3 This file is part of the Crypto-avr-lib/microcrypt-lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 * Implementation of XTEA for AVR
24 * include xtea.h in your C-Project to use this functions.
47 C = 28 /* der kleine Zaehler fuer zwischendurch */
51 ; xtea encrytion function
52 ; param1: 16-bit pointer to destination for encrypted block
54 ; param2: 16-bit pointer to the block (64-bit) which is to encrypt
56 ; param3: 16-bit pointer to the key (128-bit)
76 movw r26, r22 /* X points to block */
77 movw r30, r20 /* Z points to key */
88 movw r26, r24 /* X points to destination */
91 mov r0, Func1 /* r1 is cycle-counter */
106 brne 2b /* Accu == V1 << 4 */
116 brne 3b /* Func == V1 >> 5 */
125 adc Accu4, V14 /* Accu == ( (V1<<4)^(V1>>5) ) + V1 */
134 mov C, Sum1 /* calc key offset */
146 ldd Func4, Z+3 /* Func = key[sum & 3] */
156 eor Accu4, Func4 /* Accu = ((V1<<4 ^ V1>>5) + V1) ^ (sum + key[sum&3]) */
167 /* sum += delta */ /* delta == 0x9E3779B9 */
185 /* write block back */
213 ;####################################################################
215 /* #endif TWO_IN_ONE */
217 /* #ifdef TWO_IN_ONE */
218 /* now we use the same base-structure for enc- and decryption
219 to indicate operation mode we use the highest bit of param3 (16 bit pointer to key),
220 this is ok, since even the larges atmel today has "only" 8k of ram,
221 but you shouldn't use this feature while using external ram.
228 ; xtea decrytion function
229 ; param1: 16-bit pointer to destination for decrypted block
231 ; param2: 16-bit pointer to the block (64-bit) which is to derypt
233 ; param3: 16-bit pointer to the key (128-bit)
237 void xtea_dec(uint32_t* dest, uint32_t* v, uint32_t* k) {
238 uint32_t v0=v[0], v1=v[1], i;
239 uint32_t sum=0xC6EF3720, delta=0x9E3779B9;
240 for(i=0; i<32; i++) {
241 v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
243 v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
245 dest[0]=v0; dest[1]=v1;
265 movw r26, r22 /* Z points to block */
266 movw r30, r20 /* X points to key */
275 movw r26, r24 /* Z points to destination */
278 mov r0, Sum1 /* r1 is cycle-counter */
279 ldi Sum1, 0x20 /* sum = 0xC6EF3720 */
294 brne 2b /* Accu == V0 << 4 */
304 brne 3b /* Func == V0 >> 5 */
313 adc Accu4, V04 /* Accu == ( (V0<<4)^(V0>>5) ) + V0 */
322 mov C, Sum1 /* calc key offset */
334 ldd Func4, Z+3 /* Func = key[sum & 3] */
344 eor Accu4, Func4 /* Accu = ((V0<<4 ^ V0>>5) + V0) ^ (sum + key[sum&3]) */
357 /* sum += delta */ /* delta == 0x9E3779B9 */
371 /* write block back */
399 ;####################################################################
402 /* now we use the same base-structure for enc- and decryption
403 to indicate operation mode we use the highest bit of param3 (16 bit pointer to key),
404 this is ok, since even the larges atmel today has "only" 8k of ram,
405 but you shouldn't use this feature while using external ram.
412 ; xtea decrytion function
413 ; param1: 16-bit pointer to destination for decrypted block
415 ; param2: 16-bit pointer to the block (64-bit) which is to derypt
417 ; param3: 16-bit pointer to the key (128-bit)
421 void xtea_dec(uint32_t* dest, uint32_t* v, uint32_t* k) {
422 uint32_t v0=v[0], v1=v[1], i;
423 uint32_t sum=0xC6EF3720, delta=0x9E3779B9;
424 for(i=0; i<32; i++) {
425 v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
427 v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
429 dest[0]=v0; dest[1]=v1;
448 /* set T-bit if we are going to encrypt, clear otherwise */
450 andi r21, 0x7f /* fix r21:r22 to a real addr */
452 movw r26, r22 /* Z points to block */
453 movw r30, r20 /* X points to key */
462 movw r26, r24 /* Z points to destination */
465 mov r0, Sum1 /* r1 is cycle-counter */
466 ldi Sum1, 0x20 /* sum = 0xC6EF3720 */
481 brne 2b /* Accu == V0 << 4 */
491 brne 3b /* Func == V0 >> 5 */
500 adc Accu4, V04 /* Accu == ( (V0<<4)^(V0>>5) ) + V0 */
509 mov C, Sum1 /* calc key offset */
521 ldd Func4, Z+3 /* Func = key[sum & 3] */
531 eor Accu4, Func4 /* Accu = ((V0<<4 ^ V0>>5) + V0) ^ (sum + key[sum&3]) */
544 /* sum += delta */ /* delta == 0x9E3779B9 */
558 /* write block back */