From 585a001fdae86cbe939be0a32e5cb8a3ad4018f3 Mon Sep 17 00:00:00 2001 From: Douglas Stebila Date: Fri, 13 Mar 2020 12:08:53 -0400 Subject: [PATCH] Split aes*_keyexp up into ecb and ctr variants --- CONTRIBUTING.md | 2 +- common/aes.c | 20 +++++++++-- common/aes.h | 12 +++++-- crypto_kem/frodokem1344aes/clean/matrix_aes.c | 4 +-- crypto_kem/frodokem1344aes/opt/matrix_aes.c | 4 +-- crypto_kem/frodokem640aes/clean/matrix_aes.c | 4 +-- crypto_kem/frodokem640aes/opt/matrix_aes.c | 4 +-- crypto_kem/frodokem976aes/clean/matrix_aes.c | 4 +-- crypto_kem/frodokem976aes/opt/matrix_aes.c | 4 +-- crypto_kem/kyber1024-90s/clean/aes256ctr.c | 4 +-- crypto_kem/kyber512-90s/clean/aes256ctr.c | 4 +-- crypto_kem/kyber768-90s/clean/aes256ctr.c | 4 +-- crypto_kem/ledakemlt12/leaktime/rng.c | 2 +- crypto_kem/ledakemlt32/leaktime/rng.c | 2 +- crypto_kem/ledakemlt52/leaktime/rng.c | 2 +- crypto_kem/mceliece348864/avx/aes256ctr.c | 2 +- crypto_kem/mceliece348864/clean/aes256ctr.c | 2 +- crypto_kem/mceliece348864/sse/aes256ctr.c | 2 +- crypto_kem/mceliece348864/vec/aes256ctr.c | 2 +- crypto_kem/mceliece348864f/avx/aes256ctr.c | 2 +- crypto_kem/mceliece348864f/clean/aes256ctr.c | 2 +- crypto_kem/mceliece348864f/sse/aes256ctr.c | 2 +- crypto_kem/mceliece348864f/vec/aes256ctr.c | 2 +- crypto_kem/mceliece460896/avx/aes256ctr.c | 2 +- crypto_kem/mceliece460896/clean/aes256ctr.c | 2 +- crypto_kem/mceliece460896/sse/aes256ctr.c | 2 +- crypto_kem/mceliece460896/vec/aes256ctr.c | 2 +- crypto_kem/mceliece460896f/avx/aes256ctr.c | 2 +- crypto_kem/mceliece460896f/clean/aes256ctr.c | 2 +- crypto_kem/mceliece460896f/sse/aes256ctr.c | 2 +- crypto_kem/mceliece460896f/vec/aes256ctr.c | 2 +- crypto_kem/mceliece6688128/avx/aes256ctr.c | 2 +- crypto_kem/mceliece6688128/clean/aes256ctr.c | 2 +- crypto_kem/mceliece6688128/sse/aes256ctr.c | 2 +- crypto_kem/mceliece6688128/vec/aes256ctr.c | 2 +- crypto_kem/mceliece6688128f/avx/aes256ctr.c | 2 +- crypto_kem/mceliece6688128f/clean/aes256ctr.c | 2 +- crypto_kem/mceliece6688128f/sse/aes256ctr.c | 2 +- crypto_kem/mceliece6688128f/vec/aes256ctr.c | 2 +- crypto_kem/mceliece6960119/avx/aes256ctr.c | 2 +- crypto_kem/mceliece6960119/clean/aes256ctr.c | 2 +- crypto_kem/mceliece6960119/sse/aes256ctr.c | 2 +- crypto_kem/mceliece6960119/vec/aes256ctr.c | 2 +- crypto_kem/mceliece6960119f/avx/aes256ctr.c | 2 +- crypto_kem/mceliece6960119f/clean/aes256ctr.c | 2 +- crypto_kem/mceliece6960119f/sse/aes256ctr.c | 2 +- crypto_kem/mceliece6960119f/vec/aes256ctr.c | 2 +- crypto_kem/mceliece8192128/avx/aes256ctr.c | 2 +- crypto_kem/mceliece8192128/clean/aes256ctr.c | 2 +- crypto_kem/mceliece8192128/sse/aes256ctr.c | 2 +- crypto_kem/mceliece8192128/vec/aes256ctr.c | 2 +- crypto_kem/mceliece8192128f/avx/aes256ctr.c | 2 +- crypto_kem/mceliece8192128f/clean/aes256ctr.c | 2 +- crypto_kem/mceliece8192128f/sse/aes256ctr.c | 2 +- crypto_kem/mceliece8192128f/vec/aes256ctr.c | 2 +- .../rainbowIIIc-classic/clean/utils_prng.c | 4 +-- .../clean/utils_prng.c | 4 +-- .../rainbowIIIc-cyclic/clean/utils_prng.c | 4 +-- .../rainbowIa-classic/clean/utils_prng.c | 4 +-- .../clean/utils_prng.c | 4 +-- .../rainbowIa-cyclic/clean/utils_prng.c | 4 +-- .../rainbowVc-classic/clean/utils_prng.c | 4 +-- .../clean/utils_prng.c | 4 +-- .../rainbowVc-cyclic/clean/utils_prng.c | 4 +-- test/common/nistkatrng.c | 2 +- test/test_common/aes.c | 36 +++++++++++-------- 66 files changed, 128 insertions(+), 102 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 90ab437d..a337e67a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -58,7 +58,7 @@ See the section [API](#API) below. ``` 4. You may run the tests in the `tests/` folder. See the `README` for how to run the test suite. 5. Migrate your use of AES, SHA-2, and SHA-3 to the API in the `common` directory. - Note that if you use the AES API, you must use the `aes128_keyexp` routine (or 192 or 256) to expand the key into a key schedule object, + Note that if you use the AES API, you must use the `aes128_ecb_keyexp` or aes128_ctr_keyexp` routines (or 192 or 256) to expand the key into a key schedule object, then use `aes128_ctx_release` to release the key schedule object once you're finished with it. For the SHAKE API, use the appropriate `_ctx_release` functions. For fixed-output functions SHA-2 and SHA-3, the `_finalize` function will free the state. diff --git a/common/aes.c b/common/aes.c index ff2ec125..43605a9c 100644 --- a/common/aes.c +++ b/common/aes.c @@ -574,7 +574,7 @@ static void aes_ctr(unsigned char *out, size_t outlen, const unsigned char *iv, -void aes128_keyexp(aes128ctx *r, const unsigned char *key) { +void aes128_ecb_keyexp(aes128ctx *r, const unsigned char *key) { uint64_t skey[22]; r->sk_exp = malloc(sizeof(uint64_t) * PQC_AES128_STATESIZE); @@ -586,8 +586,12 @@ void aes128_keyexp(aes128ctx *r, const unsigned char *key) { br_aes_ct64_skey_expand(r->sk_exp, skey, 10); } +void aes128_ctr_keyexp(aes128ctx *r, const unsigned char *key) { + return aes128_ecb_keyexp(r, key); +} -void aes192_keyexp(aes192ctx *r, const unsigned char *key) { + +void aes192_ecb_keyexp(aes192ctx *r, const unsigned char *key) { uint64_t skey[26]; r->sk_exp = malloc(sizeof(uint64_t) * PQC_AES192_STATESIZE); if (r->sk_exp == NULL) { @@ -599,7 +603,12 @@ void aes192_keyexp(aes192ctx *r, const unsigned char *key) { } -void aes256_keyexp(aes256ctx *r, const unsigned char *key) { +void aes192_ctr_keyexp(aes192ctx *r, const unsigned char *key) { + return aes192_ecb_keyexp(r, key); +} + + +void aes256_ecb_keyexp(aes256ctx *r, const unsigned char *key) { uint64_t skey[30]; r->sk_exp = malloc(sizeof(uint64_t) * PQC_AES256_STATESIZE); if (r->sk_exp == NULL) { @@ -611,6 +620,11 @@ void aes256_keyexp(aes256ctx *r, const unsigned char *key) { } +void aes256_ctr_keyexp(aes256ctx *r, const unsigned char *key) { + return aes256_ecb_keyexp(r, key); +} + + void aes128_ecb(unsigned char *out, const unsigned char *in, size_t nblocks, const aes128ctx *ctx) { aes_ecb(out, in, nblocks, ctx->sk_exp, 10); } diff --git a/common/aes.h b/common/aes.h index a590c8c4..01d7649d 100644 --- a/common/aes.h +++ b/common/aes.h @@ -29,7 +29,9 @@ typedef struct { /** Initializes the context **/ -void aes128_keyexp(aes128ctx *r, const unsigned char *key); +void aes128_ecb_keyexp(aes128ctx *r, const unsigned char *key); + +void aes128_ctr_keyexp(aes128ctx *r, const unsigned char *key); void aes128_ecb(unsigned char *out, const unsigned char *in, size_t nblocks, const aes128ctx *ctx); @@ -40,7 +42,9 @@ void aes128_ctx_release(aes128ctx *r); /** Initializes the context **/ -void aes192_keyexp(aes192ctx *r, const unsigned char *key); +void aes192_ecb_keyexp(aes192ctx *r, const unsigned char *key); + +void aes192_ctr_keyexp(aes192ctx *r, const unsigned char *key); void aes192_ecb(unsigned char *out, const unsigned char *in, size_t nblocks, const aes192ctx *ctx); @@ -50,7 +54,9 @@ void aes192_ctx_release(aes192ctx *r); /** Initializes the context **/ -void aes256_keyexp(aes256ctx *r, const unsigned char *key); +void aes256_ecb_keyexp(aes256ctx *r, const unsigned char *key); + +void aes256_ctr_keyexp(aes256ctx *r, const unsigned char *key); void aes256_ecb(unsigned char *out, const unsigned char *in, size_t nblocks, const aes256ctx *ctx); diff --git a/crypto_kem/frodokem1344aes/clean/matrix_aes.c b/crypto_kem/frodokem1344aes/clean/matrix_aes.c index 7b9a830a..40747b58 100644 --- a/crypto_kem/frodokem1344aes/clean/matrix_aes.c +++ b/crypto_kem/frodokem1344aes/clean/matrix_aes.c @@ -21,7 +21,7 @@ int PQCLEAN_FRODOKEM1344AES_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_ int16_t A[PARAMS_N * PARAMS_N] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { A[i * PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order @@ -62,7 +62,7 @@ int PQCLEAN_FRODOKEM1344AES_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_ int16_t A[PARAMS_N * PARAMS_N] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { A[i * PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order diff --git a/crypto_kem/frodokem1344aes/opt/matrix_aes.c b/crypto_kem/frodokem1344aes/opt/matrix_aes.c index 51ff8c47..58a91fba 100644 --- a/crypto_kem/frodokem1344aes/opt/matrix_aes.c +++ b/crypto_kem/frodokem1344aes/opt/matrix_aes.c @@ -28,7 +28,7 @@ int PQCLEAN_FRODOKEM1344AES_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t int16_t a_row_temp[4 * PARAMS_N] = {0}; // Take four lines of A at once aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { a_row_temp[j + 1 + 0 * PARAMS_N] = PQCLEAN_FRODOKEM1344AES_OPT_UINT16_TO_LE(j); // Loading values in the little-endian order @@ -86,7 +86,7 @@ int PQCLEAN_FRODOKEM1344AES_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t uint16_t a_cols_temp[PARAMS_N * PARAMS_STRIPE_STEP] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0, j = 0; i < PARAMS_N; i++, j += PARAMS_STRIPE_STEP) { a_cols_temp[j] = PQCLEAN_FRODOKEM1344AES_OPT_UINT16_TO_LE(i); // Loading values in the little-endian order diff --git a/crypto_kem/frodokem640aes/clean/matrix_aes.c b/crypto_kem/frodokem640aes/clean/matrix_aes.c index 1858b754..f2c95176 100644 --- a/crypto_kem/frodokem640aes/clean/matrix_aes.c +++ b/crypto_kem/frodokem640aes/clean/matrix_aes.c @@ -21,7 +21,7 @@ int PQCLEAN_FRODOKEM640AES_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t int16_t A[PARAMS_N * PARAMS_N] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { A[i * PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order @@ -62,7 +62,7 @@ int PQCLEAN_FRODOKEM640AES_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t int16_t A[PARAMS_N * PARAMS_N] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { A[i * PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order diff --git a/crypto_kem/frodokem640aes/opt/matrix_aes.c b/crypto_kem/frodokem640aes/opt/matrix_aes.c index 2c03ead3..2d858502 100644 --- a/crypto_kem/frodokem640aes/opt/matrix_aes.c +++ b/crypto_kem/frodokem640aes/opt/matrix_aes.c @@ -28,7 +28,7 @@ int PQCLEAN_FRODOKEM640AES_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t * int16_t a_row_temp[4 * PARAMS_N] = {0}; // Take four lines of A at once aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { a_row_temp[j + 1 + 0 * PARAMS_N] = PQCLEAN_FRODOKEM640AES_OPT_UINT16_TO_LE(j); // Loading values in the little-endian order @@ -86,7 +86,7 @@ int PQCLEAN_FRODOKEM640AES_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t * uint16_t a_cols_temp[PARAMS_N * PARAMS_STRIPE_STEP] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0, j = 0; i < PARAMS_N; i++, j += PARAMS_STRIPE_STEP) { a_cols_temp[j] = PQCLEAN_FRODOKEM640AES_OPT_UINT16_TO_LE(i); // Loading values in the little-endian order diff --git a/crypto_kem/frodokem976aes/clean/matrix_aes.c b/crypto_kem/frodokem976aes/clean/matrix_aes.c index f02ffb70..ae0a8a0c 100644 --- a/crypto_kem/frodokem976aes/clean/matrix_aes.c +++ b/crypto_kem/frodokem976aes/clean/matrix_aes.c @@ -21,7 +21,7 @@ int PQCLEAN_FRODOKEM976AES_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t int16_t A[PARAMS_N * PARAMS_N] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { A[i * PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order @@ -62,7 +62,7 @@ int PQCLEAN_FRODOKEM976AES_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t int16_t A[PARAMS_N * PARAMS_N] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0; i < PARAMS_N; i++) { for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { A[i * PARAMS_N + j] = (int16_t) i; // Loading values in the little-endian order diff --git a/crypto_kem/frodokem976aes/opt/matrix_aes.c b/crypto_kem/frodokem976aes/opt/matrix_aes.c index d703af93..ddff99ac 100644 --- a/crypto_kem/frodokem976aes/opt/matrix_aes.c +++ b/crypto_kem/frodokem976aes/opt/matrix_aes.c @@ -28,7 +28,7 @@ int PQCLEAN_FRODOKEM976AES_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t * int16_t a_row_temp[4 * PARAMS_N] = {0}; // Take four lines of A at once aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (j = 0; j < PARAMS_N; j += PARAMS_STRIPE_STEP) { a_row_temp[j + 1 + 0 * PARAMS_N] = PQCLEAN_FRODOKEM976AES_OPT_UINT16_TO_LE(j); // Loading values in the little-endian order @@ -86,7 +86,7 @@ int PQCLEAN_FRODOKEM976AES_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t * uint16_t a_cols_temp[PARAMS_N * PARAMS_STRIPE_STEP] = {0}; aes128ctx ctx128; - aes128_keyexp(&ctx128, seed_A); + aes128_ecb_keyexp(&ctx128, seed_A); for (i = 0, j = 0; i < PARAMS_N; i++, j += PARAMS_STRIPE_STEP) { a_cols_temp[j] = PQCLEAN_FRODOKEM976AES_OPT_UINT16_TO_LE(i); // Loading values in the little-endian order diff --git a/crypto_kem/kyber1024-90s/clean/aes256ctr.c b/crypto_kem/kyber1024-90s/clean/aes256ctr.c index 1e81589d..2e0143a3 100644 --- a/crypto_kem/kyber1024-90s/clean/aes256ctr.c +++ b/crypto_kem/kyber1024-90s/clean/aes256ctr.c @@ -52,7 +52,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const iv[0] = nonce; aes256ctx ctx; - aes256_keyexp(&ctx, key); + aes256_ctr_keyexp(&ctx, key); aes256_ctr(output, outlen, iv, &ctx); aes256_ctx_release(&ctx); } @@ -70,7 +70,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const * - uint8_t y: second additional byte to "absorb" **************************************************/ void PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t *key, uint8_t x, uint8_t y) { - aes256_keyexp(&s->sk_exp, key); + aes256_ctr_keyexp(&s->sk_exp, key); for (int i = 2; i < 12; i++) { s->iv[i] = 0; } diff --git a/crypto_kem/kyber512-90s/clean/aes256ctr.c b/crypto_kem/kyber512-90s/clean/aes256ctr.c index 7d536f30..e306ccb4 100644 --- a/crypto_kem/kyber512-90s/clean/aes256ctr.c +++ b/crypto_kem/kyber512-90s/clean/aes256ctr.c @@ -52,7 +52,7 @@ void PQCLEAN_KYBER51290S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const iv[0] = nonce; aes256ctx ctx; - aes256_keyexp(&ctx, key); + aes256_ctr_keyexp(&ctx, key); aes256_ctr(output, outlen, iv, &ctx); aes256_ctx_release(&ctx); } @@ -70,7 +70,7 @@ void PQCLEAN_KYBER51290S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const * - uint8_t y: second additional byte to "absorb" **************************************************/ void PQCLEAN_KYBER51290S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t *key, uint8_t x, uint8_t y) { - aes256_keyexp(&s->sk_exp, key); + aes256_ctr_keyexp(&s->sk_exp, key); for (int i = 2; i < 12; i++) { s->iv[i] = 0; } diff --git a/crypto_kem/kyber768-90s/clean/aes256ctr.c b/crypto_kem/kyber768-90s/clean/aes256ctr.c index 950ab45b..f49e20f9 100644 --- a/crypto_kem/kyber768-90s/clean/aes256ctr.c +++ b/crypto_kem/kyber768-90s/clean/aes256ctr.c @@ -52,7 +52,7 @@ void PQCLEAN_KYBER76890S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const iv[0] = nonce; aes256ctx ctx; - aes256_keyexp(&ctx, key); + aes256_ctr_keyexp(&ctx, key); aes256_ctr(output, outlen, iv, &ctx); aes256_ctx_release(&ctx); } @@ -70,7 +70,7 @@ void PQCLEAN_KYBER76890S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const * - uint8_t y: second additional byte to "absorb" **************************************************/ void PQCLEAN_KYBER76890S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t *key, uint8_t x, uint8_t y) { - aes256_keyexp(&s->sk_exp, key); + aes256_ctr_keyexp(&s->sk_exp, key); for (int i = 2; i < 12; i++) { s->iv[i] = 0; } diff --git a/crypto_kem/ledakemlt12/leaktime/rng.c b/crypto_kem/ledakemlt12/leaktime/rng.c index 0febbf62..651b0dd1 100644 --- a/crypto_kem/ledakemlt12/leaktime/rng.c +++ b/crypto_kem/ledakemlt12/leaktime/rng.c @@ -72,7 +72,7 @@ int PQCLEAN_LEDAKEMLT12_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s return RNG_BAD_REQ_LEN; } - aes256_keyexp(&ctx256, ctx->key); + aes256_ecb_keyexp(&ctx256, ctx->key); ctx->length_remaining -= xlen; offset = 0; diff --git a/crypto_kem/ledakemlt32/leaktime/rng.c b/crypto_kem/ledakemlt32/leaktime/rng.c index 99193987..73ed0783 100644 --- a/crypto_kem/ledakemlt32/leaktime/rng.c +++ b/crypto_kem/ledakemlt32/leaktime/rng.c @@ -72,7 +72,7 @@ int PQCLEAN_LEDAKEMLT32_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s return RNG_BAD_REQ_LEN; } - aes256_keyexp(&ctx256, ctx->key); + aes256_ecb_keyexp(&ctx256, ctx->key); ctx->length_remaining -= xlen; offset = 0; diff --git a/crypto_kem/ledakemlt52/leaktime/rng.c b/crypto_kem/ledakemlt52/leaktime/rng.c index 7354c8e0..7bc92388 100644 --- a/crypto_kem/ledakemlt52/leaktime/rng.c +++ b/crypto_kem/ledakemlt52/leaktime/rng.c @@ -72,7 +72,7 @@ int PQCLEAN_LEDAKEMLT52_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s return RNG_BAD_REQ_LEN; } - aes256_keyexp(&ctx256, ctx->key); + aes256_ecb_keyexp(&ctx256, ctx->key); ctx->length_remaining -= xlen; offset = 0; diff --git a/crypto_kem/mceliece348864/avx/aes256ctr.c b/crypto_kem/mceliece348864/avx/aes256ctr.c index 44ff4f32..09143586 100644 --- a/crypto_kem/mceliece348864/avx/aes256ctr.c +++ b/crypto_kem/mceliece348864/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece348864/clean/aes256ctr.c b/crypto_kem/mceliece348864/clean/aes256ctr.c index 7bbf5880..c733d2e9 100644 --- a/crypto_kem/mceliece348864/clean/aes256ctr.c +++ b/crypto_kem/mceliece348864/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece348864/sse/aes256ctr.c b/crypto_kem/mceliece348864/sse/aes256ctr.c index 0a3fef52..78849348 100644 --- a/crypto_kem/mceliece348864/sse/aes256ctr.c +++ b/crypto_kem/mceliece348864/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece348864/vec/aes256ctr.c b/crypto_kem/mceliece348864/vec/aes256ctr.c index a387cac4..387a5ea1 100644 --- a/crypto_kem/mceliece348864/vec/aes256ctr.c +++ b/crypto_kem/mceliece348864/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece348864f/avx/aes256ctr.c b/crypto_kem/mceliece348864f/avx/aes256ctr.c index 4c62840c..6bcb14ac 100644 --- a/crypto_kem/mceliece348864f/avx/aes256ctr.c +++ b/crypto_kem/mceliece348864f/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864F_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece348864f/clean/aes256ctr.c b/crypto_kem/mceliece348864f/clean/aes256ctr.c index 1ad0b107..6428fccb 100644 --- a/crypto_kem/mceliece348864f/clean/aes256ctr.c +++ b/crypto_kem/mceliece348864f/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864F_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece348864f/sse/aes256ctr.c b/crypto_kem/mceliece348864f/sse/aes256ctr.c index b3fa41f7..c8d49dcc 100644 --- a/crypto_kem/mceliece348864f/sse/aes256ctr.c +++ b/crypto_kem/mceliece348864f/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864F_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece348864f/vec/aes256ctr.c b/crypto_kem/mceliece348864f/vec/aes256ctr.c index e661e400..4a7d6f1e 100644 --- a/crypto_kem/mceliece348864f/vec/aes256ctr.c +++ b/crypto_kem/mceliece348864f/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE348864F_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896/avx/aes256ctr.c b/crypto_kem/mceliece460896/avx/aes256ctr.c index 11fec7df..c4934ee2 100644 --- a/crypto_kem/mceliece460896/avx/aes256ctr.c +++ b/crypto_kem/mceliece460896/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896/clean/aes256ctr.c b/crypto_kem/mceliece460896/clean/aes256ctr.c index 2c0cff7a..c36de1ad 100644 --- a/crypto_kem/mceliece460896/clean/aes256ctr.c +++ b/crypto_kem/mceliece460896/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896/sse/aes256ctr.c b/crypto_kem/mceliece460896/sse/aes256ctr.c index 46564503..691f5632 100644 --- a/crypto_kem/mceliece460896/sse/aes256ctr.c +++ b/crypto_kem/mceliece460896/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896/vec/aes256ctr.c b/crypto_kem/mceliece460896/vec/aes256ctr.c index 5c9c7537..d46abe14 100644 --- a/crypto_kem/mceliece460896/vec/aes256ctr.c +++ b/crypto_kem/mceliece460896/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896f/avx/aes256ctr.c b/crypto_kem/mceliece460896f/avx/aes256ctr.c index 344783b9..c7cbb3b2 100644 --- a/crypto_kem/mceliece460896f/avx/aes256ctr.c +++ b/crypto_kem/mceliece460896f/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896F_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896f/clean/aes256ctr.c b/crypto_kem/mceliece460896f/clean/aes256ctr.c index 51e86c49..88b3bfd8 100644 --- a/crypto_kem/mceliece460896f/clean/aes256ctr.c +++ b/crypto_kem/mceliece460896f/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896F_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896f/sse/aes256ctr.c b/crypto_kem/mceliece460896f/sse/aes256ctr.c index d8c0abb1..e3fb5bc9 100644 --- a/crypto_kem/mceliece460896f/sse/aes256ctr.c +++ b/crypto_kem/mceliece460896f/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896F_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece460896f/vec/aes256ctr.c b/crypto_kem/mceliece460896f/vec/aes256ctr.c index 5a821542..74189716 100644 --- a/crypto_kem/mceliece460896f/vec/aes256ctr.c +++ b/crypto_kem/mceliece460896f/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE460896F_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128/avx/aes256ctr.c b/crypto_kem/mceliece6688128/avx/aes256ctr.c index 3647ad8c..6944093d 100644 --- a/crypto_kem/mceliece6688128/avx/aes256ctr.c +++ b/crypto_kem/mceliece6688128/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128/clean/aes256ctr.c b/crypto_kem/mceliece6688128/clean/aes256ctr.c index 05f9c5ec..19c1da4b 100644 --- a/crypto_kem/mceliece6688128/clean/aes256ctr.c +++ b/crypto_kem/mceliece6688128/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128/sse/aes256ctr.c b/crypto_kem/mceliece6688128/sse/aes256ctr.c index a3cf1fdd..2d195c02 100644 --- a/crypto_kem/mceliece6688128/sse/aes256ctr.c +++ b/crypto_kem/mceliece6688128/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128/vec/aes256ctr.c b/crypto_kem/mceliece6688128/vec/aes256ctr.c index 211219ab..acfce88e 100644 --- a/crypto_kem/mceliece6688128/vec/aes256ctr.c +++ b/crypto_kem/mceliece6688128/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128f/avx/aes256ctr.c b/crypto_kem/mceliece6688128f/avx/aes256ctr.c index 7f4c0216..0fa8fb27 100644 --- a/crypto_kem/mceliece6688128f/avx/aes256ctr.c +++ b/crypto_kem/mceliece6688128f/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128F_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128f/clean/aes256ctr.c b/crypto_kem/mceliece6688128f/clean/aes256ctr.c index 3e694d8d..ad41e218 100644 --- a/crypto_kem/mceliece6688128f/clean/aes256ctr.c +++ b/crypto_kem/mceliece6688128f/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128F_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128f/sse/aes256ctr.c b/crypto_kem/mceliece6688128f/sse/aes256ctr.c index 12d22ca8..7ffac2bf 100644 --- a/crypto_kem/mceliece6688128f/sse/aes256ctr.c +++ b/crypto_kem/mceliece6688128f/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128F_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6688128f/vec/aes256ctr.c b/crypto_kem/mceliece6688128f/vec/aes256ctr.c index 5d6be812..a11ffa71 100644 --- a/crypto_kem/mceliece6688128f/vec/aes256ctr.c +++ b/crypto_kem/mceliece6688128f/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6688128F_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119/avx/aes256ctr.c b/crypto_kem/mceliece6960119/avx/aes256ctr.c index 971c665d..efec6375 100644 --- a/crypto_kem/mceliece6960119/avx/aes256ctr.c +++ b/crypto_kem/mceliece6960119/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119/clean/aes256ctr.c b/crypto_kem/mceliece6960119/clean/aes256ctr.c index edf604bf..71619768 100644 --- a/crypto_kem/mceliece6960119/clean/aes256ctr.c +++ b/crypto_kem/mceliece6960119/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119/sse/aes256ctr.c b/crypto_kem/mceliece6960119/sse/aes256ctr.c index c918f72c..542e3799 100644 --- a/crypto_kem/mceliece6960119/sse/aes256ctr.c +++ b/crypto_kem/mceliece6960119/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119/vec/aes256ctr.c b/crypto_kem/mceliece6960119/vec/aes256ctr.c index bb7af005..454406ac 100644 --- a/crypto_kem/mceliece6960119/vec/aes256ctr.c +++ b/crypto_kem/mceliece6960119/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119f/avx/aes256ctr.c b/crypto_kem/mceliece6960119f/avx/aes256ctr.c index aba3b74d..00b06a78 100644 --- a/crypto_kem/mceliece6960119f/avx/aes256ctr.c +++ b/crypto_kem/mceliece6960119f/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119F_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119f/clean/aes256ctr.c b/crypto_kem/mceliece6960119f/clean/aes256ctr.c index 83428054..ddd6af87 100644 --- a/crypto_kem/mceliece6960119f/clean/aes256ctr.c +++ b/crypto_kem/mceliece6960119f/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119F_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119f/sse/aes256ctr.c b/crypto_kem/mceliece6960119f/sse/aes256ctr.c index 93cfc48b..be3eca3c 100644 --- a/crypto_kem/mceliece6960119f/sse/aes256ctr.c +++ b/crypto_kem/mceliece6960119f/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119F_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece6960119f/vec/aes256ctr.c b/crypto_kem/mceliece6960119f/vec/aes256ctr.c index 1de198cf..d7aed0e0 100644 --- a/crypto_kem/mceliece6960119f/vec/aes256ctr.c +++ b/crypto_kem/mceliece6960119f/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE6960119F_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128/avx/aes256ctr.c b/crypto_kem/mceliece8192128/avx/aes256ctr.c index f26e16bd..49bc1995 100644 --- a/crypto_kem/mceliece8192128/avx/aes256ctr.c +++ b/crypto_kem/mceliece8192128/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128/clean/aes256ctr.c b/crypto_kem/mceliece8192128/clean/aes256ctr.c index 6521584b..e4863387 100644 --- a/crypto_kem/mceliece8192128/clean/aes256ctr.c +++ b/crypto_kem/mceliece8192128/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128/sse/aes256ctr.c b/crypto_kem/mceliece8192128/sse/aes256ctr.c index ec13d89f..e845015a 100644 --- a/crypto_kem/mceliece8192128/sse/aes256ctr.c +++ b/crypto_kem/mceliece8192128/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128/vec/aes256ctr.c b/crypto_kem/mceliece8192128/vec/aes256ctr.c index 70855acd..d00b89d9 100644 --- a/crypto_kem/mceliece8192128/vec/aes256ctr.c +++ b/crypto_kem/mceliece8192128/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128f/avx/aes256ctr.c b/crypto_kem/mceliece8192128f/avx/aes256ctr.c index aa49695c..1adbad7f 100644 --- a/crypto_kem/mceliece8192128f/avx/aes256ctr.c +++ b/crypto_kem/mceliece8192128f/avx/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128F_AVX_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128f/clean/aes256ctr.c b/crypto_kem/mceliece8192128f/clean/aes256ctr.c index b3e36ff7..2cf0bee7 100644 --- a/crypto_kem/mceliece8192128f/clean/aes256ctr.c +++ b/crypto_kem/mceliece8192128f/clean/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128F_CLEAN_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128f/sse/aes256ctr.c b/crypto_kem/mceliece8192128f/sse/aes256ctr.c index bc25c9d8..0c79ad92 100644 --- a/crypto_kem/mceliece8192128f/sse/aes256ctr.c +++ b/crypto_kem/mceliece8192128f/sse/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128F_SSE_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_kem/mceliece8192128f/vec/aes256ctr.c b/crypto_kem/mceliece8192128f/vec/aes256ctr.c index 38a96354..27577cd5 100644 --- a/crypto_kem/mceliece8192128f/vec/aes256ctr.c +++ b/crypto_kem/mceliece8192128f/vec/aes256ctr.c @@ -7,7 +7,7 @@ void PQCLEAN_MCELIECE8192128F_VEC_aes256ctr( const uint8_t key[AES256_KEYBYTES]) { aes256ctx state; - aes256_keyexp(&state, key); + aes256_ctr_keyexp(&state, key); aes256_ctr(out, outlen, nonce, &state); aes256_ctx_release(&state); } diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c index 61b65cfd..7270715c 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c index 89722fc5..c2c2ba78 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c index 9367e037..71f14fbd 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowIa-classic/clean/utils_prng.c b/crypto_sign/rainbowIa-classic/clean/utils_prng.c index fdfbe10b..5b6f3523 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_prng.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c index 54132ee0..8dbeef90 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c index 8f3b3fcd..18c2e5cf 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowVc-classic/clean/utils_prng.c b/crypto_sign/rainbowVc-classic/clean/utils_prng.c index 0c758c30..0803c451 100644 --- a/crypto_sign/rainbowVc-classic/clean/utils_prng.c +++ b/crypto_sign/rainbowVc-classic/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c index b8fb2638..78ed6219 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c index d390fa98..aee9b20e 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c @@ -14,7 +14,7 @@ static void prng_update(const unsigned char *provided_data, unsigned char *V) { unsigned char temp[48]; aes256ctx ctx; - aes256_keyexp(&ctx, Key); + aes256_ecb_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { @@ -51,7 +51,7 @@ static int randombytes_with_state(prng_t *state, int i = 0; aes256ctx ctx; - aes256_keyexp(&ctx, state->Key); + aes256_ecb_keyexp(&ctx, state->Key); while (xlen > 0) { //increment V diff --git a/test/common/nistkatrng.c b/test/common/nistkatrng.c index 96a3c032..761ddace 100644 --- a/test/common/nistkatrng.c +++ b/test/common/nistkatrng.c @@ -27,7 +27,7 @@ static void AES256_CTR_DRBG_Update(const uint8_t *provided_data, uint8_t *Key, u // buffer - a 128-bit ciphertext value static void AES256_ECB(uint8_t *key, uint8_t *ctr, uint8_t *buffer) { aes256ctx ctx; - aes256_keyexp(&ctx, key); + aes256_ecb_keyexp(&ctx, key); aes256_ecb(buffer, ctr, 1, &ctx); aes256_ctx_release(&ctx); } diff --git a/test/test_common/aes.c b/test/test_common/aes.c index 9209a42a..e332a194 100644 --- a/test/test_common/aes.c +++ b/test/test_common/aes.c @@ -51,54 +51,60 @@ int main(void) { unsigned char ct[67]; int r = 0; - aes128ctx ctx128; - aes192ctx ctx192; - aes256ctx ctx256; + aes128ctx ctx128_ecb, ctx128_ctr; + aes192ctx ctx192_ecb, ctx192_ctr; + aes256ctx ctx256_ecb, ctx256_ctr; - aes128_keyexp(&ctx128, key); - aes192_keyexp(&ctx192, key); - aes256_keyexp(&ctx256, key); + aes128_ecb_keyexp(&ctx128_ecb, key); + aes192_ecb_keyexp(&ctx192_ecb, key); + aes256_ecb_keyexp(&ctx256_ecb, key); + aes128_ctr_keyexp(&ctx128_ctr, key); + aes192_ctr_keyexp(&ctx192_ctr, key); + aes256_ctr_keyexp(&ctx256_ctr, key); - aes128_ctr(ct, 67, nonce, &ctx128); + aes128_ctr(ct, 67, nonce, &ctx128_ctr); if(memcmp(ct, stream128, 67)) { printf("ERROR AES128CTR output does not match test vector.\n"); r = 1; } - aes192_ctr(ct, 67, nonce, &ctx192); + aes192_ctr(ct, 67, nonce, &ctx192_ctr); if(memcmp(ct, stream192, 67)) { printf("ERROR AES192CTR output does not match test vector.\n"); r = 1; } - aes256_ctr(ct, 67, nonce, &ctx256); + aes256_ctr(ct, 67, nonce, &ctx256_ctr); if(memcmp(ct, stream256, 67)) { printf("ERROR AES256CTR output does not match test vector.\n"); r = 1; } - aes128_ecb(ct, msg, sizeof(msg) / AES_BLOCKBYTES, &ctx128); + aes128_ecb(ct, msg, sizeof(msg) / AES_BLOCKBYTES, &ctx128_ecb); if(memcmp(ct, ct128, 48)) { printf("ERROR AES128ECB output does not match test vector.\n"); r = 1; } - aes192_ecb(ct, msg, sizeof(msg) / AES_BLOCKBYTES, &ctx192); + aes192_ecb(ct, msg, sizeof(msg) / AES_BLOCKBYTES, &ctx192_ecb); if(memcmp(ct, ct192, 48)) { printf("ERROR AES192ECB output does not match test vector.\n"); r = 1; } - aes256_ecb(ct, msg, sizeof(msg) / AES_BLOCKBYTES, &ctx256); + aes256_ecb(ct, msg, sizeof(msg) / AES_BLOCKBYTES, &ctx256_ecb); if(memcmp(ct, ct256, 48)) { printf("ERROR AES256ECB output does not match test vector.\n"); r = 1; } - aes128_ctx_release(&ctx128); - aes192_ctx_release(&ctx192); - aes256_ctx_release(&ctx256); + aes128_ctx_release(&ctx128_ecb); + aes192_ctx_release(&ctx192_ecb); + aes256_ctx_release(&ctx256_ecb); + aes128_ctx_release(&ctx128_ctr); + aes192_ctx_release(&ctx192_ctr); + aes256_ctx_release(&ctx256_ctr); return r; }