diff options
Diffstat (limited to 'src/add_threshold')
| -rw-r--r-- | src/add_threshold/cipher.c | 12 | ||||
| -rw-r--r-- | src/add_threshold/implem.mk | 42 | ||||
| -rw-r--r-- | src/add_threshold/random.c | 34 | ||||
| -rw-r--r-- | src/add_threshold/random.h | 28 | ||||
| -rw-r--r-- | src/add_threshold/tweakey.c | 13 |
5 files changed, 115 insertions, 14 deletions
diff --git a/src/add_threshold/cipher.c b/src/add_threshold/cipher.c index 87267fc..230582d 100644 --- a/src/add_threshold/cipher.c +++ b/src/add_threshold/cipher.c @@ -25,6 +25,7 @@ where the input block is split into three shares. #include "cipher.h" #include "constants.h" +#include "random.h" #include "tweakey.h" @@ -90,13 +91,10 @@ static void _state_init( const uint8_t message[BLOCK_BYTES] ) { - // To be replaced by real random numbers!!! - uint8_t SHARES_0[BLOCK_BYTES] = { - 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 - }; - uint8_t SHARES_1[BLOCK_BYTES] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - }; + uint8_t SHARES_0[BLOCK_BYTES]; + uint8_t SHARES_1[BLOCK_BYTES]; + randombytes(sizeof(SHARES_0), SHARES_0); + randombytes(sizeof(SHARES_1), SHARES_1); memcpy(X, SHARES_0, BLOCK_BYTES); memcpy(Y, SHARES_1, BLOCK_BYTES); diff --git a/src/add_threshold/implem.mk b/src/add_threshold/implem.mk new file mode 100644 index 0000000..2925287 --- /dev/null +++ b/src/add_threshold/implem.mk @@ -0,0 +1,42 @@ +# This file sets some implementation-specific variables and defines +# build dependencies. + +# Filter out tests on tweakey schedule, as the thresholded API differs. +tests = $(filter-out test-tweakey,$(basename $(wildcard test-*.c))) + +# Filter out traces on tweakable block cipher, as intermediate steps +# differ significantly. +traces = $(filter-out traces-tbc,$(basename $(wildcard traces-*.c))) + +# Don't trigger warnings for "a&b ^ c". +CFLAGS += -Wno-parentheses + + +# Build dependencies: add random module; remove unused tests/traces. + +# Program => additional objects dependencies + +$(results_dir)/test-tbc-decrypt $(results_dir)/test-tbc-encrypt: \ +$(results_dir)/src/cipher.o $(results_dir)/src/tweakey.o $(results_dir)/src/random.o + +$(results_dir)/test-ae-decrypt $(results_dir)/test-ae-encrypt $(results_dir)/test-ae-roundtrip $(results_dir)/traces-ae: \ +$(results_dir)/src/lilliput-$(mode).o $(results_dir)/src/cipher.o \ +$(results_dir)/src/tweakey.o $(results_dir)/src/random.o + +# Object => headers dependencies + +$(results_dir)/$(src_dir)/cipher.o: $(src_dir)/cipher.h \ +$(src_dir)/tweakey.h $(src_dir)/random.h $(variant_dir)/parameters.h + +$(results_dir)/$(src_dir)/lilliput-i.o $(results_dir)/$(src_dir)/lilliput-ii.o: \ +$(src_dir)/lilliput-ae.h $(src_dir)/cipher.h $(src_dir)/constants.h \ +$(variant_dir)/parameters.h + +$(results_dir)/$(src_dir)/tweakey.o: $(src_dir)/tweakey.h \ +$(src_dir)/constants.h $(src_dir)/random.h $(variant_dir)/parameters.h + +$(results_dir)/test/test-tbc-encrypt.o $(results_dir)/test/test-tbc-decrypt.o $(results_dir)/test/traces-tbc.o: \ +$(src_dir)/cipher.h + +$(results_dir)/test/test-ae-encrypt.o $(results_dir)/test/test-ae-decrypt.o $(results_dir)/test/test-ae-roundtrip.o $(results_dir)/test/traces-ae.o: \ +$(src_dir)/lilliput-ae.h diff --git a/src/add_threshold/random.c b/src/add_threshold/random.c new file mode 100644 index 0000000..1bd9427 --- /dev/null +++ b/src/add_threshold/random.c @@ -0,0 +1,34 @@ +/* +Implementation of the Lilliput-AE tweakable block cipher. + +Author: Kévin Le Gouguec, 2019. + +For more information, feedback or questions, refer to our website: +https://paclido.fr/lilliput-ae + +To the extent possible under law, the implementer has waived all copyright +and related or neighboring rights to the source code in this file. +http://creativecommons.org/publicdomain/zero/1.0/ + +--- + +This file provides a system-specific function to generate random bytes. +*/ + +/* glibc < 2.25 does not provide getrandom(2): use the system call. */ + +#define _GNU_SOURCE + +#include <stddef.h> +#include <stdint.h> + +#include <unistd.h> +#include <sys/syscall.h> + +#include "random.h" + + +void randombytes(size_t nb, uint8_t out[nb]) +{ + syscall(SYS_getrandom, out, nb, 0); +} diff --git a/src/add_threshold/random.h b/src/add_threshold/random.h new file mode 100644 index 0000000..12cae15 --- /dev/null +++ b/src/add_threshold/random.h @@ -0,0 +1,28 @@ +/* +Implementation of the Lilliput-AE tweakable block cipher. + +Author: Kévin Le Gouguec, 2019. + +For more information, feedback or questions, refer to our website: +https://paclido.fr/lilliput-ae + +To the extent possible under law, the implementer has waived all copyright +and related or neighboring rights to the source code in this file. +http://creativecommons.org/publicdomain/zero/1.0/ + +--- + +This file provides an interface to generate random bytes. +*/ + +#ifndef RANDOM_H +#define RANDOM_H + +#include <stddef.h> +#include <stdint.h> + + +void randombytes(size_t nb, uint8_t out[nb]); + + +#endif /* RANDOM_H */ diff --git a/src/add_threshold/tweakey.c b/src/add_threshold/tweakey.c index f80ea86..097a79a 100644 --- a/src/add_threshold/tweakey.c +++ b/src/add_threshold/tweakey.c @@ -24,6 +24,7 @@ tweakey schedule, where the tweak and the key are split into two shares. #include <string.h> #include "constants.h" +#include "random.h" #include "tweakey.h" @@ -39,16 +40,14 @@ void tweakey_state_init( const uint8_t tweak[TWEAK_BYTES] ) { - // To be replaced by real random numbers!!! - uint8_t SHARES_0[KEY_BYTES] = { - 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 - }; + uint8_t SHARES_0[KEY_BYTES]; + randombytes(sizeof(SHARES_0), SHARES_0); - memcpy(TK_Y, SHARES_0, KEY_BYTES); - memcpy(TK_X, tweak, TWEAK_BYTES); + memcpy(TK_Y, SHARES_0, KEY_BYTES); + memcpy(TK_X, tweak, TWEAK_BYTES); for (size_t i=0; i<KEY_BYTES; i++){ - TK_X[i+TWEAK_BYTES] = key[i] ^ SHARES_0[i] ; + TK_X[i+TWEAK_BYTES] = key[i] ^ SHARES_0[i]; } } |