twister.c

   1 /* twister.c */
   2 /*
   3     This file is part of the Crypto-avr-lib/microcrypt-lib.
   4     Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
   5
   6     This program is free software: you can redistribute it and/or modify
   7     it under the terms of the GNU General Public License as published by
   8     the Free Software Foundation, either version 3 of the License, or
   9     (at your option) any later version.
  10
  11     This program is distributed in the hope that it will be useful,
  12     but WITHOUT ANY WARRANTY; without even the implied warranty of
  13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14     GNU General Public License for more details.
  15
  16     You should have received a copy of the GNU General Public License
  17     along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "config.h"
  21 #include <stdint.h>
  22 #include <string.h>
  23 #include <avr/pgmspace.h>
  24 #include "twister.h"
  25 #include "twister_tables.h"
  26 #include "memxor.h"
  27
  28 #ifndef TWISTER_MUL_TABLE
  29 # include "gf256mul.h"
  30 #endif
  31
  32 #undef DEBUG
  33
  34 #ifdef DEBUG
  35 # include "uart.h"
  36 #endif
  37
  38 #ifdef DEBUG
  39 # define DEBUG_PRINT(ctx, msg) debug_print((ctx), PSTR(msg))
  40 #else
  41 # define DEBUG_PRINT(ctx, msg)
  42 #endif
  43
  44 #ifdef DEBUG
  45
  46 void print_twister_state(twister_state_t* ctx){
  47         uint8_t i;
  48         uart_putstr_P(PSTR("\r\nState:\r\n matrix:\r\n"));
  49         for(i=0; i<8; ++i){
  50                 uart_putstr_P(PSTR("\t[ "));
  51                 uart_hexdump(&(ctx->s[i][0]), 8);
  52                 uart_putstr_P(PSTR("]\r\n"));
  53         }
  54         uart_putstr_P(PSTR("counter: "));
  55         uart_hexdump(&(ctx->counter), 8);
  56
  57         uart_putstr_P(PSTR("\r\nlength_counter_b: "));
  58         uart_hexdump(&(ctx->length_counter_b), 8);
  59         uart_putstr_P(PSTR("\r\n"));
  60 }
  61
  62 void debug_print(twister_state_t* ctx, PGM_P msg){
  63         uart_putstr_P(PSTR("\r\n"));
  64         uart_putstr_P(msg);
  65         print_twister_state(ctx);
  66 }
  67
  68 #endif
  69
  70 static
  71 void shiftrow(void* row, uint8_t shift){
  72         *((uint64_t*)row) = *((uint64_t*)row)>>(8*shift) | *((uint64_t*)row)<<(64-8*shift);
  73 }
  74
  75 #define MDS(a,b)  pgm_read_byte(&(twister_mds[a][b]))
  76
  77 #ifdef TWISTER_MUL_TABLE
  78 # define MULT(a,b) pgm_read_byte(&(twister_multab[a][b]))
  79 #else
  80 # define MULT(a,b) gf256mul(a,b, 0x4D)
  81 #endif
  82 void twister_blank_round(twister_state_t* ctx){
  83         uint8_t i,j;
  84         uint8_t tmp[8][8];
  85         DEBUG_PRINT(ctx, "blank init");
  86         /* add twist counter */
  87         for(i=0; i<8; ++i)
  88                 ctx->s[i][1] ^= ((uint8_t*)&(ctx->counter))[7-i];
  89         ctx->counter--;
  90 //      DEBUG_PRINT(ctx, "counter added");
  91         /* sub bytes */
  92         for(i=0; i<8; ++i)
  93                 for(j=0;j<8;++j)
  94                         tmp[i][j] = pgm_read_byte(twister_sbox+ctx->s[i][j]);
  95         /* shift rows */
  96         for(i=1;i<8; ++i){
  97                 shiftrow(&(tmp[i][0]), i);
  98         }
  99         /* mix columns */
 100         for( i=0; i<8; i++ ){
 101                 // multiply with mds matrix
 102                 for( j=0; j<8; j++ ){
 103                         ctx->s[j][i] =
 104                                 MULT( MDS(j,0), tmp[0][i] ) ^
 105                                 MULT( MDS(j,1), tmp[1][i] ) ^
 106                                 MULT( MDS(j,2), tmp[2][i] ) ^
 107                                 MULT( MDS(j,3), tmp[3][i] ) ^
 108                                 MULT( MDS(j,4), tmp[4][i] ) ^
 109                                 MULT( MDS(j,5), tmp[5][i] ) ^
 110                                 MULT( MDS(j,6), tmp[6][i] ) ^
 111                                 MULT( MDS(j,7), tmp[7][i] ) ;
 112
 113                 }
 114         }
 115         DEBUG_PRINT(ctx, "post MDS");
 116 }
 117
 118 void twister_mini_round(twister_state_t* ctx, void* msg){
 119         /* inject message */
 120         uint8_t i;
 121         for(i=0; i<8; ++i){
 122                 ctx->s[7][7-i] ^= *((uint8_t*)msg);
 123                 msg = (uint8_t*)msg +1;
 124         }
 125         twister_blank_round(ctx);
 126 }
 127
 128 void twister_ctx2hash(void* dest, twister_state_t* ctx, uint16_t hashsize_b){
 129         uint8_t tmp[8][8];
 130         uint8_t j;
 131         uint16_t i=hashsize_b;
 132         while(i>=64){
 133                 i-=64;
 134                 memcpy(tmp,ctx->s, 64);
 135                 twister_blank_round(ctx);
 136                 memxor(ctx->s, tmp, 64);
 137                 twister_blank_round(ctx);
 138                 for(j=0; j<8; ++j){
 139                         *((uint8_t*)dest) = ctx->s[7-j][0] ^ tmp[7-j][0];
 140                         dest = (uint8_t*)dest + 1;
 141                 }
 142         }
 143         if(i>=32){
 144                 memcpy(tmp,ctx->s, 64);
 145                 twister_blank_round(ctx);
 146                 memxor(ctx->s, tmp, 64);
 147                 twister_blank_round(ctx);
 148                 for(j=0; j<4; ++j){
 149                         *((uint8_t*)dest) = ctx->s[3-j][0] ^ tmp[3-j][0];
 150                         dest = (uint8_t*)dest + 1;
 151                 }
 152         }
 153 }
 154
 155