#include #include #include "parameters.h" #include "tweakey.h" #define LANE_BITS 64 #define LANE_BYTES (LANE_BITS/8) #define LANES_NB (TWEAKEY_BYTES/LANE_BYTES) void tweakey_state_init( uint8_t TK[TWEAKEY_BYTES], const uint8_t key[KEY_BYTES], const uint8_t tweak[TWEAK_BYTES] ) { memcpy(TK, tweak, TWEAK_BYTES); memcpy(TK+TWEAK_BYTES, key, KEY_BYTES); } void tweakey_state_extract( const uint8_t TK[TWEAKEY_BYTES], uint8_t round_constant, uint8_t round_tweakey[ROUND_TWEAKEY_BYTES] ) { memset(round_tweakey, 0, ROUND_TWEAKEY_BYTES); for (size_t j=0; j>3; Y[3] = X[2]; Y[2] = X[1] ^ X[6]<<2; Y[1] = X[0]; Y[0] = X[7]; } static const uint8_t M_1[256] = { 0x00, 0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x41, 0x49, 0x51, 0x59, 0x61, 0x69, 0x71, 0x79, 0x82, 0x8a, 0x92, 0x9a, 0xa2, 0xaa, 0xb2, 0xba, 0xc3, 0xcb, 0xd3, 0xdb, 0xe3, 0xeb, 0xf3, 0xfb, 0x04, 0x0c, 0x14, 0x1c, 0x24, 0x2c, 0x34, 0x3c, 0x45, 0x4d, 0x55, 0x5d, 0x65, 0x6d, 0x75, 0x7d, 0x86, 0x8e, 0x96, 0x9e, 0xa6, 0xae, 0xb6, 0xbe, 0xc7, 0xcf, 0xd7, 0xdf, 0xe7, 0xef, 0xf7, 0xff, 0x08, 0x00, 0x18, 0x10, 0x28, 0x20, 0x38, 0x30, 0x49, 0x41, 0x59, 0x51, 0x69, 0x61, 0x79, 0x71, 0x8a, 0x82, 0x9a, 0x92, 0xaa, 0xa2, 0xba, 0xb2, 0xcb, 0xc3, 0xdb, 0xd3, 0xeb, 0xe3, 0xfb, 0xf3, 0x0c, 0x04, 0x1c, 0x14, 0x2c, 0x24, 0x3c, 0x34, 0x4d, 0x45, 0x5d, 0x55, 0x6d, 0x65, 0x7d, 0x75, 0x8e, 0x86, 0x9e, 0x96, 0xae, 0xa6, 0xbe, 0xb6, 0xcf, 0xc7, 0xdf, 0xd7, 0xef, 0xe7, 0xff, 0xf7, 0x10, 0x18, 0x00, 0x08, 0x30, 0x38, 0x20, 0x28, 0x51, 0x59, 0x41, 0x49, 0x71, 0x79, 0x61, 0x69, 0x92, 0x9a, 0x82, 0x8a, 0xb2, 0xba, 0xa2, 0xaa, 0xd3, 0xdb, 0xc3, 0xcb, 0xf3, 0xfb, 0xe3, 0xeb, 0x14, 0x1c, 0x04, 0x0c, 0x34, 0x3c, 0x24, 0x2c, 0x55, 0x5d, 0x45, 0x4d, 0x75, 0x7d, 0x65, 0x6d, 0x96, 0x9e, 0x86, 0x8e, 0xb6, 0xbe, 0xa6, 0xae, 0xd7, 0xdf, 0xc7, 0xcf, 0xf7, 0xff, 0xe7, 0xef, 0x18, 0x10, 0x08, 0x00, 0x38, 0x30, 0x28, 0x20, 0x59, 0x51, 0x49, 0x41, 0x79, 0x71, 0x69, 0x61, 0x9a, 0x92, 0x8a, 0x82, 0xba, 0xb2, 0xaa, 0xa2, 0xdb, 0xd3, 0xcb, 0xc3, 0xfb, 0xf3, 0xeb, 0xe3, 0x1c, 0x14, 0x0c, 0x04, 0x3c, 0x34, 0x2c, 0x24, 0x5d, 0x55, 0x4d, 0x45, 0x7d, 0x75, 0x6d, 0x65, 0x9e, 0x96, 0x8e, 0x86, 0xbe, 0xb6, 0xae, 0xa6, 0xdf, 0xd7, 0xcf, 0xc7, 0xff, 0xf7, 0xef, 0xe7 }; static void _multiply_M2(const uint8_t X[LANE_BYTES], uint8_t Y[LANE_BYTES]) { Y[7] = X[5]; Y[6] = X[4] ^ X[5]<<3; Y[5] = X[3] ^ M_1[X[4]] ^ X[5]<<6; Y[4] = X[2] ^ X[3]>>3 ^ X[4]>>6; Y[3] = X[6]<<2 ^ X[1]; Y[2] = X[5]<<2 ^ X[0]; Y[1] = X[7]; Y[0] = X[6]; } static void _multiply_M3(const uint8_t X[LANE_BYTES], uint8_t Y[LANE_BYTES]) { uint8_t tmp[LANE_BYTES]; memcpy(tmp, X, LANE_BYTES); _multiply_M2(X, tmp); _multiply_M(tmp, Y); } static void _multiply_MR(const uint8_t X[LANE_BYTES], uint8_t Y[LANE_BYTES]) { Y[0] = X[1]; Y[1] = X[2]; Y[2] = X[3] ^ X[4]<<3; Y[3] = X[4]; Y[4] = X[5] ^ X[6]>>3; Y[5] = X[6] ^ X[3]>>2; Y[6] = X[7]; Y[7] = X[0]; } static void _multiply_MR2(const uint8_t X[LANE_BYTES], uint8_t Y[LANE_BYTES]) { uint8_t tmp[LANE_BYTES]; memcpy(tmp, X, LANE_BYTES); _multiply_MR(X, tmp); _multiply_MR(tmp, Y); } static void _multiply_MR3(const uint8_t X[LANE_BYTES], uint8_t Y[LANE_BYTES]) { uint8_t tmp[LANE_BYTES]; memcpy(tmp, X, LANE_BYTES); _multiply_MR2(X, tmp); _multiply_MR(tmp, Y); } typedef void (*matrix_multiplication)(const uint8_t X[LANE_BYTES], uint8_t Y[LANE_BYTES]); static const matrix_multiplication ALPHAS[6] = { _multiply_M, _multiply_M2, _multiply_M3, _multiply_MR, _multiply_MR2, _multiply_MR3 }; void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES]) { /* Skip lane 0, as it is multiplied by the identity matrix. */ for (size_t j=1; j