int XORGate(GarbledCircuit *garbledCircuit, GarblingContext *garblingContext, int input0, int input1, int output) {
if(garbledCircuit->wires[input0].id == 0) {
printf("ERROR: Uninitialized input at wire 0 %d, gate %ld\n", input0, garblingContext->gateIndex);
}
if(garbledCircuit->wires[input1].id == 0) {
printf("ERROR: Uninitialized input at wire 1 %d, gate %ld\n", input1, garblingContext->gateIndex);
}
if(garbledCircuit->wires[output].id != 0) {
printf("ERROR: Reusing output at wire %d\n", output);
}
createNewWire(&(garbledCircuit->wires[output]), garblingContext, output);
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
GarbledGate *garbledGate = &(garbledCircuit->garbledGates[garblingContext->gateIndex]);
if (garbledGate->id != 0)
dbgs("Reusing a gate");
garbledGate->id = XOR_ID;
garbledGate->type = XORGATE;
garblingContext->gateIndex++;
garbledGate->input0 = input0;
garbledGate->input1 = input1;
garbledGate->output = output;
return 0;
}
int createInputLabels(InputLabels inputLabels, int n) {
int i;
block R = randomBlock();
*((short *) (&R)) = 1;
char temp[20];
char temp2[20];
long *tempS = temp + 10;
long *temp2S = temp2 + 10;
for (i = 0; i < 2 * n; i += 2) {
*((block *) temp) = randomBlock();
*((block *) temp2) = xorBlocks(*((block *)temp), R);
tempS[0] = 0;
temp2S[0] = 0;
/* temp[10] = '\0';
temp[11] = '\0';
temp[12] = '\0';
temp[13] = '\0';
temp[14] = '\0';
temp[15] = '\0';
temp2[10] = '\0';
temp2[11] = '\0';
temp2[12] = '\0';
temp2[13] = '\0';
temp2[14] = '\0';
temp2[15] = '\0';*/
inputLabels[i] = *((block *) temp);
inputLabels[i + 1] = *((block *) temp2);
}
return 0;
}
int fixedOneWire(GarbledCircuit *garbledCircuit,
GarblingContext *garblingContext) {
int ind = getNextWire(garblingContext);
garblingContext->fixedWires[ind] = FIXED_ONE_GATE;
Wire *wire = &garbledCircuit->wires[ind];
wire->id = ind;
wire->label0 = randomBlock();
wire->label1 = xorBlocks(garblingContext->R, wire->label0);
return ind;
}
int createInputLabels(InputLabels inputLabels, int n) {
int i;
block R = randomBlock();
*((short *) (&R)) = 1;
for (i = 0; i < 2 * n; i += 2) {
inputLabels[i] = randomBlock();
inputLabels[i + 1] = xorBlocks(R, inputLabels[i]);
}
return 0;
}
int fixedZeroWire(GarbledCircuit *garbledCircuit,
GarblingContext *garblingContext) {
int ind = getNextWire(garblingContext);
garblingContext->fixedWires[ind] = FIXED_ZERO_GATE;
Wire *wire = &garbledCircuit->wires[ind];
if (wire->id != 0)
printf("ERROR: Reusing output at wire %d\n", ind);
wire->id = ind;
wire->label0 = randomBlock();
wire->label1 = xorBlocks(garblingContext->R, wire->label0);
return ind;
}
int startBuilding(GarbledCircuit *garbledCircuit,
GarblingContext *garblingContext) {
garblingContext->gateIndex = 0;
garblingContext->tableIndex = 0;
garblingContext->wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
garblingContext->R =
xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garblingContext->fixedWires = (int *) malloc(
sizeof(int) * garbledCircuit->r);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext->dkCipherContext));
return 0;
}
/* Hash tweak to produce single-AES-wide block */
static void hashTweak (unsigned char outBlock[16],
const unsigned char T[16], int tweakBytes,
const unsigned char K1[], int k1Bits,
const unsigned char K3[16])
{
unsigned char K3i[16], TT[16];
int i, r;
if (tweakBytes == 0) {
aesBlock(outBlock, K1, k1Bits, K3, AES_ENCRYPT);
return;
}
r = (tweakBytes + 15) / 16;
memset (outBlock, 0, 16);
multByAlpha(K3i, K3); /* K3i holds shifted K3 */
for (i=1; i<=r-1; i++) {
memcpy (TT, I1(T,i), 16); /* Copy Ti to TT */
xorBlocks(TT, TT, K3i); /* TT = K3i xor Ti */
aesBlock(TT, K1, k1Bits, TT, AES_ENCRYPT); /* AES_enc(K1; K3i xor Ti) */
xorBlocks(TT, TT, K3i); /* TT = K3i xor AES_enc(K1; K3i xor Ti) */
xorBlocks(outBlock, outBlock, TT); /* Xor all TT's together */
multByAlpha(K3i, K3i);
}
if ((tweakBytes % 16)) { /* On partial final block */
padBlock(TT, I1(T,r), (tweakBytes % 16)); /* Pad partial block */
multByAlpha(K3i, K3i); /* And use an extra shift */
} else {
memcpy (TT, I1(T,r), 16); /* Copy Tr to TT */
}
xorBlocks(TT, TT, K3i); /* TT = K3i xor Ti */
aesBlock(TT, K1, k1Bits, TT, AES_ENCRYPT); /* AES_enc(K1; K3i xor Ti) */
xorBlocks(TT, TT, K3i); /* TT = K3i xor AES_enc(K1; K3i xor Ti) */
xorBlocks(outBlock, outBlock, TT); /* Xor all TT's together */
}
/* Main encryption function - encrypt or decrypt (depending on dir)
* plaintext P to ciphertext C using key K and tweak T. Note that P and C
* may point to the same buffer.
*/
void encdecEME2(unsigned char C[], const unsigned char K[], int keyBits,
const unsigned char T[], int tweakBytes,
const unsigned char P[], int lenBytes, int dir)
{
int i, m, lenPm, k1Bits;
unsigned char L[16], M[16], M1[16], MP[16], MC[16], MC1[16], MM[16];
unsigned char T_star[16], PPPm[16];
unsigned char *PPP, *CCC, *CCCm;
unsigned const char *K1, *K2, *K3;
/* Check parameter validity */
if ((keyBits != 384 && keyBits != 512) || (lenBytes < 16))
exit (1);
/* Split key into subkeys */
K3 = K;
K2 = K3 + 128/8;
K1 = K2 + 128/8;
k1Bits = keyBits - 256;
/* Intermediate results are safely overlaid on output buffer */
/* Except for last PPP and CCC which may not fit due to padding */
/* And which have their own buffer that they share */
PPP = C;
CCC = C;
CCCm = PPPm;
/* m is number of AES-width data blocks, lenPm is length of last block */
m = (lenBytes + 15) / 16;
lenPm = ((lenBytes-1) % 16) + 1;
hashTweak(T_star, T, tweakBytes, K1, k1Bits, K3);
memcpy (L, K2, 16); /* Set L as copy of K2 */
for (i=1; i<=m-1; i++) {
xorBlocks(I1(PPP,i), I1(P,i), L); /* PPi = 2**(i-1)*L xor Pi */
aesBlock(I1(PPP,i),
K1, k1Bits, I1(PPP,i), dir); /* PPPi = AES-enc(K1; PPi) */
multByAlpha(L, L); /* 2**i * L */
}
if (lenPm < 16) {
padBlock (PPPm, I1(P,m), lenPm);
} else if (m == 1) {
xorBlocks(I1(PPP,1), I1(P,1), L); /* PP1 = L xor Pi */
aesBlock(I1(PPP,1), K1, k1Bits, I1(PPP,1), dir);/* PPP1 = AES-enc(K1; PP1)*/
} else {
xorBlocks(PPPm, I1(P,m), L); /* PPi = 2**(m-1)*L xor Pi */
aesBlock(PPPm, K1, k1Bits, PPPm, dir); /* PPPi = AES-enc(K1; PPi) */
}
xorBlocks(MP, I1(PPP,1), T_star); /* MP = (xorSum PPPi) xor T_star */
for (i=2; i<=m-1; i++)
xorBlocks(MP, MP, I1(PPP,i));
if (m > 1)
xorBlocks(MP, MP, PPPm);
if (lenPm < 16) {
aesBlock(MM, K1, k1Bits, MP, dir); /* MM = AES-enc(K1; MP) */
aesBlock(MC, K1, k1Bits, MM, dir); /* MC = AES-enc(K1; MM) */
} else {
aesBlock(MC, K1, k1Bits, MP, dir); /* MC = AES-enc(K1; MP) */
}
memcpy (MC1, MC, 16); /* MC1 = MC */
xorBlocks(M1, MP, MC); /* M = M1 = MP xor MC */
memcpy (M, M1, 16);
for (i=2; i<=m-1; i++) {
if ((i-1) % 128 > 0) { /* Recalculate M every n^2 bits */
multByAlpha(M, M);
xorBlocks(I1(CCC,i), I1(PPP,i), M); /* CCCi = 2**(i-1)*M xor PPPi */
} else {
xorBlocks(MP, I1(PPP,i), M1); /* MP = PPPi xor M1 */
aesBlock(MC, K1, k1Bits, MP, dir); /* MC = AES-enc(k; MP) */
xorBlocks(M, MP, MC); /* M = MP xor MC */
xorBlocks(I1(CCC,i), MC, M1); /* CCCi = MC xor M1 */
}
}
if (lenPm < 16) {
/* Note that we compute the last ciphertext block here if it is short */
xorPartial(I1(C,m), I1(P,m), MM, lenPm); /* Cm = Pm ^ MM */
padBlock(CCCm, I1(C,m), lenPm); /* CCCm = pad(Cm) */
} else if ((m-1) % 128 > 0) {
multByAlpha(M, M);
xorBlocks(CCCm, PPPm, M); /* CCCm = 2**(m-1)*M xor PPPm */
} else if (m > 1) {
xorBlocks(MP, PPPm, M1); /* MP = PPPm xor M1 */
aesBlock(MC, K1, k1Bits, MP, dir); /* MC = AES-enc(k; MP) */
xorBlocks(CCCm, MC, M1); /* CCCm = MC xor M1 */
}
xorBlocks(I1(CCC,1), MC1, T_star); /* CCC1 = MC1 xor (xorSum CCCi) xor T_star */
for (i=2; i<=m-1; i++)
xorBlocks(I1(CCC,1), I1(CCC,1), I1(CCC,i));
if (m > 1)
xorBlocks(I1(CCC,1), I1(CCC,1), CCCm);
memcpy (L, K2, 16); /* Reset L as copy of K2 */
for (i=1; i<=m-1; i++) {
aesBlock(I1(CCC,i),
K1, k1Bits, I1(CCC,i), dir); /* CCi = AES-enc(K1; CCCi) */
xorBlocks(I1(C,i), I1(CCC,i), L); /* Ci = 2**(i-1)*L xor CCi */
multByAlpha(L, L);
}
if (lenPm == 16) {
/* Note that we computed the last ciphertext block above if it was short */
if (m == 1) {
aesBlock(I1(CCC,1), K1, k1Bits, I1(CCC,1), dir);/* CC1=AES-enc(K1;CCC1)*/
xorBlocks(I1(C,1), I1(CCC,1), L); /* C1 = L xor CC1 */
} else {
aesBlock(CCCm, K1, k1Bits, CCCm, dir); /* CCm = AES-enc(K1; CCCm) */
xorBlocks(I1(C,m), CCCm, L); /* Cm = 2**(m-1)*L xor CCm */
}
}
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels,
OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const block *sched = ((block *) (dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText, *cipherText;
block tweak;
long i, j, rnds = 10;
block blocks[4];
block keys[4];
long lsb0, lsb1;
int input0, input1, output;
srand_sse(time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for (i = 0; i < 2 * garbledCircuit->n; i += 2) {
garbledCircuit->wires[i / 2].label0 = inputLabels[i];
garbledCircuit->wires[i / 2].label1 = inputLabels[i + 1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key((unsigned char *) &rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *) (KR.rd_key));
garblingContext.R =
xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for (i = 0; i < garbledCircuit->q; i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0;
input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 =
xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 =
xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block val = _mm_xor_si128(tweak, sched[0]);
for (j = 1; j < rnds; j++)
val = _mm_aesenc_si128(val, sched2[j]);
garbledCircuit->wires[garbledGate->output].label0 =
_mm_aesenclast_si128(val, sched[j]);
garbledCircuit->wires[garbledGate->output].label1 =
xorBlocks(garblingContext.R,
garbledCircuit->wires[garbledGate->output].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(xorBlocks(A0, B0) , tweak);
keys[1] = xorBlocks(xorBlocks(A0,B1), tweak);
keys[2] = xorBlocks(xorBlocks(A1, B0), tweak);
keys[3] = xorBlocks(xorBlocks(A1, B1), tweak);
block *temp[2];
temp[0] = &garbledCircuit->wires[garbledGate->output].label0;
temp[1] = &garbledCircuit->wires[garbledGate->output].label1;
int bp = 0;
blocks[0] =
xorBlocks(keys[0], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[1] =
xorBlocks(keys[1], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[2] =
xorBlocks(keys[2], *(temp[(garbledGate->type & (1<<bp))>>bp]));
bp++;
blocks[3] =
xorBlocks(keys[3], *(temp[(garbledGate->type & (1<<bp))>>bp]));
write:
AES_ecb_encrypt_blks_4(keys, &(garblingContext.dkCipherContext.K));
garbledTable[tableIndex].table[2 * lsb0 + lsb1] =
xorBlocks(blocks[0], keys[0]);
garbledTable[tableIndex].table[2 * lsb0 + 1 - lsb1] =
xorBlocks(blocks[1], keys[1]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + lsb1] =
xorBlocks(blocks[2], keys[2]);
garbledTable[tableIndex].table[2 * (1 - lsb0) + (1 - lsb1)] =
xorBlocks(blocks[3], keys[3]);
tableIndex++;
}
for (i = 0; i < garbledCircuit->m; i++) {
outputMap[2 * i] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2 * i + 1] =
garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1, output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
input0 = garbledGate->input0; input1 = garbledGate->input1;
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
block mask[4]; block newToken;
mask[0] = keys[0];
mask[1] = keys[1];
mask[2] = keys[2];
mask[3] = keys[3];
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
mask[0] = xorBlocks(mask[0], keys[0]);
mask[1] = xorBlocks(mask[1],keys[1]);
mask[2] = xorBlocks(mask[2],keys[2]);
mask[3] = xorBlocks(mask[3],keys[3]);
if (2*lsb0 + lsb1 ==0)
newToken = mask[0];
if (2*lsb0 + 1-lsb1 ==0)
newToken = mask[1];
if (2*(1-lsb0) + lsb1 ==0)
newToken = mask[2];
if (2*(1-lsb0) + 1-lsb1 ==0)
newToken = mask[3];
block newToken2 = xorBlocks(garblingContext.R, newToken);
if (garbledGate->type == ANDGATE) {
if (lsb1 ==1 & lsb0 ==1) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == ORGATE) {
if (!(lsb1 ==0 & lsb0 ==0)) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == XORGATE) {
if ((lsb1 ==0 & lsb0 ==1) ||(lsb1 ==1 & lsb0 ==0) ) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
if (garbledGate->type == NOTGATE) {
if (lsb0 ==0) {
garbledCircuit->wires[garbledGate->output].label1 = newToken;
garbledCircuit->wires[garbledGate->output].label0 = newToken2;
}
else {
garbledCircuit->wires[garbledGate->output].label0 = newToken;
garbledCircuit->wires[garbledGate->output].label1 = newToken2;
}
}
block *label0 = &garbledCircuit->wires[garbledGate->output].label0;
block *label1 = &garbledCircuit->wires[garbledGate->output].label1;
if (garbledGate->type == ANDGATE) {
blocks[0] = *label0;
blocks[1] = *label0;
blocks[2] = *label0;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label1;
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = *label0;
blocks[1] = *label1;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = *label1;
blocks[1] = *label0;
blocks[2] = *label1;
blocks[3] = *label0;
goto write;
}
write:
if (2*lsb0 + lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + lsb1 -1] = xorBlocks(blocks[0], mask[0]);
if (2*lsb0 + 1-lsb1 !=0)
garbledTable[tableIndex].table[2*lsb0 + 1-lsb1-1] = xorBlocks(blocks[1], mask[1]);
if (2*(1-lsb0) + lsb1 !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + lsb1-1] = xorBlocks(blocks[2], mask[2]);
if (2*(1-lsb0) + (1-lsb1) !=0)
garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)-1] = xorBlocks(blocks[3], mask[3]);
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
long garbleCircuit(GarbledCircuit *garbledCircuit, InputLabels inputLabels, OutputMap outputMap) {
GarblingContext garblingContext;
GarbledGate *garbledGate;
GarbledTable *garbledTable;
DKCipherContext dkCipherContext;
const __m128i *sched = ((__m128i *)(dkCipherContext.K.rd_key));
block val;
block *A, *B, *plainText,*cipherText;
block tweak;
long a, b, i, j,rnds = 10;
block blocks[4];
block keys[4];
long lsb0,lsb1;
block keyToEncrypt;
int input0, input1,output;
srand_sse( time(NULL));
createInputLabels(inputLabels, garbledCircuit->n);
garbledCircuit->id = getFreshId();
for(i=0;i<2*garbledCircuit->n;i+=2) {
garbledCircuit->wires[i/2].id = i+1;
garbledCircuit->wires[i/2].label0 = inputLabels[i];
garbledCircuit->wires[i/2].label1 = inputLabels[i+1];
}
garbledTable = garbledCircuit->garbledTable;
garblingContext.gateIndex = 0;
garblingContext.wireIndex = garbledCircuit->n + 1;
block key = randomBlock();
block rkey = randomBlock();
AES_KEY KR;
AES_set_encrypt_key(&rkey, 128, &KR);
const __m128i *sched2 = ((__m128i *)(KR.rd_key));
garblingContext.R = xorBlocks(garbledCircuit->wires[0].label0, garbledCircuit->wires[0].label1);
garbledCircuit->globalKey = key;
DKCipherInit(&key, &(garblingContext.dkCipherContext));
int tableIndex = 0;
for(i=0; i< garbledCircuit->q;i++) {
garbledGate = &(garbledCircuit->garbledGates[i]);
input0 = garbledGate->input0; input1 = garbledGate->input1;
output = garbledGate->output;
#ifdef FREE_XOR
if (garbledGate->type == XORGATE) {
garbledCircuit->wires[output].label0 = xorBlocks(garbledCircuit->wires[input0].label0, garbledCircuit->wires[input1].label0);
garbledCircuit->wires[output].label1 = xorBlocks(garbledCircuit->wires[input0].label1, garbledCircuit->wires[input1].label0);
continue;
}
#endif
tweak = makeBlock(i, (long)0);
lsb0 = getLSB(garbledCircuit->wires[input0].label0);
lsb1 = getLSB(garbledCircuit->wires[input1].label0);
char templ[20];
char templ2[20];
block val = _mm_xor_si128 (tweak, sched[0]);
for (j=1; j<rnds; j++) val = _mm_aesenc_si128 (val,sched2[j]);
*((block*)templ) = _mm_aesenclast_si128 (val, sched[j]);
val = _mm_aesenclast_si128 (val, sched[j]);
*((block *)templ2) = xorBlocks(*((block *)templ), garblingContext.R);
TRUNCATE(templ);
TRUNCATE(templ2);
block *label0 = (block *)templ;
block *label1 = (block *)templ2;
garbledCircuit->wires[garbledGate->output].label0 = *((block*)templ);
garbledCircuit->wires[garbledGate->output].label1 = *((block*)templ2);
block A0, A1, B0, B1;
A0 = DOUBLE(garbledCircuit->wires[input0].label0);
A1 = DOUBLE(garbledCircuit->wires[input0].label1);
B0 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label0));
B1 = DOUBLE(DOUBLE(garbledCircuit->wires[input1].label1));
keys[0] = xorBlocks(A0, B0);
keys[0] = xorBlocks(keys[0], tweak);
keys[1] = xorBlocks(A0,B1);
keys[1] = xorBlocks(keys[1], tweak);
keys[2] = xorBlocks(A1, B0);
keys[2] = xorBlocks(keys[2], tweak);
keys[3] = xorBlocks(A1, B1);
keys[3] = xorBlocks(keys[3], tweak);
if (garbledGate->type == ANDGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label0);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == ORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label1);
goto write;
}
if (garbledGate->type == XORGATE) {
blocks[0] = xorBlocks(keys[0], *label0);
blocks[1] = xorBlocks(keys[1], *label1);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
if (garbledGate->type == NOTGATE) {
blocks[0] = xorBlocks(keys[0], *label1);
blocks[1] = xorBlocks(keys[1], *label0);
blocks[2] = xorBlocks(keys[2], *label1);
blocks[3] = xorBlocks(keys[3], *label0);
goto write;
}
write:
AES_ecb_encrypt_blks(keys, 4, &(garblingContext.dkCipherContext.K));
char toWrite[4][16];
char **dest[4];
*((block *) toWrite[0]) = xorBlocks(blocks[0], keys[0]);
*((block *) toWrite[1]) = xorBlocks(blocks[1], keys[1]);
*((block *) toWrite[2]) = xorBlocks(blocks[2], keys[2]);
*((block *) toWrite[3]) = xorBlocks(blocks[3], keys[3]);
short *cpsrc; short *cpdst;
cpsrc = (short *)toWrite[0];
cpdst = (short *)&garbledTable[tableIndex].table[2*lsb0 + lsb1];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[1];
cpdst = (short *)&garbledTable[tableIndex].table[2*(lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[2];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
cpsrc = (short *)toWrite[3];
cpdst = (short *)&garbledTable[tableIndex].table[2*(1-lsb0) + (1-lsb1)];
cpdst[0]=cpsrc[0];
cpdst[1]=cpsrc[1];
cpdst[2]=cpsrc[2];
cpdst[3]=cpsrc[3];
cpdst[4]=cpsrc[4];
tableIndex++;
}
for(i=0;i<garbledCircuit->m;i++) {
outputMap[2*i] = garbledCircuit->wires[garbledCircuit->outputs[i]].label0;
outputMap[2*i+1] = garbledCircuit->wires[garbledCircuit->outputs[i]].label1;
}
return 0;
}
int createNewWire(Wire *in, GarblingContext *garblingContext, int id) {
in->id = id; //getNextWire(garblingContext);
in->label0 = randomBlock();
in->label1 = xorBlocks(garblingContext->R, in->label0);
return 0;
}