diff options
| author | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-11-27 08:58:46 +0100 |
|---|---|---|
| committer | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-11-27 08:58:46 +0100 |
| commit | d14739644394986cb584acb45ed9b214dff1c501 (patch) | |
| tree | 3bd49b3feeafcd3aeb23a779d161f67664a1eaec /crypto_aead | |
| parent | 89ff89643cf6682742730c3f65b572debe2c2ab1 (diff) | |
| download | lilliput-ae-implem-d14739644394986cb584acb45ed9b214dff1c501.tar.xz | |
Mise en commun du code TBC et ΘCB3
Il ne devrait pas varier selon les paramètres AFAICT.
Diffstat (limited to 'crypto_aead')
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/Makefile | 36 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/api.h | 13 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/cipher.c | 170 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/cipher.h | 23 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/constants.c | 248 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/constants.h | 16 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/debug.h | 50 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/encrypt.c | 25 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c | 310 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/lilliput-ae.h | 35 | ||||
| l--------- | crypto_aead/lilliputaei128v1/ref/src | 1 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/tweakey.c | 83 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/tweakey.h | 31 |
13 files changed, 19 insertions, 1022 deletions
diff --git a/crypto_aead/lilliputaei128v1/ref/Makefile b/crypto_aead/lilliputaei128v1/ref/Makefile index 31167b0..75754d4 100644 --- a/crypto_aead/lilliputaei128v1/ref/Makefile +++ b/crypto_aead/lilliputaei128v1/ref/Makefile @@ -3,7 +3,7 @@ test-tbc-encrypt test-tbc-decrypt \ test-ae-roundtrip test-ae-encrypt test-ae-decrypt nist_flags = -std=c99 -Wall -Wextra -Wshadow -fsanitize=address,undefined -O2 -CFLAGS += -I. $(nist_flags) -Werror +CFLAGS += -I. -Isrc $(nist_flags) -Werror LDFLAGS += $(nist_flags) @@ -28,25 +28,25 @@ test: $(tests) $(tests): %: results/% ./results/$@ -results/test-ae-decrypt: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results -results/test-ae-encrypt: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results -results/test-ae-roundtrip: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results -results/test-tbc-decrypt: results/cipher.o results/tweakey.o results/constants.o | results -results/test-tbc-encrypt: results/cipher.o results/tweakey.o results/constants.o | results -results/test-tweakey: results/tweakey.o results/constants.o | results +results/test-ae-decrypt: results/src/lilliput-ae-i.o results/src/cipher.o results/src/tweakey.o results/src/constants.o | results +results/test-ae-encrypt: results/src/lilliput-ae-i.o results/src/cipher.o results/src/tweakey.o results/src/constants.o | results +results/test-ae-roundtrip: results/src/lilliput-ae-i.o results/src/cipher.o results/src/tweakey.o results/src/constants.o | results +results/test-tbc-decrypt: results/src/cipher.o results/src/tweakey.o results/src/constants.o | results +results/test-tbc-encrypt: results/src/cipher.o results/src/tweakey.o results/src/constants.o | results +results/test-tweakey: results/src/tweakey.o results/src/constants.o | results results/test-*.o: test/helpers.h parameters.h -results/test-ae-decrypt.o: lilliput-ae.h -results/test-ae-encrypt.o: lilliput-ae.h -results/test-ae-roundtrip.o: lilliput-ae.h -results/test-tbc-decrypt.o: cipher.h -results/test-tbc-encrypt.o: cipher.h -results/test-tweakey.o: tweakey.h - -results/cipher.o: cipher.h tweakey.h constants.h parameters.h -results/constants.o: constants.h -results/lilliput-ae-i.o: lilliput-ae.h cipher.h constants.h -results/tweakey.o: tweakey.h constants.h parameters.h +results/test-ae-decrypt.o: src/lilliput-ae.h +results/test-ae-encrypt.o: src/lilliput-ae.h +results/test-ae-roundtrip.o: src/lilliput-ae.h +results/test-tbc-decrypt.o: src/cipher.h +results/test-tbc-encrypt.o: src/cipher.h +results/test-tweakey.o: src/tweakey.h + +results/src/cipher.o: src/cipher.h src/tweakey.h src/constants.h parameters.h +results/src/constants.o: src/constants.h +results/src/lilliput-ae-i.o: src/lilliput-ae.h src/cipher.h src/constants.h +results/src/tweakey.o: src/tweakey.h src/constants.h parameters.h # TODO: should add order-only prerequisites to remove mkdirs inside recipes # TODO: add valgrind, although it does not seem to play well with ASAN diff --git a/crypto_aead/lilliputaei128v1/ref/api.h b/crypto_aead/lilliputaei128v1/ref/api.h deleted file mode 100644 index 80dc20c..0000000 --- a/crypto_aead/lilliputaei128v1/ref/api.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef API_H -#define API_H - -#include "parameters.h" - - -#define CRYPTO_KEYBYTES KEY_BYTES -#define CRYPTO_NSECBYTES 0 -#define CRYPTO_NPUBBYTES NONCE_BYTES -#define CRYPTO_ABYTES BLOCK_BYTES -#define CRYPTO_NOOVERLAP 1 - -#endif /* API_H */ diff --git a/crypto_aead/lilliputaei128v1/ref/cipher.c b/crypto_aead/lilliputaei128v1/ref/cipher.c deleted file mode 100644 index 7f1152a..0000000 --- a/crypto_aead/lilliputaei128v1/ref/cipher.c +++ /dev/null @@ -1,170 +0,0 @@ -#include <stdint.h> -#include <string.h> - -#include "cipher.h" -#include "constants.h" -#include "parameters.h" -#include "tweakey.h" - - -enum permutation -{ - PERMUTATION_ENCRYPTION = 0, - PERMUTATION_DECRYPTION = 1, - PERMUTATION_NONE -}; - -typedef enum permutation permutation; - -const uint8_t PERMUTATIONS[2][BLOCK_BYTES] = { - /* PI(i) */ - [0] = { 13, 9, 14, 8, 10, 11, 12, 15, - 4, 5, 3, 1, 2, 6, 0, 7 }, - /* PI^-1(i) */ - [1] = { 14, 11, 12, 10, 8, 9, 13, 15, - 3, 1, 4, 5, 6, 0, 2, 7 } -}; - - -struct cipher_state -{ - uint8_t X[BLOCK_BYTES]; -}; - - -typedef struct cipher_state cipher_state; - - -static void _state_init(cipher_state *X, const uint8_t message[BLOCK_BYTES]) -{ - memcpy(X->X, message, sizeof(X->X)); -} - - -static void _compute_round_tweakeys( - const uint8_t key[KEY_BYTES], - const uint8_t tweak[TWEAK_BYTES], - uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES] -) -{ - tweakey_state TK; - tweakey_state_init(&TK, key, tweak); - tweakey_state_extract(&TK, RTK[0], 0); - - for (uint8_t i=1; i<ROUNDS; i++) - { - tweakey_state_update(&TK); - tweakey_state_extract(&TK, RTK[i], i); - } -} - - -static void _nonlinear_layer(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES]) -{ - uint8_t F[ROUND_TWEAKEY_BYTES]; - for (size_t j=0; j<sizeof(F); j++) - { - F[j] = X->X[j] ^ RTK[j]; - } - - for (size_t j=0; j<sizeof(F); j++) - { - F[j] = S[F[j]]; - } - - for (size_t j=0; j<8; j++) - { - size_t dest_j = 15-j; - X->X[dest_j] ^= F[j]; - } -} - -static void _linear_layer(cipher_state *X) -{ - X->X[15] ^= X->X[1]; - X->X[15] ^= X->X[2]; - X->X[15] ^= X->X[3]; - X->X[15] ^= X->X[4]; - X->X[15] ^= X->X[5]; - X->X[15] ^= X->X[6]; - X->X[15] ^= X->X[7]; - - X->X[14] ^= X->X[7]; - X->X[13] ^= X->X[7]; - X->X[12] ^= X->X[7]; - X->X[11] ^= X->X[7]; - X->X[10] ^= X->X[7]; - X->X[9] ^= X->X[7]; -} - -static void _permutation_layer(cipher_state *X, permutation p) -{ - if (p == PERMUTATION_NONE) - { - return; - } - - uint8_t X_old[BLOCK_BYTES]; - memcpy(X_old, X, sizeof(X_old)); - - const uint8_t *pi = PERMUTATIONS[p]; - - for (size_t j=0; j<BLOCK_BYTES; j++) - { - X->X[pi[j]] = X_old[j]; - } -} - -static void _one_round_egfn(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p) -{ - _nonlinear_layer(X, RTK); - _linear_layer(X); - _permutation_layer(X, p); -} - - -void lilliput_tbc_encrypt( - const uint8_t key[KEY_BYTES], - const uint8_t tweak[TWEAK_BYTES], - const uint8_t message[BLOCK_BYTES], - uint8_t ciphertext[BLOCK_BYTES] -) -{ - cipher_state X; - _state_init(&X, message); - - uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]; - _compute_round_tweakeys(key, tweak, RTK); - - for (uint8_t i=0; i<ROUNDS-1; i++) - { - _one_round_egfn(&X, RTK[i], PERMUTATION_ENCRYPTION); - } - - _one_round_egfn(&X, RTK[ROUNDS-1], PERMUTATION_NONE); - - memcpy(ciphertext, X.X, BLOCK_BYTES); -} - -void lilliput_tbc_decrypt( - const uint8_t key[KEY_BYTES], - const uint8_t tweak[TWEAK_BYTES], - const uint8_t ciphertext[BLOCK_BYTES], - uint8_t message[BLOCK_BYTES] -) -{ - cipher_state X; - _state_init(&X, ciphertext); - - uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]; - _compute_round_tweakeys(key, tweak, RTK); - - for (uint8_t i=0; i<ROUNDS-1; i++) - { - _one_round_egfn(&X, RTK[ROUNDS-1-i], PERMUTATION_DECRYPTION); - } - - _one_round_egfn(&X, RTK[0], PERMUTATION_NONE); - - memcpy(message, X.X, BLOCK_BYTES); -} diff --git a/crypto_aead/lilliputaei128v1/ref/cipher.h b/crypto_aead/lilliputaei128v1/ref/cipher.h deleted file mode 100644 index 06dfde5..0000000 --- a/crypto_aead/lilliputaei128v1/ref/cipher.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef CIPHER_H -#define CIPHER_H - -#include <stdint.h> - -#include "parameters.h" - - -void lilliput_tbc_encrypt( - const uint8_t key[KEY_BYTES], - const uint8_t tweak[TWEAK_BYTES], - const uint8_t message[BLOCK_BYTES], - uint8_t ciphertext[BLOCK_BYTES] -); - -void lilliput_tbc_decrypt( - const uint8_t key[KEY_BYTES], - const uint8_t tweak[TWEAK_BYTES], - const uint8_t ciphertext[BLOCK_BYTES], - uint8_t message[BLOCK_BYTES] -); - -#endif /* CIPHER_H */ diff --git a/crypto_aead/lilliputaei128v1/ref/constants.c b/crypto_aead/lilliputaei128v1/ref/constants.c deleted file mode 100644 index 29da1d8..0000000 --- a/crypto_aead/lilliputaei128v1/ref/constants.c +++ /dev/null @@ -1,248 +0,0 @@ -#include "constants.h" - - -const uint8_t h[8] = { - 1, 5, 3, 0, 4, 7, 2, 6 -}; - -const uint8_t P[6][256] = { - [0] = { - 0, 2, 4, 6, 8, 10, 12, 14, - 16, 18, 20, 22, 24, 26, 28, 30, - 32, 34, 36, 38, 40, 42, 44, 46, - 48, 50, 52, 54, 56, 58, 60, 62, - 64, 66, 68, 70, 72, 74, 76, 78, - 80, 82, 84, 86, 88, 90, 92, 94, - 96, 98, 100, 102, 104, 106, 108, 110, - 112, 114, 116, 118, 120, 122, 124, 126, - 132, 134, 128, 130, 140, 142, 136, 138, - 148, 150, 144, 146, 156, 158, 152, 154, - 164, 166, 160, 162, 172, 174, 168, 170, - 180, 182, 176, 178, 188, 190, 184, 186, - 196, 198, 192, 194, 204, 206, 200, 202, - 212, 214, 208, 210, 220, 222, 216, 218, - 228, 230, 224, 226, 236, 238, 232, 234, - 244, 246, 240, 242, 252, 254, 248, 250, - 129, 131, 133, 135, 137, 139, 141, 143, - 145, 147, 149, 151, 153, 155, 157, 159, - 161, 163, 165, 167, 169, 171, 173, 175, - 177, 179, 181, 183, 185, 187, 189, 191, - 193, 195, 197, 199, 201, 203, 205, 207, - 209, 211, 213, 215, 217, 219, 221, 223, - 225, 227, 229, 231, 233, 235, 237, 239, - 241, 243, 245, 247, 249, 251, 253, 255, - 5, 7, 1, 3, 13, 15, 9, 11, - 21, 23, 17, 19, 29, 31, 25, 27, - 37, 39, 33, 35, 45, 47, 41, 43, - 53, 55, 49, 51, 61, 63, 57, 59, - 69, 71, 65, 67, 77, 79, 73, 75, - 85, 87, 81, 83, 93, 95, 89, 91, - 101, 103, 97, 99, 109, 111, 105, 107, - 117, 119, 113, 115, 125, 127, 121, 123 - }, - [1] = { - 0, 4, 8, 12, 16, 20, 24, 28, - 32, 36, 40, 44, 48, 52, 56, 60, - 64, 68, 72, 76, 80, 84, 88, 92, - 96, 100, 104, 108, 112, 116, 120, 124, - 132, 128, 140, 136, 148, 144, 156, 152, - 164, 160, 172, 168, 180, 176, 188, 184, - 196, 192, 204, 200, 212, 208, 220, 216, - 228, 224, 236, 232, 244, 240, 252, 248, - 137, 141, 129, 133, 153, 157, 145, 149, - 169, 173, 161, 165, 185, 189, 177, 181, - 201, 205, 193, 197, 217, 221, 209, 213, - 233, 237, 225, 229, 249, 253, 241, 245, - 13, 9, 5, 1, 29, 25, 21, 17, - 45, 41, 37, 33, 61, 57, 53, 49, - 77, 73, 69, 65, 93, 89, 85, 81, - 109, 105, 101, 97, 125, 121, 117, 113, - 131, 135, 139, 143, 147, 151, 155, 159, - 163, 167, 171, 175, 179, 183, 187, 191, - 195, 199, 203, 207, 211, 215, 219, 223, - 227, 231, 235, 239, 243, 247, 251, 255, - 7, 3, 15, 11, 23, 19, 31, 27, - 39, 35, 47, 43, 55, 51, 63, 59, - 71, 67, 79, 75, 87, 83, 95, 91, - 103, 99, 111, 107, 119, 115, 127, 123, - 10, 14, 2, 6, 26, 30, 18, 22, - 42, 46, 34, 38, 58, 62, 50, 54, - 74, 78, 66, 70, 90, 94, 82, 86, - 106, 110, 98, 102, 122, 126, 114, 118, - 142, 138, 134, 130, 158, 154, 150, 146, - 174, 170, 166, 162, 190, 186, 182, 178, - 206, 202, 198, 194, 222, 218, 214, 210, - 238, 234, 230, 226, 254, 250, 246, 242 - }, - [2] = { - 0, 8, 16, 24, 32, 40, 48, 56, - 64, 72, 80, 88, 96, 104, 112, 120, - 132, 140, 148, 156, 164, 172, 180, 188, - 196, 204, 212, 220, 228, 236, 244, 252, - 137, 129, 153, 145, 169, 161, 185, 177, - 201, 193, 217, 209, 233, 225, 249, 241, - 13, 5, 29, 21, 45, 37, 61, 53, - 77, 69, 93, 85, 109, 101, 125, 117, - 147, 155, 131, 139, 179, 187, 163, 171, - 211, 219, 195, 203, 243, 251, 227, 235, - 23, 31, 7, 15, 55, 63, 39, 47, - 87, 95, 71, 79, 119, 127, 103, 111, - 26, 18, 10, 2, 58, 50, 42, 34, - 90, 82, 74, 66, 122, 114, 106, 98, - 158, 150, 142, 134, 190, 182, 174, 166, - 222, 214, 206, 198, 254, 246, 238, 230, - 135, 143, 151, 159, 167, 175, 183, 191, - 199, 207, 215, 223, 231, 239, 247, 255, - 3, 11, 19, 27, 35, 43, 51, 59, - 67, 75, 83, 91, 99, 107, 115, 123, - 14, 6, 30, 22, 46, 38, 62, 54, - 78, 70, 94, 86, 110, 102, 126, 118, - 138, 130, 154, 146, 170, 162, 186, 178, - 202, 194, 218, 210, 234, 226, 250, 242, - 20, 28, 4, 12, 52, 60, 36, 44, - 84, 92, 68, 76, 116, 124, 100, 108, - 144, 152, 128, 136, 176, 184, 160, 168, - 208, 216, 192, 200, 240, 248, 224, 232, - 157, 149, 141, 133, 189, 181, 173, 165, - 221, 213, 205, 197, 253, 245, 237, 229, - 25, 17, 9, 1, 57, 49, 41, 33, - 89, 81, 73, 65, 121, 113, 105, 97 - }, - [3] = { - 0, 132, 1, 133, 3, 135, 2, 134, - 4, 128, 5, 129, 7, 131, 6, 130, - 8, 140, 9, 141, 11, 143, 10, 142, - 12, 136, 13, 137, 15, 139, 14, 138, - 16, 148, 17, 149, 19, 151, 18, 150, - 20, 144, 21, 145, 23, 147, 22, 146, - 24, 156, 25, 157, 27, 159, 26, 158, - 28, 152, 29, 153, 31, 155, 30, 154, - 32, 164, 33, 165, 35, 167, 34, 166, - 36, 160, 37, 161, 39, 163, 38, 162, - 40, 172, 41, 173, 43, 175, 42, 174, - 44, 168, 45, 169, 47, 171, 46, 170, - 48, 180, 49, 181, 51, 183, 50, 182, - 52, 176, 53, 177, 55, 179, 54, 178, - 56, 188, 57, 189, 59, 191, 58, 190, - 60, 184, 61, 185, 63, 187, 62, 186, - 64, 196, 65, 197, 67, 199, 66, 198, - 68, 192, 69, 193, 71, 195, 70, 194, - 72, 204, 73, 205, 75, 207, 74, 206, - 76, 200, 77, 201, 79, 203, 78, 202, - 80, 212, 81, 213, 83, 215, 82, 214, - 84, 208, 85, 209, 87, 211, 86, 210, - 88, 220, 89, 221, 91, 223, 90, 222, - 92, 216, 93, 217, 95, 219, 94, 218, - 96, 228, 97, 229, 99, 231, 98, 230, - 100, 224, 101, 225, 103, 227, 102, 226, - 104, 236, 105, 237, 107, 239, 106, 238, - 108, 232, 109, 233, 111, 235, 110, 234, - 112, 244, 113, 245, 115, 247, 114, 246, - 116, 240, 117, 241, 119, 243, 118, 242, - 120, 252, 121, 253, 123, 255, 122, 254, - 124, 248, 125, 249, 127, 251, 126, 250 - }, - [4] = { - 0, 165, 67, 230, 199, 98, 132, 33, - 133, 32, 198, 99, 66, 231, 1, 164, - 3, 166, 64, 229, 196, 97, 135, 34, - 134, 35, 197, 96, 65, 228, 2, 167, - 4, 161, 71, 226, 195, 102, 128, 37, - 129, 36, 194, 103, 70, 227, 5, 160, - 7, 162, 68, 225, 192, 101, 131, 38, - 130, 39, 193, 100, 69, 224, 6, 163, - 8, 173, 75, 238, 207, 106, 140, 41, - 141, 40, 206, 107, 74, 239, 9, 172, - 11, 174, 72, 237, 204, 105, 143, 42, - 142, 43, 205, 104, 73, 236, 10, 175, - 12, 169, 79, 234, 203, 110, 136, 45, - 137, 44, 202, 111, 78, 235, 13, 168, - 15, 170, 76, 233, 200, 109, 139, 46, - 138, 47, 201, 108, 77, 232, 14, 171, - 16, 181, 83, 246, 215, 114, 148, 49, - 149, 48, 214, 115, 82, 247, 17, 180, - 19, 182, 80, 245, 212, 113, 151, 50, - 150, 51, 213, 112, 81, 244, 18, 183, - 20, 177, 87, 242, 211, 118, 144, 53, - 145, 52, 210, 119, 86, 243, 21, 176, - 23, 178, 84, 241, 208, 117, 147, 54, - 146, 55, 209, 116, 85, 240, 22, 179, - 24, 189, 91, 254, 223, 122, 156, 57, - 157, 56, 222, 123, 90, 255, 25, 188, - 27, 190, 88, 253, 220, 121, 159, 58, - 158, 59, 221, 120, 89, 252, 26, 191, - 28, 185, 95, 250, 219, 126, 152, 61, - 153, 60, 218, 127, 94, 251, 29, 184, - 31, 186, 92, 249, 216, 125, 155, 62, - 154, 63, 217, 124, 93, 248, 30, 187 - }, - [5] = { - 0, 215, 165, 114, 230, 49, 67, 148, - 199, 16, 98, 181, 33, 246, 132, 83, - 133, 82, 32, 247, 99, 180, 198, 17, - 66, 149, 231, 48, 164, 115, 1, 214, - 3, 212, 166, 113, 229, 50, 64, 151, - 196, 19, 97, 182, 34, 245, 135, 80, - 134, 81, 35, 244, 96, 183, 197, 18, - 65, 150, 228, 51, 167, 112, 2, 213, - 4, 211, 161, 118, 226, 53, 71, 144, - 195, 20, 102, 177, 37, 242, 128, 87, - 129, 86, 36, 243, 103, 176, 194, 21, - 70, 145, 227, 52, 160, 119, 5, 210, - 7, 208, 162, 117, 225, 54, 68, 147, - 192, 23, 101, 178, 38, 241, 131, 84, - 130, 85, 39, 240, 100, 179, 193, 22, - 69, 146, 224, 55, 163, 116, 6, 209, - 8, 223, 173, 122, 238, 57, 75, 156, - 207, 24, 106, 189, 41, 254, 140, 91, - 141, 90, 40, 255, 107, 188, 206, 25, - 74, 157, 239, 56, 172, 123, 9, 222, - 11, 220, 174, 121, 237, 58, 72, 159, - 204, 27, 105, 190, 42, 253, 143, 88, - 142, 89, 43, 252, 104, 191, 205, 26, - 73, 158, 236, 59, 175, 120, 10, 221, - 12, 219, 169, 126, 234, 61, 79, 152, - 203, 28, 110, 185, 45, 250, 136, 95, - 137, 94, 44, 251, 111, 184, 202, 29, - 78, 153, 235, 60, 168, 127, 13, 218, - 15, 216, 170, 125, 233, 62, 76, 155, - 200, 31, 109, 186, 46, 249, 139, 92, - 138, 93, 47, 248, 108, 187, 201, 30, - 77, 154, 232, 63, 171, 124, 14, 217 - }, -}; - -const uint8_t S[256] = { - 32, 0, 178, 133, 59, 53, 166, 164, - 48, 228, 106, 44, 255, 89, 226, 14, - 248, 30, 122, 128, 21, 189, 62, 177, - 232, 243, 162, 194, 218, 81, 42, 16, - 33, 1, 35, 120, 92, 36, 39, 181, - 55, 199, 43, 31, 174, 10, 119, 95, - 111, 9, 157, 129, 4, 90, 41, 220, - 57, 156, 5, 87, 151, 116, 121, 23, - 68, 198, 230, 233, 221, 65, 242, 138, - 84, 202, 110, 74, 225, 173, 182, 136, - 28, 152, 126, 206, 99, 73, 58, 93, - 12, 239, 246, 52, 86, 37, 46, 214, - 103, 117, 85, 118, 184, 210, 97, 217, - 113, 139, 205, 11, 114, 108, 49, 75, - 105, 253, 123, 109, 96, 60, 47, 98, - 63, 34, 115, 19, 201, 130, 127, 83, - 50, 18, 160, 124, 2, 135, 132, 134, - 147, 78, 104, 70, 141, 195, 219, 236, - 155, 183, 137, 146, 167, 190, 61, 216, - 234, 80, 145, 241, 51, 56, 224, 169, - 163, 131, 161, 27, 207, 6, 149, 7, - 158, 237, 185, 245, 76, 192, 244, 45, - 22, 250, 180, 3, 38, 179, 144, 79, - 171, 101, 252, 254, 20, 247, 227, 148, - 238, 172, 140, 26, 222, 203, 40, 64, - 125, 200, 196, 72, 107, 223, 165, 82, - 229, 251, 215, 100, 249, 240, 211, 94, - 102, 150, 143, 29, 69, 54, 204, 197, - 77, 159, 191, 15, 209, 8, 235, 67, - 66, 25, 231, 153, 168, 142, 88, 193, - 154, 212, 24, 71, 170, 175, 188, 91, - 213, 17, 208, 176, 112, 187, 13, 186 -}; diff --git a/crypto_aead/lilliputaei128v1/ref/constants.h b/crypto_aead/lilliputaei128v1/ref/constants.h deleted file mode 100644 index a786023..0000000 --- a/crypto_aead/lilliputaei128v1/ref/constants.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef CONSTANTS_H -#define CONSTANTS_H - -#include <stdint.h> - - -/* Tweakey permutation */ -extern const uint8_t h[8]; - -/* Tweakey multiplication */ -extern const uint8_t P[6][256]; - -/* Lilliput S-box */ -extern const uint8_t S[256]; - -#endif /* CONSTANTS_H */ diff --git a/crypto_aead/lilliputaei128v1/ref/debug.h b/crypto_aead/lilliputaei128v1/ref/debug.h deleted file mode 100644 index 87140e5..0000000 --- a/crypto_aead/lilliputaei128v1/ref/debug.h +++ /dev/null @@ -1,50 +0,0 @@ -#ifndef DEBUG_H -#define DEBUG_H - -#include <inttypes.h> -#include <stdio.h> - - -static inline void debug_dump_lanes(FILE *output, const char *header, size_t len, const uint8_t buf[len], int indent) -{ - if (!output) - { - return; - } - - fprintf(output, "%s\n", header); - - for (size_t line=0; line<len/8; line++) - { - fprintf(output, "%*s", indent, ""); - for (size_t b=0; b<8; b++) - { - /* start with MSB */ - size_t byte_index = len-(1+line*8+b); - fprintf(output, "%*s%02x", 5, "", buf[byte_index]); - } - fprintf(output, "\n"); - } - fprintf(output, "\n"); -} - -static inline void debug_dump_buffer(FILE *output, const char *header, size_t len, const uint8_t buf[len], int indent) -{ - if (!output) - { - return; - } - - fprintf(output, "%s\n", header); - - fprintf(output, "%*s", indent, ""); - for (size_t b=0; b<len; b++) - { - /* start with MSB */ - size_t byte_index = len-1-b; - fprintf(output, "%*s%02x", 5, "", buf[byte_index]); - } - fprintf(output, "\n"); -} - -#endif /* DEBUG_H */ diff --git a/crypto_aead/lilliputaei128v1/ref/encrypt.c b/crypto_aead/lilliputaei128v1/ref/encrypt.c deleted file mode 100644 index 9f0f1cf..0000000 --- a/crypto_aead/lilliputaei128v1/ref/encrypt.c +++ /dev/null @@ -1,25 +0,0 @@ -#include "api.h" -#include "crypto_aead.h" /* TODO: provided by NIST's TestVectorGen.zip */ - - -int crypto_aead_encrypt( - unsigned char *c, unsigned long long *clen, - const unsigned char *m, unsigned long long mlen, - const unsigned char *ad, unsigned long long adlen, - const unsigned char *nsec, - const unsigned char *npub, - const unsigned char *k -) -{ -} - -int crypto_aead_decrypt( - unsigned char *m, unsigned long long *mlen, - unsigned char *nsec, - const unsigned char *c, unsigned long long clen, - const unsigned char *ad, unsigned long long adlen, - const unsigned char *npub, - const unsigned char *k -) -{ -} diff --git a/crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c b/crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c deleted file mode 100644 index 60a916b..0000000 --- a/crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c +++ /dev/null @@ -1,310 +0,0 @@ -#include <stdbool.h> -#include <stdint.h> -#include <string.h> - -#include "cipher.h" -#include "lilliput-ae.h" - - -static const uint8_t _0n[BLOCK_BYTES] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - - -static uint8_t _upper_nibble(uint8_t i) -{ - return i >> 4; -} - -static uint8_t _lower_nibble(uint8_t i) -{ - return i & 0x0f; -} - -static void _encrypt(const uint8_t K[KEY_BYTES], - const uint8_t T[TWEAK_BYTES], - const uint8_t M[BLOCK_BYTES], - uint8_t C[BLOCK_BYTES]) -{ - lilliput_tbc_encrypt(K, T, M, C); -} - -static void _decrypt(const uint8_t K[KEY_BYTES], - const uint8_t T[TWEAK_BYTES], - const uint8_t C[BLOCK_BYTES], - uint8_t M[BLOCK_BYTES]) -{ - lilliput_tbc_decrypt(K, T, C, M); -} - -static void _xor_into(uint8_t dest[BLOCK_BYTES], const uint8_t src[BLOCK_BYTES]) -{ - for (size_t i=0; i<BLOCK_BYTES; i++) - dest[i] ^= src[i]; -} - -static void _xor_arrays(size_t len, uint8_t out[len], const uint8_t a[len], const uint8_t b[len]) -{ - for (size_t i=0; i<len; i++) - out[i] = a[i] ^ b[i]; -} - -static void _pad10(size_t X_len, const uint8_t X[X_len], uint8_t padded[BLOCK_BYTES]) -{ - /* pad10*(X) = X || 1 || 0^{n-|X|-1} */ - - /* Assume that len<BLOCK_BYTES. */ - - size_t pad_len = BLOCK_BYTES-X_len; - - memcpy(padded+pad_len, X, X_len); - - padded[pad_len-1] = 0x80; - - if (pad_len > 1) - { - memset(padded, 0, pad_len-1); - } -} - -static void _fill_ad_tweak( - uint8_t prefix, - uint64_t block_nb, - uint8_t tweak[TWEAK_BYTES] -) -{ - /* The 192-bit tweak is filled as follows: - * - * - bits 1-188: block number - * 1- 64: actual 64-bit block number - * 65-188: 0-padding - * - bits 189-192: constant 4-bit prefix - */ - - for (size_t i=0; i<sizeof(block_nb); i++) - { - uint64_t mask = (uint64_t)0xff << 8*i; - uint8_t b = (mask & block_nb) >> 8*i; - - tweak[i] = b; - } - - /* Assume padding bytes have already been memset to 0. */ - - tweak[TWEAK_BYTES-1] |= prefix << 4; -} - -static void _fill_msg_tweak( - uint8_t prefix, - const uint8_t N[NONCE_BYTES], - uint64_t block_nb, - uint8_t tweak[TWEAK_BYTES] -) -{ - /* The 192-bit tweak is filled as follows: - * - * - bits 1- 68: block number - * 1- 64: actual 64-bit block number - * 64- 68: 0-padding - * - bits 67-188: nonce - * - bits 189-192: constant 4-bit prefix - */ - - for (size_t i=0; i<sizeof(block_nb); i++) - { - uint64_t mask = (uint64_t)0xff << 8*i; - uint8_t b = (mask & block_nb) >> 8*i; - - tweak[i] = b; - } - - tweak[sizeof(block_nb)] = _lower_nibble(N[0]) << 4; - - for (size_t i=1; i<NONCE_BYTES; i++) - { - tweak[sizeof(block_nb)+i] = _lower_nibble(N[i]) << 4 ^ _upper_nibble(N[i-1]); - } - - tweak[TWEAK_BYTES-1] = prefix << 4 ^ _upper_nibble(N[NONCE_BYTES-1]); -} - -static void _process_associated_data( - const uint8_t key[KEY_BYTES], - size_t A_len, - const uint8_t A[A_len], - uint8_t Auth[BLOCK_BYTES] -) -{ - uint8_t Ek_Ai[BLOCK_BYTES]; - uint8_t tweak[TWEAK_BYTES]; - - memset(tweak, 0, TWEAK_BYTES); - memset(Auth, 0, BLOCK_BYTES); - - size_t l_a = A_len / BLOCK_BYTES; - size_t rest = A_len % BLOCK_BYTES; - - for (size_t i=0; i<l_a; i++) - { - _fill_ad_tweak(0x2, i, tweak); - _encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai); - _xor_into(Auth, Ek_Ai); - } - - if (rest != 0) - { - uint8_t A_rest[BLOCK_BYTES]; - _pad10(rest, &A[l_a*BLOCK_BYTES], A_rest); - _fill_ad_tweak(0x6, l_a, tweak); - _encrypt(key, tweak, A_rest, Ek_Ai); - _xor_into(Auth, Ek_Ai); - } -} - -static void _encrypt_message( - const uint8_t key[KEY_BYTES], - size_t M_len, - const uint8_t M[M_len], - const uint8_t N[NONCE_BYTES], - uint8_t C[M_len+BLOCK_BYTES], - uint8_t Final[BLOCK_BYTES] -) -{ - size_t l = M_len / BLOCK_BYTES; - size_t rest = M_len % BLOCK_BYTES; - - uint8_t tweak[TWEAK_BYTES]; - uint8_t checksum[BLOCK_BYTES]; - - memset(tweak, 0, TWEAK_BYTES); - memset(checksum, 0, BLOCK_BYTES); - - for (size_t j=0; j<l; j++) - { - _xor_into(checksum, &M[j*BLOCK_BYTES]); - _fill_msg_tweak(0x0, N, j, tweak); - _encrypt(key, tweak, &M[j*BLOCK_BYTES], &C[j*BLOCK_BYTES]); - } - - if (rest == 0) - { - _fill_msg_tweak(0x1, N, l-1, tweak); - _encrypt(key, tweak, checksum, Final); - } - else - { - uint8_t M_rest[BLOCK_BYTES]; - uint8_t Pad[BLOCK_BYTES]; - - _pad10(rest, &M[l*BLOCK_BYTES], M_rest); - _xor_into(checksum, M_rest); - - _fill_msg_tweak(0x4, N, l, tweak); - _encrypt(key, tweak, _0n, Pad); - _xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Pad); - - _fill_msg_tweak(0x5, N, l, tweak); - _encrypt(key, tweak, checksum, Final); - } -} - -static void _decrypt_message( - const uint8_t key[KEY_BYTES], - size_t C_len, - const uint8_t C[C_len], - const uint8_t N[NONCE_BYTES], - uint8_t M[C_len], - uint8_t Final[BLOCK_BYTES] -) -{ - size_t l = C_len / BLOCK_BYTES; - size_t rest = C_len % BLOCK_BYTES; - - uint8_t tweak[TWEAK_BYTES]; - uint8_t checksum[BLOCK_BYTES]; - - memset(tweak, 0, TWEAK_BYTES); - memset(checksum, 0, BLOCK_BYTES); - - for (size_t j=0; j<l; j++) - { - _fill_msg_tweak(0x0, N, j, tweak); - _decrypt(key, tweak, &C[j*BLOCK_BYTES], &M[j*BLOCK_BYTES]); - _xor_into(checksum, &M[j*BLOCK_BYTES]); - } - - if (rest == 0) - { - _fill_msg_tweak(0x1, N, l-1, tweak); - _encrypt(key, tweak, checksum, Final); - } - else - { - uint8_t M_rest[BLOCK_BYTES]; - uint8_t Pad[BLOCK_BYTES]; - - _fill_msg_tweak(0x4, N, l, tweak); - _encrypt(key, tweak, _0n, Pad); - _xor_arrays(rest, &M[l*BLOCK_BYTES], &C[l*BLOCK_BYTES], Pad); - - _pad10(rest, &M[l*BLOCK_BYTES], M_rest); - _xor_into(checksum, M_rest); - - _fill_msg_tweak(0x5, N, l, tweak); - _encrypt(key, tweak, checksum, Final); - } -} - -static void _generate_tag( - const uint8_t Final[BLOCK_BYTES], - const uint8_t Auth[BLOCK_BYTES], - uint8_t tag[TAG_BYTES] -) -{ - _xor_arrays(TAG_BYTES, tag, Final, Auth); -} - - -void lilliput_ae_encrypt( - size_t message_len, - const uint8_t message[message_len], - size_t auth_data_len, - const uint8_t auth_data[auth_data_len], - const uint8_t key[KEY_BYTES], - const uint8_t nonce[NONCE_BYTES], - uint8_t ciphertext[message_len], - uint8_t tag[TAG_BYTES] -) -{ - uint8_t auth[BLOCK_BYTES]; - _process_associated_data(key, auth_data_len, auth_data, auth); - - uint8_t final[BLOCK_BYTES]; - _encrypt_message(key, message_len, message, nonce, ciphertext, final); - - _generate_tag(final, auth, tag); -} - -bool lilliput_ae_decrypt( - size_t ciphertext_len, - const uint8_t ciphertext[ciphertext_len], - size_t auth_data_len, - const uint8_t auth_data[auth_data_len], - const uint8_t key[KEY_BYTES], - const uint8_t nonce[NONCE_BYTES], - const uint8_t tag[TAG_BYTES], - uint8_t message[ciphertext_len] -) -{ - uint8_t auth[BLOCK_BYTES]; - _process_associated_data(key, auth_data_len, auth_data, auth); - - uint8_t final[BLOCK_BYTES]; - _decrypt_message(key, ciphertext_len, ciphertext, nonce, message, final); - - uint8_t effective_tag[TAG_BYTES]; - _generate_tag(final, auth, effective_tag); - - return memcmp(tag, effective_tag, TAG_BYTES) == 0; -} diff --git a/crypto_aead/lilliputaei128v1/ref/lilliput-ae.h b/crypto_aead/lilliputaei128v1/ref/lilliput-ae.h deleted file mode 100644 index 062c71c..0000000 --- a/crypto_aead/lilliputaei128v1/ref/lilliput-ae.h +++ /dev/null @@ -1,35 +0,0 @@ -#ifndef LILLIPUT_AE_H -#define LILLIPUT_AE_H - -#include <stddef.h> -#include <stdbool.h> -#include <stdint.h> - -#include "parameters.h" - - -/* TODO: replace c_len with m_len */ -void lilliput_ae_encrypt( - size_t message_len, - const uint8_t message[message_len], - size_t auth_data_len, - const uint8_t auth_data[auth_data_len], - const uint8_t key[KEY_BYTES], - const uint8_t nonce[NONCE_BYTES], - uint8_t ciphertext[message_len], - uint8_t tag[TAG_BYTES] -); - -bool lilliput_ae_decrypt( - size_t ciphertext_len, - const uint8_t ciphertext[ciphertext_len], - size_t auth_data_len, - const uint8_t auth_data[auth_data_len], - const uint8_t key[KEY_BYTES], - const uint8_t nonce[NONCE_BYTES], - const uint8_t tag[TAG_BYTES], - uint8_t message[ciphertext_len] -); - - -#endif /* LILLIPUT_AE_H */ diff --git a/crypto_aead/lilliputaei128v1/ref/src b/crypto_aead/lilliputaei128v1/ref/src new file mode 120000 index 0000000..006f0fe --- /dev/null +++ b/crypto_aead/lilliputaei128v1/ref/src @@ -0,0 +1 @@ +/home/klegouguec/projects/paclido/sp3/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src
\ No newline at end of file diff --git a/crypto_aead/lilliputaei128v1/ref/tweakey.c b/crypto_aead/lilliputaei128v1/ref/tweakey.c deleted file mode 100644 index da97019..0000000 --- a/crypto_aead/lilliputaei128v1/ref/tweakey.c +++ /dev/null @@ -1,83 +0,0 @@ -#include <stdint.h> -#include <string.h> - -#include "constants.h" -#include "parameters.h" -#include "tweakey.h" - - -#define LANE_BITS 64 -#define LANE_BYTES (LANE_BITS/8) -#define LANES_NB (TWEAKEY_BYTES/LANE_BYTES) - - -void tweakey_state_init( - tweakey_state *TK, - const uint8_t key[KEY_BYTES], - const uint8_t tweak[TWEAK_BYTES] -) -{ - memcpy(TK->TK, tweak, TWEAK_BYTES); - memcpy(TK->TK+TWEAK_BYTES, key, KEY_BYTES); -} - - -void tweakey_state_extract( - const tweakey_state *TK, - uint8_t round_tweakey[ROUND_TWEAKEY_BYTES], /* output */ - uint8_t i /* round constant */ -) -{ - memset(round_tweakey, 0, ROUND_TWEAKEY_BYTES); - - for (const uint8_t *lane=TK->TK; lane<TK->TK+TWEAKEY_BYTES; lane+=LANE_BYTES) - { - for (size_t j=0; j<LANE_BYTES; j++) - { - round_tweakey[j] ^= lane[j]; - } - } - - round_tweakey[0] ^= i; -} - - -static void _permute_state(tweakey_state *TK) -{ - uint8_t TK_old[TWEAKEY_BYTES]; - memcpy(TK_old, TK->TK, sizeof(TK_old)); - - /* TODO: homogenize indices; here j=lane; k=byte */ - - for (size_t j=0; j<TWEAKEY_BYTES; j+=LANE_BYTES) - { - for (size_t k=0; k<LANE_BYTES; k++) - { - TK->TK[j+h[k]] = TK_old[j+k]; - } - } -} - -static void _multiply_state(tweakey_state *TK) -{ - /* Lane 0 is multiplied by Id; lane 1 by P_0, lane 2 by P_1... */ - - for (size_t lane=1; lane<LANES_NB; lane++) - { - const uint8_t* P_lane = P[lane-1]; - - /* TODO: homogenize indices; here b=byte */ - - for (size_t b=0; b<LANE_BYTES; b++) - { - size_t offset = lane*LANE_BYTES + b; - TK->TK[offset] = P_lane[TK->TK[offset]]; - } - } -} - -void tweakey_state_update(tweakey_state *TK) -{ - _permute_state(TK); - _multiply_state(TK); -} diff --git a/crypto_aead/lilliputaei128v1/ref/tweakey.h b/crypto_aead/lilliputaei128v1/ref/tweakey.h deleted file mode 100644 index 0642724..0000000 --- a/crypto_aead/lilliputaei128v1/ref/tweakey.h +++ /dev/null @@ -1,31 +0,0 @@ -#ifndef TWEAKEY_H -#define TWEAKEY_H - -#include <stdint.h> - -#include "parameters.h" - - -struct tweakey_state -{ - uint8_t TK[TWEAKEY_BYTES]; -}; - -typedef struct tweakey_state tweakey_state; - - -void tweakey_state_init( - tweakey_state *TK, - const uint8_t key[KEY_BYTES], - const uint8_t tweak[TWEAK_BYTES] -); - -void tweakey_state_extract( - const tweakey_state *TK, - uint8_t round_tweakey[ROUND_TWEAKEY_BYTES], /* output */ - uint8_t i /* round constant */ -); - -void tweakey_state_update(tweakey_state *TK); - -#endif /* TWEAKEY_H */ |