emp-toolkit
garble_gate_standard.h
Go to the documentation of this file.
1 #ifndef LIBGARBLE_GARBLE_GATE_STANDARD_H
2 #define LIBGARBLE_GARBLE_GATE_STANDARD_H
3 
4 #include "garble.h"
5 #include "garble/aes.h"
6 
7 #include <assert.h>
8 #include <string.h>
9 
10 static inline void
11 garble_gate_eval_standard(garble_gate_type_e type, block A, block B, block *out,
12  const block *table, uint64_t idx, const AES_KEY *key)
13 {
14  if (type == GARBLE_GATE_XOR) {
15  *out = garble_xor(A, B);
16  } else {
17  block HA, HB, tmp, tweak, val;
18  int a, b;
19 
20  a = garble_lsb(A);
21  b = garble_lsb(B);
22 
23  HA = garble_double(A);
24  HB = garble_double(garble_double(B));
25 
26  tweak = garble_make_block(idx, (long) 0);
27  val = garble_xor(garble_xor(HA, HB), tweak);
28  tmp = a + b ? garble_xor(table[2*a+b-1], val) : val;
29  AES_ecb_encrypt_blks(&val, 1, key);
30 
31  *out = garble_xor(val, tmp);
32  }
33 }
34 
35 
36 static inline void
37 garble_gate_garble_standard(garble_gate_type_e type, block A0, block A1, block B0,
38  block B1, block *out0, block *out1, block delta,
39  block *table, uint64_t idx, const AES_KEY *key)
40 {
41 #ifdef DEBUG
42  if ((garble_equal(A0, garble_zero_block())
43  || garble_equal(A1, garble_zero_block())
44  || garble_equal(B0, garble_zero_block())
45  || garble_equal(B1, garble_zero_block()))
46  && g->type != GARBLE_GATE_NOT) {
47  abort();
48  }
49 #endif
50 
51  if (type == GARBLE_GATE_XOR) {
52  *out0 = garble_xor(A0, B0);
53  *out1 = garble_xor(*out0, delta);
54  } else {
55  block tweak, blocks[4], keys[4], mask[4];
56  block newToken, newToken2;
57  block *label0, *label1;
58  long lsb0, lsb1;
59 
60  tweak = garble_make_block(idx, (uint64_t) 0);
61  lsb0 = garble_lsb(A0);
62  lsb1 = garble_lsb(B0);
63 
64  A0 = garble_double(A0);
65  A1 = garble_double(A1);
66  B0 = garble_double(garble_double(B0));
67  B1 = garble_double(garble_double(B1));
68 
69  keys[0] = garble_xor(garble_xor(A0, B0), tweak);
70  keys[1] = garble_xor(garble_xor(A0, B1), tweak);
71  keys[2] = garble_xor(garble_xor(A1, B0), tweak);
72  keys[3] = garble_xor(garble_xor(A1, B1), tweak);
73  memcpy(mask, keys, sizeof mask);
74  AES_ecb_encrypt_blks(keys, 4, key);
75  mask[0] = garble_xor(mask[0], keys[0]);
76  mask[1] = garble_xor(mask[1], keys[1]);
77  mask[2] = garble_xor(mask[2], keys[2]);
78  mask[3] = garble_xor(mask[3], keys[3]);
79 
80  newToken = mask[2 * lsb0 + lsb1];
81  newToken2 = garble_xor(delta, newToken);
82  label0 = out0;
83  label1 = out1;
84 
85  if (lsb1 & lsb0) {
86  *label0 = newToken2;
87  *label1 = newToken;
88  } else {
89  *label0 = newToken;
90  *label1 = newToken2;
91  }
92  blocks[0] = *label0;
93  blocks[1] = *label0;
94  blocks[2] = *label0;
95  blocks[3] = *label1;
96 
97  if (2*lsb0 + lsb1 != 0)
98  table[2*lsb0 + lsb1 -1] = garble_xor(blocks[0], mask[0]);
99  if (2*lsb0 + 1-lsb1 != 0)
100  table[2*lsb0 + 1-lsb1-1] = garble_xor(blocks[1], mask[1]);
101  if (2*(1-lsb0) + lsb1 != 0)
102  table[2*(1-lsb0) + lsb1-1] = garble_xor(blocks[2], mask[2]);
103  if (2*(1-lsb0) + (1-lsb1) != 0)
104  table[2*(1-lsb0) + (1-lsb1)-1] = garble_xor(blocks[3], mask[3]);
105  }
106 }
107 
108 #endif
garble_lsb
#define garble_lsb(x)
Definition: block.h:15
garble_zero_block
#define garble_zero_block()
Definition: block.h:11
garble_make_block
#define garble_make_block(X, Y)
Definition: block.h:16
block
__m128i block
Definition: block.h:8
garble_equal
#define garble_equal(x, y)
Definition: block.h:12
GARBLE_GATE_XOR
Definition: garble.h:30
AES_KEY
Definition: aes.h:57
garble_gate_type_e
garble_gate_type_e
Definition: garble.h:25
garble_double
#define garble_double(B)
Definition: block.h:17
garble_xor
#define garble_xor(x, y)
Definition: block.h:10
GARBLE_GATE_NOT
Definition: garble.h:31