Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
lwc
/
candidates
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
9e14ec76
authored
May 14, 2020
by
Alexandre Adomnicai
Committed by
Enrico Pozzobon
May 14, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
skinny & romulus
parent
40fde2ff
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
26 additions
and
34 deletions
+26
-34
romulus/Implementations/crypto_aead/romulusm1+v12/LWC_AEAD_KAT_128_128.txt
+0
-0
romulus/Implementations/crypto_aead/romulusm1+v12/armcortexm/encrypt.c
+4
-6
romulus/Implementations/crypto_aead/romulusm1+v12/opt32/encrypt.c
+5
-7
romulus/Implementations/crypto_aead/romulusm1v12/armcortexm/encrypt.c
+4
-6
romulus/Implementations/crypto_aead/romulusm1v12/opt32/encrypt.c
+5
-7
skinny/Implementations/crypto_aead/skinnyaeadm1+v11/armcortexm_1/skinny128.s
+8
-8
No files found.
romulus/Implementations/crypto_aead/romulusm1+v12/LWC_AEAD_KAT_128_128.txt
View file @
9e14ec76
This diff is collapsed.
Click to expand it.
romulus/Implementations/crypto_aead/romulusm1+v12/armcortexm/encrypt.c
View file @
9e14ec76
...
@@ -108,11 +108,10 @@ int crypto_aead_encrypt
...
@@ -108,11 +108,10 @@ int crypto_aead_encrypt
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
if
(
tmp_mlen
>
BLOCKBYTES
)
UPDATE_CTR
(
tks
.
tk1
);
m_auth
+=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
tmp_mlen
-=
BLOCKBYTES
;
tmp_mlen
-=
BLOCKBYTES
;
if
(
tmp_mlen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
}
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
...
@@ -310,11 +309,10 @@ int crypto_aead_decrypt
...
@@ -310,11 +309,10 @@ int crypto_aead_decrypt
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
if
(
clen
>
BLOCKBYTES
)
UPDATE_CTR
(
tks
.
tk1
);
m_auth
+=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
if
(
clen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
}
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
clen
);
memcpy
(
pad
,
m_auth
,
clen
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
...
...
romulus/Implementations/crypto_aead/romulusm1+v12/opt32/encrypt.c
View file @
9e14ec76
...
@@ -106,11 +106,10 @@ int crypto_aead_encrypt
...
@@ -106,11 +106,10 @@ int crypto_aead_encrypt
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384_plus
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
skinny128_384_plus
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
m_auth
+=
BLOCKBYTES
;
if
(
tmp_mlen
>
BLOCKBYTES
)
tmp_mlen
-=
BLOCKBYTES
;
if
(
tmp_mlen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
UPDATE_CTR
(
tks
.
tk1
);
}
tmp_mlen
-=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
...
@@ -299,11 +298,10 @@ int crypto_aead_decrypt
...
@@ -299,11 +298,10 @@ int crypto_aead_decrypt
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384_plus
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
skinny128_384_plus
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
if
(
clen
>
BLOCKBYTES
)
UPDATE_CTR
(
tks
.
tk1
);
m_auth
+=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
if
(
clen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
}
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
clen
);
memcpy
(
pad
,
m_auth
,
clen
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
...
...
romulus/Implementations/crypto_aead/romulusm1v12/armcortexm/encrypt.c
View file @
9e14ec76
...
@@ -108,11 +108,10 @@ int crypto_aead_encrypt
...
@@ -108,11 +108,10 @@ int crypto_aead_encrypt
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
if
(
tmp_mlen
>
BLOCKBYTES
)
UPDATE_CTR
(
tks
.
tk1
);
m_auth
+=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
tmp_mlen
-=
BLOCKBYTES
;
tmp_mlen
-=
BLOCKBYTES
;
if
(
tmp_mlen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
}
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
...
@@ -310,11 +309,10 @@ int crypto_aead_decrypt
...
@@ -310,11 +309,10 @@ int crypto_aead_decrypt
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm
(
tks
.
rtk
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
tkschedule_perm_tk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
skinny128_384
(
state
,
tks
.
rtk
,
state
,
tks
.
rtk1
);
if
(
clen
>
BLOCKBYTES
)
UPDATE_CTR
(
tks
.
tk1
);
m_auth
+=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
if
(
clen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
}
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
clen
);
memcpy
(
pad
,
m_auth
,
clen
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
...
...
romulus/Implementations/crypto_aead/romulusm1v12/opt32/encrypt.c
View file @
9e14ec76
...
@@ -106,11 +106,10 @@ int crypto_aead_encrypt
...
@@ -106,11 +106,10 @@ int crypto_aead_encrypt
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
skinny128_384
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
m_auth
+=
BLOCKBYTES
;
if
(
tmp_mlen
>
BLOCKBYTES
)
tmp_mlen
-=
BLOCKBYTES
;
if
(
tmp_mlen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
UPDATE_CTR
(
tks
.
tk1
);
}
tmp_mlen
-=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memcpy
(
pad
,
m_auth
,
tmp_mlen
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
memset
(
pad
+
tmp_mlen
,
0x00
,
BLOCKBYTES
-
tmp_mlen
-
1
);
...
@@ -299,11 +298,10 @@ int crypto_aead_decrypt
...
@@ -299,11 +298,10 @@ int crypto_aead_decrypt
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk2_3
(
tks
.
rtk2_3
,
m_auth
,
k
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
precompute_rtk1
(
tks
.
rtk1
,
tks
.
tk1
);
skinny128_384
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
skinny128_384
(
state
,
state
,
tks
.
rtk1
,
tks
.
rtk2_3
);
if
(
clen
>
BLOCKBYTES
)
UPDATE_CTR
(
tks
.
tk1
);
m_auth
+=
BLOCKBYTES
;
m_auth
+=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
clen
-=
BLOCKBYTES
;
if
(
clen
>
BLOCKBYTES
)
{
UPDATE_CTR
(
tks
.
tk1
);
}
}
else
{
}
else
{
memcpy
(
pad
,
m_auth
,
clen
);
memcpy
(
pad
,
m_auth
,
clen
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
memset
(
pad
+
clen
,
0x00
,
BLOCKBYTES
-
clen
-
1
);
...
...
skinny/Implementations/crypto_aead/skinnyaeadm1+v11/armcortexm_1/skinny128.s
View file @
9e14ec76
...
@@ -408,7 +408,7 @@ unpacking:
...
@@ -408,7 +408,7 @@ unpacking:
eor r10, r3, r3, lsr #3
eor r10, r3, r3, lsr #3
and r10, r10, r6
and r10, r10, r6
eor r3, r3, r10
eor r3, r3, r10
eor r3, r3, r10, lsl #3
//SWAPMOVE(r3, r3, 0x0a0a0a0a, 3)
eor r3, r3, r10, lsl #3 //SWAPMOVE(r3, r3, 0x0a0a0a0a, 3)
eor r10, r2, r2, lsr #3
eor r10, r2, r2, lsr #3
and r10, r10, r6
and r10, r10, r6
eor r2, r2, r10
eor r2, r2, r10
...
@@ -1196,8 +1196,8 @@ tkschedule_perm:
...
@@ -1196,8 +1196,8 @@ tkschedule_perm:
strd r6, r7, [r0], #8 //store 2nd half tk for 39th round
strd r6, r7, [r0], #8 //store 2nd half tk for 39th round
ldm r0, {r6-r9} //load tk
ldm r0, {r6-r9} //load tk
bl p8 //apply the permutation 8 times
bl p8 //apply the permutation 8 times
movw r10, #0x30
movw r10, #0x30
30
movt r10, #0x30
//r10<- 0x30303030
movt r10, #0x30
30
//r10<- 0x30303030
and r11, r10, r6, ror #30 //--- ror and masks to match fixslicing
and r11, r10, r6, ror #30 //--- ror and masks to match fixslicing
and r6, r6, r10, ror #4
and r6, r6, r10, ror #4
orr r6, r11, r6, ror #22
orr r6, r11, r6, ror #22
...
@@ -1215,8 +1215,8 @@ tkschedule_perm:
...
@@ -1215,8 +1215,8 @@ tkschedule_perm:
eor r8, r8, #0x00000010
eor r8, r8, #0x00000010
eor r9, r9, #0x00000400
eor r9, r9, #0x00000400
mvn r9, r9 //to save a NOT in sbox calculations
mvn r9, r9 //to save a NOT in sbox calculations
strd r6, r7, [r0], #8 //store 1st half tk for
40
th round
strd r6, r7, [r0], #8 //store 1st half tk for
39
th round
strd r8, r9, [r0] //store 2nd half tk for
40
th round
strd r8, r9, [r0] //store 2nd half tk for
39
th round
add.w sp, #4 //restore stack pointer
add.w sp, #4 //restore stack pointer
pop {r0-r12, lr}
pop {r0-r12, lr}
bx lr
bx lr
...
@@ -1312,7 +1312,7 @@ tkschedule_perm_tk1:
...
@@ -1312,7 +1312,7 @@ tkschedule_perm_tk1:
str.w r12, [r0], #4
str.w r12, [r0], #4
and r11, r3, r9, ror #14
and r11, r3, r9, ror #14
and r12, r9, r3, ror #4
and r12, r9, r3, ror #4
orr r12, r11, r12, ror #6
//ror and masks to match fixslicing ---
orr r12, r11, r12, ror #6 //ror and masks to match fixslicing ---
str.w r12, [r0], #4
str.w r12, [r0], #4
and r11, r2, r6, ror #16 //ror and mask to match fixslicing
and r11, r2, r6, ror #16 //ror and mask to match fixslicing
and r12, r2, r7, ror #16 //ror and mask to match fixslicing
and r12, r2, r7, ror #16 //ror and mask to match fixslicing
...
@@ -2053,7 +2053,7 @@ inv_quadruple_round:
...
@@ -2053,7 +2053,7 @@ inv_quadruple_round:
bx lr
bx lr
/******************************************************************************
/******************************************************************************
* Encrypt a single block using fixsliced SKINNY-128-
128
.
* Encrypt a single block using fixsliced SKINNY-128-
384+
.
******************************************************************************/
******************************************************************************/
@ void skinny128_384(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
@ void skinny128_384(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
.global skinny128_384
.global skinny128_384
...
@@ -2094,7 +2094,7 @@ skinny128_384:
...
@@ -2094,7 +2094,7 @@ skinny128_384:
bx lr
bx lr
/******************************************************************************
/******************************************************************************
* Decrypt a single block using fixsliced SKINNY-128-
128
.
* Decrypt a single block using fixsliced SKINNY-128-
384+
.
******************************************************************************/
******************************************************************************/
@ void skinny128_384_inv(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
@ void skinny128_384_inv(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
.global skinny128_384_inv
.global skinny128_384_inv
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment