Commit 9e14ec76 by Alexandre Adomnicai Committed by Enrico Pozzobon

skinny & romulus

parent 40fde2ff
......@@ -108,11 +108,10 @@ int crypto_aead_encrypt
tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1);
if (tmp_mlen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES;
tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else {
memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
......@@ -310,11 +309,10 @@ int crypto_aead_decrypt
tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES;
clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else {
memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
......@@ -106,11 +106,10 @@ int crypto_aead_encrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384_plus(state, state, tks.rtk1, tks.rtk2_3);
m_auth += BLOCKBYTES;
tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
if (tmp_mlen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
}
tmp_mlen -= BLOCKBYTES;
m_auth += BLOCKBYTES;
} else {
memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
......@@ -299,11 +298,10 @@ int crypto_aead_decrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384_plus(state, state, tks.rtk1, tks.rtk2_3);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES;
clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else {
memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
......@@ -108,11 +108,10 @@ int crypto_aead_encrypt
tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1);
if (tmp_mlen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES;
tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else {
memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
......@@ -310,11 +309,10 @@ int crypto_aead_decrypt
tkschedule_perm(tks.rtk);
tkschedule_perm_tk1(tks.rtk1, tks.tk1);
skinny128_384(state, tks.rtk, state, tks.rtk1);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES;
clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else {
memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
......@@ -106,11 +106,10 @@ int crypto_aead_encrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384(state, state, tks.rtk1, tks.rtk2_3);
m_auth += BLOCKBYTES;
tmp_mlen -= BLOCKBYTES;
if (tmp_mlen > BLOCKBYTES) {
if (tmp_mlen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
}
tmp_mlen -= BLOCKBYTES;
m_auth += BLOCKBYTES;
} else {
memcpy(pad, m_auth, tmp_mlen);
memset(pad + tmp_mlen, 0x00, BLOCKBYTES - tmp_mlen - 1);
......@@ -299,11 +298,10 @@ int crypto_aead_decrypt
precompute_rtk2_3(tks.rtk2_3, m_auth, k);
precompute_rtk1(tks.rtk1, tks.tk1);
skinny128_384(state, state, tks.rtk1, tks.rtk2_3);
if (clen > BLOCKBYTES)
UPDATE_CTR(tks.tk1);
m_auth += BLOCKBYTES;
clen -= BLOCKBYTES;
if (clen > BLOCKBYTES) {
UPDATE_CTR(tks.tk1);
}
} else {
memcpy(pad, m_auth, clen);
memset(pad + clen, 0x00, BLOCKBYTES - clen - 1);
......
......@@ -1196,8 +1196,8 @@ tkschedule_perm:
strd r6, r7, [r0], #8 //store 2nd half tk for 39th round
ldm r0, {r6-r9} //load tk
bl p8 //apply the permutation 8 times
movw r10, #0x30
movt r10, #0x30 //r10<- 0x30303030
movw r10, #0x3030
movt r10, #0x3030 //r10<- 0x30303030
and r11, r10, r6, ror #30 //--- ror and masks to match fixslicing
and r6, r6, r10, ror #4
orr r6, r11, r6, ror #22
......@@ -1215,8 +1215,8 @@ tkschedule_perm:
eor r8, r8, #0x00000010
eor r9, r9, #0x00000400
mvn r9, r9 //to save a NOT in sbox calculations
strd r6, r7, [r0], #8 //store 1st half tk for 40th round
strd r8, r9, [r0] //store 2nd half tk for 40th round
strd r6, r7, [r0], #8 //store 1st half tk for 39th round
strd r8, r9, [r0] //store 2nd half tk for 39th round
add.w sp, #4 //restore stack pointer
pop {r0-r12, lr}
bx lr
......@@ -2053,7 +2053,7 @@ inv_quadruple_round:
bx lr
/******************************************************************************
* Encrypt a single block using fixsliced SKINNY-128-128.
* Encrypt a single block using fixsliced SKINNY-128-384+.
******************************************************************************/
@ void skinny128_384(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
.global skinny128_384
......@@ -2094,7 +2094,7 @@ skinny128_384:
bx lr
/******************************************************************************
* Decrypt a single block using fixsliced SKINNY-128-128.
* Decrypt a single block using fixsliced SKINNY-128-384+.
******************************************************************************/
@ void skinny128_384_inv(u8* ctext, const u32* tk, const u8* ptext, const u32* rtk1)
.global skinny128_384_inv
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment