internal-simp.c 5.98 KB
Newer Older
Rhys Weatherley committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
/*
 * Copyright (C) 2020 Southern Storm Software, Pty Ltd.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included
 * in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

#include "internal-simp.h"

#if !defined(__AVR__)

/**
 * \brief Number of rounds for the inner block cipher within SimP-256.
 */
#define SIMP_256_ROUNDS 34

/**
 * \brief Number of rounds for the inner block cipher within SimP-192.
 */
#define SIMP_192_ROUNDS 26

/**
 * \brief Round constants for each of the rounds in SimP-256 or SimP-192.
 *
 * Bit i is the round constant for round i, repeated every 62 rounds.
 */
#define SIMP_RC 0x3369F885192C0EF5ULL

void simp_256_permute(unsigned char state[SIMP_256_STATE_SIZE], unsigned steps)
{
    uint64_t z = SIMP_RC;
    uint64_t x0, x1, x2, x3, t0, t1;
    unsigned round;

    /* Load the state into local variables */
    x0 = be_load_word64(state);
    x1 = be_load_word64(state + 8);
    x2 = be_load_word64(state + 16);
    x3 = be_load_word64(state + 24);

    /* Perform all steps */
    for (; steps > 0; --steps) {
        /* Perform all rounds for this step, two at a time */
        for (round = 0; round < (SIMP_256_ROUNDS / 2); ++round) {
            t1 = x3 ^ (leftRotate1_64(x2) & leftRotate8_64(x2)) ^
                 leftRotate2_64(x2) ^ x1;
            t0 = x1 ^ rightRotate3_64(x0) ^ rightRotate4_64(x0) ^
                 0xFFFFFFFFFFFFFFFCULL ^ (z & 1);
            z = (z >> 1) | (z << 61); /* z repeats every 62 rounds */
            x2 = x2 ^ (leftRotate1_64(t1) & leftRotate8_64(t1)) ^
                 leftRotate2_64(t1) ^ x0;
            x0 = x0 ^ rightRotate3_64(t0) ^ rightRotate4_64(t0) ^
                 0xFFFFFFFFFFFFFFFCULL ^ (z & 1);
            x1 = t0;
            x3 = t1;
            z = (z >> 1) | (z << 61); /* z repeats every 62 rounds */
        }

        /* Swap the words of the state for all steps except the last */
        if (steps > 1) {
            t0 = x0;
            t1 = x1;
            x0 = x2;
            x1 = x3;
            x2 = t0;
            x3 = t1;
        }
    }

    /* Write the local variables back to the state */
    be_store_word64(state,      x0);
    be_store_word64(state +  8, x1);
    be_store_word64(state + 16, x2);
    be_store_word64(state + 24, x3);
}

/* Load a big-endian 48-bit word from a byte buffer */
#define be_load_word48(ptr) \
    ((((uint64_t)((ptr)[0])) << 40) | \
     (((uint64_t)((ptr)[1])) << 32) | \
     (((uint64_t)((ptr)[2])) << 24) | \
     (((uint64_t)((ptr)[3])) << 16) | \
     (((uint64_t)((ptr)[4])) << 8) | \
      ((uint64_t)((ptr)[5])))

/* Store a big-endian 48-bit word into a byte buffer */
#define be_store_word48(ptr, x) \
    do { \
        uint64_t _x = (x); \
        (ptr)[0] = (uint8_t)(_x >> 40); \
        (ptr)[1] = (uint8_t)(_x >> 32); \
        (ptr)[2] = (uint8_t)(_x >> 24); \
        (ptr)[3] = (uint8_t)(_x >> 16); \
        (ptr)[4] = (uint8_t)(_x >> 8); \
        (ptr)[5] = (uint8_t)_x; \
    } while (0)

/* 48-bit rotations with the high bits set to garbage - truncated later */
#define rightRotate3_48(x) (((x) >> 3) | ((x) << 45))
#define rightRotate4_48(x) (((x) >> 4) | ((x) << 44))
#define leftRotate1_48(x)  (((x) << 1) | ((x) >> 47))
#define leftRotate2_48(x)  (((x) << 2) | ((x) >> 46))
#define leftRotate8_48(x)  (((x) << 8) | ((x) >> 40))

void simp_192_permute(unsigned char state[SIMP_192_STATE_SIZE], unsigned steps)
{
    uint64_t z = SIMP_RC;
    uint64_t x0, x1, x2, x3, t0, t1;
    unsigned round;

    /* Load the state into local variables */
    x0 = be_load_word48(state);
    x1 = be_load_word48(state + 6);
    x2 = be_load_word48(state + 12);
    x3 = be_load_word48(state + 18);

    /* Perform all steps */
    for (; steps > 0; --steps) {
        /* Perform all rounds for this step, two at a time */
        for (round = 0; round < (SIMP_192_ROUNDS / 2); ++round) {
            t1 = x3 ^ (leftRotate1_48(x2) & leftRotate8_48(x2)) ^
                 leftRotate2_48(x2) ^ x1;
            t0 = x1 ^ rightRotate3_48(x0) ^ rightRotate4_48(x0) ^
                 0xFFFFFFFFFFFFFFFCULL ^ (z & 1);
            t0 &= 0x0000FFFFFFFFFFFFULL; /* Truncate back to 48 bits */
            t1 &= 0x0000FFFFFFFFFFFFULL;
            z = (z >> 1) | (z << 61); /* z repeats every 62 rounds */
            x2 = x2 ^ (leftRotate1_48(t1) & leftRotate8_48(t1)) ^
                 leftRotate2_48(t1) ^ x0;
            x0 = x0 ^ rightRotate3_48(t0) ^ rightRotate4_48(t0) ^
                 0xFFFFFFFFFFFFFFFCULL ^ (z & 1);
            x0 &= 0x0000FFFFFFFFFFFFULL;
            x2 &= 0x0000FFFFFFFFFFFFULL;
            x1 = t0;
            x3 = t1;
            z = (z >> 1) | (z << 61); /* z repeats every 62 rounds */
        }

        /* Swap the words of the state for all steps except the last */
        if (steps > 1) {
            t0 = x0;
            t1 = x1;
            x0 = x2;
            x1 = x3;
            x2 = t0;
            x3 = t1;
        }
    }

    /* Write the local variables back to the state */
    be_store_word48(state,      x0);
    be_store_word48(state +  6, x1);
    be_store_word48(state + 12, x2);
    be_store_word48(state + 18, x3);
}

#endif /* !__AVR__ */