Commit e2c0dcb9 authored by Gaëtan Cassiers's avatar Gaëtan Cassiers

Add initial implementation of MDS D-box.

Use #define
* DBOX8=0 for words of 32 bits
* DBOX8=1 for words of 8 bits
parent 7bb862c1
......@@ -31,6 +31,16 @@ void lbox(uint32_t* x, uint32_t* y) {
*y = b;
}
static uint32_t xtime(uint32_t x) {
#if (DBOX8==1)
uint32_t x_msk1 = x & 0x80808080;
uint32_t x_msk2 = x & 0xefefefef;
return ((x_msk2 << 1) | (x_msk1 >> 7)) ^ (x_msk1 >> (8-1));
#else
return ((x << 1) | (x >> 31)) ^ (x >> (31-8));
#endif
}
// Apply a D-box layer to a Shadow state.
void dbox_mls_layer(shadow_state state) {
for (unsigned int row = 0; row < LS_ROWS; row++) {
......@@ -42,16 +52,31 @@ void dbox_mls_layer(shadow_state state) {
state[1][row] = x ^ z;
state[2][row] = x ^ y;
#else
uint32_t w = state[0][row];
uint32_t x = state[1][row];
uint32_t y = state[2][row];
uint32_t z = state[3][row];
uint32_t u = w ^ x;
uint32_t v = y ^ z;
state[0][row] = x ^ v;
state[1][row] = w ^ v;
state[2][row] = u ^ z;
state[3][row] = u ^ y;
uint32_t x1 = state[0][row];
uint32_t x2 = state[1][row];
uint32_t x3 = state[2][row];
uint32_t x4 = state[3][row];
uint32_t y1 = x2;
uint32_t y2 = x3 ^ x4;
uint32_t y3 = x4;
uint32_t y4 = x1 ^ x2;
uint32_t z1 = y2;
uint32_t z2 = y3 ^ xtime(y4);
uint32_t z3 = y4;
uint32_t z4 = y1 ^ y2;
uint32_t t = xtime(z4);
uint32_t w1 = z2;
uint32_t w2 = z3 ^ t;
uint32_t w3 = t;
uint32_t w4 = z1 ^ xtime(z2);
state[0][row] = w1 ^ w2;
state[1][row] = w2;
state[2][row] = w3 ^ w4;
state[3][row] = w4;
#endif // SMALL_PERM
}
}
......@@ -13,6 +13,9 @@ SHADOW_TYPE?=shadow_32bit
#SHADOW_TYPE?=shadow_256bit
#SHADOW_TYPE?=shadow_512bit
CFLAGS+=-DDBOX8=0 # dbox over 32 bit
#CFLAGS+=-DDBOX8=1 # dbox over 8 bit
ifeq "$(CLYDE_TYPE)" "clyde_64bit"
CFLAGS+=-mbmi2
endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment