diff options
Diffstat (limited to 'traces.patch')
| -rw-r--r-- | traces.patch | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/traces.patch b/traces.patch index 8aecdf6..1dfd08a 100644 --- a/traces.patch +++ b/traces.patch @@ -54,6 +54,121 @@ index 561854e..397dac0 100644 } } +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c +index 7f1152a..caae858 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/cipher.c +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #include <stdint.h> + #include <string.h> + +@@ -47,40 +49,61 @@ static void _compute_round_tweakeys( + uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES] + ) + { ++ fprintf(DUMP, "computing %zu round sub-tweakeys\n", (size_t)ROUNDS); ++ + tweakey_state TK; + tweakey_state_init(&TK, key, tweak); + tweakey_state_extract(&TK, RTK[0], 0); + ++ fprintf(DUMP, " 0\n"); ++ debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, RTK[0], 8); ++ + for (uint8_t i=1; i<ROUNDS; i++) + { ++ fprintf(DUMP, " %zu\n", (size_t)i); ++ + tweakey_state_update(&TK); ++ debug_dump_buffer("TK", TWEAK_BYTES, TK.TK, 8); + tweakey_state_extract(&TK, RTK[i], i); ++ debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, RTK[i], 8); + } + } + + + static void _nonlinear_layer(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES]) + { ++ fprintf(DUMP, " nonlinear layer\n"); ++ ++ debug_dump_buffer("X", BLOCK_BYTES, X->X, 12); ++ + uint8_t F[ROUND_TWEAKEY_BYTES]; + for (size_t j=0; j<sizeof(F); j++) + { + F[j] = X->X[j] ^ RTK[j]; + } + ++ debug_dump_buffer("Xj XOR RTKj", sizeof(F), F, 12); ++ + for (size_t j=0; j<sizeof(F); j++) + { + F[j] = S[F[j]]; + } + ++ debug_dump_buffer("F (post-S-box)", sizeof(F), F, 12); ++ + for (size_t j=0; j<8; j++) + { + size_t dest_j = 15-j; + X->X[dest_j] ^= F[j]; + } ++ ++ debug_dump_buffer("X (post-XOR)", BLOCK_BYTES, X->X, 12); + } + + static void _linear_layer(cipher_state *X) + { ++ fprintf(DUMP, " linear layer\n"); ++ + X->X[15] ^= X->X[1]; + X->X[15] ^= X->X[2]; + X->X[15] ^= X->X[3]; +@@ -95,6 +118,8 @@ static void _linear_layer(cipher_state *X) + X->X[11] ^= X->X[7]; + X->X[10] ^= X->X[7]; + X->X[9] ^= X->X[7]; ++ ++ debug_dump_buffer("X", BLOCK_BYTES, X->X, 12); + } + + static void _permutation_layer(cipher_state *X, permutation p) +@@ -104,6 +129,8 @@ static void _permutation_layer(cipher_state *X, permutation p) + return; + } + ++ fprintf(DUMP, " permutation layer\n"); ++ + uint8_t X_old[BLOCK_BYTES]; + memcpy(X_old, X, sizeof(X_old)); + +@@ -113,6 +140,8 @@ static void _permutation_layer(cipher_state *X, permutation p) + { + X->X[pi[j]] = X_old[j]; + } ++ ++ debug_dump_buffer("X", BLOCK_BYTES, X->X, 12); + } + + static void _one_round_egfn(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p) +@@ -136,11 +165,15 @@ void lilliput_tbc_encrypt( + uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]; + _compute_round_tweakeys(key, tweak, RTK); + ++ fprintf(DUMP, "running EGFN %zu times\n", (size_t)ROUNDS); ++ + for (uint8_t i=0; i<ROUNDS-1; i++) + { ++ fprintf(DUMP, " round %zu\n", (size_t)i); + _one_round_egfn(&X, RTK[i], PERMUTATION_ENCRYPTION); + } + ++ fprintf(DUMP, " round %zu\n", (size_t)(ROUNDS-1)); + _one_round_egfn(&X, RTK[ROUNDS-1], PERMUTATION_NONE); + + memcpy(ciphertext, X.X, BLOCK_BYTES); diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c index b1758c9..5cbb3f4 100644 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/lilliput-ae-i.c @@ -273,3 +388,68 @@ index 26885e5..88f9ae0 100644 } } +diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c +index da97019..cb25b21 100644 +--- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c ++++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/tweakey.c +@@ -1,3 +1,5 @@ ++#include "debug.h" ++ + #include <stdint.h> + #include <string.h> + +@@ -32,10 +34,16 @@ void tweakey_state_extract( + + for (const uint8_t *lane=TK->TK; lane<TK->TK+TWEAKEY_BYTES; lane+=LANE_BYTES) + { ++ fprintf(DUMP, " XORing lane %zu/%zu\n", (size_t)((lane-TK->TK)/LANE_BYTES), (size_t)LANES_NB); ++ debug_dump_buffer("RTK", ROUND_TWEAKEY_BYTES, round_tweakey, 12); ++ debug_dump_buffer("lane[j]", LANE_BYTES, lane, 12); ++ + for (size_t j=0; j<LANE_BYTES; j++) + { + round_tweakey[j] ^= lane[j]; + } ++ ++ debug_dump_buffer("=> RTK", ROUND_TWEAKEY_BYTES, round_tweakey, 12); + } + + round_tweakey[0] ^= i; +@@ -44,6 +52,8 @@ void tweakey_state_extract( + + static void _permute_state(tweakey_state *TK) + { ++ fprintf(DUMP, " permuting TK\n"); ++ + uint8_t TK_old[TWEAKEY_BYTES]; + memcpy(TK_old, TK->TK, sizeof(TK_old)); + +@@ -56,12 +66,19 @@ static void _permute_state(tweakey_state *TK) + TK->TK[j+h[k]] = TK_old[j+k]; + } + } ++ ++ debug_dump_buffer("TKi-1", TWEAKEY_BYTES, TK_old, 12); ++ debug_dump_buffer("TKi", TWEAKEY_BYTES, TK->TK, 12); + } + + static void _multiply_state(tweakey_state *TK) + { ++ fprintf(DUMP, " multiplying TK\n"); ++ + /* Lane 0 is multiplied by Id; lane 1 by P_0, lane 2 by P_1... */ + ++ debug_dump_buffer("TKi-1", TWEAKEY_BYTES, TK->TK, 12); ++ + for (size_t lane=1; lane<LANES_NB; lane++) + { + const uint8_t* P_lane = P[lane-1]; +@@ -74,6 +91,8 @@ static void _multiply_state(tweakey_state *TK) + TK->TK[offset] = P_lane[TK->TK[offset]]; + } + } ++ ++ debug_dump_buffer("TKi", TWEAKEY_BYTES, TK->TK, 12); + } + + void tweakey_state_update(tweakey_state *TK) |