diff options
| -rw-r--r-- | Makefile | 4 | ||||
| -rwxr-xr-x | collect-traces.sh | 14 | ||||
| -rw-r--r-- | traces.patch | 275 |
3 files changed, 293 insertions, 0 deletions
@@ -12,6 +12,10 @@ $(delegated):: make -C $$i $@; \ done +# To generate complete traces, apply this patch before running "make traces": +# $ git apply traces.patch +# To update this patch, add print statements, then run +# $ git diff src > traces.patch traces:: @ echo "Collecting traces" @ ./collect-traces.sh diff --git a/collect-traces.sh b/collect-traces.sh new file mode 100755 index 0000000..0b50adc --- /dev/null +++ b/collect-traces.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -eu + +d=$(mktemp -d) + +for f in $(find . -name 'traces-*.txt') +do + cp ${f} ${d} +done + +tar czf traces.tgz -C ${d} . + +rm -r ${d} diff --git a/traces.patch b/traces.patch new file mode 100644 index 0000000..8aecdf6 --- /dev/null +++ b/traces.patch @@ -0,0 +1,275 @@ +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h +index 561854e..397dac0 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ae-common.h +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #ifndef AE_COMMON_H + #define AE_COMMON_H + +@@ -105,20 +107,45 @@ static void process_associated_data( + size_t l_a = A_len / BLOCK_BYTES; + size_t rest = A_len % BLOCK_BYTES; + ++ fprintf(DUMP, "computing Auth\n"); ++ + for (size_t i=0; i<l_a; i++) + { ++ fprintf(DUMP, " i=%zu\n", i); ++ + fill_index_tweak(0x2, i, tweak); ++ ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); ++ + encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai); ++ ++ debug_dump_buffer("Ai", BLOCK_BYTES, &A[i*BLOCK_BYTES], 8); ++ debug_dump_buffer("Ek(Ai)", BLOCK_BYTES, Ek_Ai, 8); ++ + xor_into(Auth, Ek_Ai); ++ ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); + } + + if (rest != 0) + { + uint8_t A_rest[BLOCK_BYTES]; + pad10(rest, &A[l_a*BLOCK_BYTES], A_rest); ++ ++ fprintf(DUMP, " l_a=%zu (padding)\n", l_a); ++ + fill_index_tweak(0x6, l_a, tweak); ++ ++ debug_dump_buffer("pad10*(A*)", BLOCK_BYTES, A_rest, 8); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); ++ + encrypt(key, tweak, A_rest, Ek_Ai); ++ ++ debug_dump_buffer("Ek(A*)", BLOCK_BYTES, Ek_Ai, 8); ++ + xor_into(Auth, Ek_Ai); ++ ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); + } + } + +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c +index b1758c9..5cbb3f4 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #include <stdbool.h> + #include <stdint.h> + #include <string.h> +@@ -65,32 +67,54 @@ static void _encrypt_message( + memset(tweak, 0, TWEAK_BYTES); + memset(checksum, 0, BLOCK_BYTES); + ++ fprintf(DUMP, "message encryption\n"); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); ++ ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); + xor_into(checksum, &M[j*BLOCK_BYTES]); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + _fill_msg_tweak(0x0, N, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, &M[j*BLOCK_BYTES], &C[j*BLOCK_BYTES]); ++ debug_dump_buffer("Cj", BLOCK_BYTES, &C[j*BLOCK_BYTES], 8); + } + + if (rest == 0) + { ++ fprintf(DUMP, " no padding\n"); ++ + _fill_msg_tweak(0x1, N, l-1, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + else + { ++ fprintf(DUMP, " padding\n"); ++ + uint8_t M_rest[BLOCK_BYTES]; + uint8_t Pad[BLOCK_BYTES]; + + pad10(rest, &M[l*BLOCK_BYTES], M_rest); ++ debug_dump_buffer("M*", rest, &M[l*BLOCK_BYTES], 8); ++ debug_dump_buffer("pad10*(M*)", BLOCK_BYTES, M_rest, 8); + xor_into(checksum, M_rest); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + + _fill_msg_tweak(0x4, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, _0n, Pad); + xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Pad); ++ debug_dump_buffer("Pad", BLOCK_BYTES, Pad, 8); ++ debug_dump_buffer("C*", rest, &C[l*BLOCK_BYTES], 8); + + _fill_msg_tweak(0x5, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + } + +@@ -112,32 +136,54 @@ static void _decrypt_message( + memset(tweak, 0, TWEAK_BYTES); + memset(checksum, 0, BLOCK_BYTES); + ++ fprintf(DUMP, "message decryption\n"); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); ++ ++ debug_dump_buffer("Cj", BLOCK_BYTES, &C[j*BLOCK_BYTES], 8); + _fill_msg_tweak(0x0, N, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + decrypt(key, tweak, &C[j*BLOCK_BYTES], &M[j*BLOCK_BYTES]); ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); + xor_into(checksum, &M[j*BLOCK_BYTES]); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + } + + if (rest == 0) + { ++ fprintf(DUMP, " no padding\n"); ++ + _fill_msg_tweak(0x1, N, l-1, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + else + { ++ fprintf(DUMP, " padding\n"); ++ + uint8_t M_rest[BLOCK_BYTES]; + uint8_t Pad[BLOCK_BYTES]; + ++ debug_dump_buffer("C*", rest, &C[l*BLOCK_BYTES], 8); + _fill_msg_tweak(0x4, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, _0n, Pad); ++ debug_dump_buffer("Pad", BLOCK_BYTES, Pad, 8); + xor_arrays(rest, &M[l*BLOCK_BYTES], &C[l*BLOCK_BYTES], Pad); ++ debug_dump_buffer("M*", rest, &M[l*BLOCK_BYTES], 8); + + pad10(rest, &M[l*BLOCK_BYTES], M_rest); ++ debug_dump_buffer("pad10*(M*)", BLOCK_BYTES, M_rest, 8); + xor_into(checksum, M_rest); + + _fill_msg_tweak(0x5, N, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); ++ debug_dump_buffer("Checksum", BLOCK_BYTES, checksum, 8); + encrypt(key, tweak, checksum, Final); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); + } + } + +@@ -147,7 +193,13 @@ static void _generate_tag( + uint8_t tag[TAG_BYTES] + ) + { ++ fprintf(DUMP, "generating tag\n"); ++ debug_dump_buffer("Final", BLOCK_BYTES, Final, 8); ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); ++ + xor_arrays(TAG_BYTES, tag, Final, Auth); ++ ++ debug_dump_buffer("tag", TAG_BYTES, tag, 8); + } + + +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c +index 26885e5..88f9ae0 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-ii.c +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #include <stdbool.h> + #include <stdint.h> + #include <string.h> +@@ -62,24 +64,40 @@ static void _generate_tag( + size_t l = M_len / BLOCK_BYTES; + size_t rest = M_len % BLOCK_BYTES; + ++ fprintf(DUMP, "computing tag\n"); ++ debug_dump_buffer("Auth", BLOCK_BYTES, Auth, 8); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); + fill_index_tweak(0x0, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, &M[j*BLOCK_BYTES], Ek_Mj); ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); ++ debug_dump_buffer("Ek(Mj)", BLOCK_BYTES, Ek_Mj, 8); + xor_into(tag_tmp, Ek_Mj); ++ debug_dump_buffer("tag", TAG_BYTES, tag_tmp, 8); + } + + if (rest != 0) + { ++ fprintf(DUMP, " l=%zu (padding)\n", l); + uint8_t M_rest[BLOCK_BYTES]; + pad10(rest, &M[l*BLOCK_BYTES], M_rest); + fill_index_tweak(0x4, l, tweak); ++ debug_dump_buffer("pad10*(M*)", BLOCK_BYTES, M_rest, 8); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, M_rest, Ek_Mj); ++ debug_dump_buffer("Ek(M*)", BLOCK_BYTES, Ek_Mj, 8); + xor_into(tag_tmp, Ek_Mj); ++ debug_dump_buffer("tag", TAG_BYTES, tag_tmp, 8); + } + ++ fprintf(DUMP, " Ek(tag)\n"); + _fill_tag_tweak(N, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, tag_tmp, tag); ++ debug_dump_buffer("tag = Ek(tag)", TAG_BYTES, tag, 8); + } + + static void _encrypt_message( +@@ -103,18 +121,33 @@ static void _encrypt_message( + size_t l = M_len / BLOCK_BYTES; + size_t rest = M_len % BLOCK_BYTES; + ++ fprintf(DUMP, "message encryption\n"); ++ + for (size_t j=0; j<l; j++) + { ++ fprintf(DUMP, " j=%zu\n", j); ++ + _fill_msg_tweak(tag, j, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, padded_N, Ek_N); ++ debug_dump_buffer("N (padded)", BLOCK_BYTES, padded_N, 8); ++ debug_dump_buffer("Ek(Mj, N)", BLOCK_BYTES, Ek_N, 8); ++ debug_dump_buffer("Mj", BLOCK_BYTES, &M[j*BLOCK_BYTES], 8); + xor_arrays(BLOCK_BYTES, &C[j*BLOCK_BYTES], &M[j*BLOCK_BYTES], Ek_N); ++ debug_dump_buffer("Cj", BLOCK_BYTES, &C[j*BLOCK_BYTES], 8); + } + + if (rest != 0) + { ++ fprintf(DUMP, " l=%zu (padding)\n", l); + _fill_msg_tweak(tag, l, tweak); ++ debug_dump_buffer("tweak", TWEAK_BYTES, tweak, 8); + encrypt(key, tweak, padded_N, Ek_N); ++ debug_dump_buffer("N (padded)", BLOCK_BYTES, padded_N, 8); ++ debug_dump_buffer("Ek(M*, N)", BLOCK_BYTES, Ek_N, 8); ++ debug_dump_buffer("M*", rest, &M[l*BLOCK_BYTES], 8); + xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Ek_N); ++ debug_dump_buffer("C*", rest, &C[l*BLOCK_BYTES], 8); + } + } + |