]> git.cryptolib.org Git - avr-crypto-lib.git/blob - shabal/shabal.c
more docu
[avr-crypto-lib.git] / shabal / shabal.c
1 /* shabal.c */
2 /*
3     This file is part of the AVR-Crypto-Lib.
4     Copyright (C) 2009  Daniel Otte (daniel.otte@rub.de)
5
6     This program is free software: you can redistribute it and/or modify
7     it under the terms of the GNU General Public License as published by
8     the Free Software Foundation, either version 3 of the License, or
9     (at your option) any later version.
10
11     This program is distributed in the hope that it will be useful,
12     but WITHOUT ANY WARRANTY; without even the implied warranty of
13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14     GNU General Public License for more details.
15
16     You should have received a copy of the GNU General Public License
17     along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19 /*
20  * \file    shabal.c
21  * \author  Daniel Otte
22  * \email   daniel.otte@rub.de
23  * \date    2009-04-17
24  * \license GPLv3 or later
25  * 
26  */
27
28 #include <stdint.h>
29 #include "shabal.h"
30 #include <string.h>
31
32 #define SHABAL_O1 13
33 #define SHABAL_O2  9
34 #define SHABAL_O3  6
35
36
37 static inline
38 uint32_t shabal_u(uint32_t a){
39         return (a<<1)+a; /* a*3 */
40 }
41
42 static inline
43 uint32_t shabal_v(uint32_t a){
44         return (a<<2)+a; /* a*5 */
45 }
46
47 #define ROTL32(a,n) (((a)<<(n))|((a)>>(32-(n))))
48
49 static
50 void shabal_p(shabal_ctx_t* ctx, const void* m){
51         uint8_t i,j;
52         for(i=0;i<16;++i){
53                 ctx->b[i] = ROTL32(ctx->b[i],17);
54         }
55         for(j=0;j<SHABAL_P;j++){
56                 for(i=0;i<16;++i){
57                         ctx->a[(i+j*16)%SHABAL_R] = 
58                                 shabal_u(ctx->a[(i+j*16)%SHABAL_R] 
59                                         ^ shabal_v(ROTL32(ctx->a[(i+j*16+SHABAL_R-1)%SHABAL_R],15))
60                                     ^ ctx->c[(8-i+16)%16])
61                                 ^ ctx->b[(i+SHABAL_O1)%16]
62                                 ^ ((ctx->b[(i+SHABAL_O2)%16]) & ~(ctx->b[(i+SHABAL_O3)%16]))
63                                 ^ ((uint32_t*)m)[i];
64                         ctx->b[i] = ROTL32(ctx->b[i], 1) ^ ~(ctx->a[(i+j*16)%SHABAL_R]);
65                 }
66         }
67         
68         for(j=0;j<36;++j){
69                 ctx->a[j%SHABAL_R] += ctx->c[(j+3)%16];
70         }
71 }
72
73 void shabal_nextBlock(shabal_ctx_t* ctx, const void* block){
74         uint8_t i;
75         uint32_t* t;
76         for(i=0;i<16;++i){
77                 ctx->b[i] += ((uint32_t*)block)[i];
78         }
79         ctx->a[0] ^= ctx->w.w32[0];
80         ctx->a[1] ^= ctx->w.w32[1];
81         shabal_p(ctx, block);
82         for(i=0;i<16;++i){
83                 ctx->c[i] -= ((uint32_t*)block)[i];
84         }
85         ctx->w.w64++;
86         t = ctx->c;
87         ctx->c = ctx->b;
88         ctx->b = t;
89 }
90
91 void shabal_lastBlock(shabal_ctx_t* ctx, const void* block, uint16_t length_b){
92         uint8_t i,j;
93         uint32_t* t;
94         uint8_t buffer[64];
95         while(length_b>=SHABAL_BLOCKSIZE){
96                 shabal_nextBlock(ctx, block);
97                 block = (uint8_t*)block + SHABAL_BLOCKSIZE_B;
98                 length_b -= SHABAL_BLOCKSIZE;
99         }
100         memset(buffer, 0, 64);
101         memcpy(buffer, block, (length_b+7)/8);
102         buffer[length_b/8] |= 0x80>>(length_b%8);
103         
104         for(i=0;i<16;++i){
105                 ctx->b[i] += ((uint32_t*)buffer)[i];
106         }
107
108         for(j=0; j<4;++j){
109                 ctx->a[0] ^= ctx->w.w32[0];
110                 ctx->a[1] ^= ctx->w.w32[1];
111                 shabal_p(ctx, buffer);
112                 t = ctx->c;
113                 ctx->c = ctx->b;
114                 ctx->b = t;
115         }
116          
117 }
118
119 void shabal_ctx2hash(void* dest, const shabal_ctx_t* ctx, uint16_t outlength_b){
120         memcpy(dest, &(ctx->c[16-outlength_b/32]), outlength_b/8);
121 }