diff options
| -rw-r--r-- | CHANGELOG.txt | 3 | ||||
| -rw-r--r-- | src/add_felicsref/cipher.c | 11 | ||||
| -rw-r--r-- | src/add_threshold/cipher.c | 4 | ||||
| -rw-r--r-- | src/ref/cipher.c | 2 | ||||
| -rw-r--r-- | src/ref/multiplications.h | 91 | ||||
| -rw-r--r-- | traces/add_threshold/traces-tbc.patch | 4 | ||||
| -rw-r--r-- | traces/traces-tbc.patch | 4 |
7 files changed, 59 insertions, 60 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 25e80ca..1592a74 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -68,6 +68,9 @@ See reference implementation. Further changes: - Compute round-tweakeys on the fly to save on RAM, instead of storing all pre-computed round-tweakeys. (cipher.c) +- Remove intermediate buffer X in lilliput_tbc_decrypt(), to resemble lilliput_tbc_encrypt(). + (cipher.c) + add_threshold ------------- diff --git a/src/add_felicsref/cipher.c b/src/add_felicsref/cipher.c index 59bc5d8..916f0ab 100644 --- a/src/add_felicsref/cipher.c +++ b/src/add_felicsref/cipher.c @@ -77,7 +77,7 @@ static void _compute_round_tweakeys( tweakey_state_init(TK, key, tweak); tweakey_state_extract(TK, 0, RTK[0]); - for (uint8_t i=1; i<ROUNDS; i++) + for (size_t i=1; i<ROUNDS; i++) { tweakey_state_update(TK); tweakey_state_extract(TK, i, RTK[i]); @@ -168,18 +168,15 @@ void lilliput_tbc_decrypt( uint8_t message[BLOCK_BYTES] ) { - uint8_t X[BLOCK_BYTES]; - _state_init(X, ciphertext); + _state_init(message, ciphertext); uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]; _compute_round_tweakeys(key, tweak, RTK); for (size_t i=0; i<ROUNDS-1; i++) { - _one_round_egfn(X, RTK[ROUNDS-1-i], PERMUTATION_DECRYPTION); + _one_round_egfn(message, RTK[ROUNDS-1-i], PERMUTATION_DECRYPTION); } - _one_round_egfn(X, RTK[0], PERMUTATION_NONE); - - memcpy(message, X, BLOCK_BYTES); + _one_round_egfn(message, RTK[0], PERMUTATION_NONE); } diff --git a/src/add_threshold/cipher.c b/src/add_threshold/cipher.c index db1ec04..778a100 100644 --- a/src/add_threshold/cipher.c +++ b/src/add_threshold/cipher.c @@ -103,7 +103,7 @@ static void _state_init( memcpy(X, SHARES_0, BLOCK_BYTES); memcpy(Y, SHARES_1, BLOCK_BYTES); - for (uint8_t i=0; i<BLOCK_BYTES; i++) + for (size_t i=0; i<BLOCK_BYTES; i++) { Z[i] = message[i] ^ SHARES_0[i] ^ SHARES_1[i]; } @@ -122,7 +122,7 @@ static void _compute_round_tweakeys( tweakey_state_init(TK_X, TK_Y, key, tweak); tweakey_state_extract(TK_X, TK_Y, 0, RTK_X[0], RTK_Y[0]); - for (uint8_t i=1; i<ROUNDS; i++) + for (size_t i=1; i<ROUNDS; i++) { tweakey_state_update(TK_X, TK_Y); tweakey_state_extract(TK_X, TK_Y, i, RTK_X[i], RTK_Y[i]); diff --git a/src/ref/cipher.c b/src/ref/cipher.c index 07405e1..b6b309e 100644 --- a/src/ref/cipher.c +++ b/src/ref/cipher.c @@ -75,7 +75,7 @@ static void _compute_round_tweakeys( tweakey_state_init(TK, key, tweak); tweakey_state_extract(TK, 0, RTK[0]); - for (uint8_t i=1; i<ROUNDS; i++) + for (size_t i=1; i<ROUNDS; i++) { tweakey_state_update(TK); tweakey_state_extract(TK, i, RTK[i]); diff --git a/src/ref/multiplications.h b/src/ref/multiplications.h index c0645b9..ba68ad0 100644 --- a/src/ref/multiplications.h +++ b/src/ref/multiplications.h @@ -41,54 +41,53 @@ static void _multiply_M(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) static void _multiply_M2(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) { - uint8_t x_M_5 = x[5]<<3 ^ x[4]; - uint8_t x_M_4 = x[4]>>3 ^ x[3]; + uint8_t a5 = x[5]<<3 ^ x[4]; + uint8_t a4 = x[4]>>3 ^ x[3]; y[7] = x[5]; - y[6] = x_M_5; - y[5] = x_M_5<<3 ^ x_M_4; - y[4] = x_M_4>>3 ^ x[2]; - y[3] = x[6]<<2 ^ x[1]; - y[2] = x[5]<<2 ^ x[0]; + y[6] = a5; + y[5] = a5<<3 ^ a4; + y[4] = a4>>3 ^ x[2]; + y[3] = x[6]<<2 ^ x[1]; + y[2] = x[5]<<2 ^ x[0]; y[1] = x[7]; y[0] = x[6]; } static void _multiply_M3(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) { - uint8_t x_M_5 = x[5]<<3 ^ x[4]; - uint8_t x_M_4 = x[4]>>3 ^ x[3]; - uint8_t x_M2_5 = x_M_5<<3 ^ x_M_4; - uint8_t x_M2_4 = x_M_4>>3 ^ x[2]; - - y[7] = x_M_5; - y[6] = x_M2_5; - y[5] = x_M2_5<<3 ^ x_M2_4; - y[4] = x_M2_4>>3 ^ x[6]<<2 ^ x[1]; - y[3] = x[5]<<2 ^ x[0]; - y[2] = x_M_5<<2 ^ x[7]; + uint8_t a5 = x[5]<<3 ^ x[4]; + uint8_t a4 = x[4]>>3 ^ x[3]; + uint8_t b5 = a5<<3 ^ a4; + uint8_t b4 = a4>>3 ^ x[2]; + + y[7] = a5; + y[6] = b5; + y[5] = b5<<3 ^ b4; + y[4] = b4>>3 ^ x[6]<<2 ^ x[1]; + y[3] = x[5]<<2 ^ x[0]; + y[2] = a5<<2 ^ x[7]; y[1] = x[6]; y[0] = x[5]; } static void _multiply_M4(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) { - uint8_t a_5 = x[5]<<3 ^ x[4]; - uint8_t a_4 = x[4]>>3 ^ x[3]; - uint8_t b_5 = a_5<<3 ^ a_4; - uint8_t b_4 = a_4>>3 ^ x[2]; - - uint8_t c_4 = b_4>>3 ^ x[6]<<2 ^ x[1]; - uint8_t c_5 = b_5<<3 ^ b_4; - - y[7] = b_5; - y[6] = c_5; - y[5] = c_5<<3 ^ c_4; - y[4] = c_4>>3 ^ x[5]<<2 ^ x[0]; - y[3] = a_5<<2 ^ x[7]; - y[2] = b_5<<2 ^ x[6]; + uint8_t a5 = x[5]<<3 ^ x[4]; + uint8_t a4 = x[4]>>3 ^ x[3]; + uint8_t b5 = a5<<3 ^ a4; + uint8_t b4 = a4>>3 ^ x[2]; + uint8_t c4 = b4>>3 ^ x[6]<<2 ^ x[1]; + uint8_t c5 = b5<<3 ^ b4; + + y[7] = b5; + y[6] = c5; + y[5] = c5<<3 ^ c4; + y[4] = c4>>3 ^ x[5]<<2 ^ x[0]; + y[3] = a5<<2 ^ x[7]; + y[2] = b5<<2 ^ x[6]; y[1] = x[5]; - y[0] = a_5; + y[0] = a5; } static void _multiply_MR(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) @@ -105,13 +104,13 @@ static void _multiply_MR(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) static void _multiply_MR2(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) { - uint8_t x_MR_4 = x[5] ^ x[6]<<3; + uint8_t a4 = x[5] ^ x[6]<<3; y[0] = x[2]; y[1] = x[3] ^ x[4]>>3; - y[2] = x[4] ^ x_MR_4>>3; - y[3] = x_MR_4; - y[4] = x[3]<<2 ^ x[6] ^ x[7]<<3; + y[2] = x[4] ^ a4>>3; + y[3] = a4; + y[4] = x[3]<<2 ^ x[6] ^ x[7]<<3; y[5] = x[4]<<2 ^ x[7]; y[6] = x[0]; y[7] = x[1]; @@ -119,15 +118,15 @@ static void _multiply_MR2(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) static void _multiply_MR3(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES]) { - uint8_t x_MR_4 = x[5] ^ x[6]<<3; - uint8_t x_MR2_4 = x[3]<<2 ^ x[6] ^ x[7]<<3; - - y[0] = x[3] ^ x[4]>>3; - y[1] = x[4] ^ x_MR_4>>3; - y[2] = x_MR_4 ^ x_MR2_4>>3; - y[3] = x_MR2_4; - y[4] = x[0]<<3 ^ x[4]<<2 ^ x[7]; - y[5] = x_MR_4<<2 ^ x[0]; + uint8_t a4 = x[5] ^ x[6]<<3; + uint8_t b4 = x[3]<<2 ^ x[6] ^ x[7]<<3; + + y[0] = x[3] ^ x[4]>>3; + y[1] = x[4] ^ a4>>3; + y[2] = a4 ^ b4>>3; + y[3] = b4; + y[4] = x[0]<<3 ^ x[4]<<2 ^ x[7]; + y[5] = a4<<2 ^ x[0]; y[6] = x[1]; y[7] = x[2]; } diff --git a/traces/add_threshold/traces-tbc.patch b/traces/add_threshold/traces-tbc.patch index ac239fa..684569c 100644 --- a/traces/add_threshold/traces-tbc.patch +++ b/traces/add_threshold/traces-tbc.patch @@ -1,5 +1,5 @@ diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c -index db1ec04..c92c756 100644 +index 778a100..3b49db5 100644 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c @@ -25,6 +25,8 @@ throughout the entire round function in order to avoid extra randomness @@ -35,7 +35,7 @@ index db1ec04..c92c756 100644 + debug_dump_buffer("RTK_X", ROUND_TWEAKEY_BYTES, RTK_X[0], 8); + debug_dump_buffer("RTK_Y", ROUND_TWEAKEY_BYTES, RTK_Y[0], 8); + - for (uint8_t i=1; i<ROUNDS; i++) + for (size_t i=1; i<ROUNDS; i++) { tweakey_state_update(TK_X, TK_Y); + debug_dump_buffer("TK_X", TWEAKEY_BYTES, TK_X, 8); diff --git a/traces/traces-tbc.patch b/traces/traces-tbc.patch index ff36123..22aaedd 100644 --- a/traces/traces-tbc.patch +++ b/traces/traces-tbc.patch @@ -1,5 +1,5 @@ diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c -index 07405e1..0997cac 100644 +index b6b309e..011bc70 100644 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c @@ -17,6 +17,8 @@ http://creativecommons.org/publicdomain/zero/1.0/ @@ -24,7 +24,7 @@ index 07405e1..0997cac 100644 + fprintf(DUMP, " 0\n"); + debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, RTK[0], 8); + - for (uint8_t i=1; i<ROUNDS; i++) + for (size_t i=1; i<ROUNDS; i++) { + fprintf(DUMP, " %zu\n", (size_t)i); + |