X-Git-Url: https://git.cryptolib.org/?a=blobdiff_plain;f=camellia-asm.S;h=c743997518247b41bfeca78081016311b80baff7;hb=7701e318e4e2bac7f84dbf6e368f1501814948fc;hp=36701b26a1855ac3c41bce0af20ba618454d9aea;hpb=38806fc75038026e167a26eff90b6111066a3642;p=avr-crypto-lib.git diff --git a/camellia-asm.S b/camellia-asm.S index 36701b2..c743997 100644 --- a/camellia-asm.S +++ b/camellia-asm.S @@ -1,8 +1,26 @@ +/* camellia-asm.S */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ /* - * File: camellis-asm.S - * Author: Daniel Otte - * Date: 10.11.2006 - * License: GPL + * File: camellis-asm.S + * Author: Daniel Otte + * Date: 2006-11-10 + * License: GPLv3 or later * Description: Implementation of the camellia block cipher algorithm. * */ @@ -191,36 +209,36 @@ camellia_s4: camellia_s: movw r26, r24 ; backup r24,r25 -> X clr r25 - call camellia_s2 + rcall camellia_s2 mov r26, r24 mov r24, r27 - call camellia_s1 + rcall camellia_s1 mov r27, r24 mov r24, r23 - call camellia_s3 + rcall camellia_s3 mov r23, r24 mov r24, r22 - call camellia_s4 + rcall camellia_s4 mov r22, r24 mov r24, r21 - call camellia_s2 + rcall camellia_s2 mov r21, r24 mov r24, r20 - call camellia_s3 + rcall camellia_s3 mov r20, r24 mov r24, r19 - call camellia_s4 + rcall camellia_s4 mov r19, r24 mov r24, r18 - call camellia_s1 + rcall camellia_s1 mov r18, r24 movw r24, r26 @@ -282,8 +300,8 @@ camellia_f: eor r23, r15 eor r24, r16 eor r25, r17 - call camellia_s - call camellia_p + rcall camellia_s + rcall camellia_p ret ;############################################################################## @@ -389,26 +407,26 @@ B1 = 18 B2 = 19 .global camellia128_keyop_rot15 camellia128_keyop_rot15: - movw r30, r24 ; Z points at LSB of kl ;-- 0 + movw r30, r24 ; Z points at LSB of kl ;-- 0 ldi r22, 2 -2: adiw r30, 15 ;-- 15 +2: adiw r30, 15 ;-- 15 ld r21, Z - ld r20, -Z ;-- 14 + ld r20, -Z ;-- 14 movw B1, r20 ; store Backup of the 2 MSB of kl ror r20 ldi r21, 14 -1: ld r20, -Z ;-- 13..0 +1: ld r20, -Z ;-- 13..0 ror r20 - std Z+2, r20 ;-- (15..2) + std Z+2, r20 ;-- (15..2) dec r21 brne 1b ror B2 ror B1 - st Z+, B1 ;-- 1 + st Z+, B1 ;-- 1 st Z, B2 - adiw r30, 15 ;-- 16 + adiw r30, 15 ;-- 16 dec r22 brne 2b @@ -495,26 +513,26 @@ B1 = 18 B2 = 19 .global camellia128_keyop_inv_rot15 camellia128_keyop_inv_rot15: - movw r30, r24 ; Z points at LSB of kl ;-- 0 + movw r30, r24 ; Z points at LSB of kl ;-- 0 movw r26, r24 ; X also ldi r22, 2 -2: ;-- 0 - ld r20, Z+ ;-- 0/1 - ld r21, Z+ ;-- 1/2 +2: ;-- 0 + ld r20, Z+ ;-- 0/1 + ld r21, Z+ ;-- 1/2 movw B1, r20 ; store Backup of the 2 LSB of kl rol r21 ldi r20, 14 -1: ld r21, Z+ ;-- 2/14..3/16 +1: ld r21, Z+ ;-- 2/14..3/16 rol r21 - st X+, r21 ;-- (0..13)/(1..14) + st X+, r21 ;-- (0..13)/(1..14) dec r20 brne 1b rol B1 rol B2 - st X+, B1 ;-- 14/15 - st X+, B2 ;-- 15/16 + st X+, B1 ;-- 14/15 + st X+, B2 ;-- 15/16 dec r22 brne 2b @@ -784,15 +802,15 @@ main_loop: neg r22 SBRS xro_sec, 2 // KEY_DIR rjmp 2f - call camellia128_keyop_inv + rcall camellia128_keyop_inv rjmp 3f -2: call camellia128_keyop +2: rcall camellia128_keyop 3: /* loop back */ SWAP_R br1_sec, bl1_sec SWAP_R br2_sec, bl2_sec dec loop_cnt breq 2f - jmp main_loop + rjmp main_loop 2: pop r7 pop r8 @@ -919,18 +937,18 @@ camellia128_init: // / * step 1 * / ldi r26, lo8(camellia_sigma) ldi r27, hi8(camellia_sigma) - call X64_xor_in - call camellia_s - call camellia_p // / * f(x,k) is done * / + rcall X64_xor_in + rcall camellia_s + rcall camellia_p // / * f(x,k) is done * / sbiw r30, 128/8 movw r28, r30 ; Z&Y point on kar now call Y64_load_xor_store // / * step 2 now * / - call X64_xor_in - call camellia_s - call camellia_p // / * f(x,k) is done * / - call Y64_load_xor_store + rcall X64_xor_in + rcall camellia_s + rcall camellia_p // / * f(x,k) is done * / + rcall Y64_load_xor_store // / * now the xor part (kl and kr) * / sbiw r30, 128/8 ; Z points to klr @@ -943,23 +961,23 @@ camellia128_init: brne 1b // / * now s->kar ^= camellia_f(s->kal, camellia_sigma[2]); * / - call X64_load ; load sigma[2] + rcall X64_load ; load sigma[2] movw r26, r28 ; X&Y point at kal - call X64_xor_in - call camellia_s - call camellia_p + rcall X64_xor_in + rcall camellia_s + rcall camellia_p sbiw r28, 128/8/2 ; Y points at kar - call Y64_load_xor_store + rcall Y64_load_xor_store // / * now s->kal ^= camellia_f(s->kar, camellia_sigma[3]); * / sbiw r26, 128/8 ; - call X64_load ; load kar + rcall X64_load ; load kar ldi r26, lo8(camellia_sigma+3*8) ldi r27, hi8(camellia_sigma+3*8) - call X64_xor_in ; xor sigma[3] in - call camellia_s - call camellia_p - call Y64_load_xor_store + rcall X64_xor_in ; xor sigma[3] in + rcall camellia_s + rcall camellia_p + rcall Y64_load_xor_store pop r28 pop r29 @@ -975,3 +993,4 @@ camellia128_init: +