fixed small bug in MD5

[avr-crypto-lib.git] / noekeon_omac.S

/* noekeon_omac.S */
/*
    This file is part of the Crypto-avr-lib/microcrypt-lib.
    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
/*
 * \author  Daniel Otte
 * \email   daniel.otte@rub.de
 * \date    2008-08-06
 * \license GPLv3 or later
 * 
 * 
 * 
 */

#include <avr/io.h>
#include "avr-asm-macros.S"


push_r18_r27_func:
        pop r31
        pop r30
        push_range 18, 27
        ijmp

pop_r18_r27_func:
        pop r31
        pop r30
        pop_range 18, 27
        ijmp

.extern noekeon_enc

/*
 * void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b, 
 *                   const void* key, uint8_t t)  
 */

/* param dest        is passed in r24:r25
 * param msg         is passed in r22:r23
 * param msglength_b is passed in r20:r21
 * param key         is passed in r18:r19
 * param t           is passed in r16
 */
.global noekeon_omac
noekeon_omac:
        stack_alloc 48
        adiw r30, 1
        ldi r17, 48
1:
        st Z+, r1
        dec r17
        brne 1b
        sbiw r30, 48
        movw r26, r22
        movw r22, r18
        movw r18, r24
        movw r24, r30
        cpi r16, 0xff
        breq 2f
        st Z, r16
        rcall push_r18_r27_func
        rcall noekeon_enc
        rcall pop_r18_r27_func
        movw r30, r24  
2:      
        tst r21
        brne fullblock
        cpi r20, 128+1
        brlo lastblock
fullblock:      
        /* copy block to stack buffer */
        ldi r16, 16
1:      
        ld r0, X+
        ld r17, Z
        eor r0, r17
        st Z+, r0
        dec r16
        brne 1b
        rcall push_r18_r27_func
        rcall noekeon_enc
        rcall pop_r18_r27_func
        movw r30, r24
        subi r20, 128
        sbci r21, 0
        rjmp 2 
lastblock:
        adiw r24, 16
        rcall push_r18_r27_func
        rcall noekeon_enc
        rcall pop_r18_r27_func

        bst r20, 6 /* set t bit if msglength_b%128==0*/
2:
        ldi r16, 16
        clc
        movw r30, r24 /* z points to encrypted null  vector (L) */      
1:      
        ld r0, Z
        rol r0
        st Z+, r0
        dec r16
        brne 1b
        brtc 2f
        clt
        rjmp 2b
2: /* B/P has been calculated */
        ldi r16, 16
        sbiw r30, 32
3:
        ld r0, Z
        ldd r17, Z+16
        eor r0, r17
        st Z+, r0
        dec r16
        brne 3b
   /* B/P has been xored into stack buffer */
   /* now we have to xor-in the remaining message */
    mov r16, r20
    subi r16, -7
    lsr r16
    lsr r16
    lsr r16  /* r 1*/
    sbiw r30, 16
4: 
    ld r0, X+
    ld r17, Z
    eor r0, r17
    st Z+, r0
    dec r16
    brne 4b
    /* now we have only to insert the 1 at the end of message if msglength_b%128 != 0 */
    sbiw r30, 1
    andi r20, 0x07
    breq 7f
    ldi r17, 1
5:
    dec r20
    breq 6f
    lsl r17
    rjmp 5b  
6:
        ld r0, Z
        eor r0, r17
        st Z, r0
7:
        call noekeon_enc
        stack_free 48
        ret