Commit 41412efd by Enrico Pozzobon

Merge branch 'email-submissions'

parents a2add83a 389d7d2c
#define CRYPTO_KEYBYTES 16 // #define CRYPTO_KEYBYTES 16 //
#define CRYPTO_NSECBYTES 0 #define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 16 #define CRYPTO_NPUBBYTES 16
...@@ -6,4 +6,3 @@ ...@@ -6,4 +6,3 @@
#define CRYPTO_NOOVERLAP 1 #define CRYPTO_NOOVERLAP 1
...@@ -8,11 +8,12 @@ ...@@ -8,11 +8,12 @@
#define LOTR32(x,n) (((x)<<(n))|((x)>>(32-(n)))) #define LOTR32(x,n) (((x)<<(n))|((x)>>(32-(n))))
#define sbox(a, b, c, d, e, f, g, h) \ #define sbox(a, b, c, d, f, g, h) \
{ \ { \
t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; e = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \ t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; a = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \
} }
typedef unsigned char u8; typedef unsigned char u8;
typedef unsigned int u32; typedef unsigned int u32;
typedef unsigned long long u64; typedef unsigned long long u64;
...@@ -54,11 +55,8 @@ out[1] = (t2 << 16) | (t1 & 0x0000FFFF); \ ...@@ -54,11 +55,8 @@ out[1] = (t2 << 16) | (t1 & 0x0000FFFF); \
#define ROUND256( constant6Format,lunNum) {\ #define ROUND256( constant6Format,lunNum) {\
s[0] ^= constant6Format[lunNum]>> 4;\ s[0] ^= constant6Format[lunNum]>> 4;\
s[1] ^= constant6Format[lunNum]& 0x0f;\ s[1] ^= constant6Format[lunNum]& 0x0f;\
sbox(s[0], s[2], s[4], s[6], s_temp[0], s_temp[2], s_temp[4], s_temp[6]);\ sbox(s[0], s[2], s[4], s[6], s_temp[2], s_temp[4], s_temp[6]);\
sbox(s[1], s[3], s[5], s[7], s_temp[1], s_temp[3], s_temp[5], s_temp[7]);\ sbox(s[1], s[3], s[5], s[7], s[2], s_temp[5], s_temp[7]);\
s[0] = s_temp[0];\
s[1] = s_temp[1];\
s[2] = s_temp[3];\
s[3] = LOTR32(s_temp[2], 1);\ s[3] = LOTR32(s_temp[2], 1);\
s[4] = LOTR32(s_temp[4], 4);\ s[4] = LOTR32(s_temp[4], 4);\
s[5] = LOTR32(s_temp[5], 4);\ s[5] = LOTR32(s_temp[5], 4);\
...@@ -66,3 +64,4 @@ out[1] = (t2 << 16) | (t1 & 0x0000FFFF); \ ...@@ -66,3 +64,4 @@ out[1] = (t2 << 16) | (t1 & 0x0000FFFF); \
s[7] = LOTR32(s_temp[6], 13);\ s[7] = LOTR32(s_temp[6], 13);\
} }
...@@ -97,8 +97,7 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, ...@@ -97,8 +97,7 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
ROUND256(constant6Format,i); ROUND256(constant6Format,i);
} }
// process associated data // process associated data
if (adlen) { if (adlen) {
//rlen = adlen;
while (adlen >= RATE) { while (adlen >= RATE) {
packFormat(dataFormat, ad); packFormat(dataFormat, ad);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat[0];
...@@ -153,8 +152,6 @@ tempData[mlen]= 0x01; ...@@ -153,8 +152,6 @@ tempData[mlen]= 0x01;
memcpy(c, tempData, sizeof(tempData)); memcpy(c, tempData, sizeof(tempData));
unpackFormat(tempData,(s + 2)); unpackFormat(tempData,(s + 2));
memcpy(c+8, tempData, sizeof(tempData)); memcpy(c+8, tempData, sizeof(tempData));
// unpackFormat((c), s);
// unpackFormat((c+8),(s + 2));
return 0; return 0;
} }
...@@ -237,10 +234,12 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen, ...@@ -237,10 +234,12 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen,
ROUND256(constant6Format, i); ROUND256(constant6Format, i);
} }
// return tag // return tag
packFormat(dataFormat, c); unpackFormat(tempU8, s);
packFormat((dataFormat + 2), (c +8)); unpackFormat((tempU8+8), (s+2));
if (dataFormat[0] != s[0] || dataFormat[1] != s[1] || dataFormat[2] != s[2] || dataFormat[3] != s[3]) { if (memcmp((void*)tempU8, (void*)c,CRYPTO_ABYTES)) {
return -1; *mlen = 0;
memset(m, 0, sizeof(unsigned char) * (clen - CRYPTO_ABYTES));
return -1;
} }
return 0; return 0;
} }
...@@ -5,4 +5,3 @@ ...@@ -5,4 +5,3 @@
#define CRYPTO_NOOVERLAP 1 #define CRYPTO_NOOVERLAP 1
//#include<malloc.h>
#include"crypto_aead.h" #include"crypto_aead.h"
#include"api.h" #include"api.h"
#include <string.h> #include <string.h>
...@@ -13,7 +13,6 @@ typedef unsigned long long u64; ...@@ -13,7 +13,6 @@ typedef unsigned long long u64;
#define ARR_SIZE(a) (sizeof((a))/sizeof((a[0]))) #define ARR_SIZE(a) (sizeof((a))/sizeof((a[0])))
#define LOTR32(x,n) (((x)<<(n))|((x)>>(32-(n)))) #define LOTR32(x,n) (((x)<<(n))|((x)>>(32-(n))))
#define puckU32ToThree(x){\ #define puckU32ToThree(x){\
x &= 0x92492492;\ x &= 0x92492492;\
x = (x | (x << 2)) & 0xc30c30c3;\ x = (x | (x << 2)) & 0xc30c30c3;\
...@@ -27,8 +26,7 @@ x = (x | (x >> 16)) & 0xff0000ff;\ ...@@ -27,8 +26,7 @@ x = (x | (x >> 16)) & 0xff0000ff;\
x = (x | (x >> 8)) & 0xf00f00f0;\ x = (x | (x >> 8)) & 0xf00f00f0;\
x = (x | (x >> 4)) & 0xc30c30c3;\ x = (x | (x >> 4)) & 0xc30c30c3;\
x = (x | (x >> 2)) & 0x92492492;\ x = (x | (x >> 2)) & 0x92492492;\
} }
#define packU32FormatToThreePacket( out, in) {\ #define packU32FormatToThreePacket( out, in) {\
t2 = U32BIG(((u32*)in)[0]); \ t2 = U32BIG(((u32*)in)[0]); \
t2_64 = (in[3] & 0x80) >> 7, t2_65 = (in[3] & 0x40) >> 6; \ t2_64 = (in[3] & 0x80) >> 7, t2_65 = (in[3] & 0x40) >> 6; \
...@@ -40,8 +38,7 @@ puckU32ToThree(temp2[2]); \ ...@@ -40,8 +38,7 @@ puckU32ToThree(temp2[2]); \
out[0] = (temp2[0] >> 22); \ out[0] = (temp2[0] >> 22); \
out[1] = (((u32)t2_64) << 10) | (temp2[1] >> 22); \ out[1] = (((u32)t2_64) << 10) | (temp2[1] >> 22); \
out[2] =(((u32)t2_65) << 10) | (temp2[2] >> 22); \ out[2] =(((u32)t2_65) << 10) | (temp2[2] >> 22); \
} }
#define packU96FormatToThreePacket(out, in) {\ #define packU96FormatToThreePacket(out, in) {\
t9 = U32BIG(((u32*)in)[2]); \ t9 = U32BIG(((u32*)in)[2]); \
t1 = U32BIG(((u32*)in)[1]); \ t1 = U32BIG(((u32*)in)[1]); \
...@@ -64,8 +61,7 @@ puckU32ToThree(temp2[2]); \ ...@@ -64,8 +61,7 @@ puckU32ToThree(temp2[2]); \
out[0] = (temp0[0]) | (temp1[0] >> 11) | (temp2[0] >> 22); \ out[0] = (temp0[0]) | (temp1[0] >> 11) | (temp2[0] >> 22); \
out[1] = (temp0[1]) | (temp1[1] >> 11) | (((u32)t2_64) << 10) | (temp2[1] >> 22); \ out[1] = (temp0[1]) | (temp1[1] >> 11) | (((u32)t2_64) << 10) | (temp2[1] >> 22); \
out[2] = (temp0[2]) | (((u32)t1_32) << 21) | (temp1[2] >> 11) | (((u32)t2_65) << 10) | (temp2[2] >> 22); \ out[2] = (temp0[2]) | (((u32)t1_32) << 21) | (temp1[2] >> 11) | (((u32)t2_65) << 10) | (temp2[2] >> 22); \
} }
#define unpackU32FormatToThreePacket(out, in) {\ #define unpackU32FormatToThreePacket(out, in) {\
temp2[0] = (in[0] & 0x000003ff) << 22; \ temp2[0] = (in[0] & 0x000003ff) << 22; \
t2_64 = ((in[1] & 0x00000400) << 21); \ t2_64 = ((in[1] & 0x00000400) << 21); \
...@@ -77,8 +73,7 @@ unpuckU32ToThree(temp2[1]); \ ...@@ -77,8 +73,7 @@ unpuckU32ToThree(temp2[1]); \
unpuckU32ToThree(temp2[2]); \ unpuckU32ToThree(temp2[2]); \
t2 = t2_65 | t2_64 | ((temp2[0] | temp2[1] >> 1 | temp2[2] >> 2) >> 2); \ t2 = t2_65 | t2_64 | ((temp2[0] | temp2[1] >> 1 | temp2[2] >> 2) >> 2); \
*(u32*)(out) = U32BIG(t2); \ *(u32*)(out) = U32BIG(t2); \
} }
#define unpackU96FormatToThreePacket( out, in) {\ #define unpackU96FormatToThreePacket( out, in) {\
temp0[0] = in[0] & 0xffe00000; \ temp0[0] = in[0] & 0xffe00000; \
temp1[0] = (in[0] & 0x001ffc00) << 11; \ temp1[0] = (in[0] & 0x001ffc00) << 11; \
...@@ -110,23 +105,16 @@ t2 = t2_65 | t2_64 | ((temp2[0] | temp2[1] >> 1 | temp2[2] >> 2) >> 2); \ ...@@ -110,23 +105,16 @@ t2 = t2_65 | t2_64 | ((temp2[0] | temp2[1] >> 1 | temp2[2] >> 2) >> 2); \
} }
#define ARR_SIZE(a) (sizeof((a))/sizeof((a[0]))) #define ARR_SIZE(a) (sizeof((a))/sizeof((a[0])))
#define sbox(a, b, c, d, e, f, g, h) \ #define sbox(a, b, c, d, f, g, h) \
{ \ { \
t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; e = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \ t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; a = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \
} }
#define U96_BIT_LOTR32_1(t0,t1,t2,t3,t4,t5){\
t3= t1;\
t4 = t2;\
t5 = LOTR32(t0, 1); \
}
#define U96_BIT_LOTR32_8(t0,t1,t2,t3,t4,t5){\ #define U96_BIT_LOTR32_8(t0,t1,t2,t3,t4,t5){\
t3= LOTR32(t2, 2);\ t3= LOTR32(t2, 2);\
t4 =LOTR32(t0, 3);\ t4 =LOTR32(t0, 3);\
t5 = LOTR32(t1, 3); \ t5 = LOTR32(t1, 3); \
} }
#define U96_BIT_LOTR32_55(t0,t1,t2,t3,t4,t5){\ #define U96_BIT_LOTR32_55(t0,t1,t2,t3,t4,t5){\
t3= LOTR32(t1, 18); \ t3= LOTR32(t1, 18); \
t4 = LOTR32(t2, 18);\ t4 = LOTR32(t2, 18);\
......
...@@ -25,14 +25,14 @@ unsigned char constant7Format[127] = { ...@@ -25,14 +25,14 @@ unsigned char constant7Format[127] = {
s[0] ^= (constant7Format[lunNum] >> 6) & 0x3;\ s[0] ^= (constant7Format[lunNum] >> 6) & 0x3;\
s[1] ^= (constant7Format[lunNum] >> 3) & 0x7;\ s[1] ^= (constant7Format[lunNum] >> 3) & 0x7;\
s[2] ^= constant7Format[lunNum] & 0x7;\ s[2] ^= constant7Format[lunNum] & 0x7;\
sbox(s[0], s[3], s[6], s[9] , s_temp[0], s_temp[3], s_temp[6], s_temp[9]);\ sbox(s[0], s[3], s[6], s[9] , s_temp[3], s_temp[6], s_temp[9]);\
sbox(s[1], s[4], s[7], s[10], s_temp[1], s_temp[4], s_temp[7], s_temp[10]);\ sbox(s[1], s[4], s[7], s[10], s[3] , s_temp[7], s_temp[10]);\
sbox(s[2], s[5], s[8], s[11], s_temp[2], s_temp[5], s_temp[8], s_temp[11]);\ sbox(s[2], s[5], s[8], s[11], s[4] , s_temp[8], s_temp[11]);\
s[0] = s_temp[0], s[1] = s_temp[1], s[2] = s_temp[2];\ s[5] = LOTR32(s_temp[3], 1); \
U96_BIT_LOTR32_1(s_temp[3], s_temp [4], s_temp[ 5], s[3], s[4], s[5]);\
U96_BIT_LOTR32_8(s_temp[6], s_temp [7], s_temp[ 8], s[6], s[7], s[8]);\ U96_BIT_LOTR32_8(s_temp[6], s_temp [7], s_temp[ 8], s[6], s[7], s[8]);\
U96_BIT_LOTR32_55(s_temp[9], s_temp[10], s_temp[11], s[9], s[10], s[11]);\ U96_BIT_LOTR32_55(s_temp[9], s_temp[10], s_temp[11], s[9], s[10], s[11]);\
} }
int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
const unsigned char *m, unsigned long long mlen, const unsigned char *m, unsigned long long mlen,
const unsigned char *ad, unsigned long long adlen, const unsigned char *ad, unsigned long long adlen,
...@@ -48,7 +48,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, ...@@ -48,7 +48,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
u32 temp0[3] = { 0 }; u32 temp0[3] = { 0 };
u32 temp1[3] = { 0 }; u32 temp1[3] = { 0 };
u32 temp2[3] = { 0 }; u32 temp2[3] = { 0 };
*clen = mlen + CRYPTO_ABYTES; *clen = mlen + CRYPTO_ABYTES;
// initialization // initialization
packU96FormatToThreePacket(s, npub); packU96FormatToThreePacket(s, npub);
...@@ -63,7 +62,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, ...@@ -63,7 +62,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
} }
// process associated data // process associated data
if (adlen) { if (adlen) {
// rlen = adlen;
while (adlen >= aead_RATE) { while (adlen >= aead_RATE) {
packU96FormatToThreePacket(dataFormat, ad); packU96FormatToThreePacket(dataFormat, ad);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat[0];
...@@ -96,7 +94,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, ...@@ -96,7 +94,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
} }
s[9] ^= 0x80000000; s[9] ^= 0x80000000;
if (mlen) { if (mlen) {
//rlen = mlen;
while (mlen >= aead_RATE) { while (mlen >= aead_RATE) {
packU96FormatToThreePacket(dataFormat, m); packU96FormatToThreePacket(dataFormat, m);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat[0];
...@@ -138,7 +135,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, ...@@ -138,7 +135,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
// return tag // return tag
unpackU96FormatToThreePacket(c, s); unpackU96FormatToThreePacket(c, s);
unpackU96FormatToThreePacket(tempData, (s + 3)); unpackU96FormatToThreePacket(tempData, (s + 3));
memcpy(c+12, tempData, sizeof(unsigned char) * 4); memcpy(c+12, tempData, sizeof(unsigned char) * 4);
return 0; return 0;
} }
...@@ -175,7 +171,6 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen, ...@@ -175,7 +171,6 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen,
} }
// process associated data // process associated data
if (adlen) { if (adlen) {
// rlen = adlen;
while (adlen >= aead_RATE) { while (adlen >= aead_RATE) {
packU96FormatToThreePacket(dataFormat, ad); packU96FormatToThreePacket(dataFormat, ad);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat[0];
...@@ -249,14 +244,12 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen, ...@@ -249,14 +244,12 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen,
for (i = 0; i < PRF_ROUNDS; i++) { for (i = 0; i < PRF_ROUNDS; i++) {
ROUND384(i); ROUND384(i);
} }
// return tag // return tag
unpackU96FormatToThreePacket(tempU8, s); unpackU96FormatToThreePacket(tempU8, s);
unpackU96FormatToThreePacket((tempU8+12), (s+3)); unpackU96FormatToThreePacket((tempU8 + 12), (s + 3));
if (U32BIG(((u32*)tempU8)[0]) != U32BIG(((u32*)c)[0]) || if (memcmp((void*)tempU8, (void*)c, CRYPTO_ABYTES)) {
U32BIG(((u32*)tempU8)[1]) != U32BIG(((u32*)c)[1]) || *mlen = 0;
U32BIG(((u32*)tempU8)[2]) != U32BIG(((u32*)c)[2]) || memset(m, 0, sizeof(unsigned char) * (clen - CRYPTO_ABYTES));
U32BIG(((u32*)tempU8)[3]) != U32BIG(((u32*)c)[3]) ){
return -1; return -1;
} }
return 0; return 0;
......
#include"crypto_aead.h" #include"crypto_aead.h"
#include"api.h" #include"api.h"
#include <string.h> #include <string.h>
...@@ -17,9 +17,9 @@ typedef unsigned long long u64; ...@@ -17,9 +17,9 @@ typedef unsigned long long u64;
#define ARR_SIZE(a) (sizeof((a))/sizeof((a[0]))) #define ARR_SIZE(a) (sizeof((a))/sizeof((a[0])))
#define sbox(a, b, c, d, e, f, g, h) \ #define sbox(a, b, c, d, f, g, h) \
{ \ { \
t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; e = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \ t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; a = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \
} }
#define puckU32ToThree(x){\ #define puckU32ToThree(x){\
...@@ -35,7 +35,7 @@ x = (x | (x >> 16)) & 0xff0000ff;\ ...@@ -35,7 +35,7 @@ x = (x | (x >> 16)) & 0xff0000ff;\
x = (x | (x >> 8)) & 0xf00f00f0;\ x = (x | (x >> 8)) & 0xf00f00f0;\
x = (x | (x >> 4)) & 0xc30c30c3;\ x = (x | (x >> 4)) & 0xc30c30c3;\
x = (x | (x >> 2)) & 0x92492492;\ x = (x | (x >> 2)) & 0x92492492;\
} }
#define packU48FormatToThreePacket( out, in) {\ #define packU48FormatToThreePacket( out, in) {\
t1 = (u32)U16BIG(*(u16*)(in + 4)); \ t1 = (u32)U16BIG(*(u16*)(in + 4)); \
t2 = U32BIG(*(u32*)(in)); \ t2 = U32BIG(*(u32*)(in)); \
...@@ -78,8 +78,8 @@ puckU32ToThree(temp2[2]); \ ...@@ -78,8 +78,8 @@ puckU32ToThree(temp2[2]); \
out[0] = (temp0[0]) | (temp1[0] >> 11) | (temp2[0] >> 22); \ out[0] = (temp0[0]) | (temp1[0] >> 11) | (temp2[0] >> 22); \
out[1] = (temp0[1]) | (temp1[1] >> 11) | (((u32)t2_64) << 10) | (temp2[1] >> 22); \ out[1] = (temp0[1]) | (temp1[1] >> 11) | (((u32)t2_64) << 10) | (temp2[1] >> 22); \
out[2] = (temp0[2]) | (((u32)t1_32) << 21) | (temp1[2] >> 11) | (((u32)t2_65) << 10) | (temp2[2] >> 22); \ out[2] = (temp0[2]) | (((u32)t1_32) << 21) | (temp1[2] >> 11) | (((u32)t2_65) << 10) | (temp2[2] >> 22); \
} }
#define unpackU96FormatToThreePacket( out, in) {\ #define unpackU96FormatToThreePacket( out, in) {\
temp0[0] = in[0] & 0xffe00000; \ temp0[0] = in[0] & 0xffe00000; \
temp1[0] = (in[0] & 0x001ffc00) << 11; \ temp1[0] = (in[0] & 0x001ffc00) << 11; \
temp2[0] = (in[0] & 0x000003ff) << 22; \ temp2[0] = (in[0] & 0x000003ff) << 22; \
...@@ -108,18 +108,11 @@ t2 = t2_65 | t2_64 | ((temp2[0] | temp2[1] >> 1 | temp2[2] >> 2) >> 2); \ ...@@ -108,18 +108,11 @@ t2 = t2_65 | t2_64 | ((temp2[0] | temp2[1] >> 1 | temp2[2] >> 2) >> 2); \
*(u32*)(out + 4) = U32BIG(t1); \ *(u32*)(out + 4) = U32BIG(t1); \
*(u32*)(out + 8) = U32BIG(t9); \ *(u32*)(out + 8) = U32BIG(t9); \
} }
#define U96_BIT_LOTR32_1(t0,t1,t2,t3,t4,t5){\
t3= t1;\
t4 = t2;\
t5 = LOTR32(t0, 1); \
}
#define U96_BIT_LOTR32_8(t0,t1,t2,t3,t4,t5){\ #define U96_BIT_LOTR32_8(t0,t1,t2,t3,t4,t5){\
t3= LOTR32(t2, 2);\ t3= LOTR32(t2, 2);\
t4 =LOTR32(t0, 3);\ t4 =LOTR32(t0, 3);\
t5 = LOTR32(t1, 3); \ t5 = LOTR32(t1, 3); \
} }
#define U96_BIT_LOTR32_55(t0,t1,t2,t3,t4,t5){\ #define U96_BIT_LOTR32_55(t0,t1,t2,t3,t4,t5){\
t3= LOTR32(t1, 18); \ t3= LOTR32(t1, 18); \
t4 = LOTR32(t2, 18);\ t4 = LOTR32(t2, 18);\
......
...@@ -22,11 +22,10 @@ unsigned char constant7Format[127] = { ...@@ -22,11 +22,10 @@ unsigned char constant7Format[127] = {
s[0] ^= (constant7Format[lunNum] >> 6) & 0x3;\ s[0] ^= (constant7Format[lunNum] >> 6) & 0x3;\
s[1] ^= (constant7Format[lunNum] >> 3) & 0x7;\ s[1] ^= (constant7Format[lunNum] >> 3) & 0x7;\
s[2] ^= constant7Format[lunNum] & 0x7;\ s[2] ^= constant7Format[lunNum] & 0x7;\
sbox(s[0], s[3], s[6], s[9] , s_temp[0], s_temp[3], s_temp[6], s_temp[9]);\ sbox(s[0], s[3], s[6], s[9] , s_temp[3], s_temp[6], s_temp[9]);\
sbox(s[1], s[4], s[7], s[10], s_temp[1], s_temp[4], s_temp[7], s_temp[10]);\ sbox(s[1], s[4], s[7], s[10], s[3] , s_temp[7], s_temp[10]);\
sbox(s[2], s[5], s[8], s[11], s_temp[2], s_temp[5], s_temp[8], s_temp[11]);\ sbox(s[2], s[5], s[8], s[11], s[4] , s_temp[8], s_temp[11]);\
s[0] = s_temp[0], s[1] = s_temp[1], s[2] = s_temp[2];\ s[5] = LOTR32(s_temp[3], 1); \
U96_BIT_LOTR32_1(s_temp[3], s_temp [4], s_temp[ 5], s[3], s[4], s[5]);\
U96_BIT_LOTR32_8(s_temp[6], s_temp [7], s_temp[ 8], s[6], s[7], s[8]);\ U96_BIT_LOTR32_8(s_temp[6], s_temp [7], s_temp[ 8], s[6], s[7], s[8]);\
U96_BIT_LOTR32_55(s_temp[9], s_temp[10], s_temp[11], s[9], s[10], s[11]);\ U96_BIT_LOTR32_55(s_temp[9], s_temp[10], s_temp[11], s[9], s[10], s[11]);\
} }
...@@ -57,7 +56,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, ...@@ -57,7 +56,6 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
} }
// process associated data // process associated data
if (adlen) { if (adlen) {
// rlen = adlen;
while (adlen >= aead_RATE) { while (adlen >= aead_RATE) {
packU96FormatToThreePacket(dataFormat, ad); packU96FormatToThreePacket(dataFormat, ad);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat[0];
...@@ -81,8 +79,7 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen, ...@@ -81,8 +79,7 @@ int crypto_aead_encrypt(unsigned char *c, unsigned long long *clen,
} }
} }
s[9] ^= 0x80000000; s[9] ^= 0x80000000;
if (mlen) { if (mlen) {
//rlen = mlen;
while (mlen >= aead_RATE) { while (mlen >= aead_RATE) {
packU96FormatToThreePacket(dataFormat, m); packU96FormatToThreePacket(dataFormat, m);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat[0];
...@@ -146,7 +143,6 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen, ...@@ -146,7 +143,6 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen,
} }
// process associated data // process associated data
if (adlen) { if (adlen) {
// rlen = adlen;
while (adlen >= aead_RATE) { while (adlen >= aead_RATE) {
packU96FormatToThreePacket(dataFormat, ad); packU96FormatToThreePacket(dataFormat, ad);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat[0];
...@@ -203,12 +199,12 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen, ...@@ -203,12 +199,12 @@ int crypto_aead_decrypt(unsigned char *m, unsigned long long *mlen,
ROUND384(i); ROUND384(i);
} }
// return tag // return tag
packU96FormatToThreePacket(dataFormat, c); unpackU96FormatToThreePacket(tempU8, s);
packU96FormatToThreePacket((dataFormat + 3), (c + 12)); unpackU96FormatToThreePacket((tempU8 + 12), (s + 3));
if (dataFormat[0] != s[0] || dataFormat[1] != s[1] || dataFormat[2] != s[2] || dataFormat[3] != s[3] if (memcmp((void*)tempU8, (void*)c, CRYPTO_ABYTES)) {
|| dataFormat[4] != s[4] || dataFormat[5] != s[5]) { *mlen = 0;
memset(m, 0, sizeof(unsigned char) * (clen - CRYPTO_ABYTES));
return -1; return -1;
} }
//////////
return 0; return 0;
} }
#define CRYPTO_KEYBYTES 32 #define CRYPTO_KEYBYTES 32 //256/8=32
#define CRYPTO_NSECBYTES 0 #define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 32 #define CRYPTO_NPUBBYTES 32
#define CRYPTO_ABYTES 32 #define CRYPTO_ABYTES 32
#define CRYPTO_NOOVERLAP 1 #define CRYPTO_NOOVERLAP 1
#include"crypto_aead.h" #include"crypto_aead.h"
#include"api.h" #include"api.h"
#include <string.h> #include <string.h>
...@@ -9,17 +9,18 @@ ...@@ -9,17 +9,18 @@
#define LOTR32(x,n) (((x)<<(n))|((x)>>(32-(n)))) #define LOTR32(x,n) (((x)<<(n))|((x)>>(32-(n))))
#define sbox(a, b, c, d, e, f, g, h) \ #define sbox(a, b, c, d, f, g, h) \
{ \ { \
t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; e = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \ t1 = ~a; t2 = b & t1;t3 = c ^ t2; h = d ^ t3; t5 = b | c; t6 = d ^ t1; g = t5 ^ t6; t8 = b ^ d; t9 = t3 & t6; a = t8 ^ t9; t11 = g & t8; f = t3 ^ t11; \
} }
typedef unsigned char u8; typedef unsigned char u8;
typedef unsigned int u32; typedef unsigned int u32;
typedef unsigned long long u64; typedef unsigned long long u64;
void printU8(char name[], u8 var[], long len, int offset); void printU8(char name[], u8 var[], long len, int offset);
// t9
#define puck32(in)\ #define puck32(in)\
{\ {\
t9 = (in ^ (in >> 1)) & 0x22222222; in ^= t9 ^ (t9 << 1);\ t9 = (in ^ (in >> 1)) & 0x22222222; in ^= t9 ^ (t9 << 1);\
...@@ -27,14 +28,14 @@ t9 = (in ^ (in >> 2)) & 0x0C0C0C0C; in ^= t9 ^ (t9 << 2);\ ...@@ -27,14 +28,14 @@ t9 = (in ^ (in >> 2)) & 0x0C0C0C0C; in ^= t9 ^ (t9 << 2);\
t9 = (in ^ (in >> 4)) & 0x00F000F0; in ^= t9 ^ (t9 << 4);\ t9 = (in ^ (in >> 4)) & 0x00F000F0; in ^= t9 ^ (t9 << 4);\
t9 = (in ^ (in >> 8)) & 0x0000FF00; in ^= t9 ^ (t9 << 8);\ t9 = (in ^ (in >> 8)) & 0x0000FF00; in ^= t9 ^ (t9 << 8);\
} }
// t9
#define unpuck32(t0){\ #define unpuck32(t0){\
t9 = (t0 ^ (t0 >> 8)) & 0x0000FF00, t0 ^= t9 ^ (t9 << 8); \ t9 = (t0 ^ (t0 >> 8)) & 0x0000FF00, t0 ^= t9 ^ (t9 << 8); \
t9 = (t0 ^ (t0 >> 4)) & 0x00F000F0, t0 ^= t9 ^ (t9 << 4); \ t9 = (t0 ^ (t0 >> 4)) & 0x00F000F0, t0 ^= t9 ^ (t9 << 4); \
t9 = (t0 ^ (t0 >> 2)) & 0x0C0C0C0C, t0 ^= t9 ^ (t9 << 2); \ t9 = (t0 ^ (t0 >> 2)) & 0x0C0C0C0C, t0 ^= t9 ^ (t9 << 2); \
t9 = (t0 ^ (t0 >> 1)) & 0x22222222, t0 ^= t9 ^ (t9 << 1); \ t9 = (t0 ^ (t0 >> 1)) & 0x22222222, t0 ^= t9 ^ (t9 << 1); \
} }
//u32 t1, t2, t3,t8,
#define packU128FormatToFourPacket(out,in) {\ #define packU128FormatToFourPacket(out,in) {\
t8 = U32BIG(((u32*)in)[0]); \ t8 = U32BIG(((u32*)in)[0]); \
t1 = U32BIG(((u32*)in)[1]); \ t1 = U32BIG(((u32*)in)[1]); \
...@@ -49,9 +50,8 @@ t9 = (in ^ (in >> 8)) & 0x0000FF00; in ^= t9 ^ (t9 << 8);\ ...@@ -49,9 +50,8 @@ t9 = (in ^ (in >> 8)) & 0x0000FF00; in ^= t9 ^ (t9 << 8);\
out[1] = ((t3 << 16) & 0xff000000) | ((t2 << 8) & 0x00ff0000) | (t1 & 0x0000ff00) | ((t8 >> 8) & 0x000000ff); \ out[1] = ((t3 << 16) & 0xff000000) | ((t2 << 8) & 0x00ff0000) | (t1 & 0x0000ff00) | ((t8 >> 8) & 0x000000ff); \
out[0] = ((t3 << 24) & 0xff000000) | ((t2 << 16) & 0x00ff0000) | ((t1 << 8) & 0x0000ff00) | (t8 & 0x000000ff); \ out[0] = ((t3 << 24) & 0xff000000) | ((t2 << 16) & 0x00ff0000) | ((t1 << 8) & 0x0000ff00) | (t8 & 0x000000ff); \
} }
//u32 u32 t1, t2, t3,t8,
#define unpackU128FormatToFourPacket( out, in) {\ #define unpackU128FormatToFourPacket( out, dataFormat) {\
memcpy(dataFormat, in, sizeof(unsigned int) * 4); \
t3 = dataFormat[3] & 0xff000000 | ((dataFormat[2] >> 8) & 0x00ff0000) | ((dataFormat[1] >> 16) & 0x0000ff00) | (dataFormat[0] >> 24); \ t3 = dataFormat[3] & 0xff000000 | ((dataFormat[2] >> 8) & 0x00ff0000) | ((dataFormat[1] >> 16) & 0x0000ff00) | (dataFormat[0] >> 24); \
t2 = ((dataFormat[3] << 8) & 0xff000000) | (dataFormat[2] & 0x00ff0000) | ((dataFormat[1] >> 8) & 0x0000ff00) | ((dataFormat[0] >> 16) & 0x000000ff); \ t2 = ((dataFormat[3] << 8) & 0xff000000) | (dataFormat[2] & 0x00ff0000) | ((dataFormat[1] >> 8) & 0x0000ff00) | ((dataFormat[0] >> 16) & 0x000000ff); \
t1 = ((dataFormat[3] << 16) & 0xff000000) | ((dataFormat[2] << 8) & 0x00ff0000) | (dataFormat[1] & 0x0000ff00) | ((dataFormat[0] >> 8) & 0x000000ff); \ t1 = ((dataFormat[3] << 16) & 0xff000000) | ((dataFormat[2] << 8) & 0x00ff0000) | (dataFormat[1] & 0x0000ff00) | ((dataFormat[0] >> 8) & 0x000000ff); \
...@@ -65,7 +65,6 @@ unpuck32(t3); unpuck32(t3); \ ...@@ -65,7 +65,6 @@ unpuck32(t3); unpuck32(t3); \
((u32*)out)[2] = U32BIG(t2); \ ((u32*)out)[2] = U32BIG(t2); \
((u32*)out)[3] = U32BIG(t3); \ ((u32*)out)[3] = U32BIG(t3); \
} }
#define packU64FormatToFourPacket( out, in) {\ #define packU64FormatToFourPacket( out, in) {\
t1 = U32BIG(((u32*)in)[0]); \ t1 = U32BIG(((u32*)in)[0]); \
t2 = U32BIG(((u32*)in)[1]); \ t2 = U32BIG(((u32*)in)[1]); \
...@@ -77,13 +76,7 @@ out[3] = ((t2 >> 16) & 0x0000ff00) | ((t1 >> 24)); \ ...@@ -77,13 +76,7 @@ out[3] = ((t2 >> 16) & 0x0000ff00) | ((t1 >> 24)); \
out[2] = ((t2 >> 8) & 0x0000ff00) | ((t1 >> 16) & 0x000000ff); \ out[2] = ((t2 >> 8) & 0x0000ff00) | ((t1 >> 16) & 0x000000ff); \
out[1] = (t2 & 0x0000ff00) | ((t1 >> 8) & 0x000000ff); \ out[1] = (t2 & 0x0000ff00) | ((t1 >> 8) & 0x000000ff); \
out[0] = ((t2 << 8) & 0x0000ff00) | (t1 & 0x000000ff); \ out[0] = ((t2 << 8) & 0x0000ff00) | (t1 & 0x000000ff); \
} }
#define BIT_LOTR32_1(t0,t1,t2,t3,t4,t5,t6,t7){\
t4= LOTR32(t3, 1);\
t5 = t0;\
t6 = t1; \
t7 = t2; \
}
#define BIT_LOTR32_16(t0,t1,t2,t3,t4,t5,t6,t7){\ #define BIT_LOTR32_16(t0,t1,t2,t3,t4,t5,t6,t7){\
t4= LOTR32(t0, 4);\ t4= LOTR32(t0, 4);\
t5 = LOTR32(t1, 4);\ t5 = LOTR32(t1, 4);\
...@@ -102,12 +95,11 @@ s[3] ^= (arr[lunNum] >> 6) & 0x3;\ ...@@ -102,12 +95,11 @@ s[3] ^= (arr[lunNum] >> 6) & 0x3;\
s[2] ^= (arr[lunNum] >> 4) & 0x3;\ s[2] ^= (arr[lunNum] >> 4) & 0x3;\
s[1] ^= (arr[lunNum] >> 2) & 0x3;\ s[1] ^= (arr[lunNum] >> 2) & 0x3;\
s[0] ^= arr[lunNum] & 0x3;\ s[0] ^= arr[lunNum] & 0x3;\
sbox(s[0], s[4], s[8], s[12], s_temp[0], s_temp[4], s_temp[8], s_temp[12]);\ sbox(s[3], s[7], s[11], s[15], s_temp[7], s_temp[11], s_temp[15]);\
sbox(s[1], s[5], s[9], s[13], s_temp[1], s_temp[5], s_temp[9], s_temp[13]);\ sbox(s[2], s[6], s[10], s[14], s[7] , s_temp[10], s_temp[14]);\
sbox(s[2], s[6], s[10], s[14], s_temp[2], s_temp[6], s_temp[10], s_temp[14]);\ sbox(s[1], s[5], s[9], s[13], s[6] , s_temp[9], s_temp[13]);\
sbox(s[3], s[7], s[11], s[15], s_temp[3], s_temp[7], s_temp[11], s_temp[15]);\ sbox(s[0], s[4], s[8], s[12], s[5] , s_temp[8], s_temp[12]);\
s[0] = s_temp[0], s[1] = s_temp[1], s[2] = s_temp[2], s[3] = s_temp[3];\ s[4]= LOTR32(s_temp[7], 1);\
BIT_LOTR32_1(s_temp[4], s_temp[5], s_temp[6], s_temp[7], s[4], s[5], s[6], s[7]);\
BIT_LOTR32_16(s_temp[8], s_temp[9], s_temp[10], s_temp[11], s[8], s[9], s[10], s[11]);\ BIT_LOTR32_16(s_temp[8], s_temp[9], s_temp[10], s_temp[11], s[8], s[9], s[10], s[11]);\
BIT_LOTR32_25(s_temp[12], s_temp[13], s_temp[14], s_temp[15], s[12], s[13], s[14], s[15]);\ BIT_LOTR32_25(s_temp[12], s_temp[13], s_temp[14], s_temp[15], s[12], s[13], s[14], s[15]);\
} }
......
...@@ -146,10 +146,9 @@ int crypto_aead_encrypt( ...@@ -146,10 +146,9 @@ int crypto_aead_encrypt(
const unsigned char *npub, const unsigned char *npub,
const unsigned char *k const unsigned char *k
) { ) {
u32 i, j; u32 i ;
u32 s_temp[16] = { 0 }; u32 s_temp[16] = { 0 };
u32 t1, t2, t3, t5, t6, t8, t9, t11; u32 t1, t2, t3, t5, t6, t8, t9, t11;
// initialization
u32 s[16] = { 0 }; u32 s[16] = { 0 };
u32 dataFormat[4] = { 0 }; u32 dataFormat[4] = { 0 };
u8 tempData[16] = {0}; u8 tempData[16] = {0};
...@@ -236,10 +235,9 @@ int crypto_aead_decrypt( ...@@ -236,10 +235,9 @@ int crypto_aead_decrypt(
){ ){
u32 s_temp[16] = { 0 }; u32 s_temp[16] = { 0 };
u32 t1, t2, t3, t5, t6, t8, t9, t11; u32 t1, t2, t3, t5, t6, t8, t9, t11;
u8 i, j; u8 i ;
// initialization // initialization
u32 s[16] = { 0 }; u32 s[16] = { 0 };
u32 dataFormat[4] = { 0 };
u32 dataFormat_1[4] = { 0 }; u32 dataFormat_1[4] = { 0 };
u32 dataFormat_2[4] = { 0 }; u32 dataFormat_2[4] = { 0 };
u8 tempData[16] = { 0 }; u8 tempData[16] = { 0 };
...@@ -259,11 +257,11 @@ int crypto_aead_decrypt( ...@@ -259,11 +257,11 @@ int crypto_aead_decrypt(
// process associated data // process associated data
if (adlen) { if (adlen) {
while (adlen >= aead_RATE) { while (adlen >= aead_RATE) {
packU128FormatToFourPacket(dataFormat, ad); packU128FormatToFourPacket(dataFormat_2, ad);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat_2[0];
s[1] ^= dataFormat[1]; s[1] ^= dataFormat_2[1];
s[2] ^= dataFormat[2]; s[2] ^= dataFormat_2[2];
s[3] ^= dataFormat[3]; s[3] ^= dataFormat_2[3];
for (i = 0; i < PR_ROUNDS; i++) { for (i = 0; i < PR_ROUNDS; i++) {
ROUND512(constant7Format_aead, i); ROUND512(constant7Format_aead, i);
} }
...@@ -274,11 +272,11 @@ int crypto_aead_decrypt( ...@@ -274,11 +272,11 @@ int crypto_aead_decrypt(
memcpy(tempData, ad, adlen * sizeof(unsigned char)); memcpy(tempData, ad, adlen * sizeof(unsigned char));
tempData[adlen] = 0x01; tempData[adlen] = 0x01;
packU128FormatToFourPacket(dataFormat, tempData); packU128FormatToFourPacket(dataFormat_2, tempData);
s[0] ^= dataFormat[0]; s[0] ^= dataFormat_2[0];
s[1] ^= dataFormat[1]; s[1] ^= dataFormat_2[1];
s[2] ^= dataFormat[2]; s[2] ^= dataFormat_2[2];
s[3] ^= dataFormat[3]; s[3] ^= dataFormat_2[3];
for (i = 0; i < PR_ROUNDS; i++) { for (i = 0; i < PR_ROUNDS; i++) {
ROUND512(constant7Format_aead, i); ROUND512(constant7Format_aead, i);
} }
...@@ -319,12 +317,12 @@ int crypto_aead_decrypt( ...@@ -319,12 +317,12 @@ int crypto_aead_decrypt(
ROUND512(constant7Format_aead, i); ROUND512(constant7Format_aead, i);
} }
// return tag // return tag
packU128FormatToFourPacket(dataFormat, c); unpackU128FormatToFourPacket(tempU8, s);
packU128FormatToFourPacket(dataFormat_1, (c + 16)); unpackU128FormatToFourPacket((tempU8 + 16), (s + 4));
if (dataFormat[0] != s[0] || dataFormat[1] != s[1] || dataFormat[2] != s[2] || dataFormat[3] != s[3] if (memcmp((void*)tempU8, (void*)c, CRYPTO_ABYTES)) {
|| dataFormat_1[0] != s[4] || dataFormat_1[1] != s[5] || dataFormat_1[2] != s[6] || dataFormat_1[3] != s[7]) { *mlen = 0;
memset(m, 0, sizeof(unsigned char) * (clen - CRYPTO_ABYTES));
return -1; return -1;
} }
return 0; return 0;
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment