X-Git-Url: https://git.cryptolib.org/?a=blobdiff_plain;f=echo%2Fecho.c;h=43703d7cbd31f125622f47d8a682d79af71dfe9b;hb=e542ff92d053ecf40b42364a44bc887431cecae2;hp=e80877587be857bd907083266c0871f31e5b0e65;hpb=b3be51454f16d582e7a8c7b7468fc2d600177f06;p=avr-crypto-lib.git

diff --git a/echo/echo.c b/echo/echo.c
index e808775..43703d7 100644
--- a/echo/echo.c
+++ b/echo/echo.c
@@ -21,6 +21,7 @@
 #include "echo.h"
 #include "gf256mul.h"
 #include "memxor.h"
+#include "aes_enc_round.h"
 #include <stdint.h>
 #include <string.h>
 
@@ -35,7 +36,6 @@
 #include "cli.h"
 #endif
 
-void aes_encrypt_round(void* state, void* key);
 
 #define INDEX(c,r) ((c)*16*4+(r)*16)
 
@@ -43,7 +43,7 @@ void aes_encrypt_round(void* state, void* key);
 #define GF256MUL_2(a) (gf256mul(2, (a), 0x1b))
 #define GF256MUL_3(a) (gf256mul(3, (a), 0x1b))
 
-static void mixcol(uint8_t* s){
+static void mixcol(uint8_t *s){
 	uint8_t t, tmp[4];
 	tmp[0] = *(s+16*0);
 	tmp[1] = *(s+16*1);
@@ -70,7 +70,7 @@ static void mixcol(uint8_t* s){
 }
 
 #if DEBUG
-static void dump_state(void* s){
+static void dump_state(void *s){
 	uint8_t row, col;
 	for(col=0; col<4; col++){
 		for(row=0; row<4; row++){
@@ -91,33 +91,34 @@ static void dump_state(void* s){
 }
 #endif
 
-static void compress512(void* v, void* m, uint64_t* c, void* salt){
-	uint8_t i, j, l;
-	uint8_t s[16*16];
-	uint8_t k[16];
-
-	memcpy(s, v, 16*4);           /* load v into state */
-	memcpy(s+16*4, m, 16*12);     /* load m into state */
-
-	memcpy(k, c, 8);
-	memset(k+8, 0, 8);
-	for(i=0; i<8; ++i){
+static void echo_compress(uint8_t *s, uint8_t iterations, uint64_t *c, void *salt){
+	uint8_t i, j;
+	union {
+		uint8_t v8[16];
+		uint64_t v64[2];
+	} k;
+#if DEBUG
+	uint8_t round=0;
+#endif
+	memcpy(k.v8, c, 8);
+	memset(k.v8+8, 0, 8);
+	do{
 		/* BIG.SubWords */
 #if DEBUG
 	cli_putstr_P(PSTR("\r\n === ROUND "));
-	cli_putc('1'+i);
+	cli_putc('0'+round);
 	cli_putstr_P(PSTR(" ==="));
-	if(i<DEBUG_DEPTH){
+	if(round<DEBUG_DEPTH){
 		dump_state(s);
 	}
 #endif
-		for(j=0; j<16; ++j){
-			aes_encrypt_round(s+16*j, k);
-			aes_encrypt_round(s+16*j, salt);
-			*((uint64_t*)(k)) += 1;
+		for(i=0; i<16; ++i){
+			aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)k.v8);
+			aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)salt);
+			k.v64[0] += 1;
 		}
 #if DEBUG
-		if(i<DEBUG_DEPTH){
+		if(round<DEBUG_DEPTH){
 			cli_putstr_P(PSTR("\r\nAfter SubWords"));
 			dump_state(s);
 		}
@@ -144,24 +145,37 @@ static void compress512(void* v, void* m, uint64_t* c, void* salt){
 		memcpy(s+INDEX(2, 3), s+INDEX(1, 3), 16);
 		memcpy(s+INDEX(1, 3), t,             16);
 #if DEBUG
-		if(i<DEBUG_DEPTH){
+		if(round<DEBUG_DEPTH){
 			cli_putstr_P(PSTR("\r\nAfter ShiftRows"));
 			dump_state(s);
 		}
 #endif
 		/* BIG.MixColumns */
-		for(j=0; j<4; j+=1){
-			for(l=0; l<16; ++l){
-				mixcol(s+j*64+l);
+		for(i=0; i<4; i+=1){
+			for(j=0; j<16; ++j){
+				mixcol(s+i*64+j);
 			}
 		}
 #if DEBUG
-		if(i<DEBUG_DEPTH){
+		if(round<DEBUG_DEPTH){
 			cli_putstr_P(PSTR("\r\nAfter MixColumns"));
 			dump_state(s);
 		}
+		round++;
 #endif
-	}
+	}while(--iterations);
+
+}
+
+/******************************************************************************/
+
+static void compress512(void *v, void *m, uint64_t *c, void *salt){
+	uint8_t s[16*16];
+	uint8_t i;
+	memcpy(s, v, 16*4);           /* load v into state */
+	memcpy(s+16*4, m, 16*12);     /* load m into state */
+
+	echo_compress(s, 8, c, salt);
 
 	/* BIG.Final */
 	for(i=0; i<3; ++i){
@@ -172,12 +186,27 @@ static void compress512(void* v, void* m, uint64_t* c, void* salt){
 	}
 }
 
-void echo_small_nextBlock(echo_small_ctx_t* ctx, void* block){
+static void compress1024(void *v, void *m, uint64_t *c, void *salt){
+	uint8_t s[16*16];
+	memcpy(s, v, 16*8);           /* load v into state */
+	memcpy(s+16*8, m, 16*8);      /* load m into state */
+
+	echo_compress(s, 10, c, salt);
+
+	/* BIG.Final */
+	memxor(v, m, 16*8);
+	memxor(v, s, 16*8);
+	memxor(v, s+16*8, 16*8);
+}
+
+/******************************************************************************/
+
+void echo_small_nextBlock(echo_small_ctx_t *ctx, void *block){
 	ctx->counter += ECHO_SMALL_BLOCKSIZE;
 	compress512(ctx->v, block, &(ctx->counter), ctx->salt);
 }
 
-void echo_small_lastBlock(echo_small_ctx_t* ctx, void* block, uint16_t length_b){
+void echo_small_lastBlock(echo_small_ctx_t *ctx, void *block, uint16_t length_b){
 	while(length_b>=ECHO_SMALL_BLOCKSIZE){
 		echo_small_nextBlock(ctx, block);
 		block = (uint8_t*)block + ECHO_SMALL_BLOCKSIZE_B;
@@ -204,21 +233,62 @@ void echo_small_lastBlock(echo_small_ctx_t* ctx, void* block, uint16_t length_b)
 
 /******************************************************************************/
 
-void echo_small_ctx2hash(void* dest, uint16_t length_b, echo_small_ctx_t* ctx){
+void echo_large_nextBlock(echo_large_ctx_t *ctx, void *block){
+	ctx->counter += ECHO_LARGE_BLOCKSIZE;
+	compress1024(ctx->v, block, &(ctx->counter), ctx->salt);
+}
+
+void echo_large_lastBlock(echo_large_ctx_t *ctx, void *block, uint16_t length_b){
+	while(length_b>=ECHO_LARGE_BLOCKSIZE){
+		echo_large_nextBlock(ctx, block);
+		block = (uint8_t*)block + ECHO_LARGE_BLOCKSIZE_B;
+		length_b -= ECHO_LARGE_BLOCKSIZE;
+	}
+	uint8_t buffer[ECHO_LARGE_BLOCKSIZE_B];
+	uint64_t total_len;
+	memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
+	memcpy(buffer, block, (length_b+7)/8);
+	buffer[length_b/8] |= 0x80 >> (length_b&7);
+	total_len = (ctx->counter += length_b);
+	if(length_b>=ECHO_LARGE_BLOCKSIZE-144){
+		compress1024(ctx->v, buffer, &total_len, ctx->salt);
+		memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
+		ctx->counter = 0;
+	}
+	if(length_b==0){
+		ctx->counter = 0;
+	}
+	memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-18, &(ctx->id), 2);
+	memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-16, &total_len, 8);
+	compress1024(ctx->v, buffer, &(ctx->counter), ctx->salt);
+}
+/******************************************************************************/
+
+void echo_ctx2hash(void *dest, uint16_t length_b, echo_small_ctx_t *ctx){
 	memcpy(dest, ctx->v, (length_b+7)/8);
 }
 
-void echo224_ctx2hash(void* dest, echo_small_ctx_t* ctx){
+void echo224_ctx2hash(void *dest, echo_small_ctx_t *ctx){
 	memcpy(dest, ctx->v, 224/8);
 }
 
-void echo256_ctx2hash(void* dest, echo_small_ctx_t* ctx){
+void echo256_ctx2hash(void *dest, echo_small_ctx_t *ctx){
 	memcpy(dest, ctx->v, 256/8);
 }
 
 /******************************************************************************/
 
-void echo224_init(echo_small_ctx_t* ctx){
+void echo384_ctx2hash(void *dest, echo_large_ctx_t *ctx){
+	memcpy(dest, ctx->v, 384/8);
+}
+
+void echo512_ctx2hash(void *dest, echo_large_ctx_t *ctx){
+	memcpy(dest, ctx->v, 512/8);
+}
+
+/******************************************************************************/
+
+void echo224_init(echo_small_ctx_t *ctx){
 	memset(ctx->v, 0, 4*16);
 	ctx->counter = 0;
 	memset(ctx->salt, 0, 16);
@@ -229,7 +299,7 @@ void echo224_init(echo_small_ctx_t* ctx){
 	ctx->v[0+16*3] = 0xE0;
 }
 
-void echo256_init(echo_small_ctx_t* ctx){
+void echo256_init(echo_small_ctx_t *ctx){
 	memset(ctx->v, 0, 4*16);
 	ctx->counter = 0;
 	memset(ctx->salt, 0, 16);
@@ -242,3 +312,27 @@ void echo256_init(echo_small_ctx_t* ctx){
 
 /******************************************************************************/
 
+void echo384_init(echo_large_ctx_t *ctx){
+	uint8_t i;
+	memset(ctx->v, 0, 8*16);
+	ctx->counter = 0;
+	memset(ctx->salt, 0, 16);
+	ctx->id = 0x0180;
+	for(i=0; i<8; ++i){
+		ctx->v[0+16*i] = 0x80;
+		ctx->v[1+16*i] = 0x01;
+	}
+}
+
+void echo512_init(echo_large_ctx_t *ctx){
+	uint8_t i;
+	memset(ctx->v, 0, 8*16);
+	ctx->counter = 0;
+	memset(ctx->salt, 0, 16);
+	ctx->id = 0x0200;
+	for(i=0; i<8; ++i){
+		ctx->v[1+16*i] = 0x02;
+	}
+}
+
+/******************************************************************************/