Skip to content

lwc / candidates

Go to a project
Commit 19932b3b by Enrico Pozzobon
Options

Merge branch 'email-submissions'

parents 17e932b2 fdf0d6a8
Expand all
Inline Side-by-side
Showing with 2116 additions and 0 deletions
romulus/Implementations/crypto_aead/romulusm1+/opt32_NEC/api.h 0 → 100644
#define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 16
#define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1
romulus/Implementations/crypto_aead/romulusm1+/opt32_NEC/skinny.h 0 → 100644
#define ___SKINNY_LOOP
//#define ___NUM_OF_ROUNDS_56
#define ___ENABLE_WORD_CAST
#include <stdint.h>
typedef struct ___skinny_ctrl {
#ifdef ___NUM_OF_ROUNDS_56
uint32_t roundKeys[240]; // number of rounds : 56
#else
uint32_t roundKeys[176]; // number of rounds : 40
#endif
void (*func_skinny_128_384_enc)(unsigned char*, struct ___skinny_ctrl*, unsigned char* CNT, unsigned char* T, const unsigned char* K);
} skinny_ctrl;
extern void skinny_128_384_enc123_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc12_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc1_1 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
#define pack_word(x0, x1, x2, x3, w) \
w = ((x3) << 24) ^ \
((x2) << 16) ^ \
((x1) << 8) ^ \
(x0);
#define unpack_word(x0, x1, x2, x3, w) \
x0 = ((w) & 0xff); \
x1 = (((w) >> 8) & 0xff); \
x2 = (((w) >> 16) & 0xff); \
x3 = ((w) >> 24);
#define PERMUTATION() \
/* permutation */ \
\
/* 7 6 5 4 3 2 1 0 */ \
/* 5 7 2 3 6 0 4 1 */ \
\
/* w0 (3 2 1 0) */ \
/* w1 (7 6 5 4) */ \
\
/* w0 (6 0 4 1) */ \
/* w1 (5 7 2 3) */ \
\
t0 = w1 << 8; /* 6 5 4 - */ \
t0 = t0 & 0xff00ff00; /* 6 - 4 - */ \
\
t1 = w1 << 16; /* 5 4 - - */ \
t1 = t1 & 0xff000000; /* 5 - - - */ \
\
t2 = w1 & 0xff000000; /* 7 - - - */ \
t2 = t2 >> 8; /* - 7 - - */ \
t1 = t1 ^ t2; /* 5 7 - - */ \
\
t2 = w0 & 0xff000000; /* 3 - - - */ \
t2 = t2 >> 24; /* - - - 3 */ \
t1 = t1 ^ t2; /* 5 7 - 3 */ \
\
w1 = w0 >> 8; /* - 3 2 1 */ \
w1 = w1 & 0x0000ff00; /* - - 2 - */ \
w1 = w1 ^ t1; /* 5 7 2 3 */ \
\
t2 = w0 & 0x0000ff00; /* - - 1 - */ \
t2 = t2 >> 8; /* - - - 1 */ \
t0 = t0 ^ t2; /* 6 - 4 1 */ \
\
w0 = w0 << 16; /* 1 0 - - */ \
w0 = w0 & 0x00ff0000; /* - 0 - - */ \
w0 = w0 ^ t0; /* 6 0 4 1 */
romulus/Implementations/crypto_aead/romulusm1+/opt32_NEC/skinny_key_schedule2.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* load * AC(c0 c1) ^ TK3
* calc AC(c0 c1) ^ TK2 -> store
* ART(TK2)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK2() \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK2) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x6 x5 x4 x3 x2 x1 x0 x7^x5) */ \
w0 = ((w0 << 1) & 0xfefefefe) ^ \
(((w0 >> 7) ^ (w0 >> 5)) & 0x01010101); \
w1 = ((w1 << 1) & 0xfefefefe) ^ \
(((w1 >> 7) ^ (w1 >> 5)) & 0x01010101); \
\
/* Load TK3 */ \
/* TK2^TK3^AC(c0 c1) */ \
/* store */ \
*tk2++ = w0 ^ *tk3++; \
*tk2++ = w1 ^ *tk3++; \
tk2 += 2; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 41th,43th, ... ,51th,53th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
}
#else
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
PERMUTATION_TK2();
}
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
PERMUTATION_TK2();
}
}
#endif
romulus/Implementations/crypto_aead/romulusm1+/opt32_NEC/skinny_key_schedule3.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* AC(c0 c1) ^ TK3 -> store
* ART(TK3)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK3(c0Val, c1Val) \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK3) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x0^x6 x7 x6 x5 x4 x3 x2 x1) */ \
w0 = ((w0 >> 1) & 0x7f7f7f7f) ^ \
(((w0 << 7) ^ (w0 << 1)) & 0x80808080); \
w1 = ((w1 >> 1) & 0x7f7f7f7f) ^ \
(((w1 << 7) ^ (w1 << 1)) & 0x80808080); \
\
/* K3^AC(c0 c1) */ \
/* store */ \
*tk3++ = w0 ^ c0Val; \
*tk3++ = w1 ^ c1Val; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK3(0x7, 0x000);
PERMUTATION_TK3(0xf, 0x100);
PERMUTATION_TK3(0xd, 0x300);
PERMUTATION_TK3(0x7, 0x300);
PERMUTATION_TK3(0xe, 0x100);
PERMUTATION_TK3(0x9, 0x300);
PERMUTATION_TK3(0x7, 0x200);
PERMUTATION_TK3(0xd, 0x100);
PERMUTATION_TK3(0x5, 0x300);
PERMUTATION_TK3(0x6, 0x100);
PERMUTATION_TK3(0x8, 0x100);
PERMUTATION_TK3(0x1, 0x200);
PERMUTATION_TK3(0x5, 0x000);
PERMUTATION_TK3(0x7, 0x100);
PERMUTATION_TK3(0xc, 0x100);
PERMUTATION_TK3(0x1, 0x300);
PERMUTATION_TK3(0x6, 0x000);
PERMUTATION_TK3(0xb, 0x100);
PERMUTATION_TK3(0xd, 0x200);
#ifdef ___NUM_OF_ROUNDS_56
// 41td,43th, ... ,53th,55th round
PERMUTATION_TK3(0x4, 0x300);
PERMUTATION_TK3(0x2, 0x100);
PERMUTATION_TK3(0x8, 0x000);
PERMUTATION_TK3(0x2, 0x200);
PERMUTATION_TK3(0x9, 0x000);
PERMUTATION_TK3(0x6, 0x200);
PERMUTATION_TK3(0x9, 0x100);
PERMUTATION_TK3(0x5, 0x200);
#endif
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,38th,40th round
PERMUTATION_TK3(0x3, 0x000);
PERMUTATION_TK3(0xf, 0x000);
PERMUTATION_TK3(0xe, 0x300);
PERMUTATION_TK3(0xb, 0x300);
PERMUTATION_TK3(0xf, 0x200);
PERMUTATION_TK3(0xc, 0x300);
PERMUTATION_TK3(0x3, 0x300);
PERMUTATION_TK3(0xe, 0x000);
PERMUTATION_TK3(0xa, 0x300);
PERMUTATION_TK3(0xb, 0x200);
PERMUTATION_TK3(0xc, 0x200);
PERMUTATION_TK3(0x0, 0x300);
PERMUTATION_TK3(0x2, 0x000);
PERMUTATION_TK3(0xb, 0x000);
PERMUTATION_TK3(0xe, 0x200);
PERMUTATION_TK3(0x8, 0x300);
PERMUTATION_TK3(0x3, 0x200);
PERMUTATION_TK3(0xd, 0x000);
PERMUTATION_TK3(0x6, 0x300);
PERMUTATION_TK3(0xa, 0x100);
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK3(0x9, 0x200);
PERMUTATION_TK3(0x4, 0x200);
PERMUTATION_TK3(0x1, 0x100);
PERMUTATION_TK3(0x4, 0x000);
PERMUTATION_TK3(0x3, 0x100);
PERMUTATION_TK3(0xc, 0x000);
PERMUTATION_TK3(0x2, 0x300);
PERMUTATION_TK3(0xa, 0x000);
#endif
}
#else
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys, unsigned char *pRC)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
uint16_t c0;
uint16_t c1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
pRC += 4;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
pRC -= 78;
tk3 = &roundKeys[98];
#else
pRC -= 110;
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
}
#endif
romulus/Implementations/crypto_aead/romulusm1/opt32_NEC/api.h 0 → 100644
#define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 16
#define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1
romulus/Implementations/crypto_aead/romulusm1/opt32_NEC/skinny.h 0 → 100644
#define ___SKINNY_LOOP
#define ___NUM_OF_ROUNDS_56
#define ___ENABLE_WORD_CAST
#include <stdint.h>
typedef struct ___skinny_ctrl {
#ifdef ___NUM_OF_ROUNDS_56
uint32_t roundKeys[240]; // number of rounds : 56
#else
uint32_t roundKeys[176]; // number of rounds : 40
#endif
void (*func_skinny_128_384_enc)(unsigned char*, struct ___skinny_ctrl*, unsigned char* CNT, unsigned char* T, const unsigned char* K);
} skinny_ctrl;
extern void skinny_128_384_enc123_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc12_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc1_1 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
#define pack_word(x0, x1, x2, x3, w) \
w = ((x3) << 24) ^ \
((x2) << 16) ^ \
((x1) << 8) ^ \
(x0);
#define unpack_word(x0, x1, x2, x3, w) \
x0 = ((w) & 0xff); \
x1 = (((w) >> 8) & 0xff); \
x2 = (((w) >> 16) & 0xff); \
x3 = ((w) >> 24);
#define PERMUTATION() \
/* permutation */ \
\
/* 7 6 5 4 3 2 1 0 */ \
/* 5 7 2 3 6 0 4 1 */ \
\
/* w0 (3 2 1 0) */ \
/* w1 (7 6 5 4) */ \
\
/* w0 (6 0 4 1) */ \
/* w1 (5 7 2 3) */ \
\
t0 = w1 << 8; /* 6 5 4 - */ \
t0 = t0 & 0xff00ff00; /* 6 - 4 - */ \
\
t1 = w1 << 16; /* 5 4 - - */ \
t1 = t1 & 0xff000000; /* 5 - - - */ \
\
t2 = w1 & 0xff000000; /* 7 - - - */ \
t2 = t2 >> 8; /* - 7 - - */ \
t1 = t1 ^ t2; /* 5 7 - - */ \
\
t2 = w0 & 0xff000000; /* 3 - - - */ \
t2 = t2 >> 24; /* - - - 3 */ \
t1 = t1 ^ t2; /* 5 7 - 3 */ \
\
w1 = w0 >> 8; /* - 3 2 1 */ \
w1 = w1 & 0x0000ff00; /* - - 2 - */ \
w1 = w1 ^ t1; /* 5 7 2 3 */ \
\
t2 = w0 & 0x0000ff00; /* - - 1 - */ \
t2 = t2 >> 8; /* - - - 1 */ \
t0 = t0 ^ t2; /* 6 - 4 1 */ \
\
w0 = w0 << 16; /* 1 0 - - */ \
w0 = w0 & 0x00ff0000; /* - 0 - - */ \
w0 = w0 ^ t0; /* 6 0 4 1 */
romulus/Implementations/crypto_aead/romulusm1/opt32_NEC/skinny_key_schedule2.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* load * AC(c0 c1) ^ TK3
* calc AC(c0 c1) ^ TK2 -> store
* ART(TK2)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK2() \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK2) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x6 x5 x4 x3 x2 x1 x0 x7^x5) */ \
w0 = ((w0 << 1) & 0xfefefefe) ^ \
(((w0 >> 7) ^ (w0 >> 5)) & 0x01010101); \
w1 = ((w1 << 1) & 0xfefefefe) ^ \
(((w1 >> 7) ^ (w1 >> 5)) & 0x01010101); \
\
/* Load TK3 */ \
/* TK2^TK3^AC(c0 c1) */ \
/* store */ \
*tk2++ = w0 ^ *tk3++; \
*tk2++ = w1 ^ *tk3++; \
tk2 += 2; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 41th,43th, ... ,51th,53th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
}
#else
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
PERMUTATION_TK2();
}
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
PERMUTATION_TK2();
}
}
#endif
romulus/Implementations/crypto_aead/romulusm1/opt32_NEC/skinny_key_schedule3.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* AC(c0 c1) ^ TK3 -> store
* ART(TK3)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK3(c0Val, c1Val) \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK3) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x0^x6 x7 x6 x5 x4 x3 x2 x1) */ \
w0 = ((w0 >> 1) & 0x7f7f7f7f) ^ \
(((w0 << 7) ^ (w0 << 1)) & 0x80808080); \
w1 = ((w1 >> 1) & 0x7f7f7f7f) ^ \
(((w1 << 7) ^ (w1 << 1)) & 0x80808080); \
\
/* K3^AC(c0 c1) */ \
/* store */ \
*tk3++ = w0 ^ c0Val; \
*tk3++ = w1 ^ c1Val; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK3(0x7, 0x000);
PERMUTATION_TK3(0xf, 0x100);
PERMUTATION_TK3(0xd, 0x300);
PERMUTATION_TK3(0x7, 0x300);
PERMUTATION_TK3(0xe, 0x100);
PERMUTATION_TK3(0x9, 0x300);
PERMUTATION_TK3(0x7, 0x200);
PERMUTATION_TK3(0xd, 0x100);
PERMUTATION_TK3(0x5, 0x300);
PERMUTATION_TK3(0x6, 0x100);
PERMUTATION_TK3(0x8, 0x100);
PERMUTATION_TK3(0x1, 0x200);
PERMUTATION_TK3(0x5, 0x000);
PERMUTATION_TK3(0x7, 0x100);
PERMUTATION_TK3(0xc, 0x100);
PERMUTATION_TK3(0x1, 0x300);
PERMUTATION_TK3(0x6, 0x000);
PERMUTATION_TK3(0xb, 0x100);
PERMUTATION_TK3(0xd, 0x200);
#ifdef ___NUM_OF_ROUNDS_56
// 41td,43th, ... ,53th,55th round
PERMUTATION_TK3(0x4, 0x300);
PERMUTATION_TK3(0x2, 0x100);
PERMUTATION_TK3(0x8, 0x000);
PERMUTATION_TK3(0x2, 0x200);
PERMUTATION_TK3(0x9, 0x000);
PERMUTATION_TK3(0x6, 0x200);
PERMUTATION_TK3(0x9, 0x100);
PERMUTATION_TK3(0x5, 0x200);
#endif
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,38th,40th round
PERMUTATION_TK3(0x3, 0x000);
PERMUTATION_TK3(0xf, 0x000);
PERMUTATION_TK3(0xe, 0x300);
PERMUTATION_TK3(0xb, 0x300);
PERMUTATION_TK3(0xf, 0x200);
PERMUTATION_TK3(0xc, 0x300);
PERMUTATION_TK3(0x3, 0x300);
PERMUTATION_TK3(0xe, 0x000);
PERMUTATION_TK3(0xa, 0x300);
PERMUTATION_TK3(0xb, 0x200);
PERMUTATION_TK3(0xc, 0x200);
PERMUTATION_TK3(0x0, 0x300);
PERMUTATION_TK3(0x2, 0x000);
PERMUTATION_TK3(0xb, 0x000);
PERMUTATION_TK3(0xe, 0x200);
PERMUTATION_TK3(0x8, 0x300);
PERMUTATION_TK3(0x3, 0x200);
PERMUTATION_TK3(0xd, 0x000);
PERMUTATION_TK3(0x6, 0x300);
PERMUTATION_TK3(0xa, 0x100);
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK3(0x9, 0x200);
PERMUTATION_TK3(0x4, 0x200);
PERMUTATION_TK3(0x1, 0x100);
PERMUTATION_TK3(0x4, 0x000);
PERMUTATION_TK3(0x3, 0x100);
PERMUTATION_TK3(0xc, 0x000);
PERMUTATION_TK3(0x2, 0x300);
PERMUTATION_TK3(0xa, 0x000);
#endif
}
#else
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys, unsigned char *pRC)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
uint16_t c0;
uint16_t c1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
pRC += 4;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
pRC -= 78;
tk3 = &roundKeys[98];
#else
pRC -= 110;
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
}
#endif
romulus/Implementations/crypto_aead/romulusn1+/opt32_NEC/api.h 0 → 100644
#define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 16
#define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1
romulus/Implementations/crypto_aead/romulusn1+/opt32_NEC/skinny.h 0 → 100644
#define ___SKINNY_LOOP
//#define ___NUM_OF_ROUNDS_56
#define ___ENABLE_WORD_CAST
#include <stdint.h>
typedef struct ___skinny_ctrl {
#ifdef ___NUM_OF_ROUNDS_56
uint32_t roundKeys[240]; // number of rounds : 56
#else
uint32_t roundKeys[176]; // number of rounds : 40
#endif
void (*func_skinny_128_384_enc)(unsigned char*, struct ___skinny_ctrl*, unsigned char* CNT, unsigned char* T, const unsigned char* K);
} skinny_ctrl;
extern void skinny_128_384_enc123_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc12_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc1_1 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
#define pack_word(x0, x1, x2, x3, w) \
w = ((x3) << 24) ^ \
((x2) << 16) ^ \
((x1) << 8) ^ \
(x0);
#define unpack_word(x0, x1, x2, x3, w) \
x0 = ((w) & 0xff); \
x1 = (((w) >> 8) & 0xff); \
x2 = (((w) >> 16) & 0xff); \
x3 = ((w) >> 24);
#define PERMUTATION() \
/* permutation */ \
\
/* 7 6 5 4 3 2 1 0 */ \
/* 5 7 2 3 6 0 4 1 */ \
\
/* w0 (3 2 1 0) */ \
/* w1 (7 6 5 4) */ \
\
/* w0 (6 0 4 1) */ \
/* w1 (5 7 2 3) */ \
\
t0 = w1 << 8; /* 6 5 4 - */ \
t0 = t0 & 0xff00ff00; /* 6 - 4 - */ \
\
t1 = w1 << 16; /* 5 4 - - */ \
t1 = t1 & 0xff000000; /* 5 - - - */ \
\
t2 = w1 & 0xff000000; /* 7 - - - */ \
t2 = t2 >> 8; /* - 7 - - */ \
t1 = t1 ^ t2; /* 5 7 - - */ \
\
t2 = w0 & 0xff000000; /* 3 - - - */ \
t2 = t2 >> 24; /* - - - 3 */ \
t1 = t1 ^ t2; /* 5 7 - 3 */ \
\
w1 = w0 >> 8; /* - 3 2 1 */ \
w1 = w1 & 0x0000ff00; /* - - 2 - */ \
w1 = w1 ^ t1; /* 5 7 2 3 */ \
\
t2 = w0 & 0x0000ff00; /* - - 1 - */ \
t2 = t2 >> 8; /* - - - 1 */ \
t0 = t0 ^ t2; /* 6 - 4 1 */ \
\
w0 = w0 << 16; /* 1 0 - - */ \
w0 = w0 & 0x00ff0000; /* - 0 - - */ \
w0 = w0 ^ t0; /* 6 0 4 1 */
romulus/Implementations/crypto_aead/romulusn1+/opt32_NEC/skinny_key_schedule2.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* load * AC(c0 c1) ^ TK3
* calc AC(c0 c1) ^ TK2 -> store
* ART(TK2)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK2() \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK2) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x6 x5 x4 x3 x2 x1 x0 x7^x5) */ \
w0 = ((w0 << 1) & 0xfefefefe) ^ \
(((w0 >> 7) ^ (w0 >> 5)) & 0x01010101); \
w1 = ((w1 << 1) & 0xfefefefe) ^ \
(((w1 >> 7) ^ (w1 >> 5)) & 0x01010101); \
\
/* Load TK3 */ \
/* TK2^TK3^AC(c0 c1) */ \
/* store */ \
*tk2++ = w0 ^ *tk3++; \
*tk2++ = w1 ^ *tk3++; \
tk2 += 2; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 41th,43th, ... ,51th,53th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
}
#else
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
PERMUTATION_TK2();
}
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
PERMUTATION_TK2();
}
}
#endif
romulus/Implementations/crypto_aead/romulusn1+/opt32_NEC/skinny_key_schedule3.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* AC(c0 c1) ^ TK3 -> store
* ART(TK3)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK3(c0Val, c1Val) \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK3) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x0^x6 x7 x6 x5 x4 x3 x2 x1) */ \
w0 = ((w0 >> 1) & 0x7f7f7f7f) ^ \
(((w0 << 7) ^ (w0 << 1)) & 0x80808080); \
w1 = ((w1 >> 1) & 0x7f7f7f7f) ^ \
(((w1 << 7) ^ (w1 << 1)) & 0x80808080); \
\
/* K3^AC(c0 c1) */ \
/* store */ \
*tk3++ = w0 ^ c0Val; \
*tk3++ = w1 ^ c1Val; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK3(0x7, 0x000);
PERMUTATION_TK3(0xf, 0x100);
PERMUTATION_TK3(0xd, 0x300);
PERMUTATION_TK3(0x7, 0x300);
PERMUTATION_TK3(0xe, 0x100);
PERMUTATION_TK3(0x9, 0x300);
PERMUTATION_TK3(0x7, 0x200);
PERMUTATION_TK3(0xd, 0x100);
PERMUTATION_TK3(0x5, 0x300);
PERMUTATION_TK3(0x6, 0x100);
PERMUTATION_TK3(0x8, 0x100);
PERMUTATION_TK3(0x1, 0x200);
PERMUTATION_TK3(0x5, 0x000);
PERMUTATION_TK3(0x7, 0x100);
PERMUTATION_TK3(0xc, 0x100);
PERMUTATION_TK3(0x1, 0x300);
PERMUTATION_TK3(0x6, 0x000);
PERMUTATION_TK3(0xb, 0x100);
PERMUTATION_TK3(0xd, 0x200);
#ifdef ___NUM_OF_ROUNDS_56
// 41td,43th, ... ,53th,55th round
PERMUTATION_TK3(0x4, 0x300);
PERMUTATION_TK3(0x2, 0x100);
PERMUTATION_TK3(0x8, 0x000);
PERMUTATION_TK3(0x2, 0x200);
PERMUTATION_TK3(0x9, 0x000);
PERMUTATION_TK3(0x6, 0x200);
PERMUTATION_TK3(0x9, 0x100);
PERMUTATION_TK3(0x5, 0x200);
#endif
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,38th,40th round
PERMUTATION_TK3(0x3, 0x000);
PERMUTATION_TK3(0xf, 0x000);
PERMUTATION_TK3(0xe, 0x300);
PERMUTATION_TK3(0xb, 0x300);
PERMUTATION_TK3(0xf, 0x200);
PERMUTATION_TK3(0xc, 0x300);
PERMUTATION_TK3(0x3, 0x300);
PERMUTATION_TK3(0xe, 0x000);
PERMUTATION_TK3(0xa, 0x300);
PERMUTATION_TK3(0xb, 0x200);
PERMUTATION_TK3(0xc, 0x200);
PERMUTATION_TK3(0x0, 0x300);
PERMUTATION_TK3(0x2, 0x000);
PERMUTATION_TK3(0xb, 0x000);
PERMUTATION_TK3(0xe, 0x200);
PERMUTATION_TK3(0x8, 0x300);
PERMUTATION_TK3(0x3, 0x200);
PERMUTATION_TK3(0xd, 0x000);
PERMUTATION_TK3(0x6, 0x300);
PERMUTATION_TK3(0xa, 0x100);
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK3(0x9, 0x200);
PERMUTATION_TK3(0x4, 0x200);
PERMUTATION_TK3(0x1, 0x100);
PERMUTATION_TK3(0x4, 0x000);
PERMUTATION_TK3(0x3, 0x100);
PERMUTATION_TK3(0xc, 0x000);
PERMUTATION_TK3(0x2, 0x300);
PERMUTATION_TK3(0xa, 0x000);
#endif
}
#else
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys, unsigned char *pRC)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
uint16_t c0;
uint16_t c1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
pRC += 4;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
pRC -= 78;
tk3 = &roundKeys[98];
#else
pRC -= 110;
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
}
#endif
romulus/Implementations/crypto_aead/romulusn1/opt32_NEC/api.h 0 → 100644
#define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 16
#define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1
romulus/Implementations/crypto_aead/romulusn1/opt32_NEC/skinny.h 0 → 100644
#define ___SKINNY_LOOP
#define ___NUM_OF_ROUNDS_56
#define ___ENABLE_WORD_CAST
#include <stdint.h>
typedef struct ___skinny_ctrl {
#ifdef ___NUM_OF_ROUNDS_56
uint32_t roundKeys[240]; // number of rounds : 56
#else
uint32_t roundKeys[176]; // number of rounds : 40
#endif
void (*func_skinny_128_384_enc)(unsigned char*, struct ___skinny_ctrl*, unsigned char* CNT, unsigned char* T, const unsigned char* K);
} skinny_ctrl;
extern void skinny_128_384_enc123_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc12_12 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
extern void skinny_128_384_enc1_1 (unsigned char* input, skinny_ctrl* pskinny_ctrl, unsigned char* CNT, unsigned char* T, const unsigned char* K);
#define pack_word(x0, x1, x2, x3, w) \
w = ((x3) << 24) ^ \
((x2) << 16) ^ \
((x1) << 8) ^ \
(x0);
#define unpack_word(x0, x1, x2, x3, w) \
x0 = ((w) & 0xff); \
x1 = (((w) >> 8) & 0xff); \
x2 = (((w) >> 16) & 0xff); \
x3 = ((w) >> 24);
#define PERMUTATION() \
/* permutation */ \
\
/* 7 6 5 4 3 2 1 0 */ \
/* 5 7 2 3 6 0 4 1 */ \
\
/* w0 (3 2 1 0) */ \
/* w1 (7 6 5 4) */ \
\
/* w0 (6 0 4 1) */ \
/* w1 (5 7 2 3) */ \
\
t0 = w1 << 8; /* 6 5 4 - */ \
t0 = t0 & 0xff00ff00; /* 6 - 4 - */ \
\
t1 = w1 << 16; /* 5 4 - - */ \
t1 = t1 & 0xff000000; /* 5 - - - */ \
\
t2 = w1 & 0xff000000; /* 7 - - - */ \
t2 = t2 >> 8; /* - 7 - - */ \
t1 = t1 ^ t2; /* 5 7 - - */ \
\
t2 = w0 & 0xff000000; /* 3 - - - */ \
t2 = t2 >> 24; /* - - - 3 */ \
t1 = t1 ^ t2; /* 5 7 - 3 */ \
\
w1 = w0 >> 8; /* - 3 2 1 */ \
w1 = w1 & 0x0000ff00; /* - - 2 - */ \
w1 = w1 ^ t1; /* 5 7 2 3 */ \
\
t2 = w0 & 0x0000ff00; /* - - 1 - */ \
t2 = t2 >> 8; /* - - - 1 */ \
t0 = t0 ^ t2; /* 6 - 4 1 */ \
\
w0 = w0 << 16; /* 1 0 - - */ \
w0 = w0 & 0x00ff0000; /* - 0 - - */ \
w0 = w0 ^ t0; /* 6 0 4 1 */
romulus/Implementations/crypto_aead/romulusn1/opt32_NEC/skinny_key_schedule2.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* load * AC(c0 c1) ^ TK3
* calc AC(c0 c1) ^ TK2 -> store
* ART(TK2)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK2() \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK2) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x6 x5 x4 x3 x2 x1 x0 x7^x5) */ \
w0 = ((w0 << 1) & 0xfefefefe) ^ \
(((w0 >> 7) ^ (w0 >> 5)) & 0x01010101); \
w1 = ((w1 << 1) & 0xfefefefe) ^ \
(((w1 >> 7) ^ (w1 >> 5)) & 0x01010101); \
\
/* Load TK3 */ \
/* TK2^TK3^AC(c0 c1) */ \
/* store */ \
*tk2++ = w0 ^ *tk3++; \
*tk2++ = w1 ^ *tk3++; \
tk2 += 2; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 41th,43th, ... ,51th,53th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
PERMUTATION_TK2();
#endif
}
#else
void RunEncryptionKeyScheduleTK2(uint32_t *roundKeys)
{
uint32_t* tk2; // used in MACRO
uint32_t* tk3; // used in MACRO
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[4];
w1 = roundKeys[5];
tk2 = &roundKeys[16];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk2++ = w0 ^ *tk3++;
*tk2++ = w1 ^ *tk3++;
tk2 += 2;
tk3 += 2;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
PERMUTATION_TK2();
}
// even
// load master key
w0 = roundKeys[6];
w1 = roundKeys[7];
tk2 = &roundKeys[18];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
PERMUTATION_TK2();
}
}
#endif
romulus/Implementations/crypto_aead/romulusn1/opt32_NEC/skinny_key_schedule3.c 0 → 100644
/******************************************************************************
* Copyright (c) 2020, NEC Corporation.
*
* THIS CODE IS FURNISHED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND.
*
*****************************************************************************/
/*
* SKINNY-128-384
*
* AC(c0 c1) ^ TK3 -> store
* ART(TK3)
*
* number of rounds : 40 or 56
*/
#include "skinny.h"
#define PERMUTATION_TK3(c0Val, c1Val) \
\
/* permutation */ \
\
PERMUTATION() \
\
/* LFSR(for TK3) (x7 x6 x5 x4 x3 x2 x1 x0) -> (x0^x6 x7 x6 x5 x4 x3 x2 x1) */ \
w0 = ((w0 >> 1) & 0x7f7f7f7f) ^ \
(((w0 << 7) ^ (w0 << 1)) & 0x80808080); \
w1 = ((w1 >> 1) & 0x7f7f7f7f) ^ \
(((w1 << 7) ^ (w1 << 1)) & 0x80808080); \
\
/* K3^AC(c0 c1) */ \
/* store */ \
*tk3++ = w0 ^ c0Val; \
*tk3++ = w1 ^ c1Val; \
tk3 += 2;
#ifndef ___SKINNY_LOOP
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
// 3rd,5th, ... ,37th,39th round
PERMUTATION_TK3(0x7, 0x000);
PERMUTATION_TK3(0xf, 0x100);
PERMUTATION_TK3(0xd, 0x300);
PERMUTATION_TK3(0x7, 0x300);
PERMUTATION_TK3(0xe, 0x100);
PERMUTATION_TK3(0x9, 0x300);
PERMUTATION_TK3(0x7, 0x200);
PERMUTATION_TK3(0xd, 0x100);
PERMUTATION_TK3(0x5, 0x300);
PERMUTATION_TK3(0x6, 0x100);
PERMUTATION_TK3(0x8, 0x100);
PERMUTATION_TK3(0x1, 0x200);
PERMUTATION_TK3(0x5, 0x000);
PERMUTATION_TK3(0x7, 0x100);
PERMUTATION_TK3(0xc, 0x100);
PERMUTATION_TK3(0x1, 0x300);
PERMUTATION_TK3(0x6, 0x000);
PERMUTATION_TK3(0xb, 0x100);
PERMUTATION_TK3(0xd, 0x200);
#ifdef ___NUM_OF_ROUNDS_56
// 41td,43th, ... ,53th,55th round
PERMUTATION_TK3(0x4, 0x300);
PERMUTATION_TK3(0x2, 0x100);
PERMUTATION_TK3(0x8, 0x000);
PERMUTATION_TK3(0x2, 0x200);
PERMUTATION_TK3(0x9, 0x000);
PERMUTATION_TK3(0x6, 0x200);
PERMUTATION_TK3(0x9, 0x100);
PERMUTATION_TK3(0x5, 0x200);
#endif
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[98];
#else
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ... ,38th,40th round
PERMUTATION_TK3(0x3, 0x000);
PERMUTATION_TK3(0xf, 0x000);
PERMUTATION_TK3(0xe, 0x300);
PERMUTATION_TK3(0xb, 0x300);
PERMUTATION_TK3(0xf, 0x200);
PERMUTATION_TK3(0xc, 0x300);
PERMUTATION_TK3(0x3, 0x300);
PERMUTATION_TK3(0xe, 0x000);
PERMUTATION_TK3(0xa, 0x300);
PERMUTATION_TK3(0xb, 0x200);
PERMUTATION_TK3(0xc, 0x200);
PERMUTATION_TK3(0x0, 0x300);
PERMUTATION_TK3(0x2, 0x000);
PERMUTATION_TK3(0xb, 0x000);
PERMUTATION_TK3(0xe, 0x200);
PERMUTATION_TK3(0x8, 0x300);
PERMUTATION_TK3(0x3, 0x200);
PERMUTATION_TK3(0xd, 0x000);
PERMUTATION_TK3(0x6, 0x300);
PERMUTATION_TK3(0xa, 0x100);
#ifdef ___NUM_OF_ROUNDS_56
// 42nd,44th, ... ,54th,56th round
PERMUTATION_TK3(0x9, 0x200);
PERMUTATION_TK3(0x4, 0x200);
PERMUTATION_TK3(0x1, 0x100);
PERMUTATION_TK3(0x4, 0x000);
PERMUTATION_TK3(0x3, 0x100);
PERMUTATION_TK3(0xc, 0x000);
PERMUTATION_TK3(0x2, 0x300);
PERMUTATION_TK3(0xa, 0x000);
#endif
}
#else
void RunEncryptionKeyScheduleTK3(uint32_t *roundKeys, unsigned char *pRC)
{
uint32_t *tk3;
uint32_t t0; // used in MACRO
uint32_t t1; // used in MACRO
uint32_t t2; // used in MACRO
uint32_t w0;
uint32_t w1;
uint16_t c0;
uint16_t c1;
// odd
// load master key
w0 = roundKeys[8];
w1 = roundKeys[9];
#ifndef ___NUM_OF_ROUNDS_56
tk3 = &roundKeys[96];
#else
tk3 = &roundKeys[128];
#endif
// 1st round
*tk3++ = w0 ^ 0x01;
*tk3++ = w1;
tk3 += 2;
pRC += 4;
// 3rd,5th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<19;i++)
#else
for(int i=0;i<27;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
// even
// load master key
w0 = roundKeys[10];
w1 = roundKeys[11];
#ifndef ___NUM_OF_ROUNDS_56
pRC -= 78;
tk3 = &roundKeys[98];
#else
pRC -= 110;
tk3 = &roundKeys[130];
#endif
// 2nd,4th, ...
#ifndef ___NUM_OF_ROUNDS_56
for(int i=0;i<20;i++)
#else
for(int i=0;i<28;i++)
#endif
{
c0 = *pRC++;
c1 = *pRC++;
c1 <<= 8;
pRC += 2;
PERMUTATION_TK3(c0, c1);
}
}
#endif
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment