Commit ae78ab5e by Enrico Pozzobon

tinyjambu ref: changes unsigned int to uint32_t for arduino uno

parent 90acf8b3
......@@ -9,6 +9,7 @@
#include <string.h>
#include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h"
#define FrameBitsIV 0x10
......@@ -20,10 +21,10 @@
#define NROUND2 128*8
/*optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps)
void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{
unsigned int i;
unsigned int t1, t2, t3, t4;
uint32_t i;
uint32_t t1, t2, t3, t4;
//in each iteration, we compute 128 rounds of the state update function.
for (i = 0; i < (number_of_steps >> 5); i = i+4)
......@@ -32,31 +33,31 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[0];
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[0];
t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[1];
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[1];
t1 = (state[3] >> 15) | (state[0] << 17);
t2 = (state[0] >> 6) | (state[1] << 26);
t3 = (state[0] >> 21) | (state[1] << 11);
t4 = (state[0] >> 27) | (state[1] << 5);
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[2];
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[2];
t1 = (state[0] >> 15) | (state[1] << 17);
t2 = (state[1] >> 6) | (state[2] << 26);
t3 = (state[1] >> 21) | (state[2] << 11);
t4 = (state[1] >> 27) | (state[2] << 5);
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[3];
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[3];
}
}
// The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state)
void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{
int i;
......@@ -71,21 +72,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{
state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i];
state[3] ^= ((uint32_t*)iv)[i];
}
}
//process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state)
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{
unsigned long long i;
unsigned int j;
uint32_t j;
for (i = 0; i < (adlen >> 2); i++)
{
state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i];
state[3] ^= ((uint32_t*)ad)[i];
}
// if adlen is not a multiple of 4, we process the remaining bytes
......@@ -109,9 +110,9 @@ int crypto_aead_encrypt(
)
{
unsigned long long i;
unsigned int j;
uint32_t j;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
//initialization stage
initialization(k, npub, state);
......@@ -124,8 +125,8 @@ int crypto_aead_encrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i];
state[3] ^= ((uint32_t*)m)[i];
((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0)
......@@ -143,11 +144,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8;
memcpy(c + mlen, mac, 8);
......@@ -166,9 +167,9 @@ int crypto_aead_decrypt(
)
{
unsigned long long i;
unsigned int j, check = 0;
uint32_t j, check = 0;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
*mlen = clen - 8;
......@@ -183,8 +184,8 @@ int crypto_aead_decrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i];
state[3] ^= ((unsigned int*)m)[i];
((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0)
......@@ -202,11 +203,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
......@@ -9,6 +9,7 @@
#include <string.h>
#include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h"
#define FrameBitsIV 0x10
......@@ -20,17 +21,17 @@
#define NROUND2 128*8
/*no-optimized date update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps)
void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{
unsigned int i;
unsigned int t1, t2, t3, t4, feedback;
uint32_t i;
uint32_t t1, t2, t3, t4, feedback;
for (i = 0; i < (number_of_steps >> 5); i++)
{
t1 = (state[1] >> 15) | (state[2] << 17); // 47 = 1*32+15
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[i & 3];
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[i & 3];
// shift 32 bit positions
state[0] = state[1]; state[1] = state[2]; state[2] = state[3];
state[3] = feedback ;
......@@ -39,7 +40,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state)
void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{
int i;
......@@ -54,21 +55,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{
state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i];
state[3] ^= ((uint32_t*)iv)[i];
}
}
//process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state)
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{
unsigned long long i;
unsigned int j;
uint32_t j;
for (i = 0; i < (adlen >> 2); i++)
{
state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i];
state[3] ^= ((uint32_t*)ad)[i];
}
// if adlen is not a multiple of 4, we process the remaining bytes
......@@ -92,9 +93,9 @@ int crypto_aead_encrypt(
)
{
unsigned long long i;
unsigned int j;
uint32_t j;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
//initialization stage
initialization(k, npub, state);
......@@ -107,8 +108,8 @@ int crypto_aead_encrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i];
state[3] ^= ((uint32_t*)m)[i];
((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0)
......@@ -126,11 +127,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8;
memcpy(c + mlen, mac, 8);
......@@ -149,9 +150,9 @@ int crypto_aead_decrypt(
)
{
unsigned long long i;
unsigned int j, check = 0;
uint32_t j, check = 0;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
*mlen = clen - 8;
......@@ -166,8 +167,8 @@ int crypto_aead_decrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i];
state[3] ^= ((unsigned int*)m)[i];
((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0)
......@@ -185,11 +186,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
......@@ -9,6 +9,7 @@
#include <string.h>
#include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h"
#define FrameBitsIV 0x10
......@@ -20,10 +21,10 @@
#define NROUND2 128*9
/*optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps)
void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{
unsigned int i, temp;
unsigned int t1, t2, t3, t4;
uint32_t i, temp;
uint32_t t1, t2, t3, t4;
//in each iteration, we compute 192 rounds of the state update function.
for (i = 0; i < (number_of_steps >> 5); i = i+6)
{
......@@ -31,37 +32,37 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[0];
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[0];
t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[1];
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[1];
t1 = (state[3] >> 15) | (state[0] << 17);
t2 = (state[0] >> 6) | (state[1] << 26);
t3 = (state[0] >> 21) | (state[1] << 11);
t4 = (state[0] >> 27) | (state[1] << 5);
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[2];
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[2];
t1 = (state[0] >> 15) | (state[1] << 17);
t2 = (state[1] >> 6) | (state[2] << 26);
t3 = (state[1] >> 21) | (state[2] << 11);
t4 = (state[1] >> 27) | (state[2] << 5);
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[3];
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[3];
t1 = (state[1] >> 15) | (state[2] << 17);
t2 = (state[2] >> 6) | (state[3] << 26);
t3 = (state[2] >> 21) | (state[3] << 11);
t4 = (state[2] >> 27) | (state[3] << 5);
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[4];
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[4];
t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[5];
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[5];
//shift the state by 64-bit position
temp = state[0]; state[0] = state[2]; state[2] = temp;
......@@ -71,7 +72,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization
/* The input to initialization is the 192-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state)
void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{
int i;
......@@ -86,21 +87,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{
state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i];
state[3] ^= ((uint32_t*)iv)[i];
}
}
//process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state)
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{
unsigned long long i;
unsigned int j;
uint32_t j;
for (i = 0; i < (adlen >> 2); i++)
{
state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i];
state[3] ^= ((uint32_t*)ad)[i];
}
// if adlen is not a multiple of 4, we process the remaining bytes
......@@ -124,9 +125,9 @@ int crypto_aead_encrypt(
)
{
unsigned long long i;
unsigned int j;
uint32_t j;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
//initialization stage
initialization(k, npub, state);
......@@ -139,8 +140,8 @@ int crypto_aead_encrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i];
state[3] ^= ((uint32_t*)m)[i];
((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0)
......@@ -158,11 +159,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8;
memcpy(c + mlen, mac, 8);
......@@ -181,9 +182,9 @@ int crypto_aead_decrypt(
)
{
unsigned long long i;
unsigned int j, check = 0;
uint32_t j, check = 0;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
*mlen = clen - 8;
......@@ -198,8 +199,8 @@ int crypto_aead_decrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i];
state[3] ^= ((unsigned int*)m)[i];
((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0)
......@@ -218,11 +219,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
......@@ -9,6 +9,7 @@
#include <string.h>
#include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h"
#define FrameBitsIV 0x10
......@@ -20,10 +21,10 @@
#define NROUND2 128*9
/*no-optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps)
void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{
unsigned int i;
unsigned int t1, t2, t3, t4, feedback;
uint32_t i;
uint32_t t1, t2, t3, t4, feedback;
for (i = 0; i < (number_of_steps >> 5); i++)
{
......@@ -31,7 +32,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[i % 6];
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[i % 6];
// shift 32 bit positions
state[0] = state[1]; state[1] = state[2]; state[2] = state[3];
state[3] = feedback;
......@@ -40,7 +41,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization
/* The input to initialization is the 192-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state)
void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{
int i;
......@@ -55,21 +56,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{
state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i];
state[3] ^= ((uint32_t*)iv)[i];
}
}
//process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state)
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{
unsigned long long i;
unsigned int j;
uint32_t j;
for (i = 0; i < (adlen >> 2); i++)
{
state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i];
state[3] ^= ((uint32_t*)ad)[i];
}
// if adlen is not a multiple of 4, we process the remaining bytes
......@@ -93,9 +94,9 @@ int crypto_aead_encrypt(
)
{
unsigned long long i;
unsigned int j;
uint32_t j;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
//initialization stage
initialization(k, npub, state);
......@@ -108,8 +109,8 @@ int crypto_aead_encrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i];
state[3] ^= ((uint32_t*)m)[i];
((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0)
......@@ -127,11 +128,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8;
memcpy(c + mlen, mac, 8);
......@@ -150,9 +151,9 @@ int crypto_aead_decrypt(
)
{
unsigned long long i;
unsigned int j, check = 0;
uint32_t j, check = 0;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
*mlen = clen - 8;
......@@ -167,8 +168,8 @@ int crypto_aead_decrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i];
state[3] ^= ((unsigned int*)m)[i];
((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0)
......@@ -187,11 +188,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
......@@ -9,6 +9,7 @@
#include <string.h>
#include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h"
#define FrameBitsIV 0x10
......@@ -20,10 +21,10 @@
#define NROUND2 128*10
/*optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps)
void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{
unsigned int i, j;
unsigned int t1, t2, t3, t4;
uint32_t i, j;
uint32_t t1, t2, t3, t4;
//in each iteration, we compute 128 rounds of the state update function.
for (i = 0, j = 0; i < (number_of_steps >> 5); i = i+4)
......@@ -32,31 +33,31 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++)&7];
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++)&7];
t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++) & 7];
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++) & 7];
t1 = (state[3] >> 15) | (state[0] << 17);
t2 = (state[0] >> 6) | (state[1] << 26);
t3 = (state[0] >> 21) | (state[1] << 11);
t4 = (state[0] >> 27) | (state[1] << 5);
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++) & 7];
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++) & 7];
t1 = (state[0] >> 15) | (state[1] << 17);
t2 = (state[1] >> 6) | (state[2] << 26);
t3 = (state[1] >> 21) | (state[2] << 11);
t4 = (state[1] >> 27) | (state[2] << 5);
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++) & 7];
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++) & 7];
}
}
// The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state)
void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{
int i;
......@@ -71,21 +72,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{
state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i];
state[3] ^= ((uint32_t*)iv)[i];
}
}
//process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state)
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{
unsigned long long i;
unsigned int j;
uint32_t j;
for (i = 0; i < (adlen >> 2); i++)
{
state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i];
state[3] ^= ((uint32_t*)ad)[i];
}
// if adlen is not a multiple of 4, we process the remaining bytes
......@@ -109,9 +110,9 @@ int crypto_aead_encrypt(
)
{
unsigned long long i;
unsigned int j;
uint32_t j;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
//initialization stage
initialization(k, npub, state);
......@@ -124,8 +125,8 @@ int crypto_aead_encrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i];
state[3] ^= ((uint32_t*)m)[i];
((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0)
......@@ -143,11 +144,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8;
memcpy(c + mlen, mac, 8);
......@@ -166,9 +167,9 @@ int crypto_aead_decrypt(
)
{
unsigned long long i;
unsigned int j, check = 0;
uint32_t j, check = 0;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
*mlen = clen - 8;
......@@ -183,8 +184,8 @@ int crypto_aead_decrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i];
state[3] ^= ((unsigned int*)m)[i];
((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0)
......@@ -202,11 +203,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
......@@ -9,6 +9,7 @@
#include <string.h>
#include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h"
#define FrameBitsIV 0x10
......@@ -20,10 +21,10 @@
#define NROUND2 128*10
/*non-optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps)
void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{
unsigned int i;
unsigned int t1, t2, t3, t4, feedback;
uint32_t i;
uint32_t t1, t2, t3, t4, feedback;
//in each iteration, we compute 256 steps of the state update function.
for (i = 0; i < (number_of_steps >> 5); i++)
{
......@@ -31,7 +32,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[i & 7];
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[i & 7];
// shift 32 bit positions
state[0] = state[1]; state[1] = state[2]; state[2] = state[3];
state[3] = feedback;
......@@ -40,7 +41,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state)
void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{
int i;
......@@ -55,21 +56,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{
state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i];
state[3] ^= ((uint32_t*)iv)[i];
}
}
//process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state)
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{
unsigned long long i;
unsigned int j;
uint32_t j;
for (i = 0; i < (adlen >> 2); i++)
{
state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i];
state[3] ^= ((uint32_t*)ad)[i];
}
// if adlen is not a multiple of 4, we process the remaining bytes
......@@ -93,9 +94,9 @@ int crypto_aead_encrypt(
)
{
unsigned long long i;
unsigned int j;
uint32_t j;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
//initialization stage
initialization(k, npub, state);
......@@ -108,8 +109,8 @@ int crypto_aead_encrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i];
state[3] ^= ((uint32_t*)m)[i];
((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0)
......@@ -127,11 +128,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8;
memcpy(c + mlen, mac, 8);
......@@ -150,9 +151,9 @@ int crypto_aead_decrypt(
)
{
unsigned long long i;
unsigned int j, check = 0;
uint32_t j, check = 0;
unsigned char mac[8];
unsigned int state[4];
uint32_t state[4];
*mlen = clen - 8;
......@@ -167,8 +168,8 @@ int crypto_aead_decrypt(
{
state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i];
state[3] ^= ((unsigned int*)m)[i];
((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((uint32_t*)m)[i];
}
// if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0)
......@@ -186,11 +187,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2];
((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2];
((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment