Commit ae78ab5e by Enrico Pozzobon

tinyjambu ref: changes unsigned int to uint32_t for arduino uno

parent 90acf8b3
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h" #include "crypto_aead.h"
#define FrameBitsIV 0x10 #define FrameBitsIV 0x10
...@@ -20,10 +21,10 @@ ...@@ -20,10 +21,10 @@
#define NROUND2 128*8 #define NROUND2 128*8
/*optimized state update function*/ /*optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps) void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{ {
unsigned int i; uint32_t i;
unsigned int t1, t2, t3, t4; uint32_t t1, t2, t3, t4;
//in each iteration, we compute 128 rounds of the state update function. //in each iteration, we compute 128 rounds of the state update function.
for (i = 0; i < (number_of_steps >> 5); i = i+4) for (i = 0; i < (number_of_steps >> 5); i = i+4)
...@@ -32,31 +33,31 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -32,31 +33,31 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6 t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21 t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27 t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[0]; state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[0];
t1 = (state[2] >> 15) | (state[3] << 17); t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26); t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11); t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5); t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[1]; state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[1];
t1 = (state[3] >> 15) | (state[0] << 17); t1 = (state[3] >> 15) | (state[0] << 17);
t2 = (state[0] >> 6) | (state[1] << 26); t2 = (state[0] >> 6) | (state[1] << 26);
t3 = (state[0] >> 21) | (state[1] << 11); t3 = (state[0] >> 21) | (state[1] << 11);
t4 = (state[0] >> 27) | (state[1] << 5); t4 = (state[0] >> 27) | (state[1] << 5);
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[2]; state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[2];
t1 = (state[0] >> 15) | (state[1] << 17); t1 = (state[0] >> 15) | (state[1] << 17);
t2 = (state[1] >> 6) | (state[2] << 26); t2 = (state[1] >> 6) | (state[2] << 26);
t3 = (state[1] >> 21) | (state[2] << 11); t3 = (state[1] >> 21) | (state[2] << 11);
t4 = (state[1] >> 27) | (state[2] << 5); t4 = (state[1] >> 27) | (state[2] << 5);
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[3]; state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[3];
} }
} }
// The initialization // The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/ /* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state) void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{ {
int i; int i;
...@@ -71,21 +72,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned ...@@ -71,21 +72,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{ {
state[1] ^= FrameBitsIV; state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1); state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i]; state[3] ^= ((uint32_t*)iv)[i];
} }
} }
//process the associated data //process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state) void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
for (i = 0; i < (adlen >> 2); i++) for (i = 0; i < (adlen >> 2); i++)
{ {
state[1] ^= FrameBitsAD; state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i]; state[3] ^= ((uint32_t*)ad)[i];
} }
// if adlen is not a multiple of 4, we process the remaining bytes // if adlen is not a multiple of 4, we process the remaining bytes
...@@ -109,9 +110,9 @@ int crypto_aead_encrypt( ...@@ -109,9 +110,9 @@ int crypto_aead_encrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
//initialization stage //initialization stage
initialization(k, npub, state); initialization(k, npub, state);
...@@ -124,8 +125,8 @@ int crypto_aead_encrypt( ...@@ -124,8 +125,8 @@ int crypto_aead_encrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i]; ((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0) if ((mlen & 3) > 0)
...@@ -143,11 +144,11 @@ int crypto_aead_encrypt( ...@@ -143,11 +144,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8; *clen = mlen + 8;
memcpy(c + mlen, mac, 8); memcpy(c + mlen, mac, 8);
...@@ -166,9 +167,9 @@ int crypto_aead_decrypt( ...@@ -166,9 +167,9 @@ int crypto_aead_decrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j, check = 0; uint32_t j, check = 0;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
*mlen = clen - 8; *mlen = clen - 8;
...@@ -183,8 +184,8 @@ int crypto_aead_decrypt( ...@@ -183,8 +184,8 @@ int crypto_aead_decrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i]; ((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0) if ((*mlen & 3) > 0)
...@@ -202,11 +203,11 @@ int crypto_aead_decrypt( ...@@ -202,11 +203,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag //verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); } for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h" #include "crypto_aead.h"
#define FrameBitsIV 0x10 #define FrameBitsIV 0x10
...@@ -20,17 +21,17 @@ ...@@ -20,17 +21,17 @@
#define NROUND2 128*8 #define NROUND2 128*8
/*no-optimized date update function*/ /*no-optimized date update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps) void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{ {
unsigned int i; uint32_t i;
unsigned int t1, t2, t3, t4, feedback; uint32_t t1, t2, t3, t4, feedback;
for (i = 0; i < (number_of_steps >> 5); i++) for (i = 0; i < (number_of_steps >> 5); i++)
{ {
t1 = (state[1] >> 15) | (state[2] << 17); // 47 = 1*32+15 t1 = (state[1] >> 15) | (state[2] << 17); // 47 = 1*32+15
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6 t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21 t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27 t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[i & 3]; feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[i & 3];
// shift 32 bit positions // shift 32 bit positions
state[0] = state[1]; state[1] = state[2]; state[2] = state[3]; state[0] = state[1]; state[1] = state[2]; state[2] = state[3];
state[3] = feedback ; state[3] = feedback ;
...@@ -39,7 +40,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -39,7 +40,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization // The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/ /* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state) void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{ {
int i; int i;
...@@ -54,21 +55,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned ...@@ -54,21 +55,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{ {
state[1] ^= FrameBitsIV; state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1); state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i]; state[3] ^= ((uint32_t*)iv)[i];
} }
} }
//process the associated data //process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state) void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
for (i = 0; i < (adlen >> 2); i++) for (i = 0; i < (adlen >> 2); i++)
{ {
state[1] ^= FrameBitsAD; state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i]; state[3] ^= ((uint32_t*)ad)[i];
} }
// if adlen is not a multiple of 4, we process the remaining bytes // if adlen is not a multiple of 4, we process the remaining bytes
...@@ -92,9 +93,9 @@ int crypto_aead_encrypt( ...@@ -92,9 +93,9 @@ int crypto_aead_encrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
//initialization stage //initialization stage
initialization(k, npub, state); initialization(k, npub, state);
...@@ -107,8 +108,8 @@ int crypto_aead_encrypt( ...@@ -107,8 +108,8 @@ int crypto_aead_encrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i]; ((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0) if ((mlen & 3) > 0)
...@@ -126,11 +127,11 @@ int crypto_aead_encrypt( ...@@ -126,11 +127,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8; *clen = mlen + 8;
memcpy(c + mlen, mac, 8); memcpy(c + mlen, mac, 8);
...@@ -149,9 +150,9 @@ int crypto_aead_decrypt( ...@@ -149,9 +150,9 @@ int crypto_aead_decrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j, check = 0; uint32_t j, check = 0;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
*mlen = clen - 8; *mlen = clen - 8;
...@@ -166,8 +167,8 @@ int crypto_aead_decrypt( ...@@ -166,8 +167,8 @@ int crypto_aead_decrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i]; ((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0) if ((*mlen & 3) > 0)
...@@ -185,11 +186,11 @@ int crypto_aead_decrypt( ...@@ -185,11 +186,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag //verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); } for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h" #include "crypto_aead.h"
#define FrameBitsIV 0x10 #define FrameBitsIV 0x10
...@@ -20,10 +21,10 @@ ...@@ -20,10 +21,10 @@
#define NROUND2 128*9 #define NROUND2 128*9
/*optimized state update function*/ /*optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps) void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{ {
unsigned int i, temp; uint32_t i, temp;
unsigned int t1, t2, t3, t4; uint32_t t1, t2, t3, t4;
//in each iteration, we compute 192 rounds of the state update function. //in each iteration, we compute 192 rounds of the state update function.
for (i = 0; i < (number_of_steps >> 5); i = i+6) for (i = 0; i < (number_of_steps >> 5); i = i+6)
{ {
...@@ -31,37 +32,37 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -31,37 +32,37 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6 t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21 t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27 t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[0]; state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[0];
t1 = (state[2] >> 15) | (state[3] << 17); t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26); t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11); t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5); t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[1]; state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[1];
t1 = (state[3] >> 15) | (state[0] << 17); t1 = (state[3] >> 15) | (state[0] << 17);
t2 = (state[0] >> 6) | (state[1] << 26); t2 = (state[0] >> 6) | (state[1] << 26);
t3 = (state[0] >> 21) | (state[1] << 11); t3 = (state[0] >> 21) | (state[1] << 11);
t4 = (state[0] >> 27) | (state[1] << 5); t4 = (state[0] >> 27) | (state[1] << 5);
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[2]; state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[2];
t1 = (state[0] >> 15) | (state[1] << 17); t1 = (state[0] >> 15) | (state[1] << 17);
t2 = (state[1] >> 6) | (state[2] << 26); t2 = (state[1] >> 6) | (state[2] << 26);
t3 = (state[1] >> 21) | (state[2] << 11); t3 = (state[1] >> 21) | (state[2] << 11);
t4 = (state[1] >> 27) | (state[2] << 5); t4 = (state[1] >> 27) | (state[2] << 5);
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[3]; state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[3];
t1 = (state[1] >> 15) | (state[2] << 17); t1 = (state[1] >> 15) | (state[2] << 17);
t2 = (state[2] >> 6) | (state[3] << 26); t2 = (state[2] >> 6) | (state[3] << 26);
t3 = (state[2] >> 21) | (state[3] << 11); t3 = (state[2] >> 21) | (state[3] << 11);
t4 = (state[2] >> 27) | (state[3] << 5); t4 = (state[2] >> 27) | (state[3] << 5);
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[4]; state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[4];
t1 = (state[2] >> 15) | (state[3] << 17); t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26); t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11); t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5); t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[5]; state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[5];
//shift the state by 64-bit position //shift the state by 64-bit position
temp = state[0]; state[0] = state[2]; state[2] = temp; temp = state[0]; state[0] = state[2]; state[2] = temp;
...@@ -71,7 +72,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -71,7 +72,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization // The initialization
/* The input to initialization is the 192-bit key; 96-bit IV;*/ /* The input to initialization is the 192-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state) void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{ {
int i; int i;
...@@ -86,21 +87,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned ...@@ -86,21 +87,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{ {
state[1] ^= FrameBitsIV; state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1); state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i]; state[3] ^= ((uint32_t*)iv)[i];
} }
} }
//process the associated data //process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state) void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
for (i = 0; i < (adlen >> 2); i++) for (i = 0; i < (adlen >> 2); i++)
{ {
state[1] ^= FrameBitsAD; state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i]; state[3] ^= ((uint32_t*)ad)[i];
} }
// if adlen is not a multiple of 4, we process the remaining bytes // if adlen is not a multiple of 4, we process the remaining bytes
...@@ -124,9 +125,9 @@ int crypto_aead_encrypt( ...@@ -124,9 +125,9 @@ int crypto_aead_encrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
//initialization stage //initialization stage
initialization(k, npub, state); initialization(k, npub, state);
...@@ -139,8 +140,8 @@ int crypto_aead_encrypt( ...@@ -139,8 +140,8 @@ int crypto_aead_encrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i]; ((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0) if ((mlen & 3) > 0)
...@@ -158,11 +159,11 @@ int crypto_aead_encrypt( ...@@ -158,11 +159,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8; *clen = mlen + 8;
memcpy(c + mlen, mac, 8); memcpy(c + mlen, mac, 8);
...@@ -181,9 +182,9 @@ int crypto_aead_decrypt( ...@@ -181,9 +182,9 @@ int crypto_aead_decrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j, check = 0; uint32_t j, check = 0;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
*mlen = clen - 8; *mlen = clen - 8;
...@@ -198,8 +199,8 @@ int crypto_aead_decrypt( ...@@ -198,8 +199,8 @@ int crypto_aead_decrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i]; ((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0) if ((*mlen & 3) > 0)
...@@ -218,11 +219,11 @@ int crypto_aead_decrypt( ...@@ -218,11 +219,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag //verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); } for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h" #include "crypto_aead.h"
#define FrameBitsIV 0x10 #define FrameBitsIV 0x10
...@@ -20,10 +21,10 @@ ...@@ -20,10 +21,10 @@
#define NROUND2 128*9 #define NROUND2 128*9
/*no-optimized state update function*/ /*no-optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps) void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{ {
unsigned int i; uint32_t i;
unsigned int t1, t2, t3, t4, feedback; uint32_t t1, t2, t3, t4, feedback;
for (i = 0; i < (number_of_steps >> 5); i++) for (i = 0; i < (number_of_steps >> 5); i++)
{ {
...@@ -31,7 +32,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -31,7 +32,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6 t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21 t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27 t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[i % 6]; feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[i % 6];
// shift 32 bit positions // shift 32 bit positions
state[0] = state[1]; state[1] = state[2]; state[2] = state[3]; state[0] = state[1]; state[1] = state[2]; state[2] = state[3];
state[3] = feedback; state[3] = feedback;
...@@ -40,7 +41,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -40,7 +41,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization // The initialization
/* The input to initialization is the 192-bit key; 96-bit IV;*/ /* The input to initialization is the 192-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state) void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{ {
int i; int i;
...@@ -55,21 +56,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned ...@@ -55,21 +56,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{ {
state[1] ^= FrameBitsIV; state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1); state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i]; state[3] ^= ((uint32_t*)iv)[i];
} }
} }
//process the associated data //process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state) void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
for (i = 0; i < (adlen >> 2); i++) for (i = 0; i < (adlen >> 2); i++)
{ {
state[1] ^= FrameBitsAD; state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i]; state[3] ^= ((uint32_t*)ad)[i];
} }
// if adlen is not a multiple of 4, we process the remaining bytes // if adlen is not a multiple of 4, we process the remaining bytes
...@@ -93,9 +94,9 @@ int crypto_aead_encrypt( ...@@ -93,9 +94,9 @@ int crypto_aead_encrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
//initialization stage //initialization stage
initialization(k, npub, state); initialization(k, npub, state);
...@@ -108,8 +109,8 @@ int crypto_aead_encrypt( ...@@ -108,8 +109,8 @@ int crypto_aead_encrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i]; ((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0) if ((mlen & 3) > 0)
...@@ -127,11 +128,11 @@ int crypto_aead_encrypt( ...@@ -127,11 +128,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8; *clen = mlen + 8;
memcpy(c + mlen, mac, 8); memcpy(c + mlen, mac, 8);
...@@ -150,9 +151,9 @@ int crypto_aead_decrypt( ...@@ -150,9 +151,9 @@ int crypto_aead_decrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j, check = 0; uint32_t j, check = 0;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
*mlen = clen - 8; *mlen = clen - 8;
...@@ -167,8 +168,8 @@ int crypto_aead_decrypt( ...@@ -167,8 +168,8 @@ int crypto_aead_decrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i]; ((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0) if ((*mlen & 3) > 0)
...@@ -187,11 +188,11 @@ int crypto_aead_decrypt( ...@@ -187,11 +188,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag //verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); } for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h" #include "crypto_aead.h"
#define FrameBitsIV 0x10 #define FrameBitsIV 0x10
...@@ -20,10 +21,10 @@ ...@@ -20,10 +21,10 @@
#define NROUND2 128*10 #define NROUND2 128*10
/*optimized state update function*/ /*optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps) void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{ {
unsigned int i, j; uint32_t i, j;
unsigned int t1, t2, t3, t4; uint32_t t1, t2, t3, t4;
//in each iteration, we compute 128 rounds of the state update function. //in each iteration, we compute 128 rounds of the state update function.
for (i = 0, j = 0; i < (number_of_steps >> 5); i = i+4) for (i = 0, j = 0; i < (number_of_steps >> 5); i = i+4)
...@@ -32,31 +33,31 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -32,31 +33,31 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6 t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21 t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27 t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++)&7]; state[0] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++)&7];
t1 = (state[2] >> 15) | (state[3] << 17); t1 = (state[2] >> 15) | (state[3] << 17);
t2 = (state[3] >> 6) | (state[0] << 26); t2 = (state[3] >> 6) | (state[0] << 26);
t3 = (state[3] >> 21) | (state[0] << 11); t3 = (state[3] >> 21) | (state[0] << 11);
t4 = (state[3] >> 27) | (state[0] << 5); t4 = (state[3] >> 27) | (state[0] << 5);
state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++) & 7]; state[1] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++) & 7];
t1 = (state[3] >> 15) | (state[0] << 17); t1 = (state[3] >> 15) | (state[0] << 17);
t2 = (state[0] >> 6) | (state[1] << 26); t2 = (state[0] >> 6) | (state[1] << 26);
t3 = (state[0] >> 21) | (state[1] << 11); t3 = (state[0] >> 21) | (state[1] << 11);
t4 = (state[0] >> 27) | (state[1] << 5); t4 = (state[0] >> 27) | (state[1] << 5);
state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++) & 7]; state[2] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++) & 7];
t1 = (state[0] >> 15) | (state[1] << 17); t1 = (state[0] >> 15) | (state[1] << 17);
t2 = (state[1] >> 6) | (state[2] << 26); t2 = (state[1] >> 6) | (state[2] << 26);
t3 = (state[1] >> 21) | (state[2] << 11); t3 = (state[1] >> 21) | (state[2] << 11);
t4 = (state[1] >> 27) | (state[2] << 5); t4 = (state[1] >> 27) | (state[2] << 5);
state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[(j++) & 7]; state[3] ^= t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[(j++) & 7];
} }
} }
// The initialization // The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/ /* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state) void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{ {
int i; int i;
...@@ -71,21 +72,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned ...@@ -71,21 +72,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{ {
state[1] ^= FrameBitsIV; state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1); state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i]; state[3] ^= ((uint32_t*)iv)[i];
} }
} }
//process the associated data //process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state) void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
for (i = 0; i < (adlen >> 2); i++) for (i = 0; i < (adlen >> 2); i++)
{ {
state[1] ^= FrameBitsAD; state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i]; state[3] ^= ((uint32_t*)ad)[i];
} }
// if adlen is not a multiple of 4, we process the remaining bytes // if adlen is not a multiple of 4, we process the remaining bytes
...@@ -109,9 +110,9 @@ int crypto_aead_encrypt( ...@@ -109,9 +110,9 @@ int crypto_aead_encrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
//initialization stage //initialization stage
initialization(k, npub, state); initialization(k, npub, state);
...@@ -124,8 +125,8 @@ int crypto_aead_encrypt( ...@@ -124,8 +125,8 @@ int crypto_aead_encrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i]; ((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0) if ((mlen & 3) > 0)
...@@ -143,11 +144,11 @@ int crypto_aead_encrypt( ...@@ -143,11 +144,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8; *clen = mlen + 8;
memcpy(c + mlen, mac, 8); memcpy(c + mlen, mac, 8);
...@@ -166,9 +167,9 @@ int crypto_aead_decrypt( ...@@ -166,9 +167,9 @@ int crypto_aead_decrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j, check = 0; uint32_t j, check = 0;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
*mlen = clen - 8; *mlen = clen - 8;
...@@ -183,8 +184,8 @@ int crypto_aead_decrypt( ...@@ -183,8 +184,8 @@ int crypto_aead_decrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i]; ((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0) if ((*mlen & 3) > 0)
...@@ -202,11 +203,11 @@ int crypto_aead_decrypt( ...@@ -202,11 +203,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag //verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); } for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include "crypto_aead.h" #include "crypto_aead.h"
#define FrameBitsIV 0x10 #define FrameBitsIV 0x10
...@@ -20,10 +21,10 @@ ...@@ -20,10 +21,10 @@
#define NROUND2 128*10 #define NROUND2 128*10
/*non-optimized state update function*/ /*non-optimized state update function*/
void state_update(unsigned int *state, const unsigned char *key, unsigned int number_of_steps) void state_update(uint32_t *state, const unsigned char *key, uint32_t number_of_steps)
{ {
unsigned int i; uint32_t i;
unsigned int t1, t2, t3, t4, feedback; uint32_t t1, t2, t3, t4, feedback;
//in each iteration, we compute 256 steps of the state update function. //in each iteration, we compute 256 steps of the state update function.
for (i = 0; i < (number_of_steps >> 5); i++) for (i = 0; i < (number_of_steps >> 5); i++)
{ {
...@@ -31,7 +32,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -31,7 +32,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6 t2 = (state[2] >> 6) | (state[3] << 26); // 47 + 23 = 70 = 2*32 + 6
t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21 t3 = (state[2] >> 21) | (state[3] << 11); // 47 + 23 + 15 = 85 = 2*32 + 21
t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27 t4 = (state[2] >> 27) | (state[3] << 5); // 47 + 23 + 15 + 6 = 91 = 2*32 + 27
feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((unsigned int*)key)[i & 7]; feedback = state[0] ^ t1 ^ (~(t2 & t3)) ^ t4 ^ ((uint32_t*)key)[i & 7];
// shift 32 bit positions // shift 32 bit positions
state[0] = state[1]; state[1] = state[2]; state[2] = state[3]; state[0] = state[1]; state[1] = state[2]; state[2] = state[3];
state[3] = feedback; state[3] = feedback;
...@@ -40,7 +41,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu ...@@ -40,7 +41,7 @@ void state_update(unsigned int *state, const unsigned char *key, unsigned int nu
// The initialization // The initialization
/* The input to initialization is the 128-bit key; 96-bit IV;*/ /* The input to initialization is the 128-bit key; 96-bit IV;*/
void initialization(const unsigned char *key, const unsigned char *iv, unsigned int *state) void initialization(const unsigned char *key, const unsigned char *iv, uint32_t *state)
{ {
int i; int i;
...@@ -55,21 +56,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned ...@@ -55,21 +56,21 @@ void initialization(const unsigned char *key, const unsigned char *iv, unsigned
{ {
state[1] ^= FrameBitsIV; state[1] ^= FrameBitsIV;
state_update(state, key, NROUND1); state_update(state, key, NROUND1);
state[3] ^= ((unsigned int*)iv)[i]; state[3] ^= ((uint32_t*)iv)[i];
} }
} }
//process the associated data //process the associated data
void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, unsigned int *state) void process_ad(const unsigned char *k, const unsigned char *ad, unsigned long long adlen, uint32_t *state)
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
for (i = 0; i < (adlen >> 2); i++) for (i = 0; i < (adlen >> 2); i++)
{ {
state[1] ^= FrameBitsAD; state[1] ^= FrameBitsAD;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
state[3] ^= ((unsigned int*)ad)[i]; state[3] ^= ((uint32_t*)ad)[i];
} }
// if adlen is not a multiple of 4, we process the remaining bytes // if adlen is not a multiple of 4, we process the remaining bytes
...@@ -93,9 +94,9 @@ int crypto_aead_encrypt( ...@@ -93,9 +94,9 @@ int crypto_aead_encrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j; uint32_t j;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
//initialization stage //initialization stage
initialization(k, npub, state); initialization(k, npub, state);
...@@ -108,8 +109,8 @@ int crypto_aead_encrypt( ...@@ -108,8 +109,8 @@ int crypto_aead_encrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
((unsigned int*)c)[i] = state[2] ^ ((unsigned int*)m)[i]; ((uint32_t*)c)[i] = state[2] ^ ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((mlen & 3) > 0) if ((mlen & 3) > 0)
...@@ -127,11 +128,11 @@ int crypto_aead_encrypt( ...@@ -127,11 +128,11 @@ int crypto_aead_encrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
*clen = mlen + 8; *clen = mlen + 8;
memcpy(c + mlen, mac, 8); memcpy(c + mlen, mac, 8);
...@@ -150,9 +151,9 @@ int crypto_aead_decrypt( ...@@ -150,9 +151,9 @@ int crypto_aead_decrypt(
) )
{ {
unsigned long long i; unsigned long long i;
unsigned int j, check = 0; uint32_t j, check = 0;
unsigned char mac[8]; unsigned char mac[8];
unsigned int state[4]; uint32_t state[4];
*mlen = clen - 8; *mlen = clen - 8;
...@@ -167,8 +168,8 @@ int crypto_aead_decrypt( ...@@ -167,8 +168,8 @@ int crypto_aead_decrypt(
{ {
state[1] ^= FrameBitsPC; state[1] ^= FrameBitsPC;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)m)[i] = state[2] ^ ((unsigned int*)c)[i]; ((uint32_t*)m)[i] = state[2] ^ ((uint32_t*)c)[i];
state[3] ^= ((unsigned int*)m)[i]; state[3] ^= ((uint32_t*)m)[i];
} }
// if mlen is not a multiple of 4, we process the remaining bytes // if mlen is not a multiple of 4, we process the remaining bytes
if ((*mlen & 3) > 0) if ((*mlen & 3) > 0)
...@@ -186,11 +187,11 @@ int crypto_aead_decrypt( ...@@ -186,11 +187,11 @@ int crypto_aead_decrypt(
//finalization stage, we assume that the tag length is 8 bytes //finalization stage, we assume that the tag length is 8 bytes
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND2); state_update(state, k, NROUND2);
((unsigned int*)mac)[0] = state[2]; ((uint32_t*)mac)[0] = state[2];
state[1] ^= FrameBitsFinalization; state[1] ^= FrameBitsFinalization;
state_update(state, k, NROUND1); state_update(state, k, NROUND1);
((unsigned int*)mac)[1] = state[2]; ((uint32_t*)mac)[1] = state[2];
//verification of the authentication tag //verification of the authentication tag
for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); } for (j = 0; j < 8; j++) { check |= (mac[j] ^ c[clen - 8 + j]); }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment