Commit 9e14ec76 by Alexandre Adomnicai Committed by Enrico Pozzobon

skinny & romulus

parent 40fde2ff
...@@ -108,11 +108,10 @@ int crypto_aead_encrypt ...@@ -108,11 +108,10 @@ int crypto_aead_encrypt
tkschedule_perm(tks.rtk); tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1); tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1); skinny128_384(state, tks.rtk, state, tks.rtk1);
if (tmp_mlen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES; m_auth += BLOCKBYTES;
tmp_mlen -= BLOCKBYTES; tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else { } else {
memcpy(pad, m_auth, tmp_mlen); memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1); memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
...@@ -310,11 +309,10 @@ int crypto_aead_decrypt ...@@ -310,11 +309,10 @@ int crypto_aead_decrypt
tkschedule_perm(tks.rtk); tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1); tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1); skinny128_384(state, tks.rtk, state, tks.rtk1);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES; m_auth += BLOCKBYTES;
clen -= BLOCKBYTES; clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else { } else {
memcpy(pad, m_auth, clen); memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1); memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
...@@ -106,11 +106,10 @@ int crypto_aead_encrypt ...@@ -106,11 +106,10 @@ int crypto_aead_encrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k); precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1); precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384_plus(state, state, tks.rtk1, tks.rtk2_3); skinny128_384_plus(state, state, tks.rtk1, tks.rtk2_3);
m_auth += BLOCKBYTES; if (tmp_mlen > BLOCKBYTES)
tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1); UPDATE_CTR(tks.tk1);
} tmp_mlen -= BLOCKBYTES;
m_auth += BLOCKBYTES;
} else { } else {
memcpy(pad, m_auth, tmp_mlen); memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1); memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
...@@ -299,11 +298,10 @@ int crypto_aead_decrypt ...@@ -299,11 +298,10 @@ int crypto_aead_decrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k); precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1); precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384_plus(state, state, tks.rtk1, tks.rtk2_3); skinny128_384_plus(state, state, tks.rtk1, tks.rtk2_3);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES; m_auth += BLOCKBYTES;
clen -= BLOCKBYTES; clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else { } else {
memcpy(pad, m_auth, clen); memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1); memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
...@@ -108,11 +108,10 @@ int crypto_aead_encrypt ...@@ -108,11 +108,10 @@ int crypto_aead_encrypt
tkschedule_perm(tks.rtk); tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1); tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1); skinny128_384(state, tks.rtk, state, tks.rtk1);
if (tmp_mlen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES; m_auth += BLOCKBYTES;
tmp_mlen -= BLOCKBYTES; tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else { } else {
memcpy(pad, m_auth, tmp_mlen); memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1); memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
...@@ -310,11 +309,10 @@ int crypto_aead_decrypt ...@@ -310,11 +309,10 @@ int crypto_aead_decrypt
tkschedule_perm(tks.rtk); tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1); tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1); skinny128_384(state, tks.rtk, state, tks.rtk1);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES; m_auth += BLOCKBYTES;
clen -= BLOCKBYTES; clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else { } else {
memcpy(pad, m_auth, clen); memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1); memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
...@@ -106,11 +106,10 @@ int crypto_aead_encrypt ...@@ -106,11 +106,10 @@ int crypto_aead_encrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k); precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1); precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384(state, state, tks.rtk1, tks.rtk2_3); skinny128_384(state, state, tks.rtk1, tks.rtk2_3);
m_auth += BLOCKBYTES; if (tmp_mlen > BLOCKBYTES)
tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1); UPDATE_CTR(tks.tk1);
} tmp_mlen -= BLOCKBYTES;
m_auth += BLOCKBYTES;
} else { } else {
memcpy(pad, m_auth, tmp_mlen); memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1); memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
...@@ -299,11 +298,10 @@ int crypto_aead_decrypt ...@@ -299,11 +298,10 @@ int crypto_aead_decrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k); precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1); precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384(state, state, tks.rtk1, tks.rtk2_3); skinny128_384(state, state, tks.rtk1, tks.rtk2_3);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES; m_auth += BLOCKBYTES;
clen -= BLOCKBYTES; clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else { } else {
memcpy(pad, m_auth, clen); memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1); memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
...@@ -1196,8 +1196,8 @@ tkschedule_perm: ...@@ -1196,8 +1196,8 @@ tkschedule_perm:
strd r6, r7, [r0], #8 //store 2nd half tk for 39th round strd r6, r7, [r0], #8 //store 2nd half tk for 39th round
ldm r0, {r6-r9} //load tk ldm r0, {r6-r9} //load tk
bl p8 //apply the permutation 8 times bl p8 //apply the permutation 8 times
movw r10, #0x30 movw r10, #0x3030
movt r10, #0x30 //r10<- 0x30303030 movt r10, #0x3030 //r10<- 0x30303030
and r11, r10, r6, ror #30 //--- ror and masks to match fixslicing and r11, r10, r6, ror #30 //--- ror and masks to match fixslicing
and r6, r6, r10, ror #4 and r6, r6, r10, ror #4
orr r6, r11, r6, ror #22 orr r6, r11, r6, ror #22
...@@ -1215,8 +1215,8 @@ tkschedule_perm: ...@@ -1215,8 +1215,8 @@ tkschedule_perm:
eor r8, r8, #0x00000010 eor r8, r8, #0x00000010
eor r9, r9, #0x00000400 eor r9, r9, #0x00000400
mvn r9, r9 //to save a NOT in sbox calculations mvn r9, r9 //to save a NOT in sbox calculations
strd r6, r7, [r0], #8 //store 1st half tk for 40th round strd r6, r7, [r0], #8 //store 1st half tk for 39th round
strd r8, r9, [r0] //store 2nd half tk for 40th round strd r8, r9, [r0] //store 2nd half tk for 39th round
add.w sp, #4 //restore stack pointer add.w sp, #4 //restore stack pointer
pop {r0-r12, lr} pop {r0-r12, lr}
bx lr bx lr
...@@ -2053,7 +2053,7 @@ inv_quadruple_round: ...@@ -2053,7 +2053,7 @@ inv_quadruple_round:
bx lr bx lr
/****************************************************************************** /******************************************************************************
* Encrypt a single block using fixsliced SKINNY-128-128. * Encrypt a single block using fixsliced SKINNY-128-384+.
******************************************************************************/ ******************************************************************************/
@ void skinny128_384(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1) @ void skinny128_384(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
.global skinny128_384 .global skinny128_384
...@@ -2094,7 +2094,7 @@ skinny128_384: ...@@ -2094,7 +2094,7 @@ skinny128_384:
bx lr bx lr
/****************************************************************************** /******************************************************************************
* Decrypt a single block using fixsliced SKINNY-128-128. * Decrypt a single block using fixsliced SKINNY-128-384+.
******************************************************************************/ ******************************************************************************/
@ void skinny128_384_inv(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1) @ void skinny128_384_inv(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
.global skinny128_384_inv .global skinny128_384_inv
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment