3 This file is part of the AVR-Crypto-Lib.
4 Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 * \email daniel.otte@rub.de
24 * \license GPLv3 or later
29 #include "avr-asm-macros.S"
34 .global rho_pi_idx_table
38 .byte (((2 * \j + 3 * \i) % 5) * 5 + \i) * 8
44 void keccak_theta (uint64_t *a, uint64_t *b){
46 for(i = 0; i < 5; ++i){
47 b[i][0] = a[0][i] ^ a[1][i] ^ a[2][i] ^ a[3][i] ^ a[4][i];
52 /*********************************************
54 *********************************************
56 r24:r25 = a ; uint64_t a[5][5]
65 Z = r24:r25 + 7 + 4 * 40
85 /*********************************************
87 *********************************************
89 r24:r25 = a+1 ; uint64_t a[5][5]
92 a[0..4][0] ^= rol(b,1)
99 Z = r24:r25 + 7 + 4 * 40
112 .irp r, 0, 1, 2, 3, 4
123 add r19, __zero_reg__
126 .irp r, 0, 1, 2, 3, 4
145 movw r30, r24 ; Z = a
146 movw r26, r22 ; X = b
176 for(i = 0; i < 5; ++i){
177 for(j = 0; j < 5; ++j){
178 a[j][i] ^= b[(4 + i) % 5][0];
183 /* a[0..4][0]{0..7} ^= b[4][0]{0..7} */
187 /* a[0..4][1]{0..7} ^= b[0][0]{0..7} */
188 subi XL, lo8(4 * 5 * 8 + 8)
189 sbci XH, hi8(4 * 5 * 8 + 8)
191 /* a[0..4][2]{0..7} ^= b[1][0]{0..7} */
194 /* a[0..4][3]{0..7} ^= b[2][0]{0..7} */
197 /* a[0..4][4]{0..7} ^= b[3][0]{0..7} */
201 for(i = 0; i < 5; ++i){
202 for(j = 0; j < 5; ++j){
203 a[j][i] ^= rotate64_1bit_left(b[(i + 1) % 5][0]);
207 /* a[0..4][0]{0..7} ^= rol(b[1][0]{0..7}) */
208 subi r24, lo8(5 * 8 - 1)
209 sbci r25, hi8(5 * 8 - 1)
210 subi XL, lo8(2 * 5 * 8 + 8)
211 sbci XH, hi8(2 * 5 * 8 + 8)
213 /* a[0..4][1]{0..7} ^= rol(b[2][0]{0..7}) */
216 /* a[0..4][21]{0..7} ^= rol(b[3][0]{0..7}) */
219 /* a[0..4][3]{0..7} ^= rol(b[4][0]{0..7}) */
222 /* a[0..4][4]{0..7} ^= rol(b[0][0]{0..7}) */
223 subi XL, lo8(4 * 5 * 8 + 8)
224 sbci XH, hi8(4 * 5 * 8 + 8)
230 for(i = 0; i < 5; ++i){
231 for(j = 0; j < 5; ++j){
232 b[(2 * i + 3 * j) % 5][j] =
233 rotate64left_code(a[j][i], pgm_read_byte(&(keccak_rotate_codes[i][j])));
239 const uint8_t* rot_code = (const uint8_t*)keccak_rotate_codes;
240 const uint8_t* idx_idx = (const uint8_t*)rho_pi_idx_table;
241 uint64_t *a_tmp = (uint64_t*)a;
242 for(i = 0; i < 25; ++i){
243 *((uint64_t*)(((uint8_t*)b) + pgm_read_byte(idx_idx++))) =
244 rotate64left_code(*a_tmp++, pgm_read_byte(rot_code++));
253 ldi r18, lo8(keccak_rotate_codes)
254 ldi r19, hi8(keccak_rotate_codes)
256 ldi r18, lo8(rho_pi_idx_table)
257 ldi r19, hi8(rho_pi_idx_table)
279 call rotate64left_code
projects / avr-crypto-lib.git / blob