[AES] Warn or raise in case of missmatch between step to stop and round
The AES encryption and decryption functions cans be used to compute intermediate data, with the at_round
and after_step
arguments.
We are following the NIST AES description, so an AES encryption round is:
[sub_bytes, shift_rows, mix_columns, add_round_key]
(see https://gitlab.com/eshard/scared/-/blob/master/scared/aes/base.py?ref_type=heads#L511)
except for first and last rounds:
- firt round:
[add_round_key]
(implemented in the python code as[_identity, _identity, _identity, add_round_key]
) - last round:
[sub_bytes, shift_rows, add_round_key]
(implemented as[sub_bytes, shift_rows, _identity, add_round_key]
)
So, asking to stop at some steps for first and last rounds does not make sens. But due to the implementation, this does not raise, and return valid and relevant results. But it can be confusing for user, especially if it's not clear that we are following the NIST AES description.
For instance encrypt(at_round=0, after_step=Steps.SUB_BYTES
returns the plaintext.
So we should ad least warn the user. I think the simplest way is to add a the end of the _prepare_rounds
function:
if rounds[-1][-1] == _identity:
warn(f'''By stopping after step {after_step} at round {at_round}, you are returning after an identity operations. The AES implementation follows the NIST convention, so
For encryption:
- At round 0, stopping after steps SUB_BYTES, SHIFT_ROWS or MIX_COLUMNS returns the plaintext. Please stop at round 1
- At last round, stopping after step MIX_COLUMNS is equivalent to stop after SHIFT_ROWS
For decryption:
- At round 0, stopping at step INV_MIX_COLUMNS is equivalent to stop after the first INV_ADD_ROUND_KEY.
- At last round, stopping after INV_MIX_COLUMNS, INV_SHIFT_ROWS or INV_SUB_BYTES is equivalent to stop after the last INV_ADD_ROUND_KEY''')