diff options
| author | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-11-28 18:33:53 +0100 |
|---|---|---|
| committer | Kévin Le Gouguec <kevin.legouguec@airbus.com> | 2018-11-28 18:33:53 +0100 |
| commit | 4f87e35373acd3817ee6eebfc40d06918960aa0c (patch) | |
| tree | 56a14624e2d49dbddff970ea6c68bccf19aaf494 /traces-ae.patch | |
| parent | ef586cbef9eaff6a4409d777cd6102ec68e2e47a (diff) | |
| download | lilliput-ae-implem-4f87e35373acd3817ee6eebfc40d06918960aa0c.tar.xz | |
Remaniement de la génération des traces
Pour que les traces des modes AE ne comprennent pas les traces de la
partie TBC.
Diffstat (limited to 'traces-ae.patch')
| -rw-r--r-- | traces-ae.patch | 275 |
1 files changed, 275 insertions, 0 deletions
diff --git a/traces-ae.patch b/traces-ae.patch new file mode 100644 index 0000000..8aecdf6 --- /dev/null +++ b/traces-ae.patch @@ -0,0 +1,275 @@ +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h +index 561854e..397dac0 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #ifndef AE_COMMON_H + #define AE_COMMON_H + +@@ -105,20 +107,45 @@ static void process_associated_data( + size_t l_a = A_len / BLOCK_BYTES; + size_t rest = A_len % BLOCK_BYTES; + ++ fprintf(DUMP, "computing Auth\n"); ++ + for (size_t i=0; i<l_a; i++) + { ++ fprintf(DUMP, " i=%zu\n", i); ++ + fill_index_tweak(0x2, i, tweak); ++ ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); ++ + encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai); ++ ++ debug_dump_buffer("Ai", BLOCK_BYTES, &A[i*BLOCK_BYTES], 8); ++ debug_dump_buffer("Ek(Ai)", BLOCK_BYTES, Ek_Ai, 8); ++ + xor_into(Auth, Ek_Ai); ++ ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); + } + + if (rest != 0) + { + uint8_t A_rest[BLOCK_BYTES]; + pad10(rest, &A[l_a*BLOCK_BYTES], A_rest); ++ ++ fprintf(DUMP, " l_a=%zu (padding)\n", l_a); ++ + fill_index_tweak(0x6, l_a, tweak); ++ ++ debug_dump_buffer("pad10*(A*)", BLOCK_BYTES, A_rest, 8); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); ++ + encrypt(key, tweak, A_rest, Ek_Ai); ++ ++ debug_dump_buffer("Ek(A*)", BLOCK_BYTES, Ek_Ai, 8); ++ + xor_into(Auth, Ek_Ai); ++ ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); + } + } + +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c +index b1758c9..5cbb3f4 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #include <stdbool.h> + #include <stdint.h> + #include <string.h> +@@ -65,32 +67,54 @@ static void _encrypt_message( + memset(tweak, 0, TWEAK_BYTES); + memset(checksum, 0, BLOCK_BYTES); + ++ fprintf(DUMP, "message encryption\n"); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); ++ ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); + xor_into(checksum, &M[j*BLOCK_BYTES]); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + _fill_msg_tweak(0x0, N, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, &M[j*BLOCK_BYTES], &C[j*BLOCK_BYTES]); ++ debug_dump_buffer("Cj", BLOCK_BYTES, &C[j*BLOCK_BYTES], 8); + } + + if (rest == 0) + { ++ fprintf(DUMP, " no padding\n"); ++ + _fill_msg_tweak(0x1, N, l-1, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + else + { ++ fprintf(DUMP, " padding\n"); ++ + uint8_t M_rest[BLOCK_BYTES]; + uint8_t Pad[BLOCK_BYTES]; + + pad10(rest, &M[l*BLOCK_BYTES], M_rest); ++ debug_dump_buffer("M*", rest, &M[l*BLOCK_BYTES], 8); ++ debug_dump_buffer("pad10*(M*)", BLOCK_BYTES, M_rest, 8); + xor_into(checksum, M_rest); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + + _fill_msg_tweak(0x4, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, _0n, Pad); + xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Pad); ++ debug_dump_buffer("Pad", BLOCK_BYTES, Pad, 8); ++ debug_dump_buffer("C*", rest, &C[l*BLOCK_BYTES], 8); + + _fill_msg_tweak(0x5, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + } + +@@ -112,32 +136,54 @@ static void _decrypt_message( + memset(tweak, 0, TWEAK_BYTES); + memset(checksum, 0, BLOCK_BYTES); + ++ fprintf(DUMP, "message decryption\n"); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); ++ ++ debug_dump_buffer("Cj", BLOCK_BYTES, &C[j*BLOCK_BYTES], 8); + _fill_msg_tweak(0x0, N, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + decrypt(key, tweak, &C[j*BLOCK_BYTES], &M[j*BLOCK_BYTES]); ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); + xor_into(checksum, &M[j*BLOCK_BYTES]); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + } + + if (rest == 0) + { ++ fprintf(DUMP, " no padding\n"); ++ + _fill_msg_tweak(0x1, N, l-1, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + else + { ++ fprintf(DUMP, " padding\n"); ++ + uint8_t M_rest[BLOCK_BYTES]; + uint8_t Pad[BLOCK_BYTES]; + ++ debug_dump_buffer("C*", rest, &C[l*BLOCK_BYTES], 8); + _fill_msg_tweak(0x4, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, _0n, Pad); ++ debug_dump_buffer("Pad", BLOCK_BYTES, Pad, 8); + xor_arrays(rest, &M[l*BLOCK_BYTES], &C[l*BLOCK_BYTES], Pad); ++ debug_dump_buffer("M*", rest, &M[l*BLOCK_BYTES], 8); + + pad10(rest, &M[l*BLOCK_BYTES], M_rest); ++ debug_dump_buffer("pad10*(M*)", BLOCK_BYTES, M_rest, 8); + xor_into(checksum, M_rest); + + _fill_msg_tweak(0x5, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + } + +@@ -147,7 +193,13 @@ static void _generate_tag( + uint8_t tag[TAG_BYTES] + ) + { ++ fprintf(DUMP, "generating tag\n"); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); ++ + xor_arrays(TAG_BYTES, tag, Final, Auth); ++ ++ debug_dump_buffer("tag", TAG_BYTES, tag, 8); + } + + +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c +index 26885e5..88f9ae0 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #include <stdbool.h> + #include <stdint.h> + #include <string.h> +@@ -62,24 +64,40 @@ static void _generate_tag( + size_t l = M_len / BLOCK_BYTES; + size_t rest = M_len % BLOCK_BYTES; + ++ fprintf(DUMP, "computing tag\n"); ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); + fill_index_tweak(0x0, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, &M[j*BLOCK_BYTES], Ek_Mj); ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); ++ debug_dump_buffer("Ek(Mj)", BLOCK_BYTES, Ek_Mj, 8); + xor_into(tag_tmp, Ek_Mj); ++ debug_dump_buffer("tag", TAG_BYTES, tag_tmp, 8); + } + + if (rest != 0) + { ++ fprintf(DUMP, " l=%zu (padding)\n", l); + uint8_t M_rest[BLOCK_BYTES]; + pad10(rest, &M[l*BLOCK_BYTES], M_rest); + fill_index_tweak(0x4, l, tweak); ++ debug_dump_buffer("pad10*(M*)", BLOCK_BYTES, M_rest, 8); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, M_rest, Ek_Mj); ++ debug_dump_buffer("Ek(M*)", BLOCK_BYTES, Ek_Mj, 8); + xor_into(tag_tmp, Ek_Mj); ++ debug_dump_buffer("tag", TAG_BYTES, tag_tmp, 8); + } + ++ fprintf(DUMP, " Ek(tag)\n"); + _fill_tag_tweak(N, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, tag_tmp, tag); ++ debug_dump_buffer("tag = Ek(tag)", TAG_BYTES, tag, 8); + } + + static void _encrypt_message( +@@ -103,18 +121,33 @@ static void _encrypt_message( + size_t l = M_len / BLOCK_BYTES; + size_t rest = M_len % BLOCK_BYTES; + ++ fprintf(DUMP, "message encryption\n"); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); ++ + _fill_msg_tweak(tag, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, padded_N, Ek_N); ++ debug_dump_buffer("N (padded)", BLOCK_BYTES, padded_N, 8); ++ debug_dump_buffer("Ek(Mj, N)", BLOCK_BYTES, Ek_N, 8); ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); + xor_arrays(BLOCK_BYTES, &C[j*BLOCK_BYTES], &M[j*BLOCK_BYTES], Ek_N); ++ debug_dump_buffer("Cj", BLOCK_BYTES, &C[j*BLOCK_BYTES], 8); + } + + if (rest != 0) + { ++ fprintf(DUMP, " l=%zu (padding)\n", l); + _fill_msg_tweak(tag, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, padded_N, Ek_N); ++ debug_dump_buffer("N (padded)", BLOCK_BYTES, padded_N, 8); ++ debug_dump_buffer("Ek(M*, N)", BLOCK_BYTES, Ek_N, 8); ++ debug_dump_buffer("M*", rest, &M[l*BLOCK_BYTES], 8); + xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Ek_N); ++ debug_dump_buffer("C*", rest, &C[l*BLOCK_BYTES], 8); + } + } + |