1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/*
Implementation of the Lilliput-AE tweakable block cipher.
Authors, hereby denoted as "the implementer":
Kévin Le Gouguec,
2019.
For more information, feedback or questions, refer to our website:
https://paclido.fr/lilliput-ae
To the extent possible under law, the implementer has waived all copyright
and related or neighboring rights to the source code in this file.
http://creativecommons.org/publicdomain/zero/1.0/
---
This file implements the alpha-multiplications used in Lilliput-TBC's
tweakey schedule, where each matrix M and M_R to the power n are
implemented in distinct functions with shifts and XORs.
*/
#ifndef MULTIPLICATIONS_H
#define MULTIPLICATIONS_H
#include <stdint.h>
#include "constants.h"
static void _multiply_M(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES])
{
y[7] = x[6];
y[6] = x[5];
y[5] = x[5]<<3 ^ x[4];
y[4] = x[4]>>3 ^ x[3];
y[3] = x[2];
y[2] = x[6]<<2 ^ x[1];
y[1] = x[0];
y[0] = x[7];
}
static void _multiply_M2(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES])
{
uint8_t a5 = x[5]<<3 ^ x[4];
uint8_t a4 = x[4]>>3 ^ x[3];
y[7] = x[5];
y[6] = a5;
y[5] = a5<<3 ^ a4;
y[4] = a4>>3 ^ x[2];
y[3] = x[6]<<2 ^ x[1];
y[2] = x[5]<<2 ^ x[0];
y[1] = x[7];
y[0] = x[6];
}
static void _multiply_M3(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES])
{
uint8_t a5 = x[5]<<3 ^ x[4];
uint8_t a4 = x[4]>>3 ^ x[3];
uint8_t b5 = a5<<3 ^ a4;
uint8_t b4 = a4>>3 ^ x[2];
y[7] = a5;
y[6] = b5;
y[5] = b5<<3 ^ b4;
y[4] = b4>>3 ^ x[6]<<2 ^ x[1];
y[3] = x[5]<<2 ^ x[0];
y[2] = a5<<2 ^ x[7];
y[1] = x[6];
y[0] = x[5];
}
static void _multiply_M4(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES])
{
uint8_t a5 = x[5]<<3 ^ x[4];
uint8_t a4 = x[4]>>3 ^ x[3];
uint8_t b5 = a5<<3 ^ a4;
uint8_t b4 = a4>>3 ^ x[2];
uint8_t c4 = b4>>3 ^ x[6]<<2 ^ x[1];
uint8_t c5 = b5<<3 ^ b4;
y[7] = b5;
y[6] = c5;
y[5] = c5<<3 ^ c4;
y[4] = c4>>3 ^ x[5]<<2 ^ x[0];
y[3] = a5<<2 ^ x[7];
y[2] = b5<<2 ^ x[6];
y[1] = x[5];
y[0] = a5;
}
static void _multiply_MR(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES])
{
y[0] = x[1];
y[1] = x[2];
y[2] = x[3] ^ x[4]>>3;
y[3] = x[4];
y[4] = x[5] ^ x[6]<<3;
y[5] = x[3]<<2 ^ x[6];
y[6] = x[7];
y[7] = x[0];
}
static void _multiply_MR2(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES])
{
uint8_t a4 = x[5] ^ x[6]<<3;
y[0] = x[2];
y[1] = x[3] ^ x[4]>>3;
y[2] = x[4] ^ a4>>3;
y[3] = a4;
y[4] = x[3]<<2 ^ x[6] ^ x[7]<<3;
y[5] = x[4]<<2 ^ x[7];
y[6] = x[0];
y[7] = x[1];
}
static void _multiply_MR3(const uint8_t x[LANE_BYTES], uint8_t y[LANE_BYTES])
{
uint8_t a4 = x[5] ^ x[6]<<3;
uint8_t b4 = x[3]<<2 ^ x[6] ^ x[7]<<3;
y[0] = x[3] ^ x[4]>>3;
y[1] = x[4] ^ a4>>3;
y[2] = a4 ^ b4>>3;
y[3] = b4;
y[4] = x[0]<<3 ^ x[4]<<2 ^ x[7];
y[5] = a4<<2 ^ x[0];
y[6] = x[1];
y[7] = x[2];
}
#endif /* MULTIPLICATIONS_H */
|
