diff options
| -rwxr-xr-x | nist/make-package.sh | 38 | ||||
| -rw-r--r-- | src/add_threshold/cipher.c | 12 | ||||
| -rw-r--r-- | src/add_threshold/implem.mk | 42 | ||||
| -rw-r--r-- | src/add_threshold/random.c | 34 | ||||
| -rw-r--r-- | src/add_threshold/random.h | 28 | ||||
| -rw-r--r-- | src/add_threshold/tweakey.c | 13 | ||||
| l--------- | src/add_tweakeyloop/implem.mk | 1 | ||||
| -rw-r--r-- | src/ref/implem.mk | 35 | ||||
| -rwxr-xr-x | test/check-implementation.sh | 28 | ||||
| -rw-r--r-- | test/common.mk | 47 |
10 files changed, 200 insertions, 78 deletions
diff --git a/nist/make-package.sh b/nist/make-package.sh index abd3b50..124da4b 100755 --- a/nist/make-package.sh +++ b/nist/make-package.sh @@ -1,6 +1,7 @@ #!/bin/bash set -Eeu +shopt -s extglob # Generate NIST's expected tree: # @@ -34,6 +35,25 @@ cleanup () trap cleanup ERR +list-implementation-files () +{ + local mode=$1 + local key_length=$2 + local implem=$3 + + # src/${implem} can contain arbitrary files; we need to copy + # everything save for the unused AE mode. + + local f + for f in ${ROOT}/src/${implem}/!(lilliput-i|lilliput-ii).[ch] + do + echo ${f} + done + + echo ${ROOT}/src/${implem}/lilliput-${mode}.c + echo ${ROOT}/src/${mode}-${key_length}/parameters.h +} + add-variant () { mode=$1 @@ -43,14 +63,6 @@ add-variant () mkdir -p ${dest} - source_files=( - cipher.{c,h} - constants.h - lilliput-ae{.h,-utils.h} - lilliput-${mode}.c - tweakey.{c,h} - ) - implementations=( ref add_threshold @@ -60,13 +72,11 @@ add-variant () for implem in ${implementations[@]} do mkdir ${dest}/${implem} - cp ${ROOT}/src/${mode}-${key_length}/parameters.h ${dest}/${implem} - cp ${NIST_DIR}/{api.h,encrypt.c} ${dest}/${implem} - for f in ${source_files[@]} - do - cp ${ROOT}/src/${implem}/${f} ${dest}/${implem} - done + list-implementation-files ${mode} ${key_length} ${implem} | + xargs cp -t ${dest}/${implem} + + cp ${NIST_DIR}/{api.h,encrypt.c} ${dest}/${implem} done } diff --git a/src/add_threshold/cipher.c b/src/add_threshold/cipher.c index 87267fc..230582d 100644 --- a/src/add_threshold/cipher.c +++ b/src/add_threshold/cipher.c @@ -25,6 +25,7 @@ where the input block is split into three shares. #include "cipher.h" #include "constants.h" +#include "random.h" #include "tweakey.h" @@ -90,13 +91,10 @@ static void _state_init( const uint8_t message[BLOCK_BYTES] ) { - // To be replaced by real random numbers!!! - uint8_t SHARES_0[BLOCK_BYTES] = { - 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 - }; - uint8_t SHARES_1[BLOCK_BYTES] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - }; + uint8_t SHARES_0[BLOCK_BYTES]; + uint8_t SHARES_1[BLOCK_BYTES]; + randombytes(sizeof(SHARES_0), SHARES_0); + randombytes(sizeof(SHARES_1), SHARES_1); memcpy(X, SHARES_0, BLOCK_BYTES); memcpy(Y, SHARES_1, BLOCK_BYTES); diff --git a/src/add_threshold/implem.mk b/src/add_threshold/implem.mk new file mode 100644 index 0000000..2925287 --- /dev/null +++ b/src/add_threshold/implem.mk @@ -0,0 +1,42 @@ +# This file sets some implementation-specific variables and defines +# build dependencies. + +# Filter out tests on tweakey schedule, as the thresholded API differs. +tests = $(filter-out test-tweakey,$(basename $(wildcard test-*.c))) + +# Filter out traces on tweakable block cipher, as intermediate steps +# differ significantly. +traces = $(filter-out traces-tbc,$(basename $(wildcard traces-*.c))) + +# Don't trigger warnings for "a&b ^ c". +CFLAGS += -Wno-parentheses + + +# Build dependencies: add random module; remove unused tests/traces. + +# Program => additional objects dependencies + +$(results_dir)/test-tbc-decrypt $(results_dir)/test-tbc-encrypt: \ +$(results_dir)/src/cipher.o $(results_dir)/src/tweakey.o $(results_dir)/src/random.o + +$(results_dir)/test-ae-decrypt $(results_dir)/test-ae-encrypt $(results_dir)/test-ae-roundtrip $(results_dir)/traces-ae: \ +$(results_dir)/src/lilliput-$(mode).o $(results_dir)/src/cipher.o \ +$(results_dir)/src/tweakey.o $(results_dir)/src/random.o + +# Object => headers dependencies + +$(results_dir)/$(src_dir)/cipher.o: $(src_dir)/cipher.h \ +$(src_dir)/tweakey.h $(src_dir)/random.h $(variant_dir)/parameters.h + +$(results_dir)/$(src_dir)/lilliput-i.o $(results_dir)/$(src_dir)/lilliput-ii.o: \ +$(src_dir)/lilliput-ae.h $(src_dir)/cipher.h $(src_dir)/constants.h \ +$(variant_dir)/parameters.h + +$(results_dir)/$(src_dir)/tweakey.o: $(src_dir)/tweakey.h \ +$(src_dir)/constants.h $(src_dir)/random.h $(variant_dir)/parameters.h + +$(results_dir)/test/test-tbc-encrypt.o $(results_dir)/test/test-tbc-decrypt.o $(results_dir)/test/traces-tbc.o: \ +$(src_dir)/cipher.h + +$(results_dir)/test/test-ae-encrypt.o $(results_dir)/test/test-ae-decrypt.o $(results_dir)/test/test-ae-roundtrip.o $(results_dir)/test/traces-ae.o: \ +$(src_dir)/lilliput-ae.h diff --git a/src/add_threshold/random.c b/src/add_threshold/random.c new file mode 100644 index 0000000..1bd9427 --- /dev/null +++ b/src/add_threshold/random.c @@ -0,0 +1,34 @@ +/* +Implementation of the Lilliput-AE tweakable block cipher. + +Author: Kévin Le Gouguec, 2019. + +For more information, feedback or questions, refer to our website: +https://paclido.fr/lilliput-ae + +To the extent possible under law, the implementer has waived all copyright +and related or neighboring rights to the source code in this file. +http://creativecommons.org/publicdomain/zero/1.0/ + +--- + +This file provides a system-specific function to generate random bytes. +*/ + +/* glibc < 2.25 does not provide getrandom(2): use the system call. */ + +#define _GNU_SOURCE + +#include <stddef.h> +#include <stdint.h> + +#include <unistd.h> +#include <sys/syscall.h> + +#include "random.h" + + +void randombytes(size_t nb, uint8_t out[nb]) +{ + syscall(SYS_getrandom, out, nb, 0); +} diff --git a/src/add_threshold/random.h b/src/add_threshold/random.h new file mode 100644 index 0000000..12cae15 --- /dev/null +++ b/src/add_threshold/random.h @@ -0,0 +1,28 @@ +/* +Implementation of the Lilliput-AE tweakable block cipher. + +Author: Kévin Le Gouguec, 2019. + +For more information, feedback or questions, refer to our website: +https://paclido.fr/lilliput-ae + +To the extent possible under law, the implementer has waived all copyright +and related or neighboring rights to the source code in this file. +http://creativecommons.org/publicdomain/zero/1.0/ + +--- + +This file provides an interface to generate random bytes. +*/ + +#ifndef RANDOM_H +#define RANDOM_H + +#include <stddef.h> +#include <stdint.h> + + +void randombytes(size_t nb, uint8_t out[nb]); + + +#endif /* RANDOM_H */ diff --git a/src/add_threshold/tweakey.c b/src/add_threshold/tweakey.c index f80ea86..097a79a 100644 --- a/src/add_threshold/tweakey.c +++ b/src/add_threshold/tweakey.c @@ -24,6 +24,7 @@ tweakey schedule, where the tweak and the key are split into two shares. #include <string.h> #include "constants.h" +#include "random.h" #include "tweakey.h" @@ -39,16 +40,14 @@ void tweakey_state_init( const uint8_t tweak[TWEAK_BYTES] ) { - // To be replaced by real random numbers!!! - uint8_t SHARES_0[KEY_BYTES] = { - 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 - }; + uint8_t SHARES_0[KEY_BYTES]; + randombytes(sizeof(SHARES_0), SHARES_0); - memcpy(TK_Y, SHARES_0, KEY_BYTES); - memcpy(TK_X, tweak, TWEAK_BYTES); + memcpy(TK_Y, SHARES_0, KEY_BYTES); + memcpy(TK_X, tweak, TWEAK_BYTES); for (size_t i=0; i<KEY_BYTES; i++){ - TK_X[i+TWEAK_BYTES] = key[i] ^ SHARES_0[i] ; + TK_X[i+TWEAK_BYTES] = key[i] ^ SHARES_0[i]; } } diff --git a/src/add_tweakeyloop/implem.mk b/src/add_tweakeyloop/implem.mk new file mode 120000 index 0000000..eb789fb --- /dev/null +++ b/src/add_tweakeyloop/implem.mk @@ -0,0 +1 @@ +../ref/implem.mk
\ No newline at end of file diff --git a/src/ref/implem.mk b/src/ref/implem.mk new file mode 100644 index 0000000..f396696 --- /dev/null +++ b/src/ref/implem.mk @@ -0,0 +1,35 @@ +# This file sets some implementation-specific variables and defines +# build dependencies. + +tests = $(basename $(wildcard test-*.c)) +traces = $(basename $(wildcard traces-*.c)) + + +# Program => additional objects dependencies + +$(results_dir)/test-tbc-decrypt $(results_dir)/test-tbc-encrypt $(results_dir)/traces-tbc: \ +$(results_dir)/src/cipher.o $(results_dir)/src/tweakey.o + +$(results_dir)/test-ae-decrypt $(results_dir)/test-ae-encrypt $(results_dir)/test-ae-roundtrip $(results_dir)/traces-ae: \ +$(results_dir)/src/lilliput-$(mode).o $(results_dir)/src/cipher.o \ +$(results_dir)/src/tweakey.o + +$(results_dir)/test-tweakey: $(results_dir)/src/tweakey.o + +# Object => headers dependencies + +$(results_dir)/$(src_dir)/cipher.o: $(src_dir)/cipher.h \ +$(src_dir)/tweakey.h $(variant_dir)/parameters.h + +$(results_dir)/$(src_dir)/lilliput-i.o $(results_dir)/$(src_dir)/lilliput-ii.o: \ +$(src_dir)/lilliput-ae.h $(src_dir)/cipher.h $(src_dir)/constants.h \ +$(variant_dir)/parameters.h + +$(results_dir)/$(src_dir)/tweakey.o: $(src_dir)/tweakey.h \ +$(src_dir)/constants.h $(variant_dir)/parameters.h + +$(results_dir)/test/test-tbc-encrypt.o $(results_dir)/test/test-tbc-decrypt.o $(results_dir)/test/traces-tbc.o: \ +$(src_dir)/cipher.h + +$(results_dir)/test/test-ae-encrypt.o $(results_dir)/test/test-ae-decrypt.o $(results_dir)/test/test-ae-roundtrip.o $(results_dir)/test/traces-ae.o: \ +$(src_dir)/lilliput-ae.h diff --git a/test/check-implementation.sh b/test/check-implementation.sh index 0750d1b..5f46606 100755 --- a/test/check-implementation.sh +++ b/test/check-implementation.sh @@ -1,6 +1,7 @@ #!/bin/bash set -eu +shopt -s extglob # Run NIST's genkat_aead.c against the reference implementation as # well as another one, and compare vectors. @@ -11,6 +12,24 @@ ROOT_DIR=${TEST_DIR}/.. implem=$1 +list-implementation-files () +{ + local mode=$1 + local key_length=$2 + local src_dir=${ROOT_DIR}/src + + # src/${implem} can contain arbitrary files; we need to copy + # everything save for the unused AE mode. + + for f in ${src_dir}/${implem}/!(lilliput-i|lilliput-ii).[ch] + do + echo ${f} + done + + echo ${src_dir}/${implem}/lilliput-${mode}.c + echo ${src_dir}/${mode}-${key_length}/parameters.h +} + run-genkat () { local tmp_dir=$1 @@ -32,15 +51,10 @@ run-genkat () tweakey.{c,h} ) - mkdir -p ${genkat_dir} # "-p" to allow comparing ref against ref. + mkdir -p ${genkat_dir} # "-p" allows comparing ref against ref. - local f - for f in ${source_files[@]} - do - cp ${src_dir}/${implem}/${f} ${genkat_dir} - done + list-implementation-files ${mode} ${keylen} | xargs cp -t ${genkat_dir} - cp ${src_dir}/${mode}-${keylen}/parameters.h ${genkat_dir} cp ${ROOT_DIR}/nist/{api.h,encrypt.c} ${genkat_dir} cp ${ROOT_DIR}/nist/TestVectorGen/* ${genkat_dir} diff --git a/test/common.mk b/test/common.mk index c978c2d..31e84b0 100644 --- a/test/common.mk +++ b/test/common.mk @@ -10,19 +10,7 @@ endif # Use "make IMPLEMENTATION=..." to compile against other versions. IMPLEMENTATION = ref - -ifeq "$(IMPLEMENTATION)" "add_threshold" -# Filter out tests on tweakey schedule, as the thresholded API differs. -tests = $(filter-out test-tweakey,$(basename $(wildcard test-*.c))) -# Don't trigger warnings for "a&b ^ c". -CFLAGS += -Wno-parentheses -else -tests = $(basename $(wildcard test-*.c)) -endif - -traces = $(basename $(wildcard traces-*.c)) - -test_dir = $(dir $(lastword $(MAKEFILE_LIST))) +test_dir := $(dir $(lastword $(MAKEFILE_LIST))) root_dir = $(test_dir).. results_dir = $(root_dir)/results/$(mode)-$(keylen) src_dir = $(root_dir)/src/$(IMPLEMENTATION) @@ -34,6 +22,9 @@ CFLAGS += -I$(src_dir) -I$(variant_dir) -I$(test_dir) $(nist_flags) -Werror LDFLAGS += $(nist_flags) +include $(src_dir)/implem.mk + + .PHONY: clean test $(tests) traces $(traces) @@ -71,35 +62,5 @@ $(results_dir)/src/%.o: $(src_dir)/%.c | $(results_dir)/src $(Q) gcc -c $< $(CFLAGS) -o $@ -# Program => additional objects dependencies - -$(results_dir)/test-tbc-decrypt $(results_dir)/test-tbc-encrypt $(results_dir)/traces-tbc: \ -$(results_dir)/src/cipher.o $(results_dir)/src/tweakey.o - -$(results_dir)/test-ae-decrypt $(results_dir)/test-ae-encrypt $(results_dir)/test-ae-roundtrip $(results_dir)/traces-ae: \ -$(results_dir)/src/lilliput-$(mode).o $(results_dir)/src/cipher.o \ -$(results_dir)/src/tweakey.o - -$(results_dir)/test-tweakey: $(results_dir)/src/tweakey.o - -# Object => headers dependencies - -$(results_dir)/$(src_dir)/cipher.o: $(src_dir)/cipher.h \ -$(src_dir)/tweakey.h $(variant_dir)/parameters.h - -$(results_dir)/$(src_dir)/lilliput-i.o $(results_dir)/$(src_dir)/lilliput-ii.o: \ -$(src_dir)/lilliput-ae.h $(src_dir)/cipher.h $(src_dir)/constants.h \ -$(variant_dir)/parameters.h - -$(results_dir)/$(src_dir)/tweakey.o: $(src_dir)/tweakey.h \ -$(src_dir)/constants.h $(variant_dir)/parameters.h - -$(results_dir)/test/test-tbc-encrypt.o $(results_dir)/test/test-tbc-decrypt.o $(results_dir)/test/traces-tbc.o: \ -$(src_dir)/cipher.h - -$(results_dir)/test/test-ae-encrypt.o $(results_dir)/test/test-ae-decrypt.o $(results_dir)/test/test-ae-roundtrip.o $(results_dir)/test/traces-ae.o: \ -$(src_dir)/lilliput-ae.h - - # TODO: add valgrind, although it does not seem to play well with ASAN # TODO: use gcc -M... to generate .o -> .h dependencies |