├── .gitignore ├── Dockerfile ├── Makefile ├── README.md ├── docker ├── config.json ├── executables.zip └── motd.sh ├── simple_test ├── .gitignore ├── ace_f.ua └── run.pl └── src ├── .DS_Store ├── Makefile ├── tightPROVEp ├── .DS_Store ├── .gitignore ├── bitsliced │ ├── ace │ ├── aes │ ├── aes_ks │ ├── aes_one_round │ ├── aes_two_rounds │ ├── ascon │ ├── clyde │ ├── drygascon │ ├── gift │ ├── gimli │ ├── gimli_one_round │ ├── photon │ ├── present │ ├── present_one_round │ ├── present_two_rounds │ ├── pyjamask │ ├── skinny │ ├── spongent │ ├── spongent_one_round │ ├── spongent_ten_rounds │ ├── subterranean │ └── xoodoo ├── imports │ ├── TP.sage │ ├── TPV.sage │ ├── format.sage │ ├── formatV.sage │ ├── graph.sage │ ├── maskverif.sage │ ├── misc.sage │ ├── miscV.sage │ ├── paths.sage │ ├── rand.sage │ ├── refresh.sage │ ├── refreshV.sage │ └── search.sage ├── manual.txt ├── test_fig10.txt ├── tests │ ├── testR1 │ ├── testR1_R1 │ ├── testR1_R2 │ ├── testR2 │ ├── testR2_R1 │ ├── testR2_R2 │ ├── testV │ ├── testV2 │ ├── testV2_R │ └── testV_R ├── tightPROVE.sage ├── tightprove-exec.sage ├── vsliced │ ├── ace_f │ ├── ace_f_R │ ├── ace_vslice │ ├── ace_vslice_R │ ├── ascon_vslice │ ├── clyde_vslice │ ├── clyde_vslice_R │ ├── drygascon_vslice │ ├── gift_vslice │ ├── gimli_vslice │ ├── gimli_vslice_R │ ├── pyjamask_vslice │ └── xoodoo_vslice └── working_example └── usuba ├── .gitignore ├── .gitmodules ├── Makefile ├── Readme.md ├── arch ├── AVX.h ├── AVX512.h ├── AltiVec.h ├── FAME.h ├── MASKED.h ├── MASKED_UA.h ├── Neon.h ├── SSE.h ├── STD.h └── test_FAME.c ├── bench_nist.pl ├── bench_nist_masked.pl ├── checks └── correctness │ ├── ace │ └── main.c │ ├── ace_masked │ └── main.c │ ├── aes │ ├── aes_ctr.pl │ ├── avx │ │ ├── aes_bs.c │ │ ├── api.h │ │ ├── crypto_stream.h │ │ ├── key_sched.c │ │ └── stream.c │ ├── main.c │ ├── sse │ │ ├── aes_bs.c │ │ ├── api.h │ │ ├── crypto_stream.h │ │ ├── key_sched.c │ │ └── stream.c │ ├── std │ │ ├── aes_bs.c │ │ ├── api.h │ │ ├── crypto_stream.h │ │ ├── key_sched.c │ │ └── stream.c │ └── stream.h │ ├── aes_mslice │ ├── aes.pl │ ├── input.txt │ ├── key_sched.c │ └── main.c │ ├── ascon │ └── main.c │ ├── ascon_masked │ └── main.c │ ├── chacha20 │ ├── AVX │ │ ├── AVX.h │ │ ├── api.h │ │ └── stream.c │ ├── SSE │ │ ├── SSE.h │ │ ├── api.h │ │ └── stream.c │ ├── STD │ │ ├── STD.h │ │ ├── api.h │ │ └── stream.c │ ├── crypto_stream.h │ ├── main_verif.c │ └── stream.h │ ├── check_ace.pl │ ├── check_ace_masked.pl │ ├── check_aes.pl │ ├── check_aes_mslice.pl │ ├── check_ascon.pl │ ├── check_ascon_masked.pl │ ├── check_chacha20.pl │ ├── check_clyde_bitslice.pl │ ├── check_clyde_masked.pl │ ├── check_clyde_vslice.pl │ ├── check_des.pl │ ├── check_drygascon.pl │ ├── check_gift.pl │ ├── check_gimli_bitslice.pl │ ├── check_gimli_masked.pl │ ├── check_gimli_vslice.pl │ ├── check_photon.pl │ ├── check_pyjamask.pl │ ├── check_pyjamask_masked.pl │ ├── check_serpent.pl │ ├── check_skinny_bitslice.pl │ ├── check_skinny_vslice.pl │ ├── check_spongent.pl │ ├── check_subterranean.pl │ ├── check_xoodoo.pl │ ├── clyde │ └── main.c │ ├── clyde_masked │ └── main.c │ ├── des │ ├── main.c │ └── ref_usuba.c │ ├── drygascon │ └── main.c │ ├── gift │ └── main.c │ ├── gimli │ └── main.c │ ├── gimli_masked │ └── main.c │ ├── photon │ └── main.c │ ├── pyjamask │ ├── api.h │ ├── main.c │ ├── pyjamask.c │ └── pyjamask.h │ ├── pyjamask_masked │ ├── api.h │ ├── main.c │ ├── pyjamask.c │ └── pyjamask.h │ ├── serpent │ ├── main.c │ ├── ref.c │ ├── sbox_for_key.c │ ├── serpent.h │ └── serpentsboxes.h │ ├── skinny │ └── main.c │ ├── spongent │ └── main.c │ ├── subterranean │ └── main.c │ └── xoodoo │ └── main.c ├── config.json ├── config.json.help ├── configure.pl ├── data └── sboxes │ ├── aes.ua │ ├── aes_slow.ua │ ├── ascon.ua │ ├── clyde.ua │ ├── des_1.ua │ ├── des_2.ua │ ├── des_3.ua │ ├── des_4.ua │ ├── des_5.ua │ ├── des_6.ua │ ├── des_7.ua │ ├── des_8.ua │ ├── present.ua │ ├── pyjamask.ua │ ├── rectangle.ua │ ├── serpent_0.ua │ ├── serpent_1.ua │ ├── serpent_2.ua │ ├── serpent_3.ua │ ├── serpent_4.ua │ ├── serpent_5.ua │ ├── serpent_6.ua │ ├── serpent_7.ua │ ├── serpent_osvik_0.ua │ ├── serpent_osvik_1.ua │ ├── serpent_osvik_2.ua │ ├── serpent_osvik_3.ua │ ├── serpent_osvik_4.ua │ ├── serpent_osvik_5.ua │ ├── serpent_osvik_6.ua │ ├── serpent_osvik_7.ua │ ├── skinny.ua │ └── spongent.ua ├── experimentations └── bench_generic │ └── bench.c ├── gen_nist_benchs.sh ├── gen_nist_benchs_masked.sh ├── install_deps.sh ├── nist ├── .gitignore ├── ace │ └── usuba │ │ ├── bench │ │ ├── ace_ref.c │ │ ├── ace_ua_bitslice.c │ │ ├── ace_ua_vslice.c │ │ ├── masked_ace_ua_bitslice.c │ │ └── masked_ace_ua_vslice.c │ │ ├── ua │ │ ├── ace.c │ │ ├── ace.h │ │ ├── ace.ua │ │ ├── ace_bitslice.ua │ │ ├── ace_ua_bitslice.c │ │ ├── ace_ua_vslice.c │ │ ├── compile_lines.txt │ │ ├── main │ │ ├── main.c │ │ └── t.c │ │ └── ua_masked │ │ ├── ace.ua │ │ ├── ace_bitslice.ua │ │ ├── ace_ua_bitslice.c │ │ ├── ace_ua_vslice.c │ │ ├── compile_lines.txt │ │ └── main.c ├── ascon │ └── usuba │ │ ├── bench │ │ ├── ascon_ref.c │ │ ├── ascon_ua_bitslice.c │ │ ├── ascon_ua_vslice.c │ │ ├── masked_ascon_ua_bitslice.c │ │ └── masked_ascon_ua_vslice.c │ │ ├── ua │ │ ├── ascon.ua │ │ ├── ascon_ref.c │ │ ├── ascon_ua_bitslice.c │ │ ├── ascon_ua_vslice.c │ │ ├── compile_lines.txt │ │ └── main.c │ │ └── ua_masked │ │ ├── ascon.ua │ │ ├── ascon_ref.c │ │ ├── ascon_ua_bitslice.c │ │ ├── ascon_ua_vslice.c │ │ ├── compile_lines.txt │ │ └── main.c ├── clyde │ └── usuba │ │ ├── bench │ │ ├── clyde_ref.c │ │ ├── clyde_ua_bitslice.c │ │ ├── clyde_ua_vslice.c │ │ ├── masked_clyde_ua_bitslice.c │ │ └── masked_clyde_ua_vslice.c │ │ ├── ua │ │ ├── COPYING │ │ ├── api.h │ │ ├── clyde.ua │ │ ├── clyde_bitslice.ua │ │ ├── clyde_ua_bitslice.c │ │ ├── clyde_ua_vslice.c │ │ ├── compile_lines.txt │ │ ├── main.c │ │ ├── parameters.h │ │ ├── primitives.c │ │ ├── primitives.h │ │ ├── utils.c │ │ └── utils.h │ │ └── ua_masked │ │ ├── clyde.ua │ │ ├── clyde_bitslice.ua │ │ ├── clyde_ua_bitslice.c │ │ ├── clyde_ua_vslice.c │ │ ├── compile_lines.txt │ │ └── main.c ├── drygascon │ └── usuba │ │ ├── bench │ │ ├── bytes_utils.h │ │ ├── drygascon128_ref.h │ │ ├── drygascon_ref.c │ │ ├── drygascon_ref.h │ │ ├── drygascon_ua_bitslice.c │ │ ├── drygascon_ua_vslice.c │ │ ├── drysponge_common.h │ │ ├── drysponge_ref.h │ │ ├── masked_drygascon_ua_bitslice.c │ │ └── masked_drygascon_ua_vslice.c │ │ └── ua │ │ ├── api.h │ │ ├── bytes_utils.h │ │ ├── compile_lines.txt │ │ ├── debug_ua.tmp │ │ ├── drygascon.ua │ │ ├── drygascon128_ref.h │ │ ├── drygascon_ref.h │ │ ├── drygascon_ua_bitslice.c │ │ ├── drygascon_ua_vslice.c │ │ ├── drysponge.h │ │ ├── drysponge_common.h │ │ ├── drysponge_dbg_support.h │ │ ├── drysponge_ref.h │ │ ├── encrypt.c │ │ ├── main │ │ ├── main.c │ │ ├── main_coreround.c │ │ └── main_g.c ├── gift │ └── usuba │ │ ├── bench │ │ ├── gift_ref.c │ │ ├── gift_ua_bitslice.c │ │ ├── gift_ua_vslice.c │ │ ├── masked_gift_ua_bitslice.c │ │ └── masked_gift_ua_vslice.c │ │ └── ua │ │ ├── compile_lines.txt │ │ ├── gift.ua │ │ ├── gift128.c │ │ ├── gift_bitslice.ua │ │ ├── gift_ua_bitslice.c │ │ ├── gift_ua_vslice.c │ │ ├── main │ │ └── main.c ├── gimli │ └── usuba │ │ ├── bench │ │ ├── gimli_ref.c │ │ ├── gimli_ua_bitslice.c │ │ ├── gimli_ua_vslice.c │ │ ├── masked_gimli_ua_bitslice.c │ │ └── masked_gimli_ua_vslice.c │ │ ├── ua │ │ ├── compile_lines.txt │ │ ├── gimli.ua │ │ ├── gimli_bitslice.ua │ │ ├── gimli_ref.c │ │ ├── gimli_ua_bitslice.c │ │ ├── gimli_ua_vslice.c │ │ └── main.c │ │ └── ua_masked │ │ ├── compile_lines.txt │ │ ├── gimli.ua │ │ ├── gimli_bitslice.ua │ │ ├── gimli_ua_bitslice.c │ │ ├── gimli_ua_vslice.c │ │ └── main.c ├── photon │ └── usuba │ │ ├── bench │ │ ├── masked_photon_ua_bitslice.c │ │ ├── masked_photon_ua_vslice.c │ │ ├── photon_ref.c │ │ ├── photon_ua_bitslice.c │ │ └── photon_ua_vslice.c │ │ └── ua │ │ ├── compile_lines.txt │ │ ├── main.c │ │ ├── photon.c │ │ ├── photon.h │ │ ├── photon_bitslice.ua │ │ ├── photon_ua_bitslice.c │ │ ├── photon_ua_vslice.c │ │ └── photon_vslice.ua ├── pyjamask │ └── usuba │ │ ├── bench │ │ ├── masked_pyjamask_ua_bitslice.c │ │ ├── masked_pyjamask_ua_vslice.c │ │ ├── masked_pyjamask_ua_vslice.s │ │ ├── masked_pyjamask_ua_vslice_manual.c │ │ ├── pyjamask_manual.c │ │ ├── pyjamask_ref.c │ │ ├── pyjamask_ua_bitslice.c │ │ └── pyjamask_ua_vslice.c │ │ ├── ua │ │ ├── api.h │ │ ├── compile_lines.txt │ │ ├── main │ │ ├── main.c │ │ ├── pyjamask.c │ │ ├── pyjamask.h │ │ ├── pyjamask_bitslice.ua │ │ ├── pyjamask_ua_bitslice.c │ │ ├── pyjamask_ua_vslice.c │ │ └── pyjamask_vslice.ua │ │ └── ua_masked │ │ ├── compile_lines.txt │ │ ├── main.c │ │ ├── pyjamask.c │ │ ├── pyjamask.h │ │ ├── pyjamask_bitslice.ua │ │ ├── pyjamask_manual.c │ │ ├── pyjamask_ua_bitslice.c │ │ ├── pyjamask_ua_vslice.c │ │ └── pyjamask_vslice.ua ├── skinny │ └── usuba │ │ ├── bench │ │ ├── masked_skinny_ua_bitslice.c │ │ ├── masked_skinny_ua_vslice.c │ │ ├── skinny_ref.c │ │ ├── skinny_ua_bitslice.c │ │ └── skinny_ua_vslice.c │ │ └── ua │ │ ├── compile_lines.txt │ │ ├── main.c │ │ ├── skinny_bitslice.ua │ │ ├── skinny_reference.c │ │ ├── skinny_ua_bitslice.c │ │ ├── skinny_ua_vslice.c │ │ └── skinny_vslice.ua ├── spongent │ └── usuba │ │ ├── bench │ │ ├── masked_spongent_ua_bitslice.c │ │ ├── masked_spongent_ua_vslice.c │ │ ├── spongent_ref.c │ │ ├── spongent_ua_bitslice.c │ │ └── spongent_ua_vslice.c │ │ └── ua │ │ ├── compile_lines.txt │ │ ├── elephant_160.h │ │ ├── main │ │ ├── main.c │ │ ├── spongent.c │ │ ├── spongent.ua │ │ └── spongent_ua_bitslice.c ├── subterranean │ └── usuba │ │ ├── bench │ │ ├── masked_subterranean_ua_bitslice.c │ │ ├── masked_subterranean_ua_vslice.c │ │ ├── subterranean_ref.c │ │ ├── subterranean_ua_bitslice.c │ │ └── subterranean_ua_vslice.c │ │ └── ua │ │ ├── compile_lines.txt │ │ ├── main.c │ │ ├── subterranean.ua │ │ ├── subterranean_ref.c │ │ ├── subterranean_ref.h │ │ └── subterranean_ua_bitslice.c └── xoodoo │ └── usuba │ ├── bench │ ├── Xoodoo.h │ ├── masked_xoodoo_ua_bitslice.c │ ├── masked_xoodoo_ua_vslice.c │ ├── xoodoo_ref.c │ ├── xoodoo_ua_bitslice.c │ └── xoodoo_ua_vslice.c │ └── ua │ ├── Xoodoo-reference.c │ ├── Xoodoo.h │ ├── compile_lines.txt │ ├── main.c │ ├── xoodoo.ua │ ├── xoodoo_ua_bitslice.c │ └── xoodoo_ua_vslice.c ├── run_checks.pl ├── samples └── usuba │ ├── ace.ua │ ├── aes.ua │ ├── aes_kasper.ua │ ├── aes_mslice.ua │ ├── aes_with_keysched.ua │ ├── ascon.ua │ ├── chacha20.ua │ ├── clyde.ua │ ├── clyde_bitslice.ua │ ├── des.ua │ ├── drygascon.ua │ ├── gift.ua │ ├── gift_bitslice.ua │ ├── gift_fixslice.ua │ ├── gimli.ua │ ├── gimli_bitslice.ua │ ├── photon_bitslice.ua │ ├── photon_vslice.ua │ ├── present.ua │ ├── pyjamask_bitslice.ua │ ├── pyjamask_vslice.ua │ ├── rectangle.ua │ ├── serpent.ua │ ├── skinny_bitslice.ua │ ├── skinny_vslice.ua │ ├── spongent.ua │ ├── subterranean.ua │ └── xoodoo.ua ├── src ├── .gitignore ├── Makefile ├── assert_lang.ml ├── basic_utils.ml ├── c_gen │ ├── nodes_to_c.ml │ ├── nodes_to_c_fdti.ml │ ├── nodes_to_c_masked.ml │ ├── nodes_to_c_ua_masked.ml │ ├── runtimes │ │ └── genC_standalone.ml │ └── usuba_to_c.ml ├── clear_origins.ml ├── interp.ml ├── main.ml ├── maskverif │ └── usuba_to_maskverif.ml ├── normalization │ ├── convert_tables.ml │ ├── expand_array.ml │ ├── expand_multiples.ml │ ├── expand_parameters.ml │ ├── expand_permut.ml │ ├── fix_all_params.ml │ ├── fix_dim.ml │ ├── init_scheduler.ml │ ├── mask.ml │ ├── monomorphize.ml │ ├── norm_tuples.ml │ ├── normalize.ml │ ├── normalize_core.ml │ ├── normalize_inner_core.ml │ ├── remove_sync.ml │ ├── sbox_index.ml │ ├── shift_tuples.ml │ ├── unfold_unnest.ml │ └── unroll.ml ├── optimization │ ├── CSE.ml │ ├── constant_folding.ml │ ├── copy_propagation.ml │ ├── fuse_loop_general.ml │ ├── fuse_loops.ml │ ├── get_live_var.ml │ ├── inline.ml │ ├── inplace_nodes.ml │ ├── interleave.ml │ ├── linearize_arrays.ml │ ├── optimize.ml │ ├── pre_schedule.ml │ ├── remove_dead_code.ml │ ├── scheduler.ml │ ├── share_var.ml │ └── simple_opts.ml ├── parsing │ ├── lexer.mll │ ├── parser.mly │ └── parser_api.ml ├── pass_runner.ml ├── perfs.ml ├── rename.ml ├── tests │ ├── test_CSE.ml │ ├── test_constant_folding.ml │ ├── test_copy_propagation.ml │ ├── test_monomorphize.ml │ ├── test_pass_runner.ml │ └── test_remove_dead_code.ml ├── tightprove │ ├── parsing │ │ ├── lexer_tp.mll │ │ ├── parser_api_tp.ml │ │ └── parser_tp.mly │ ├── print_tp.ml │ ├── tightprove.ml │ ├── tightprove_to_usuba.ml │ ├── tp_AST.ml │ ├── tp_IO.ml │ └── usuba_to_tightprove.ml ├── usuba_AST.v ├── usuba_print.ml ├── utils.ml └── verification │ ├── bdd_verif.ml │ ├── soundness.ml │ └── type_checker.ml └── usuba-mode.el /.gitignore: -------------------------------------------------------------------------------- 1 | tornado -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: build clean-build 2 | 3 | all: build run 4 | 5 | run: build 6 | docker run -ti tornado 7 | 8 | interactive: build 9 | docker run -ti tornado /bin/bash 10 | 11 | build: 12 | docker build \ 13 | --tag=tornado \ 14 | . 15 | 16 | clean-build: 17 | docker build \ 18 | --tag=tornado \ 19 | --no-cache \ 20 | . 21 | -------------------------------------------------------------------------------- /docker/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "data_dir": "{{USUBA}}/data", 3 | "tightprove_cache": "{{USUBA}}/tightprove_cache", 4 | "sage": "sage", 5 | "tightprove": "{{HOME}}/tornado/tightPROVEp/tightprove-exec.sage" 6 | } 7 | -------------------------------------------------------------------------------- /docker/executables.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/docker/executables.zip -------------------------------------------------------------------------------- /docker/motd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo 4 | echo "~~~ Welcome to the Tornado image. ~~~" 5 | echo 6 | echo "The compiler is [~/tornado/tornado]." 7 | echo "An example is available in [~/simple_test]." 8 | echo "This is also the documentation: [cat ~/Readme.md]." 9 | echo 10 | echo " ~ Happy hacking! ~" 11 | echo 12 | -------------------------------------------------------------------------------- /simple_test/.gitignore: -------------------------------------------------------------------------------- 1 | ace_f.c -------------------------------------------------------------------------------- /simple_test/ace_f.ua: -------------------------------------------------------------------------------- 1 | # This function is the |f| function from the ACE cipher. In n-slicing, 2 | # it requires a refresh, which Tornado automatically inserts. 3 | 4 | node f(x:u32) returns (y:u32) 5 | let 6 | y = ((x <<< 5) & x) ^ (x <<< 1) 7 | tel -------------------------------------------------------------------------------- /simple_test/run.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use FindBin; 8 | chdir "$FindBin::Bin/.."; 9 | 10 | # Running tornado on a simple example 11 | if (system("tornado -V -tp -ua-masked -o simple_test/ace_f.c simple_test/ace_f.ua")) { 12 | say "[error] tornado exited with a non-zero status code."; 13 | exit $?; 14 | } 15 | 16 | # Checking that the output contains a refresh 17 | my $output = do { 18 | local $/ = undef; 19 | open my $FH, '<', 'simple_test/ace_f.c' or die $!; 20 | <$FH>; 21 | }; 22 | if ($output !~ /REFRESH/) { 23 | say "[error] no refresh was inserted by tornado."; 24 | exit 1; 25 | } 26 | 27 | say "Tornado seems to work."; 28 | -------------------------------------------------------------------------------- /src/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/.DS_Store -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | make -C usuba 3 | cp usuba/usubac tornado 4 | 5 | clean: 6 | make clean -C usuba 7 | rm -f tornado 8 | -------------------------------------------------------------------------------- /src/tightPROVEp/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/tightPROVEp/.DS_Store -------------------------------------------------------------------------------- /src/tightPROVEp/.gitignore: -------------------------------------------------------------------------------- 1 | tightprove-exec.sage.py 2 | tightPROVE.sage.py -------------------------------------------------------------------------------- /src/tightPROVEp/test_fig10.txt: -------------------------------------------------------------------------------- 1 | in 0 2 | in 1 3 | in 2 4 | xor 0 1 5 | xor 1 2 6 | and 0 1 7 | and 3 4 8 | and 3 2 9 | out 5 10 | out 6 11 | out 7 -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testR1: -------------------------------------------------------------------------------- 1 | in x 2 | in y 3 | out m3 m6 4 | p1 = x+y 5 | m1=p1.y 6 | m2=m1.y 7 | p2=m1+y 8 | p3=p2+x 9 | m3=m1.p3 10 | m4=y.p2 11 | m5=m3.p1 12 | m6=m2.p2 13 | m7=m2.x 14 | m8=p1.x 15 | p4=m3+m6 16 | p5=m5+m7 17 | p6=p2+p4 18 | m9=m4.m6 19 | p7=p6+m2 20 | m10=p6.y 21 | p8=p7+y 22 | m11=m4.m6 23 | m12=m2.m5 -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testR1_R1: -------------------------------------------------------------------------------- 1 | in x 2 | in y 3 | out m3 m6 4 | p1 = x + y 5 | p1_R = ref p1 6 | m1 = p1_R . y 7 | m1_R = ref m1 8 | m2 = m1 . y 9 | p2 = m1_R + y 10 | p3 = p2 + x 11 | m3 = m1 . p3 12 | m4 = y . p2 13 | m5 = m3 . p1 14 | m6 = m2 . p2 15 | m7 = m2 . x 16 | m8 = p1 . x 17 | p4 = m3 + m6 18 | p5 = m5 + m7 19 | p6 = p2 + p4 20 | m9 = m4 . m6 21 | p7 = p6 + m2 22 | m10 = p6 . y 23 | p8 = p7 + y 24 | m11 = m4 . m6 25 | m12 = m2 . m5 26 | -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testR1_R2: -------------------------------------------------------------------------------- 1 | in x 2 | in y 3 | y_R = ref y 4 | out m3 m6 5 | p1 = x + y 6 | m1 = p1 . y_R 7 | m2 = m1 . y_R 8 | p2 = m1 + y 9 | p3 = p2 + x 10 | m3 = m1 . p3 11 | m4 = y_R . p2 12 | m5 = m3 . p1 13 | m6 = m2 . p2 14 | m7 = m2 . x 15 | m8 = p1 . x 16 | p4 = m3 + m6 17 | p5 = m5 + m7 18 | p6 = p2 + p4 19 | m9 = m4 . m6 20 | p7 = p6 + m2 21 | m10 = p6 . y_R 22 | p8 = p7 + y 23 | m11 = m4 . m6 24 | m12 = m2 . m5 25 | -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testR2: -------------------------------------------------------------------------------- 1 | in x1 ... x4 2 | out p2 m4 p5 p7 3 | p1=x2+x3 4 | m1=x2.p1 5 | m2=p1.x1 6 | p2=x1+x3 7 | p3=x2+p2 8 | m3=x2.x3 9 | p4=m1+m2 10 | m4=p2.p3 11 | p5=p1+x1 12 | p6=p1+x3 13 | p7=m2+m3 14 | m5=m1.p5 15 | p8=p1+x3 16 | p9=m1+p8 17 | p10=x2+m3 18 | p11=p1+m5 19 | p12=x1+p9 20 | p13=x1+m5 21 | m6=p9.p3 22 | m7=m3.p4 23 | -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testR2_R1: -------------------------------------------------------------------------------- 1 | in x1 ... x4 2 | x3_R = ref x3 3 | out p2 m4 p5 p7 4 | p1 = x2 + x3_R 5 | m1 = x2 . p1 6 | m2 = p1 . x1 7 | p2 = x1 + x3 8 | p3 = x2 + p2 9 | m3 = x2 . x3 10 | p4 = m1 + m2 11 | m4 = p2 . p3 12 | p5 = p1 + x1 13 | p6 = p1 + x3 14 | p7 = m2 + m3 15 | m5 = m1 . p5 16 | p8 = p1 + x3 17 | p9 = m1 + p8 18 | p10 = x2 + m3 19 | p11 = p1 + m5 20 | p12 = x1 + p9 21 | p13 = x1 + m5 22 | m6 = p9 . p3 23 | m7 = m3 . p4 24 | -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testR2_R2: -------------------------------------------------------------------------------- 1 | in x1 ... x4 2 | out p2 m4 p5 p7 3 | p1 = x2 + x3 4 | p1_R = ref p1 5 | m1 = x2 . p1_R 6 | m2 = p1_R . x1 7 | p2 = x1 + x3 8 | p3 = x2 + p2 9 | p3_R = ref p3 10 | m3 = x2 . x3 11 | p4 = m1 + m2 12 | m4 = p2 . p3_R 13 | p5 = p1 + x1 14 | p6 = p1 + x3 15 | p7 = m2 + m3 16 | m5 = m1 . p5 17 | p8 = p1 + x3 18 | p9 = m1 + p8 19 | p10 = x2 + m3 20 | p11 = p1 + m5 21 | p12 = x1 + p9 22 | p13 = x1 + m5 23 | m6 = p9 . p3_R 24 | m7 = m3 . p4 25 | -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testV: -------------------------------------------------------------------------------- 1 | rs = 1 2 | 3 | in x y z t 4 | 5 | T1=x+y 6 | T2=T1.x 7 | T3=x.y 8 | u=x+t 9 | v=z+t 10 | T4=z+t 11 | T5=T4.z 12 | T6=z.t 13 | m=u.v -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testV2: -------------------------------------------------------------------------------- 1 | rs = 1 2 | 3 | in x y z t 4 | 5 | T1=x+y 6 | T2=T1.x 7 | T3=x.y 8 | TT=x+t 9 | M1=TT.x 10 | M2=x.t 11 | u=x+t 12 | v=z+t 13 | T4=z+t 14 | T5=T4.z 15 | T6=z.t 16 | m=u.v -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testV2_R: -------------------------------------------------------------------------------- 1 | rs = 1 2 | 3 | in x y z t 4 | x_R3 = ref x 5 | x_R2 = ref x 6 | z_R1 = ref z 7 | x_R1 = ref x 8 | 9 | T1=x+y 10 | T2 = and x_R1 T1 11 | T3 = and x_R2 y 12 | TT=x+t 13 | M1 = and x_R3 TT 14 | M2=x.t 15 | u=x+t 16 | u_R1 = ref u 17 | v=z+t 18 | T4=z+t 19 | T5=T4.z 20 | T6 = and z_R1 t 21 | m = and u_R1 v 22 | -------------------------------------------------------------------------------- /src/tightPROVEp/tests/testV_R: -------------------------------------------------------------------------------- 1 | rs = 1 2 | 3 | in x y z t 4 | z_R1 = ref z 5 | x_R1 = ref x 6 | 7 | T1=x+y 8 | T2 = and x_R1 T1 9 | T3=x.y 10 | u=x+t 11 | v=z+t 12 | T4=z+t 13 | T5 = and z_R1 T4 14 | T6=z.t 15 | m=u.v 16 | -------------------------------------------------------------------------------- /src/tightPROVEp/vsliced/ace_f: -------------------------------------------------------------------------------- 1 | rs=32 2 | 3 | in x_ 4 | 5 | f_V32_1__tmp1_ = x_ <<< 5 6 | f_V32_1__tmp3_ = x_ <<< 1 7 | f_V32_1__tmp2_ = and f_V32_1__tmp1_ x_ 8 | y_ = xor f_V32_1__tmp2_ f_V32_1__tmp3_ 9 | -------------------------------------------------------------------------------- /src/tightPROVEp/vsliced/ace_f_R: -------------------------------------------------------------------------------- 1 | rs=32 2 | 3 | in x_ 4 | 5 | f_V32_1__tmp1_ = x_ <<< 5 6 | f_V32_1__tmp1__R1 = ref f_V32_1__tmp1_ 7 | f_V32_1__tmp3_ = x_ <<< 1 8 | f_V32_1__tmp2_ = and f_V32_1__tmp1__R1 x_ 9 | y_ = xor f_V32_1__tmp2_ f_V32_1__tmp3_ 10 | -------------------------------------------------------------------------------- /src/usuba/.gitignore: -------------------------------------------------------------------------------- 1 | _build 2 | *.native 3 | *~ 4 | *.cmo 5 | *.cmi 6 | *.cmx 7 | *.o 8 | *.out 9 | *des_*_round* 10 | gcc-no* 11 | gcc-w* 12 | clang-no* 13 | clang-w* 14 | icc-w* 15 | icc-no* 16 | tcc-w* 17 | tcc-no* 18 | z3 19 | usubac 20 | supercop-data 21 | tightprove_cache -------------------------------------------------------------------------------- /src/usuba/.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/.gitmodules -------------------------------------------------------------------------------- /src/usuba/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | make -C src 3 | 4 | test: all 5 | ./run_checks.pl 6 | 7 | clean: 8 | make clean -C src 9 | rm -f usubac 10 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/aes_ctr.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Crypt::Mode::CTR; 8 | 9 | my $key = pack 'H*', '2b7e151628aed2a6abf7158809cf4f3c'; 10 | my $iv = pack 'H*', 'f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff'; 11 | 12 | 13 | open my $FH, '<', 'input.txt'; 14 | 15 | local $/; 16 | my $plaintext = <$FH>; 17 | 18 | my $m = Crypt::Mode::CTR->new('AES',1); 19 | my $ciphertext = $m->encrypt($plaintext, $key, $iv); 20 | 21 | 22 | open $FH, '>', 'out_pl.txt' or die $!; 23 | print $FH $ciphertext; 24 | close $FH; 25 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/avx/aes_bs.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define RUNTIME 9 | #define ORTHO 10 | #include "AVX.h" 11 | 12 | #include "aes.c" 13 | 14 | void aes_bs(DATATYPE plain[256], DATATYPE key[11][128], DATATYPE cipher[256]) { 15 | for (int i = 0; i < 256; i++) 16 | plain[i] = _mm256_shuffle_epi8(plain[i], 17 | _mm256_set_epi8(8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7, 18 | 8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7)); 19 | 20 | 21 | real_ortho_256x256(plain); 22 | 23 | AES__(plain,key,cipher); 24 | AES__(&plain[128],key,&cipher[128]); 25 | 26 | real_ortho_256x256(cipher); 27 | for (int i = 0; i < 256; i++) 28 | cipher[i] = _mm256_shuffle_epi8(cipher[i], 29 | _mm256_set_epi8(8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7, 30 | 8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7)); 31 | } 32 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/avx/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NONCEBYTES 16 3 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/avx/crypto_stream.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/checks/correctness/aes/avx/crypto_stream.h -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "stream.h" 6 | 7 | 8 | void test() { 9 | /* unsigned char key[16] = { 0 }; */ 10 | /* unsigned char iv[16] = { 0 }; */ 11 | unsigned char key[16] = { 0x54, 0x68, 0x61, 0x74, 0x73, 0x20, 0x6D, 0x79, 12 | 0x20, 0x4B, 0x75, 0x6E, 0x67, 0x20, 0x46, 0x75 }; 13 | unsigned char iv[16] = { 0x54, 0x77, 0x6F, 0x20, 0x4F, 0x6E, 0x65, 0x20, 14 | 0x4E, 0x69, 0x6E, 0x65, 0x20, 0x54, 0x77, 0x6F }; 15 | unsigned char input[16*64] = { 0 }; 16 | unsigned char output[16*64]; 17 | crypto_stream_xor(output,input,64*16,iv,key); 18 | for (int i = 0; i < 16; i++) { 19 | printf("%02x",output[i]); 20 | } 21 | } 22 | 23 | 24 | int main() { 25 | 26 | unsigned char key[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 27 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; 28 | unsigned char iv[16] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 29 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }; 30 | 31 | FILE* fp_in = fopen("input.txt","rb"); 32 | FILE* fp_out = fopen("out_c.txt","wb"); 33 | 34 | fseek(fp_in, 0, SEEK_END); 35 | long fsize = ftell(fp_in); 36 | rewind(fp_in); 37 | 38 | unsigned char* input = aligned_alloc(32, fsize); 39 | unsigned char* output = aligned_alloc(32, fsize); 40 | fread(input, fsize, 1, fp_in); 41 | fclose(fp_in); 42 | 43 | crypto_stream_xor(output,input,fsize,iv,key); 44 | 45 | fwrite(output, fsize, 1, fp_out); 46 | fclose(fp_out); 47 | 48 | } 49 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/sse/aes_bs.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define RUNTIME 9 | #define ORTHO 10 | #include "SSE.h" 11 | 12 | #include "aes.c" 13 | 14 | void aes_bs(DATATYPE plain[128],DATATYPE key[11][128], DATATYPE cipher[128]) { 15 | for (int i = 0; i < 128; i++) 16 | plain[i] = _mm_shuffle_epi8(plain[i],_mm_set_epi8(8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7)); 17 | 18 | real_ortho_128x128(plain); 19 | 20 | AES__(plain,key,cipher); 21 | 22 | real_ortho_128x128(cipher); 23 | 24 | for (int i = 0; i < 128; i++) 25 | cipher[i] = _mm_shuffle_epi8(cipher[i],_mm_set_epi8(8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7)); 26 | } 27 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/sse/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NONCEBYTES 16 3 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/sse/crypto_stream.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/checks/correctness/aes/sse/crypto_stream.h -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/std/aes_bs.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define RUNTIME 9 | #define ORTHO 10 | #include "STD.h" 11 | 12 | #include "aes.c" 13 | 14 | 15 | void aes_bs(DATATYPE plain[128],DATATYPE key[11][128], DATATYPE cipher[128]) { 16 | for (int i = 0; i < 128; i++) 17 | plain[i] = __builtin_bswap64(plain[i]); 18 | 19 | orthogonalize(plain,plain); 20 | orthogonalize(&plain[64],&plain[64]); 21 | 22 | DATATYPE tmp[128]; 23 | AES__(plain,key,tmp); 24 | 25 | orthogonalize(tmp,tmp); 26 | orthogonalize(&tmp[64],&tmp[64]); 27 | 28 | for (int i = 0; i < 128; i++) 29 | tmp[i] = __builtin_bswap64(tmp[i]); 30 | 31 | for (int i = 0; i < 64; i++) { 32 | cipher[i*2] = tmp[i]; 33 | cipher[i*2+1] = tmp[i+64]; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/std/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NONCEBYTES 16 3 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/std/crypto_stream.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/checks/correctness/aes/std/crypto_stream.h -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes/stream.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | int crypto_stream_xor( unsigned char *out, 4 | const unsigned char *in, 5 | unsigned long long inlen, 6 | const unsigned char *n, 7 | const unsigned char *k 8 | ); 9 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes_mslice/aes.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; use warnings; 4 | use v5.14; 5 | 6 | use Crypt::Mode::ECB; 7 | 8 | open my $FH, '<', 'input.txt'; 9 | 10 | local $/; 11 | my $plaintext = <$FH>; 12 | 13 | my $key = "0123456789ABCDEF"; 14 | my $ecb = Crypt::Mode::ECB->new('AES',0); 15 | my $ciphertext = $ecb->encrypt($plaintext, $key); 16 | 17 | open $FH, '>', 'out.txt' or die $!; 18 | print $FH $ciphertext; 19 | close $FH; 20 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/aes_mslice/input.txt: -------------------------------------------------------------------------------- 1 | ABCDEFGHIJKLMNOP0123456789ABCDEFAZERTYUIOPQSDFGHNBVCXWMLKJHGFDSQ01234567890123459876543210987654ABCXYZABCXYZABCXA0B1C2D3E4F5G6H7 2 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/chacha20/AVX/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/chacha20/SSE/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/chacha20/STD/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/chacha20/crypto_stream.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/checks/correctness/chacha20/crypto_stream.h -------------------------------------------------------------------------------- /src/usuba/checks/correctness/chacha20/stream.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | int crypto_stream_xor( unsigned char *out, 4 | const unsigned char *in, 5 | unsigned long long inlen, 6 | const unsigned char *n, 7 | const unsigned char *k 8 | ); 9 | 10 | 11 | int crypto_stream(unsigned char *out, 12 | unsigned long long outlen, 13 | const unsigned char *n, 14 | const unsigned char *k 15 | ); 16 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_ace.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_ace_$slicing"; 28 | 29 | say "############################# Ace $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Ace from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | error if system "./usubac $slicing_flag -o $temp_dir/ace_ua_$slicing.c -arch std -no-sched samples/usuba/ace.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/ace/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Ace OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_ace_masked.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_ace_masked_$slicing"; 28 | 29 | say "############################# Ace-masked $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Ace-Masked from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | error if system "./usubac -ua-masked $slicing_flag -o $temp_dir/ace_ua_$slicing.c -arch std -no-sched samples/usuba/ace.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/ace_masked/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -D MASKING_ORDER=4 -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Ace-masked OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_aes.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(dircopy fcopy rcopy); 11 | use FindBin; 12 | 13 | sub error { 14 | say "************ ERROR **************\n\n"; 15 | exit 1; 16 | } 17 | 18 | my $temp_dir = "tmp_aes"; 19 | 20 | say "############################## Bitslice AES ###########################"; 21 | 22 | # switching to usuba dir 23 | chdir "$FindBin::Bin/../.."; 24 | 25 | # Compiling the compiler. 26 | unless ($ARGV[0]) { 27 | say "Compiling..."; 28 | error if system 'make'; 29 | } 30 | 31 | 32 | # Switching to temporary directory. 33 | say "Preparing the files for the test..."; 34 | remove_tree $temp_dir if -d $temp_dir; 35 | mkdir $temp_dir; 36 | chdir $temp_dir; 37 | 38 | dircopy "$FindBin::Bin/aes/$_", $_ for qw(std sse avx); 39 | copy $_, "." for glob "$FindBin::Bin/aes/{main.c,stream.h,aes_ctr.pl}"; 40 | 41 | chdir ".."; 42 | say "Compiling AES from Usuba to C..."; 43 | for my $arch (qw(std sse avx)) { 44 | error if system "./usubac -B -o $temp_dir/$arch/aes.c -arch $arch -no-share -no-sched samples/usuba/aes.ua" ; 45 | } 46 | 47 | chdir $temp_dir; 48 | 49 | 50 | for my $ARCH (qw(std sse avx)) { 51 | # Compiling the C files 52 | say "Compiling the test executable with $ARCH..."; 53 | error if system "clang -Wall -Wextra -march=native -I../arch -o aes main.c $ARCH/stream.c"; 54 | 55 | say "Running the test with $ARCH..."; 56 | error if system 'head -c 8M input.txt'; 57 | error if system 'perl aes_ctr.pl'; 58 | error if system './aes'; 59 | 60 | error if system 'cmp --silent out_c.txt out_pl.txt'; 61 | unlink 'out_c.txt', 'out_pl.txt'; 62 | } 63 | 64 | chdir '..'; 65 | remove_tree $temp_dir; 66 | 67 | say "Bitsliced AES OK.\n\n"; 68 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_aes_mslice.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use FindBin; 11 | 12 | sub error { 13 | say "************ ERROR **************\n\n"; 14 | exit 1; 15 | } 16 | 17 | my $temp_dir = "tmp_aes_mslice"; 18 | 19 | say "############################### AES Mslice ############################"; 20 | 21 | # switching to usuba dir 22 | chdir "$FindBin::Bin/../.."; 23 | 24 | # Compiling the compiler. 25 | unless ($ARGV[0]) { 26 | say "Compiling..."; 27 | error if system 'make'; 28 | } 29 | 30 | 31 | # Switching to temporary directory. 32 | say "Preparing the files for the test..."; 33 | remove_tree $temp_dir if -d $temp_dir; 34 | mkdir $temp_dir; 35 | 36 | # Compiling Usuba AES. 37 | say "Compiling AES from Usuba to C..."; 38 | error if system "./usubac -H -o $temp_dir/aes.c -arch sse -no-share samples/usuba/aes_mslice.ua" ; 39 | { 40 | local $^I = ""; 41 | local @ARGV = "$temp_dir/aes.c"; 42 | while(<>) { 43 | s/#include .*//; 44 | } continue { print } 45 | } 46 | 47 | 48 | chdir $temp_dir; 49 | copy $_, '.' for glob "$FindBin::Bin/aes_mslice/*"; 50 | 51 | 52 | for my $ARCH (qw(AVX SSE)) { 53 | # Compiling the C files 54 | say "Compiling the test executable with $ARCH..."; 55 | error if system "clang -D $ARCH -march=native -I../arch -o aes main.c"; 56 | 57 | say "Running the test with $ARCH..."; 58 | error if system 'head -c 8M input.txt'; 59 | error if system 'perl aes.pl'; 60 | error if system './aes'; 61 | 62 | error if system 'cmp --silent output.txt out.txt'; 63 | unlink 'output.txt', 'out.txt'; 64 | } 65 | 66 | chdir '..'; 67 | remove_tree $temp_dir; 68 | 69 | say "n-sliced AES OK.\n\n"; 70 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_ascon.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_ascon_$slicing"; 28 | 29 | say "############################# Ascon $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Ascon from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | error if system "./usubac $slicing_flag -o $temp_dir/ascon_ua_$slicing.c -arch std -no-sched samples/usuba/ascon.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/ascon/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Ascon OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_ascon_masked.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_ascon_masked_$slicing"; 28 | 29 | say "############################# Ascon-masked $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Ascon from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | error if system "./usubac -ua-masked $slicing_flag -o $temp_dir/ascon_ua_$slicing.c -arch std -no-sched samples/usuba/ascon.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/ascon_masked/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -D MASKING_ORDER=4 -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Ascon-masked OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_chacha20.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | my $temp_dir = "tmp_chacha20"; 21 | 22 | say "################################ Chacha20 ##############################"; 23 | 24 | # switching to usuba dir 25 | chdir "$FindBin::Bin/../.."; 26 | 27 | # Compiling the compiler. 28 | unless ($ARGV[0]) { 29 | say "Compiling..."; 30 | error if system 'make'; 31 | } 32 | 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba DES. 40 | say "Compiling Chacha20 from Usuba to C..."; 41 | error if system "./usubac -V -o $temp_dir/chacha20.c -arch sse -no-share samples/usuba/chacha20.ua" ; 42 | { 43 | local $^I = ""; 44 | local @ARGV = "$temp_dir/chacha20.c"; 45 | while(<>) { 46 | s/#include .*//; 47 | } continue { print } 48 | } 49 | 50 | chdir $temp_dir; 51 | copy $_, "." for glob "$FindBin::Bin/chacha20/{main_verif.c,stream.h,crypto_stream.h}"; 52 | #rcopy $_, '.' for glob "$FindBin::Bin/chacha20/*"; 53 | 54 | for my $ARCH (qw(STD SSE AVX)) { 55 | dircopy "$FindBin::Bin/chacha20/$ARCH/", "."; 56 | copy "chacha20.c", "$ARCH/"; 57 | # Compiling the C files 58 | say "Compiling the test executable with $ARCH..."; 59 | error if system "clang -march=native -I../arch -I . -o chacha20 main_verif.c $ARCH/stream.c"; 60 | 61 | say "Running the test with $ARCH..."; 62 | error if system './chacha20'; 63 | } 64 | 65 | chdir '..'; 66 | remove_tree $temp_dir; 67 | 68 | say "Vsliced Chacha20 OK.\n\n"; 69 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_clyde_bitslice.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | my $temp_dir = "tmp_clyde_bitslice"; 21 | 22 | say "############################ Clyde Bitslice ###########################"; 23 | 24 | # switching to usuba dir 25 | chdir "$FindBin::Bin/../.."; 26 | 27 | # Compiling the compiler. 28 | unless ($ARGV[0]) { 29 | say "Compiling..."; 30 | error if system 'make'; 31 | } 32 | 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Clyde from Usuba to C..."; 41 | error if system "./usubac -B -o $temp_dir/clyde.c -arch std -no-share samples/usuba/clyde.ua" ; 42 | 43 | chdir $temp_dir; 44 | copy $_, "." for glob "$FindBin::Bin/clyde/*"; 45 | 46 | for my $ARCH (qw(STD)) { 47 | # Compiling the C files 48 | say "Compiling the test executable with $ARCH..."; 49 | error if system "clang -D UA_B -march=native -I../arch -I . -o main main.c"; 50 | 51 | say "Running the test with $ARCH..."; 52 | error if system './main'; 53 | } 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "Bitsliced Clyde OK.\n\n"; 59 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_clyde_masked.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | for my $slicing (qw(bitslice vslice)) { 21 | my $temp_dir = "tmp_clyde_masked_$slicing"; 22 | 23 | say "############################ Clyde-masked $slicing ###########################"; 24 | 25 | # switching to usuba dir 26 | chdir "$FindBin::Bin/../.."; 27 | 28 | # Compiling the compiler. 29 | unless ($ARGV[0]) { 30 | say "Compiling..."; 31 | error if system 'make'; 32 | } 33 | 34 | 35 | # Switching to temporary directory. 36 | say "Preparing the files for the test..."; 37 | remove_tree $temp_dir if -d $temp_dir; 38 | mkdir $temp_dir; 39 | 40 | # Compiling Usuba Clyde. 41 | say "Compiling Clyde-masked from Usuba to C..."; 42 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 43 | error if system "./usubac -ua-masked $slicing_flag -o $temp_dir/clyde_ua_$slicing.c -arch std -no-share samples/usuba/clyde.ua" ; 44 | 45 | chdir $temp_dir; 46 | copy $_, "." for glob "$FindBin::Bin/clyde_masked/*"; 47 | 48 | for my $ARCH (qw(STD)) { 49 | # Compiling the C files 50 | say "Compiling the test executable with $ARCH..."; 51 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 52 | error if system "clang -D $implem_flag -D MASKING_ORDER=4 -march=native -I../arch -I . -o main main.c"; 53 | 54 | say "Running the test with $ARCH..."; 55 | error if system './main'; 56 | } 57 | 58 | chdir '..'; 59 | remove_tree $temp_dir; 60 | 61 | say "$slicing Clyde-masked OK.\n\n"; 62 | } 63 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_clyde_vslice.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | my $temp_dir = "tmp_clyde_vslice"; 21 | 22 | say "############################# Clyde Vslice ############################"; 23 | 24 | # switching to usuba dir 25 | chdir "$FindBin::Bin/../.."; 26 | 27 | # Compiling the compiler. 28 | unless ($ARGV[0]) { 29 | say "Compiling..."; 30 | error if system 'make'; 31 | } 32 | 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Clyde from Usuba to C..."; 41 | error if system "./usubac -V -o $temp_dir/clyde.c -arch std -no-share samples/usuba/clyde.ua" ; 42 | 43 | chdir $temp_dir; 44 | copy $_, "." for glob "$FindBin::Bin/clyde/*"; 45 | 46 | for my $ARCH (qw(STD)) { 47 | # Compiling the C files 48 | say "Compiling the test executable with $ARCH..."; 49 | error if system "clang -D UA_V -march=native -I../arch -I . -o main main.c"; 50 | 51 | say "Running the test with $ARCH..."; 52 | error if system './main'; 53 | } 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "Bitsliced Clyde OK.\n\n"; 59 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_des.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use FindBin; 11 | 12 | sub error { 13 | say "************ ERROR **************\n\n"; 14 | exit 1; 15 | } 16 | 17 | my $temp_dir = "tmp_des"; 18 | 19 | say "################################## DES ################################"; 20 | 21 | # switching to usuba dir 22 | chdir "$FindBin::Bin/../.."; 23 | 24 | # Compiling the compiler. 25 | unless ($ARGV[0]) { 26 | say "Compiling..."; 27 | error if system 'make'; 28 | } 29 | 30 | 31 | # Switching to temporary directory. 32 | say "Preparing the files for the test..."; 33 | remove_tree $temp_dir if -d $temp_dir; 34 | mkdir $temp_dir; 35 | 36 | # Compiling Usuba DES. 37 | say "Regenerating the DES code..."; 38 | error if system "./usubac -no-arr -B -o $temp_dir/des.c -arch avx samples/usuba/des.ua" ; 39 | { 40 | local $^I = ""; 41 | local @ARGV = "$temp_dir/des.c"; 42 | while(<>) { 43 | s/#include .*//; 44 | } continue { print } 45 | } 46 | 47 | chdir $temp_dir; 48 | copy $_, '.' for glob "$FindBin::Bin/des/*"; 49 | 50 | 51 | error if system 'clang -march=native -o des_ref ref_usuba.c'; 52 | 53 | 54 | for my $ARCH (qw(STD SSE AVX)) { 55 | # Compiling the C files 56 | say "Compiling the test executable..."; 57 | error if system "clang -D $ARCH -march=native -I../arch -o des_to_test main.c"; 58 | 59 | say "Running the test with $ARCH..."; 60 | error if system 'head -c 8M input.txt'; 61 | error if system './des_ref'; 62 | error if system './des_to_test'; 63 | 64 | error if system 'cmp --silent output.txt output_to_test.txt'; 65 | unlink "output.txt output_to_test.txt" 66 | } 67 | 68 | chdir '..'; 69 | remove_tree $temp_dir; 70 | 71 | say "Bitslice DES OK.\n\n"; 72 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_drygascon.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_drygascon_$slicing"; 28 | 29 | say "############################# Drygascon $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Drygascon from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | error if system "./usubac -light-inline $slicing_flag -o $temp_dir/drygascon_ua_$slicing.c -arch std -no-sched samples/usuba/drygascon.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/drygascon/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Drygascon OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_gift.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_gift_$slicing"; 28 | 29 | say "############################# Gift $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Gift from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | my $special_ua = $slicing eq 'bitslice' ? '_bitslice' : ''; 43 | error if system "./usubac $slicing_flag -o $temp_dir/gift_ua_$slicing.c -arch std -no-sched samples/usuba/gift${special_ua}.ua"; 44 | 45 | chdir $temp_dir; 46 | copy $_, "." for glob "$FindBin::Bin/gift/*"; 47 | 48 | # Compiling the C files 49 | say "Compiling the test executable..."; 50 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 51 | error if system "clang -Wno-incompatible-pointer-types -D $implem_flag -march=native -I../arch -I . -o main main.c"; 52 | 53 | say "Running the test..."; 54 | error if system './main'; 55 | 56 | chdir '..'; 57 | remove_tree $temp_dir; 58 | 59 | say "$slicing Gift OK.\n\n"; 60 | } 61 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_gimli_bitslice.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | my $temp_dir = "tmp_gimli_bitslice"; 21 | 22 | say "############################ Gimli Bitslice ###########################"; 23 | 24 | # switching to usuba dir 25 | chdir "$FindBin::Bin/../.."; 26 | 27 | # Compiling the compiler. 28 | unless ($ARGV[0]) { 29 | say "Compiling..."; 30 | error if system 'make'; 31 | } 32 | 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Gimli. 40 | say "Compiling Gimli from Usuba to C..."; 41 | error if system "./usubac -B -inline-all -o $temp_dir/gimli.c -arch std -no-share samples/usuba/gimli_bitslice.ua" ; 42 | 43 | chdir $temp_dir; 44 | copy $_, "." for glob "$FindBin::Bin/gimli/*"; 45 | 46 | for my $ARCH (qw(STD)) { 47 | # Compiling the C files 48 | say "Compiling the test executable with $ARCH..."; 49 | error if system "clang -D UA_B -Wno-incompatible-pointer-types -march=native -I../arch -I . -o main main.c"; 50 | 51 | say "Running the test with $ARCH..."; 52 | error if system './main'; 53 | } 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "Bitsliced Gimli OK.\n\n"; 59 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_gimli_masked.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | for my $slicing ('vslice', 'bitslice') { 21 | my $temp_dir = "tmp_gimli_masked_$slicing"; 22 | 23 | say "############################ Gimli-masked $slicing ###########################"; 24 | 25 | # switching to usuba dir 26 | chdir "$FindBin::Bin/../.."; 27 | 28 | # Compiling the compiler. 29 | unless ($ARGV[0]) { 30 | say "Compiling..."; 31 | error if system 'make'; 32 | } 33 | 34 | 35 | # Switching to temporary directory. 36 | say "Preparing the files for the test..."; 37 | remove_tree $temp_dir if -d $temp_dir; 38 | mkdir $temp_dir; 39 | 40 | # Compiling Usuba Gimli. 41 | say "Compiling Gimli from Usuba to C..."; 42 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B -inline-all'; 43 | my $file_end = $slicing eq 'vslice' ? '' : '_bitslice'; 44 | error if system "./usubac -light-inline -ua-masked $slicing_flag -o $temp_dir/gimli_ua_$slicing.c -arch std -no-share samples/usuba/gimli$file_end.ua" ; 45 | 46 | chdir $temp_dir; 47 | copy $_, "." for glob "$FindBin::Bin/gimli_masked/*"; 48 | 49 | # Compiling the C files 50 | say "Compiling the test executable..."; 51 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 52 | error if system "clang -D $implem_flag -D MASKING_ORDER=4 -Wno-incompatible-pointer-types -march=native -I../arch -I . -o main main.c"; 53 | 54 | say "Running the test..."; 55 | error if system './main'; 56 | 57 | chdir '..'; 58 | remove_tree $temp_dir; 59 | 60 | say "$slicing Gimli-masked OK.\n\n"; 61 | } 62 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_gimli_vslice.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | my $temp_dir = "tmp_gimli_vslice"; 21 | 22 | say "############################# Gimli Vslice ############################"; 23 | 24 | # switching to usuba dir 25 | chdir "$FindBin::Bin/../.."; 26 | 27 | # Compiling the compiler. 28 | unless ($ARGV[0]) { 29 | say "Compiling..."; 30 | error if system 'make'; 31 | } 32 | 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Gimli. 40 | say "Compiling Gimli from Usuba to C..."; 41 | error if system "./usubac -V -o $temp_dir/gimli.c -arch std -no-share samples/usuba/gimli.ua" ; 42 | 43 | chdir $temp_dir; 44 | copy $_, "." for glob "$FindBin::Bin/gimli/*"; 45 | 46 | for my $ARCH (qw(STD)) { 47 | # Compiling the C files 48 | say "Compiling the test executable with $ARCH..."; 49 | error if system "clang -D UA_V -Wno-incompatible-pointer-types -march=native -I../arch -I . -o main main.c"; 50 | 51 | say "Running the test with $ARCH..."; 52 | error if system './main'; 53 | } 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "Bitsliced Gimli OK.\n\n"; 59 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_photon.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_photon_$slicing"; 28 | 29 | say "############################# Photon $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Photon from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V -keep-tables' : '-B'; 42 | error if system "./usubac $slicing_flag -o $temp_dir/photon_ua_$slicing.c -arch std -no-sched samples/usuba/photon_$slicing.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/photon/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Photon OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_pyjamask.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | 21 | for my $slicing ('bitslice', 'vslice') { 22 | 23 | my $temp_dir = "tmp_pyjamask_$slicing"; 24 | 25 | say "############################ Pyjamask $slicing ###########################"; 26 | 27 | # switching to usuba dir 28 | chdir "$FindBin::Bin/../.."; 29 | 30 | # Compiling the compiler. 31 | unless ($ARGV[0]) { 32 | say "Compiling..."; 33 | error if system 'make'; 34 | } 35 | 36 | 37 | # Switching to temporary directory. 38 | say "Preparing the files for the test..."; 39 | remove_tree $temp_dir if -d $temp_dir; 40 | mkdir $temp_dir; 41 | 42 | # Compiling Usuba DES. 43 | say "Compiling Pyjamask from Usuba to C..."; 44 | my $slicing_flag = $slicing eq 'bitslice' ? '-B' : '-V'; 45 | error if system "./usubac $slicing_flag -o $temp_dir/pyjamask_ua_$slicing.c -arch std -no-share -no-sched samples/usuba/pyjamask_$slicing.ua" ; 46 | 47 | chdir $temp_dir; 48 | copy $_, "." for glob "$FindBin::Bin/pyjamask/*"; 49 | 50 | for my $ARCH (qw(STD)) { 51 | # Compiling the C files 52 | say "Compiling the test executable with $ARCH..."; 53 | my $slicing_flag = $slicing eq 'bitslice' ? 'UA_B' : 'UA_V'; 54 | error if system "clang -Wno-incompatible-pointer-types -march=native -I../arch -I . -o main -D $slicing_flag main.c"; 55 | 56 | say "Running the test with $ARCH..."; 57 | error if system './main'; 58 | } 59 | 60 | chdir '..'; 61 | remove_tree $temp_dir; 62 | 63 | say ucfirst "$slicing Pyjamask OK.\n\n"; 64 | } 65 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_pyjamask_masked.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | 21 | for my $slicing ('bitslice', 'vslice') { 22 | 23 | my $temp_dir = "tmp_pyjamask_masked_$slicing"; 24 | 25 | say "############################ Pyjamask-masked $slicing ###########################"; 26 | 27 | # switching to usuba dir 28 | chdir "$FindBin::Bin/../.."; 29 | 30 | # Compiling the compiler. 31 | unless ($ARGV[0]) { 32 | say "Compiling..."; 33 | error if system 'make'; 34 | } 35 | 36 | 37 | # Switching to temporary directory. 38 | say "Preparing the files for the test..."; 39 | remove_tree $temp_dir if -d $temp_dir; 40 | mkdir $temp_dir; 41 | 42 | # Compiling Usuba DES. 43 | say "Compiling Pyjamask-masked from Usuba to C..."; 44 | my $slicing_flag = $slicing eq 'bitslice' ? '-B' : '-V'; 45 | error if system "./usubac -ua-masked -light-inline $slicing_flag -o $temp_dir/pyjamask_ua_$slicing.c -arch std -no-share -no-sched samples/usuba/pyjamask_$slicing.ua" ; 46 | 47 | chdir $temp_dir; 48 | copy $_, "." for glob "$FindBin::Bin/pyjamask_masked/*"; 49 | 50 | for my $ARCH (qw(STD)) { 51 | # Compiling the C files 52 | say "Compiling the test executable with $ARCH..."; 53 | my $slicing_flag = $slicing eq 'bitslice' ? 'UA_B' : 'UA_V'; 54 | error if system "clang -march=native -I../arch -I . -o main -D $slicing_flag -D MASKING_ORDER=4 main.c"; 55 | say "Running the test with $ARCH..."; 56 | error if system './main'; 57 | } 58 | 59 | chdir '..'; 60 | remove_tree $temp_dir; 61 | 62 | say ucfirst "$slicing Pyjamask-masked OK.\n\n"; 63 | } 64 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_serpent.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use FindBin; 11 | 12 | 13 | sub error { 14 | say "************ ERROR **************\n\n"; 15 | exit 1; 16 | } 17 | 18 | my $temp_dir = "tmp_serpent"; 19 | 20 | say "################################ Serpent ##############################"; 21 | 22 | # switching to usuba dir 23 | chdir "$FindBin::Bin/../.."; 24 | 25 | # Compiling the compiler. 26 | unless ($ARGV[0]) { 27 | say "Compiling..."; 28 | error if system 'make'; 29 | } 30 | 31 | 32 | # Switching to temporary directory. 33 | say "Preparing the files for the test..."; 34 | remove_tree $temp_dir if -d $temp_dir; 35 | mkdir $temp_dir; 36 | 37 | # Compiling Usuba DES. 38 | say "Compiling Serpent from Usuba to C..."; 39 | error if system "./usubac -V -o $temp_dir/serpent.c -arch sse -no-share samples/usuba/serpent.ua" ; 40 | { 41 | local $^I = ""; 42 | local @ARGV = "$temp_dir/serpent.c"; 43 | while(<>) { 44 | s/#include .*//; 45 | } continue { print } 46 | } 47 | 48 | chdir $temp_dir; 49 | copy $_, '.' for glob "$FindBin::Bin/serpent/*"; 50 | 51 | # Compiling the reference implementation 52 | say "Compiling reference C implementation..."; 53 | error if system 'clang -march=native -I../arch -o serpent_ref ref.c'; 54 | 55 | for my $ARCH (qw(STD SSE AVX)) { 56 | # Compiling the C files 57 | say "Compiling the test executable with $ARCH..."; 58 | error if system "clang -D $ARCH -march=native -I../arch -o serpent main.c"; 59 | 60 | say "Running the test with $ARCH..."; 61 | error if system 'head -c 8M input.txt'; 62 | error if system './serpent_ref'; 63 | error if system './serpent'; 64 | 65 | error if system 'cmp --silent output.txt out.txt'; 66 | unlink 'output.txt', 'out.txt'; 67 | } 68 | 69 | chdir '..'; 70 | remove_tree $temp_dir; 71 | 72 | say "n-sliced Serpent OK.\n\n"; 73 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_skinny_bitslice.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | my $temp_dir = "tmp_skinny_bitslice"; 21 | 22 | say "############################# Skinny Bitslice ############################"; 23 | 24 | # switching to usuba dir 25 | chdir "$FindBin::Bin/../.."; 26 | 27 | # Compiling the compiler. 28 | unless ($ARGV[0]) { 29 | say "Compiling..."; 30 | error if system 'make'; 31 | } 32 | 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Skinny from Usuba to C..."; 41 | error if system "./usubac -B -o $temp_dir/skinny_ua_bitslice.c -arch std -no-share samples/usuba/skinny_bitslice.ua"; 42 | 43 | chdir $temp_dir; 44 | copy $_, "." for glob "$FindBin::Bin/skinny/*"; 45 | 46 | for my $ARCH (qw(STD)) { 47 | # Compiling the C files 48 | say "Compiling the test executable with $ARCH..."; 49 | error if system "clang -D UA_B -march=native -I../arch -I . -o main main.c"; 50 | 51 | say "Running the test with $ARCH..."; 52 | error if system './main'; 53 | } 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "Bitsliced Skinny OK.\n\n"; 59 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_skinny_vslice.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | my $temp_dir = "tmp_skinny_vslice"; 21 | 22 | say "############################# Skinny Vslice ############################"; 23 | 24 | # switching to usuba dir 25 | chdir "$FindBin::Bin/../.."; 26 | 27 | # Compiling the compiler. 28 | unless ($ARGV[0]) { 29 | say "Compiling..."; 30 | error if system 'make'; 31 | } 32 | 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Skinny from Usuba to C..."; 41 | error if system "./usubac -keep-tables -V -o $temp_dir/skinny_ua_vslice.c -arch std -no-share samples/usuba/skinny_vslice.ua"; 42 | 43 | chdir $temp_dir; 44 | copy $_, "." for glob "$FindBin::Bin/skinny/*"; 45 | 46 | for my $ARCH (qw(STD)) { 47 | # Compiling the C files 48 | say "Compiling the test executable with $ARCH..."; 49 | error if system "clang -D UA_V -march=native -I../arch -I . -o main main.c"; 50 | 51 | say "Running the test with $ARCH..."; 52 | error if system './main'; 53 | } 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "Vslice Skinny OK.\n\n"; 59 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_spongent.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('bitslice') { 27 | my $temp_dir = "tmp_spongent_$slicing"; 28 | 29 | say "############################# Spongent $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Spongent from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | error if system "./usubac $slicing_flag -light-inline -bits-per-reg 32 -o $temp_dir/spongent_ua_$slicing.c -arch std -no-sched samples/usuba/spongent.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/spongent/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Spongent OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_subterranean.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('bitslice') { 27 | my $temp_dir = "tmp_subterranean_$slicing"; 28 | 29 | say "############################# Subterranean $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Subterranean from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B'; 42 | error if system "./usubac $slicing_flag -light-inline -bits-per-reg 8 -o $temp_dir/subterranean_ua_$slicing.c -arch std -no-sched samples/usuba/subterranean.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/subterranean/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Subterranean OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/check_xoodoo.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | use warnings; 5 | use v5.14; 6 | 7 | use Cwd; 8 | use File::Path qw( remove_tree ); 9 | use File::Copy; 10 | use File::Copy::Recursive qw(rcopy dircopy); 11 | $File::Copy::Recursive::CPRFComp = 1; 12 | use FindBin; 13 | 14 | 15 | sub error { 16 | say "************ ERROR **************\n\n"; 17 | exit 1; 18 | } 19 | 20 | # Compiling the compiler. 21 | unless ($ARGV[0]) { 22 | say "Compiling..."; 23 | error if system 'make'; 24 | } 25 | 26 | for my $slicing ('vslice', 'bitslice') { 27 | my $temp_dir = "tmp_xoodoo_$slicing"; 28 | 29 | say "############################# Xoodoo $slicing ############################"; 30 | 31 | # switching to usuba dir 32 | chdir "$FindBin::Bin/../.."; 33 | 34 | # Switching to temporary directory. 35 | say "Preparing the files for the test..."; 36 | remove_tree $temp_dir if -d $temp_dir; 37 | mkdir $temp_dir; 38 | 39 | # Compiling Usuba Clyde. 40 | say "Compiling Xoodoo from Usuba to C..."; 41 | my $slicing_flag = $slicing eq 'vslice' ? '-V' : '-B -bits-per-reg 32'; 42 | error if system "./usubac $slicing_flag -o $temp_dir/xoodoo_ua_$slicing.c -arch std -no-sched samples/usuba/xoodoo.ua"; 43 | 44 | chdir $temp_dir; 45 | copy $_, "." for glob "$FindBin::Bin/xoodoo/*"; 46 | 47 | # Compiling the C files 48 | say "Compiling the test executable..."; 49 | my $implem_flag = $slicing eq 'vslice' ? 'UA_V' : 'UA_B'; 50 | error if system "clang -D $implem_flag -march=native -I../arch -I . -o main main.c"; 51 | 52 | say "Running the test..."; 53 | error if system './main'; 54 | 55 | chdir '..'; 56 | remove_tree $temp_dir; 57 | 58 | say "$slicing Xoodoo OK.\n\n"; 59 | } 60 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/des/main.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #define ORTHO 9 | #define RUNTIME 10 | 11 | #ifdef STD 12 | #include "STD.h" 13 | #else 14 | #ifdef SSE 15 | #include "SSE.h" 16 | #else 17 | #ifdef AVX 18 | #include "AVX.h" 19 | #else 20 | #error "No implementation provided" 21 | #endif 22 | #endif 23 | #endif 24 | 25 | 26 | #include "des.c" 27 | 28 | 29 | /* runtime */ 30 | 31 | #define BLOCK_SIZE 64 32 | #define KEY_SIZE 64 33 | 34 | int main() { 35 | 36 | // Hardcoding a key for now... 37 | uint64_t key_std = 0x133457799BBCDFF1; 38 | DATATYPE *key_ortho = ALLOC(KEY_SIZE); 39 | DATATYPE *key_cst = ALLOC(KEY_SIZE); 40 | 41 | for (int i = 0; i < 64; i++) 42 | if (key_std >> i & 1) 43 | key_ortho[63-i] = key_cst[63-i] = SET_ALL_ONE(); 44 | else 45 | key_ortho[63-i] = key_cst[63-i] = SET_ALL_ZERO(); 46 | 47 | 48 | // Reading the input file 49 | FILE* fh_in = fopen("input.txt","rb"); 50 | FILE* fh_out = fopen("output_to_test.txt","wb"); 51 | 52 | // Allocating various stuffs 53 | DATATYPE *plain_ortho = ALLOC(REG_SIZE); 54 | DATATYPE *cipher_ortho = ALLOC(REG_SIZE); 55 | uint64_t *plain_std = ALLOC(CHUNK_SIZE); 56 | 57 | 58 | while(fread(plain_std, 8, CHUNK_SIZE, fh_in)) { 59 | 60 | for (int i = 0; i < CHUNK_SIZE; i++) 61 | plain_std[i] = __builtin_bswap64(plain_std[i]); 62 | 63 | ORTHOGONALIZE(plain_std, plain_ortho); 64 | 65 | for (int i = 0; i < CHUNK_SIZE / REG_SIZE; i++) { 66 | 67 | memcpy(key_ortho,key_cst,KEY_SIZE*sizeof *key_cst); 68 | des__(&plain_ortho[i*64], key_ortho, &cipher_ortho[i*64]); 69 | 70 | } 71 | 72 | UNORTHOGONALIZE(cipher_ortho,plain_std); 73 | 74 | for (int i = 0; i < CHUNK_SIZE; i++) 75 | plain_std[i] = __builtin_bswap64(plain_std[i]); 76 | 77 | fwrite(plain_std, 8, CHUNK_SIZE, fh_out); 78 | } 79 | 80 | fclose(fh_in); 81 | fclose(fh_out); 82 | 83 | return 0; 84 | } 85 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/pyjamask/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NSECBYTES 0 3 | #define CRYPTO_NPUBBYTES 12 4 | #define CRYPTO_ABYTES 16 5 | #define CRYPTO_NOOVERLAP 1 6 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/pyjamask/pyjamask.h: -------------------------------------------------------------------------------- 1 | /* 2 | =============================================================================== 3 | 4 | Header file for Pyjamsk block ciphers in C 5 | 6 | Copyright (C) 2019 Dahmun Goudarzi, Jérémy Jean, Stefan Kölbl, 7 | Thomas Peyrin, Matthieu Rivain, Yu Sasaki, Siang Meng Sim 8 | 9 | This program is free software: you can redistribute it and/or modify 10 | it under the terms of the GNU General Public License as published by 11 | the Free Software Foundation, either version 3 of the License, or 12 | (at your option) any later version. 13 | 14 | This program is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | GNU General Public License for more details. 18 | 19 | You should have received a copy of the GNU General Public License 20 | along with this program. If not, see . 21 | 22 | =============================================================================== 23 | */ 24 | 25 | void pyjamask_96_enc (const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 26 | void pyjamask_96_dec (const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext); 27 | 28 | void pyjamask_128_enc(const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 29 | void pyjamask_128_dec(const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext ); 30 | void key_schedule(const uint8_t *key, uint32_t* round_keys); 31 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/pyjamask_masked/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NSECBYTES 0 3 | #define CRYPTO_NPUBBYTES 12 4 | #define CRYPTO_ABYTES 16 5 | #define CRYPTO_NOOVERLAP 1 6 | -------------------------------------------------------------------------------- /src/usuba/checks/correctness/pyjamask_masked/pyjamask.h: -------------------------------------------------------------------------------- 1 | /* 2 | =============================================================================== 3 | 4 | Header file for Pyjamsk block ciphers in C 5 | 6 | Copyright (C) 2019 Dahmun Goudarzi, Jérémy Jean, Stefan Kölbl, 7 | Thomas Peyrin, Matthieu Rivain, Yu Sasaki, Siang Meng Sim 8 | 9 | This program is free software: you can redistribute it and/or modify 10 | it under the terms of the GNU General Public License as published by 11 | the Free Software Foundation, either version 3 of the License, or 12 | (at your option) any later version. 13 | 14 | This program is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | GNU General Public License for more details. 18 | 19 | You should have received a copy of the GNU General Public License 20 | along with this program. If not, see . 21 | 22 | =============================================================================== 23 | */ 24 | 25 | void pyjamask_96_enc (const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 26 | void pyjamask_96_dec (const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext); 27 | 28 | void pyjamask_128_enc(const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 29 | void pyjamask_128_dec(const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext ); 30 | void key_schedule(const uint8_t *key, uint32_t* round_keys); 31 | -------------------------------------------------------------------------------- /src/usuba/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "data_dir": "{{USUBA}}/data", 3 | "arch_dir": "{{USUBA}}/arch", 4 | "tightprove_cache": "{{USUBA}}/tightprove_cache", 5 | "sage": "{{HOME}}/SageMath/sage", 6 | "tightprove": "{{USUBA}}/../tightPROVEp/tightprove-exec.sage" 7 | } 8 | -------------------------------------------------------------------------------- /src/usuba/config.json.help: -------------------------------------------------------------------------------- 1 | This file explains how `config.json` works. 2 | --- 3 | 4 | `config.json` must define 4 variables: 5 | 6 | - data_dir: the directory where to find all data needed by Usubac to 7 | compile. For now, those data are only the sboxes. You should 8 | probably leave it as is unless you know precisely what you are 9 | doing. 10 | 11 | - arch_dir: the directory where to find the C headers for each 12 | architecture. 13 | 14 | - tightprove_cache: the directory to use a cache for tightprove when 15 | compiling Usuba files with `-tp`. If you do not already have a 16 | cache from a previous installation of Usuba, you can probably 17 | leave it as is. 18 | 19 | - sage: the command to invoke to run SageMath. If you have a 20 | system-wide installation of SageMath, then setting it as "sage" 21 | should work. Otherwise, specify the full path of you sage 22 | installation. 23 | 24 | - tightprove: the full path of the tightPROVE+ binary. 25 | 26 | 27 | You can use the following placeholders: 28 | 29 | - {{USUBA}}: this is replaced by the full path of the current 30 | folder. 31 | 32 | - {{HOME}}: this is replaced by your home, as per the environment 33 | variable $HOME. Note that this probably will not work on Windows. -------------------------------------------------------------------------------- /src/usuba/data/sboxes/ascon.ua: -------------------------------------------------------------------------------- 1 | node Sbox(x:v5) returns (xr:v5) 2 | vars 3 | x0,x1,x2,x3,x4:v1, 4 | t0,t1,t2,t3,t4:v1 5 | let 6 | (x0,x1,x2,x3,x4) = x; 7 | 8 | x0 ^:= x4; 9 | x4 ^:= x3; 10 | x2 ^:= x1; 11 | 12 | t0 = ~x0; 13 | t1 = ~x1; 14 | t2 = ~x2; 15 | t3 = ~x3; 16 | t4 = ~x4; 17 | 18 | t0 &:= x1; 19 | t1 &:= x2; 20 | t2 &:= x3; 21 | t3 &:= x4; 22 | t4 &:= x0; 23 | 24 | x0 ^:= t1; 25 | x1 ^:= t2; 26 | x2 ^:= t3; 27 | x3 ^:= t4; 28 | x4 ^:= t0; 29 | 30 | x1 ^:= x0; 31 | x0 ^:= x4; 32 | x3 ^:= x2; 33 | x2 := ~x2; 34 | 35 | xr = (x0,x1,x2,x3,x4) 36 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/clyde.ua: -------------------------------------------------------------------------------- 1 | node sbox (x0:v1, x1:v1, x2:v1, x3:v1) 2 | returns (y0:v1, y1:v1, y2:v1, y3:v1) 3 | let 4 | y1 = (x0 & x1) ^ x2; 5 | y0 = (x3 & x0) ^ x1; 6 | y3 = (y1 & x3) ^ x0; 7 | y2 = (y0 & y1) ^ x3 8 | tel 9 | -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_1.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_1 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1, x43:v1, x44:v1, x45:v1, x46:v1, x47:v1, x48:v1, 9 | x49:v1, x50:v1, x51:v1, x52:v1, x53:v1, x54:v1, x55:v1, x56:v1, 10 | x57:v1, x58:v1, x59:v1, x60:v1, x61:v1, x62:v1, x63:v1 11 | let 12 | x1 = ~a[3]; 13 | x2 = ~a[0]; 14 | x3 = a[3] ^ a[2]; 15 | x4 = x3 ^ x2; 16 | x5 = a[2] | x2; 17 | x6 = x5 & x1; 18 | x7 = a[5] | x6; 19 | x8 = x4 ^ x7; 20 | x9 = x1 | x2; 21 | x10 = a[5] & x9; 22 | x11 = x7 ^ x10; 23 | x12 = a[1] | x11; 24 | x13 = x8 ^ x12; 25 | x14 = x9 ^ x13; 26 | x15 = a[5] | x14; 27 | x16 = x1 ^ x15; 28 | x17 = ~x14; 29 | x18 = x17 & x3; 30 | x19 = a[1] | x18; 31 | x20 = x16 ^ x19; 32 | x21 = a[4] | x20; 33 | x22 = x13 ^ x21; 34 | out[3] = x22; 35 | x23 = a[2] | x4; 36 | x24 = ~x23; 37 | x25 = a[5] | x24; 38 | x26 = x6 ^ x25; 39 | x27 = x1 & x8; 40 | x28 = a[1] | x27; 41 | x29 = x26 ^ x28; 42 | x30 = x1 | x8; 43 | x31 = x30 ^ x6; 44 | x32 = x5 & x14; 45 | x33 = x32 ^ x8; 46 | x34 = a[1] & x33; 47 | x35 = x31 ^ x34; 48 | x36 = a[4] | x35; 49 | x37 = x29 ^ x36; 50 | out[0] = x37; 51 | x38 = a[2] & x10; 52 | x39 = x38 | x4; 53 | x40 = a[2] & x33; 54 | x41 = x40 ^ x25; 55 | x42 = a[1] | x41; 56 | x43 = x39 ^ x42; 57 | x44 = a[2] | x26; 58 | x45 = x44 ^ x14; 59 | x46 = a[0] | x8; 60 | x47 = x46 ^ x20; 61 | x48 = a[1] | x47; 62 | x49 = x45 ^ x48; 63 | x50 = a[4] & x49; 64 | x51 = x43 ^ x50; 65 | out[1] = x51; 66 | x52 = x8 ^ x40; 67 | x53 = a[2] ^ x11; 68 | x54 = x53 & x5; 69 | x55 = a[1] | x54; 70 | x56 = x52 ^ x55; 71 | x57 = a[5] | x4; 72 | x58 = x57 ^ x38; 73 | x59 = x13 & x56; 74 | x60 = a[1] & x59; 75 | x61 = x58 ^ x60; 76 | x62 = a[4] & x61; 77 | x63 = x56 ^ x62; 78 | out[2] = x63 79 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_2.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_2 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1, x43:v1, x44:v1, x45:v1, x46:v1, x47:v1, x48:v1, 9 | x49:v1, x50:v1, x51:v1, x52:v1, x53:v1, x54:v1, x55:v1, x56:v1 10 | let 11 | x1 = ~a[4]; 12 | x2 = ~a[0]; 13 | x3 = a[4] ^ a[5]; 14 | x4 = x3 ^ x2; 15 | x5 = x4 ^ a[1]; 16 | x6 = a[5] | x1; 17 | x7 = x6 | x2; 18 | x8 = a[1] & x7; 19 | x9 = a[5] ^ x8; 20 | x10 = a[2] & x9; 21 | x11 = x5 ^ x10; 22 | x12 = a[1] & x9; 23 | x13 = a[4] ^ x6; 24 | x14 = a[2] | x13; 25 | x15 = x12 ^ x14; 26 | x16 = a[3] & x15; 27 | x17 = x11 ^ x16; 28 | out[1] = x17; 29 | x18 = a[4] | a[0]; 30 | x19 = a[5] | x18; 31 | x20 = x13 ^ x19; 32 | x21 = x20 ^ a[1]; 33 | x22 = a[5] | x4; 34 | x23 = x22 & x17; 35 | x24 = a[2] | x23; 36 | x25 = x21 ^ x24; 37 | x26 = a[5] | x2; 38 | x27 = a[4] & x2; 39 | x28 = a[1] | x27; 40 | x29 = x26 ^ x28; 41 | x30 = x3 ^ x27; 42 | x31 = x2 ^ x19; 43 | x32 = a[1] & x31; 44 | x33 = x30 ^ x32; 45 | x34 = a[2] & x33; 46 | x35 = x29 ^ x34; 47 | x36 = a[3] | x35; 48 | x37 = x25 ^ x36; 49 | out[2] = x37; 50 | x38 = x21 & x32; 51 | x39 = x38 ^ x5; 52 | x40 = a[0] | x15; 53 | x41 = x40 ^ x13; 54 | x42 = a[2] | x41; 55 | x43 = x39 ^ x42; 56 | x44 = x28 | x41; 57 | x45 = a[3] & x44; 58 | x46 = x43 ^ x45; 59 | out[0] = x46; 60 | x47 = x19 & x21; 61 | x48 = x47 ^ x26; 62 | x49 = a[1] & x33; 63 | x50 = x49 ^ x21; 64 | x51 = a[2] & x50; 65 | x52 = x48 ^ x51; 66 | x53 = x18 & x28; 67 | x54 = x53 & x50; 68 | x55 = a[3] | x54; 69 | x56 = x52 ^ x55; 70 | out[3] = x56 71 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_3.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_3 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1, x43:v1, x44:v1, x45:v1, x46:v1, x47:v1, x48:v1, 9 | x49:v1, x50:v1, x51:v1, x52:v1, x53:v1, x54:v1, x55:v1, x56:v1, 10 | x57:v1 11 | let 12 | x1 = ~a[4]; 13 | x2 = ~a[5]; 14 | x3 = a[4] & a[2]; 15 | x4 = x3 ^ a[5]; 16 | x5 = a[3] & x1; 17 | x6 = x4 ^ x5; 18 | x7 = x6 ^ a[1]; 19 | x8 = a[2] & x1; 20 | x9 = a[4] ^ x2; 21 | x10 = a[3] | x9; 22 | x11 = x8 ^ x10; 23 | x12 = x7 & x11; 24 | x13 = a[4] ^ x11; 25 | x14 = x13 | x7; 26 | x15 = a[3] & x14; 27 | x16 = x12 ^ x15; 28 | x17 = a[1] & x16; 29 | x18 = x11 ^ x17; 30 | x19 = a[0] & x18; 31 | x20 = x7 ^ x19; 32 | out[3] = x20; 33 | x21 = a[2] ^ a[3]; 34 | x22 = x21 ^ x9; 35 | x23 = x2 | x4; 36 | x24 = x23 ^ x8; 37 | x25 = a[1] | x24; 38 | x26 = x22 ^ x25; 39 | x27 = a[5] ^ x23; 40 | x28 = x27 | a[3]; 41 | x29 = a[2] ^ x15; 42 | x30 = x29 | x5; 43 | x31 = a[1] | x30; 44 | x32 = x28 ^ x31; 45 | x33 = a[0] | x32; 46 | x34 = x26 ^ x33; 47 | out[0] = x34; 48 | x35 = a[2] ^ x9; 49 | x36 = x35 | x5; 50 | x37 = x4 | x29; 51 | x38 = x37 ^ a[3]; 52 | x39 = a[1] | x38; 53 | x40 = x36 ^ x39; 54 | x41 = a[5] & x11; 55 | x42 = x41 | x6; 56 | x43 = x34 ^ x38; 57 | x44 = x43 ^ x41; 58 | x45 = a[1] & x44; 59 | x46 = x42 ^ x45; 60 | x47 = a[0] | x46; 61 | x48 = x40 ^ x47; 62 | out[2] = x48; 63 | x49 = x2 | x38; 64 | x50 = x49 ^ x13; 65 | x51 = x27 ^ x28; 66 | x52 = a[1] | x51; 67 | x53 = x50 ^ x52; 68 | x54 = x12 & x23; 69 | x55 = x54 & x52; 70 | x56 = a[0] | x55; 71 | x57 = x53 ^ x56; 72 | out[1] = x57 73 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_4.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_4 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1 9 | let 10 | x1 = ~a[0]; 11 | x2 = ~a[2]; 12 | x3 = a[0] | a[2]; 13 | x4 = a[4] & x3; 14 | x5 = x1 ^ x4; 15 | x6 = a[1] | a[2]; 16 | x7 = x5 ^ x6; 17 | x8 = a[0] & a[4]; 18 | x9 = x8 ^ x3; 19 | x10 = a[1] & x9; 20 | x11 = a[4] ^ x10; 21 | x12 = a[3] & x11; 22 | x13 = x7 ^ x12; 23 | x14 = x2 ^ x4; 24 | x15 = a[1] & x14; 25 | x16 = x9 ^ x15; 26 | x17 = x5 & x14; 27 | x18 = a[4] ^ x2; 28 | x19 = a[1] | x18; 29 | x20 = x17 ^ x19; 30 | x21 = a[3] | x20; 31 | x22 = x16 ^ x21; 32 | x23 = a[5] & x22; 33 | x24 = x13 ^ x23; 34 | out[1] = x24; 35 | x25 = ~x13; 36 | x26 = a[5] | x22; 37 | x27 = x25 ^ x26; 38 | out[0] = x27; 39 | x28 = a[1] & x11; 40 | x29 = x28 ^ x17; 41 | x30 = a[2] ^ x10; 42 | x31 = x30 ^ x19; 43 | x32 = a[3] & x31; 44 | x33 = x29 ^ x32; 45 | x34 = x25 ^ x33; 46 | x35 = a[1] & x34; 47 | x36 = x24 ^ x35; 48 | x37 = a[3] | x34; 49 | x38 = x36 ^ x37; 50 | x39 = a[5] & x38; 51 | x40 = x33 ^ x39; 52 | out[3] = x40; 53 | x41 = x26 ^ x38; 54 | x42 = x41 ^ x40; 55 | out[2] = x42 56 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_5.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_5 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1, x43:v1, x44:v1, x45:v1, x46:v1, x47:v1, x48:v1, 9 | x49:v1, x50:v1, x51:v1, x52:v1, x53:v1, x54:v1, x55:v1, x56:v1, 10 | x57:v1, x58:v1, x59:v1, x60:v1, x61:v1, x62:v1 11 | let 12 | x1 = ~a[5]; 13 | x2 = ~a[2]; 14 | x3 = x1 | x2; 15 | x4 = x3 ^ a[3]; 16 | x5 = a[0] & x3; 17 | x6 = x4 ^ x5; 18 | x7 = a[5] | a[3]; 19 | x8 = x7 ^ a[2]; 20 | x9 = a[2] | x7; 21 | x10 = a[0] | x9; 22 | x11 = x8 ^ x10; 23 | x12 = a[4] & x11; 24 | x13 = x6 ^ x12; 25 | x14 = ~x4; 26 | x15 = x14 & a[5]; 27 | x16 = a[0] | x15; 28 | x17 = x8 ^ x16; 29 | x18 = a[4] | x17; 30 | x19 = x10 ^ x18; 31 | x20 = a[1] | x19; 32 | x21 = x13 ^ x20; 33 | out[2] = x21; 34 | x22 = x2 | x15; 35 | x23 = x22 ^ a[5]; 36 | x24 = a[3] ^ x22; 37 | x25 = a[0] & x24; 38 | x26 = x23 ^ x25; 39 | x27 = a[0] ^ x11; 40 | x28 = x27 & x22; 41 | x29 = a[4] | x28; 42 | x30 = x26 ^ x29; 43 | x31 = a[3] | x27; 44 | x32 = ~x31; 45 | x33 = a[1] | x32; 46 | x34 = x30 ^ x33; 47 | out[1] = x34; 48 | x35 = x2 ^ x15; 49 | x36 = a[0] & x35; 50 | x37 = x14 ^ x36; 51 | x38 = x5 ^ x7; 52 | x39 = x38 & x34; 53 | x40 = a[4] | x39; 54 | x41 = x37 ^ x40; 55 | x42 = x2 ^ x5; 56 | x43 = x42 & x16; 57 | x44 = x4 & x27; 58 | x45 = a[4] & x44; 59 | x46 = x43 ^ x45; 60 | x47 = a[1] | x46; 61 | x48 = x41 ^ x47; 62 | out[0] = x48; 63 | x49 = x24 & x48; 64 | x50 = x49 ^ x5; 65 | x51 = x11 ^ x30; 66 | x52 = x51 | x50; 67 | x53 = a[4] & x52; 68 | x54 = x50 ^ x53; 69 | x55 = x14 ^ x19; 70 | x56 = x55 ^ x34; 71 | x57 = x4 ^ x16; 72 | x58 = x57 & x30; 73 | x59 = a[4] & x58; 74 | x60 = x56 ^ x59; 75 | x61 = a[1] | x60; 76 | x62 = x54 ^ x61; 77 | out[3] = x62 78 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_6.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_6 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1, x43:v1, x44:v1, x45:v1, x46:v1, x47:v1, x48:v1, 9 | x49:v1, x50:v1, x51:v1, x52:v1, x53:v1, x54:v1, x55:v1, x56:v1, 10 | x57:v1 11 | let 12 | x1 = ~a[1]; 13 | x2 = ~a[4]; 14 | x3 = a[1] ^ a[5]; 15 | x4 = x3 ^ x2; 16 | x5 = x4 ^ a[0]; 17 | x6 = a[4] & a[5]; 18 | x7 = x6 | x1; 19 | x8 = a[4] & x5; 20 | x9 = a[0] & x8; 21 | x10 = x7 ^ x9; 22 | x11 = a[3] & x10; 23 | x12 = x5 ^ x11; 24 | x13 = a[5] ^ x10; 25 | x14 = x13 & a[0]; 26 | x15 = a[1] & a[5]; 27 | x16 = x15 ^ a[4]; 28 | x17 = a[0] & x16; 29 | x18 = x2 ^ x17; 30 | x19 = a[3] | x18; 31 | x20 = x14 ^ x19; 32 | x21 = a[2] & x20; 33 | x22 = x12 ^ x21; 34 | out[1] = x22; 35 | x23 = a[5] ^ x18; 36 | x24 = a[0] & x23; 37 | x25 = a[4] ^ x24; 38 | x26 = a[1] ^ x17; 39 | x27 = x26 | x6; 40 | x28 = a[3] & x27; 41 | x29 = x25 ^ x28; 42 | x30 = ~x26; 43 | x31 = a[5] | x29; 44 | x32 = ~x31; 45 | x33 = a[3] & x32; 46 | x34 = x30 ^ x33; 47 | x35 = a[2] & x34; 48 | x36 = x29 ^ x35; 49 | out[3] = x36; 50 | x37 = x6 ^ x34; 51 | x38 = a[4] & x23; 52 | x39 = x38 ^ x5; 53 | x40 = a[3] | x39; 54 | x41 = x37 ^ x40; 55 | x42 = x16 | x24; 56 | x43 = x42 ^ x1; 57 | x44 = x15 ^ x24; 58 | x45 = x44 ^ x31; 59 | x46 = a[3] | x45; 60 | x47 = x43 ^ x46; 61 | x48 = a[2] | x47; 62 | x49 = x41 ^ x48; 63 | out[0] = x49; 64 | x50 = x5 | x38; 65 | x51 = x50 ^ x6; 66 | x52 = x8 & x31; 67 | x53 = a[3] | x52; 68 | x54 = x51 ^ x53; 69 | x55 = x30 & x43; 70 | x56 = a[2] | x55; 71 | x57 = x54 ^ x56; 72 | out[2] = x57 73 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_7.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_7 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1, x43:v1, x44:v1, x45:v1, x46:v1, x47:v1, x48:v1, 9 | x49:v1, x50:v1, x51:v1, x52:v1, x53:v1, x54:v1, x55:v1, x56:v1, 10 | x57:v1 11 | let 12 | x1 = ~a[1]; 13 | x2 = ~a[4]; 14 | x3 = a[1] & a[3]; 15 | x4 = x3 ^ a[4]; 16 | x5 = x4 ^ a[2]; 17 | x6 = a[3] & x4; 18 | x7 = x6 ^ a[1]; 19 | x8 = a[2] & x7; 20 | x9 = a[0] ^ x8; 21 | x10 = a[5] | x9; 22 | x11 = x5 ^ x10; 23 | x12 = a[3] & x2; 24 | x13 = x12 | a[1]; 25 | x14 = a[1] | x2; 26 | x15 = a[2] & x14; 27 | x16 = x13 ^ x15; 28 | x17 = x6 ^ x11; 29 | x18 = a[5] | x17; 30 | x19 = x16 ^ x18; 31 | x20 = a[0] & x19; 32 | x21 = x11 ^ x20; 33 | out[0] = x21; 34 | x22 = a[1] | x21; 35 | x23 = x22 ^ x6; 36 | x24 = x23 ^ x15; 37 | x25 = x5 ^ x6; 38 | x26 = x25 | x12; 39 | x27 = a[5] | x26; 40 | x28 = x24 ^ x27; 41 | x29 = x1 & x19; 42 | x30 = x23 & x26; 43 | x31 = a[5] & x30; 44 | x32 = x29 ^ x31; 45 | x33 = a[0] | x32; 46 | x34 = x28 ^ x33; 47 | out[3] = x34; 48 | x35 = a[3] & x16; 49 | x36 = x35 | x1; 50 | x37 = a[5] & x36; 51 | x38 = x11 ^ x37; 52 | x39 = a[3] & x13; 53 | x40 = a[2] | x7; 54 | x41 = x39 ^ x40; 55 | x42 = x1 | x24; 56 | x43 = a[5] | x42; 57 | x44 = x41 ^ x43; 58 | x45 = a[0] | x44; 59 | x46 = x38 ^ x45; 60 | out[1] = x46; 61 | x47 = x8 ^ x44; 62 | x48 = x6 ^ x15; 63 | x49 = a[5] | x48; 64 | x50 = x47 ^ x49; 65 | x51 = x19 ^ x44; 66 | x52 = a[3] ^ x25; 67 | x53 = x52 & x46; 68 | x54 = a[5] & x53; 69 | x55 = x51 ^ x54; 70 | x56 = a[0] | x55; 71 | x57 = x50 ^ x56; 72 | out[2] = x57 73 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/des_8.ua: -------------------------------------------------------------------------------- 1 | node sbox_des_7 (a:v6) returns (out:v4) 2 | vars 3 | x1:v1, x2:v1, x3:v1, x4:v1, x5:v1, x6:v1, x7:v1, x8:v1, 4 | x9:v1, x10:v1, x11:v1, x12:v1, x13:v1, x14:v1, x15:v1, x16:v1, 5 | x17:v1, x18:v1, x19:v1, x20:v1, x21:v1, x22:v1, x23:v1, x24:v1, 6 | x25:v1, x26:v1, x27:v1, x28:v1, x29:v1, x30:v1, x31:v1, x32:v1, 7 | x33:v1, x34:v1, x35:v1, x36:v1, x37:v1, x38:v1, x39:v1, x40:v1, 8 | x41:v1, x42:v1, x43:v1, x44:v1, x45:v1, x46:v1, x47:v1, x48:v1, 9 | x49:v1, x50:v1, x51:v1, x52:v1, x53:v1, x54:v1 10 | let 11 | x1 = ~a[0]; 12 | x2 = ~a[3]; 13 | x3 = a[2] ^ x1; 14 | x4 = a[2] | x1; 15 | x5 = x4 ^ x2; 16 | x6 = a[4] | x5; 17 | x7 = x3 ^ x6; 18 | x8 = x1 | x5; 19 | x9 = x2 ^ x8; 20 | x10 = a[4] & x9; 21 | x11 = x8 ^ x10; 22 | x12 = a[1] & x11; 23 | x13 = x7 ^ x12; 24 | x14 = x6 ^ x9; 25 | x15 = x3 & x9; 26 | x16 = a[4] & x8; 27 | x17 = x15 ^ x16; 28 | x18 = a[1] | x17; 29 | x19 = x14 ^ x18; 30 | x20 = a[5] | x19; 31 | x21 = x13 ^ x20; 32 | out[0] = x21; 33 | x22 = a[4] | x3; 34 | x23 = x22 & x2; 35 | x24 = ~a[2]; 36 | x25 = x24 & x8; 37 | x26 = a[4] & x4; 38 | x27 = x25 ^ x26; 39 | x28 = a[1] | x27; 40 | x29 = x23 ^ x28; 41 | x30 = a[5] & x29; 42 | x31 = x13 ^ x30; 43 | out[3] = x31; 44 | x32 = x5 ^ x6; 45 | x33 = x32 ^ x22; 46 | x34 = a[3] | x13; 47 | x35 = a[1] & x34; 48 | x36 = x33 ^ x35; 49 | x37 = a[0] & x33; 50 | x38 = x37 ^ x8; 51 | x39 = a[0] ^ x23; 52 | x40 = x39 & x7; 53 | x41 = a[1] & x40; 54 | x42 = x38 ^ x41; 55 | x43 = a[5] | x42; 56 | x44 = x36 ^ x43; 57 | out[2] = x44; 58 | x45 = a[0] ^ x10; 59 | x46 = x45 ^ x22; 60 | x47 = ~x7; 61 | x48 = x47 & x8; 62 | x49 = a[1] | x48; 63 | x50 = x46 ^ x49; 64 | x51 = x19 ^ x29; 65 | x52 = x51 | x38; 66 | x53 = a[5] & x52; 67 | x54 = x50 ^ x53; 68 | out[1] = x54 69 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/present.ua: -------------------------------------------------------------------------------- 1 | node sbox (X3, X2, X1, X0 : v1) 2 | returns (Y3, Y2, Y1, Y0 : v1) 3 | vars 4 | T1, T2, T3, T4, T5, T6, T7, T8, T9 : v1 5 | let 6 | T1 = X1 ^ X2; 7 | T2 = X2 & T1; 8 | T3 = X3 ^ T2; 9 | Y0 = X0 ^ T3; 10 | T4 = T1 & T3; 11 | T5 = T1 ^ Y0; 12 | T6 = T4 ^ X2; 13 | T7 = X0 | T6; 14 | Y1 = T5 ^ T7; 15 | T8 = T6 ^ ~X0; 16 | Y3 = Y1 ^ T8; 17 | T9 = T8 | T5; 18 | Y2 = T3 ^ T9 19 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/pyjamask.ua: -------------------------------------------------------------------------------- 1 | node SubBytes (s0:v1,s1:v1,s2:v1,s3:v1) returns (ret:v1[4]) 2 | let 3 | s0 ^:= s3; 4 | s3 ^:= s0 & s1; 5 | s0 ^:= s1 & s2; 6 | s1 ^:= s2 & s3; 7 | s2 ^:= s0 & s3; 8 | s2 ^:= s1; 9 | s1 ^:= s0; 10 | s3 := ~s3; 11 | 12 | ret = (s0, s1, s3, s2) 13 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/rectangle.ua: -------------------------------------------------------------------------------- 1 | node sbox (a0:v1, a1:v1, a2:v1, a3:v1) 2 | returns (b0:v1, b1:v1, b2:v1, b3:v1) 3 | vars 4 | t1:v1, t2:v1, t3:v1, t4:v1, t5:v1, t6:v1, 5 | t7:v1, t8:v1, t9:v1, t10:v1, t11:v1, t12:v1 6 | let 7 | t1 = ~a1; 8 | t2 = a0 & t1; 9 | t3 = a2 ^ a3; 10 | b0 = t2 ^ t3; 11 | t5 = a3 | t1; 12 | t6 = a0 ^ t5; 13 | b1 = a2 ^ t6; 14 | t8 = a1 ^ a2; 15 | t9 = t3 & t6; 16 | b3 = t8 ^ t9; 17 | t11 = b0 | t8; 18 | b2 = t6 ^ t11 19 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_0.ua: -------------------------------------------------------------------------------- 1 | node s0(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t17 : v1 6 | let 7 | t01 = b ^ c ; 8 | t02 = a | d ; 9 | t03 = a ^ b ; 10 | z = t02 ^ t01; 11 | t05 = c | z ; 12 | t06 = a ^ d ; 13 | t07 = b | c ; 14 | t08 = d & t05; 15 | t09 = t03 & t07; 16 | y = t09 ^ t08; 17 | t11 = t09 & y ; 18 | t12 = c ^ d ; 19 | t13 = t07 ^ t11; 20 | t14 = b & t06; 21 | t15 = t06 ^ t13; 22 | w = ~ t15; 23 | t17 = w ^ t14; 24 | x = t12 ^ t17 25 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_1.ua: -------------------------------------------------------------------------------- 1 | node s1(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t04 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t10 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t16 : v1, t17 : v1, t18 : v1 6 | let 7 | t01 = a | d ; 8 | t02 = c ^ d ; 9 | t03 = ~ b ; 10 | t04 = a ^ c ; 11 | t05 = a | t03; 12 | t06 = d & t04; 13 | t07 = t01 & t02; 14 | t08 = b | t06; 15 | y = t02 ^ t05; 16 | t10 = t07 ^ t08; 17 | t11 = t01 ^ t10; 18 | t12 = y ^ t11; 19 | t13 = b & d ; 20 | z = ~ t10; 21 | x = t13 ^ t12; 22 | t16 = t10 | x ; 23 | t17 = t05 & t16; 24 | w = c ^ t17 25 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_2.ua: -------------------------------------------------------------------------------- 1 | node s2(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t04 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t10 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t16 : v1, t17 : v1, t18 : v1 6 | let 7 | t01 = a | c ; 8 | t02 = a ^ b ; 9 | t03 = d ^ t01; 10 | w = t02 ^ t03; 11 | t05 = c ^ w ; 12 | t06 = b ^ t05; 13 | t07 = b | t05; 14 | t08 = t01 & t06; 15 | t09 = t03 ^ t07; 16 | t10 = t02 | t09; 17 | x = t10 ^ t08; 18 | t12 = a | d ; 19 | t13 = t09 ^ x ; 20 | t14 = b ^ t13; 21 | z = ~ t09; 22 | y = t12 ^ t14 23 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_3.ua: -------------------------------------------------------------------------------- 1 | node s3(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t04 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t10 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t16 : v1, t17 : v1, t18 : v1 6 | let 7 | t01 = a ^ c ; 8 | t02 = a | d ; 9 | t03 = a & d ; 10 | t04 = t01 & t02; 11 | t05 = b | t03; 12 | t06 = a & b ; 13 | t07 = d ^ t04; 14 | t08 = c | t06; 15 | t09 = b ^ t07; 16 | t10 = d & t05; 17 | t11 = t02 ^ t10; 18 | z = t08 ^ t09; 19 | t13 = d | z ; 20 | t14 = a | t07; 21 | t15 = b & t13; 22 | y = t08 ^ t11; 23 | w = t14 ^ t15; 24 | x = t05 ^ t04 25 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_4.ua: -------------------------------------------------------------------------------- 1 | node s4(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t04 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t10 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t16 : v1, t17 : v1, t18 : v1 6 | let 7 | t01 = a | b ; 8 | t02 = b | c ; 9 | t03 = a ^ t02; 10 | t04 = b ^ d ; 11 | t05 = d | t03; 12 | t06 = d & t01; 13 | z = t03 ^ t06; 14 | t08 = z & t04; 15 | t09 = t04 & t05; 16 | t10 = c ^ t06; 17 | t11 = b & c ; 18 | t12 = t04 ^ t08; 19 | t13 = t11 | t03; 20 | t14 = t10 ^ t09; 21 | t15 = a & t05; 22 | t16 = t11 | t12; 23 | y = t13 ^ t08; 24 | x = t15 ^ t16; 25 | w = ~ t14 26 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_5.ua: -------------------------------------------------------------------------------- 1 | node s5(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t04 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t10 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t16 : v1, t17 : v1, t18 : v1 6 | let 7 | t01 = b ^ d ; 8 | t02 = b | d ; 9 | t03 = a & t01; 10 | t04 = c ^ t02; 11 | t05 = t03 ^ t04; 12 | w = ~ t05; 13 | t07 = a ^ t01; 14 | t08 = d | w ; 15 | t09 = b | t05; 16 | t10 = d ^ t08; 17 | t11 = b | t07; 18 | t12 = t03 | w ; 19 | t13 = t07 | t10; 20 | t14 = t01 ^ t11; 21 | y = t09 ^ t13; 22 | x = t07 ^ t08; 23 | z = t12 ^ t14 24 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_6.ua: -------------------------------------------------------------------------------- 1 | node s6(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t04 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t10 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t16 : v1, t17 : v1, t18 : v1 6 | let 7 | t01 = a & d ; 8 | t02 = b ^ c ; 9 | t03 = a ^ d ; 10 | t04 = t01 ^ t02; 11 | t05 = b | c ; 12 | x = ~ t04; 13 | t07 = t03 & t05; 14 | t08 = b & x ; 15 | t09 = a | c ; 16 | t10 = t07 ^ t08; 17 | t11 = b | d ; 18 | t12 = c ^ t11; 19 | t13 = t09 ^ t10; 20 | y = ~ t13; 21 | t15 = x & t03; 22 | z = t12 ^ t07; 23 | t17 = a ^ b ; 24 | t18 = y ^ t15; 25 | w = t17 ^ t18 26 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_7.ua: -------------------------------------------------------------------------------- 1 | node s7(a:v1,b:v1,c:v1,d:v1) returns (w:v1,x:v1,y:v1,z:v1) 2 | vars 3 | t01 : v1, t02 : v1, t03 : v1, t04 : v1, t05 : v1, t06 : v1, 4 | t07 : v1, t08 : v1, t09 : v1, t10 : v1, t11 : v1, t12 : v1, 5 | t13 : v1, t14 : v1, t15 : v1, t16 : v1, t17 : v1, t18 : v1 6 | let 7 | t01 = a & c ; 8 | t02 = ~ d ; 9 | t03 = a & t02; 10 | t04 = b | t01; 11 | t05 = a & b ; 12 | t06 = c ^ t04; 13 | z = t03 ^ t06; 14 | t08 = c | z ; 15 | t09 = d | t05; 16 | t10 = a ^ t08; 17 | t11 = t04 & z ; 18 | x = t09 ^ t10; 19 | t13 = b ^ x ; 20 | t14 = t01 ^ x ; 21 | t15 = c ^ t05; 22 | t16 = t11 | t13; 23 | t17 = t02 | t14; 24 | w = t15 ^ t17; 25 | y = a ^ t16 26 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_0.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s0 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r4 = r1; 6 | r3 ^:= r0; 7 | r1 &:= r3; 8 | r4 ^:= r2; 9 | r1 ^:= r0; 10 | r0 |:= r3; 11 | r0 ^:= r4; 12 | r4 ^:= r3; 13 | r3 ^:= r2; 14 | r2 |:= r1; 15 | r2 ^:= r4; 16 | r4 := ~r4; 17 | r4 |:= r1; 18 | r1 ^:= r3; 19 | r1 ^:= r4; 20 | r3 |:= r0; 21 | r1 ^:= r3; 22 | r4 ^:= r3; 23 | r5 = r1; 24 | r6 = r4; 25 | r7 = r2; 26 | r8 = r0 27 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_1.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s1 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r0 := ~r0; 6 | r2 := ~r2; 7 | r4 = r0; 8 | r0 &:= r1; 9 | r2 ^:= r0; 10 | r0 |:= r3; 11 | r3 ^:= r2; 12 | r1 ^:= r0; 13 | r0 ^:= r4; 14 | r4 |:= r1; 15 | r1 ^:= r3; 16 | r2 |:= r0; 17 | r2 &:= r4; 18 | r0 ^:= r1; 19 | r1 &:= r2; 20 | r1 ^:= r0; 21 | r0 &:= r2; 22 | r0 ^:= r4; 23 | r5 = r2; 24 | r6 = r0; 25 | r7 = r3; 26 | r8 = r1 27 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_2.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s2 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r4 = r0; 6 | r0 &:= r2; 7 | r0 ^:= r3; 8 | r2 ^:= r1; 9 | r2 ^:= r0; 10 | r3 |:= r4; 11 | r3 ^:= r1; 12 | r4 ^:= r2; 13 | r1 := r3; 14 | r3 |:= r4; 15 | r3 ^:= r0; 16 | r0 &:= r1; 17 | r4 ^:= r0; 18 | r1 ^:= r3; 19 | r1 ^:= r4; 20 | r4 := ~r4; 21 | r5 = r2; 22 | r6 = r3; 23 | r7 = r1; 24 | r8 = r4 25 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_3.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s3 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r4 = r0; 6 | r0 |:= r3; 7 | r3 ^:= r1; 8 | r1 &:= r4; 9 | r4 ^:= r2; 10 | r2 ^:= r3; 11 | r3 &:= r0; 12 | r4 |:= r1; 13 | r3 ^:= r4; 14 | r0 ^:= r1; 15 | r4 &:= r0; 16 | r1 ^:= r3; 17 | r4 ^:= r2; 18 | r1 |:= r0; 19 | r1 ^:= r2; 20 | r0 ^:= r3; 21 | r2 := r1; 22 | r1 |:= r3; 23 | r1 ^:= r0; 24 | r5 = r1; 25 | r6 = r2; 26 | r7 = r3; 27 | r8 = r4 28 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_4.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s4 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r1 ^:= r3; 6 | r3 := ~r3; 7 | r2 ^:= r3; 8 | r3 ^:= r0; 9 | r4 = r1; 10 | r1 &:= r3; 11 | r1 ^:= r2; 12 | r4 ^:= r3; 13 | r0 ^:= r4; 14 | r2 &:= r4; 15 | r2 ^:= r0; 16 | r0 &:= r1; 17 | r3 ^:= r0; 18 | r4 |:= r1; 19 | r4 ^:= r0; 20 | r0 |:= r3; 21 | r0 ^:= r2; 22 | r2 &:= r3; 23 | r0 := ~r0; 24 | r4 ^:= r2; 25 | r5 = r1; 26 | r6 = r4; 27 | r7 = r0; 28 | r8 = r3 29 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_5.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s5 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r0 ^:= r1; 6 | r1 ^:= r3; 7 | r3 := ~r3; 8 | r4 = r1; 9 | r1 &:= r0; 10 | r2 ^:= r3; 11 | r1 ^:= r2; 12 | r2 |:= r4; 13 | r4 ^:= r3; 14 | r3 &:= r1; 15 | r3 ^:= r0; 16 | r4 ^:= r1; 17 | r4 ^:= r2; 18 | r2 ^:= r0; 19 | r0 &:= r3; 20 | r2 := ~r2; 21 | r0 ^:= r4; 22 | r4 |:= r3; 23 | r2 ^:= r4; 24 | r5 = r1; 25 | r6 = r3; 26 | r7 = r0; 27 | r8 = r2 28 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_6.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s6 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r2 := ~r2; 6 | r4 = r3; 7 | r3 &:= r0; 8 | r0 ^:= r4; 9 | r3 ^:= r2; 10 | r2 |:= r4; 11 | r1 ^:= r3; 12 | r2 ^:= r0; 13 | r0 |:= r1; 14 | r2 ^:= r1; 15 | r4 ^:= r0; 16 | r0 |:= r3; 17 | r0 ^:= r2; 18 | r4 ^:= r3; 19 | r4 ^:= r0; 20 | r3 := ~r3; 21 | r2 &:= r4; 22 | r2 ^:= r3; 23 | r5 = r0; 24 | r6 = r1; 25 | r7 = r4; 26 | r8 = r2 27 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/serpent_osvik_7.ua: -------------------------------------------------------------------------------- 1 | _no_opt node s7 (r0:v1,r1:v1,r2:v1,r3:v1) returns (r5:v1,r6:v1,r7:v1,r8:v1) 2 | vars 3 | r4 : v1 4 | let 5 | r4 = r1; 6 | r1 |:= r2; 7 | r1 ^:= r3; 8 | r4 ^:= r2; 9 | r2 ^:= r1; 10 | r3 |:= r4; 11 | r3 &:= r0; 12 | r4 ^:= r2; 13 | r3 ^:= r1; 14 | r1 |:= r4; 15 | r1 ^:= r0; 16 | r0 |:= r4; 17 | r0 ^:= r2; 18 | r1 ^:= r4; 19 | r2 ^:= r1; 20 | r1 &:= r0; 21 | r1 ^:= r4; 22 | r2 := ~r2; 23 | r2 |:= r0; 24 | r4 ^:= r2; 25 | r5 = r4; 26 | r6 = r3; 27 | r7 = r1; 28 | r8 = r0 29 | tel -------------------------------------------------------------------------------- /src/usuba/data/sboxes/skinny.ua: -------------------------------------------------------------------------------- 1 | node sbox_calc(a:b8) returns (b:b8) 2 | let 3 | b = (a[0], a[1], a[2], a[3] ^ ~(a[0] | a[1]), 4 | a[4], a[5], a[6], a[7] ^ ~(a[4] | a[5])) 5 | tel 6 | 7 | perm sbox_perm(a:b8) returns (b:b8) { 8 | 6, 7, 1, 2, 4, 8, 5, 3 9 | } 10 | 11 | perm sbox_last_perm(a:b8) returns (b:b8) { 12 | 1, 2, 3, 4, 5, 7, 6, 8 13 | } 14 | 15 | node sbox_quarter(a:b8) returns (b:b8) 16 | let 17 | b = sbox_perm(sbox_calc(a)) 18 | tel 19 | 20 | node sbox_last_quarter(a:b8) returns (b:b8) 21 | let 22 | b = sbox_last_perm(sbox_calc(a)) 23 | tel 24 | 25 | node sbox(a:b8) returns (b:b8) 26 | let 27 | b = sbox_last_quarter(sbox_quarter(sbox_quarter(sbox_quarter(a)))) 28 | tel 29 | -------------------------------------------------------------------------------- /src/usuba/data/sboxes/spongent.ua: -------------------------------------------------------------------------------- 1 | node sBox (x:b4) returns (y:b4) 2 | vars q:b8,t:b4 3 | let 4 | q[0] = x[0] ^ x[2]; 5 | q[1] = x[1] ^ x[2]; 6 | t[0] = q[0] & q[1]; 7 | q[2] = 1:b1 ^ x[0] ^ x[1] ^ x[3] ^ t[0]; 8 | q[3] = 1:b1 ^ x[0]; 9 | t[1] = q[2] & q[3]; 10 | q[4] = x[1] ^ t[1]; 11 | q[5] = x[1] ^ x[2] ^ x[3] ^ t[0] ^ t[1]; 12 | t[2] = q[4] & q[5]; 13 | q[6] = x[2] ^ t[0]; 14 | q[7] = 1:b1 ^ x[1] ^ t[0]; 15 | t[3] = q[6] & q[7]; 16 | y[0] = x[1] ^ x[2] ^ x[3] ^ t[2]; 17 | y[1] = x[0] ^ x[2] ^ x[3] ^ t[0] ^ t[1]; 18 | y[2] = x[0] ^ x[1] ^ x[2] ^ t[1]; 19 | y[3] = x[0] ^ x[3] ^ t[0] ^ t[3]; 20 | tel -------------------------------------------------------------------------------- /src/usuba/experimentations/bench_generic/bench.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #ifndef NB_RUN 7 | #define NB_RUN 1000 8 | #endif 9 | 10 | #ifndef WARMING 11 | #define WARMING 100 12 | #endif 13 | 14 | extern uint32_t bench_speed(); 15 | 16 | int main() { 17 | 18 | /* Getting number of encrypted bytes */ 19 | uint64_t encrypted = bench_speed(); 20 | 21 | /* Warming up caches */ 22 | for (int i = 0; i < WARMING; i++) 23 | bench_speed(); 24 | 25 | /* The actual benchmark */ 26 | unsigned int garbage; 27 | uint64_t timer = __rdtscp(&garbage); 28 | for (int i = 0; i < NB_RUN; i++) 29 | bench_speed(); 30 | timer = __rdtscp(&garbage) - timer; 31 | 32 | /* Printing the result */ 33 | printf("%.2f cycles/bytes\n", (double)timer / (NB_RUN * encrypted)); 34 | } 35 | -------------------------------------------------------------------------------- /src/usuba/install_deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Installing OCaml 4 | if [ ! $(command -v ocaml) ]; then 5 | echo "OCaml not found. Installing it..."; 6 | sudo apt install -y ocaml 7 | fi 8 | 9 | # Installing and configuring Opam (OCaml package manager) 10 | if [ ! $(command -v opam) ]; then 11 | echo "Opam not found. Installing it..."; 12 | sudo apt install -y opam 13 | opam init -y 14 | eval `opam config env` 15 | fi 16 | 17 | # Installing required packages from opam 18 | opam install -y coq ocamlbuild menhir 19 | -------------------------------------------------------------------------------- /src/usuba/nist/.gitignore: -------------------------------------------------------------------------------- 1 | Documents 2 | Implementations -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua/ace.h: -------------------------------------------------------------------------------- 1 | 2 | /* Reference implementation of the ACE permutation 3 | Written by: 4 | Kalikinkar Mandal 5 | */ 6 | 7 | #ifndef ACE_H 8 | #define ACE_H 9 | 10 | #include 11 | #include 12 | #include 13 | 14 | 15 | #define STATEBYTES 40 //Number OF BYTES = 320/8 = 40 16 | #define SIMECKBYTES 8 //Number of Simeck BYTES = 64/8 = 8 17 | #define SIMECKROUND 8 //Number of rounds 18 | #define NUMSTEPS 16 //Number of steps 19 | 20 | 21 | typedef unsigned long long u64; 22 | 23 | unsigned char rotl8 ( const unsigned char x, const unsigned char y, const unsigned char shift ); 24 | 25 | void ace_print_data(const unsigned char *x, const uint32_t xlen ); 26 | 27 | void simeck_print_data(const unsigned char *y, const unsigned char ylen ); 28 | 29 | void simeck64_box( unsigned char *output, const unsigned char *input, const unsigned char rc ); 30 | 31 | void ace_permutation( unsigned char *input ); 32 | 33 | void ace_print_state( const unsigned char *state ); 34 | 35 | void ace_permutation_ALLZERO ( unsigned char *state ); 36 | 37 | void ace_permutation_ALLONE ( unsigned char *state ); 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua/ace.ua: -------------------------------------------------------------------------------- 1 | node f(x:u32) returns (y:u32) 2 | let 3 | y = ((x <<< 5) & refresh(x)) ^ (x <<< 1) 4 | tel 5 | 6 | node simeck_box(input:u32x2, rc:u32) returns (output:u32x2) 7 | vars 8 | round:u32x2[9], 9 | tmp:u32[8] 10 | let 11 | 12 | round[0] = input; 13 | 14 | forall i in [0, 7] { 15 | tmp[i] = f(round[i][0]) ^ round[i][1] ^ 0xfffffffe ^ ((rc >> i) & 1); 16 | round[i+1][0,1] = (tmp[i], round[i][0]) ; 17 | } 18 | 19 | output = round[8] 20 | 21 | tel 22 | 23 | 24 | node ACE_step(A,B,C,D,E:u32x2,RC,SC:u32[3]) returns (Ar,Br,Cr,Dr,Er:u32x2) 25 | let 26 | A := simeck_box(A,RC[0]); 27 | C := simeck_box(C,RC[1]); 28 | E := simeck_box(E,RC[2]); 29 | B := B ^ C ^ (0,SC[0]) ^ (0xffffffff,0xffffff00); 30 | D := D ^ E ^ (0,SC[1]) ^ (0xffffffff,0xffffff00); 31 | E := E ^ A ^ (0,SC[2]) ^ (0xffffffff,0xffffff00); 32 | Ar = D; 33 | Br = C; 34 | Cr = A; 35 | Dr = E; 36 | Er = B; 37 | tel 38 | 39 | 40 | node ACE(input:u32x2[5]) returns (output:u32x2[5]) 41 | vars 42 | SC:u32[3][16], 43 | RC:u32[3][16], 44 | tmp:u32x2[17][5] 45 | let 46 | SC = (0x50,0x5c,0x91,0x8d,0x53,0x60,0x68,0xe1,0xf6,0x9d,0x40,0x4f,0xbe,0x5b,0xe9,0x7f, 47 | 0x28,0xae,0x48,0xc6,0xa9,0x30,0x34,0x70,0x7b,0xce,0x20,0x27,0x5f,0xad,0x74,0x3f, 48 | 0x14,0x57,0x24,0x63,0x54,0x18,0x9a,0x38,0xbd,0x67,0x10,0x13,0x2f,0xd6,0xba,0x1f); 49 | RC = (0x07,0x0a,0x9b,0xe0,0xd1,0x1a,0x22,0xf7,0x62,0x96,0x71,0xaa,0x2b,0xe9,0xcf,0xb7, 50 | 0x53,0x5d,0x49,0x7f,0xbe,0x1d,0x28,0x6c,0x82,0x47,0x6b,0x88,0xdc,0x8b,0x59,0xc6, 51 | 0x43,0xe4,0x5e,0xcc,0x32,0x4e,0x75,0x25,0xfd,0xf9,0x76,0xa0,0xb0,0x09,0x1e,0xad); 52 | 53 | 54 | tmp[0] = input; 55 | 56 | forall i in [0, 15] { 57 | tmp[i+1] = ACE_step(tmp[i], RC[0,1,2][i],SC[0,1,2][i]); 58 | } 59 | 60 | output = tmp[16]; 61 | 62 | tel -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua/ace_bitslice.ua: -------------------------------------------------------------------------------- 1 | node f(x:u32) returns (y:u32) 2 | let 3 | y = ((x <<< 5) & x) ^ (x <<< 1) 4 | tel 5 | 6 | node simeck_box(input:u32x2, rc:u32) returns (output:u32x2) 7 | vars 8 | round:u32x2[9], 9 | tmp:u32[8] 10 | let 11 | 12 | round[0] = input; 13 | 14 | forall i in [0, 7] { 15 | tmp[i] = f(round[i][0]) ^ round[i][1] ^ 0xfffffffe ^ ((rc >> i) & 1); 16 | round[i+1][0,1] = (tmp[i], round[i][0]) ; 17 | } 18 | 19 | output = round[8] 20 | 21 | tel 22 | 23 | 24 | node ACE_step(A,B,C,D,E:u32x2,RC,SC:u32[3]) returns (Ar,Br,Cr,Dr,Er:u32x2) 25 | let 26 | A := simeck_box(A,RC[0]); 27 | C := simeck_box(C,RC[1]); 28 | E := simeck_box(E,RC[2]); 29 | B := B ^ C ^ (0,SC[0]) ^ (0xffffffff,0xffffff00); 30 | D := D ^ E ^ (0,SC[1]) ^ (0xffffffff,0xffffff00); 31 | E := E ^ A ^ (0,SC[2]) ^ (0xffffffff,0xffffff00); 32 | Ar = D; 33 | Br = C; 34 | Cr = A; 35 | Dr = E; 36 | Er = B; 37 | tel 38 | 39 | 40 | node ACE(input:u32x2[5]) returns (output:u32x2[5]) 41 | vars 42 | SC:u32[3][16], 43 | RC:u32[3][16], 44 | tmp:u32x2[17][5] 45 | let 46 | SC = (0x50,0x5c,0x91,0x8d,0x53,0x60,0x68,0xe1,0xf6,0x9d,0x40,0x4f,0xbe,0x5b,0xe9,0x7f, 47 | 0x28,0xae,0x48,0xc6,0xa9,0x30,0x34,0x70,0x7b,0xce,0x20,0x27,0x5f,0xad,0x74,0x3f, 48 | 0x14,0x57,0x24,0x63,0x54,0x18,0x9a,0x38,0xbd,0x67,0x10,0x13,0x2f,0xd6,0xba,0x1f); 49 | RC = (0x07,0x0a,0x9b,0xe0,0xd1,0x1a,0x22,0xf7,0x62,0x96,0x71,0xaa,0x2b,0xe9,0xcf,0xb7, 50 | 0x53,0x5d,0x49,0x7f,0xbe,0x1d,0x28,0x6c,0x82,0x47,0x6b,0x88,0xdc,0x8b,0x59,0xc6, 51 | 0x43,0xe4,0x5e,0xcc,0x32,0x4e,0x75,0x25,0xfd,0xf9,0x76,0xa0,0xb0,0x09,0x1e,0xad); 52 | 53 | 54 | tmp[0] = input; 55 | 56 | forall i in [0, 15] { 57 | tmp[i+1] = ACE_step(tmp[i], RC[0,1,2][i],SC[0,1,2][i]); 58 | } 59 | 60 | output = tmp[16]; 61 | 62 | tel -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -light-inline -no-sched -o nist/ace/usuba/ua/ace_ua_bitslice.c -arch std -no-share nist/ace/usuba/ua/ace_bitslice.ua 2 | ./usubac -V -light-inline -no-sched -o nist/ace/usuba/ua/ace_ua_vslice.c -arch std -no-share nist/ace/usuba/ua/ace.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua/main: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/nist/ace/usuba/ua/main -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua_masked/ace.ua: -------------------------------------------------------------------------------- 1 | ../ua/ace.ua -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua_masked/ace_bitslice.ua: -------------------------------------------------------------------------------- 1 | ../ua/ace_bitslice.ua -------------------------------------------------------------------------------- /src/usuba/nist/ace/usuba/ua_masked/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -masked -B -light-inline -no-sched -o nist/ace/usuba/ua_masked/ace_ua_bitslice.c -arch std -no-share nist/ace/usuba/ua_masked/ace_bitslice.ua 2 | ./usubac -masked -V -light-inline -no-sched -o nist/ace/usuba/ua_masked/ace_ua_vslice.c -arch std -no-share nist/ace/usuba/ua_masked/ace.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 4 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 5 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 6 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 7 | -------------------------------------------------------------------------------- /src/usuba/nist/ascon/usuba/bench/ascon_ref.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef unsigned char u8; 4 | typedef unsigned long long u64; 5 | 6 | typedef struct { 7 | u64 x0, x1, x2, x3, x4; 8 | } state; 9 | 10 | static inline u64 ROTR64(u64 x, int n) { return (x << (64 - n)) | (x >> n); } 11 | 12 | static inline void ROUND(u8 C, state* p) { 13 | state s = *p; 14 | state t; 15 | // addition of round constant 16 | s.x2 ^= C; 17 | // substitution layer 18 | s.x0 ^= s.x4; 19 | s.x4 ^= s.x3; 20 | s.x2 ^= s.x1; 21 | // start of keccak s-box 22 | t.x0 = ~s.x0; 23 | t.x1 = ~s.x1; 24 | t.x2 = ~s.x2; 25 | t.x3 = ~s.x3; 26 | t.x4 = ~s.x4; 27 | t.x0 &= s.x1; 28 | t.x1 &= s.x2; 29 | t.x2 &= s.x3; 30 | t.x3 &= s.x4; 31 | t.x4 &= s.x0; 32 | s.x0 ^= t.x1; 33 | s.x1 ^= t.x2; 34 | s.x2 ^= t.x3; 35 | s.x3 ^= t.x4; 36 | s.x4 ^= t.x0; 37 | // end of keccak s-box 38 | s.x1 ^= s.x0; 39 | s.x0 ^= s.x4; 40 | s.x3 ^= s.x2; 41 | s.x2 = ~s.x2; 42 | // linear diffusion layer 43 | s.x0 ^= ROTR64(s.x0, 19) ^ ROTR64(s.x0, 28); 44 | s.x1 ^= ROTR64(s.x1, 61) ^ ROTR64(s.x1, 39); 45 | s.x2 ^= ROTR64(s.x2, 1) ^ ROTR64(s.x2, 6); 46 | s.x3 ^= ROTR64(s.x3, 10) ^ ROTR64(s.x3, 17); 47 | s.x4 ^= ROTR64(s.x4, 7) ^ ROTR64(s.x4, 41); 48 | //exit(1); 49 | *p = s; 50 | } 51 | 52 | void P12(state* s) { 53 | ROUND(0xf0, s); 54 | ROUND(0xe1, s); 55 | ROUND(0xd2, s); 56 | ROUND(0xc3, s); 57 | ROUND(0xb4, s); 58 | ROUND(0xa5, s); 59 | ROUND(0x96, s); 60 | ROUND(0x87, s); 61 | ROUND(0x78, s); 62 | ROUND(0x69, s); 63 | ROUND(0x5a, s); 64 | ROUND(0x4b, s); 65 | } 66 | 67 | /* Additional functions */ 68 | uint32_t bench_speed() { 69 | /* inputs */ 70 | state input = { 0 }; 71 | /* fun call */ 72 | P12(&input); 73 | 74 | /* Returning the number of encrypted bytes */ 75 | return 40; 76 | } 77 | -------------------------------------------------------------------------------- /src/usuba/nist/ascon/usuba/ua/ascon.ua: -------------------------------------------------------------------------------- 1 | 2 | table Sbox(x:v5) returns (y:v5) { 3 | 0x4, 0xb, 0x1f, 0x14, 0x1a, 0x15, 0x9, 0x2, 4 | 0x1b, 0x5, 0x8, 0x12, 0x1d, 0x3, 0x6, 0x1c, 5 | 0x1e, 0x13, 0x7, 0xe, 0x0, 0xd, 0x11, 0x18, 6 | 0x10, 0xc, 0x1, 0x19, 0x16, 0xa, 0xf, 0x17 7 | } 8 | 9 | node AddConstant(state:u64x5,c:u64) returns (stateR:u64x5) 10 | let 11 | stateR = (state[0,1], state[2] ^ c, state[3,4]); 12 | tel 13 | 14 | node LinearLayer(state:u64x5) returns (stateR:u64x5) 15 | let 16 | stateR[0] = state[0] ^ (state[0] >>> 19) ^ (state[0] >>> 28); 17 | stateR[1] = state[1] ^ (state[1] >>> 61) ^ (state[1] >>> 39); 18 | stateR[2] = state[2] ^ (state[2] >>> 1) ^ (state[2] >>> 6); 19 | stateR[3] = state[3] ^ (state[3] >>> 10) ^ (state[3] >>> 17); 20 | stateR[4] = state[4] ^ (state[4] >>> 7) ^ (state[4] >>> 41); 21 | tel 22 | 23 | node ascon12(input:u64x5) returns (output:u64x5) 24 | vars 25 | consts:u64[12], 26 | state:u64x5[13] 27 | let 28 | consts = (0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 29 | 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b); 30 | 31 | state[0] = input; 32 | forall i in [0, 11] { 33 | state[i+1] = LinearLayer(Sbox(AddConstant(state[i],consts[i]))) 34 | } 35 | output = state[12] 36 | tel -------------------------------------------------------------------------------- /src/usuba/nist/ascon/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -no-sched -o nist/ascon/usuba/ua/ascon_ua_bitslice.c -arch std -no-share nist/ascon/usuba/ua/ascon.ua 2 | ./usubac -V -no-sched -o nist/ascon/usuba/ua/ascon_ua_vslice.c -arch std -no-share nist/ascon/usuba/ua/ascon.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/ascon/usuba/ua_masked/ascon.ua: -------------------------------------------------------------------------------- 1 | 2 | table Sbox(x:v5) returns (y:v5) { 3 | 0x4, 0xb, 0x1f, 0x14, 0x1a, 0x15, 0x9, 0x2, 4 | 0x1b, 0x5, 0x8, 0x12, 0x1d, 0x3, 0x6, 0x1c, 5 | 0x1e, 0x13, 0x7, 0xe, 0x0, 0xd, 0x11, 0x18, 6 | 0x10, 0xc, 0x1, 0x19, 0x16, 0xa, 0xf, 0x17 7 | } 8 | 9 | node AddConstant(state:u64x5,c:u64) returns (stateR:u64x5) 10 | let 11 | stateR = (state[0,1], state[2] ^ c, state[3,4]); 12 | tel 13 | 14 | node LinearLayer(state:u64x5) returns (stateR:u64x5) 15 | let 16 | stateR[0] = state[0] ^ (state[0] >>> 19) ^ (state[0] >>> 28); 17 | stateR[1] = state[1] ^ (state[1] >>> 61) ^ (state[1] >>> 39); 18 | stateR[2] = state[2] ^ (state[2] >>> 1) ^ (state[2] >>> 6); 19 | stateR[3] = state[3] ^ (state[3] >>> 10) ^ (state[3] >>> 17); 20 | stateR[4] = state[4] ^ (state[4] >>> 7) ^ (state[4] >>> 41); 21 | tel 22 | 23 | node ascon12(input:u64x5) returns (output:u64x5) 24 | vars 25 | consts:u64[12], 26 | state:u64x5[13] 27 | let 28 | consts = (0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 29 | 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b); 30 | 31 | state[0] = input; 32 | forall i in [0, 11] { 33 | state[i+1] = LinearLayer(Sbox(AddConstant(state[i],consts[i]))) 34 | } 35 | output = state[12] 36 | tel -------------------------------------------------------------------------------- /src/usuba/nist/ascon/usuba/ua_masked/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -light-inline -masked -B -no-sched -no-share -o nist/ascon/usuba/ua_masked/ascon_ua_bitslice.c -arch std nist/ascon/usuba/ua/ascon.ua 2 | ./usubac -light-inline -masked -V -no-sched -no-share -o nist/ascon/usuba/ua_masked/ascon_ua_vslice.c -arch std nist/ascon/usuba/ua/ascon.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 4 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 5 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 6 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 7 | -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NPUBBYTES 16 3 | #define CRYPTO_NSECBYTES 0 4 | #define CRYPTO_ABYTES 16 5 | #define CRYPTO_NOOVERLAP 1 6 | 7 | -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua/clyde_bitslice.ua: -------------------------------------------------------------------------------- 1 | node sbox (x0:v1, x1:v1, x2:v1, x3:v1) returns (y0:v1, y1:v1, y2:v1, y3:v1) 2 | let 3 | y1 = (x0 & x1) ^ x2; 4 | y0 = (x3 & x0) ^ x1; 5 | y3 = (y1 & x3) ^ x0; 6 | y2 = (y0 & y1) ^ x3 7 | tel 8 | 9 | node lbox(x,y:u32) returns (xr,yr:u32) 10 | vars 11 | a, b, c, d: u32 12 | let 13 | a = x ^ (x >>> 12); 14 | b = y ^ (y >>> 12); 15 | a := a ^ (a >>> 3); 16 | b := b ^ (b >>> 3); 17 | a := a ^ (x >>> 17); 18 | b := b ^ (y >>> 17); 19 | c = a ^ (a >>> 31); 20 | d = b ^ (b >>> 31); 21 | a := a ^ (d >>> 26); 22 | b := b ^ (c >>> 25); 23 | a := a ^ (c >>> 15); 24 | b := b ^ (d >>> 15); 25 | (xr, yr) = (a,b) 26 | tel 27 | 28 | node lbox_layer(state:u32x4) returns (stateR:u32x4) 29 | let 30 | stateR[0,1] = lbox(state[0], state[1]); 31 | stateR[2,3] = lbox(state[2], state[3]) 32 | tel 33 | 34 | node add_rc(state:u32x4, rc:u32x4) returns (stateR:u32x4) 35 | let 36 | forall i in [0, 3] { 37 | stateR[i] = state[i] ^ rc[i] 38 | } 39 | tel 40 | 41 | node tweakey (key,tweak:u32x4) returns (tk:u32x4[3]) 42 | vars 43 | tx : u32[2] 44 | let 45 | tx = tweak[0,1] ^ tweak[2,3]; 46 | tk[0] = key ^ tweak; 47 | tk[1] = (key[0,1] ^ tx, key[2,3] ^ tweak[0,1]); 48 | tk[2] = (key[0,1] ^ tweak[2,3], key[2,3] ^ tx) 49 | tel 50 | 51 | 52 | node clyde128 (state,key,tweak:u32x4) returns (cipher:u32x4) 53 | vars 54 | rc:u32x4[12], 55 | round:u32x4[19], 56 | tk:u32x4[3] 57 | let 58 | rc[0] = (1, 0, 0, 0); 59 | rc[1] = (0, 1, 0, 0); 60 | rc[2] = (0, 0, 1, 0); 61 | rc[3] = (0, 0, 0, 1); 62 | rc[4] = (1, 1, 0, 0); 63 | rc[5] = (0, 1, 1, 0); 64 | rc[6] = (0, 0, 1, 1); 65 | rc[7] = (1, 1, 0, 1); 66 | rc[8] = (1, 0, 1, 0); 67 | rc[9] = (0, 1, 0, 1); 68 | rc[10] = (1, 1, 1, 0); 69 | rc[11] = (0, 1, 1, 1); 70 | 71 | tk = tweakey(key,tweak); 72 | 73 | round[0] = state ^ tk[0]; 74 | 75 | forall s in [0, 5] { 76 | round[s*3+1] = add_rc(lbox_layer(sbox(round[s*3])), rc[s*2]); 77 | round[s*3+2] = add_rc(lbox_layer(sbox(round[s*3+1])), rc[s*2+1]); 78 | round[s*3+3] = round[s*3+2] ^ tk[(s+1)%3]; 79 | } 80 | 81 | cipher = round[18] 82 | 83 | tel -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -no-sched -light-inline -V -o nist/clyde/usuba/ua/clyde_ua_vslice.c nist/clyde/usuba/ua/clyde.ua 2 | ./usubac -no-sched -light-inline -B -o nist/clyde/usuba/ua/clyde_ua_bitslice.c nist/clyde/usuba/ua/clyde_bitslice.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c utils.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c utils.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c utils.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua/parameters.h: -------------------------------------------------------------------------------- 1 | /* Spook Reference Implementation v1 2 | * 3 | * Written in 2019 at UCLouvain (Belgium) by Olivier Bronchain, Gaetan Cassiers 4 | * and Charles Momin. 5 | * To the extent possible under law, the author(s) have dedicated all copyright 6 | * and related and neighboring rights to this software to the public domain 7 | * worldwide. This software is distributed without any warranty. 8 | * 9 | * You should have received a copy of the CC0 Public Domain Dedication along with 10 | * this software. If not, see . 11 | */ 12 | #ifndef _PARAMETERS_H_ 13 | #define _PARAMETERS_H_ 14 | 15 | #define MULTI_USER 0 16 | #define SMALL_PERM 0 17 | 18 | #if MULTI_USER 19 | #define KEYBYTES 32 20 | #else 21 | #define KEYBYTES 16 22 | #endif 23 | 24 | #include "api.h" 25 | 26 | #if (KEYBYTES != CRYPTO_KEYBYTES) 27 | #error "Wrong parameters in api.h" 28 | #endif 29 | 30 | #endif //_PARAMETERS_H_ 31 | -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua/primitives.h: -------------------------------------------------------------------------------- 1 | /* Spook Reference Implementation v1 2 | * 3 | * Written in 2019 at UCLouvain (Belgium) by Olivier Bronchain, Gaetan Cassiers 4 | * and Charles Momin. 5 | * To the extent possible under law, the author(s) have dedicated all copyright 6 | * and related and neighboring rights to this software to the public domain 7 | * worldwide. This software is distributed without any warranty. 8 | * 9 | * You should have received a copy of the CC0 Public Domain Dedication along with 10 | * this software. If not, see . 11 | */ 12 | #ifndef _H_PRIMITIVES_H_ 13 | #define _H_PRIMITIVES_H_ 14 | 15 | #include "parameters.h" 16 | 17 | #define CLYDE128_NBYTES 16 18 | 19 | #if SMALL_PERM 20 | #define SHADOW_NBYTES 48 21 | #else 22 | #define SHADOW_NBYTES 64 23 | #endif // SMALL_PERM 24 | 25 | void clyde128_encrypt(unsigned char* c, const unsigned char* m, 26 | const unsigned char* t, const unsigned char* k); 27 | 28 | void clyde128_decrypt(unsigned char* m, const unsigned char* c, 29 | const unsigned char* t, const unsigned char* k); 30 | 31 | void shadow(unsigned char* x); 32 | 33 | #endif //_H_PRIMITIVES_H_ 34 | -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua/utils.c: -------------------------------------------------------------------------------- 1 | /* Spook Reference Implementation v1 2 | * 3 | * Written in 2019 at UCLouvain (Belgium) by Olivier Bronchain, Gaetan Cassiers 4 | * and Charles Momin. 5 | * To the extent possible under law, the author(s) have dedicated all copyright 6 | * and related and neighboring rights to this software to the public domain 7 | * worldwide. This software is distributed without any warranty. 8 | * 9 | * You should have received a copy of the CC0 Public Domain Dedication along with 10 | * this software. If not, see . 11 | */ 12 | #include 13 | 14 | #include "utils.h" 15 | 16 | // XOR buffers src1 and src2 into buffer dest (all buffers contain n bytes). 17 | void xor_bytes(unsigned char* dest, const unsigned char* src1, 18 | const unsigned char* src2, unsigned long long n) { 19 | for (unsigned long long i = 0; i < n; i++) { 20 | dest[i] = src1[i] ^ src2[i]; 21 | } 22 | } 23 | 24 | // Rotate right x by amount c. 25 | // We use right rotation of integers for the lboxes while the specification 26 | // tells left rotation of bitstrings due to the bitsting -> integer 27 | // little-endian mapping used in Spook. 28 | uint32_t rotr(uint32_t x, unsigned int c) { return (x >> c) | (x << (32 - c)); } 29 | 30 | // Convert 4 bytes into a uint32. Bytes are in little-endian. 31 | uint32_t le32u_dec(const unsigned char bytes[4]) { 32 | uint32_t res = 0; 33 | for (unsigned int col = 0; col < 4; col++) { 34 | res |= ((uint32_t)bytes[col]) << 8 * col; 35 | } 36 | return res; 37 | } 38 | 39 | // Convert a uint32 into 4 bytes. Bytes are in little-endian. 40 | void le32u_enc(unsigned char bytes[4], uint32_t x) { 41 | for (unsigned int i = 0; i < 4; i++) { 42 | bytes[i] = x >> 8 * i; 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua/utils.h: -------------------------------------------------------------------------------- 1 | /* Spook Reference Implementation v1 2 | * 3 | * Written in 2019 at UCLouvain (Belgium) by Olivier Bronchain, Gaetan Cassiers 4 | * and Charles Momin. 5 | * To the extent possible under law, the author(s) have dedicated all copyright 6 | * and related and neighboring rights to this software to the public domain 7 | * worldwide. This software is distributed without any warranty. 8 | * 9 | * You should have received a copy of the CC0 Public Domain Dedication along with 10 | * this software. If not, see . 11 | */ 12 | #ifndef _H_UTILS_H_ 13 | #define _H_UTILS_H_ 14 | 15 | #include 16 | 17 | void xor_bytes(unsigned char* dest, const unsigned char* src1, 18 | const unsigned char* src2, unsigned long long n); 19 | 20 | uint32_t rotr(uint32_t x, unsigned int c); 21 | 22 | uint32_t le32u_dec(const unsigned char bytes[4]); 23 | 24 | void le32u_enc(unsigned char bytes[4], uint32_t x); 25 | 26 | #endif // _H_UTILS_H_ 27 | -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua_masked/clyde.ua: -------------------------------------------------------------------------------- 1 | ../ua/clyde.ua -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua_masked/clyde_bitslice.ua: -------------------------------------------------------------------------------- 1 | ../ua/clyde_bitslice.ua -------------------------------------------------------------------------------- /src/usuba/nist/clyde/usuba/ua_masked/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -masked -no-sched -light-inline -V -o nist/clyde/usuba/ua_masked/clyde_ua_vslice.c nist/clyde/usuba/ua_masked/clyde.ua 2 | ./usubac -masked -no-sched -light-inline -B -o nist/clyde/usuba/ua_masked/clyde_ua_bitslice.c nist/clyde/usuba/ua_masked/clyde_bitslice.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 4 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 5 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 6 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 7 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/bench/drygascon128_ref.h: -------------------------------------------------------------------------------- 1 | /** 2 | DryGascon128 3 | Sebastien Riou, January 27th 2019 4 | c99 ref implementation meant to fit in the supercop framework 5 | */ 6 | #ifndef __DRYGASCON128_H__ 7 | #define __DRYGASCON128_H__ 8 | 9 | #define DRYSPONGE_DBG_EN 0 10 | 11 | #define DRYSPONGE_KEYSIZE 16 12 | #define DRYSPONGE_NONCESIZE 16 13 | #define DRYSPONGE_BLOCKSIZE 16 14 | #define DRYSPONGE_CAPACITYSIZE (5*64/8) 15 | #define DRYSPONGE_XSIZE (4*32/8) 16 | //remove one round because Mix does 1 round merely for processing the upper 17 | //2 bits of the domain separator (because 128+4 mod 10 is 2) 18 | #define DRYSPONGE_INIT_ROUNDS (12-1) 19 | #define DRYSPONGE_ROUNDS (8-1) 20 | #define DRYSPONGE_ACCUMULATE_FACTOR 2 21 | #define DRYSPONGE_MPR_INPUT_WIDTH 10 22 | 23 | #include "drygascon_ref.h" 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/bench/drygascon_ref.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "drygascon128_ref.h" 5 | #include "drysponge_ref.h" 6 | 7 | /* Additional functions */ 8 | uint32_t bench_speed() { 9 | DRYSPONGE_t ctx; 10 | memset(ctx.c,0,40); 11 | ctx.rounds = 11; 12 | DRYSPONGE_g(&ctx); 13 | 14 | /* Returning the number of encrypted bytes */ 15 | return 56; 16 | } 17 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/bench/drysponge_ref.h: -------------------------------------------------------------------------------- 1 | /** 2 | DrySponge 3 | Sebastien Riou, January 6th 2019 4 | c99 ref implementation meant to fit in the supercop framework 5 | */ 6 | #ifndef __DRYSPONGE_H__ 7 | #define __DRYSPONGE_H__ 8 | 9 | #include "drysponge_common.h" 10 | 11 | 12 | typedef struct DRYSPONGE_struct_t { 13 | uint8_t c[DRYSPONGE_CAPACITYSIZE]; 14 | uint8_t x[DRYSPONGE_XSIZE]; 15 | uint8_t r[DRYSPONGE_BLOCKSIZE]; 16 | uint8_t *obuf; 17 | uint64_t fcnt; 18 | #ifdef DRYSPONGE_EXT 19 | DRYSPONGE_EXT_t ext; 20 | #endif 21 | unsigned int rounds; 22 | } DRYSPONGE_t; 23 | 24 | 25 | void DRYSPONGE_g( 26 | DRYSPONGE_t *const ctx 27 | ){ 28 | memset(ctx->r,0,DRYSPONGE_BLOCKSIZE); 29 | for(unsigned int j = 0;jrounds;j++){ 30 | DRYSPONGE_CoreRound(ctx,j); 31 | for(unsigned int k=0;kc+4*k*DRYSPONGE_BLOCKSIZE32; 33 | for(unsigned int i=0;ir[i]^=cpart[(i+k*4)%DRYSPONGE_BLOCKSIZE]; 35 | } 36 | } 37 | } 38 | } 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/ua/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NSECBYTES 0 3 | #define CRYPTO_NPUBBYTES 16 4 | #define CRYPTO_ABYTES 16 5 | #define CRYPTO_NOOVERLAP 1 6 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -light-inline -no-sched -o nist/drygascon/usuba/ua/drygascon_ua_bitslice.c -arch std -no-share nist/drygascon/usuba/ua/drygascon.ua 2 | ./usubac -V -light-inline -no-sched -o nist/drygascon/usuba/ua/drygascon_ua_vslice.c -arch std -no-share nist/drygascon/usuba/ua/drygascon.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/ua/debug_ua.tmp: -------------------------------------------------------------------------------- 1 | 2 | for (int i = 0; i < 5; i++) printf("%016lx ",c__[i]); 3 | printf("\n"); 4 | 5 | AddConstant__V64(c__,csts__[r__],_tmp63_); 6 | 7 | for (int i = 0; i < 5; i++) printf("%016lx ",_tmp63_[i]); 8 | printf("\n"); 9 | 10 | Sbox__V64(_tmp63_,_tmp64_); 11 | 12 | for (int i = 0; i < 5; i++) printf("%016lx ",_tmp64_[i]); 13 | printf("\n"); 14 | 15 | LinearLayer__V64(_tmp64_,cR__); 16 | 17 | for (int i = 0; i < 5; i++) printf("%016lx ",cR__[i]); 18 | printf("\n"); 19 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/ua/drygascon128_ref.h: -------------------------------------------------------------------------------- 1 | /** 2 | DryGascon128 3 | Sebastien Riou, January 27th 2019 4 | c99 ref implementation meant to fit in the supercop framework 5 | */ 6 | #ifndef __DRYGASCON128_H__ 7 | #define __DRYGASCON128_H__ 8 | 9 | #define DRYSPONGE_DBG_EN 0 10 | 11 | #define DRYSPONGE_KEYSIZE 16 12 | #define DRYSPONGE_NONCESIZE 16 13 | #define DRYSPONGE_BLOCKSIZE 16 14 | #define DRYSPONGE_CAPACITYSIZE (5*64/8) 15 | #define DRYSPONGE_XSIZE (4*32/8) 16 | //remove one round because Mix does 1 round merely for processing the upper 17 | //2 bits of the domain separator (because 128+4 mod 10 is 2) 18 | #define DRYSPONGE_INIT_ROUNDS (12-1) 19 | #define DRYSPONGE_ROUNDS (8-1) 20 | #define DRYSPONGE_ACCUMULATE_FACTOR 2 21 | #define DRYSPONGE_MPR_INPUT_WIDTH 10 22 | 23 | #include "drygascon_ref.h" 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/ua/drysponge.h: -------------------------------------------------------------------------------- 1 | #include "drygascon128_ref.h" 2 | -------------------------------------------------------------------------------- /src/usuba/nist/drygascon/usuba/ua/drysponge_dbg_support.h: -------------------------------------------------------------------------------- 1 | #ifndef __DRYSPONGE_DBG_SUPPORT_H__ 2 | #define __DRYSPONGE_DBG_SUPPORT_H__ 3 | 4 | #define DRYSPONGE_DBG_NONE 0 5 | #define DRYSPONGE_DBG_ALG_IO 1 6 | #define DRYSPONGE_DBG_F_IO 2 7 | #define DRYSPONGE_DBG_ROUND_IO 3 8 | #define DRYSPONGE_DBG_FULL 4 9 | 10 | #if DRYSPONGE_DBG_EN 11 | #define DRYSPONGE_DBG(a) a; 12 | #else 13 | #define DRYSPONGE_DBG(a) 14 | #endif 15 | 16 | 17 | #if DRYSPONGE_DBG_EN 18 | #include 19 | #include 20 | #include "bytes_utils.h" 21 | static void DRYSPONGE_print_state( 22 | DRYSPONGE_t *const ctx 23 | ){ 24 | (void)xor_bytes; 25 | (void)println_128; 26 | (void)bytes_utils_remove_unused_warnings; 27 | unsigned int linesize = 32; 28 | if(linesizec; 31 | for(unsigned int i=0;ix; 39 | for(unsigned int i=0;i 2 | #include 3 | #include 4 | #include 5 | 6 | #ifdef REF 7 | 8 | #include "drygascon128_ref.h" 9 | #include "drysponge_ref.h" 10 | #define drygascon_round(x,c) gascon_permutation_round(x,c) 11 | 12 | #elif defined(UA_V) 13 | 14 | #include "drygascon_ua_vslice.c" 15 | void drygascon_round(uint8_t text[40], int r) { 16 | uint64_t* input = (uint64_t*)text; 17 | uint64_t output[5]; 18 | CoreRound__(input,r,output); 19 | memcpy(text,output,5*sizeof(uint64_t)); 20 | } 21 | 22 | #else 23 | #error Please define REF or UA_V 24 | #endif 25 | 26 | 27 | void test_drygascon() { 28 | 29 | // This seemigly random input is produced by encrypting full 0s plain 30 | uint8_t text[5*8] = { 0 }; 31 | 32 | for (int i = 0; i < 11; i++) { 33 | drygascon_round(text, i); 34 | } 35 | 36 | for (int i = 0; i < 40; i++) { 37 | printf("0x%02x, ", text[i]); 38 | } 39 | 40 | uint8_t expected[40] = { 41 | 0x6d, 0x21, 0x29, 0x00, 0xa0, 0x5c, 0x84, 0xa5, 42 | 0x20, 0x6f, 0xac, 0xd9, 0x8d, 0xb4, 0x1d, 0xd5, 43 | 0x6a, 0xa0, 0x1a, 0x6e, 0xfe, 0x2c, 0xfa, 0xeb, 44 | 0xd4, 0xa7, 0x3d, 0xe6, 0x63, 0x16, 0x7e, 0x66, 45 | 0x14, 0xc1, 0x9c, 0xc3, 0xe2, 0x1b, 0xdc, 0xf2 }; 46 | 47 | if (memcmp(text, expected, 40) != 0) { 48 | fprintf(stderr, "Error encryption.\n"); 49 | fprintf(stderr, "Expected : "); 50 | for (int i = 0; i < 5; i++) { 51 | for (int j = 0; j < 8; j++) fprintf(stderr, "0x%02x", expected[i*8+j]); 52 | fprintf(stderr, " "); 53 | } 54 | fprintf(stderr, "\nGot : "); 55 | for (int i = 0; i < 5; i++) { 56 | for (int j = 0; j < 8; j++) fprintf(stderr, "0x%02x", text[i*8+j]); 57 | fprintf(stderr, " "); 58 | } 59 | fprintf(stderr, "\n"); 60 | exit(EXIT_FAILURE); 61 | } else { 62 | fprintf(stderr, "Seems OK.\n"); 63 | } 64 | } 65 | 66 | 67 | int main() { 68 | test_drygascon(); 69 | } 70 | -------------------------------------------------------------------------------- /src/usuba/nist/gift/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -no-inline -no-sched -o nist/gift/usuba/ua/gift_ua_bitslice.c -arch std -no-share nist/gift/usuba/ua/gift_bitslice.ua 2 | ./usubac -V -no-inline -no-sched -o nist/gift/usuba/ua/gift_ua_vslice.c -arch std -no-share nist/gift/usuba/ua/gift.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wno-incompatible-pointer-types -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/gift/usuba/ua/gift.ua: -------------------------------------------------------------------------------- 1 | node SubCells(S0,S1,S2,S3:v1) returns (S':v4) 2 | let 3 | S1 ^:= S0 & S2; 4 | S0 ^:= S1 & S3; 5 | S2 ^:= S0 | S1; 6 | S3 ^:= S2; 7 | S1 ^:= S3; 8 | S3 := ~S3; 9 | S2 ^:= S0 & S1; 10 | S' = (S3, S1, S2, S0) 11 | tel 12 | 13 | node rowperm(S:u32,B0_pos,B1_pos,B2_pos,B3_pos:nat) returns (S':u32) 14 | vars 15 | T:u32[9] 16 | let 17 | T[0] = 0; 18 | forall b in [0,7] { 19 | T[b+1] = T[b] ^ 20 | (((S>>(4*b+0))&0x1)<<(b + 8*B0_pos)) ^ 21 | (((S>>(4*b+1))&0x1)<<(b + 8*B1_pos)) ^ 22 | (((S>>(4*b+2))&0x1)<<(b + 8*B2_pos)) ^ 23 | (((S>>(4*b+3))&0x1)<<(b + 8*B3_pos)); 24 | } 25 | S' = T[8]; 26 | tel 27 | 28 | node PermBits(S:u32x4) returns (S':u32x4) 29 | let 30 | S'[0] = rowperm(S[0],0,3,2,1); 31 | S'[1] = rowperm(S[1],1,0,3,2); 32 | S'[2] = rowperm(S[2],2,1,0,3); 33 | S'[3] = rowperm(S[3],3,2,1,0); 34 | tel 35 | 36 | node AddRoundKey(S:u32x4, W:u32[8], rc:u32) returns (S':u32x4) 37 | let 38 | S'[2] = S[2] ^ ((W[2] << 16) ^ W[3]); 39 | S'[1] = S[1] ^ ((W[6] << 16) ^ W[7]); 40 | S'[3] = S[3] ^ 0x80000000 ^ rc; 41 | S'[0] = S[0]; 42 | tel 43 | 44 | node KeyUpdate(W:u32[8]) returns (W':u32[8]) 45 | let 46 | W'[0] = ((W[6] >> 2) ^ (W[6] << 14)) & 0xffff; 47 | W'[1] = ((W[7] >> 12) ^ (W[7] << 4)) & 0xffff; 48 | W'[7..2] = W[5..0]; 49 | tel 50 | 51 | node gift(P:u32x4, K:const u32[8]) returns (C:u32x4) 52 | vars 53 | round:u32x4[41], 54 | W:u32[2][8], 55 | GIFT_RC:u32[40] 56 | let 57 | round[0] = P; 58 | W[0] = K; 59 | 60 | GIFT_RC = ( 61 | 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3E, 0x3D, 0x3B, 0x37, 0x2F, 62 | 0x1E, 0x3C, 0x39, 0x33, 0x27, 0x0E, 0x1D, 0x3A, 0x35, 0x2B, 63 | 0x16, 0x2C, 0x18, 0x30, 0x21, 0x02, 0x05, 0x0B, 0x17, 0x2E, 64 | 0x1C, 0x38, 0x31, 0x23, 0x06, 0x0D, 0x1B, 0x36, 0x2D, 0x1A); 65 | 66 | forall i in [0, 39] { 67 | round[i+1] = 68 | AddRoundKey(PermBits(SubCells(round[i])),W[i%2],GIFT_RC[i]); 69 | W[(i+1)%2] = KeyUpdate(W[i%2]); 70 | } 71 | 72 | C = round[40] 73 | tel -------------------------------------------------------------------------------- /src/usuba/nist/gift/usuba/ua/gift_bitslice.ua: -------------------------------------------------------------------------------- 1 | node SubCells(S0,S1,S2,S3:b32) returns (S':b128) 2 | let 3 | S1 ^:= S0 & S2; 4 | S0 ^:= S1 & S3; 5 | S2 ^:= S0 | S1; 6 | S3 ^:= S2; 7 | S1 ^:= S3; 8 | S3 := ~S3; 9 | S2 ^:= S0 & S1; 10 | S' = (S3, S1, S2, S0) 11 | tel 12 | 13 | node PermBits(S:b32[4]) returns (S':b32[4]) 14 | let 15 | S'[0] = S[0][2,6,10,14,18,22,26,30,1,5,9,13,17,21,25,29,0,4,8,12,16,20,24,28,3,7,11,15,19,23,27,31]; 16 | S'[1] = S[1][1,5,9,13,17,21,25,29,0,4,8,12,16,20,24,28,3,7,11,15,19,23,27,31,2,6,10,14,18,22,26,30]; 17 | S'[2] = S[2][0,4,8,12,16,20,24,28,3,7,11,15,19,23,27,31,2,6,10,14,18,22,26,30,1,5,9,13,17,21,25,29]; 18 | S'[3] = S[3][3,7,11,15,19,23,27,31,2,6,10,14,18,22,26,30,1,5,9,13,17,21,25,29,0,4,8,12,16,20,24,28]; 19 | tel 20 | 21 | node AddRoundKey(S:b32[4], W:b32[8], rc:b32) returns (S':b32[4]) 22 | let 23 | S'[2] = S[2] ^ ((W[2] << 16) ^ W[3]); 24 | S'[1] = S[1] ^ ((W[6] << 16) ^ W[7]); 25 | S'[3] = S[3] ^ 0x80000000:b32 ^ rc; 26 | S'[0] = S[0]; 27 | tel 28 | 29 | node KeyUpdate(W:b32[8]) returns (W':b32[8]) 30 | let 31 | W'[0] = ((W[6] >> 2) ^ (W[6] << 14)) & 0xffff:b32; 32 | W'[1] = ((W[7] >> 12) ^ (W[7] << 4)) & 0xffff:b32; 33 | W'[7..2] = W[5..0]; 34 | tel 35 | 36 | node gift(P:b32[4], K:const b32[8]) returns (C:b32[4]) 37 | vars 38 | round:b32[41][4], 39 | W:b32[2][8], 40 | GIFT_RC:b32[40] 41 | let 42 | round[0] = P; 43 | W[0] = K; 44 | 45 | GIFT_RC = ( 46 | 0x01:b32, 0x03:b32, 0x07:b32, 0x0F:b32, 0x1F:b32, 47 | 0x3E:b32, 0x3D:b32, 0x3B:b32, 0x37:b32, 0x2F:b32, 48 | 0x1E:b32, 0x3C:b32, 0x39:b32, 0x33:b32, 0x27:b32, 49 | 0x0E:b32, 0x1D:b32, 0x3A:b32, 0x35:b32, 0x2B:b32, 50 | 0x16:b32, 0x2C:b32, 0x18:b32, 0x30:b32, 0x21:b32, 51 | 0x02:b32, 0x05:b32, 0x0B:b32, 0x17:b32, 0x2E:b32, 52 | 0x1C:b32, 0x38:b32, 0x31:b32, 0x23:b32, 0x06:b32, 53 | 0x0D:b32, 0x1B:b32, 0x36:b32, 0x2D:b32, 0x1A:b32); 54 | 55 | forall i in [0, 39] { 56 | round[i+1] = 57 | AddRoundKey(PermBits(SubCells(round[i])),W[i%2],GIFT_RC[i]); 58 | W[(i+1)%2] = KeyUpdate(W[i%2]); 59 | } 60 | 61 | C = round[40] 62 | tel -------------------------------------------------------------------------------- /src/usuba/nist/gift/usuba/ua/main: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/nist/gift/usuba/ua/main -------------------------------------------------------------------------------- /src/usuba/nist/gimli/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -light-inline -no-sched -V -o nist/gimli/usuba/ua/gimli_ua_vslice.c nist/gimli/usuba/ua/gimli.ua 2 | ./usubac -light-inline -no-sched -B -o nist/gimli/usuba/ua/gimli_ua_bitslice.c nist/gimli/usuba/ua/gimli_bitslice.ua 3 | clang -D UA_B -I ../../../../arch -Wall -Wextra main.c -o main && ./main 4 | clang -D UA_V -I ../../../../arch -Wall -Wextra main.c -o main && ./main 5 | clang -D REF -I ../../../../arch -Wall -Wextra main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/gimli/usuba/ua/gimli_bitslice.ua: -------------------------------------------------------------------------------- 1 | _no_inline node SPbox (col:b32[3]) returns (colR:b32[3]) 2 | vars 3 | x, y, z : b32 4 | let 5 | x = col[0] <<< 24; 6 | y = col[1] <<< 9; 7 | z = col[2]; 8 | 9 | colR[2] = x ^ (z << 1) ^ ((y&z) << 2); 10 | colR[1] = y ^ x ^ ((x|z) << 1); 11 | colR[0] = z ^ y ^ ((x&y) << 3); 12 | tel 13 | 14 | node NonlinearLayer (state:b32[3][4]) returns (stateR:b32[3][4]) 15 | let 16 | forall i in [0, 3] { 17 | stateR[0..2][i] = SPbox(state[0..2][i]); 18 | } 19 | tel 20 | 21 | node SmallSwap (state:b32[3][4]) returns (stateR:b32[3][4]) 22 | let 23 | stateR = (state[0][1,0,3,2], state[1,2][0..3]); 24 | tel 25 | 26 | node BigSwap (state:b32[3][4]) returns (stateR:b32[3][4]) 27 | let 28 | stateR = (state[0][2,3,0,1], state[1,2][0..3]); 29 | tel 30 | 31 | node AddRC (state:b32[3][4],rc:b32) returns (stateR:b32[3][4]) 32 | let 33 | stateR = (state[0][0] ^ rc, state[0][1..3], state[1,2]) 34 | tel 35 | 36 | node gimli (state:b32[3][4]) returns (stateR:b32[3][4]) 37 | vars 38 | rc:b32[6], 39 | round:b32[7][3][4] 40 | let 41 | rc = (0x9e377918:b32, 0x9e377914:b32, 0x9e377910:b32, 42 | 0x9e37790c:b32, 0x9e377908:b32, 0x9e377904:b32); 43 | 44 | round[0] = state; 45 | 46 | forall r in [0,5] { 47 | round[r+1] = NonlinearLayer( 48 | BigSwap( 49 | NonlinearLayer( 50 | NonlinearLayer( 51 | AddRC( 52 | SmallSwap( 53 | NonlinearLayer(round[r])), 54 | rc[r]))))) 55 | } 56 | stateR = round[6]; 57 | tel -------------------------------------------------------------------------------- /src/usuba/nist/gimli/usuba/ua/gimli_ref.c: -------------------------------------------------------------------------------- 1 | /* Note: this code isn't from me: it was submitted at the NIST 2 | lightweight ciphers competition on this page: 3 | https://csrc.nist.gov/Projects/Lightweight-Cryptography/Round-1-Candidates 4 | I didn't find a clear copyright, so I'm not putting one, but you 5 | probably should refer to this website in doubt. */ 6 | 7 | static uint32_t rotate(uint32_t x,int bits) 8 | { 9 | if (bits == 0) return x; 10 | return (x << bits) | (x >> (32 - bits)); 11 | } 12 | 13 | static uint32_t load(uint8_t *state,int pos) 14 | { 15 | uint32_t result = state[4*pos+3]; 16 | result <<= 8; result |= state[4*pos+2]; 17 | result <<= 8; result |= state[4*pos+1]; 18 | result <<= 8; result |= state[4*pos+0]; 19 | return result; 20 | } 21 | 22 | static void store(uint8_t *state,int pos,uint32_t x) 23 | { 24 | state[4*pos+0] = x; x >>= 8; 25 | state[4*pos+1] = x; x >>= 8; 26 | state[4*pos+2] = x; x >>= 8; 27 | state[4*pos+3] = x; 28 | } 29 | 30 | static void gimli(uint8_t *state) 31 | { 32 | int round, column; 33 | uint32_t x, y, z; 34 | 35 | for (round = 24; round > 0; --round) { 36 | for (column = 0; column < 4; ++column) { 37 | x = rotate(load(state, column), 24); 38 | y = rotate(load(state,4 + column), 9); 39 | z = load(state,8 + column); 40 | 41 | store(state,8 + column,x ^ (z << 1) ^ ((y&z) << 2)); 42 | store(state,4 + column,y ^ x ^ ((x|z) << 1)); 43 | store(state, column,z ^ y ^ ((x&y) << 3)); 44 | } 45 | 46 | if ((round & 3) == 0) { // small swap: pattern s...s...s... etc. 47 | x = load(state,0); 48 | store(state,0,load(state,1)); 49 | store(state,1,x); 50 | x = load(state,2); 51 | store(state,2,load(state,3)); 52 | store(state,3,x); 53 | } 54 | if ((round & 3) == 2) { // big swap: pattern ..S...S...S. etc. 55 | x = load(state,0); 56 | store(state,0,load(state,2)); 57 | store(state,2,x); 58 | x = load(state,1); 59 | store(state,1,load(state,3)); 60 | store(state,3,x); 61 | } 62 | 63 | if ((round & 3) == 0) // add constant: pattern c...c...c... etc. 64 | store(state,0,load(state,0) ^ (0x9e377900 | round)); 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /src/usuba/nist/gimli/usuba/ua_masked/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -masked -no-inline -no-sched -V -o nist/gimli/usuba/ua_masked/gimli_ua_vslice.c nist/gimli/usuba/ua_masked/gimli.ua 2 | ./usubac -masked -light-inline -no-sched -B -o nist/gimli/usuba/ua_masked/gimli_ua_bitslice.c nist/gimli/usuba/ua_masked/gimli_bitslice.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 4 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 5 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 6 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 7 | -------------------------------------------------------------------------------- /src/usuba/nist/gimli/usuba/ua_masked/gimli_bitslice.ua: -------------------------------------------------------------------------------- 1 | _no_inline node SPbox (col:b32[3]) returns (colR:b32[3]) 2 | vars 3 | x, y, z : b32 4 | let 5 | x = col[0] <<< 24; 6 | y = col[1] <<< 9; 7 | z = col[2]; 8 | 9 | colR[2] = x ^ (z << 1) ^ ((y&z) << 2); 10 | colR[1] = y ^ x ^ ((x|z) << 1); 11 | colR[0] = z ^ y ^ ((x&y) << 3); 12 | tel 13 | 14 | node NonlinearLayer (state:b32[3][4]) returns (stateR:b32[3][4]) 15 | let 16 | forall i in [0, 3] { 17 | stateR[0..2][i] = SPbox(state[0..2][i]); 18 | } 19 | tel 20 | 21 | node SmallSwap (state:b32[3][4]) returns (stateR:b32[3][4]) 22 | let 23 | stateR = (state[0][1,0,3,2], state[1,2][0..3]); 24 | tel 25 | 26 | node BigSwap (state:b32[3][4]) returns (stateR:b32[3][4]) 27 | let 28 | stateR = (state[0][2,3,0,1], state[1,2][0..3]); 29 | tel 30 | 31 | node AddRC (state:b32[3][4],rc:b32) returns (stateR:b32[3][4]) 32 | let 33 | stateR = (state[0][0] ^ rc, state[0][1..3], state[1,2]) 34 | tel 35 | 36 | node gimli (state:b32[3][4]) returns (stateR:b32[3][4]) 37 | vars 38 | rc:b32[6], 39 | round:b32[37][3][4] 40 | let 41 | rc = (0x9e377918:b32, 0x9e377914:b32, 0x9e377910:b32, 42 | 0x9e37790c:b32, 0x9e377908:b32, 0x9e377904:b32); 43 | 44 | round[0] = state; 45 | 46 | forall r in [0,5] { 47 | round[r*6+1] = NonlinearLayer(round[r*6]); 48 | round[r*6+2] = AddRC(SmallSwap(round[r*6+1]), rc[r]); 49 | round[r*6+3] = NonlinearLayer(round[r*6+2]); 50 | round[r*6+4] = NonlinearLayer(round[r*6+3]); 51 | round[r*6+5] = BigSwap(round[r*6+4]); 52 | round[r*6+6] = NonlinearLayer(round[r*6+5]); 53 | } 54 | 55 | stateR = round[36]; 56 | tel -------------------------------------------------------------------------------- /src/usuba/nist/photon/usuba/bench/masked_photon_ua_vslice.c: -------------------------------------------------------------------------------- 1 | /* DUMMY PLACEHOLDER 2 | 3 | There is no naturally vsliced version of photon and my Makefile is 4 | not clever enough to know that. */ 5 | 6 | #include 7 | 8 | uint32_t bench_speed() { 9 | return 1; 10 | } 11 | -------------------------------------------------------------------------------- /src/usuba/nist/photon/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -no-linearize-arr -no-sched -o nist/photon/usuba/ua/photon_ua_bitslice.c -arch std -no-share nist/photon/usuba/ua/photon_bitslice.ua 2 | ./usubac -V -keep-tables -no-sched -o nist/photon/usuba/ua/photon_ua_vslice.c -arch std -no-share nist/photon/usuba/ua/photon_vslice.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/photon/usuba/ua/photon.h: -------------------------------------------------------------------------------- 1 | #ifndef __PHOTON_H_ 2 | #define __PHOTON_H_ 3 | 4 | #include 5 | 6 | #define ROUND 12 7 | #define min(x,y) ((x)<(y)?(x):(y)) 8 | #define max(x,y) ((x)>(y)?(x):(y)) 9 | 10 | #define D 8 11 | 12 | 13 | typedef uint8_t byte; 14 | typedef uint32_t u32; 15 | typedef uint64_t u64; 16 | typedef uint32_t CWord; 17 | typedef u32 tword; 18 | 19 | typedef struct{ 20 | u64 h; 21 | u64 l; 22 | }u128; // state word 23 | 24 | 25 | #ifdef _TABLE_ 26 | void BuildTableSCShRMCS(); 27 | #endif 28 | 29 | void PrintState(byte state[D][D]); 30 | 31 | void PHOTON_Permutation(unsigned char *State_inout); 32 | 33 | #endif /* end of photon.h */ 34 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 16 2 | #define CRYPTO_NSECBYTES 0 3 | #define CRYPTO_NPUBBYTES 12 4 | #define CRYPTO_ABYTES 16 5 | #define CRYPTO_NOOVERLAP 1 6 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -no-sched -B -o nist/pyjamask/usuba/ua/pyjamask_ua_bitslice.c -arch std -no-share nist/pyjamask/usuba/ua/pyjamask_bitslice.ua 2 | ./usubac -light-inline -no-sched -V -o nist/pyjamask/usuba/ua/pyjamask_ua_vslice.c -arch std -no-share nist/pyjamask/usuba/ua/pyjamask_vslice.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua/main: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/nist/pyjamask/usuba/ua/main -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua/pyjamask.h: -------------------------------------------------------------------------------- 1 | /* 2 | =============================================================================== 3 | 4 | Header file for Pyjamsk block ciphers in C 5 | 6 | Copyright (C) 2019 Dahmun Goudarzi, Jérémy Jean, Stefan Kölbl, 7 | Thomas Peyrin, Matthieu Rivain, Yu Sasaki, Siang Meng Sim 8 | 9 | This program is free software: you can redistribute it and/or modify 10 | it under the terms of the GNU General Public License as published by 11 | the Free Software Foundation, either version 3 of the License, or 12 | (at your option) any later version. 13 | 14 | This program is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | GNU General Public License for more details. 18 | 19 | You should have received a copy of the GNU General Public License 20 | along with this program. If not, see . 21 | 22 | =============================================================================== 23 | */ 24 | 25 | void pyjamask_96_enc (const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 26 | void pyjamask_96_dec (const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext); 27 | 28 | void pyjamask_128_enc(const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 29 | void pyjamask_128_dec(const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext ); 30 | void key_schedule(const uint8_t *key, uint32_t* round_keys); 31 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua/pyjamask_bitslice.ua: -------------------------------------------------------------------------------- 1 | _no_inline table SubBytes (i:b4) returns (o:b4) { 2 | 0x2, 0xd, 0x3, 0x9, 0x7, 0xb, 0xa, 0x6, 0xe, 0x0, 0xf, 0x4, 0x8, 0x5, 0x1, 0xc 3 | } 4 | 5 | _no_inline node AddRoundKey (i,k:b128) returns (o:b128) 6 | let 7 | o = i ^ k 8 | tel 9 | 10 | _no_inline node SubBytesAll (input:b32[4]) returns (output:b32[4]) 11 | let 12 | forall i in [0, 31] { 13 | output[0..3][i] = SubBytes(input[0..3][i]) 14 | } 15 | tel 16 | 17 | node col_mult (a:b32,b:const b32) returns (r:b1) 18 | vars 19 | acc:b32 20 | let 21 | acc[0] = a[0] & b[0]; 22 | forall i in [1,31] { 23 | acc[i] = acc[i-1] ^ (a[i] & b[i]) 24 | } 25 | r = acc[31] 26 | tel 27 | 28 | _no_inline node MixRows (input:b32[4]) returns (output:b32[4]) 29 | vars 30 | M: const b32[4][33] 31 | let 32 | # Manually unrolling the loop over M so that M can be partially linearized away... 33 | M[0][0] = (1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1); 34 | forall idx in [0,31] { 35 | output[0][idx] = col_mult(input[0], M[0][idx]); 36 | M[0][idx+1] = M[0][idx] >>> 1 37 | } 38 | M[1][0] = (0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,1,0,1,1,1,0,0,0,0,0,0,1,0,0,0,0,1); 39 | forall idx in [0,31] { 40 | output[1][idx] = col_mult(input[1], M[1][idx]); 41 | M[1][idx+1] = M[1][idx] >>> 1 42 | } 43 | M[2][0] = (0,1,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0); 44 | forall idx in [0,31] { 45 | output[2][idx] = col_mult(input[2], M[2][idx]); 46 | M[2][idx+1] = M[2][idx] >>> 1 47 | } 48 | M[3][0] = (0,1,0,0,1,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,1,1); 49 | forall idx in [0,31] { 50 | output[3][idx] = col_mult(input[3], M[3][idx]); 51 | M[3][idx+1] = M[3][idx] >>> 1 52 | } 53 | tel 54 | 55 | node pyjamask (plaintext:b32[4], key:b32[15][4]) returns (ciphertext:b32[4]) 56 | vars 57 | round: b32[15][4] 58 | let 59 | round[0] = plaintext; 60 | forall i in [0, 13] { 61 | round[i+1] = MixRows(SubBytesAll(AddRoundKey(round[i], key[i]))) 62 | } 63 | ciphertext = AddRoundKey(round[14], key[14]) 64 | tel 65 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua/pyjamask_vslice.ua: -------------------------------------------------------------------------------- 1 | table SubBytes (i:v4) returns (o:v4) { 2 | 0x2, 0xd, 0x3, 0x9, 0x7, 0xb, 0xa, 0x6, 0xe, 0x0, 0xf, 0x4, 0x8, 0x5, 0x1, 0xc 3 | } 4 | 5 | node AddRoundKey (i,k:u32x4) returns (o:u32x4) 6 | let 7 | o = i ^ k 8 | tel 9 | 10 | node mat_mult(col:const u32,vec:u32) returns (res:u32) 11 | vars 12 | mat_col:u32[33], 13 | res_tmp:u32[33], 14 | mask:u32[32] 15 | let 16 | mat_col[0] = col; 17 | res_tmp[0] = 0; 18 | 19 | forall i in [0, 31] { 20 | mask[i] = (vec << i) >>! 31; 21 | res_tmp[i+1] = res_tmp[i] ^ (mask[i] & mat_col[i]); 22 | mat_col[i+1] = mat_col[i] >>> 1; 23 | } 24 | 25 | res = res_tmp[32]; 26 | tel 27 | 28 | node MixRows (input:u32x4) returns (output:u32x4) 29 | vars 30 | M: const u32[4] 31 | let 32 | M = (0xa3861085, 0x63417021, 0x692cf280, 0x48a54813); 33 | forall i in [0, 3] { 34 | output[i] = mat_mult(M[i], input[i]); 35 | } 36 | tel 37 | 38 | node pyjamask (plaintext:u32x4, key:u32x4[15]) returns (ciphertext:u32x4) 39 | vars 40 | round: u32x4[15] 41 | let 42 | round[0] = plaintext; 43 | forall i in [0, 13] { 44 | round[i+1] = MixRows(SubBytes(AddRoundKey(round[i], key[i]))) 45 | } 46 | ciphertext = AddRoundKey(round[14], key[14]) 47 | tel 48 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua_masked/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -masked -light-inline -no-sched -B -o nist/pyjamask/usuba/ua_masked/pyjamask_ua_bitslice.c -arch std -no-share nist/pyjamask/usuba/ua_masked/pyjamask_bitslice.ua 2 | ./usubac -masked -light-inline -no-sched -V -o nist/pyjamask/usuba/ua_masked/pyjamask_ua_vslice.c -arch std -no-share nist/pyjamask/usuba/ua_masked/pyjamask_vslice.ua 3 | clang -D UA_V -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 4 | clang -D UA_V -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 5 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=8 && ./main 6 | clang -D UA_B -Wall -Wextra -march=native -I../../../../arch main.c -o main -D MASKING_ORDER=1 && ./main 7 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua_masked/pyjamask.h: -------------------------------------------------------------------------------- 1 | /* 2 | =============================================================================== 3 | 4 | Header file for Pyjamsk block ciphers in C 5 | 6 | Copyright (C) 2019 Dahmun Goudarzi, Jérémy Jean, Stefan Kölbl, 7 | Thomas Peyrin, Matthieu Rivain, Yu Sasaki, Siang Meng Sim 8 | 9 | This program is free software: you can redistribute it and/or modify 10 | it under the terms of the GNU General Public License as published by 11 | the Free Software Foundation, either version 3 of the License, or 12 | (at your option) any later version. 13 | 14 | This program is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | GNU General Public License for more details. 18 | 19 | You should have received a copy of the GNU General Public License 20 | along with this program. If not, see . 21 | 22 | =============================================================================== 23 | */ 24 | 25 | void pyjamask_96_enc (const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 26 | void pyjamask_96_dec (const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext); 27 | 28 | void pyjamask_128_enc(const unsigned char *plaintext, const unsigned char *key, unsigned char *ciphertext); 29 | void pyjamask_128_dec(const unsigned char *ciphertext, const unsigned char *key, unsigned char *plaintext ); 30 | void key_schedule(const uint8_t *key, uint32_t* round_keys); 31 | -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua_masked/pyjamask_bitslice.ua: -------------------------------------------------------------------------------- 1 | ../ua/pyjamask_bitslice.ua -------------------------------------------------------------------------------- /src/usuba/nist/pyjamask/usuba/ua_masked/pyjamask_vslice.ua: -------------------------------------------------------------------------------- 1 | ../ua/pyjamask_vslice.ua -------------------------------------------------------------------------------- /src/usuba/nist/skinny/usuba/bench/masked_skinny_ua_vslice.c: -------------------------------------------------------------------------------- 1 | /* DUMMY PLACEHOLDER 2 | 3 | There is no vsliced version of skinny and my Makefile is not clever 4 | enough to know that. */ 5 | 6 | #include 7 | 8 | uint32_t bench_speed() { 9 | return 1; 10 | } 11 | -------------------------------------------------------------------------------- /src/usuba/nist/skinny/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -no-sched -o nist/skinny/usuba/ua/skinny_ua_bitslice.c -arch std -no-share nist/skinny/usuba/ua/skinny_bitslice.ua 2 | ./usubac -keep-tables -V -no-sched -o nist/skinny/usuba/ua/skinny_ua_vslice.c -arch std -no-share nist/skinny/usuba/ua/skinny_vslice.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/spongent/usuba/bench/masked_spongent_ua_vslice.c: -------------------------------------------------------------------------------- 1 | /* DUMMY PLACEHOLDER 2 | 3 | There is no vsliced version of spongent and my Makefile is not 4 | clever enough to know that. */ 5 | 6 | #include 7 | 8 | uint32_t bench_speed() { 9 | return 1; 10 | } 11 | -------------------------------------------------------------------------------- /src/usuba/nist/spongent/usuba/bench/spongent_ua_vslice.c: -------------------------------------------------------------------------------- 1 | /* DUMMY PLACEHOLDER 2 | 3 | There is no vsliced version of spongent and my Makefile is not 4 | clever enough to know that. */ 5 | 6 | #include 7 | 8 | uint32_t bench_speed() { 9 | return 1; 10 | } 11 | -------------------------------------------------------------------------------- /src/usuba/nist/spongent/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -light-inline -bits-per-reg 32 -check-tbl -B -no-sched -o nist/spongent/usuba/ua/spongent_ua_bitslice.c -arch std -no-share nist/spongent/usuba/ua/spongent.ua 2 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 3 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | -------------------------------------------------------------------------------- /src/usuba/nist/spongent/usuba/ua/elephant_160.h: -------------------------------------------------------------------------------- 1 | #ifndef ELEPHANT_160 2 | #define ELEPHANT_160 3 | 4 | #define SPONGENT160 5 | #define BLOCK_SIZE 20 6 | 7 | typedef unsigned char BYTE; 8 | typedef unsigned long long SIZE; 9 | 10 | void permutation(BYTE* state); 11 | 12 | void lfsr_step(BYTE* output, BYTE* input); 13 | 14 | void get_ad_block(BYTE* output, const BYTE* ad, SIZE adlen, const BYTE* npub, SIZE i); 15 | 16 | void get_c_block(BYTE* output, const BYTE* c, SIZE clen, SIZE i); 17 | 18 | 19 | #endif 20 | 21 | -------------------------------------------------------------------------------- /src/usuba/nist/spongent/usuba/ua/main: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CryptoExperts/Tornado/708b61119721bde415095903b7985cf441320a4b/src/usuba/nist/spongent/usuba/ua/main -------------------------------------------------------------------------------- /src/usuba/nist/spongent/usuba/ua/spongent.ua: -------------------------------------------------------------------------------- 1 | table sBox (x:b4) returns (y:b4) { 2 | #3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 3 | 0xe,0xd,0xb,0x0,0x2,0x1,0x4,0xf,0x7,0xa,0x8,0x5,0x9,0xc,0x3,0x6 4 | } 5 | 6 | node sBoxLayer(state:b8[20]) returns (stateR:b8[20]) 7 | let 8 | forall i in [0, 19] { 9 | stateR[i][0..3] = sBox(state[i][0..3]); 10 | stateR[i][4..7] = sBox(state[i][4..7]); 11 | } 12 | tel 13 | 14 | # node pLayer(state:b160) returns (stateR:b160) 15 | # let 16 | # forall i in [0, 158] { 17 | # stateR[(i*40)%159] = state[i]; 18 | # } 19 | # stateR[159] = state[159]; 20 | # tel 21 | node pLayer(state:b8[20]) returns (stateR:b8[20]) 22 | vars x:b1[160], PermutedBitNo:nat, y:nat 23 | let 24 | forall i in [0, 18] { 25 | forall j in [0, 7] { 26 | x[i*8+j] = state[i][7-j]; 27 | stateR[((((8*i+j)*40) % 159) / 8)][7-((((8*i+j)*40) % 159) - (8*((((8*i+j)*40) % 159) / 8)))] = x[i*8+j]; 28 | } 29 | } 30 | forall j in [0, 6] { 31 | x[19*8+j] = state[19][7-j]; 32 | stateR[((((8*19+j)*40) % 159) / 8)][7-((((8*19+j)*40) % 159) - (8*((((8*19+j)*40) % 159) / 8)))] = x[19*8+j]; 33 | } 34 | stateR[19][0] = state[19][0]; 35 | tel 36 | 37 | node counterLayer(state:b8[20],counter:b8) returns (stateR:b8[20]) 38 | let 39 | stateR[1..18] = state[1..18]; 40 | stateR[0] = state[0] ^ counter; 41 | stateR[19] = state[19] ^ counter[7..0]; 42 | tel 43 | 44 | node lfsr(counter:b8) returns (counterR:b8) 45 | let 46 | counterR = ((counter << 1) | (((0x40:b8 & counter) >> 6) ^ ((0x20:b8 & counter) >> 5))) & 0x7f:b8; 47 | tel 48 | 49 | node permutation(input:b8[20]) returns (output:b8[20]) 50 | vars 51 | state:b8[81][20], 52 | counter:b8[81] # Actually u7, but this is maintained manually 53 | let 54 | state[0] = input; 55 | counter[0] = 0x75:b8; 56 | 57 | forall i in [0, 79] { 58 | state[i+1] = pLayer(sBoxLayer(counterLayer(state[i],counter[i]))); 59 | counter[i+1] = lfsr(counter[i]); 60 | } 61 | 62 | output = state[80]; 63 | tel -------------------------------------------------------------------------------- /src/usuba/nist/subterranean/usuba/bench/masked_subterranean_ua_vslice.c: -------------------------------------------------------------------------------- 1 | /* DUMMY PLACEHOLDER 2 | 3 | There is no vsliced version of subterraean and my Makefile is not 4 | clever enough to know that. */ 5 | 6 | #include 7 | 8 | uint32_t bench_speed() { 9 | return 1; 10 | } 11 | -------------------------------------------------------------------------------- /src/usuba/nist/subterranean/usuba/bench/subterranean_ua_vslice.c: -------------------------------------------------------------------------------- 1 | /* DUMMY PLACEHOLDER 2 | 3 | There is no vsliced version of subterraean and my Makefile is not 4 | clever enough to know that. */ 5 | 6 | #include 7 | 8 | uint32_t bench_speed() { 9 | return 1; 10 | } 11 | -------------------------------------------------------------------------------- /src/usuba/nist/subterranean/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -light-inline -bits-per-reg 8 -no-sched -o nist/subterranean/usuba/ua/subterranean_ua_bitslice.c -arch std -no-share nist/subterranean/usuba/ua/subterranean.ua 2 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 3 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | -------------------------------------------------------------------------------- /src/usuba/nist/xoodoo/usuba/ua/compile_lines.txt: -------------------------------------------------------------------------------- 1 | ./usubac -B -light-inline -no-sched -bits-per-reg 32 -o nist/xoodoo/usuba/ua/xoodoo_ua_bitslice.c -arch std -no-share nist/xoodoo/usuba/ua/xoodoo.ua 2 | ./usubac -V -light-inline -no-sched -o nist/xoodoo/usuba/ua/xoodoo_ua_vslice.c -arch std -no-share nist/xoodoo/usuba/ua/xoodoo.ua 3 | clang -D UA_V -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 4 | clang -D UA_B -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 5 | clang -D REF -Wall -Wextra -O3 -march=native -I../../../../arch main.c -o main && ./main 6 | -------------------------------------------------------------------------------- /src/usuba/nist/xoodoo/usuba/ua/xoodoo.ua: -------------------------------------------------------------------------------- 1 | 2 | node theta(A:u32[3][4]) returns (R:u32[3][4]) 3 | vars P, E: u32[4] 4 | let 5 | P = A[0] ^ A[1] ^ A[2]; 6 | forall i in [0, 3] { 7 | # avoiding (i-1)%4, because usuba will generate a int for |i|, and 8 | # when i==0, then (i-1)%4 == -1... 9 | E[i] = (P[(i+3)%4] <<< 5) ^ (P[(i+3)%4] <<< 14); 10 | } 11 | forall i in [0, 2] { R[i] = A[i] ^ E } 12 | tel 13 | 14 | node rho_west(A:u32[3][4]) returns (R:u32[3][4]) 15 | let 16 | R[0] = A[0]; 17 | R[1] = A[1] >>> 1; 18 | forall i in [0, 3] { R[2][i] = A[2][i] <<< 11 } 19 | tel 20 | 21 | node iota(A:u32[3][4],rc:u32) returns (R:u32[3][4]) 22 | let 23 | R[0][0] = A[0][0] ^ rc; 24 | R[0][1..3] = A[0][1..3]; 25 | R[1,2] = A[1,2]; 26 | tel 27 | 28 | node chi(A:u32[3][4]) returns (R:u32[3][4]) 29 | vars B:u32[3][4] 30 | let 31 | B[0] = (~A[1]) & A[2]; 32 | B[1] = (~A[2]) & A[0]; 33 | B[2] = (~A[0]) & A[1]; 34 | R = A ^ B; 35 | tel 36 | 37 | node rho_east(A:u32[3][4]) returns (R:u32[3][4]) 38 | let 39 | R[0] = A[0]; 40 | forall i in [0, 3] { R[1][i] = A[1][i] <<< 1 } 41 | forall i in [0, 3] { R[2][i] = A[2][(i+2)%4] <<< 8 } 42 | tel 43 | 44 | node round(state:u32[3][4], rc:u32) returns (stateR:u32[3][4]) 45 | let 46 | stateR = rho_east(chi(iota(rho_west(theta(state)),rc))) 47 | tel 48 | 49 | 50 | node xoodoo(input:u32[3][4]) returns (output:u32[3][4]) 51 | vars state:u32[13][3][4], 52 | RC:u32[12] 53 | let 54 | RC = (0x58,0x38,0x3C0,0xD0,0x120,0x14, 55 | 0x60,0x2C,0x380,0xF0,0x1A0,0x12); 56 | state[0] = input; 57 | forall i in [0, 11] { 58 | state[i+1] = round(state[i], RC[i]); 59 | } 60 | output = state[12]; 61 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/ace.ua: -------------------------------------------------------------------------------- 1 | node f(x:u32) returns (y:u32) 2 | let 3 | y = ((x <<< 5) & x) ^ (x <<< 1) 4 | tel 5 | 6 | node simeck_box(input:u32x2, rc:u32) returns (output:u32x2) 7 | vars 8 | round:u32x2[9], 9 | tmp:u32[8] 10 | let 11 | 12 | round[0] = input; 13 | 14 | forall i in [0, 7] { 15 | tmp[i] = f(round[i][0]) ^ round[i][1] ^ 0xfffffffe ^ ((rc >> i) & 1); 16 | round[i+1][0,1] = (tmp[i], round[i][0]) ; 17 | } 18 | 19 | output = round[8] 20 | 21 | tel 22 | 23 | 24 | node ACE_step(A,B,C,D,E:u32x2,RC,SC:u32[3]) returns (Ar,Br,Cr,Dr,Er:u32x2) 25 | let 26 | A := simeck_box(A,RC[0]); 27 | C := simeck_box(C,RC[1]); 28 | E := simeck_box(E,RC[2]); 29 | B := B ^ C ^ (0,SC[0]) ^ (0xffffffff,0xffffff00); 30 | D := D ^ E ^ (0,SC[1]) ^ (0xffffffff,0xffffff00); 31 | E := E ^ A ^ (0,SC[2]) ^ (0xffffffff,0xffffff00); 32 | Ar = D; 33 | Br = C; 34 | Cr = A; 35 | Dr = E; 36 | Er = B; 37 | tel 38 | 39 | 40 | node ACE(input:u32x2[5]) returns (output:u32x2[5]) 41 | vars 42 | SC:u32[3][16], 43 | RC:u32[3][16], 44 | tmp:u32x2[17][5] 45 | let 46 | SC = (0x50,0x5c,0x91,0x8d,0x53,0x60,0x68,0xe1,0xf6,0x9d,0x40,0x4f,0xbe,0x5b,0xe9,0x7f, 47 | 0x28,0xae,0x48,0xc6,0xa9,0x30,0x34,0x70,0x7b,0xce,0x20,0x27,0x5f,0xad,0x74,0x3f, 48 | 0x14,0x57,0x24,0x63,0x54,0x18,0x9a,0x38,0xbd,0x67,0x10,0x13,0x2f,0xd6,0xba,0x1f); 49 | RC = (0x07,0x0a,0x9b,0xe0,0xd1,0x1a,0x22,0xf7,0x62,0x96,0x71,0xaa,0x2b,0xe9,0xcf,0xb7, 50 | 0x53,0x5d,0x49,0x7f,0xbe,0x1d,0x28,0x6c,0x82,0x47,0x6b,0x88,0xdc,0x8b,0x59,0xc6, 51 | 0x43,0xe4,0x5e,0xcc,0x32,0x4e,0x75,0x25,0xfd,0xf9,0x76,0xa0,0xb0,0x09,0x1e,0xad); 52 | 53 | 54 | tmp[0] = input; 55 | 56 | forall i in [0, 15] { 57 | tmp[i+1] = ACE_step(tmp[i], RC[0,1,2][i],SC[0,1,2][i]); 58 | } 59 | 60 | output = tmp[16]; 61 | 62 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/ascon.ua: -------------------------------------------------------------------------------- 1 | 2 | table Sbox(x:v5) returns (y:v5) { 3 | 0x4, 0xb, 0x1f, 0x14, 0x1a, 0x15, 0x9, 0x2, 4 | 0x1b, 0x5, 0x8, 0x12, 0x1d, 0x3, 0x6, 0x1c, 5 | 0x1e, 0x13, 0x7, 0xe, 0x0, 0xd, 0x11, 0x18, 6 | 0x10, 0xc, 0x1, 0x19, 0x16, 0xa, 0xf, 0x17 7 | } 8 | 9 | node AddConstant(state:u64x5,c:u64) returns (stateR:u64x5) 10 | let 11 | stateR = (state[0,1], state[2] ^ c, state[3,4]); 12 | tel 13 | 14 | node LinearLayer(state:u64x5) returns (stateR:u64x5) 15 | let 16 | stateR[0] = state[0] ^ (state[0] >>> 19) ^ (state[0] >>> 28); 17 | stateR[1] = state[1] ^ (state[1] >>> 61) ^ (state[1] >>> 39); 18 | stateR[2] = state[2] ^ (state[2] >>> 1) ^ (state[2] >>> 6); 19 | stateR[3] = state[3] ^ (state[3] >>> 10) ^ (state[3] >>> 17); 20 | stateR[4] = state[4] ^ (state[4] >>> 7) ^ (state[4] >>> 41); 21 | tel 22 | 23 | node ascon12(input:u64x5) returns (output:u64x5) 24 | vars 25 | consts:u64[12], 26 | state:u64x5[13] 27 | let 28 | consts = (0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 29 | 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b); 30 | 31 | state[0] = input; 32 | forall i in [0, 11] { 33 | state[i+1] = LinearLayer(Sbox(AddConstant(state[i],consts[i]))) 34 | } 35 | output = state[12] 36 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/chacha20.ua: -------------------------------------------------------------------------------- 1 | # ################################################################## # 2 | # # 3 | # # 4 | # Chacha20 # 5 | # # 6 | # # 7 | # ################################################################## # 8 | 9 | 10 | # Quarter round 11 | node QR (a:u32, b:u32, c:u32, d:u32) 12 | returns (aR:u32, bR:u32, cR:u32, dR:u32) 13 | let 14 | a := a + b; 15 | d := (d ^ a) <<< 16; 16 | c := c + d; 17 | b := (b ^ c) <<< 12; 18 | aR = a + b; 19 | dR = (d ^ aR) <<< 8; 20 | cR = c + dR; 21 | bR = (b ^ cR) <<< 7; 22 | tel 23 | 24 | # Double round 25 | node DR (state:u32x16) returns (stateR:u32x16) 26 | let 27 | state[0,4,8,12] := QR(state[0,4,8,12]); 28 | state[1,5,9,13] := QR(state[1,5,9,13]); 29 | state[2,6,10,14] := QR(state[2,6,10,14]); 30 | state[3,7,11,15] := QR(state[3,7,11,15]); 31 | 32 | stateR[0,5,10,15] = QR(state[0,5,10,15]); 33 | stateR[1,6,11,12] = QR(state[1,6,11,12]); 34 | stateR[2,7,8,13] = QR(state[2,7,8,13]); 35 | stateR[3,4,9,14] = QR(state[3,4,9,14]); 36 | tel 37 | 38 | # Main 39 | node Chacha20 (plain:u32x16) returns (cipher:u32x16) 40 | vars 41 | state : u32x16[11] 42 | let 43 | state[0] = plain; 44 | forall i in [1,10] { 45 | state[i] = DR(state[i-1]) 46 | } 47 | cipher = state[10] 48 | tel 49 | -------------------------------------------------------------------------------- /src/usuba/samples/usuba/clyde_bitslice.ua: -------------------------------------------------------------------------------- 1 | node sbox (x0:v1, x1:v1, x2:v1, x3:v1) returns (y0:v1, y1:v1, y2:v1, y3:v1) 2 | let 3 | y1 = (x0 & x1) ^ x2; 4 | y0 = (x3 & x0) ^ x1; 5 | y3 = (y1 & x3) ^ x0; 6 | y2 = (y0 & y1) ^ x3 7 | tel 8 | 9 | node lbox(x,y:u32) returns (xr,yr:u32) 10 | vars 11 | a, b, c, d: u32 12 | let 13 | a = x ^ (x >>> 12); 14 | b = y ^ (y >>> 12); 15 | a := a ^ (a >>> 3); 16 | b := b ^ (b >>> 3); 17 | a := a ^ (x >>> 17); 18 | b := b ^ (y >>> 17); 19 | c = a ^ (a >>> 31); 20 | d = b ^ (b >>> 31); 21 | a := a ^ (d >>> 26); 22 | b := b ^ (c >>> 25); 23 | a := a ^ (c >>> 15); 24 | b := b ^ (d >>> 15); 25 | (xr, yr) = (a,b) 26 | tel 27 | 28 | node lbox_layer(state:u32x4) returns (stateR:u32x4) 29 | let 30 | stateR[0,1] = lbox(state[0], state[1]); 31 | stateR[2,3] = lbox(state[2], state[3]) 32 | tel 33 | 34 | node add_rc(state:u32x4, rc:u32x4) returns (stateR:u32x4) 35 | let 36 | forall i in [0, 3] { 37 | stateR[i] = state[i] ^ rc[i] 38 | } 39 | tel 40 | 41 | node tweakey (key,tweak:u32x4) returns (tk:u32x4[3]) 42 | vars 43 | tx : u32[2] 44 | let 45 | tx = tweak[0,1] ^ tweak[2,3]; 46 | tk[0] = key ^ tweak; 47 | tk[1] = (key[0,1] ^ tx, key[2,3] ^ tweak[0,1]); 48 | tk[2] = (key[0,1] ^ tweak[2,3], key[2,3] ^ tx) 49 | tel 50 | 51 | 52 | node clyde128 (state,key,tweak:u32x4) returns (cipher:u32x4) 53 | vars 54 | rc:u32x4[12], 55 | round:u32x4[19], 56 | tk:u32x4[3] 57 | let 58 | rc[0] = (1, 0, 0, 0); 59 | rc[1] = (0, 1, 0, 0); 60 | rc[2] = (0, 0, 1, 0); 61 | rc[3] = (0, 0, 0, 1); 62 | rc[4] = (1, 1, 0, 0); 63 | rc[5] = (0, 1, 1, 0); 64 | rc[6] = (0, 0, 1, 1); 65 | rc[7] = (1, 1, 0, 1); 66 | rc[8] = (1, 0, 1, 0); 67 | rc[9] = (0, 1, 0, 1); 68 | rc[10] = (1, 1, 1, 0); 69 | rc[11] = (0, 1, 1, 1); 70 | 71 | tk = tweakey(key,tweak); 72 | 73 | round[0] = state ^ tk[0]; 74 | 75 | forall s in [0, 5] { 76 | round[s*3+1] = add_rc(lbox_layer(sbox(round[s*3])), rc[s*2]); 77 | round[s*3+2] = add_rc(lbox_layer(sbox(round[s*3+1])), rc[s*2+1]); 78 | round[s*3+3] = round[s*3+2] ^ tk[(s+1)%3]; 79 | } 80 | 81 | cipher = round[18] 82 | 83 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/gift.ua: -------------------------------------------------------------------------------- 1 | node SubCells(S0,S1,S2,S3:v1) returns (S':v4) 2 | let 3 | S1 ^:= S0 & S2; 4 | S0 ^:= S1 & S3; 5 | S2 ^:= S0 | S1; 6 | S3 ^:= S2; 7 | S1 ^:= S3; 8 | S3 := ~S3; 9 | S2 ^:= S0 & S1; 10 | S' = (S3, S1, S2, S0) 11 | tel 12 | 13 | node rowperm(S:u32,B0_pos,B1_pos,B2_pos,B3_pos:nat) returns (S':u32) 14 | vars 15 | T:u32[9] 16 | let 17 | T[0] = 0; 18 | forall b in [0,7] { 19 | T[b+1] = T[b] ^ 20 | (((S>>(4*b+0))&0x1)<<(b + 8*B0_pos)) ^ 21 | (((S>>(4*b+1))&0x1)<<(b + 8*B1_pos)) ^ 22 | (((S>>(4*b+2))&0x1)<<(b + 8*B2_pos)) ^ 23 | (((S>>(4*b+3))&0x1)<<(b + 8*B3_pos)); 24 | } 25 | S' = T[8]; 26 | tel 27 | 28 | node PermBits(S:u32x4) returns (S':u32x4) 29 | let 30 | S'[0] = rowperm(S[0],0,3,2,1); 31 | S'[1] = rowperm(S[1],1,0,3,2); 32 | S'[2] = rowperm(S[2],2,1,0,3); 33 | S'[3] = rowperm(S[3],3,2,1,0); 34 | tel 35 | 36 | node AddRoundKey(S:u32x4, W:u32[8], rc:u32) returns (S':u32x4) 37 | let 38 | S'[2] = S[2] ^ ((W[2] << 16) ^ W[3]); 39 | S'[1] = S[1] ^ ((W[6] << 16) ^ W[7]); 40 | S'[3] = S[3] ^ 0x80000000 ^ rc; 41 | S'[0] = S[0]; 42 | tel 43 | 44 | node KeyUpdate(W:u32[8]) returns (W':u32[8]) 45 | let 46 | W'[0] = ((W[6] >> 2) ^ (W[6] << 14)) & 0xffff; 47 | W'[1] = ((W[7] >> 12) ^ (W[7] << 4)) & 0xffff; 48 | W'[7..2] = W[5..0]; 49 | tel 50 | 51 | node gift(P:u32x4, K:const u32[8]) returns (C:u32x4) 52 | vars 53 | round:u32x4[41], 54 | W:u32[2][8], 55 | GIFT_RC:u32[40] 56 | let 57 | round[0] = P; 58 | W[0] = K; 59 | 60 | GIFT_RC = ( 61 | 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3E, 0x3D, 0x3B, 0x37, 0x2F, 62 | 0x1E, 0x3C, 0x39, 0x33, 0x27, 0x0E, 0x1D, 0x3A, 0x35, 0x2B, 63 | 0x16, 0x2C, 0x18, 0x30, 0x21, 0x02, 0x05, 0x0B, 0x17, 0x2E, 64 | 0x1C, 0x38, 0x31, 0x23, 0x06, 0x0D, 0x1B, 0x36, 0x2D, 0x1A); 65 | 66 | forall i in [0, 39] { 67 | round[i+1] = 68 | AddRoundKey(PermBits(SubCells(round[i])),W[i%2],GIFT_RC[i]); 69 | W[(i+1)%2] = KeyUpdate(W[i%2]); 70 | } 71 | 72 | C = round[40] 73 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/present.ua: -------------------------------------------------------------------------------- 1 | _no_inline table sbox (a:v4) returns (out:v4) { 2 | 12, 5, 6, 11, 9, 0, 10, 13, 3, 14, 15, 8, 4, 7, 1, 2 3 | } 4 | 5 | // Warning: 1-indexed 6 | _no_inline perm pLayer (a:b64) returns (out:b64) { 7 | 1, 5, 9, 13, 17, 21, 25, 29, 33, 37, 41, 45, 49, 53, 57, 61, 8 | 2, 6, 10, 14, 18, 22, 26, 30, 34, 38, 42, 46, 50, 54, 58, 62, 9 | 3, 7, 11, 15, 19, 23, 27, 31, 35, 39, 43, 47, 51, 55, 59, 63, 10 | 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64 11 | } 12 | 13 | _no_inline node present_round (inp:b64, key:b64) returns (out:b64) 14 | vars 15 | sbox_in : b4[16], 16 | sbox_out : b4[16] 17 | let 18 | sbox_in = inp ^ key; 19 | forall i in [0, 15] { sbox_out[i] = sbox(sbox_in[i]) } 20 | out = pLayer(sbox_out) 21 | tel 22 | 23 | node present (plain:b64, key:b64[32]) returns (cipher:b64) 24 | vars 25 | tmp : b64[32] 26 | let 27 | tmp[0] = plain; 28 | forall i in [1, 31] { 29 | tmp[i] = present_round(tmp[i-1], key[i-1]) 30 | } 31 | cipher = tmp[31] ^ key[31] 32 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/pyjamask_vslice.ua: -------------------------------------------------------------------------------- 1 | table SubBytes (i:v4) returns (o:v4) { 2 | 0x2, 0xd, 0x3, 0x9, 0x7, 0xb, 0xa, 0x6, 0xe, 0x0, 0xf, 0x4, 0x8, 0x5, 0x1, 0xc 3 | } 4 | 5 | node AddRoundKey (i,k:u32x4) returns (o:u32x4) 6 | let 7 | o = i ^ k 8 | tel 9 | 10 | node mat_mult(col:const u32,vec:u32) returns (res:u32) 11 | vars 12 | mat_col:u32[33], 13 | res_tmp:u32[33], 14 | mask:u32[32] 15 | let 16 | mat_col[0] = col; 17 | res_tmp[0] = 0; 18 | 19 | forall i in [0, 31] { 20 | mask[i] = (vec << i) >>! 31; 21 | res_tmp[i+1] = res_tmp[i] ^ (mask[i] & mat_col[i]); 22 | mat_col[i+1] = mat_col[i] >>> 1; 23 | } 24 | 25 | res = res_tmp[32]; 26 | tel 27 | 28 | node MixRows (input:u32x4) returns (output:u32x4) 29 | vars 30 | M: const u32[4] 31 | let 32 | M = (0xa3861085, 0x63417021, 0x692cf280, 0x48a54813); 33 | forall i in [0, 3] { 34 | output[i] = mat_mult(M[i], input[i]); 35 | } 36 | tel 37 | 38 | node pyjamask (plaintext:u32x4, key:u32x4[15]) returns (ciphertext:u32x4) 39 | vars 40 | round: u32x4[15] 41 | let 42 | round[0] = plaintext; 43 | forall i in [0, 13] { 44 | round[i+1] = MixRows(SubBytes(AddRoundKey(round[i], key[i]))) 45 | } 46 | ciphertext = AddRoundKey(round[14], key[14]) 47 | tel 48 | -------------------------------------------------------------------------------- /src/usuba/samples/usuba/rectangle.ua: -------------------------------------------------------------------------------- 1 | _no_inline table SubColumn (input:v4) returns (out:v4) { 2 | 6, 5, 12, 10, 1, 14, 7, 9, 11, 0, 3, 13, 8, 15, 4, 2 3 | } 4 | 5 | node ShiftRows (input:u16x4) returns (out:u16x4) 6 | vars 7 | let 8 | out[0] = input[0]; 9 | out[1] = input[1] <<< 1; 10 | out[2] = input[2] <<< 12; 11 | out[3] = input[3] <<< 13 12 | tel 13 | 14 | node Rectangle (plain:u16x4,key:const u16x4[26]) returns (cipher:u16x4) 15 | vars 16 | tmp : u16x4[26] 17 | let 18 | 19 | tmp[0] = plain; 20 | 21 | forall i in [0,24] { 22 | tmp[i+1] = ShiftRows( SubColumn( tmp[i] ^ key[i] ) ) 23 | } 24 | 25 | cipher = tmp[25] ^ key[25] 26 | 27 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/serpent.ua: -------------------------------------------------------------------------------- 1 | 2 | _no_inline table[] sbox (input:v4) returns (out:v4) [ 3 | { 3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 } ; 4 | {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } ; 5 | { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } ; 6 | { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } ; 7 | { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } ; 8 | {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } ; 9 | { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } ; 10 | { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } 11 | ] 12 | 13 | 14 | _no_inline node transform (x:u32x4) returns (out:u32x4) 15 | let 16 | x[0] := x[0] <<< 13; 17 | x[2] := x[2] <<< 3; 18 | x[1] := x[1] ^ x[0] ^ x[2]; 19 | x[3] := x[3] ^ x[2] ^ (x[0] << 3); 20 | x[1] := x[1] <<< 1; 21 | x[3] := x[3] <<< 7; 22 | x[0] := x[0] ^ x[1] ^ x[3]; 23 | x[2] := x[2] ^ x[3] ^ (x[1] << 7); 24 | x[0] := x[0] <<< 5; 25 | x[2] := x[2] <<< 22; 26 | out = x 27 | tel 28 | 29 | node Serpent (plaintext:u32x4, keys:const u32x4[33]) returns (ciphertext:u32x4) 30 | vars 31 | tmp : u32x4[32] 32 | let 33 | tmp[0] = plaintext; 34 | 35 | forall i in [0,30] { 36 | tmp[i+1] = transform(sbox(tmp[i] ^ keys[i])) 37 | } 38 | 39 | ciphertext = sbox<7>(tmp[31] ^ keys[31]) ^ keys[32] 40 | 41 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/spongent.ua: -------------------------------------------------------------------------------- 1 | table sBox (x:b4) returns (y:b4) { 2 | #3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 3 | 0xe,0xd,0xb,0x0,0x2,0x1,0x4,0xf,0x7,0xa,0x8,0x5,0x9,0xc,0x3,0x6 4 | } 5 | 6 | node sBoxLayer(state:b8[20]) returns (stateR:b8[20]) 7 | let 8 | forall i in [0, 19] { 9 | stateR[i][0..3] = sBox(state[i][0..3]); 10 | stateR[i][4..7] = sBox(state[i][4..7]); 11 | } 12 | tel 13 | 14 | # node pLayer(state:b160) returns (stateR:b160) 15 | # let 16 | # forall i in [0, 158] { 17 | # stateR[(i*40)%159] = state[i]; 18 | # } 19 | # stateR[159] = state[159]; 20 | # tel 21 | node pLayer(state:b8[20]) returns (stateR:b8[20]) 22 | vars x:b1[160], PermutedBitNo:nat, y:nat 23 | let 24 | forall i in [0, 18] { 25 | forall j in [0, 7] { 26 | x[i*8+j] = state[i][7-j]; 27 | stateR[((((8*i+j)*40) % 159) / 8)][7-((((8*i+j)*40) % 159) - (8*((((8*i+j)*40) % 159) / 8)))] = x[i*8+j]; 28 | } 29 | } 30 | forall j in [0, 6] { 31 | x[19*8+j] = state[19][7-j]; 32 | stateR[((((8*19+j)*40) % 159) / 8)][7-((((8*19+j)*40) % 159) - (8*((((8*19+j)*40) % 159) / 8)))] = x[19*8+j]; 33 | } 34 | stateR[19][0] = state[19][0]; 35 | tel 36 | 37 | node counterLayer(state:b8[20],counter:b8) returns (stateR:b8[20]) 38 | let 39 | stateR[1..18] = state[1..18]; 40 | stateR[0] = state[0] ^ counter; 41 | stateR[19] = state[19] ^ counter[7..0]; 42 | tel 43 | 44 | node lfsr(counter:b8) returns (counterR:b8) 45 | let 46 | counterR = ((counter << 1) | (((0x40:b8 & counter) >> 6) ^ ((0x20:b8 & counter) >> 5))) & 0x7f:b8; 47 | tel 48 | 49 | node permutation(input:b8[20]) returns (output:b8[20]) 50 | vars 51 | state:b8[81][20], 52 | counter:b8[81] # Actually u7, but this is maintained manually 53 | let 54 | state[0] = input; 55 | counter[0] = 0x75:b8; 56 | 57 | forall i in [0, 79] { 58 | state[i+1] = pLayer(sBoxLayer(counterLayer(state[i],counter[i]))); 59 | counter[i+1] = lfsr(counter[i]); 60 | } 61 | 62 | output = state[80]; 63 | tel -------------------------------------------------------------------------------- /src/usuba/samples/usuba/xoodoo.ua: -------------------------------------------------------------------------------- 1 | 2 | node theta(A:u32[3][4]) returns (R:u32[3][4]) 3 | vars P, E: u32[4] 4 | let 5 | P = A[0] ^ A[1] ^ A[2]; 6 | forall i in [0, 3] { 7 | # avoiding (i-1)%4, because usuba will generate a int for |i|, and 8 | # when i==0, then (i-1)%4 == -1... 9 | E[i] = (P[(i+3)%4] <<< 5) ^ (P[(i+3)%4] <<< 14); 10 | } 11 | forall i in [0, 2] { R[i] = A[i] ^ E } 12 | tel 13 | 14 | node rho_west(A:u32[3][4]) returns (R:u32[3][4]) 15 | let 16 | R[0] = A[0]; 17 | R[1] = A[1] >>> 1; 18 | forall i in [0, 3] { R[2][i] = A[2][i] <<< 11 } 19 | tel 20 | 21 | node iota(A:u32[3][4],rc:u32) returns (R:u32[3][4]) 22 | let 23 | R[0][0] = A[0][0] ^ rc; 24 | R[0][1..3] = A[0][1..3]; 25 | R[1,2] = A[1,2]; 26 | tel 27 | 28 | node chi(A:u32[3][4]) returns (R:u32[3][4]) 29 | vars B:u32[3][4] 30 | let 31 | B[0] = (~A[1]) & A[2]; 32 | B[1] = (~A[2]) & A[0]; 33 | B[2] = (~A[0]) & A[1]; 34 | R = A ^ B; 35 | tel 36 | 37 | node rho_east(A:u32[3][4]) returns (R:u32[3][4]) 38 | let 39 | R[0] = A[0]; 40 | forall i in [0, 3] { R[1][i] = A[1][i] <<< 1 } 41 | forall i in [0, 3] { R[2][i] = A[2][(i+2)%4] <<< 8 } 42 | tel 43 | 44 | node round(state:u32[3][4], rc:u32) returns (stateR:u32[3][4]) 45 | let 46 | stateR = rho_east(chi(iota(rho_west(theta(state)),rc))) 47 | tel 48 | 49 | 50 | node xoodoo(input:u32[3][4]) returns (output:u32[3][4]) 51 | vars state:u32[13][3][4], 52 | RC:u32[12] 53 | let 54 | RC = (0x58,0x38,0x3C0,0xD0,0x120,0x14, 55 | 0x60,0x2C,0x380,0xF0,0x1A0,0x12); 56 | state[0] = input; 57 | forall i in [0, 11] { 58 | state[i+1] = round(state[i], RC[i]); 59 | } 60 | output = state[12]; 61 | tel -------------------------------------------------------------------------------- /src/usuba/src/.gitignore: -------------------------------------------------------------------------------- 1 | *.mli 2 | *.glob 3 | *.vo 4 | *.aux 5 | usuba_AST.ml 6 | config.ml -------------------------------------------------------------------------------- /src/usuba/src/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: all clean 2 | 3 | MENHIR = menhir 4 | MENHIRFLAGS := --infer --explain 5 | PACKAGES := -pkg str -pkg unix 6 | INCLUDES := -I normalization -I optimization -I parsing -I c_gen -I verification -I c_gen/runtimes -I tests -I tightprove -I tightprove/parsing -I maskverif 7 | OCAMLBUILD := ocamlbuild -use-ocamlfind $(PACKAGES) $(INCLUDES) -use-menhir -menhir "$(MENHIR) $(MENHIRFLAGS)" 8 | 9 | MAIN := main 10 | 11 | COQCFILES = usuba_AST.v 12 | 13 | all: 14 | coqc $(COQCFILES) 15 | $(OCAMLBUILD) $(MAIN).native 16 | rm *.vo *.glob 17 | ./main.native -tests 18 | cp main.native ../usubac 19 | 20 | clean: 21 | rm -f *~ .*~ 22 | $(OCAMLBUILD) -clean 23 | -------------------------------------------------------------------------------- /src/usuba/src/assert_lang.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Basic_utils 3 | open Utils 4 | 5 | 6 | module Usuba0 = struct 7 | 8 | let is_usuba0 (prog:prog) : bool = 9 | true 10 | end 11 | 12 | module Usuba_norm = struct 13 | 14 | let check_var (var:var) : bool = 15 | match var with 16 | | Var _ -> true 17 | | _ -> false 18 | 19 | let check_pat_e (p:var list) (e:expr) : bool = 20 | match e with 21 | | Tuple l -> List.length l = List.length p 22 | | _ -> true 23 | 24 | let rec check_expr (e:expr) : bool = 25 | match e with 26 | | Const _ -> true 27 | | ExpVar v -> check_var v 28 | | Tuple l -> List.for_all check_expr l 29 | | Not e -> check_expr e 30 | | Shift(_,e,_) -> check_expr e 31 | | Log(_,x,y) -> check_expr x && check_expr y 32 | | Shuffle(v,_) -> check_var v 33 | | Arith(_,x,y) -> check_expr x && check_expr y 34 | | Fun(_,l) -> List.for_all check_expr l 35 | | Fun_v _ -> false 36 | | Fby _ -> raise (Not_implemented "Fby") 37 | | When(_,_,_) -> false 38 | | Merge(_,_) -> false 39 | 40 | let check_p (p:p) : bool = 41 | List.for_all (function 42 | | ((_,Array _),_) -> false 43 | | _ -> true) p 44 | 45 | let check_def (def:def) : bool = 46 | match def.node with 47 | | Single(vars,body) -> 48 | check_p def.p_in && check_p def.p_out && check_p vars 49 | && List.for_all (function 50 | | Eqn(p,e) -> List.for_all check_var p && check_expr e 51 | && check_pat_e p e 52 | | _ -> false) body 53 | | _ -> false 54 | 55 | let is_usuba_normalized (prog:prog) : bool = 56 | Usuba0.is_usuba0 prog && 57 | List.for_all check_def prog.nodes 58 | end 59 | 60 | -------------------------------------------------------------------------------- /src/usuba/src/c_gen/usuba_to_c.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Basic_utils 3 | open Utils 4 | 5 | let prog_to_c (orig:prog) (normed:prog) (conf:config) (filename:string) : string = 6 | 7 | 8 | (* let prog = if conf.interleave > 0 then *) 9 | (* Interleave.interleave normed conf *) 10 | (* else normed in *) 11 | 12 | GenC_standalone.gen_runtime orig normed conf filename 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/usuba/src/clear_origins.ml: -------------------------------------------------------------------------------- 1 | (* **************************************************************** 2 | clear_origins.ml 3 | 4 | This module removes all origins from the programs: 5 | 6 | - all var_d's vd_orig fields are set to [] 7 | 8 | - all deq's orig fields are set to []. 9 | *) 10 | 11 | 12 | open Usuba_AST 13 | open Basic_utils 14 | open Utils 15 | 16 | let rec clear_deqs (deqs:deq list) : deq list = 17 | List.map (fun d -> 18 | { orig = []; 19 | content = match d.content with 20 | | Eqn _ -> d.content 21 | | Loop(i,ei,ef,dl,opts) -> 22 | Loop(i,ei,ef,clear_deqs dl,opts) }) deqs 23 | 24 | let clear_vd (vd:var_d) : var_d = 25 | { vd with vd_orig = [] } 26 | 27 | let clear_def (def:def) : def = 28 | let p_in = List.map clear_vd def.p_in in 29 | let p_out = List.map clear_vd def.p_out in 30 | { def with 31 | p_in = p_in; 32 | p_out = p_out; 33 | node = 34 | match def.node with 35 | | Single(vars,body) -> 36 | let vars = List.map clear_vd vars in 37 | let body = clear_deqs body in 38 | Single(vars,body) 39 | | _ -> def.node } 40 | 41 | let run _ (prog:prog) (conf:config) : prog = 42 | { nodes = List.map clear_def prog.nodes } 43 | 44 | 45 | let as_pass = (run, "Clear_origins") 46 | -------------------------------------------------------------------------------- /src/usuba/src/normalization/expand_multiples.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Basic_utils 3 | open Utils 4 | 5 | 6 | let run _ (prog:prog) (conf:config) : prog = 7 | { nodes = 8 | flat_map (fun def -> 9 | match def.node with 10 | | Multiple l -> 11 | List.mapi (fun i x -> 12 | { def with id = fresh_suffix def.id (Printf.sprintf "%d'" i); 13 | node = x; }) 14 | l 15 | | _ -> [ def ] ) prog.nodes } 16 | 17 | 18 | let as_pass = (run, "Expand_multiples") 19 | -------------------------------------------------------------------------------- /src/usuba/src/normalization/normalize_core.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Basic_utils 3 | open Utils 4 | open Pass_runner 5 | 6 | let run (runner:pass_runner) (prog:prog) (conf:config) = 7 | runner#run_modules [ Expand_array.as_pass; 8 | Normalize_inner_core.as_pass; 9 | Expand_parameters.as_pass; 10 | Fix_dim.Dir_params.as_pass; 11 | Expand_array.as_pass; 12 | Normalize_inner_core.as_pass; 13 | Expand_parameters.as_pass; 14 | Fix_dim.Dir_inner.as_pass; 15 | Expand_array.as_pass; 16 | Normalize_inner_core.as_pass ] prog 17 | 18 | let as_pass = (run, "Normalize_core") 19 | -------------------------------------------------------------------------------- /src/usuba/src/normalization/normalize_inner_core.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Basic_utils 3 | open Utils 4 | open Pass_runner 5 | 6 | 7 | let run (runner:pass_runner) (prog:prog) (conf:config) = 8 | runner#run_modules [ Unfold_unnest.as_pass; 9 | Expand_array.as_pass; 10 | Expand_permut.as_pass; 11 | Norm_tuples.as_pass; 12 | Shift_tuples.as_pass; 13 | Norm_tuples.as_pass ] prog 14 | 15 | let as_pass = (run, "Normalize_inner_core") 16 | -------------------------------------------------------------------------------- /src/usuba/src/optimization/get_live_var.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Basic_utils 3 | open Utils 4 | 5 | 6 | 7 | let rec add_right env_var live e = 8 | match e with 9 | | Const _ -> () 10 | | ExpVar v -> List.iter (fun v -> Hashtbl.replace live (get_var_base v) true) 11 | (expand_var env_var v) 12 | | Tuple l -> List.iter (add_right env_var live) l 13 | | Not e -> add_right env_var live e 14 | | Shift(_,e,_) -> add_right env_var live e 15 | | Log(_,x,y) -> add_right env_var live x; add_right env_var live y 16 | | Shuffle(v,_) -> List.iter (fun v -> Hashtbl.replace live (get_var_base v) true) 17 | (expand_var env_var v) 18 | | Arith(_,x,y) -> add_right env_var live x; add_right env_var live y 19 | | Fun(_,l) -> List.iter (add_right env_var live) l 20 | | _ -> assert false 21 | 22 | let remove_left env_var live lhs = 23 | List.iter (fun v -> 24 | List.iter (fun v -> Hashtbl.remove live (get_var_base v)) 25 | (expand_var env_var v) 26 | )lhs 27 | 28 | 29 | let live_deq env_var live (deq:deq) : int = 30 | let nb_live = Hashtbl.length live in 31 | (match deq.content with 32 | | Eqn(lhs,rhs,_) -> add_right env_var live rhs; 33 | remove_left env_var live lhs 34 | | Loop _ -> raise (Not_implemented "live_deq(Loop ...)")); 35 | (* Printf.printf "[%3d -> %3d] %s\n" nb_live (Hashtbl.length live) (Usuba_print.deq_to_str deq); *) 36 | nb_live 37 | 38 | let live_deqs env_var (p_out:p) (deqs:deq list) : int = 39 | let live = Hashtbl.create 50 in 40 | List.iter (fun x -> List.iter (fun x -> Hashtbl.add live x true) (expand_var env_var (Var x.vd_id))) p_out; 41 | 42 | max_l (List.map (live_deq env_var live) (List.rev deqs)) 43 | 44 | 45 | let live_def (def:def) : int = 46 | match def.node with 47 | | Single(vars,body) -> 48 | let env_var = build_env_var def.p_in def.p_out vars in 49 | (try live_deqs env_var def.p_out body 50 | with Not_implemented _ -> -1) 51 | | _ -> -1 52 | 53 | let get_live_var (prog:prog) : int = 54 | max_l (List.map live_def prog.nodes) 55 | -------------------------------------------------------------------------------- /src/usuba/src/optimization/inplace_nodes.ml: -------------------------------------------------------------------------------- 1 | (***************************************************************************** ) 2 | inplace_nodes.ml 3 | 4 | Tries to make nodes modify their inputs in-place rather than 5 | creating new arrays everywhere. 6 | 7 | ( *****************************************************************************) 8 | 9 | open Usuba_AST 10 | open Basic_utils 11 | open Utils 12 | 13 | 14 | let rec can_inplace_deqs (deqs:deq list) : bool = 15 | List.for_all (fun deq -> 16 | match deq.content with 17 | | Eqn(lhs,e,_) -> 18 | update_vars lhs; 19 | check_eqn e 20 | | Loop(i,ei,ef,dl,_) -> t) deqs 21 | 22 | (* M*) 23 | let can_inplace_node (def:def) : bool = 24 | let 25 | match def.node with 26 | | Single(vars,body) -> 27 | let input_val = 28 | can_inplace_deqs def.p_in def.p_out body 29 | | _ -> false 30 | 31 | 32 | let inplace_def (env_fun:(ident,def) Hashtbl.t) (def:def) : unit = 33 | () 34 | 35 | let run _ (prog:prog) (conf:config) : prog = 36 | let env_fun = build_env_fun prog.nodes in 37 | if conf.inplace_nodes then 38 | (List.iter (inplace_def env_fun) prog.nodes; 39 | { nodes = List.map (fun f -> Hashtbl.find env_fun f.id) prog.nodes }) 40 | else prog 41 | 42 | 43 | let as_pass = (run, "Inplace_nodes"); 44 | -------------------------------------------------------------------------------- /src/usuba/src/optimization/simple_opts.ml: -------------------------------------------------------------------------------- 1 | (******************************************************************* ) 2 | simple_opts.ml 3 | 4 | This module just runs basic optimisations: 5 | - Constant Folding 6 | - Common Subexpression Elimination 7 | - Copy Propagation 8 | 9 | If I implement loop-invariant code motion, it will be ran here as 10 | well. 11 | 12 | 13 | ( ***************************************************************** *) 14 | 15 | open Usuba_AST 16 | open Basic_utils 17 | open Utils 18 | open Pass_runner 19 | 20 | 21 | let rec opt_def ?(retry:int=5) (def:def) = 22 | let def' = 23 | (Norm_tuples.norm_tuples_def 24 | (Copy_propagation.cp_def 25 | (CSE.cse_def 26 | (Constant_folding.fold_def def)))) in 27 | 28 | if retry > 0 then 29 | if def = def' then def else opt_def ~retry:(retry-1) def' 30 | else def' 31 | 32 | 33 | let rec _run (runner:pass_runner) ?(retry:int=20) (prog:prog) (conf:config) 34 | : prog = 35 | 36 | let prog' = runner#run_modules_guard 37 | [ Constant_folding.as_pass, conf.fold_const; 38 | CSE.as_pass, conf.cse; 39 | Copy_propagation.as_pass, conf.copy_prop; 40 | Norm_tuples.as_pass, true ] prog in 41 | 42 | if retry > 0 then 43 | if prog = prog' then prog else _run runner ~retry:(retry-1) prog' conf 44 | else prog' 45 | 46 | 47 | let run (runner:pass_runner) (prog:prog) (conf:config) : prog = 48 | _run runner prog conf 49 | 50 | 51 | let as_pass = (run, "Simple_opts") 52 | -------------------------------------------------------------------------------- /src/usuba/src/parsing/parser_api.ml: -------------------------------------------------------------------------------- 1 | open Lexer 2 | open Lexing 3 | open Usuba_AST 4 | open Printf 5 | 6 | let print_position outx lexbuf = 7 | let pos = lexbuf.lex_curr_p in 8 | fprintf outx "%s:%d:%d" pos.pos_fname 9 | pos.pos_lnum (pos.pos_cnum - pos.pos_bol + 1) 10 | 11 | let parse_file (filename:string) : Usuba_AST.prog = 12 | let f = open_in filename in 13 | let lex = from_channel f in 14 | try 15 | lex.lex_curr_p <- { lex.lex_curr_p with pos_fname = filename; }; 16 | Parser.prog Lexer.token lex 17 | with 18 | | SyntaxError msg -> 19 | fprintf stderr "%a: %s\n" print_position lex msg; 20 | exit (-1) 21 | | Parser.Error -> 22 | fprintf stderr "%a: syntax error\n" print_position lex; 23 | exit (-1) 24 | 25 | let parse_generic (parse_fun:(Lexing.lexbuf -> Parser.token) -> Lexing.lexbuf -> 'a) 26 | (str:string) : 'a = 27 | let lex = from_string str in 28 | try 29 | parse_fun Lexer.token lex 30 | with 31 | | SyntaxError msg -> 32 | fprintf stderr "%a: %s\n" print_position lex msg; 33 | exit (-1) 34 | | Parser.Error -> 35 | fprintf stderr "%a: syntax error\n" print_position lex; 36 | exit (-1) 37 | 38 | let parse_prog (str:string) : Usuba_AST.prog = 39 | parse_generic Parser.prog str 40 | 41 | let parse_arith_expr (str:string) : Usuba_AST.arith_expr = 42 | parse_generic Parser.arith_exp_a str 43 | 44 | let parse_var (str:string) : Usuba_AST.var = 45 | parse_generic Parser.var_a str 46 | 47 | let parse_expr (str:string) : Usuba_AST.expr = 48 | parse_generic Parser.exp_a str 49 | 50 | let parse_deq (str:string) : Usuba_AST.deq = 51 | parse_generic Parser.deq_a str 52 | 53 | let parse_def (str:string) : Usuba_AST.def = 54 | parse_generic Parser.def_a str 55 | -------------------------------------------------------------------------------- /src/usuba/src/tests/test_CSE.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Utils 3 | open CSE 4 | open Parser_api 5 | 6 | let test_simple () = 7 | let deqs = List.map parse_deq [ "x = a + b"; "y = a + b"; "z = a + b" ] in 8 | let deqs' = cse_deqs (Hashtbl.create 10) deqs in 9 | assert (deqs' = List.map parse_deq [ "x = a + b"; "y = x"; "z = x" ]) 10 | 11 | (* Make sure that consts aren't getting replaced by variables *) 12 | let test_const () = 13 | let deqs = List.map parse_deq [ "x = 0"; "y = 0" ] in 14 | let deqs' = cse_deqs (Hashtbl.create 10) deqs in 15 | assert (deqs' <> List.map parse_deq [ "x = 0"; "y = x" ]); 16 | assert (deqs' = List.map parse_deq [ "x = 0"; "y = 0" ]) 17 | 18 | let test_loop () = 19 | (* Making sure loops aren't uncorrectly optimized *) 20 | let deqs = List.map parse_deq [ 21 | "forall i in [1,2] { x[i] = y[i] ^ z[i] }"; 22 | "forall i in [3,4] { x[i] = y[i] ^ z[i] }" 23 | ] in 24 | let deqs' = cse_deqs (Hashtbl.create 10) deqs in 25 | assert (deqs' = deqs) 26 | 27 | 28 | let test () = 29 | test_simple (); 30 | test_const (); 31 | test_loop () 32 | -------------------------------------------------------------------------------- /src/usuba/src/tests/test_monomorphize.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Utils 3 | open Monomorphize 4 | open Parser_api 5 | 6 | let test_specialize_shuffle_vslice () = 7 | let v = fresh_ident "v" in 8 | let e = Shuffle(Var v,[0; 3; 1; 2]) in 9 | let env = Hashtbl.create 1 in 10 | Hashtbl.add env v (Uint(Vslice,Mint 4,1)); 11 | let expected = parse_expr "(v & 8:u4) ^ ((v << 2) & 4:u4) ^ ((v >> 1) & 2:u4) ^ ((v >> 1) & 1:u4)" in 12 | assert(Monomorphize.Vslice.specialize_expr (Hashtbl.create 1) (Hashtbl.create 1) env e = expected) 13 | 14 | 15 | 16 | let test () = 17 | test_specialize_shuffle_vslice () 18 | -------------------------------------------------------------------------------- /src/usuba/src/tests/test_pass_runner.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Utils 3 | open Parser_api 4 | open Pass_runner 5 | 6 | let test_simple () = 7 | let prog = parse_prog "node f(x:b1) returns (y:b1) let y = x tel" in 8 | let expected = parse_prog "node f_a_b(x:b1) returns (y:b1) let y = x tel" in 9 | let runner = new pass_runner default_conf in 10 | let result = runner#run_modules [ 11 | (fun _ p _ -> 12 | { nodes = List.map (fun n -> { n with id = fresh_suffix n.id "_a"}) p.nodes}), 13 | "a"; 14 | (fun _ p _ -> 15 | { nodes = List.map (fun n -> { n with id = fresh_suffix n.id "_b"}) p.nodes}), 16 | "b"] prog in 17 | assert (result = expected) 18 | 19 | let test () = 20 | test_simple () 21 | -------------------------------------------------------------------------------- /src/usuba/src/tests/test_remove_dead_code.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Utils 3 | open Remove_dead_code 4 | open Parser_api 5 | 6 | let test_simple () = 7 | let def = parse_def 8 | "node f(x,y:u1) returns (z:u1) 9 | vars a,b,c,d:u1 10 | let 11 | a = x ^ y; 12 | b = 1; 13 | c = a ^ b; 14 | z = a; 15 | tel" in 16 | let expected = parse_def 17 | "node f(x,y:u1) returns (z:u1) 18 | vars a:u1 19 | let 20 | a = x ^ y; 21 | z = a; 22 | tel" in 23 | assert (remove_dead_code_def def = expected) 24 | 25 | 26 | let test_loop_feedback () = 27 | let def = parse_def 28 | "node f(x,y:u1[2]) returns (z:u1[2]) 29 | vars zt:u1[2],t1:u1[3],t2:u1[3],u:u1 30 | let 31 | t1[0] = y[0]; 32 | t2[0] = y[1]; 33 | u = 1; 34 | forall i in [0,1] { 35 | zt[i] = t1[i] ^ x[i]; 36 | t1[i+1] = t1[i] ^ t2[i]; 37 | t2[i+1] = u ^ 1 38 | } 39 | z[0] = zt[1]; 40 | z[1] = zt[2]; 41 | tel" in 42 | let expected = parse_def 43 | "node f(x,y:u1[2]) returns (z:u1[2]) 44 | vars zt:u1[2],t1:u1[3],t2:u1[3],u:u1 45 | let 46 | t1[0] = y[0]; 47 | t2[0] = y[1]; 48 | u = 1; 49 | forall i in [0,1] { 50 | zt[i] = t1[i] ^ x[i]; 51 | t1[i+1] = t1[i] ^ t2[i]; 52 | t2[i+1] = u ^ 1 53 | } 54 | z[0] = zt[1]; 55 | z[1] = zt[2]; 56 | tel" in 57 | assert (remove_dead_code_def def = expected) 58 | 59 | 60 | let test () = 61 | (* test_simple (); *) 62 | test_loop_feedback () 63 | -------------------------------------------------------------------------------- /src/usuba/src/tightprove/parsing/lexer_tp.mll: -------------------------------------------------------------------------------- 1 | 2 | 3 | { 4 | open Lexing 5 | open Usuba_AST 6 | open Parser_tp 7 | open Utils 8 | 9 | exception SyntaxError of string 10 | 11 | (* keyword table *) 12 | let kwd_table = Hashtbl.create 10 13 | let _ = 14 | List.iter (fun (a,b) -> Hashtbl.add kwd_table a b) 15 | [ 16 | "rs", TOK_RS; 17 | "in", TOK_IN; 18 | "and", TOK_AND; 19 | "or", TOK_OR; 20 | "xor", TOK_XOR; 21 | "not", TOK_NOT; 22 | "setcst", TOK_SETCST; 23 | "setcstall", TOK_SETCSTALL; 24 | "refresh", TOK_REFRESH; 25 | "ref", TOK_REFRESH; 26 | ] 27 | 28 | let next_line lexbuf = 29 | let pos = lexbuf.lex_curr_p in 30 | lexbuf.lex_curr_p <- 31 | { pos with pos_bol = pos.pos_cnum; (*lexbuf.lex_curr_pos;*) 32 | pos_lnum = pos.pos_lnum + 1 33 | } 34 | } 35 | 36 | 37 | rule token = parse 38 | 39 | | "__END__" { TOK_EOF } 40 | 41 | (* spaces *) 42 | | [' ' '\t']+ { token lexbuf; } 43 | | ['\n'] { next_line lexbuf; token lexbuf; } 44 | | '#' [^ '\n' '\r']* { token lexbuf; } 45 | | "//" [^ '\n' '\r']* { token lexbuf; } 46 | 47 | 48 | (* identifiers / keywords *) 49 | | ['a' - 'z' 'A' - 'Z' '_' ] ['a' - 'z' 'A' - 'Z' '_' '[' ']' '0' - '9']* as id 50 | { try Hashtbl.find kwd_table id with Not_found -> TOK_id id } 51 | 52 | (* symbols *) 53 | | "(" { TOK_LPAREN } 54 | | ")" { TOK_RPAREN } 55 | | "=" { TOK_EQUAL } 56 | | "<<<" { TOK_LROTATE } 57 | | "<<" { TOK_LSHIFT } 58 | | ">>>" { TOK_RROTATE } 59 | | ">>" { TOK_RSHIFT } 60 | 61 | (* integers *) 62 | | ['0'-'9']+ as i { TOK_int (int_of_string i) } 63 | | "0x" ['0'-'9' 'a'-'f' 'A'-'F']+ as i { TOK_int (int_of_string i) } 64 | 65 | (* end of file *) 66 | | eof { TOK_EOF } 67 | 68 | (* error *) 69 | | _ { raise (SyntaxError ("Unexpected char: " ^ Lexing.lexeme lexbuf)) } 70 | -------------------------------------------------------------------------------- /src/usuba/src/tightprove/parsing/parser_api_tp.ml: -------------------------------------------------------------------------------- 1 | open Lexer_tp 2 | open Lexing 3 | open Tp_AST 4 | open Printf 5 | 6 | let print_position outx lexbuf = 7 | let pos = lexbuf.lex_curr_p in 8 | fprintf outx "%s:%d:%d" pos.pos_fname 9 | pos.pos_lnum (pos.pos_cnum - pos.pos_bol + 1) 10 | 11 | let parse_file (filename:string) : Tp_AST.def = 12 | let f = open_in filename in 13 | let lex = from_channel f in 14 | try 15 | lex.lex_curr_p <- { lex.lex_curr_p with pos_fname = filename; }; 16 | Parser_tp.def Lexer_tp.token lex 17 | with 18 | | SyntaxError msg -> 19 | fprintf stderr "%a: %s\n" print_position lex msg; 20 | exit (-1) 21 | | Parser_tp.Error -> 22 | fprintf stderr "%a: syntax error\n" print_position lex; 23 | exit (-1) 24 | 25 | let parse_generic (parse_fun:(Lexing.lexbuf -> Parser_tp.token) -> Lexing.lexbuf -> 'a) 26 | (str:string) : 'a = 27 | let lex = from_string str in 28 | try 29 | parse_fun Lexer_tp.token lex 30 | with 31 | | SyntaxError msg -> 32 | fprintf stderr "%a: %s\n" print_position lex msg; 33 | exit (-1) 34 | | Parser_tp.Error -> 35 | fprintf stderr "%a: syntax error\n" print_position lex; 36 | exit (-1) 37 | 38 | let parse_def (str:string) : Tp_AST.def = 39 | parse_generic Parser_tp.def str 40 | 41 | let parse_expr (str:string) : Tp_AST.expr = 42 | parse_generic Parser_tp.expr_a str 43 | -------------------------------------------------------------------------------- /src/usuba/src/tightprove/parsing/parser_tp.mly: -------------------------------------------------------------------------------- 1 | 2 | %{ 3 | open Tp_AST 4 | open Lexing 5 | open Utils 6 | exception Syntax_error 7 | %} 8 | 9 | /*******************\ 10 | |* tokens *| 11 | \*******************/ 12 | %token TOK_RS 13 | %token TOK_IN 14 | %token TOK_AND 15 | %token TOK_OR 16 | %token TOK_XOR 17 | %token TOK_NOT 18 | %token TOK_SETCST 19 | %token TOK_SETCSTALL 20 | %token TOK_REFRESH 21 | 22 | %token TOK_LPAREN 23 | %token TOK_RPAREN 24 | %token TOK_EQUAL 25 | %token TOK_LROTATE 26 | %token TOK_LSHIFT 27 | %token TOK_RROTATE 28 | %token TOK_RSHIFT 29 | 30 | %token TOK_id 31 | %token TOK_int 32 | 33 | %token TOK_EOF 34 | 35 | 36 | (***************************** Precedence levels ******************************) 37 | 38 | 39 | (******************************** Entry Point *********************************) 40 | %start def 41 | %start expr_a 42 | 43 | %% 44 | 45 | def: 46 | TOK_RS TOK_EQUAL rs=TOK_int 47 | inputs=list(TOK_IN v=TOK_id { v }) 48 | body=list(v=TOK_id TOK_EQUAL e=expr { { lhs = v; rhs = e } }) 49 | TOK_EOF 50 | { { rs = rs; inputs = inputs; body = body } } 51 | 52 | %inline log_op: 53 | | TOK_AND { And } 54 | | TOK_OR { Or } 55 | | TOK_XOR { Xor } 56 | 57 | %inline shift_op: 58 | | TOK_LSHIFT { Lshift } 59 | | TOK_RSHIFT { Rshift } 60 | | TOK_LROTATE { Lrotate } 61 | | TOK_RROTATE { Rrotate } 62 | 63 | expr: 64 | | TOK_LPAREN e=expr TOK_RPAREN { e } 65 | | x=TOK_id { ExpVar x } 66 | | TOK_SETCST TOK_LPAREN i=TOK_int TOK_RPAREN { Const i } 67 | | TOK_SETCSTALL TOK_LPAREN i=TOK_int TOK_RPAREN { ConstAll i } 68 | | TOK_REFRESH x=TOK_id { Refresh(x) } 69 | | TOK_NOT x=TOK_id { Not x } 70 | | op=log_op x=TOK_id y=TOK_id { Log(op,x,y) } 71 | | x=TOK_id op=shift_op i=TOK_int { Shift(op,x,i) } 72 | expr_a: e=expr TOK_EOF { e } 73 | 74 | %% 75 | -------------------------------------------------------------------------------- /src/usuba/src/tightprove/print_tp.ml: -------------------------------------------------------------------------------- 1 | open Tp_AST 2 | open Basic_utils 3 | open Printf 4 | 5 | let log_op_to_str = function 6 | | And -> "and" 7 | | Or -> "or" 8 | | Xor -> "xor" 9 | 10 | let shift_op_to_str = function 11 | | Lshift -> "<<" 12 | | Rshift -> ">>" 13 | | Lrotate -> "<<<" 14 | | Rrotate -> ">>>" 15 | 16 | let rec expr_to_str (e:expr) : string = 17 | match e with 18 | | ExpVar id -> id 19 | | Const c -> sprintf "setcst(0x%x)" c 20 | | ConstAll c -> sprintf "setcstall(0x%x)" c 21 | | BitToReg(id,n) -> sprintf "bit_to_reg(%s,%d)" id n 22 | | Refresh id -> sprintf "refresh %s" id 23 | | Not id -> sprintf "not %s" id 24 | | Log(o,x,y) -> sprintf "%s %s %s" (log_op_to_str o) x y 25 | | Shift(op,e,n) -> sprintf "%s %s %d" e (shift_op_to_str op) n 26 | 27 | let asgn_to_str (asgn:asgn) : string = 28 | sprintf "%s = %s\n" asgn.lhs (expr_to_str asgn.rhs) 29 | 30 | let def_to_str (def:def) : string = 31 | sprintf 32 | "rs=%d 33 | 34 | %s 35 | 36 | %s 37 | " 38 | (* m *) 39 | def.rs 40 | (* inputs *) 41 | (join "" (List.map (sprintf "in %s\n") def.inputs)) 42 | (* body *) 43 | (join "" (List.map asgn_to_str def.body)) 44 | 45 | 46 | let print_def (def:def) : unit = 47 | Printf.printf "%s" (def_to_str def) 48 | 49 | let print_def_to_file (def:def) (filename:string) : unit = 50 | let out = open_out filename in 51 | Printf.fprintf out "%s" (def_to_str def); 52 | flush out 53 | -------------------------------------------------------------------------------- /src/usuba/src/tightprove/tp_AST.ml: -------------------------------------------------------------------------------- 1 | 2 | type log_op = And | Or | Xor 3 | 4 | type arith_op = Add | Mul | Sub | Div | Mod 5 | 6 | type shift_op = Lshift | Rshift | Lrotate | Rrotate 7 | 8 | type expr = 9 | | ExpVar of string 10 | | Const of int 11 | | ConstAll of int 12 | | Refresh of string 13 | | BitToReg of string * int (* useful for Pyjamask: -1 if string.int == 1; 0 otherwise *) 14 | | Not of string 15 | | Log of log_op * string * string 16 | | Shift of shift_op * string * int 17 | 18 | type asgn = { lhs : string; rhs : expr } 19 | 20 | type def = { 21 | rs : int; (* register size *) 22 | inputs : string list; 23 | body : asgn list; 24 | } 25 | -------------------------------------------------------------------------------- /src/usuba/src/verification/soundness.ml: -------------------------------------------------------------------------------- 1 | open Usuba_AST 2 | open Basic_utils 3 | open Utils 4 | open Printf 5 | open Pass_runner 6 | 7 | exception Unsound of string 8 | 9 | 10 | let compare_tables (orig:def) (norm:def) = 11 | let nb_inputs = p_size norm.p_in in 12 | 13 | let out_size = p_size orig.p_out in 14 | for i = 0 to (pow 2 out_size) - 1 do 15 | let input = int_to_boollist i nb_inputs in 16 | let out_orig = Interp.Usuba.interp_table orig input in 17 | let out_norm = Interp.Usuba0.interp_node (Hashtbl.create 0) norm input in 18 | if out_orig <> out_norm then 19 | raise (Unsound (Printf.sprintf "%s: %d => expect:%d -- got:%d" orig.id.name i 20 | (boollist_to_int out_orig) 21 | (boollist_to_int out_norm))) 22 | done 23 | (* Printf.fprintf stderr "Table %s sound.\n" orig.id.name *) 24 | 25 | 26 | let tables_sound (runner:pass_runner) (orig:prog) (normalized:prog) : unit = 27 | 28 | List.iter (fun x -> 29 | match x.node with 30 | | Table _ -> 31 | (try let normed = 32 | List.find (fun def -> contains def.id.name x.id.name) 33 | normalized.nodes in 34 | compare_tables x normed 35 | with Not_found -> ()) 36 | | _ -> ()) (runner#run_module ~conf:default_conf 37 | Expand_multiples.as_pass orig).nodes 38 | -------------------------------------------------------------------------------- /src/usuba/usuba-mode.el: -------------------------------------------------------------------------------- 1 | (defvar usuba-mode-hook nil) 2 | 3 | 4 | (defvar usuba-mode-map 5 | (make-keymap) 6 | "Keymap for usuba major mode") 7 | 8 | (add-to-list 'auto-mode-alist '("\\.ua\\'" . usuba-mode)) 9 | 10 | (defconst usuba-font-lock-keywords 11 | (list 12 | '("\\<\\(forall\\|in\\|let\\|node\\|perm\\|returns\\|t\\(?:able\\|el\\)\\|vars\\)\\>" 13 | . font-lock-keyword-face) 14 | '("\\<\\(\\(u\\|v\\|b\\)\\(<[a-zA-Z0-9_']+>\\)?[0-9]+\\(x[0-9]+\\>\\)?\\|bool\\>\\|nat\\>\\)" . font-lock-type-face) 15 | '("\\<[A-Za-z_][A-Za-z0-9_]*\\>" . font-lock-variable-name-face) 16 | '("\\<[0-9]+\\>" . font-lock-constant-face) 17 | '("\\<\\([&|^]=\\|[!&|~^]\\)\\>" . font-lock-builtin-face))) 18 | 19 | (defvar usuba-mode-syntax-table 20 | (let ((st (make-syntax-table))) 21 | (modify-syntax-entry ?_ "w" st) 22 | (modify-syntax-entry ?# "<" st) 23 | (modify-syntax-entry ?\n ">" st) 24 | (modify-syntax-entry ?\/ ". 12" st) 25 | st) 26 | "Syntax table for usuba-mode") 27 | 28 | (defun usuba-prettify-symbols () 29 | (setq prettify-symbols-alist 30 | '( 31 | ("forall" . 8704) ; ∀ 32 | ("in" . 8712) ; ∈ 33 | )) 34 | (global-prettify-symbols-mode t)) 35 | 36 | (defun usuba-mode () 37 | "Major mode for editing Usuba programs" 38 | (interactive) 39 | (kill-all-local-variables) 40 | (set-syntax-table usuba-mode-syntax-table) 41 | (use-local-map usuba-mode-map) 42 | (set (make-local-variable 'font-lock-defaults) '(usuba-font-lock-keywords)) 43 | (setq major-mode 'usuba-mode) 44 | (setq mode-name "usuba") 45 | (usuba-prettify-symbols) 46 | (run-hooks 'usuba-mode-hook)) 47 | 48 | (provide 'usuba-mode) 49 | --------------------------------------------------------------------------------