Utilities that help to implement masked ciphers. More...

#include "aead-random.h"

Data Structures
struct	mask_x2_uint16_t
	Masked 16-bit word with two shares. More...

struct	mask_x3_uint16_t
	Masked 16-bit word with three shares. More...

struct	mask_x4_uint16_t
	Masked 16-bit word with four shares. More...

struct	mask_x5_uint16_t
	Masked 16-bit word with five shares. More...

struct	mask_x6_uint16_t
	Masked 16-bit word with six shares. More...

struct	mask_x2_uint32_t
	Masked 32-bit word with two shares. More...

struct	mask_x3_uint32_t
	Masked 32-bit word with three shares. More...

struct	mask_x4_uint32_t
	Masked 32-bit word with four shares. More...

struct	mask_x5_uint32_t
	Masked 32-bit word with five shares. More...

struct	mask_x6_uint32_t
	Masked 32-bit word with six shares. More...

struct	mask_x2_uint64_t
	Masked 64-bit word with two shares. More...

struct	mask_x3_uint64_t
	Masked 64-bit word with three shares. More...

struct	mask_x4_uint64_t
	Masked 64-bit word with four shares. More...

struct	mask_x5_uint64_t
	Masked 64-bit word with five shares. More...

struct	mask_x6_uint64_t
	Masked 64-bit word with six shares. More...

Macros
#define	AEAD_MASKING_SHARES 4
	Sets the default number of shares for the masked word operations. More...

#define	AEAD_MASKING_KEY_ONLY 0
	Degree of masking to apply to AEAD modes. More...

#define	mask_x2_input(value, input)
	Masks an input value to produce a 2-share masked word. More...

#define	mask_x2_output(value) ((value).a ^ (value).b)
	Unmasks a 2-share masked word to produce an output value. More...

#define	mask_x2_zero(value)
	Sets all shares of a 2-share word to zero. More...

#define	mask_x2_xor_const(value, cvalue)
	Adds a constant to a 2-share masked word. More...

#define	mask_x2_xor(value1, value2)
	XOR's two 2-share masked words. More...

#define	mask_x2_xor3(value1, value2, value3)
	XOR's three 2-share masked words. More...

#define	mask_x2_not(value)
	NOT's a 2-share masked word. More...

#define	mask_x2_and(value1, value2, value3)
	AND's two 2-share masked words and XOR's the result with another word. More...

#define	mask_x2_and_not(value1, value2, value3)
	AND's two 2-share masked words and XOR's the result with another word, where the first input word is inverted. More...

#define	mask_x2_or(value1, value2, value3)
	OR's two 2-share masked words and XOR's the result with another word. More...

#define	mask_x2_shl(value1, value2, bits)
	Performs a left shift on a 2-share masked word. More...

#define	mask_x2_shr(value1, value2, bits)
	Performs a right shift on a 2-share masked word. More...

#define	mask_x2_rol(value1, value2, bits)
	Performs a left rotate on a 2-share masked word. More...

#define	mask_x2_ror(value1, value2, bits)
	Performs a right rotate on a 2-share masked word. More...

#define	mask_x2_swap(value1, value2)
	Performs a swap on two 2-share masked words. More...

#define	mask_swap_move_internal(a, b, mask, shift)

#define	mask_x2_swap_move(value1, value2, mask, shift)
	Performs a swap and move on two 2-share masked words. More...

#define	mask_x3_input(value, input)
	Masks an input value to produce a 3-share masked word. More...

#define	mask_x3_output(value) ((value).a ^ (value).b ^ (value).c)
	Unmasks a 3-share masked word to produce an output value. More...

#define	mask_x3_zero(value)
	Sets all shares of a 3-share word to zero. More...

#define	mask_x3_xor_const(value, cvalue)
	Adds a constant to a 3-share masked word. More...

#define	mask_x3_xor(value1, value2)
	XOR's two 3-share masked words. More...

#define	mask_x3_xor3(value1, value2, value3)
	XOR's three 3-share masked words. More...

#define	mask_x3_not(value)
	NOT's a 3-share masked word. More...

#define	mask_x3_and(value1, value2, value3)
	AND's two 3-share masked words and XOR's the result with another word. More...

#define	mask_x3_and_not(value1, value2, value3)
	AND's two 3-share masked words and XOR's the result with another word, where the first input word is inverted. More...

#define	mask_x3_or(value1, value2, value3)
	OR's two 3-share masked words and XOR's the result with another word. More...

#define	mask_x3_shl(value1, value2, bits)
	Performs a left shift on a 3-share masked word. More...

#define	mask_x3_shr(value1, value2, bits)
	Performs a right shift on a 3-share masked word. More...

#define	mask_x3_rol(value1, value2, bits)
	Performs a left rotate on a 3-share masked word. More...

#define	mask_x3_ror(value1, value2, bits)
	Performs a right rotate on a 3-share masked word. More...

#define	mask_x3_swap(value1, value2)
	Performs a swap on two 3-share masked words. More...

#define	mask_x3_swap_move(value1, value2, mask, shift)
	Performs a swap and move on two 3-share masked words. More...

#define	mask_x4_input(value, input)
	Masks an input value to produce a 4-share masked word. More...

#define	mask_x4_output(value) ((value).a ^ (value).b ^ (value).c ^ (value).d)
	Unmasks a 4-share masked word to produce an output value. More...

#define	mask_x4_zero(value)
	Sets all shares of a 4-share word to zero. More...

#define	mask_x4_xor_const(value, cvalue)
	Adds a constant to a 4-share masked word. More...

#define	mask_x4_xor(value1, value2)
	XOR's two 4-share masked words. More...

#define	mask_x4_xor3(value1, value2, value3)
	XOR's three 4-share masked words. More...

#define	mask_x4_not(value)
	NOT's a 4-share masked word. More...

#define	mask_x4_and(value1, value2, value3)
	AND's two 4-share masked words and XOR's the result with another word. More...

#define	mask_x4_and_not(value1, value2, value3)
	AND's two 4-share masked words and XOR's the result with another word, where the first input word is inverted. More...

#define	mask_x4_or(value1, value2, value3)
	OR's two 4-share masked words and XOR's the result with another word. More...

#define	mask_x4_shl(value1, value2, bits)
	Performs a left shift on a 4-share masked word. More...

#define	mask_x4_shr(value1, value2, bits)
	Performs a right shift on a 4-share masked word. More...

#define	mask_x4_rol(value1, value2, bits)
	Performs a left rotate on a 4-share masked word. More...

#define	mask_x4_ror(value1, value2, bits)
	Performs a right rotate on a 4-share masked word. More...

#define	mask_x4_swap(value1, value2)
	Performs a swap on two 4-share masked words. More...

#define	mask_x4_swap_move(value1, value2, mask, shift)
	Performs a swap and move on two 4-share masked words. More...

#define	mask_x5_input(value, input)
	Masks an input value to produce a 5-share masked word. More...

#define	mask_x5_output(value) ((value).a ^ (value).b ^ (value).c ^ (value).d ^ (value).e)
	Unmasks a 5-share masked word to produce an output value. More...

#define	mask_x5_zero(value)
	Sets all shares of a 5-share word to zero. More...

#define	mask_x5_xor_const(value, cvalue)
	Adds a constant to a 5-share masked word. More...

#define	mask_x5_xor(value1, value2)
	XOR's two 5-share masked words. More...

#define	mask_x5_xor3(value1, value2, value3)
	XOR's three 5-share masked words. More...

#define	mask_x5_not(value)
	NOT's a 5-share masked word. More...

#define	mask_x5_and(value1, value2, value3)
	AND's two 5-share masked words and XOR's the result with another word. More...

#define	mask_x5_and_not(value1, value2, value3)
	AND's two 5-share masked words and XOR's the result with another word, where the first input word is inverted. More...

#define	mask_x5_or(value1, value2, value3)
	OR's two 5-share masked words and XOR's the result with another word. More...

#define	mask_x5_shl(value1, value2, bits)
	Performs a left shift on a 5-share masked word. More...

#define	mask_x5_shr(value1, value2, bits)
	Performs a right shift on a 5-share masked word. More...

#define	mask_x5_rol(value1, value2, bits)
	Performs a left rotate on a 5-share masked word. More...

#define	mask_x5_ror(value1, value2, bits)
	Performs a right rotate on a 5-share masked word. More...

#define	mask_x5_swap(value1, value2)
	Performs a swap on two 5-share masked words. More...

#define	mask_x5_swap_move(value1, value2, mask, shift)
	Performs a swap and move on two 5-share masked words. More...

#define	mask_x6_input(value, input)
	Masks an input value to produce a 6-share masked word. More...

#define	mask_x6_output(value) ((value).a ^ (value).b ^ (value).c ^ (value).d ^ (value).e ^ (value).f)
	Unmasks a 6-share masked word to produce an output value. More...

#define	mask_x6_zero(value)
	Sets all shares of a 6-share word to zero. More...

#define	mask_x6_xor_const(value, cvalue)
	Adds a constant to a 6-share masked word. More...

#define	mask_x6_xor(value1, value2)
	XOR's two 6-share masked words. More...

#define	mask_x6_xor3(value1, value2, value3)
	XOR's three 6-share masked words. More...

#define	mask_x6_not(value)
	NOT's a 6-share masked word. More...

#define	mask_x6_and(value1, value2, value3)
	AND's two 6-share masked words and XOR's the result with another word. More...

#define	mask_x6_and_not(value1, value2, value3)
	AND's two 6-share masked words and XOR's the result with another word, where the first input word is inverted. More...

#define	mask_x6_or(value1, value2, value3)
	OR's two 6-share masked words and XOR's the result with another word. More...

#define	mask_x6_shl(value1, value2, bits)
	Performs a left shift on a 6-share masked word. More...

#define	mask_x6_shr(value1, value2, bits)
	Performs a right shift on a 6-share masked word. More...

#define	mask_x6_rol(value1, value2, bits)
	Performs a left rotate on a 6-share masked word. More...

#define	mask_x6_ror(value1, value2, bits)
	Performs a right rotate on a 6-share masked word. More...

#define	mask_x6_swap(value1, value2)
	Performs a swap on two 6-share masked words. More...

#define	mask_x6_swap_move(value1, value2, mask, shift)
	Performs a swap and move on two 6-share masked words. More...

#define	mask_input(value, input) mask_x4_input((value), (input))
	Masks an input value to produce a generic masked word. More...

#define	mask_output(value) mask_x4_output((value))
	Unmasks a generic masked word to produce an output value. More...

#define	mask_zero(value) mask_x4_zero((value))
	Sets all shares of a generic masked word to zero. More...

#define	mask_xor_const(value, cvalue) mask_x4_xor_const((value), (cvalue))
	Adds a constant to a generic masked word. More...

#define	mask_xor(value1, value2) mask_x4_xor((value1), (value2))
	XOR's two generic masked words. More...

#define	mask_xor3(value1, value2, value3) mask_x4_xor3((value1), (value2), (value3))
	XOR's three generic masked words. More...

#define	mask_not(value) mask_x4_not((value))
	NOT's a generic masked word. More...

#define	mask_and(value1, value2, value3) mask_x4_and((value1), (value2), (value3))
	AND's two generic masked words and XOR's the result with another word. More...

#define	mask_and_not(value1, value2, value3) mask_x4_and_not((value1), (value2), (value3))
	AND's two generic masked words and XOR's the result with another word, where the first input word is inverted. More...

#define	mask_or(value1, value2, value3) mask_x4_or((value1), (value2), (value3))
	OR's two generic masked words and XOR's the result with another word. More...

#define	mask_shl(value1, value2, bits) mask_x4_shl((value1), (value2), (bits))
	Performs a left shift on a generic masked word. More...

#define	mask_shr(value1, value2, bits) mask_x4_shr((value1), (value2), (bits))
	Performs a right shift on a generic masked word. More...

#define	mask_rol(value1, value2, bits) mask_x4_rol((value1), (value2), (bits))
	Performs a left rotate on a generic masked word. More...

#define	mask_ror(value1, value2, bits) mask_x4_ror((value1), (value2), (bits))
	Performs a right rotate on a generic masked word. More...

#define	mask_swap(value1, value2) mask_x4_swap((value1), (value2))
	Performs a swap on two generic masked words. More...

#define	mask_swap_move(value1, value2, mask, shift) mask_x4_swap_move((value1), (value2), (mask), (shift))
	Performs a swap and move on two generic masked words. More...

Typedefs
typedef mask_x4_uint16_t	mask_uint16_t
	Generic masked 16-bit word.

typedef mask_x4_uint32_t	mask_uint32_t
	Generic masked 32-bit word.

typedef mask_x4_uint64_t	mask_uint64_t
	Generic masked 64-bit word.

Detailed Description

Utilities that help to implement masked ciphers.

See masking.dox for more information on the definitions in this file.

Macro Definition Documentation

#define AEAD_MASKING_KEY_ONLY 0

Degree of masking to apply to AEAD modes.

Permutation-based AEAD modes typically absorb the key and nonce in the first block and then no longer have any use for the key. If the goal of the masking is to protect the key, then masking may not be required for the remaining block operations once the key has been randomized by combining it with the nonce.

Define this macro to 1 to only mask block operations that involve the key. Define this macro to 0 to mask all block operations regardless. The default is 0 because it is safer, albeit slower.

#define AEAD_MASKING_SHARES 4

Sets the default number of shares for the masked word operations.

This value should be between 2 and 6. If left undefined, the default is 4.

#define mask_and	(	value1,
		value2,
		value3
	)	mask_x4_and((value1), (value2), (value3))

AND's two generic masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x4_uint32_t, then "temp" must be of type uint32_t.

#define mask_and_not	(	value1,
		value2,
		value3
	)	mask_x4_and_not((value1), (value2), (value3))

AND's two generic masked words and XOR's the result with another word, where the first input word is inverted.

Parameters

value1	The destination masked word.
value2	The first masked word argument to be inverted.
value3	The second masked word argument.

This function performs "value1 ^= ((~value2) & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_input	(	value,
		input
	)	mask_x4_input((value), (input))

Masks an input value to produce a generic masked word.

Parameters

value	The masked word on output.
input	The input value to be masked.

#define mask_not ( value ) mask_x4_not((value))

NOT's a generic masked word.

Parameters

value The masked word to NOT.

Equivalent to adding the all-1's constant to the masked word.

#define mask_or	(	value1,
		value2,
		value3
	)	mask_x4_or((value1), (value2), (value3))

OR's two generic masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 | value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x4_uint32_t, then "temp" must be of type uint32_t.

#define mask_output ( value ) mask_x4_output((value))

Unmasks a generic masked word to produce an output value.

Parameters

value The masked word.

Returns: The unmasked version of value.

#define mask_rol	(	value1,
		value2,
		bits
	)	mask_x4_rol((value1), (value2), (bits))

Performs a left rotate on a generic masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_ror	(	value1,
		value2,
		bits
	)	mask_x4_ror((value1), (value2), (bits))

Performs a right rotate on a generic masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_shl	(	value1,
		value2,
		bits
	)	mask_x4_shl((value1), (value2), (bits))

Performs a left shift on a generic masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_shr	(	value1,
		value2,
		bits
	)	mask_x4_shr((value1), (value2), (bits))

Performs a right shift on a generic masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_swap	(	value1,
		value2
	)	mask_x4_swap((value1), (value2))

Performs a swap on two generic masked words.

Parameters

value1	The first masked word.
value2	The second masked word.

#define mask_swap_move	(	value1,
		value2,
		mask,
		shift
	)	mask_x4_swap_move((value1), (value2), (mask), (shift))

Performs a swap and move on two generic masked words.

Parameters

value1	The first masked word.
value2	The second masked word.
mask	The mask to extract the bits to move.
shift	The number of bits to move by.

#define mask_swap_move_internal	(	a,
		b,
		mask,
		shift
	)

Value:

do { \
        temp = ((b) ^ ((a) >> (shift))) & (mask); \
        (b) ^= temp; \
        (a) ^= temp << (shift); \
    } while (0)

@cond mask_swap_move

#define mask_x2_and	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a & (value3).a); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        (value1).b ^= ((value2).b & (value3).b); \
    } while (0)

AND's two 2-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_x2_and_not	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((~(value2).a) & (value3).a); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        (value1).b ^= ((value2).b & (value3).b); \
    } while (0)

AND's two 2-share masked words and XOR's the result with another word, where the first input word is inverted.

Parameters

value1	The destination masked word.
value2	The first masked word argument to be inverted.
value3	The second masked word argument.

This function performs "value1 ^= ((~value2) & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_x2_input	(	value,
		input
	)

Value:

do { \
        if (sizeof((value).b) <= 4) \
            (value).b = aead_random_generate_32(); \
        else \
            (value).b = aead_random_generate_64(); \
        (value).a = (input) ^ (value).b; \
    } while (0)

Masks an input value to produce a 2-share masked word.

Parameters

value	The masked word on output.
input	The input value to be masked.

#define mask_x2_not ( value )

Value:

do { \
        (value).a = ~((value).a); \
    } while (0)

NOT's a 2-share masked word.

Parameters

value The masked word to NOT.

Equivalent to adding the all-1's constant to the masked word.

#define mask_x2_or	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a) | ((value3).a); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        (value1).b ^= ((value2).b & (value3).b); \
    } while (0)

OR's two 2-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 | value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_x2_output ( value ) ((value).a ^ (value).b)

Unmasks a 2-share masked word to produce an output value.

Parameters

value The masked word.

Returns: The unmasked version of value.

#define mask_x2_rol	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a << (bits)) | \
                     ((value2).a >> (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b << (bits)) | \
                     ((value2).b >> (sizeof((value1).b) * 8 - (bits))); \
    } while (0)

Performs a left rotate on a 2-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x2_ror	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a >> (bits)) | \
                     ((value2).a << (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b >> (bits)) | \
                     ((value2).b << (sizeof((value1).b) * 8 - (bits))); \
    } while (0)

Performs a right rotate on a 2-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x2_shl	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a << (bits); \
        (value1).b = (value2).b << (bits); \
    } while (0)

Performs a left shift on a 2-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x2_shr	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a >> (bits); \
        (value1).b = (value2).b >> (bits); \
    } while (0)

Performs a right shift on a 2-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x2_swap	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value2).a ^= (value1).a; \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value2).b ^= (value1).b; \
        (value1).b ^= (value2).b; \
    } while (0)

Performs a swap on two 2-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.

#define mask_x2_swap_move	(	value1,
		value2,
		mask,
		shift
	)

Value:

do { \
        mask_swap_move_internal((value1).a, (value2).a, (mask), (shift)); \
        mask_swap_move_internal((value1).b, (value2).b, (mask), (shift)); \
    } while (0)

Performs a swap and move on two 2-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.
mask	The mask to extract the bits to move.
shift	The number of bits to move by.

#define mask_x2_xor	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
    } while (0)

XOR's two 2-share masked words.

Parameters

value1	The destination masked word.
value2	The source masked word.

This function performs "value1 ^= value2".

#define mask_x2_xor3	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a ^ (value3).a); \
        (value1).b ^= ((value2).b ^ (value3).b); \
    } while (0)

XOR's three 2-share masked words.

Parameters

value1	The destination masked word.
value2	The first source masked word.
value3	The second source masked word.

This function performs "value1 ^= (value2 ^ value3)".

#define mask_x2_xor_const	(	value,
		cvalue
	)

Value:

do { \
        (value).a ^= (cvalue); \
    } while (0)

Adds a constant to a 2-share masked word.

Parameters

value	The masked word.
cvalue	The constant value to add using XOR.

This function performs "value ^= cvalue" where "cvalue" is a constant or external data value rather than another masked word.

#define mask_x2_zero ( value )

Value:

do { \
        (value).a = 0; \
        (value).b = 0; \
    } while (0)

Sets all shares of a 2-share word to zero.

Parameters

value The masked word to set to zero.

#define mask_x3_and	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a & (value3).a); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        (value1).c ^= ((value2).c & (value3).c); \
    } while (0)

AND's two 3-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x3_uint32_t, then "temp" must be of type uint32_t.

#define mask_x3_and_not	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((~(value2).a) & (value3).a); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        (value1).c ^= ((value2).c & (value3).c); \
    } while (0)

AND's two 3-share masked words and XOR's the result with another word, where the first input word is inverted.

Parameters

value1	The destination masked word.
value2	The first masked word argument to be inverted.
value3	The second masked word argument.

This function performs "value1 ^= ((~value2) & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_x3_input	(	value,
		input
	)

Value:

do { \
        if (sizeof((value).b) <= 4) { \
            (value).b = aead_random_generate_32(); \
            (value).c = aead_random_generate_32(); \
        } else { \
            (value).b = aead_random_generate_64(); \
            (value).c = aead_random_generate_64(); \
        } \
        (value).a = (input) ^ (value).b ^ (value).c; \
    } while (0)

Masks an input value to produce a 3-share masked word.

Parameters

value	The masked word on output.
input	The input value to be masked.

#define mask_x3_not ( value )

Value:

do { \
        (value).a = ~((value).a); \
    } while (0)

NOT's a 3-share masked word.

Parameters

value The masked word to NOT.

Equivalent to adding the all-1's constant to the masked word.

#define mask_x3_or	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a | (value3).a); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        (value1).c ^= ((value2).c & (value3).c); \
    } while (0)

OR's two 3-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 | value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x3_uint32_t, then "temp" must be of type uint32_t.

#define mask_x3_output ( value ) ((value).a ^ (value).b ^ (value).c)

Unmasks a 3-share masked word to produce an output value.

Parameters

value The masked word.

Returns: The unmasked version of value.

#define mask_x3_rol	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a << (bits)) | \
                     ((value2).a >> (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b << (bits)) | \
                     ((value2).b >> (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c << (bits)) | \
                     ((value2).c >> (sizeof((value1).c) * 8 - (bits))); \
    } while (0)

Performs a left rotate on a 3-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x3_ror	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a >> (bits)) | \
                     ((value2).a << (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b >> (bits)) | \
                     ((value2).b << (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c >> (bits)) | \
                     ((value2).c << (sizeof((value1).c) * 8 - (bits))); \
    } while (0)

Performs a right rotate on a 3-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x3_shl	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a << (bits); \
        (value1).b = (value2).b << (bits); \
        (value1).c = (value2).c << (bits); \
    } while (0)

Performs a left shift on a 3-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x3_shr	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a >> (bits); \
        (value1).b = (value2).b >> (bits); \
        (value1).c = (value2).c >> (bits); \
    } while (0)

Performs a right shift on a 3-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x3_swap	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value2).a ^= (value1).a; \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value2).b ^= (value1).b; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
        (value2).c ^= (value1).c; \
        (value1).c ^= (value2).c; \
    } while (0)

Performs a swap on two 3-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.

#define mask_x3_swap_move	(	value1,
		value2,
		mask,
		shift
	)

Value:

do { \
        mask_swap_move_internal((value1).a, (value2).a, (mask), (shift)); \
        mask_swap_move_internal((value1).b, (value2).b, (mask), (shift)); \
        mask_swap_move_internal((value1).c, (value2).c, (mask), (shift)); \
    } while (0)

Performs a swap and move on two 3-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.
mask	The mask to extract the bits to move.
shift	The number of bits to move by.

#define mask_x3_xor	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
    } while (0)

XOR's two 3-share masked words.

Parameters

value1	The destination masked word.
value2	The source masked word.

This function performs "value1 ^= value2".

#define mask_x3_xor3	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a ^ (value3).a); \
        (value1).b ^= ((value2).b ^ (value3).b); \
        (value1).c ^= ((value2).c ^ (value3).c); \
    } while (0)

XOR's three 3-share masked words.

Parameters

value1	The destination masked word.
value2	The first source masked word.
value3	The second source masked word.

This function performs "value1 ^= (value2 ^ value3)".

#define mask_x3_xor_const	(	value,
		cvalue
	)

Value:

do { \
        (value).a ^= (cvalue); \
    } while (0)

Adds a constant to a 3-share masked word.

Parameters

value	The masked word.
cvalue	The constant value to add using XOR.

This function performs "value ^= cvalue" where "cvalue" is a constant or external data value rather than another masked word.

#define mask_x3_zero ( value )

Value:

do { \
        (value).a = 0; \
        (value).b = 0; \
        (value).c = 0; \
    } while (0)

Sets all shares of a 3-share word to zero.

Parameters

value The masked word to set to zero.

#define mask_x4_and	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a & (value3).a); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).c ^= ((value2).c & (value3).c); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).d ^= ((value2).d & (value3).d); \
    } while (0)

AND's two 4-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x4_uint32_t, then "temp" must be of type uint32_t.

#define mask_x4_and_not	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((~(value2).a) & (value3).a); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).c ^= ((value2).c & (value3).c); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).d ^= ((value2).d & (value3).d); \
    } while (0)

AND's two 4-share masked words and XOR's the result with another word, where the first input word is inverted.

Parameters

value1	The destination masked word.
value2	The first masked word argument to be inverted.
value3	The second masked word argument.

This function performs "value1 ^= ((~value2) & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_x4_input	(	value,
		input
	)

Value:

do { \
        if (sizeof((value).b) <= 4) { \
            (value).b = aead_random_generate_32(); \
            (value).c = aead_random_generate_32(); \
            (value).d = aead_random_generate_32(); \
        } else { \
            (value).b = aead_random_generate_64(); \
            (value).c = aead_random_generate_64(); \
            (value).d = aead_random_generate_64(); \
        } \
        (value).a = (input) ^ (value).b ^ (value).c ^ (value).d; \
    } while (0)

Masks an input value to produce a 4-share masked word.

Parameters

value	The masked word on output.
input	The input value to be masked.

#define mask_x4_not ( value )

Value:

do { \
        (value).a = ~((value).a); \
    } while (0)

NOT's a 4-share masked word.

Parameters

value The masked word to NOT.

Equivalent to adding the all-1's constant to the masked word.

#define mask_x4_or	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a | (value3).a); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).c ^= ((value2).c & (value3).c); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).d, (value2).d, (value3).d); \
        (value1).d ^= ((value2).d & (value3).d); \
    } while (0)

OR's two 4-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 | value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x4_uint32_t, then "temp" must be of type uint32_t.

#define mask_x4_output ( value ) ((value).a ^ (value).b ^ (value).c ^ (value).d)

Unmasks a 4-share masked word to produce an output value.

Parameters

value The masked word.

Returns: The unmasked version of value.

#define mask_x4_rol	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a << (bits)) | \
                     ((value2).a >> (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b << (bits)) | \
                     ((value2).b >> (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c << (bits)) | \
                     ((value2).c >> (sizeof((value1).c) * 8 - (bits))); \
        (value1).d = ((value2).d << (bits)) | \
                     ((value2).d >> (sizeof((value1).d) * 8 - (bits))); \
    } while (0)

Performs a left rotate on a 4-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x4_ror	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a >> (bits)) | \
                     ((value2).a << (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b >> (bits)) | \
                     ((value2).b << (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c >> (bits)) | \
                     ((value2).c << (sizeof((value1).c) * 8 - (bits))); \
        (value1).d = ((value2).d >> (bits)) | \
                     ((value2).d << (sizeof((value1).d) * 8 - (bits))); \
    } while (0)

Performs a right rotate on a 4-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x4_shl	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a << (bits); \
        (value1).b = (value2).b << (bits); \
        (value1).c = (value2).c << (bits); \
        (value1).d = (value2).d << (bits); \
    } while (0)

Performs a left shift on a 4-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x4_shr	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a >> (bits); \
        (value1).b = (value2).b >> (bits); \
        (value1).c = (value2).c >> (bits); \
        (value1).d = (value2).d >> (bits); \
    } while (0)

Performs a right shift on a 4-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x4_swap	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value2).a ^= (value1).a; \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value2).b ^= (value1).b; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
        (value2).c ^= (value1).c; \
        (value1).c ^= (value2).c; \
        (value1).d ^= (value2).d; \
        (value2).d ^= (value1).d; \
        (value1).d ^= (value2).d; \
    } while (0)

Performs a swap on two 4-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.

#define mask_x4_swap_move	(	value1,
		value2,
		mask,
		shift
	)

Value:

do { \
        mask_swap_move_internal((value1).a, (value2).a, (mask), (shift)); \
        mask_swap_move_internal((value1).b, (value2).b, (mask), (shift)); \
        mask_swap_move_internal((value1).c, (value2).c, (mask), (shift)); \
        mask_swap_move_internal((value1).d, (value2).d, (mask), (shift)); \
    } while (0)

Performs a swap and move on two 4-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.
mask	The mask to extract the bits to move.
shift	The number of bits to move by.

#define mask_x4_xor	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
        (value1).d ^= (value2).d; \
    } while (0)

XOR's two 4-share masked words.

Parameters

value1	The destination masked word.
value2	The source masked word.

This function performs "value1 ^= value2".

#define mask_x4_xor3	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a ^ (value3).a); \
        (value1).b ^= ((value2).b ^ (value3).b); \
        (value1).c ^= ((value2).c ^ (value3).c); \
        (value1).d ^= ((value2).d ^ (value3).d); \
    } while (0)

XOR's three 4-share masked words.

Parameters

value1	The destination masked word.
value2	The first source masked word.
value3	The second source masked word.

This function performs "value1 ^= (value2 ^ value3)".

#define mask_x4_xor_const	(	value,
		cvalue
	)

Value:

do { \
        (value).a ^= (cvalue); \
    } while (0)

Adds a constant to a 4-share masked word.

Parameters

value	The masked word.
cvalue	The constant value to add using XOR.

This function performs "value ^= cvalue" where "cvalue" is a constant or external data value rather than another masked word.

#define mask_x4_zero ( value )

Value:

do { \
        (value).a = 0; \
        (value).b = 0; \
        (value).c = 0; \
        (value).d = 0; \
    } while (0)

Sets all shares of a 4-share word to zero.

Parameters

value The masked word to set to zero.

#define mask_x5_and	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a & (value3).a); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).a, (value2).a, (value3).a, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).c ^= ((value2).c & (value3).c); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).d ^= ((value2).d & (value3).d); \
        mask_mix_and((value1).d, (value2).d, (value3).d, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).e ^= ((value2).e & (value3).e); \
    } while (0)

AND's two 5-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x5_uint32_t, then "temp" must be of type uint32_t.

#define mask_x5_and_not	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((~(value2).a) & (value3).a); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).a, ~(value2).a, (value3).a, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).c ^= ((value2).c & (value3).c); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).d ^= ((value2).d & (value3).d); \
        mask_mix_and((value1).d, (value2).d, (value3).d, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).e ^= ((value2).e & (value3).e); \
    } while (0)

AND's two 5-share masked words and XOR's the result with another word, where the first input word is inverted.

Parameters

value1	The destination masked word.
value2	The first masked word argument to be inverted.
value3	The second masked word argument.

This function performs "value1 ^= ((~value2) & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_x5_input	(	value,
		input
	)

Value:

do { \
        if (sizeof((value).b) <= 4) { \
            (value).b = aead_random_generate_32(); \
            (value).c = aead_random_generate_32(); \
            (value).d = aead_random_generate_32(); \
            (value).e = aead_random_generate_32(); \
        } else { \
            (value).b = aead_random_generate_64(); \
            (value).c = aead_random_generate_64(); \
            (value).d = aead_random_generate_64(); \
            (value).e = aead_random_generate_64(); \
        } \
        (value).a = (input) ^ (value).b ^ (value).c ^ (value).d ^ (value).e; \
    } while (0)

Masks an input value to produce a 5-share masked word.

Parameters

value	The masked word on output.
input	The input value to be masked.

#define mask_x5_not ( value )

Value:

do { \
        (value).a = ~((value).a); \
    } while (0)

NOT's a 5-share masked word.

Parameters

value The masked word to NOT.

Equivalent to adding the all-1's constant to the masked word.

#define mask_x5_or	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a | (value3).a); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).b, (value2).b, (value3).b); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).a, ~(value2).a, ~(value3).a, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).b ^= ((value2).b & (value3).b); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).c, (value2).c, (value3).c); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).b, (value2).b, (value3).b, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).c ^= ((value2).c & (value3).c); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).d, (value2).d, (value3).d); \
        mask_mix_and((value1).c, (value2).c, (value3).c, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).d ^= ((value2).d & (value3).d); \
        mask_mix_and((value1).d, (value2).d, (value3).d, \
                     (value1).e, (value2).e, (value3).e); \
        (value1).e ^= ((value2).e & (value3).e); \
    } while (0)

OR's two 5-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 | value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x5_uint32_t, then "temp" must be of type uint32_t.

#define mask_x5_output ( value ) ((value).a ^ (value).b ^ (value).c ^ (value).d ^ (value).e)

Unmasks a 5-share masked word to produce an output value.

Parameters

value The masked word.

Returns: The unmasked version of value.

#define mask_x5_rol	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a << (bits)) | \
                     ((value2).a >> (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b << (bits)) | \
                     ((value2).b >> (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c << (bits)) | \
                     ((value2).c >> (sizeof((value1).c) * 8 - (bits))); \
        (value1).d = ((value2).d << (bits)) | \
                     ((value2).d >> (sizeof((value1).d) * 8 - (bits))); \
        (value1).e = ((value2).e << (bits)) | \
                     ((value2).e >> (sizeof((value1).d) * 8 - (bits))); \
    } while (0)

Performs a left rotate on a 5-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x5_ror	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a >> (bits)) | \
                     ((value2).a << (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b >> (bits)) | \
                     ((value2).b << (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c >> (bits)) | \
                     ((value2).c << (sizeof((value1).c) * 8 - (bits))); \
        (value1).d = ((value2).d >> (bits)) | \
                     ((value2).d << (sizeof((value1).d) * 8 - (bits))); \
        (value1).e = ((value2).e >> (bits)) | \
                     ((value2).e << (sizeof((value1).d) * 8 - (bits))); \
    } while (0)

Performs a right rotate on a 5-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x5_shl	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a << (bits); \
        (value1).b = (value2).b << (bits); \
        (value1).c = (value2).c << (bits); \
        (value1).d = (value2).d << (bits); \
        (value1).e = (value2).e << (bits); \
    } while (0)

Performs a left shift on a 5-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x5_shr	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a >> (bits); \
        (value1).b = (value2).b >> (bits); \
        (value1).c = (value2).c >> (bits); \
        (value1).d = (value2).d >> (bits); \
        (value1).e = (value2).e >> (bits); \
    } while (0)

Performs a right shift on a 5-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x5_swap	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value2).a ^= (value1).a; \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value2).b ^= (value1).b; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
        (value2).c ^= (value1).c; \
        (value1).c ^= (value2).c; \
        (value1).d ^= (value2).d; \
        (value2).d ^= (value1).d; \
        (value1).d ^= (value2).d; \
        (value1).e ^= (value2).e; \
        (value2).e ^= (value1).e; \
        (value1).e ^= (value2).e; \
    } while (0)

Performs a swap on two 5-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.

#define mask_x5_swap_move	(	value1,
		value2,
		mask,
		shift
	)

Value:

do { \
        mask_swap_move_internal((value1).a, (value2).a, (mask), (shift)); \
        mask_swap_move_internal((value1).b, (value2).b, (mask), (shift)); \
        mask_swap_move_internal((value1).c, (value2).c, (mask), (shift)); \
        mask_swap_move_internal((value1).d, (value2).d, (mask), (shift)); \
        mask_swap_move_internal((value1).e, (value2).e, (mask), (shift)); \
    } while (0)

Performs a swap and move on two 5-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.
mask	The mask to extract the bits to move.
shift	The number of bits to move by.

#define mask_x5_xor	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
        (value1).d ^= (value2).d; \
        (value1).e ^= (value2).e; \
    } while (0)

XOR's two 5-share masked words.

Parameters

value1	The destination masked word.
value2	The source masked word.

This function performs "value1 ^= value2".

#define mask_x5_xor3	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a ^ (value3).a); \
        (value1).b ^= ((value2).b ^ (value3).b); \
        (value1).c ^= ((value2).c ^ (value3).c); \
        (value1).d ^= ((value2).d ^ (value3).d); \
        (value1).e ^= ((value2).e ^ (value3).e); \
    } while (0)

XOR's three 5-share masked words.

Parameters

value1	The destination masked word.
value2	The first source masked word.
value3	The second source masked word.

This function performs "value1 ^= (value2 ^ value3)".

#define mask_x5_xor_const	(	value,
		cvalue
	)

Value:

do { \
        (value).a ^= (cvalue); \
    } while (0)

Adds a constant to a 5-share masked word.

Parameters

value	The masked word.
cvalue	The constant value to add using XOR.

This function performs "value ^= cvalue" where "cvalue" is a constant or external data value rather than another masked word.

#define mask_x5_zero ( value )

Value:

do { \
        (value).a = 0; \
        (value).b = 0; \
        (value).c = 0; \
        (value).d = 0; \
        (value).e = 0; \
    } while (0)

Sets all shares of a 5-share word to zero.

Parameters

value The masked word to set to zero.

#define mask_x6_and	(	value1,
		value2,
		value3
	)

AND's two 6-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x6_uint32_t, then "temp" must be of type uint32_t.

#define mask_x6_and_not	(	value1,
		value2,
		value3
	)

AND's two 6-share masked words and XOR's the result with another word, where the first input word is inverted.

Parameters

value1	The destination masked word.
value2	The first masked word argument to be inverted.
value3	The second masked word argument.

This function performs "value1 ^= ((~value2) & value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x2_uint32_t, then "temp" must be of type uint32_t.

#define mask_x6_input	(	value,
		input
	)

Value:

do { \
        if (sizeof((value).b) <= 4) { \
            (value).b = aead_random_generate_32(); \
            (value).c = aead_random_generate_32(); \
            (value).d = aead_random_generate_32(); \
            (value).e = aead_random_generate_32(); \
            (value).f = aead_random_generate_32(); \
        } else { \
            (value).b = aead_random_generate_64(); \
            (value).c = aead_random_generate_64(); \
            (value).d = aead_random_generate_64(); \
            (value).e = aead_random_generate_64(); \
            (value).f = aead_random_generate_64(); \
        } \
        (value).a = (input) ^ (value).b ^ (value).c ^ \
                  (value).d ^ (value).e ^ (value).f; \
    } while (0)

Masks an input value to produce a 6-share masked word.

Parameters

value	The masked word on output.
input	The input value to be masked.

#define mask_x6_not ( value )

Value:

do { \
        (value).a = ~((value).a); \
    } while (0)

NOT's a 6-share masked word.

Parameters

value The masked word to NOT.

Equivalent to adding the all-1's constant to the masked word.

#define mask_x6_or	(	value1,
		value2,
		value3
	)

OR's two 6-share masked words and XOR's the result with another word.

Parameters

value1	The destination masked word.
value2	The first masked word argument.
value3	The second masked word argument.

This function performs "value1 ^= (value2 | value3)".

Note: This macro assumes that there is a local variable called "temp" in the current scope that is the same size as the masked word's shares. For example, if the values are instances of mask_x6_uint32_t, then "temp" must be of type uint32_t.

#define mask_x6_output ( value ) ((value).a ^ (value).b ^ (value).c ^ (value).d ^ (value).e ^ (value).f)

Unmasks a 6-share masked word to produce an output value.

Parameters

value The masked word.

Returns: The unmasked version of value.

#define mask_x6_rol	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a << (bits)) | \
                     ((value2).a >> (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b << (bits)) | \
                     ((value2).b >> (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c << (bits)) | \
                     ((value2).c >> (sizeof((value1).c) * 8 - (bits))); \
        (value1).d = ((value2).d << (bits)) | \
                     ((value2).d >> (sizeof((value1).d) * 8 - (bits))); \
        (value1).e = ((value2).e << (bits)) | \
                     ((value2).e >> (sizeof((value1).e) * 8 - (bits))); \
        (value1).f = ((value2).f << (bits)) | \
                     ((value2).f >> (sizeof((value1).f) * 8 - (bits))); \
    } while (0)

Performs a left rotate on a 6-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x6_ror	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = ((value2).a >> (bits)) | \
                     ((value2).a << (sizeof((value1).a) * 8 - (bits))); \
        (value1).b = ((value2).b >> (bits)) | \
                     ((value2).b << (sizeof((value1).b) * 8 - (bits))); \
        (value1).c = ((value2).c >> (bits)) | \
                     ((value2).c << (sizeof((value1).c) * 8 - (bits))); \
        (value1).d = ((value2).d >> (bits)) | \
                     ((value2).d << (sizeof((value1).d) * 8 - (bits))); \
        (value1).e = ((value2).e >> (bits)) | \
                     ((value2).e << (sizeof((value1).e) * 8 - (bits))); \
        (value1).f = ((value2).f >> (bits)) | \
                     ((value2).f << (sizeof((value1).f) * 8 - (bits))); \
    } while (0)

Performs a right rotate on a 6-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to rotate by, which should be a constant.

#define mask_x6_shl	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a << (bits); \
        (value1).b = (value2).b << (bits); \
        (value1).c = (value2).c << (bits); \
        (value1).d = (value2).d << (bits); \
        (value1).e = (value2).e << (bits); \
        (value1).f = (value2).f << (bits); \
    } while (0)

Performs a left shift on a 6-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x6_shr	(	value1,
		value2,
		bits
	)

Value:

do { \
        (value1).a = (value2).a >> (bits); \
        (value1).b = (value2).b >> (bits); \
        (value1).c = (value2).c >> (bits); \
        (value1).d = (value2).d >> (bits); \
        (value1).e = (value2).e >> (bits); \
        (value1).f = (value2).f >> (bits); \
    } while (0)

Performs a right shift on a 6-share masked word.

Parameters

value1	The destination mask word.
value2	The source mask word.
bits	The number of bits to shift by, which should be a constant.

#define mask_x6_swap	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value2).a ^= (value1).a; \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value2).b ^= (value1).b; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
        (value2).c ^= (value1).c; \
        (value1).c ^= (value2).c; \
        (value1).d ^= (value2).d; \
        (value2).d ^= (value1).d; \
        (value1).d ^= (value2).d; \
        (value1).e ^= (value2).e; \
        (value2).e ^= (value1).e; \
        (value1).e ^= (value2).e; \
        (value1).f ^= (value2).f; \
        (value2).f ^= (value1).f; \
        (value1).f ^= (value2).f; \
    } while (0)

Performs a swap on two 6-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.

#define mask_x6_swap_move	(	value1,
		value2,
		mask,
		shift
	)

Value:

do { \
        mask_swap_move_internal((value1).a, (value2).a, (mask), (shift)); \
        mask_swap_move_internal((value1).b, (value2).b, (mask), (shift)); \
        mask_swap_move_internal((value1).c, (value2).c, (mask), (shift)); \
        mask_swap_move_internal((value1).d, (value2).d, (mask), (shift)); \
        mask_swap_move_internal((value1).e, (value2).e, (mask), (shift)); \
        mask_swap_move_internal((value1).f, (value2).f, (mask), (shift)); \
    } while (0)

Performs a swap and move on two 6-share masked words.

Parameters

value1	The first masked word.
value2	The second masked word.
mask	The mask to extract the bits to move.
shift	The number of bits to move by.

#define mask_x6_xor	(	value1,
		value2
	)

Value:

do { \
        (value1).a ^= (value2).a; \
        (value1).b ^= (value2).b; \
        (value1).c ^= (value2).c; \
        (value1).d ^= (value2).d; \
        (value1).e ^= (value2).e; \
        (value1).f ^= (value2).f; \
    } while (0)

XOR's two 6-share masked words.

Parameters

value1	The destination masked word.
value2	The source masked word.

This function performs "value1 ^= value2".

#define mask_x6_xor3	(	value1,
		value2,
		value3
	)

Value:

do { \
        (value1).a ^= ((value2).a ^ (value3).a); \
        (value1).b ^= ((value2).b ^ (value3).b); \
        (value1).c ^= ((value2).c ^ (value3).c); \
        (value1).d ^= ((value2).d ^ (value3).d); \
        (value1).e ^= ((value2).e ^ (value3).e); \
        (value1).f ^= ((value2).f ^ (value3).f); \
    } while (0)

XOR's three 6-share masked words.

Parameters

value1	The destination masked word.
value2	The first source masked word.
value3	The second source masked word.

This function performs "value1 ^= (value2 ^ value3)".

#define mask_x6_xor_const	(	value,
		cvalue
	)

Value:

do { \
        (value).a ^= (cvalue); \
    } while (0)

Adds a constant to a 6-share masked word.

Parameters

value	The masked word.
cvalue	The constant value to add using XOR.

This function performs "value ^= cvalue" where "cvalue" is a constant or external data value rather than another masked word.

#define mask_x6_zero ( value )

Value:

do { \
        (value).a = 0; \
        (value).b = 0; \
        (value).c = 0; \
        (value).d = 0; \
        (value).e = 0; \
        (value).f = 0; \
    } while (0)

Sets all shares of a 6-share word to zero.

Parameters

value The masked word to set to zero.

#define mask_xor	(	value1,
		value2
	)	mask_x4_xor((value1), (value2))

XOR's two generic masked words.

Parameters

value1	The destination masked word.
value2	The source masked word.

This function performs "value1 ^= value2".

#define mask_xor3	(	value1,
		value2,
		value3
	)	mask_x4_xor3((value1), (value2), (value3))

XOR's three generic masked words.

Parameters

value1	The destination masked word.
value2	The first source masked word.
value3	The second source masked word.

This function performs "value1 ^= (value2 ^ value3)".

#define mask_xor_const	(	value,
		cvalue
	)	mask_x4_xor_const((value), (cvalue))

Adds a constant to a generic masked word.

Parameters

value	The masked word.
cvalue	The constant value to add using XOR.

This function performs "value ^= cvalue" where "cvalue" is a constant or external data value rather than another masked word.

#define mask_zero ( value ) mask_x4_zero((value))

Sets all shares of a generic masked word to zero.

Parameters

value The masked word to set to zero.

Data Structures

Macros

Typedefs

Detailed Description

Macro Definition Documentation