From 7be6c07647afbc27bc7402efb23c1178affa2ec9 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Mon, 10 Dec 2018 16:37:26 +0100
Subject: Mise à jour de l'implémentation du key schedule
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pour le moment, Mⁱ (resp. MRⁱ)  sont implémentées en appliquant i fois
M (resp.  MR) ; à voir si on préfère les pré-calculer.
---
 src/tweakey.c | 107 +++++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 73 insertions(+), 34 deletions(-)

(limited to 'src/tweakey.c')

diff --git a/src/tweakey.c b/src/tweakey.c
index 648bd54..c7d5aaa 100644
--- a/src/tweakey.c
+++ b/src/tweakey.c
@@ -1,7 +1,6 @@
 #include <stdint.h>
 #include <string.h>
 
-#include "constants.h"
 #include "parameters.h"
 #include "tweakey.h"
 
@@ -44,49 +43,89 @@ void tweakey_state_extract(
 }
 
 
-static void _permute_state(uint8_t TK[TWEAKEY_BYTES])
+static void _multiply_M(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES])
 {
-    uint8_t TK_old[TWEAKEY_BYTES];
-    memcpy(TK_old, TK, TWEAKEY_BYTES);
+    new[7] = old[6];
+    new[6] = old[5];
+    new[5] = old[4] ^ old[5]<<3;
+    new[4] = old[3] ^ old[4]>>3;
+    new[3] = old[2];
+    new[2] = old[1] ^ old[6]<<2;
+    new[1] = old[0];
+    new[0] = old[7];
+}
 
-    for (size_t j=0; j<LANES_NB; j++)
-    {
-        uint8_t       *TKj     = TK     + j*LANE_BYTES;
-        uint8_t const *TKj_old = TK_old + j*LANE_BYTES;
+static void _multiply_M2(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES])
+{
+    uint8_t tmp[LANE_BYTES];
+    memcpy(tmp, old, LANE_BYTES);
 
-        for (size_t k=0; k<LANE_BYTES; k++)
-        {
-            TKj[h[k]] = TKj_old[k];
-        }
-    }
+    _multiply_M(old, tmp);
+    _multiply_M(tmp, new);
 }
 
-static void _multiply_state(uint8_t TK[TWEAKEY_BYTES])
+static void _multiply_M3(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES])
 {
-    /* Each byte in lane 0 is multiplied by alpha_0 = 1, i.e. it
-     * remains unchanged.
-     *
-     * Each byte b in lanes j = { 1, ..., p-1 } is multiplied by
-     * alpha_j; the result of b*alpha_j is stored in P_j[b].
-     *
-     * In this implementation, P_j sequences are stored in array P;
-     * P_j = P[j-1].
-     */
+    uint8_t tmp[LANE_BYTES];
+    memcpy(tmp, old, LANE_BYTES);
 
-    for (size_t j=1; j<LANES_NB; j++)
-    {
-        uint8_t const *Pj  = P[j-1];
-        uint8_t       *TKj = TK + j*LANE_BYTES;
+    _multiply_M2(old, tmp);
+    _multiply_M(tmp, new);
+}
 
-        for (size_t k=0; k<LANE_BYTES; k++)
-        {
-            TKj[k] = Pj[TKj[k]];
-        }
-    }
+static void _multiply_MR(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES])
+{
+    new[0] = old[1];
+    new[1] = old[2];
+    new[2] = old[3] ^ old[4]<<3;
+    new[3] = old[4];
+    new[4] = old[5] ^ old[6]>>3;
+    new[5] = old[6] ^ old[3]>>2;
+    new[6] = old[7];
+    new[7] = old[0];
 }
 
+static void _multiply_MR2(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES])
+{
+    uint8_t tmp[LANE_BYTES];
+    memcpy(tmp, old, LANE_BYTES);
+
+    _multiply_MR(old, tmp);
+    _multiply_MR(tmp, new);
+}
+
+static void _multiply_MR3(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES])
+{
+    uint8_t tmp[LANE_BYTES];
+    memcpy(tmp, old, LANE_BYTES);
+
+    _multiply_MR2(old, tmp);
+    _multiply_MR(tmp, new);
+}
+
+typedef void (*matrix_multiplication)(const uint8_t old[LANE_BYTES], uint8_t new[LANE_BYTES]);
+
+static const matrix_multiplication ALPHAS[6] = {
+    _multiply_M,
+    _multiply_M2,
+    _multiply_M3,
+    _multiply_MR,
+    _multiply_MR2,
+    _multiply_MR3
+};
+
+
 void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
 {
-    _permute_state(TK);
-    _multiply_state(TK);
+    /* Skip lane 0, as it is multiplied by the identity matrix. */
+
+    for (size_t j=1; j<LANES_NB; j++)
+    {
+        uint8_t *TKj = TK + j*LANE_BYTES;
+
+        uint8_t TKj_old[LANE_BYTES];
+        memcpy(TKj_old, TKj, LANE_BYTES);
+
+        ALPHAS[j-1](TKj_old, TKj);
+    }
 }
-- 
cgit v1.2.3