3 This file is part of the AVR-Crypto-Lib.
4 Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 * \email daniel.otte@rub.de
24 * \license GPLv3 or later
27 #include "avr-asm-macros.S"
29 /******************************************************************************/
31 void shabal_p(shabal_ctx_t* ctx, const void* m){
34 ctx->b[i] = ROTL32(ctx->b[i],17);
36 for(j=0;j<SHABAL_P;++j){
38 ctx->a[(i+16*j)%SHABAL_R] =
39 shabal_u(ctx->a[(i+16*j)%SHABAL_R]
40 ^ shabal_v(ROTL32(ctx->a[(i+16*j+SHABAL_R-1)%SHABAL_R],15))
41 ^ ctx->c[(8-i+16)%16])
42 ^ ctx->b[(i+SHABAL_O1)%16]
43 ^ ((ctx->b[(i+SHABAL_O2)%16]) & ~(ctx->b[(i+SHABAL_O3)%16]))
45 ctx->b[i] = ROTL32(ctx->b[i], 1) ^ ~(ctx->a[(i+16*j)%SHABAL_R]);
50 ctx->a[j%SHABAL_R] += ctx->c[(j+3)%16];
120 /* load ctx->a[(i+16*j-1)%12]*/
156 /* xor in ctx->c[(8-i+16)%16] */
173 /* xor in ctx->a[(i+16*j)%12] */
177 ldi r30, lo8(mod12table)
178 ldi r31, hi8(mod12table)
205 /* xor in ctx->b[(i+13)%16] */
222 /* load ctx->b[(i+9)%16] into A */
235 /* and in ~(ctx->b[(i+6)%16]) */
261 /* xor m[i] into AL */
276 /* A (AL) is done, now store it */
282 /* process ctx->b[i] */
290 /* xor in ~(ctx->a[(i+16*j)%SHABAL_R]) */
453 .byte 0, 4, 8, 12, 16, 20, 24, 28
454 .byte 32, 36, 40, 44, 0, 4, 8, 12
455 .byte 16, 20, 24, 28, 32, 36, 40, 44
456 .byte 0, 4, 8, 12, 16, 20, 24, 28
457 .byte 32, 36, 40, 44, 0, 4, 8, 12
458 .byte 16, 20, 24, 28, 32, 36, 40, 44
460 /******************************************************************************/
462 void shabal_nextBlock(shabal_ctx_t* ctx, const void* block){
466 ctx->b[i] += ((uint32_t*)block)[i];
468 ctx->a[0] ^= ctx->w.w32[0];
469 ctx->a[1] ^= ctx->w.w32[1];
470 shabal_p(ctx, block);
472 ctx->c[i] -= ((uint32_t*)block)[i];
482 * param block: r22:r23
488 .global shabal_nextBlock
493 /* xor W into A and increment W */
506 /* add block to ctx->b */
532 /* sub block from ctx->c */
558 /* xchange ctx->b with ctx->c*/
571 /******************************************************************************/
573 void shabal_lastBlock(shabal_ctx_t* ctx, const void* block, uint16_t length_b){
577 while(length_b>=SHABAL_BLOCKSIZE){
578 shabal_nextBlock(ctx, block);
579 block = (uint8_t*)block + SHABAL_BLOCKSIZE_B;
580 length_b -= SHABAL_BLOCKSIZE;
582 memset(buffer, 0, 64);
583 memcpy(buffer, block, (length_b+7)/8);
584 buffer[length_b/8] |= 0x80>>(length_b%8);
586 ctx->b[i] += ((uint32_t*)buffer)[i];
589 ctx->a[0] ^= ctx->w.w32[0];
590 ctx->a[1] ^= ctx->w.w32[1];
591 shabal_p(ctx, buffer);
607 * param block: r22:r23
608 * param length_b: r20:r21
610 .global shabal_lastBlock
621 rcall shabal_nextBlock
629 adiw r30, 1 /* Z points at buffer */