTES];
+ uint8_t nonce[NONCE_BYTES];
+ size_t auth_len;
+ uint8_t *auth;
+ size_t message_len;
+ uint8_t *message;
+};
+
+typedef struct vector vector;
+
+
+/* Keys and nonces generated with /dev/urandom. */
+
+const vector VECTORS[] = {
+ {
+ .name = "short",
+ .key = {
+ 0xdc, 0xd8, 0xcb, 0x6d, 0xf9, 0xda, 0xf2, 0xc9,
+ 0x7c, 0xc1, 0x6a, 0xff, 0x7e, 0x1d, 0x27, 0xa3
+ },
+ .nonce = {
+ 0xcd, 0x6f, 0x24, 0xe1, 0xf8, 0xcd, 0x64, 0xde,
+ 0x18, 0x2f, 0x92, 0xab, 0xdb, 0xfa, 0xff
+ },
+ .auth_len = 8,
+ .auth = (uint8_t*)"deadbeef",
+ .message_len = 4,
+ .message = (uint8_t[]){
+ 0xde, 0xad, 0xbe, 0xef
+ }
+ },
+ {
+ .name = "block-sized",
+ .key = {
+ 0x3f, 0x75, 0x05, 0x0a, 0xc1, 0xc6, 0xb5, 0xe0,
+ 0x57, 0x2e, 0x60, 0x9e, 0x32, 0xab, 0xbe, 0xd0
+ },
+ .nonce = {
+ 0xcd, 0x7d, 0xb0, 0xa0, 0x62, 0xdf, 0xda, 0x0a,
+ 0x23, 0x7a, 0x17, 0x32, 0x60, 0x42, 0xef
+ },
+ .auth_len = 13,
+ .auth = (uint8_t*)"some metadata",
+ .message_len = 2*BLOCK_BYTES,
+ .message = (uint8_t*)"32-byte long, i.e. 2*BLOCK_BYTES"
+ },
+ {
+ .name = "arbitrarily long",
+ .key = {
+ 0x13, 0x6a, 0x99, 0xfd, 0xbf, 0x88, 0xac, 0xf8,
+ 0x92, 0x7b, 0x27, 0xb1, 0x10, 0xa5, 0xe8, 0x73
+ },
+ .nonce = {
+ 0x59, 0x41, 0xa7, 0x53, 0x0f, 0xde, 0xf1, 0xb1,
+ 0xca, 0xd5, 0x80, 0xc4, 0x1c, 0x16, 0x2b
+ },
+ .auth_len = 30,
+ .auth = (uint8_t*)"a bunch of associated metadata",
+ .message_len = 59,
+ .message = (uint8_t*)"here comes the placeholder: foobar ipsum dolor sit baz quux"
+ }
+};
+
+
+int main()
+{
+ int diff = 0;
+
+ for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++)
+ {
+ uint8_t ciphertext[v->message_len];
+ uint8_t tag[TAG_BYTES];
+
+ lilliput_ae_encrypt(
+ v->message_len, v->message,
+ v->auth_len, v->auth,
+ v->key, v->nonce,
+ ciphertext,
+ tag
+ );
+
+ uint8_t deciphered[v->message_len];
+ bool valid = lilliput_ae_decrypt(
+ v->message_len, ciphertext,
+ v->auth_len, v->auth,
+ v->key, v->nonce, tag,
+ deciphered
+ );
+
+ if (!valid)
+ {
+ REPORT_INVALID(v->name);
+ diff++;
+ continue;
+ }
+
+ if (memcmp(deciphered, v->message, v->message_len) != 0)
+ {
+ REPORT_DIFFERENCE(v->name, "deciphered plaintext");
+ diff++;
+ continue;
+ }
+ }
+
+ return diff;
+}
diff --git a/src/lilliput-ae-ii.c b/src/lilliput-ae-ii.c
new file mode 100644
index 0000000..9b156c7
--- /dev/null
+++ b/src/lilliput-ae-ii.c
@@ -0,0 +1,35 @@
+#include <stdbool.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "cipher.h"
+#include "lilliput-ae.h"
+
+
+void lilliput_ae_encrypt(
+ size_t message_len,
+ const uint8_t message[message_len],
+ size_t auth_data_len,
+ const uint8_t auth_data[auth_data_len],
+ const uint8_t key[KEY_BYTES],
+ const uint8_t nonce[NONCE_BYTES],
+ uint8_t ciphertext[message_len],
+ uint8_t tag[TAG_BYTES]
+)
+{
+}
+
+bool lilliput_ae_decrypt(
+ size_t ciphertext_len,
+ const uint8_t ciphertext[ciphertext_len],
+ size_t auth_data_len,
+ const uint8_t auth_data[auth_data_len],
+ const uint8_t key[KEY_BYTES],
+ const uint8_t nonce[NONCE_BYTES],
+ const uint8_t tag[TAG_BYTES],
+ uint8_t message[ciphertext_len]
+)
+{
+ uint8_t effective_tag[TAG_BYTES];
+ return memcmp(tag, effective_tag, TAG_BYTES) == 0;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 18:15:50 +0000