From 38dd8896682365a01a6cbbec97631b9ed7573953 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Mon, 20 May 2019 14:06:58 +0200
Subject: Mise à jour du patch de traces
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 traces/traces-tbc.patch | 64 ++++++++++++++++++++++---------------------------
 1 file changed, 28 insertions(+), 36 deletions(-)

diff --git a/traces/traces-tbc.patch b/traces/traces-tbc.patch
index 5dc749e..2b81a6b 100644
--- a/traces/traces-tbc.patch
+++ b/traces/traces-tbc.patch
@@ -1,8 +1,8 @@
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
-index 48144d4..3b5f36c 100644
+index 6f1b4b5..7a2ae05 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
-@@ -15,6 +15,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
+@@ -17,6 +17,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
  This file provides the implementation for Lilliput-TBC.
  */
  
@@ -11,7 +11,7 @@ index 48144d4..3b5f36c 100644
  #include <stdint.h>
  #include <string.h>
  
-@@ -69,40 +71,61 @@ static void _compute_round_tweakeys(
+@@ -71,33 +73,53 @@ static void _compute_round_tweakeys(
      uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES]
  )
  {
@@ -36,53 +36,45 @@ index 48144d4..3b5f36c 100644
  }
  
  
+ static uint8_t _Fj(uint8_t Xj, uint8_t RTKj)
+ {
++    fprintf(DUMP, "            Xj: %02x; S[Xj]: %02x; RTKj: %02x; Fj: %02x\n", Xj, S[Xj], RTKj, S[Xj ^ RTKj]);
+     return S[Xj ^ RTKj];
+ }
+ 
  static void _nonlinear_layer(uint8_t X[BLOCK_BYTES], const uint8_t RTK[ROUND_TWEAKEY_BYTES])
  {
 +    fprintf(DUMP, "        nonlinear layer\n");
 +
 +    debug_dump_buffer("X", BLOCK_BYTES, X, 12);
-+
-     uint8_t F[ROUND_TWEAKEY_BYTES];
-     for (size_t j=0; j<ROUND_TWEAKEY_BYTES; j++)
-     {
-         F[j] = X[j] ^ RTK[j];
-     }
- 
-+    debug_dump_buffer("Xj XOR RTKj", sizeof(F), F, 12);
-+
-     for (size_t j=0; j<ROUND_TWEAKEY_BYTES; j++)
-     {
-         F[j] = S[F[j]];
-     }
- 
-+    debug_dump_buffer("F (post-S-box)", sizeof(F), F, 12);
 +
      for (size_t j=0; j<8; j++)
      {
-         size_t dest_j = 15-j;
-         X[dest_j] ^= F[j];
++        fprintf(DUMP, "            j=%zu\n", j);
+         X[15-j] ^= _Fj(X[j], RTK[j]);
++        fprintf(DUMP, "            X_{15-j} XOR Fj: %02x\n", X[15-j]);
      }
 +
-+    debug_dump_buffer("X (post-XOR)", BLOCK_BYTES, X, 12);
++    debug_dump_buffer("X", BLOCK_BYTES, X, 12);
  }
  
  static void _linear_layer(uint8_t X[BLOCK_BYTES])
  {
 +    fprintf(DUMP, "        linear layer\n");
 +
-     X[15] ^= X[1];
-     X[15] ^= X[2];
-     X[15] ^= X[3];
-@@ -117,6 +140,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES])
-     X[11] ^= X[7];
-     X[10] ^= X[7];
-     X[9]  ^= X[7];
+     for (size_t j=1; j<8; j++)
+     {
+         X[15] ^= X[j];
+@@ -107,6 +129,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES])
+     {
+         X[j] ^= X[7];
+     }
 +
 +    debug_dump_buffer("X", BLOCK_BYTES, X, 12);
  }
  
  static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
-@@ -126,6 +151,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
+@@ -116,6 +140,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
          return;
      }
  
@@ -91,7 +83,7 @@ index 48144d4..3b5f36c 100644
      uint8_t X_old[BLOCK_BYTES];
      memcpy(X_old, X, BLOCK_BYTES);
  
-@@ -135,6 +162,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
+@@ -125,6 +151,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
      {
          X[pi[j]] = X_old[j];
      }
@@ -100,7 +92,7 @@ index 48144d4..3b5f36c 100644
  }
  
  static void _one_round_egfn(uint8_t X[BLOCK_BYTES], const uint8_t RTK[ROUND_TWEAKEY_BYTES], permutation p)
-@@ -158,11 +187,15 @@ void lilliput_tbc_encrypt(
+@@ -148,11 +176,15 @@ void lilliput_tbc_encrypt(
      uint8_t RTK[ROUNDS][ROUND_TWEAKEY_BYTES];
      _compute_round_tweakeys(key, tweak, RTK);
  
@@ -117,10 +109,10 @@ index 48144d4..3b5f36c 100644
  
      memcpy(ciphertext, X, BLOCK_BYTES);
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
-index 39e5980..4cdcf2a 100644
+index 78c6060..75e9290 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
-@@ -17,6 +17,8 @@ where multiplications by matrices M and M_R to the power n is performed by
+@@ -19,6 +19,8 @@ where multiplications by matrices M and M_R to the power n are performed
  by functions expressing the exponentiated matrices with shifts and XORs.
  */
  
@@ -129,7 +121,7 @@ index 39e5980..4cdcf2a 100644
  #include <stdint.h>
  #include <string.h>
  
-@@ -52,10 +54,16 @@ void tweakey_state_extract(
+@@ -54,10 +56,16 @@ void tweakey_state_extract(
      {
          const uint8_t *TKj = TK + j*LANE_BYTES;
  
@@ -146,7 +138,7 @@ index 39e5980..4cdcf2a 100644
      }
  
      round_tweakey[0] ^= round_constant;
-@@ -165,6 +173,10 @@ static const matrix_multiplication ALPHAS[6] = {
+@@ -160,6 +168,10 @@ static const matrix_multiplication ALPHAS[6] = {
      _multiply_MR3
  };
  
@@ -157,7 +149,7 @@ index 39e5980..4cdcf2a 100644
  
  void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
  {
-@@ -178,5 +190,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
+@@ -173,5 +185,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
          memcpy(TKj_old, TKj, LANE_BYTES);
  
          ALPHAS[j-1](TKj_old, TKj);
-- 
cgit v1.2.3