Commit 0cc17299 authored by Jack Doerner's avatar Jack Doerner

Fixed floram for large elements; at least one bug still outstanding affecting...

Fixed floram for large elements; at least one bug still outstanding affecting large instances. Also added another test for AES.
parent e39aa1f5
...@@ -53,10 +53,15 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_ ...@@ -53,10 +53,15 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_
bool * b_bits = local_bit_output; bool * b_bits = local_bit_output;
bool * t_bits; bool * t_bits;
if (thislevel == bpo->endlevel - 1 && b2 == local_output) {
expansion_stride = (BLOCKSIZE * bpo->blockmultiple);
} else {
expansion_stride = BLOCKSIZE;
}
#pragma omp for #pragma omp for
for (size_t ii = 0; ii < 4*(nextlevelblocks/8); ii+=4) { for (size_t ii = 0; ii < 4*(nextlevelblocks/8); ii+=4) {
offline_prf_oct(&b2[ii*2*BLOCKSIZE], &b2[(ii*2+1)*BLOCKSIZE], &b2[(ii*2+2)*BLOCKSIZE], &b2[(ii*2+3)*BLOCKSIZE], offline_prf_oct(&b2[ii*2*expansion_stride], &b2[(ii*2+1)*expansion_stride], &b2[(ii*2+2)*expansion_stride], &b2[(ii*2+3)*expansion_stride],
&b2[(ii*2+4)*BLOCKSIZE], &b2[(ii*2+5)*BLOCKSIZE], &b2[(ii*2+6)*BLOCKSIZE], &b2[(ii*2+7)*BLOCKSIZE], &b2[(ii*2+4)*expansion_stride], &b2[(ii*2+5)*expansion_stride], &b2[(ii*2+6)*expansion_stride], &b2[(ii*2+7)*expansion_stride],
&a2[ii*BLOCKSIZE], &a2[ii*BLOCKSIZE], &a2[(ii+1)*BLOCKSIZE], &a2[(ii+1)*BLOCKSIZE], &a2[ii*BLOCKSIZE], &a2[ii*BLOCKSIZE], &a2[(ii+1)*BLOCKSIZE], &a2[(ii+1)*BLOCKSIZE],
&a2[(ii+2)*BLOCKSIZE], &a2[(ii+2)*BLOCKSIZE],&a2[(ii+3)*BLOCKSIZE], &a2[(ii+3)*BLOCKSIZE], &a2[(ii+2)*BLOCKSIZE], &a2[(ii+2)*BLOCKSIZE],&a2[(ii+3)*BLOCKSIZE], &a2[(ii+3)*BLOCKSIZE],
bpo->keyL, bpo->keyR, bpo->keyL, bpo->keyR, bpo->keyL, bpo->keyR, bpo->keyL, bpo->keyR,
...@@ -67,13 +72,13 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_ ...@@ -67,13 +72,13 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_
a_bits[ii+3] = a2[(ii+3)*BLOCKSIZE] & 1; a_bits[ii+3] = a2[(ii+3)*BLOCKSIZE] & 1;
} }
#pragma omp for #pragma omp single
for (size_t ii = 4*(nextlevelblocks/8); ii < thislevelblocks; ii++) { for (size_t ii = 4*(nextlevelblocks/8); ii < thislevelblocks; ii++) {
if ((ii+1)*2 <= nextlevelblocks) { if ((ii+1)*2 <= nextlevelblocks) {
offline_prf(&b2[ii*2*BLOCKSIZE], &a2[ii*BLOCKSIZE], bpo->keyL); offline_prf(&b2[ii*2*expansion_stride], &a2[ii*BLOCKSIZE], bpo->keyL);
offline_prf(&b2[(ii*2+1)*BLOCKSIZE], &a2[ii*BLOCKSIZE], bpo->keyR); offline_prf(&b2[(ii*2+1)*expansion_stride], &a2[ii*BLOCKSIZE], bpo->keyR);
} else if (ii*2+1 <= nextlevelblocks) { } else if (ii*2+1 <= nextlevelblocks) {
offline_prf(&b2[ii*2*BLOCKSIZE], &a2[ii*BLOCKSIZE], bpo->keyL); offline_prf(&b2[ii*2*expansion_stride], &a2[ii*BLOCKSIZE], bpo->keyL);
} }
a_bits[ii] = a2[ii*BLOCKSIZE] & 1; a_bits[ii] = a2[ii*BLOCKSIZE] & 1;
} }
...@@ -189,9 +194,9 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_ ...@@ -189,9 +194,9 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_
} }
} else { } else {
if (ii%2 == 0) { if (ii%2 == 0) {
a_bits[ii] = (a2[ii*BLOCKSIZE] & 1) ^ (b_bits[ii/2] & advicebit_l); a_bits[ii] = (a2[ii*(BLOCKSIZE * bpo->blockmultiple)] & 1) ^ (b_bits[ii/2] & advicebit_l);
} else { } else {
a_bits[ii] = (a2[ii*BLOCKSIZE] & 1) ^ (b_bits[ii/2] & advicebit_r); a_bits[ii] = (a2[ii*(BLOCKSIZE * bpo->blockmultiple)] & 1) ^ (b_bits[ii/2] & advicebit_r);
} }
if (b_bits[ii/2]) { if (b_bits[ii/2]) {
...@@ -203,6 +208,7 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_ ...@@ -203,6 +208,7 @@ void bitpropagator_offline_readblockvector(uint8_t * local_output, bool * local_
} }
} }
#pragma omp single
if (b == local_output) memcpy(b_bits, a_bits, thislevelblocks*sizeof(bool)); if (b == local_output) memcpy(b_bits, a_bits, thislevelblocks*sizeof(bool));
if (bpo->blockmultiple > 1) { if (bpo->blockmultiple > 1) {
......
...@@ -108,12 +108,12 @@ void bitpropagator_traverselevels(bitpropagator * bp, obliv size_t * indexp) { ...@@ -108,12 +108,12 @@ void bitpropagator_traverselevels(bitpropagator * bp, obliv size_t * indexp) {
//XOR the live branches with Z if they will also be XORed by the offline component //XOR the live branches with Z if they will also be XORed by the offline component
obliv if (control_bit_A) { obliv if (control_bit_A) {
for (size_t jj = 0; jj < BLOCKSIZE; jj ++) { for (size_t jj = 0; jj < BLOCKSIZE; jj ++) {
bp->activeblock_A[jj] ^= bp->Z[jj]; bp->activeblock_A[jj] ^= Z[jj];
} }
} }
obliv if (control_bit_B) { obliv if (control_bit_B) {
for (size_t jj = 0; jj < BLOCKSIZE; jj ++) { for (size_t jj = 0; jj < BLOCKSIZE; jj ++) {
bp->activeblock_B[jj] ^= bp->Z[jj]; bp->activeblock_B[jj] ^= Z[jj];
} }
} }
......
...@@ -79,7 +79,7 @@ void offline_expand_deinit() { ...@@ -79,7 +79,7 @@ void offline_expand_deinit() {
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
OK = _mm_xor_si128(NK, _mm_shuffle_epi32(_mm_aeskeygenassist_si128(OK, RND), 0xff)); \ OK = _mm_xor_si128(NK, _mm_shuffle_epi32(_mm_aeskeygenassist_si128(OK, RND), 0xff));
void offline_expand_2(uint8_t * dest, uint8_t * src) { void offline_expand_2(uint8_t * dest, uint8_t * src) {
...@@ -150,7 +150,7 @@ void * offline_prf_keyschedule(uint8_t * src) { ...@@ -150,7 +150,7 @@ void * offline_prf_keyschedule(uint8_t * src) {
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_shuffle_epi32(_mm_aeskeygenassist_si128(OK, RND), 0xff)); \ NK = _mm_xor_si128(NK, _mm_shuffle_epi32(_mm_aeskeygenassist_si128(OK, RND), 0xff));
__m128i * r = malloc(11*sizeof(__m128i)); __m128i * r = malloc(11*sizeof(__m128i));
...@@ -428,8 +428,7 @@ void offline_expand_from(uint8_t * dest, uint8_t * src, size_t i, size_t n) { ...@@ -428,8 +428,7 @@ void offline_expand_from(uint8_t * dest, uint8_t * src, size_t i, size_t n) {
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \ NK = _mm_xor_si128(NK, _mm_slli_si128(NK, 4)); \
NK = _mm_xor_si128(NK, _mm_shuffle_epi32(_mm_aeskeygenassist_si128(OK, RND), 0xff)); \ NK = _mm_xor_si128(NK, _mm_shuffle_epi32(_mm_aeskeygenassist_si128(OK, RND), 0xff));
// this version handles the case when n!=2 using a loop // this version handles the case when n!=2 using a loop
......
...@@ -198,6 +198,78 @@ void test_main(void*varg) { ...@@ -198,6 +198,78 @@ void test_main(void*varg) {
} }
} }
{
// test agains OpenSSL
obliv uint8_t input[16*BLOCKCOUNT];
obliv uint8_t iv[16];
obliv uint8_t key[16];
obliv uint8_t output[16*BLOCKCOUNT];
uint8_t input_raw[16*BLOCKCOUNT];
uint8_t iv_raw[16];
uint8_t key_raw[16];
uint8_t expected_output[16*BLOCKCOUNT];
for (int ii = 0; ii < 16*BLOCKCOUNT/sizeof(uint32_t); ii++) {
input[ii*sizeof(uint32_t)] = feedOblivInt(rand(), 1);
revealOblivInt(&input_raw[ii*sizeof(uint32_t)], input[ii*sizeof(uint32_t)], 0);
}
for (int ii = 0; ii < 16/sizeof(uint32_t); ii++) {
key[ii*sizeof(uint32_t)] = feedOblivInt(rand(), 2);
revealOblivInt(&key_raw[ii*sizeof(uint32_t)], key[ii*sizeof(uint32_t)], 0);
iv[ii*sizeof(uint32_t)] = feedOblivInt(rand(), 2);
revealOblivInt(&iv_raw[ii*sizeof(uint32_t)], iv[ii*sizeof(uint32_t)], 0);
}
// OpenSSL setup
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
EVP_CIPHER_CTX *ctx;
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_ctr(), NULL, key_raw, iv_raw)) handleErrors();
if(1 != EVP_CIPHER_CTX_set_padding(ctx, 0)) handleErrors();
int len;
for (int ii = 0; ii < BLOCKCOUNT; ii ++) if(1 != EVP_EncryptUpdate(ctx, &expected_output[16*ii], &len, &input_raw[16*ii], 16)) handleErrors();
// OpenSSL Cleanup
EVP_CIPHER_CTX_free(ctx);
CONF_modules_unload(1);
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
ERR_free_strings();
oaes_ctx * ctx2 = oaes_128_ctx_ctr_new(key, iv);
for (int ii = 0; ii < BLOCKCOUNT/2; ii++) oaes_128_encdec_double(&output[32*ii], &output[32*ii+16], ctx2, &input[32*ii], &input[32*ii+16]);
oaes_128_ctx_free(ctx2);
bool success = true;
for (int ii = 0; ii < 16*BLOCKCOUNT; ii++) {
uint8_t temp;
revealOblivChar(&temp, output[ii], 0);
success &= (temp == expected_output[ii]);
}
fprintf(stderr, "Test Item: %-70s %s\n", "oaes_128_encdec_double - 64 random blocks", (success)?STATUS_SUCCESS:STATUS_FAILURE);
if (!success) {
fprintf(stderr, "\tExpected Output:\t");
for (int ii = 0; ii < 16*BLOCKCOUNT; ii++) {
fprintf(stderr, "%02hhX", expected_output[ii]);
}
fprintf(stderr, "\n\tActual Output: \t\t");
for (int ii = 0; ii < 16*BLOCKCOUNT; ii++) {
uint8_t temp;
revealOblivChar(&temp, output[ii], 0);
fprintf(stderr, "%02hhX", temp);
}
fprintf(stderr, "\n");
}
}
fprintf(stderr, "\n"); fprintf(stderr, "\n");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment