1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
#include <stdbool.h>
#include <string.h>
#include <inttypes.h> /* debug */
#include "constants.h"
#include "parameters.h"
#include "tweakey.h"
#define LANE_BITS 64
#define LANE_BYTES (LANE_BITS/8)
#define LANES_NB (TWEAKEY_BYTES/LANE_BYTES)
static void _dump_buffer(FILE *output, size_t len, const uint8_t buf[len], int indent)
{
for (size_t line=0; line<len/8; line++)
{
fprintf(output, "%*s", indent, "");
for (size_t b=0; b<8; b++)
{
/* start with MSB */
size_t byte_index = len-(1+line*8+b);
fprintf(output, "%*s", 5, "");
fprintf(output, "%02x", buf[byte_index]);
}
fprintf(output, "\n");
}
fprintf(output, "\n");
}
void tweakey_state_init(
tweakey_state *TK,
const uint8_t key[KEY_BYTES],
const uint8_t tweak[TWEAK_BYTES],
FILE *debug
)
{
memcpy(TK->TK, tweak, TWEAK_BYTES);
memcpy(TK->TK+TWEAK_BYTES, key, KEY_BYTES);
TK->debug = debug;
fprintf(debug, " Tweak is :\n");
_dump_buffer(debug, TWEAK_BYTES, tweak, 5);
fprintf(debug, " Key is :\n");
_dump_buffer(debug, KEY_BYTES, key, 5);
fprintf(debug, " Tweakey is :\n");
_dump_buffer(debug, sizeof(TK->TK), TK->TK, 5);
}
void tweakey_state_extract(
const tweakey_state *TK,
uint8_t round_tweakey[ROUND_TWEAKEY_BYTES], /* output */
uint8_t i /* round constant */
)
{
memset(round_tweakey, 0, ROUND_TWEAKEY_BYTES);
for (const uint8_t *lane=TK->TK; lane<TK->TK+TWEAKEY_BYTES; lane+=LANE_BYTES)
{
for (size_t j=0; j<LANE_BYTES; j++)
{
round_tweakey[j] ^= lane[j];
}
}
round_tweakey[0] ^= i;
fprintf(TK->debug, " Extracting Subtweakey round %"PRIu8"\n", i);
_dump_buffer(TK->debug, sizeof(TK->TK), TK->TK, 5);
fprintf(TK->debug, " Subtweakey :\n");
_dump_buffer(TK->debug, ROUND_TWEAKEY_BYTES, round_tweakey, 5);
}
static void _permute_state(tweakey_state *TK)
{
uint8_t TK_old[TWEAKEY_BYTES];
memcpy(TK_old, TK->TK, sizeof(TK_old));
/* TODO: homogenize indices; here j=lane; k=byte */
for (size_t j=0; j<TWEAKEY_BYTES; j+=LANE_BYTES)
{
for (size_t k=0; k<LANE_BYTES; k++)
{
TK->TK[j+k] = TK_old[j+h[k]];
}
}
}
static void _multiply_state(tweakey_state *TK)
{
/* Lane 0 is multiplied by Id; lane 1 by P_0, lane 2 by P_1... */
for (size_t lane=1; lane<LANES_NB; lane++)
{
const uint8_t* P_lane = P[lane-1];
/* TODO: homogenize indices; here b=byte */
for (size_t b=0; b<LANE_BYTES; b++)
{
size_t offset = lane*LANE_BYTES + b;
TK->TK[offset] = P_lane[TK->TK[offset]];
}
}
}
void tweakey_state_update(tweakey_state *TK)
{
fprintf(TK->debug, " Input Tweakey :\n");
_dump_buffer(TK->debug, sizeof(TK->TK), TK->TK, 10);
_permute_state(TK);
fprintf(TK->debug, " Post permutation Tweakey :\n");
_dump_buffer(TK->debug, sizeof(TK->TK), TK->TK, 10);
_multiply_state(TK);
fprintf(TK->debug, " Post multiplication Tweakey :\n");
_dump_buffer(TK->debug, sizeof(TK->TK), TK->TK, 10);
}
|
