1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
#include <stdint.h>
#include <string.h>
#include "constants.h"
#include "parameters.h"
#include "tweakey.h"
#define LANE_BITS 64
#define LANE_BYTES (LANE_BITS/8)
#define LANES_NB (TWEAKEY_BYTES/LANE_BYTES)
void tweakey_state_init(
uint8_t TK[TWEAKEY_BYTES],
const uint8_t key[KEY_BYTES],
const uint8_t tweak[TWEAK_BYTES]
)
{
memcpy(TK, tweak, TWEAK_BYTES);
memcpy(TK+TWEAK_BYTES, key, KEY_BYTES);
}
void tweakey_state_extract(
const uint8_t TK[TWEAKEY_BYTES],
uint8_t round_constant,
uint8_t round_tweakey[ROUND_TWEAKEY_BYTES]
)
{
memset(round_tweakey, 0, ROUND_TWEAKEY_BYTES);
for (size_t j=0; j<LANES_NB; j++)
{
const uint8_t *TKj = TK + j*LANE_BYTES;
for (size_t k=0; k<LANE_BYTES; k++)
{
round_tweakey[k] ^= TKj[k];
}
}
round_tweakey[0] ^= round_constant;
}
static void _permute_state(uint8_t TK[TWEAKEY_BYTES])
{
uint8_t TK_old[TWEAKEY_BYTES];
memcpy(TK_old, TK, TWEAKEY_BYTES);
for (size_t j=0; j<LANES_NB; j++)
{
uint8_t *TKj = TK + j*LANE_BYTES;
uint8_t const *TKj_old = TK_old + j*LANE_BYTES;
for (size_t k=0; k<LANE_BYTES; k++)
{
TKj[h[k]] = TKj_old[k];
}
}
}
static void _multiply_state(uint8_t TK[TWEAKEY_BYTES])
{
/* Each byte in lane 0 is multiplied by alpha_0 = 1, i.e. it
* remains unchanged.
*
* Each byte b in lanes j = { 1, ..., p-1 } is multiplied by
* alpha_j; the result of b*alpha_j is stored in P_j[b].
*
* In this implementation, P_j sequences are stored in array P;
* P_j = P[j-1].
*/
for (size_t j=1; j<LANES_NB; j++)
{
uint8_t const *Pj = P[j-1];
uint8_t *TKj = TK + j*LANE_BYTES;
for (size_t k=0; k<LANE_BYTES; k++)
{
TKj[k] = Pj[TKj[k]];
}
}
}
void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
{
_permute_state(TK);
_multiply_state(TK);
}
|
