diff options
| author | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-12-10 16:37:26 +0100 |
|---|---|---|
| committer | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-12-10 16:37:26 +0100 |
| commit | 7be6c07647afbc27bc7402efb23c1178affa2ec9 (patch) | |
| tree | 0e269d3e3d7e8556549538c673bc75c7bdab2da4 /src/tweakey.c | |
| parent | 8eed9390de14c810d9242277e275c6e783f86261 (diff) | |
| download | lilliput-ae-implem-7be6c07647afbc27bc7402efb23c1178affa2ec9.tar.xz | |
Mise à jour de l'implémentation du key schedule
Pour le moment, Mⁱ (resp. MRⁱ) sont implémentées en appliquant i fois
M (resp. MR) ; à voir si on préfère les pré-calculer.
Diffstat (limited to 'src/tweakey.c')
| -rw-r--r-- | src/tweakey.c | 107 |
1 files changed, 73 insertions, 34 deletions
diff --git a/src/tweakey.c b/src/tweakey.c index 648bd54..c7d5aaa 100644 --- a/src/tweakey.c +++ b/src/tweakey.c @@ -1,7 +1,6 @@ #include <stdint.h> #include <string.h> -#include "constants.h" #include "parameters.h" #include "tweakey.h" @@ -44,49 +43,89 @@ void tweakey_state_extract( } -static void _permute_state(uint8_t TK[TWEAKEY_BYTES]) +static void _multiply_M(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]) { - uint8_t TK_old[TWEAKEY_BYTES]; - memcpy(TK_old, TK, TWEAKEY_BYTES); + new[7] = old[6]; + new[6] = old[5]; + new[5] = old[4] ^ old[5]<<3; + new[4] = old[3] ^ old[4]>>3; + new[3] = old[2]; + new[2] = old[1] ^ old[6]<<2; + new[1] = old[0]; + new[0] = old[7]; +} - for (size_t j=0; j<LANES_NB; j++) - { - uint8_t *TKj = TK + j*LANE_BYTES; - uint8_t const *TKj_old = TK_old + j*LANE_BYTES; +static void _multiply_M2(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]) +{ + uint8_t tmp[LANE_BYTES]; + memcpy(tmp, old, LANE_BYTES); - for (size_t k=0; k<LANE_BYTES; k++) - { - TKj[h[k]] = TKj_old[k]; - } - } + _multiply_M(old, tmp); + _multiply_M(tmp, new); } -static void _multiply_state(uint8_t TK[TWEAKEY_BYTES]) +static void _multiply_M3(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]) { - /* Each byte in lane 0 is multiplied by alpha_0 = 1, i.e. it - * remains unchanged. - * - * Each byte b in lanes j = { 1, ..., p-1 } is multiplied by - * alpha_j; the result of b*alpha_j is stored in P_j[b]. - * - * In this implementation, P_j sequences are stored in array P; - * P_j = P[j-1]. - */ + uint8_t tmp[LANE_BYTES]; + memcpy(tmp, old, LANE_BYTES); - for (size_t j=1; j<LANES_NB; j++) - { - uint8_t const *Pj = P[j-1]; - uint8_t *TKj = TK + j*LANE_BYTES; + _multiply_M2(old, tmp); + _multiply_M(tmp, new); +} - for (size_t k=0; k<LANE_BYTES; k++) - { - TKj[k] = Pj[TKj[k]]; - } - } +static void _multiply_MR(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]) +{ + new[0] = old[1]; + new[1] = old[2]; + new[2] = old[3] ^ old[4]<<3; + new[3] = old[4]; + new[4] = old[5] ^ old[6]>>3; + new[5] = old[6] ^ old[3]>>2; + new[6] = old[7]; + new[7] = old[0]; } +static void _multiply_MR2(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]) +{ + uint8_t tmp[LANE_BYTES]; + memcpy(tmp, old, LANE_BYTES); + + _multiply_MR(old, tmp); + _multiply_MR(tmp, new); +} + +static void _multiply_MR3(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]) +{ + uint8_t tmp[LANE_BYTES]; + memcpy(tmp, old, LANE_BYTES); + + _multiply_MR2(old, tmp); + _multiply_MR(tmp, new); +} + +typedef void (*matrix_multiplication)(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]); + +static const matrix_multiplication ALPHAS[6] = { + _multiply_M, + _multiply_M2, + _multiply_M3, + _multiply_MR, + _multiply_MR2, + _multiply_MR3 +}; + + void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES]) { - _permute_state(TK); - _multiply_state(TK); + /* Skip lane 0, as it is multiplied by the identity matrix. */ + + for (size_t j=1; j<LANES_NB; j++) + { + uint8_t *TKj = TK + j*LANE_BYTES; + + uint8_t TKj_old[LANE_BYTES]; + memcpy(TKj_old, TKj, LANE_BYTES); + + ALPHAS[j-1](TKj_old, TKj); + } } |