projects
/
u
/
mdw
/
catacomb
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d332504
)
Use a new multiplication function from an Ascom white paper to resist
author
mdw
<mdw>
Sun, 2 Jul 2000 18:24:39 +0000
(18:24 +0000)
committer
mdw
<mdw>
Sun, 2 Jul 2000 18:24:39 +0000
(18:24 +0000)
timing attacks.
idea.c
patch
|
blob
|
blame
|
history
diff --git
a/idea.c
b/idea.c
index
5f88948
..
cde3af4
100644
(file)
--- a/
idea.c
+++ b/
idea.c
@@
-1,6
+1,6
@@
/* -*-c-*-
*
/* -*-c-*-
*
- * $Id: idea.c,v 1.
2 2000/06/17 11:24:08
mdw Exp $
+ * $Id: idea.c,v 1.
3 2000/07/02 18:24:39
mdw Exp $
*
* Implementation of the IDEA cipher
*
*
* Implementation of the IDEA cipher
*
@@
-30,6
+30,10
@@
/*----- Revision history --------------------------------------------------*
*
* $Log: idea.c,v $
/*----- Revision history --------------------------------------------------*
*
* $Log: idea.c,v $
+ * Revision 1.3 2000/07/02 18:24:39 mdw
+ * Use a new multiplication function from an Ascom white paper to resist
+ * timing attacks.
+ *
* Revision 1.2 2000/06/17 11:24:08 mdw
* New key size interface.
*
* Revision 1.2 2000/06/17 11:24:08 mdw
* New key size interface.
*
@@
-90,22
+94,21
@@
static uint16 inv(uint16 n)
* Arguments @x@ and @y@ are two 32-bit values to multiply. On exit, @x@ is
* the product of the two arguments. The result is not normalized back to 16
* bits; the arguments are not expected to be normalized.
* Arguments @x@ and @y@ are two 32-bit values to multiply. On exit, @x@ is
* the product of the two arguments. The result is not normalized back to 16
* bits; the arguments are not expected to be normalized.
+ *
+ * This code is from `Side Channel Attack Hardening of the IDEA Cipher',
+ * published by Ascom Tech.
*/
#define MUL(x, y) do { \
*/
#define MUL(x, y) do { \
- uint32 _mx, _my = (y); \
- if ((_mx = U16(x)) == 0) \
- (x) = 1 - _my; \
- else if (_my == 0) \
- (x) = 1 - _mx; \
- else { \
- _my *= _mx; \
- _mx = U16(_my); _my >>= 16; \
- if (_mx < _my) \
- (x) = _mx - _my + 1; \
- else \
- (x) = _mx - _my; \
- } \
+ unsigned _t; \
+ uint32 _tt; \
+ \
+ x = U16(x - 1); \
+ _t = U16(y - 1); \
+ _tt = (uint32)x * (uint32)_t + (uint32)x + (uint32)_t + 1; \
+ x = U16(_tt); \
+ _t = U16(_tt >> 16); \
+ x = x - _t + (x <= _t); \
} while (0)
/* --- @idea_init@ --- *
} while (0)
/* --- @idea_init@ --- *
@@
-209,28
+212,28
@@
void idea_init(idea_ctx *k, const void *buf, size_t sz)
/* --- @ROUND@ --- */
#define MIX(k, a, b, c, d) do { \
/* --- @ROUND@ --- */
#define MIX(k, a, b, c, d) do { \
- MUL(a,
(k)[0]);
\
-
(b) += (k)[1];
\
-
(c) += (k)[2];
\
- MUL(d,
(k)[3]);
\
+ MUL(a,
k[0]);
\
+
b += k[1];
\
+
c += k[2];
\
+ MUL(d,
k[3]);
\
} while (0)
#define MA(k, a, b, c, d) do { \
} while (0)
#define MA(k, a, b, c, d) do { \
- unsigned _u =
(a) ^ (c);
\
- unsigned _v =
(b) ^ (d);
\
- MUL(_u,
(k)[4]);
\
+ unsigned _u =
a ^ c;
\
+ unsigned _v =
b ^ d;
\
+ MUL(_u,
k[4]);
\
_v += _u; \
_v += _u; \
- MUL(_v,
(k)[5]);
\
+ MUL(_v,
k[5]);
\
_u += _v; \
_u += _v; \
-
(a) ^= _v;
\
-
(b) ^= _u;
\
-
(c) ^= _v;
\
-
(d) ^= _u;
\
+
a ^= _v;
\
+
b ^= _u;
\
+
c ^= _v;
\
+
d ^= _u;
\
} while (0);
#define ROUND(k, a, b, c, d) do { \
} while (0);
#define ROUND(k, a, b, c, d) do { \
- MIX(
(k), (a), (b), (c), (d));
\
- MA(
(k), (a), (b), (c), (d));
\
+ MIX(
k, a, b, c, d);
\
+ MA(
k, a, b, c, d);
\
(k) += 6; \
} while (0)
(k) += 6; \
} while (0)
@@
-252,8
+255,8
@@
void idea_init(idea_ctx *k, const void *buf, size_t sz)
ROUND(_k, _a, _b, _c, _d); \
ROUND(_k, _a, _c, _b, _d); \
MIX (_k, _a, _c, _b, _d); \
ROUND(_k, _a, _b, _c, _d); \
ROUND(_k, _a, _c, _b, _d); \
MIX (_k, _a, _c, _b, _d); \
-
(c) = (U16(_a) << 16) | U16(_c);
\
-
(d) = (U16(_b) << 16) | U16(_d);
\
+
c = (U16(_a) << 16) | U16(_c);
\
+
d = (U16(_b) << 16) | U16(_d);
\
} while (0)
#define DBLK(k, a, b) EBLK((k), (a), (b))
} while (0)
#define DBLK(k, a, b) EBLK((k), (a), (b))
projects / u / mdw / catacomb / commitdiff