Remaniement de la génération des traces

Pour que les traces des modes AE ne comprennent pas les traces de la partie TBC.
author: Kévin Le Gouguec <kevin.legouguec@airbus.com> 2018-11-28 18:33:53 +0100
committer: Kévin Le Gouguec <kevin.legouguec@airbus.com> 2018-11-28 18:33:53 +0100
commit: 4f87e35373acd3817ee6eebfc40d06918960aa0c (patch)
tree: 56a14624e2d49dbddff970ea6c68bccf19aaf494
parent: ef586cbef9eaff6a4409d777cd6102ec68e2e47a (diff)
download: lilliput-ae-implem-4f87e35373acd3817ee6eebfc40d06918960aa0c.tar.xz
9 files changed, 327 insertions, 191 deletions
diff --git a/.gitignore b/.gitignore
index 6ade1d5..f4ef087 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 results
-traces.tgz
+traces*.tgz
diff --git a/Makefile b/Makefile
index 5750160..7b25332 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ implementations = $(dir                         \
     $(shell find crypto_aead -name Makefile)    \
 )
 
-delegated = clean test traces
+delegated = clean test
 
 .PHONY: $(delegated)
 
@@ -15,14 +15,14 @@ $(delegated)::
 	exit $$status
 
 clean::
-	- rm traces.tgz
+	- rm traces*.tgz
 
 # To generate complete traces, apply this patch before running "make traces":
 #     $ git apply traces.patch
 # To update this patch, add print statements, then run
 #     $ git diff src > traces.patch
-traces:: traces.tgz
+traces: traces-ae traces-tbc
 
-traces.tgz:
+traces-%:
 	@ echo "Collecting traces"
-	@ ./collect-traces.sh
+	@ ./collect-traces.sh $@
diff --git a/collect-traces.sh b/collect-traces.sh
index 0b50adc..f4dc847 100755
--- a/collect-traces.sh
+++ b/collect-traces.sh
@@ -2,13 +2,27 @@
 
 set -eu
 
+trace_type=$1
+
 d=$(mktemp -d)
 
-for f in $(find . -name 'traces-*.txt')
+git apply ${trace_type}.patch
+
+for makefile in $(find crypto_aead -name Makefile)
 do
-    cp ${f} ${d}
+    implem_dir=$(dirname ${makefile})
+    make -C ${implem_dir} clean
+
+    [[ ${implem_dir} =~ lilliputae(i|ii)([0-9]+)v ]]
+
+    ae_type=${BASH_REMATCH[1]}
+    keysize=${BASH_REMATCH[2]}
+    make -C ${implem_dir} ${trace_type}-${keysize}-${ae_type}
+    cp ${implem_dir}/results/traces*.txt ${d}
 done
 
-tar czf traces.tgz -C ${d} .
+tar czf ${trace_type}.tgz -C ${d} .
 
 rm -r ${d}
+
+git apply --reverse ${trace_type}.patch
diff --git a/crypto_aead/lilliputaei128v1/ref/Makefile b/crypto_aead/lilliputaei128v1/ref/Makefile
index 11d1038..e126a75 100644
--- a/crypto_aead/lilliputaei128v1/ref/Makefile
+++ b/crypto_aead/lilliputaei128v1/ref/Makefile
@@ -1,7 +1,7 @@
 tests = test-tweakey test-tbc-encrypt test-tbc-decrypt  \
 test-ae-roundtrip test-ae-encrypt test-ae-decrypt
 
-traces = traces-ae-128-i
+traces = traces-ae-128-i traces-tbc-256-i
 
 include src/common.mk
 
@@ -13,6 +13,7 @@ results/test-tbc-encrypt: results/src/cipher.o results/src/tweakey.o results/src
 results/test-tweakey: results/src/tweakey.o results/src/constants.o | results
 
 results/traces-ae-128-i: results/src/lilliput-ae-i.o results/src/cipher.o results/src/tweakey.o results/src/constants.o | results/src
+results/traces-tbc-128-i: results/src/cipher.o results/src/tweakey.o results/src/constants.o | results/src
 
 results/test-ae-decrypt.o: src/lilliput-ae.h
 results/test-ae-encrypt.o: src/lilliput-ae.h
diff --git a/crypto_aead/lilliputaei128v1/ref/test/traces-tbc-128-i.c b/crypto_aead/lilliputaei128v1/ref/test/traces-tbc-128-i.c
new file mode 100644
index 0000000..c128da2
--- /dev/null
+++ b/crypto_aead/lilliputaei128v1/ref/test/traces-tbc-128-i.c
@@ -0,0 +1,60 @@
+#include <stdio.h>
+#include <stdint.h>
+
+#include "cipher.h"
+
+#include "debug.h"
+#include "test-helpers.h"
+
+
+FILE *DUMP;
+
+
+struct vector
+{
+    char *name;
+    uint8_t key[KEY_BYTES];
+    uint8_t tweak[TWEAK_BYTES];
+    uint8_t message[BLOCK_BYTES];
+};
+
+typedef struct vector vector;
+
+
+const vector VECTORS[] = {
+    {
+        .name = "order",
+        .key = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        },
+        .tweak = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        },
+        .message = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+        }
+    }
+};
+
+
+int main()
+{
+    for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++)
+    {
+        debug_open_dump("tbc-128-i", v->name);
+        debug_dump_buffer("message", BLOCK_BYTES, v->message, 0);
+        debug_dump_buffer("key", KEY_BYTES, v->key, 0);
+        debug_dump_buffer("tweak", TWEAK_BYTES, v->tweak, 0);
+
+        uint8_t ciphertext[BLOCK_BYTES];
+
+        lilliput_tbc_encrypt(v->key, v->tweak, v->message, ciphertext);
+
+        debug_dump_buffer("ciphertext", BLOCK_BYTES, ciphertext, 0);
+
+        fclose(DUMP);
+    }
+}
diff --git a/crypto_aead/lilliputaeii128v1/ref/Makefile b/crypto_aead/lilliputaeii128v1/ref/Makefile
index dce670a..02496ce 100644
--- a/crypto_aead/lilliputaeii128v1/ref/Makefile
+++ b/crypto_aead/lilliputaeii128v1/ref/Makefile
@@ -1,11 +1,12 @@
 tests = test-ae-roundtrip
 
-traces = traces-ae-128-ii
+traces = traces-ae-128-ii traces-tbc-128-ii
 
 include src/common.mk
 
 results/test-ae-roundtrip: results/src/lilliput-ae-ii.o results/src/cipher.o results/src/tweakey.o results/src/constants.o | results
 
 results/traces-ae-128-ii: results/src/lilliput-ae-ii.o results/src/cipher.o results/src/tweakey.o results/src/constants.o | results/src
+results/traces-tbc-128-ii: results/src/cipher.o results/src/tweakey.o results/src/constants.o | results/src
 
 results/test-ae-roundtrip.o: src/lilliput-ae.h
diff --git a/crypto_aead/lilliputaeii128v1/ref/test/traces-tbc-128-ii.c b/crypto_aead/lilliputaeii128v1/ref/test/traces-tbc-128-ii.c
new file mode 100644
index 0000000..729f3fe
--- /dev/null
+++ b/crypto_aead/lilliputaeii128v1/ref/test/traces-tbc-128-ii.c
@@ -0,0 +1,60 @@
+#include <stdio.h>
+#include <stdint.h>
+
+#include "cipher.h"
+
+#include "debug.h"
+#include "test-helpers.h"
+
+
+FILE *DUMP;
+
+
+struct vector
+{
+    char *name;
+    uint8_t key[KEY_BYTES];
+    uint8_t tweak[TWEAK_BYTES];
+    uint8_t message[BLOCK_BYTES];
+};
+
+typedef struct vector vector;
+
+
+const vector VECTORS[] = {
+    {
+        .name = "order",
+        .key = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        },
+        .tweak = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        },
+        .message = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+        }
+    }
+};
+
+
+int main()
+{
+    for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++)
+    {
+        debug_open_dump("tbc-128-ii", v->name);
+        debug_dump_buffer("message", BLOCK_BYTES, v->message, 0);
+        debug_dump_buffer("key", KEY_BYTES, v->key, 0);
+        debug_dump_buffer("tweak", TWEAK_BYTES, v->tweak, 0);
+
+        uint8_t ciphertext[BLOCK_BYTES];
+
+        lilliput_tbc_encrypt(v->key, v->tweak, v->message, ciphertext);
+
+        debug_dump_buffer("ciphertext", BLOCK_BYTES, ciphertext, 0);
+
+        fclose(DUMP);
+    }
+}
diff --git a/traces.patch b/traces-ae.patch
index 4a1854f..8aecdf6 100644
--- a/traces.patch
+++ b/traces-ae.patch
@@ -54,121 +54,6 @@ index 561854e..397dac0 100644
      }
  }
  
-diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c
-index 7f1152a..caae858 100644
---- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c
-+++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c
-@@ -1,3 +1,5 @@
-+#include "debug.h"
-+
- #include <stdint.h>
- #include <string.h>
- 
-@@ -47,40 +49,61 @@ static void _compute_round_tweakeys(
-     uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]
- )
- {
-+    fprintf(DUMP, "computing %zu round sub-tweakeys\n", (size_t)ROUNDS);
-+
-     tweakey_state TK;
-     tweakey_state_init(&TK, key, tweak);
-     tweakey_state_extract(&TK, RTK[0], 0);
- 
-+    fprintf(DUMP, "    0\n");
-+    debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, RTK[0], 8);
-+
-     for (uint8_t i=1; i<ROUNDS; i++)
-     {
-+        fprintf(DUMP, "    %zu\n", (size_t)i);
-+
-         tweakey_state_update(&TK);
-+        debug_dump_buffer("TK", TWEAK_BYTES, TK.TK, 8);
-         tweakey_state_extract(&TK, RTK[i], i);
-+        debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, RTK[i], 8);
-     }
- }
- 
- 
- static void _nonlinear_layer(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES])
- {
-+    fprintf(DUMP, "        nonlinear layer\n");
-+
-+    debug_dump_buffer("X", BLOCK_BYTES, X->X, 12);
-+
-     uint8_t F[ROUND_TWEAKEY_BYTES];
-     for (size_t j=0; j<sizeof(F); j++)
-     {
-         F[j] = X->X[j] ^ RTK[j];
-     }
- 
-+    debug_dump_buffer("Xj XOR RTKj", sizeof(F), F, 12);
-+
-     for (size_t j=0; j<sizeof(F); j++)
-     {
-         F[j] = S[F[j]];
-     }
- 
-+    debug_dump_buffer("F (post-S-box)", sizeof(F), F, 12);
-+
-     for (size_t j=0; j<8; j++)
-     {
-         size_t dest_j = 15-j;
-         X->X[dest_j] ^= F[j];
-     }
-+
-+    debug_dump_buffer("X (post-XOR)", BLOCK_BYTES, X->X, 12);
- }
- 
- static void _linear_layer(cipher_state *X)
- {
-+    fprintf(DUMP, "        linear layer\n");
-+
-     X->X[15] ^= X->X[1];
-     X->X[15] ^= X->X[2];
-     X->X[15] ^= X->X[3];
-@@ -95,6 +118,8 @@ static void _linear_layer(cipher_state *X)
-     X->X[11] ^= X->X[7];
-     X->X[10] ^= X->X[7];
-     X->X[9]  ^= X->X[7];
-+
-+    debug_dump_buffer("X", BLOCK_BYTES, X->X, 12);
- }
- 
- static void _permutation_layer(cipher_state *X, permutation p)
-@@ -104,6 +129,8 @@ static void _permutation_layer(cipher_state *X, permutation p)
-         return;
-     }
- 
-+    fprintf(DUMP, "        permutation layer\n");
-+
-     uint8_t X_old[BLOCK_BYTES];
-     memcpy(X_old, X, sizeof(X_old));
- 
-@@ -113,6 +140,8 @@ static void _permutation_layer(cipher_state *X, permutation p)
-     {
-         X->X[pi[j]] = X_old[j];
-     }
-+
-+    debug_dump_buffer("X", BLOCK_BYTES, X->X, 12);
- }
- 
- static void _one_round_egfn(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p)
-@@ -136,11 +165,15 @@ void lilliput_tbc_encrypt(
-     uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES];
-     _compute_round_tweakeys(key, tweak, RTK);
- 
-+    fprintf(DUMP, "running EGFN %zu times\n", (size_t)ROUNDS);
-+
-     for (uint8_t i=0; i<ROUNDS-1; i++)
-     {
-+        fprintf(DUMP, "    round %zu\n", (size_t)i);
-         _one_round_egfn(&X, RTK[i], PERMUTATION_ENCRYPTION);
-     }
- 
-+    fprintf(DUMP, "    round %zu\n", (size_t)(ROUNDS-1));
-     _one_round_egfn(&X, RTK[ROUNDS-1], PERMUTATION_NONE);
- 
-     memcpy(ciphertext, X.X, BLOCK_BYTES);
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c
 index b1758c9..5cbb3f4 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c
@@ -388,68 +273,3 @@ index 26885e5..88f9ae0 100644
      }
  }
  
-diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c
-index da97019..cbff16a 100644
---- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c
-+++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c
-@@ -1,3 +1,5 @@
-+#include "debug.h"
-+
- #include <stdint.h>
- #include <string.h>
- 
-@@ -32,10 +34,16 @@ void tweakey_state_extract(
- 
-     for (const uint8_t *lane=TK->TK; lane<TK->TK+TWEAKEY_BYTES; lane+=LANE_BYTES)
-     {
-+        fprintf(DUMP, "        XORing lane %zu/%zu\n", 1+(size_t)((lane-TK->TK)/LANE_BYTES), (size_t)LANES_NB);
-+        debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, round_tweakey, 12);
-+        debug_dump_buffer("lane[j]", LANE_BYTES, lane, 12);
-+
-         for (size_t j=0; j<LANE_BYTES; j++)
-         {
-             round_tweakey[j] ^= lane[j];
-         }
-+
-+        debug_dump_buffer("=> RTK", ROUND_TWEAKEY_BYTES, round_tweakey, 12);
-     }
- 
-     round_tweakey[0] ^= i;
-@@ -44,6 +52,8 @@ void tweakey_state_extract(
- 
- static void _permute_state(tweakey_state *TK)
- {
-+    fprintf(DUMP, "        permuting TK\n");
-+
-     uint8_t TK_old[TWEAKEY_BYTES];
-     memcpy(TK_old, TK->TK, sizeof(TK_old));
- 
-@@ -56,12 +66,19 @@ static void _permute_state(tweakey_state *TK)
-             TK->TK[j+h[k]] = TK_old[j+k];
-         }
-     }
-+
-+    debug_dump_buffer("TKi-1", TWEAKEY_BYTES, TK_old, 12);
-+    debug_dump_buffer("TKi", TWEAKEY_BYTES, TK->TK, 12);
- }
- 
- static void _multiply_state(tweakey_state *TK)
- {
-+    fprintf(DUMP, "        multiplying TK\n");
-+
-     /* Lane 0 is multiplied by Id; lane 1 by P_0, lane 2 by P_1... */
- 
-+    debug_dump_buffer("TKi-1", TWEAKEY_BYTES, TK->TK, 12);
-+
-     for (size_t lane=1; lane<LANES_NB; lane++)
-     {
-         const uint8_t* P_lane = P[lane-1];
-@@ -74,6 +91,8 @@ static void _multiply_state(tweakey_state *TK)
-             TK->TK[offset] = P_lane[TK->TK[offset]];
-         }
-     }
-+
-+    debug_dump_buffer("TKi", TWEAKEY_BYTES, TK->TK, 12);
- }
- 
- void tweakey_state_update(tweakey_state *TK)
diff --git a/traces-tbc.patch b/traces-tbc.patch
new file mode 100644
index 0000000..49cb0f1
--- /dev/null
+++ b/traces-tbc.patch
@@ -0,0 +1,180 @@
+diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c
+index 7f1152a..caae858 100644
+--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c
++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c
+@@ -1,3 +1,5 @@
++#include "debug.h"
++
+ #include <stdint.h>
+ #include <string.h>
+ 
+@@ -47,40 +49,61 @@ static void _compute_round_tweakeys(
+     uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]
+ )
+ {
++    fprintf(DUMP, "computing %zu round sub-tweakeys\n", (size_t)ROUNDS);
++
+     tweakey_state TK;
+     tweakey_state_init(&TK, key, tweak);
+     tweakey_state_extract(&TK, RTK[0], 0);
+ 
++    fprintf(DUMP, "    0\n");
++    debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, RTK[0], 8);
++
+     for (uint8_t i=1; i<ROUNDS; i++)
+     {
++        fprintf(DUMP, "    %zu\n", (size_t)i);
++
+         tweakey_state_update(&TK);
++        debug_dump_buffer("TK", TWEAK_BYTES, TK.TK, 8);
+         tweakey_state_extract(&TK, RTK[i], i);
++        debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, RTK[i], 8);
+     }
+ }
+ 
+ 
+ static void _nonlinear_layer(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES])
+ {
++    fprintf(DUMP, "        nonlinear layer\n");
++
++    debug_dump_buffer("X", BLOCK_BYTES, X->X, 12);
++
+     uint8_t F[ROUND_TWEAKEY_BYTES];
+     for (size_t j=0; j<sizeof(F); j++)
+     {
+         F[j] = X->X[j] ^ RTK[j];
+     }
+ 
++    debug_dump_buffer("Xj XOR RTKj", sizeof(F), F, 12);
++
+     for (size_t j=0; j<sizeof(F); j++)
+     {
+         F[j] = S[F[j]];
+     }
+ 
++    debug_dump_buffer("F (post-S-box)", sizeof(F), F, 12);
++
+     for (size_t j=0; j<8; j++)
+     {
+         size_t dest_j = 15-j;
+         X->X[dest_j] ^= F[j];
+     }
++
++    debug_dump_buffer("X (post-XOR)", BLOCK_BYTES, X->X, 12);
+ }
+ 
+ static void _linear_layer(cipher_state *X)
+ {
++    fprintf(DUMP, "        linear layer\n");
++
+     X->X[15] ^= X->X[1];
+     X->X[15] ^= X->X[2];
+     X->X[15] ^= X->X[3];
+@@ -95,6 +118,8 @@ static void _linear_layer(cipher_state *X)
+     X->X[11] ^= X->X[7];
+     X->X[10] ^= X->X[7];
+     X->X[9]  ^= X->X[7];
++
++    debug_dump_buffer("X", BLOCK_BYTES, X->X, 12);
+ }
+ 
+ static void _permutation_layer(cipher_state *X, permutation p)
+@@ -104,6 +129,8 @@ static void _permutation_layer(cipher_state *X, permutation p)
+         return;
+     }
+ 
++    fprintf(DUMP, "        permutation layer\n");
++
+     uint8_t X_old[BLOCK_BYTES];
+     memcpy(X_old, X, sizeof(X_old));
+ 
+@@ -113,6 +140,8 @@ static void _permutation_layer(cipher_state *X, permutation p)
+     {
+         X->X[pi[j]] = X_old[j];
+     }
++
++    debug_dump_buffer("X", BLOCK_BYTES, X->X, 12);
+ }
+ 
+ static void _one_round_egfn(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p)
+@@ -136,11 +165,15 @@ void lilliput_tbc_encrypt(
+     uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES];
+     _compute_round_tweakeys(key, tweak, RTK);
+ 
++    fprintf(DUMP, "running EGFN %zu times\n", (size_t)ROUNDS);
++
+     for (uint8_t i=0; i<ROUNDS-1; i++)
+     {
++        fprintf(DUMP, "    round %zu\n", (size_t)i);
+         _one_round_egfn(&X, RTK[i], PERMUTATION_ENCRYPTION);
+     }
+ 
++    fprintf(DUMP, "    round %zu\n", (size_t)(ROUNDS-1));
+     _one_round_egfn(&X, RTK[ROUNDS-1], PERMUTATION_NONE);
+ 
+     memcpy(ciphertext, X.X, BLOCK_BYTES);
+diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c
+index da97019..cbff16a 100644
+--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c
++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c
+@@ -1,3 +1,5 @@
++#include "debug.h"
++
+ #include <stdint.h>
+ #include <string.h>
+ 
+@@ -32,10 +34,16 @@ void tweakey_state_extract(
+ 
+     for (const uint8_t *lane=TK->TK; lane<TK->TK+TWEAKEY_BYTES; lane+=LANE_BYTES)
+     {
++        fprintf(DUMP, "        XORing lane %zu/%zu\n", 1+(size_t)((lane-TK->TK)/LANE_BYTES), (size_t)LANES_NB);
++        debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, round_tweakey, 12);
++        debug_dump_buffer("lane[j]", LANE_BYTES, lane, 12);
++
+         for (size_t j=0; j<LANE_BYTES; j++)
+         {
+             round_tweakey[j] ^= lane[j];
+         }
++
++        debug_dump_buffer("=> RTK", ROUND_TWEAKEY_BYTES, round_tweakey, 12);
+     }
+ 
+     round_tweakey[0] ^= i;
+@@ -44,6 +52,8 @@ void tweakey_state_extract(
+ 
+ static void _permute_state(tweakey_state *TK)
+ {
++    fprintf(DUMP, "        permuting TK\n");
++
+     uint8_t TK_old[TWEAKEY_BYTES];
+     memcpy(TK_old, TK->TK, sizeof(TK_old));
+ 
+@@ -56,12 +66,19 @@ static void _permute_state(tweakey_state *TK)
+             TK->TK[j+h[k]] = TK_old[j+k];
+         }
+     }
++
++    debug_dump_buffer("TKi-1", TWEAKEY_BYTES, TK_old, 12);
++    debug_dump_buffer("TKi", TWEAKEY_BYTES, TK->TK, 12);
+ }
+ 
+ static void _multiply_state(tweakey_state *TK)
+ {
++    fprintf(DUMP, "        multiplying TK\n");
++
+     /* Lane 0 is multiplied by Id; lane 1 by P_0, lane 2 by P_1... */
+ 
++    debug_dump_buffer("TKi-1", TWEAKEY_BYTES, TK->TK, 12);
++
+     for (size_t lane=1; lane<LANES_NB; lane++)
+     {
+         const uint8_t* P_lane = P[lane-1];
+@@ -74,6 +91,8 @@ static void _multiply_state(tweakey_state *TK)
+             TK->TK[offset] = P_lane[TK->TK[offset]];
+         }
+     }
++
++    debug_dump_buffer("TKi", TWEAKEY_BYTES, TK->TK, 12);
+ }
+ 
+ void tweakey_state_update(tweakey_state *TK)
author	Kévin Le Gouguec <kevin.legouguec@airbus.com>	2018-11-28 18:33:53 +0100
committer	Kévin Le Gouguec <kevin.legouguec@airbus.com>	2018-11-28 18:33:53 +0100
commit	4f87e35373acd3817ee6eebfc40d06918960aa0c (patch)
tree	56a14624e2d49dbddff970ea6c68bccf19aaf494
parent	ef586cbef9eaff6a4409d777cd6102ec68e2e47a (diff)
download	lilliput-ae-implem-4f87e35373acd3817ee6eebfc40d06918960aa0c.tar.xz