summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/ae-common.h69
-rw-r--r--src/lilliput-ae-i.c107
2 files changed, 95 insertions, 81 deletions
diff --git a/src/ae-common.h b/src/ae-common.h
new file mode 100644
index 0000000..6343f98
--- /dev/null
+++ b/src/ae-common.h
@@ -0,0 +1,69 @@
+#ifndef AE_COMMON_H
+#define AE_COMMON_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "cipher.h"
+#include "parameters.h"
+
+
+static inline uint8_t upper_nibble(uint8_t i)
+{
+ return i >> 4;
+}
+
+static inline uint8_t lower_nibble(uint8_t i)
+{
+ return i & 0x0f;
+}
+
+static inline void encrypt(const uint8_t K[KEY_BYTES],
+ const uint8_t T[TWEAK_BYTES],
+ const uint8_t M[BLOCK_BYTES],
+ uint8_t C[BLOCK_BYTES])
+{
+ lilliput_tbc_encrypt(K, T, M, C);
+}
+
+static inline void decrypt(const uint8_t K[KEY_BYTES],
+ const uint8_t T[TWEAK_BYTES],
+ const uint8_t C[BLOCK_BYTES],
+ uint8_t M[BLOCK_BYTES])
+{
+ lilliput_tbc_decrypt(K, T, C, M);
+}
+
+static inline void xor_into(uint8_t dest[BLOCK_BYTES], const uint8_t src[BLOCK_BYTES])
+{
+ for (size_t i=0; i<BLOCK_BYTES; i++)
+ dest[i] ^= src[i];
+}
+
+static inline void xor_arrays(size_t len, uint8_t out[len], const uint8_t a[len], const uint8_t b[len])
+{
+ for (size_t i=0; i<len; i++)
+ out[i] = a[i] ^ b[i];
+}
+
+static inline void pad10(size_t X_len, const uint8_t X[X_len], uint8_t padded[BLOCK_BYTES])
+{
+ /* pad10*(X) = X || 1 || 0^{n-|X|-1} */
+
+ /* Assume that len<BLOCK_BYTES. */
+
+ size_t pad_len = BLOCK_BYTES-X_len;
+
+ memcpy(padded+pad_len, X, X_len);
+
+ padded[pad_len-1] = 0x80;
+
+ if (pad_len > 1)
+ {
+ memset(padded, 0, pad_len-1);
+ }
+}
+
+
+#endif /* AE_COMMON_H */
diff --git a/src/lilliput-ae-i.c b/src/lilliput-ae-i.c
index 60a916b..5d1a630 100644
--- a/src/lilliput-ae-i.c
+++ b/src/lilliput-ae-i.c
@@ -2,6 +2,7 @@
#include <stdint.h>
#include <string.h>
+#include "ae-common.h"
#include "cipher.h"
#include "lilliput-ae.h"
@@ -12,62 +13,6 @@ static const uint8_t _0n[BLOCK_BYTES] = {
};
-static uint8_t _upper_nibble(uint8_t i)
-{
- return i >> 4;
-}
-
-static uint8_t _lower_nibble(uint8_t i)
-{
- return i & 0x0f;
-}
-
-static void _encrypt(const uint8_t K[KEY_BYTES],
- const uint8_t T[TWEAK_BYTES],
- const uint8_t M[BLOCK_BYTES],
- uint8_t C[BLOCK_BYTES])
-{
- lilliput_tbc_encrypt(K, T, M, C);
-}
-
-static void _decrypt(const uint8_t K[KEY_BYTES],
- const uint8_t T[TWEAK_BYTES],
- const uint8_t C[BLOCK_BYTES],
- uint8_t M[BLOCK_BYTES])
-{
- lilliput_tbc_decrypt(K, T, C, M);
-}
-
-static void _xor_into(uint8_t dest[BLOCK_BYTES], const uint8_t src[BLOCK_BYTES])
-{
- for (size_t i=0; i<BLOCK_BYTES; i++)
- dest[i] ^= src[i];
-}
-
-static void _xor_arrays(size_t len, uint8_t out[len], const uint8_t a[len], const uint8_t b[len])
-{
- for (size_t i=0; i<len; i++)
- out[i] = a[i] ^ b[i];
-}
-
-static void _pad10(size_t X_len, const uint8_t X[X_len], uint8_t padded[BLOCK_BYTES])
-{
- /* pad10*(X) = X || 1 || 0^{n-|X|-1} */
-
- /* Assume that len<BLOCK_BYTES. */
-
- size_t pad_len = BLOCK_BYTES-X_len;
-
- memcpy(padded+pad_len, X, X_len);
-
- padded[pad_len-1] = 0x80;
-
- if (pad_len > 1)
- {
- memset(padded, 0, pad_len-1);
- }
-}
-
static void _fill_ad_tweak(
uint8_t prefix,
uint64_t block_nb,
@@ -119,14 +64,14 @@ static void _fill_msg_tweak(
tweak[i] = b;
}
- tweak[sizeof(block_nb)] = _lower_nibble(N[0]) << 4;
+ tweak[sizeof(block_nb)] = lower_nibble(N[0]) << 4;
for (size_t i=1; i<NONCE_BYTES; i++)
{
- tweak[sizeof(block_nb)+i] = _lower_nibble(N[i]) << 4 ^ _upper_nibble(N[i-1]);
+ tweak[sizeof(block_nb)+i] = lower_nibble(N[i]) << 4 ^ upper_nibble(N[i-1]);
}
- tweak[TWEAK_BYTES-1] = prefix << 4 ^ _upper_nibble(N[NONCE_BYTES-1]);
+ tweak[TWEAK_BYTES-1] = prefix << 4 ^ upper_nibble(N[NONCE_BYTES-1]);
}
static void _process_associated_data(
@@ -148,17 +93,17 @@ static void _process_associated_data(
for (size_t i=0; i<l_a; i++)
{
_fill_ad_tweak(0x2, i, tweak);
- _encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai);
- _xor_into(Auth, Ek_Ai);
+ encrypt(key, tweak, &A[i*BLOCK_BYTES], Ek_Ai);
+ xor_into(Auth, Ek_Ai);
}
if (rest != 0)
{
uint8_t A_rest[BLOCK_BYTES];
- _pad10(rest, &A[l_a*BLOCK_BYTES], A_rest);
+ pad10(rest, &A[l_a*BLOCK_BYTES], A_rest);
_fill_ad_tweak(0x6, l_a, tweak);
- _encrypt(key, tweak, A_rest, Ek_Ai);
- _xor_into(Auth, Ek_Ai);
+ encrypt(key, tweak, A_rest, Ek_Ai);
+ xor_into(Auth, Ek_Ai);
}
}
@@ -182,30 +127,30 @@ static void _encrypt_message(
for (size_t j=0; j<l; j++)
{
- _xor_into(checksum, &M[j*BLOCK_BYTES]);
+ xor_into(checksum, &M[j*BLOCK_BYTES]);
_fill_msg_tweak(0x0, N, j, tweak);
- _encrypt(key, tweak, &M[j*BLOCK_BYTES], &C[j*BLOCK_BYTES]);
+ encrypt(key, tweak, &M[j*BLOCK_BYTES], &C[j*BLOCK_BYTES]);
}
if (rest == 0)
{
_fill_msg_tweak(0x1, N, l-1, tweak);
- _encrypt(key, tweak, checksum, Final);
+ encrypt(key, tweak, checksum, Final);
}
else
{
uint8_t M_rest[BLOCK_BYTES];
uint8_t Pad[BLOCK_BYTES];
- _pad10(rest, &M[l*BLOCK_BYTES], M_rest);
- _xor_into(checksum, M_rest);
+ pad10(rest, &M[l*BLOCK_BYTES], M_rest);
+ xor_into(checksum, M_rest);
_fill_msg_tweak(0x4, N, l, tweak);
- _encrypt(key, tweak, _0n, Pad);
- _xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Pad);
+ encrypt(key, tweak, _0n, Pad);
+ xor_arrays(rest, &C[l*BLOCK_BYTES], &M[l*BLOCK_BYTES], Pad);
_fill_msg_tweak(0x5, N, l, tweak);
- _encrypt(key, tweak, checksum, Final);
+ encrypt(key, tweak, checksum, Final);
}
}
@@ -230,14 +175,14 @@ static void _decrypt_message(
for (size_t j=0; j<l; j++)
{
_fill_msg_tweak(0x0, N, j, tweak);
- _decrypt(key, tweak, &C[j*BLOCK_BYTES], &M[j*BLOCK_BYTES]);
- _xor_into(checksum, &M[j*BLOCK_BYTES]);
+ decrypt(key, tweak, &C[j*BLOCK_BYTES], &M[j*BLOCK_BYTES]);
+ xor_into(checksum, &M[j*BLOCK_BYTES]);
}
if (rest == 0)
{
_fill_msg_tweak(0x1, N, l-1, tweak);
- _encrypt(key, tweak, checksum, Final);
+ encrypt(key, tweak, checksum, Final);
}
else
{
@@ -245,14 +190,14 @@ static void _decrypt_message(
uint8_t Pad[BLOCK_BYTES];
_fill_msg_tweak(0x4, N, l, tweak);
- _encrypt(key, tweak, _0n, Pad);
- _xor_arrays(rest, &M[l*BLOCK_BYTES], &C[l*BLOCK_BYTES], Pad);
+ encrypt(key, tweak, _0n, Pad);
+ xor_arrays(rest, &M[l*BLOCK_BYTES], &C[l*BLOCK_BYTES], Pad);
- _pad10(rest, &M[l*BLOCK_BYTES], M_rest);
- _xor_into(checksum, M_rest);
+ pad10(rest, &M[l*BLOCK_BYTES], M_rest);
+ xor_into(checksum, M_rest);
_fill_msg_tweak(0x5, N, l, tweak);
- _encrypt(key, tweak, checksum, Final);
+ encrypt(key, tweak, checksum, Final);
}
}
@@ -262,7 +207,7 @@ static void _generate_tag(
uint8_t tag[TAG_BYTES]
)
{
- _xor_arrays(TAG_BYTES, tag, Final, Auth);
+ xor_arrays(TAG_BYTES, tag, Final, Auth);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 20:01:03 +0000