From de866ad56fd465e89c9df6c6e12e0819098be386 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Thu, 27 Jun 2019 16:36:11 +0200
Subject: Réécriture des commentaires schématiques sur les tweaks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/ref/lilliput-ii.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

(limited to 'src/ref/lilliput-ii.c')

diff --git a/src/ref/lilliput-ii.c b/src/ref/lilliput-ii.c
index 9ed17a2..bb43d08 100644
--- a/src/ref/lilliput-ii.c
+++ b/src/ref/lilliput-ii.c
@@ -28,12 +28,15 @@ This file implements Lilliput-AE's nonce-misuse-resistant mode based on SCT-2.
 
 static void _init_msg_tweak(const uint8_t tag[TAG_BYTES], uint8_t tweak[TWEAK_BYTES])
 {
-    /* With an s-bit block index, the t-bit tweak is filled as follows:
+    /* The t-bit tweak is filled as follows:
+     *
+     *   1    2                      t
+     * [ 1 || tag[2,t] XOR block index  ]
+     *
+     * The s-bit block index is XORed to the tag as follows:
      *
-     * 1: 1
-     * [     2,   t]: tag[    2,   t] XOR block index
-     *  [    2, t-s]: tag[    2, t-s]
-     *  [t-s+1,   t]: tag[t-s+1,   t] XOR block index
+     *   2       t-s    t-s+1                                  t
+     * [ tag[2, t-s] || tag[t-s+1, t] XOR block index, MSB first ]
      *
      * This function sets bits 1 to t-s once and for all.
      */
@@ -44,12 +47,15 @@ static void _init_msg_tweak(const uint8_t tag[TAG_BYTES], uint8_t tweak[TWEAK_BY
 
 static void _fill_msg_tweak(const uint8_t tag[TAG_BYTES], size_t block_index, uint8_t tweak[TWEAK_BYTES])
 {
-    /* With an s-bit block index, the t-bit tweak is filled as follows:
+    /* The t-bit tweak is filled as follows:
+     *
+     *   1    2                      t
+     * [ 1 || tag[2,t] XOR block index  ]
+     *
+     * The s-bit block index is XORed to the tag as follows:
      *
-     * 1: 1
-     * [     2,   t]: tag + block index
-     *  [    2, t-s]: tag[    2, t-s]
-     *  [t-s+1,   t]: tag[t-s+1,   t] XOR block index
+     *   2       t-s    t-s+1                                  t
+     * [ tag[2, t-s] || tag[t-s+1, t] XOR block index, MSB first ]
      *
      * This function assumes bits 1 to t-s have already been set, and
      * only sets bits t-s+1 to t.
@@ -67,8 +73,8 @@ static void _fill_tag_tweak(const uint8_t N[NONCE_BYTES], uint8_t tweak[TWEAK_BY
 {
     /* The t-bit tweak is filled as follows:
      *
-     * [      1, 8]: 0001||0^4
-     * [t-|N|+1, t]: N
+     *   1  4    5   8    t-|N|+1     t
+     * [ 0001 ||  0^4  ||        nonce  ]
      */
 
     tweak[0] = 0x10;
-- 
cgit v1.2.3