diff options
Diffstat (limited to 'traces')
| -rw-r--r-- | traces/traces-tbc.patch | 64 |
1 files changed, 28 insertions, 36 deletions
diff --git a/traces/traces-tbc.patch b/traces/traces-tbc.patch index 5dc749e..2b81a6b 100644 --- a/traces/traces-tbc.patch +++ b/traces/traces-tbc.patch @@ -1,8 +1,8 @@ diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c -index 48144d4..3b5f36c 100644 +index 6f1b4b5..7a2ae05 100644 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c -@@ -15,6 +15,8 @@ http://creativecommons.org/publicdomain/zero/1.0/ +@@ -17,6 +17,8 @@ http://creativecommons.org/publicdomain/zero/1.0/ This file provides the implementation for Lilliput-TBC. */ @@ -11,7 +11,7 @@ index 48144d4..3b5f36c 100644 #include <stdint.h> #include <string.h> -@@ -69,40 +71,61 @@ static void _compute_round_tweakeys( +@@ -71,33 +73,53 @@ static void _compute_round_tweakeys( uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES] ) { @@ -36,53 +36,45 @@ index 48144d4..3b5f36c 100644 } + static uint8_t _Fj(uint8_t Xj, uint8_t RTKj) + { ++ fprintf(DUMP, " Xj: %02x; S[Xj]: %02x; RTKj: %02x; Fj: %02x\n", Xj, S[Xj], RTKj, S[Xj ^ RTKj]); + return S[Xj ^ RTKj]; + } + static void _nonlinear_layer(uint8_t X[BLOCK_BYTES], const uint8_t RTK[ROUND_TWEAKEY_BYTES]) { + fprintf(DUMP, " nonlinear layer\n"); + + debug_dump_buffer("X", BLOCK_BYTES, X, 12); + - uint8_t F[ROUND_TWEAKEY_BYTES]; - for (size_t j=0; j<ROUND_TWEAKEY_BYTES; j++) - { - F[j] = X[j] ^ RTK[j]; - } - -+ debug_dump_buffer("Xj XOR RTKj", sizeof(F), F, 12); -+ - for (size_t j=0; j<ROUND_TWEAKEY_BYTES; j++) - { - F[j] = S[F[j]]; - } - -+ debug_dump_buffer("F (post-S-box)", sizeof(F), F, 12); -+ for (size_t j=0; j<8; j++) { - size_t dest_j = 15-j; - X[dest_j] ^= F[j]; ++ fprintf(DUMP, " j=%zu\n", j); + X[15-j] ^= _Fj(X[j], RTK[j]); ++ fprintf(DUMP, " X_{15-j} XOR Fj: %02x\n", X[15-j]); } + -+ debug_dump_buffer("X (post-XOR)", BLOCK_BYTES, X, 12); ++ debug_dump_buffer("X", BLOCK_BYTES, X, 12); } static void _linear_layer(uint8_t X[BLOCK_BYTES]) { + fprintf(DUMP, " linear layer\n"); + - X[15] ^= X[1]; - X[15] ^= X[2]; - X[15] ^= X[3]; -@@ -117,6 +140,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES]) - X[11] ^= X[7]; - X[10] ^= X[7]; - X[9] ^= X[7]; + for (size_t j=1; j<8; j++) + { + X[15] ^= X[j]; +@@ -107,6 +129,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES]) + { + X[j] ^= X[7]; + } + + debug_dump_buffer("X", BLOCK_BYTES, X, 12); } static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) -@@ -126,6 +151,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) +@@ -116,6 +140,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) return; } @@ -91,7 +83,7 @@ index 48144d4..3b5f36c 100644 uint8_t X_old[BLOCK_BYTES]; memcpy(X_old, X, BLOCK_BYTES); -@@ -135,6 +162,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) +@@ -125,6 +151,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) { X[pi[j]] = X_old[j]; } @@ -100,7 +92,7 @@ index 48144d4..3b5f36c 100644 } static void _one_round_egfn(uint8_t X[BLOCK_BYTES], const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p) -@@ -158,11 +187,15 @@ void lilliput_tbc_encrypt( +@@ -148,11 +176,15 @@ void lilliput_tbc_encrypt( uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]; _compute_round_tweakeys(key, tweak, RTK); @@ -117,10 +109,10 @@ index 48144d4..3b5f36c 100644 memcpy(ciphertext, X, BLOCK_BYTES); diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c -index 39e5980..4cdcf2a 100644 +index 78c6060..75e9290 100644 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c -@@ -17,6 +17,8 @@ where multiplications by matrices M and M_R to the power n is performed by +@@ -19,6 +19,8 @@ where multiplications by matrices M and M_R to the power n are performed by functions expressing the exponentiated matrices with shifts and XORs. */ @@ -129,7 +121,7 @@ index 39e5980..4cdcf2a 100644 #include <stdint.h> #include <string.h> -@@ -52,10 +54,16 @@ void tweakey_state_extract( +@@ -54,10 +56,16 @@ void tweakey_state_extract( { const uint8_t *TKj = TK + j*LANE_BYTES; @@ -146,7 +138,7 @@ index 39e5980..4cdcf2a 100644 } round_tweakey[0] ^= round_constant; -@@ -165,6 +173,10 @@ static const matrix_multiplication ALPHAS[6] = { +@@ -160,6 +168,10 @@ static const matrix_multiplication ALPHAS[6] = { _multiply_MR3 }; @@ -157,7 +149,7 @@ index 39e5980..4cdcf2a 100644 void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES]) { -@@ -178,5 +190,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES]) +@@ -173,5 +185,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES]) memcpy(TKj_old, TKj, LANE_BYTES); ALPHAS[j-1](TKj_old, TKj); |