From e83abe9fdbab07e6df80443240d4d649303a3dd4 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Fri, 22 Mar 2019 16:41:34 +0100
Subject: [implem-python] Déplacement dans le dossier SOUMISSION_NIST
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Et ajout d'un métascript pour vérifier la conformité.

Il ne reste plus qu'à… (bis)
---
 test/python/crypto_aead.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 test/python/crypto_aead.py

(limited to 'test/python/crypto_aead.py')

diff --git a/test/python/crypto_aead.py b/test/python/crypto_aead.py
new file mode 100644
index 0000000..792369c
--- /dev/null
+++ b/test/python/crypto_aead.py
@@ -0,0 +1,18 @@
+import lilliput
+from lilliput.constants import NONCE_BYTES as NPUBBYTES, TAG_BYTES
+
+# Import KEYBYTES to expose it to genkat_aead.
+# Import MODE to provide it to lilliput.
+from parameters import KEYBYTES, MODE
+
+
+def encrypt(m, ad, npub, k):
+    c, tag = lilliput.encrypt(m, ad, k, npub, MODE)
+    return c+tag
+
+
+def decrypt(c, ad, npub, k):
+    clen = len(c)-TAG_BYTES
+    ctext = c[:clen]
+    tag = c[clen:]
+    return lilliput.decrypt(ctext, tag, ad, k, npub, MODE)
-- 
cgit v1.2.3


From 07af965f2687105324e0142270a9e194a5ae6af5 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Mon, 25 Mar 2019 08:38:01 +0100
Subject: [implem-python] Ajout des entêtes manquants
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/add_python/lilliput/ae_common.py       | 17 +++++++++++++++
 src/add_python/lilliput/helpers.py         | 17 +++++++++++++++
 src/add_python/lilliput/multiplications.py | 19 +++++++++++++++++
 test/python/crypto_aead.py                 | 33 +++++++++++++++++++++++-------
 test/python/genkat_aead.py                 | 17 ++++++++++++++-
 5 files changed, 95 insertions(+), 8 deletions(-)

(limited to 'test/python/crypto_aead.py')

diff --git a/src/add_python/lilliput/ae_common.py b/src/add_python/lilliput/ae_common.py
index 033b5b0..83db056 100644
--- a/src/add_python/lilliput/ae_common.py
+++ b/src/add_python/lilliput/ae_common.py
@@ -1,3 +1,20 @@
+# Implementation of the Lilliput-AE tweakable block cipher.
+#
+# Authors, hereby denoted as "the implementer":
+#     Kévin Le Gouguec,
+#     Léo Reynaud
+#     2019.
+#
+# For more information, feedback or questions, refer to our website:
+# https://paclido.fr/lilliput-ae
+#
+# To the extent possible under law, the implementer has waived all copyright
+# and related or neighboring rights to the source code in this file.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+"""Helper functions used in both Lilliput-I and Lilliput-II."""
+
+
 from .constants import BLOCK_BITS, BLOCK_BYTES
 from .helpers import xor
 from . import tbc
diff --git a/src/add_python/lilliput/helpers.py b/src/add_python/lilliput/helpers.py
index 048aac7..41f75a6 100644
--- a/src/add_python/lilliput/helpers.py
+++ b/src/add_python/lilliput/helpers.py
@@ -1,2 +1,19 @@
+# Implementation of the Lilliput-AE tweakable block cipher.
+#
+# Authors, hereby denoted as "the implementer":
+#     Kévin Le Gouguec,
+#     Léo Reynaud
+#     2019.
+#
+# For more information, feedback or questions, refer to our website:
+# https://paclido.fr/lilliput-ae
+#
+# To the extent possible under law, the implementer has waived all copyright
+# and related or neighboring rights to the source code in this file.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+"""Helper functions used in Lilliput-AE."""
+
+
 def xor(array1, array2):
     return [a1^a2 for (a1, a2) in zip(array1, array2)]
diff --git a/src/add_python/lilliput/multiplications.py b/src/add_python/lilliput/multiplications.py
index dfdc3cb..2dea948 100644
--- a/src/add_python/lilliput/multiplications.py
+++ b/src/add_python/lilliput/multiplications.py
@@ -1,3 +1,22 @@
+# Implementation of the Lilliput-AE tweakable block cipher.
+#
+# Authors, hereby denoted as "the implementer":
+#     Kévin Le Gouguec,
+#     Léo Reynaud
+#     2019.
+#
+# For more information, feedback or questions, refer to our website:
+# https://paclido.fr/lilliput-ae
+#
+# To the extent possible under law, the implementer has waived all copyright
+# and related or neighboring rights to the source code in this file.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+"""Multiplications for Lilliput-TBC's tweakey schedule.
+
+This module provides a list of functions implementing lane multiplications,
+from ALPHAS[0] = α₀ = I to ALPHAS[6] = α₆ = M_R³.
+"""
 
 
 def _multiply_M(lane):
diff --git a/test/python/crypto_aead.py b/test/python/crypto_aead.py
index 792369c..6a9b328 100644
--- a/test/python/crypto_aead.py
+++ b/test/python/crypto_aead.py
@@ -1,9 +1,29 @@
+# Implementation of the Lilliput-AE tweakable block cipher.
+#
+# Authors, hereby denoted as "the implementer":
+#     Kévin Le Gouguec,
+#     2019.
+#
+# For more information, feedback or questions, refer to our website:
+# https://paclido.fr/lilliput-ae
+#
+# To the extent possible under law, the implementer has waived all copyright
+# and related or neighboring rights to the source code in this file.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+"""Python port of the crypto_aead API for Lilliput-AE."""
+
 import lilliput
-from lilliput.constants import NONCE_BYTES as NPUBBYTES, TAG_BYTES
 
-# Import KEYBYTES to expose it to genkat_aead.
-# Import MODE to provide it to lilliput.
-from parameters import KEYBYTES, MODE
+from lilliput.constants import (
+    NONCE_BYTES as NPUBBYTES,   # Expose to genkat_aead.
+    TAG_BYTES
+)
+
+from parameters import (
+    KEYBYTES,                   # Expose to genkat_aead.
+    MODE
+)
 
 
 def encrypt(m, ad, npub, k):
@@ -12,7 +32,6 @@ def encrypt(m, ad, npub, k):
 
 
 def decrypt(c, ad, npub, k):
-    clen = len(c)-TAG_BYTES
-    ctext = c[:clen]
-    tag = c[clen:]
+    ctext = c[:-TAG_BYTES]
+    tag = c[-TAG_BYTES:]
     return lilliput.decrypt(ctext, tag, ad, k, npub, MODE)
diff --git a/test/python/genkat_aead.py b/test/python/genkat_aead.py
index 5e953c4..db3a89c 100755
--- a/test/python/genkat_aead.py
+++ b/test/python/genkat_aead.py
@@ -1,11 +1,26 @@
 #!/usr/bin/env python3
 
+# Python port of genkat_aead.c.
+#
+# Authors, hereby denoted as "the implementer":
+#     Kévin Le Gouguec,
+#     2019.
+#
+# For more information, feedback or questions, refer to our website:
+# https://paclido.fr/lilliput-ae
+#
+# To the extent possible under law, the implementer has waived all copyright
+# and related or neighboring rights to the source code in this file.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+"""Python port of the genkat_aead.c program."""
+
 import crypto_aead
 
 
 class DecryptionError(Exception):
     def __init__(self):
-        super().__init__('crypto_aead_decrypt did not recover the plaintext')
+        super().__init__('crypto_aead.decrypt did not recover the plaintext')
 
 
 MAX_MESSAGE_LENGTH = 32
-- 
cgit v1.2.3


From e9682e5ff9946a018e00f513f58b7c7651708a63 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Mon, 25 Mar 2019 10:35:27 +0100
Subject: [implem-python] Construction de _tweak_message par concaténation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Et petits nettoyages par-ci par-là.
---
 src/add_python/lilliput/__init__.py  |  6 +++---
 src/add_python/lilliput/ae_mode_1.py | 41 +++++++++++++++++++++++++-----------
 src/add_python/lilliput/constants.py |  2 +-
 test/python/crypto_aead.py           |  5 ++++-
 4 files changed, 37 insertions(+), 17 deletions(-)

(limited to 'test/python/crypto_aead.py')

diff --git a/src/add_python/lilliput/__init__.py b/src/add_python/lilliput/__init__.py
index dc193c6..870e485 100644
--- a/src/add_python/lilliput/__init__.py
+++ b/src/add_python/lilliput/__init__.py
@@ -26,7 +26,7 @@ The "mode" argument can be either of the following integers:
 
 from . import ae_mode_1
 from . import ae_mode_2
-from .constants import NONCE_BYTES
+from .constants import NONCE_BITS
 
 
 _AE_MODES = {
@@ -43,8 +43,8 @@ def _check_inputs(key, mode, nonce):
     if mode not in _AE_MODES:
         raise ValueError('invalid mode: {} not in {}'.format(mode, tuple(_AE_MODES)))
 
-    if len(nonce) != NONCE_BYTES:
-        raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BYTES, len(nonce)))
+    if len(nonce)*8 != NONCE_BITS:
+        raise ValueError('invalid nonce size: expecting {}, have {}'.format(NONCE_BITS, len(nonce)*8))
 
 
 def encrypt(plaintext, adata, key, nonce, mode):
diff --git a/src/add_python/lilliput/ae_mode_1.py b/src/add_python/lilliput/ae_mode_1.py
index b07adf6..1a3c39e 100644
--- a/src/add_python/lilliput/ae_mode_1.py
+++ b/src/add_python/lilliput/ae_mode_1.py
@@ -20,11 +20,12 @@ using Lilliput-AE's nonce-respecting mode based on ΘCB3.
 
 from enum import Enum
 
-from .constants import BLOCK_BYTES, NONCE_BYTES
+from .constants import BLOCK_BYTES, NONCE_BITS
 from .ae_common import (
     bytes_to_block_matrix,
     block_matrix_to_bytes,
     build_auth,
+    integer_to_byte_array,
     pad10,
     TagValidationError,
     xor
@@ -43,19 +44,33 @@ class _MessageTweak(Enum):
     FINAL = 0b0101
 
 
+def _upper_nibble(i):
+    return i >> 4
+
+
+def _lower_nibble(i):
+    return i & 0b00001111
+
+
+def _byte_from_nibbles(lower, upper):
+    return upper<<4 | lower
+
+
 def _tweak_message(N, j, padding):
-    tweak = [0 for byte in range(0, TWEAK_BYTES)]
-    for byte in range(NONCE_BYTES-1, -1, -1):
-        tweak[byte + (TWEAK_BYTES-NONCE_BYTES)] |= (N[byte] & 0xf0) >> 4
-        tweak[byte + (TWEAK_BYTES-NONCE_BYTES-1)] |= (N[byte] & 0x0f) << 4
+    j = integer_to_byte_array(j, (TWEAK_BITS-NONCE_BITS-4)//8+1)
+
+    middle_byte = _byte_from_nibbles(
+        _lower_nibble(j[-1]), _lower_nibble(N[0])
+    )
 
-    tweak[TWEAK_BYTES-NONCE_BYTES-1] |= ((j >> 64) & 0xf)
-    for byte in range(TWEAK_BYTES-NONCE_BYTES-2, -1, -1):
-        tweak[byte] = (j >> (8 * byte)) & 0xff
+    shifted_N = [
+        _byte_from_nibbles(_upper_nibble(N[i-1]), _lower_nibble(N[i]))
+        for i in range(1, NONCE_BITS//8)
+    ]
 
-    tweak[-1] |= padding.value<<4
+    last_byte = _byte_from_nibbles(_upper_nibble(N[-1]), padding.value)
 
-    return tweak
+    return j[:-1] + [middle_byte] + shifted_N + [last_byte]
 
 
 def _treat_message_enc(M, N, key):
@@ -124,9 +139,10 @@ def _treat_message_dec(C, N, key):
 
 def encrypt(A, M, N, key):
     K = list(key)
+    N = list(N)
 
     Auth = build_auth(TWEAK_BITS, A, K)
-    (Final, C) = _treat_message_enc(M, N, K)
+    Final, C = _treat_message_enc(M, N, K)
     tag = xor(Auth, Final)
 
     return block_matrix_to_bytes(C), bytes(tag)
@@ -134,10 +150,11 @@ def encrypt(A, M, N, key):
 
 def decrypt(A, C, N, tag, key):
     K = list(key)
+    N = list(N)
     tag = list(tag)
 
     Auth = build_auth(TWEAK_BITS, A, K)
-    (Final, M) = _treat_message_dec(C, N, K)
+    Final, M = _treat_message_dec(C, N, K)
     tag2 = xor(Auth, Final)
 
     if tag != tag2:
diff --git a/src/add_python/lilliput/constants.py b/src/add_python/lilliput/constants.py
index 5e07e96..e69ca46 100644
--- a/src/add_python/lilliput/constants.py
+++ b/src/add_python/lilliput/constants.py
@@ -1,6 +1,6 @@
 BLOCK_BITS = 128
 BLOCK_BYTES = BLOCK_BITS//8
-NONCE_BYTES = 15
+NONCE_BITS = 120
 TAG_BYTES = 16
 
 
diff --git a/test/python/crypto_aead.py b/test/python/crypto_aead.py
index 6a9b328..d2f1896 100644
--- a/test/python/crypto_aead.py
+++ b/test/python/crypto_aead.py
@@ -16,7 +16,7 @@
 import lilliput
 
 from lilliput.constants import (
-    NONCE_BYTES as NPUBBYTES,   # Expose to genkat_aead.
+    NONCE_BITS,
     TAG_BYTES
 )
 
@@ -26,6 +26,9 @@ from parameters import (
 )
 
 
+NPUBBYTES = NONCE_BITS//8
+
+
 def encrypt(m, ad, npub, k):
     c, tag = lilliput.encrypt(m, ad, k, npub, MODE)
     return c+tag
-- 
cgit v1.2.3