camellia.c

   1 /* camellia.c */
   2 /*
   3     This file is part of the Crypto-avr-lib/microcrypt-lib.
   4     Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
   5
   6     This program is free software: you can redistribute it and/or modify
   7     it under the terms of the GNU General Public License as published by
   8     the Free Software Foundation, either version 3 of the License, or
   9     (at your option) any later version.
  10
  11     This program is distributed in the hope that it will be useful,
  12     but WITHOUT ANY WARRANTY; without even the implied warranty of
  13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14     GNU General Public License for more details.
  15
  16     You should have received a copy of the GNU General Public License
  17     along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 /**
  20  *
  21  *
  22  *
  23  *
  24  */
  25
  26 #include <stdint.h>
  27 #include <avr/io.h>
  28 #include <avr/pgmspace.h>
  29 #include "camellia.h"
  30 #include "uart.h"
  31 #include "debug.h"
  32 #include <util/delay.h>
  33
  34 /*****************************************************************************/
  35 uint64_t camellia_f(uint64_t x, uint64_t k);
  36 /*****************************************************************************/
  37 uint64_t camellia_fl(uint64_t x, uint64_t k);
  38 /*****************************************************************************/
  39 uint64_t camellia_fl_inv(uint64_t y, uint64_t k);
  40 /*****************************************************************************/
  41 void change_endian(void* data, uint8_t length);
  42 /*
  43 uint64_t PROGMEM camellia_sigma[6]={ / * 64 byte table * /
  44         0xA09E667F3BCC908BLL,
  45         0xB67AE8584CAA73B2LL,
  46         0xC6EF372FE94F82BELL,
  47         0x54FF53A5F1D36F1CLL,
  48         0x10E527FADE682D1DLL,
  49         0xB05688C2B3E6C1FDLL
  50 };
  51 */
  52 uint32_t PROGMEM camellia_sigma[12]={ /* 48 byte table */
  53          0x3BCC908BL, 0xA09E667FL,
  54          0x4CAA73B2L, 0xB67AE858L,
  55          0xE94F82BEL, 0xC6EF372FL,
  56          0xF1D36F1CL, 0x54FF53A5L,
  57          0xDE682D1DL, 0x10E527FAL,
  58          0xB3E6C1FDL, 0xB05688C2L
  59 };
  60
  61 /* an ugly macro to load an entry form the table above */
  62 /*
  63 #define SIGMA(p) (( ((uint64_t)(pgm_read_dword((prog_uint32_t*)camellia_sigma+2*(p)+1)))<<32) | \
  64                     ((uint64_t)(pgm_read_dword((prog_uint32_t*)camellia_sigma+2*(p)+0))) )
  65 */
  66 #define SIGMA(p) (( ((uint64_t)(pgm_read_dword(&(((prog_uint32_t*)camellia_sigma)[2*(p)+1]))))<<32) | \
  67                     ((uint64_t)(pgm_read_dword(&(((prog_uint32_t*)camellia_sigma)[2*(p)+0])))) )
  68
  69
  70
  71 /*****************************************************************************/
  72
  73 void camellia128_ctx_dump(camellia128_ctx_t *s){
  74         uart_putstr_P(PSTR("\r\n==State Dump=="));
  75         uart_putstr_P(PSTR("\n\rKAl: ")); uart_hexdump(&(s->kal), 8);
  76         uart_putstr_P(PSTR("\n\rKAr: ")); uart_hexdump(&(s->kar), 8);
  77         uart_putstr_P(PSTR("\n\rKLl: ")); uart_hexdump(&(s->kll), 8);
  78         uart_putstr_P(PSTR("\n\rKLr: ")); uart_hexdump(&(s->klr), 8);
  79         return;
  80 }
  81
  82 /*****************************************************************************/
  83 /* extern prog_uint64_t camellia_sigma[6]; */
  84
  85 void camellia128_init(const uint8_t* key, camellia128_ctx_t* s){
  86         uint8_t i;
  87         s->kll = 0; /* ((uint64_t*)key)[0]; */
  88
  89         /* load the key, endian-adjusted, to kll,klr */
  90         for(i=0; i<8; ++i){
  91                 s->kll <<= 8;
  92                 s->kll |= *key++;
  93         }
  94         for(i=0; i<8; ++i){
  95                 s->klr <<= 8;
  96                 s->klr |= *key++;
  97         }
  98
  99         s->kal = s->kll;
 100         s->kar = s->klr;
 101
 102         s->kar ^= camellia_f(s->kal, SIGMA(0));
 103         s->kal ^= camellia_f(s->kar, SIGMA(1));
 104
 105         s->kal ^= s->kll;
 106         s->kar ^= s->klr;
 107
 108         s->kar ^= camellia_f(s->kal, SIGMA(2));
 109         s->kal ^= camellia_f(s->kar, SIGMA(3));
 110 }
 111
 112 /*****************************************************************************/
 113 void camellia128_keyop(camellia128_ctx_t* s, int8_t q);
 114 /*****************************************************************************/
 115 void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q);
 116 /*****************************************************************************/
 117
 118 #define SEL_KA 1
 119 #define SEL_KL 0
 120
 121 #define KEY_POSTC1              0x00
 122 #define KEY_POSTC2              0x01
 123 #define KEY_INC2                0x02
 124
 125 #define KEY_DIR                 0x04
 126 #define KEY_DIR_NORM    0x00
 127 #define KEY_DIR_INV             0x04
 128
 129 #define KEY_AMMOUNT             0x08
 130 #define KEY_ROL17               0x08
 131 #define KEY_ROL15               0x00
 132
 133 void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br,
 134                       uint8_t roundop, uint8_t keychoice);
 135 /*****************************************************************************/
 136
 137
 138 void camellia128_enc(void* block, const camellia128_ctx_t* s){
 139
 140         #define BL (((uint64_t*)block)[0])
 141         #define BR (((uint64_t*)block)[1])
 142         /* endian adjustment */
 143          /*BL*/
 144          /* 1 2 3 4 5 6 7 8
 145           *     8 7 6 5 4 3 2 1
 146           */
 147
 148         uint64_t temp64;
 149
 150         change_endian(&BL, 64/8);
 151         change_endian(&BR, 64/8);
 152
 153         /* Prewhitening */
 154         BL ^= s->kll;
 155         BR ^= s->klr;
 156
 157         /* the first 6 */
 158         camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33);
 159         /* FL injection  */
 160    camellia128_keyop((camellia128_ctx_t*)s, -1);
 161         BL = camellia_fl(BL, s->kal);
 162         BR = camellia_fl_inv(BR, s->kar);
 163    camellia128_keyop((camellia128_ctx_t*)s, -1);
 164         /* middle 6 */
 165         camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34);
 166         /* FL injection  */
 167    camellia128_keyop((camellia128_ctx_t*)s, 1);
 168         BL = camellia_fl(BL, s->kll);
 169         BR = camellia_fl_inv(BR, s->klr);
 170    camellia128_keyop((camellia128_ctx_t*)s, 1);
 171    /* last 6 */
 172         camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C);
 173         /* Postwhitening */
 174         BR ^= s->kal;
 175         BL ^= s->kar;
 176
 177         temp64 = BR;
 178         BR = BL;
 179         BL = temp64;
 180
 181         camellia128_keyop((camellia128_ctx_t*)s,1);
 182
 183         change_endian(&BL, 64/8);
 184         change_endian(&BR, 64/8);
 185
 186         #undef BL
 187         #undef BR
 188 }
 189
 190 /*****************************************************************************/
 191
 192 void camellia128_dec(void* block, const camellia128_ctx_t* s){
 193
 194         #define BL (((uint64_t*)block)[1])
 195         #define BR (((uint64_t*)block)[0])
 196         /* endian adjustment */
 197          /*BL*/
 198          /* 1 2 3 4 5 6 7 8
 199           * 8 7 6 5 4 3 2 1
 200           */
 201
 202         uint64_t temp64;
 203
 204         change_endian(&BL, 64/8);
 205         change_endian(&BR, 64/8);
 206
 207         camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
 208         /* Prewhitening */
 209         BR ^= s->kal; /* kw3 */
 210         BL ^= s->kar; /* kw4 */
 211         /* the first 6 */
 212         camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C);
 213         /* FL injection  */
 214    camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
 215         BR = camellia_fl(BR, s->klr);
 216         BL = camellia_fl_inv(BL, s->kll);
 217    camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
 218         /* middle 6 */
 219         camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B);
 220         /* FL injection  */
 221    camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
 222         BR = camellia_fl(BR, s->kar);
 223         BL = camellia_fl_inv(BL, s->kal);
 224    camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
 225    /* last 6 */
 226         camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33);
 227
 228         /* Postwhitening */
 229         BL ^= s->kll; /* kw1 */
 230         BR ^= s->klr; /* kw2 */
 231
 232         temp64 = BR;
 233         BR = BL;
 234         BL = temp64;
 235
 236         change_endian(&BL, 64/8);
 237         change_endian(&BR, 64/8);
 238
 239 }
 240
 241 /*****************************************************************************/
 242 /*****************************************************************************/
 243
 244
 245
 246 /* EOF */