From 97114264906ae8e100f6b39baffb12cf2cf0e14e Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Tue, 12 Feb 2019 11:00:04 +0100
Subject: Mise à jour des patchs de génération de traces
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 traces/traces-ae.patch  | 139 ++++++++++++++++++++++++++----------------------
 traces/traces-tbc.patch |  30 ++++++-----
 2 files changed, 92 insertions(+), 77 deletions(-)

diff --git a/traces/traces-ae.patch b/traces/traces-ae.patch
index 35dc0c9..cfe6cdb 100644
--- a/traces/traces-ae.patch
+++ b/traces/traces-ae.patch
@@ -1,70 +1,17 @@
-diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h
-index 561854e..397dac0 100644
---- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h
-+++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h
-@@ -1,3 +1,5 @@
-+#include "debug.h"
-+
- #ifndef LILLIPUT_AE_UTILS_H
- #define LILLIPUT_AE_UTILS_H
- 
-@@ -105,20 +107,45 @@ static void process_associated_data(
-     size_t l_a = A_len / BLOCK_BYTES;
-     size_t rest = A_len % BLOCK_BYTES;
- 
-+    fprintf(DUMP, "computing Auth\n");
-+
-     for (size_t i=0; i<l_a; i++)
-     {
-+        fprintf(DUMP, "    i=%zu\n", i);
-+
-         fill_index_tweak(0x2, i, tweak);
-+
-+        debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8);
-+
-         encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai);
-+
-+        debug_dump_buffer("Ai", BLOCK_BYTES, &A[i*BLOCK_BYTES], 8);
-+        debug_dump_buffer("Ek(Ai)", BLOCK_BYTES, Ek_Ai, 8);
-+
-         xor_into(Auth, Ek_Ai);
-+
-+        debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8);
-     }
- 
-     if (rest != 0)
-     {
-         uint8_t A_rest[BLOCK_BYTES];
-         pad10(rest, &A[l_a*BLOCK_BYTES], A_rest);
-+
-+        fprintf(DUMP, "    l_a=%zu (padding)\n", l_a);
-+
-         fill_index_tweak(0x6, l_a, tweak);
-+
-+        debug_dump_buffer("pad10*(A*)", BLOCK_BYTES, A_rest, 8);
-+        debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8);
-+
-         encrypt(key, tweak, A_rest, Ek_Ai);
-+
-+        debug_dump_buffer("Ek(A*)", BLOCK_BYTES, Ek_Ai, 8);
-+
-         xor_into(Auth, Ek_Ai);
-+
-+        debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8);
-     }
- }
- 
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-i.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-i.c
-index b1758c9..5cbb3f4 100644
+index 2754fbb..061a24e 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-i.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-i.c
-@@ -1,3 +1,5 @@
+@@ -15,6 +15,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
+ This file implements Lilliput-AE's nonce-respecting mode based on ΘCB3.
+ */
+ 
 +#include "debug.h"
 +
  #include <stdbool.h>
  #include <stdint.h>
  #include <string.h>
-@@ -65,32 +67,54 @@ static void _encrypt_message(
+@@ -82,32 +84,54 @@ static void _encrypt_message(
      memset(tweak, 0, TWEAK_BYTES);
      memset(checksum, 0, BLOCK_BYTES);
  
@@ -119,7 +66,7 @@ index b1758c9..5cbb3f4 100644
      }
  }
  
-@@ -112,32 +136,54 @@ static void _decrypt_message(
+@@ -129,32 +153,54 @@ static void _decrypt_message(
      memset(tweak, 0, TWEAK_BYTES);
      memset(checksum, 0, BLOCK_BYTES);
  
@@ -174,7 +121,7 @@ index b1758c9..5cbb3f4 100644
      }
  }
  
-@@ -147,7 +193,13 @@ static void _generate_tag(
+@@ -164,7 +210,13 @@ static void _generate_tag(
      uint8_t       tag[TAG_BYTES]
  )
  {
@@ -189,16 +136,19 @@ index b1758c9..5cbb3f4 100644
  
  
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-ii.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-ii.c
-index 26885e5..88f9ae0 100644
+index 862892c..7dfb38e 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-ii.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-ii.c
-@@ -1,3 +1,5 @@
+@@ -15,6 +15,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
+ This file implements Lilliput-AE's nonce-misuse-resistant mode based on SCT-2.
+ */
+ 
 +#include "debug.h"
 +
  #include <stdbool.h>
  #include <stdint.h>
  #include <string.h>
-@@ -62,24 +64,40 @@ static void _generate_tag(
+@@ -79,24 +81,40 @@ static void _generate_tag(
      size_t l = M_len / BLOCK_BYTES;
      size_t rest = M_len % BLOCK_BYTES;
  
@@ -239,7 +189,7 @@ index 26885e5..88f9ae0 100644
  }
  
  static void _encrypt_message(
-@@ -103,18 +121,33 @@ static void _encrypt_message(
+@@ -120,18 +138,33 @@ static void _encrypt_message(
      size_t l = M_len / BLOCK_BYTES;
      size_t rest = M_len % BLOCK_BYTES;
  
@@ -273,3 +223,62 @@ index 26885e5..88f9ae0 100644
      }
  }
  
+diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h
+index 6b60adc..0bd77cf 100644
+--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h
++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/lilliput-ae-utils.h
+@@ -18,6 +18,8 @@ This file provides functions used by both authenticated encryption modes.
+ #ifndef LILLIPUT_AE_UTILS_H
+ #define LILLIPUT_AE_UTILS_H
+ 
++#include "debug.h"
++
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -122,20 +124,45 @@ static void process_associated_data(
+     size_t l_a = A_len / BLOCK_BYTES;
+     size_t rest = A_len % BLOCK_BYTES;
+ 
++    fprintf(DUMP, "computing Auth\n");
++
+     for (size_t i=0; i<l_a; i++)
+     {
++        fprintf(DUMP, "    i=%zu\n", i);
++
+         fill_index_tweak(0x2, i, tweak);
++
++        debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8);
++
+         encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai);
++
++        debug_dump_buffer("Ai", BLOCK_BYTES, &A[i*BLOCK_BYTES], 8);
++        debug_dump_buffer("Ek(Ai)", BLOCK_BYTES, Ek_Ai, 8);
++
+         xor_into(Auth, Ek_Ai);
++
++        debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8);
+     }
+ 
+     if (rest != 0)
+     {
+         uint8_t A_rest[BLOCK_BYTES];
+         pad10(rest, &A[l_a*BLOCK_BYTES], A_rest);
++
++        fprintf(DUMP, "    l_a=%zu (padding)\n", l_a);
++
+         fill_index_tweak(0x6, l_a, tweak);
++
++        debug_dump_buffer("pad10*(A*)", BLOCK_BYTES, A_rest, 8);
++        debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8);
++
+         encrypt(key, tweak, A_rest, Ek_Ai);
++
++        debug_dump_buffer("Ek(A*)", BLOCK_BYTES, Ek_Ai, 8);
++
+         xor_into(Auth, Ek_Ai);
++
++        debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8);
+     }
+ }
+ 
diff --git a/traces/traces-tbc.patch b/traces/traces-tbc.patch
index 9f8b9af..ca776a1 100644
--- a/traces/traces-tbc.patch
+++ b/traces/traces-tbc.patch
@@ -1,14 +1,17 @@
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
-index e5ccd15..0749f8c 100644
+index 48144d4..3b5f36c 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
-@@ -1,3 +1,5 @@
+@@ -15,6 +15,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
+ This file provides the implementation for Lilliput-TBC.
+ */
+ 
 +#include "debug.h"
 +
  #include <stdint.h>
  #include <string.h>
  
-@@ -52,40 +54,61 @@ static void _compute_round_tweakeys(
+@@ -69,40 +71,61 @@ static void _compute_round_tweakeys(
      uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]
  )
  {
@@ -70,7 +73,7 @@ index e5ccd15..0749f8c 100644
      X[15] ^= X[1];
      X[15] ^= X[2];
      X[15] ^= X[3];
-@@ -100,6 +123,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES])
+@@ -117,6 +140,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES])
      X[11] ^= X[7];
      X[10] ^= X[7];
      X[9]  ^= X[7];
@@ -79,7 +82,7 @@ index e5ccd15..0749f8c 100644
  }
  
  static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
-@@ -109,6 +134,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
+@@ -126,6 +151,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
          return;
      }
  
@@ -88,7 +91,7 @@ index e5ccd15..0749f8c 100644
      uint8_t X_old[BLOCK_BYTES];
      memcpy(X_old, X, BLOCK_BYTES);
  
-@@ -118,6 +145,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
+@@ -135,6 +162,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
      {
          X[pi[j]] = X_old[j];
      }
@@ -97,7 +100,7 @@ index e5ccd15..0749f8c 100644
  }
  
  static void _one_round_egfn(uint8_t X[BLOCK_BYTES], const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p)
-@@ -141,11 +170,15 @@ void lilliput_tbc_encrypt(
+@@ -158,11 +187,15 @@ void lilliput_tbc_encrypt(
      uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES];
      _compute_round_tweakeys(key, tweak, RTK);
  
@@ -114,16 +117,19 @@ index e5ccd15..0749f8c 100644
  
      memcpy(ciphertext, X, BLOCK_BYTES);
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
-index 54b3036..77d2d58 100644
+index 39e5980..4cdcf2a 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
-@@ -1,3 +1,5 @@
+@@ -17,6 +17,8 @@ where multiplications by matrices M and M_R to the power n is performed by
+ functions expressing the exponentiated matrices with shifts and XORs.
+ */
+ 
 +#include "debug.h"
 +
  #include <stdint.h>
  #include <string.h>
  
-@@ -33,10 +35,16 @@ void tweakey_state_extract(
+@@ -52,10 +54,16 @@ void tweakey_state_extract(
      {
          const uint8_t *TKj = TK + j*LANE_BYTES;
  
@@ -140,7 +146,7 @@ index 54b3036..77d2d58 100644
      }
  
      round_tweakey[0] ^= round_constant;
-@@ -110,6 +118,10 @@ static const matrix_multiplication ALPHAS[6] = {
+@@ -165,6 +173,10 @@ static const matrix_multiplication ALPHAS[6] = {
      _multiply_MR3
  };
  
@@ -151,7 +157,7 @@ index 54b3036..77d2d58 100644
  
  void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
  {
-@@ -123,5 +135,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
+@@ -178,5 +190,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
          memcpy(TKj_old, TKj, LANE_BYTES);
  
          ALPHAS[j-1](TKj_old, TKj);
-- 
cgit v1.2.3