/* =============================================================================== Copyright (c) 2019, CryptoExperts and PQShield Ltd. All rights reserved. A copyright license for redistribution and use in source and binary forms, with or without modification, is hereby granted for non-commercial, experimental, research, public review and evaluation purposes, provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Authors: Dahmun Goudarzi, Matthieu Rivain =============================================================================== */ #include #include "api.h" //============================================================================== //=== Definitions //============================================================================== #define STATE_SIZE_96 3 #define STATE_SIZE_128 4 #define NB_ROUNDS_96 14 #define NB_ROUNDS_128 14 #define NB_ROUNDS_KS 14 #define WITH_CONST_ADD 0 #define WOUT_CONST_ADD 1 //============================================================================== //=== Macros //============================================================================== #define right_rotate(row) \ row = (row >> 1) | (row << 31); #define left_rotate(row,n) \ row = (row >> n) | (row << (32-n)); //============================================================================== //=== Constants //============================================================================== #define COL_M0 0xa3861085 #define COL_M1 0x63417021 #define COL_M2 0x692cf280 #define COL_M3 0x48a54813 #define COL_MK 0xb881b9ca #define COL_INV_M0 0x2037a121 #define COL_INV_M1 0x108ff2a0 #define COL_INV_M2 0x9054d8c0 #define COL_INV_M3 0x3354b117 #define KS_CONSTANT_0 0x00000080 #define KS_CONSTANT_1 0x00006a00 #define KS_CONSTANT_2 0x003f0000 #define KS_CONSTANT_3 0x24000000 #define KS_ROT_GAP1 8 #define KS_ROT_GAP2 15 #define KS_ROT_GAP3 18 //============================================================================== //=== Declarations (assembly functions) //============================================================================== uint32_t mat_mult(uint32_t mat_col, uint32_t vec); void isw_macc_96 (uint32_t state[MASKING_ORDER][STATE_SIZE_96], int acc, int op1, int op2); void isw_macc_128(uint32_t state[MASKING_ORDER][STATE_SIZE_128], int acc, int op1, int op2); //============================================================================== //=== Common functions //============================================================================== void load_state(const uint8_t *plaintext, uint32_t *state, int state_size) { int i; for (i=0; i> 24); ciphertext [4*i+1] = (uint8_t) (state[i] >> 16); ciphertext [4*i+2] = (uint8_t) (state[i] >> 8); ciphertext [4*i+3] = (uint8_t) (state[i] >> 0); } } //============================================================================== //=== Masking functions //============================================================================== void mask_state_96(uint32_t state[MASKING_ORDER][STATE_SIZE_96]) { int i,j; for (i=1; i state[i][1] state[i][0] ^= state[i][1]; state[i][1] ^= state[i][0]; state[i][0] ^= state[i][1]; } state[0][2] = ~state[0][2]; } void masked_pyjamask_96_enc(const uint8_t *plaintext, const uint8_t masked_key[MASKING_ORDER][16], uint8_t *ciphertext) { int i, r; uint32_t state[MASKING_ORDER][STATE_SIZE_96]; uint32_t round_keys[MASKING_ORDER][4*(NB_ROUNDS_KS+1)]; // Load masked key for (i=0; i state[i][1] state[i][0] ^= state[i][1]; state[i][1] ^= state[i][0]; state[i][0] ^= state[i][1]; state[i][0] ^= state[i][1]; state[i][2] ^= state[i][0]; } isw_macc_96(state, 1, 0, 2); isw_macc_96(state, 0, 1, 2); isw_macc_96(state, 2, 0, 1); for (i=0; i0; r--) { for (i=0; i state[i][3] state[i][2] ^= state[i][3]; state[i][3] ^= state[i][2]; state[i][2] ^= state[i][3]; } state[0][2] = ~state[0][2]; } void masked_pyjamask_128_enc(const uint8_t *plaintext, const uint8_t masked_key[MASKING_ORDER][16], uint8_t *ciphertext) { int i, r; uint32_t state[MASKING_ORDER][STATE_SIZE_128]; uint32_t round_keys[MASKING_ORDER][4*(NB_ROUNDS_KS+1)]; // Load masked key for (i=0; i state[i][3] state[i][2] ^= state[i][3]; state[i][3] ^= state[i][2]; state[i][2] ^= state[i][3]; state[i][1] ^= state[i][0]; state[i][2] ^= state[i][1]; } isw_macc_128(state, 2, 3, 0); isw_macc_128(state, 1, 2, 3); isw_macc_128(state, 0, 1, 2); isw_macc_128(state, 3, 0, 1); for (i=0; i0; r--) { for (i=0; i