src/tweakey.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

#include <stdint.h>
#include <string.h>

#include "constants.h"
#include "parameters.h"
#include "tweakey.h"


#define LANE_BITS  64
#define LANE_BYTES (LANE_BITS/8)
#define LANES_NB (TWEAKEY_BYTES/LANE_BYTES)


void tweakey_state_init(
    tweakey_state *TK,
    const uint8_t key[KEY_BYTES],
    const uint8_t tweak[TWEAK_BYTES]
)
{
    memcpy(TK->TK,             tweak, TWEAK_BYTES);
    memcpy(TK->TK+TWEAK_BYTES, key,   KEY_BYTES);
}


void tweakey_state_extract(
    const tweakey_state *TK,
    uint8_t round_tweakey[ROUND_TWEAKEY_BYTES], /* output */
    uint8_t i                                   /* round constant */
)
{
    memset(round_tweakey, 0, ROUND_TWEAKEY_BYTES);

    for (const uint8_t *lane=TK->TK; lane<TK->TK+TWEAKEY_BYTES; lane+=LANE_BYTES)
    {
        for (size_t j=0; j<LANE_BYTES; j++)
        {
            round_tweakey[j] ^= lane[j];
        }
    }

    round_tweakey[0] ^= i;
}


static void _permute_state(tweakey_state *TK)
{
    uint8_t TK_old[TWEAKEY_BYTES];
    memcpy(TK_old, TK->TK, sizeof(TK_old));

    for (size_t j=0; j<TWEAKEY_BYTES; j+=LANE_BYTES)
    {
        for (size_t k=0; k<LANE_BYTES; k++)
        {
            TK->TK[j+h[k]] = TK_old[j+k];
        }
    }
}

static void _multiply_state(tweakey_state *TK)
{
    /* Lane 0 is multiplied by Id; lane 1 by P_0, lane 2 by P_1... */

    for (size_t j=1; j<LANES_NB; j++)
    {
        const uint8_t *P_lane = P[j-1];

        for (size_t k=0; k<LANE_BYTES; k++)
        {
            size_t offset = j*LANE_BYTES + k;
            TK->TK[offset] = P_lane[TK->TK[offset]];
        }
    }
}

void tweakey_state_update(tweakey_state *TK)
{
    _permute_state(TK);
    _multiply_state(TK);
}