base = C.GF(0).setbit(nbits).setbit(0)
for k in xrange(1, nbits, 2):
for cc in combs(range(1, nbits), k):
- p = base + sum(C.GF(0).setbit(c) for c in cc)
+ p = base + sum((C.GF(0).setbit(c) for c in cc), C.GF(0))
if p.irreduciblep(): POLYMAP[nbits] = p; return p
raise ValueError, nbits
p = poly(8*blksz)
z = Z(blksz)
L = E.encrypt(z)
- m0 = mul_blk_gf(L, 2, p)
- m1 = mul_blk_gf(m0, 2, p)
+ m0 = mul_blk_gf(L, C.GF(2), p)
+ m1 = mul_blk_gf(m0, C.GF(2), p)
return m0, m1
def dump_omac(E):
blksz = E.__class__.blksz
p = prim(8*blksz)
L = E.encrypt(Z(blksz))
- o = mul_blk_gf(L, 10, p)
+ o = mul_blk_gf(L, C.GF(10), p)
a = Z(blksz)
v, tl = blocks(m, blksz)
for x in v:
a ^= E.encrypt(x ^ o)
- o = mul_blk_gf(o, 2, p)
- if len(tl) == blksz: a ^= tl ^ mul_blk_gf(o, 3, p)
- else: a ^= pad10star(tl, blksz) ^ mul_blk_gf(o, 5, p)
+ o = mul_blk_gf(o, C.GF(2), p)
+ if len(tl) == blksz: a ^= tl ^ mul_blk_gf(o, C.GF(3), p)
+ else: a ^= pad10star(tl, blksz) ^ mul_blk_gf(o, C.GF(5), p)
return E.encrypt(a)
def ocb3_masks(E):
if tsz is None: tsz = blksz
p = prim(8*blksz)
L = E.encrypt(n)
- o = mul_blk_gf(L, 2, p)
+ o = mul_blk_gf(L, C.GF(2), p)
a = Z(blksz)
v, tl = blocks(m, blksz)
y = C.WriteBuffer()
for x in v:
a ^= x
y.put(E.encrypt(x ^ o) ^ o)
- o = mul_blk_gf(o, 2, p)
+ o = mul_blk_gf(o, C.GF(2), p)
n = len(tl)
yfinal = E.encrypt(C.MP(8*n).storeb(blksz) ^ o)
cfinal = tl ^ yfinal[:n]
- a ^= (tl + yfinal[n:]) ^ mul_blk_gf(o, 3, p)
+ a ^= (tl + yfinal[n:]) ^ mul_blk_gf(o, C.GF(3), p)
y.put(cfinal)
t = E.encrypt(a)
if h: t ^= pmac2(E, h)
blksz = E.__class__.blksz
p = prim(8*blksz)
L = E.encrypt(n)
- o = mul_blk_gf(L, 2, p)
+ o = mul_blk_gf(L, C.GF(2), p)
a = Z(blksz)
v, tl = blocks(y, blksz)
m = C.WriteBuffer()
u = E.encrypt(x ^ o) ^ o
y.put(u)
a ^= u
- o = mul_blk_gf(o, 2, p)
+ o = mul_blk_gf(o, C.GF(2), p)
n = len(tl)
yfinal = E.encrypt(C.MP(8*n).storeb(blksz) ^ o)
mfinal = tl ^ yfinal[:n]
- a ^= (mfinal + yfinal[n:]) ^ mul_blk_gf(o, 3, p)
+ a ^= (mfinal + yfinal[n:]) ^ mul_blk_gf(o, C.GF(3), p)
m.put(mfinal)
u = E.encrypt(a)
if h: u ^= pmac2(E, h)