}
#endif
-static void compress512(void* v, void* m, uint64_t* c, void* salt){
- uint8_t i, j, l;
- uint8_t s[16*16];
+static void echo_compress(uint8_t* s, uint8_t iterations, uint64_t* c, void* salt){
+ uint8_t i, j;
uint8_t k[16];
-
- memcpy(s, v, 16*4); /* load v into state */
- memcpy(s+16*4, m, 16*12); /* load m into state */
-
+#if DEBUG
+ uint8_t round=0;
+#endif
memcpy(k, c, 8);
memset(k+8, 0, 8);
- for(i=0; i<8; ++i){
+ do{
/* BIG.SubWords */
#if DEBUG
cli_putstr_P(PSTR("\r\n === ROUND "));
- cli_putc('1'+i);
+ cli_putc('0'+round);
cli_putstr_P(PSTR(" ==="));
- if(i<DEBUG_DEPTH){
+ if(round<DEBUG_DEPTH){
dump_state(s);
}
#endif
- for(j=0; j<16; ++j){
- aes_encrypt_round(s+16*j, k);
- aes_encrypt_round(s+16*j, salt);
+ for(i=0; i<16; ++i){
+ aes_encrypt_round(s+16*i, k);
+ aes_encrypt_round(s+16*i, salt);
*((uint64_t*)(k)) += 1;
}
#if DEBUG
- if(i<DEBUG_DEPTH){
+ if(round<DEBUG_DEPTH){
cli_putstr_P(PSTR("\r\nAfter SubWords"));
dump_state(s);
}
memcpy(s+INDEX(2, 3), s+INDEX(1, 3), 16);
memcpy(s+INDEX(1, 3), t, 16);
#if DEBUG
- if(i<DEBUG_DEPTH){
+ if(round<DEBUG_DEPTH){
cli_putstr_P(PSTR("\r\nAfter ShiftRows"));
dump_state(s);
}
#endif
/* BIG.MixColumns */
- for(j=0; j<4; j+=1){
- for(l=0; l<16; ++l){
- mixcol(s+j*64+l);
+ for(i=0; i<4; i+=1){
+ for(j=0; j<16; ++j){
+ mixcol(s+i*64+j);
}
}
#if DEBUG
- if(i<DEBUG_DEPTH){
+ if(round<DEBUG_DEPTH){
cli_putstr_P(PSTR("\r\nAfter MixColumns"));
dump_state(s);
}
+ round++;
#endif
- }
+ }while(--iterations);
+
+}
+
+/******************************************************************************/
+
+static void compress512(void* v, void* m, uint64_t* c, void* salt){
+ uint8_t s[16*16];
+ uint8_t i;
+ memcpy(s, v, 16*4); /* load v into state */
+ memcpy(s+16*4, m, 16*12); /* load m into state */
+
+ echo_compress(s, 8, c, salt);
/* BIG.Final */
for(i=0; i<3; ++i){
}
}
+static void compress1024(void* v, void* m, uint64_t* c, void* salt){
+ uint8_t s[16*16];
+ memcpy(s, v, 16*8); /* load v into state */
+ memcpy(s+16*8, m, 16*8); /* load m into state */
+
+ echo_compress(s, 10, c, salt);
+
+ /* BIG.Final */
+ memxor(v, m, 16*8);
+ memxor(v, s, 16*8);
+ memxor(v, s+16*8, 16*8);
+}
+
+/******************************************************************************/
+
void echo_small_nextBlock(echo_small_ctx_t* ctx, void* block){
ctx->counter += ECHO_SMALL_BLOCKSIZE;
compress512(ctx->v, block, &(ctx->counter), ctx->salt);
/******************************************************************************/
-void echo_small_ctx2hash(void* dest, uint16_t length_b, echo_small_ctx_t* ctx){
+void echo_large_nextBlock(echo_large_ctx_t* ctx, void* block){
+ ctx->counter += ECHO_LARGE_BLOCKSIZE;
+ compress1024(ctx->v, block, &(ctx->counter), ctx->salt);
+}
+
+void echo_large_lastBlock(echo_large_ctx_t* ctx, void* block, uint16_t length_b){
+ while(length_b>=ECHO_LARGE_BLOCKSIZE){
+ echo_large_nextBlock(ctx, block);
+ block = (uint8_t*)block + ECHO_LARGE_BLOCKSIZE_B;
+ length_b -= ECHO_LARGE_BLOCKSIZE;
+ }
+ uint8_t buffer[ECHO_LARGE_BLOCKSIZE_B];
+ uint64_t total_len;
+ memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
+ memcpy(buffer, block, (length_b+7)/8);
+ buffer[length_b/8] |= 0x80 >> (length_b&7);
+ total_len = (ctx->counter += length_b);
+ if(length_b>=ECHO_LARGE_BLOCKSIZE-144){
+ compress1024(ctx->v, buffer, &total_len, ctx->salt);
+ memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
+ ctx->counter = 0;
+ }
+ if(length_b==0){
+ ctx->counter = 0;
+ }
+ memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-18, &(ctx->id), 2);
+ memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-16, &total_len, 8);
+ compress1024(ctx->v, buffer, &(ctx->counter), ctx->salt);
+}
+/******************************************************************************/
+
+void echo_ctx2hash(void* dest, uint16_t length_b, echo_small_ctx_t* ctx){
memcpy(dest, ctx->v, (length_b+7)/8);
}
/******************************************************************************/
+void echo384_ctx2hash(void* dest, echo_large_ctx_t* ctx){
+ memcpy(dest, ctx->v, 384/8);
+}
+
+void echo512_ctx2hash(void* dest, echo_large_ctx_t* ctx){
+ memcpy(dest, ctx->v, 512/8);
+}
+
+/******************************************************************************/
+
void echo224_init(echo_small_ctx_t* ctx){
memset(ctx->v, 0, 4*16);
ctx->counter = 0;
/******************************************************************************/
+void echo384_init(echo_large_ctx_t* ctx){
+ uint8_t i;
+ memset(ctx->v, 0, 8*16);
+ ctx->counter = 0;
+ memset(ctx->salt, 0, 16);
+ ctx->id = 0x0180;
+ for(i=0; i<8; ++i){
+ ctx->v[0+16*i] = 0x80;
+ ctx->v[1+16*i] = 0x01;
+ }
+}
+
+void echo512_init(echo_large_ctx_t* ctx){
+ uint8_t i;
+ memset(ctx->v, 0, 8*16);
+ ctx->counter = 0;
+ memset(ctx->salt, 0, 16);
+ ctx->id = 0x0200;
+ for(i=0; i<8; ++i){
+ ctx->v[1+16*i] = 0x02;
+ }
+}
+
+/******************************************************************************/
uint16_t id;
}echo_small_ctx_t;
+typedef struct{
+ uint8_t v[8*16];
+ uint8_t salt[16];
+ uint64_t counter;
+ uint16_t id;
+}echo_large_ctx_t;
void echo_small_nextBlock(echo_small_ctx_t* ctx, void* block);
void echo_small_lastBlock(echo_small_ctx_t* ctx, void* block, uint16_t length_b);
void echo224_init(echo_small_ctx_t* ctx);
void echo256_init(echo_small_ctx_t* ctx);
+void echo_large_nextBlock(echo_large_ctx_t* ctx, void* block);
+void echo_large_lastBlock(echo_large_ctx_t* ctx, void* block, uint16_t length_b);
+void echo_large_ctx2hash(void* dest, uint16_t length_b, echo_large_ctx_t* ctx);
+void echo384_ctx2hash(void* dest, echo_large_ctx_t* ctx);
+void echo512_ctx2hash(void* dest, echo_large_ctx_t* ctx);
+void echo384_init(echo_large_ctx_t* ctx);
+void echo512_init(echo_large_ctx_t* ctx);
+
#endif /* ECHO_H_ */
--- /dev/null
+/* hfal_echo.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file hfal_echo.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2010-02-21
+ * \license GPLv3 or later
+ *
+ */
+
+#include <avr/pgmspace.h>
+#include <stdlib.h>
+#include "hashfunction_descriptor.h"
+#include "echo.h"
+
+
+static const char echo224_str[] PROGMEM = "ECHO-224";
+static const char echo256_str[] PROGMEM = "ECHO-256";
+static const char echo384_str[] PROGMEM = "ECHO-384";
+static const char echo512_str[] PROGMEM = "ECHO-512";
+
+const hfdesc_t echo224_desc PROGMEM = {
+ HFDESC_TYPE_HASHFUNCTION,
+ 0,
+ echo224_str,
+ sizeof(echo_small_ctx_t),
+ ECHO224_BLOCKSIZE,
+ 224,
+ (hf_init_fpt)echo224_init,
+ (hf_nextBlock_fpt)echo_small_nextBlock,
+ (hf_lastBlock_fpt)echo_small_lastBlock,
+ (hf_ctx2hash_fpt)echo224_ctx2hash,
+ (hf_free_fpt)NULL,
+ (hf_mem_fpt)NULL
+};
+
+const hfdesc_t echo256_desc PROGMEM = {
+ HFDESC_TYPE_HASHFUNCTION,
+ 0,
+ echo256_str,
+ sizeof(echo_small_ctx_t),
+ ECHO256_BLOCKSIZE,
+ 256,
+ (hf_init_fpt)echo256_init,
+ (hf_nextBlock_fpt)echo_small_nextBlock,
+ (hf_lastBlock_fpt)echo_small_lastBlock,
+ (hf_ctx2hash_fpt)echo256_ctx2hash,
+ (hf_free_fpt)NULL,
+ (hf_mem_fpt)NULL
+};
+
+const hfdesc_t echo384_desc PROGMEM = {
+ HFDESC_TYPE_HASHFUNCTION,
+ 0,
+ echo384_str,
+ sizeof(echo_large_ctx_t),
+ ECHO384_BLOCKSIZE,
+ 384,
+ (hf_init_fpt)echo384_init,
+ (hf_nextBlock_fpt)echo_large_nextBlock,
+ (hf_lastBlock_fpt)echo_large_lastBlock,
+ (hf_ctx2hash_fpt)echo384_ctx2hash,
+ (hf_free_fpt)NULL,
+ (hf_mem_fpt)NULL
+};
+
+const hfdesc_t echo512_desc PROGMEM = {
+ HFDESC_TYPE_HASHFUNCTION,
+ 0,
+ echo512_str,
+ sizeof(echo_large_ctx_t),
+ ECHO512_BLOCKSIZE,
+ 512,
+ (hf_init_fpt)echo512_init,
+ (hf_nextBlock_fpt)echo_large_nextBlock,
+ (hf_lastBlock_fpt)echo_large_lastBlock,
+ (hf_ctx2hash_fpt)echo512_ctx2hash,
+ (hf_free_fpt)NULL,
+ (hf_mem_fpt)NULL
+};
+
+
--- /dev/null
+/* hfal_echo.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef HFAL_ECHO_H_
+#define HFAL_ECHO_H_
+
+#include <avr/pgmspace.h>
+#include "hashfunction_descriptor.h"
+
+extern const hfdesc_t echo224_desc;
+extern const hfdesc_t echo256_desc;
+extern const hfdesc_t echo384_desc;
+extern const hfdesc_t echo512_desc;
+
+#endif /* HFAL_ECHO_H_ */
const hfdesc_t* algolist[] PROGMEM = {
(hfdesc_t*)&echo224_desc,
(hfdesc_t*)&echo256_desc,
+ (hfdesc_t*)&echo384_desc,
+ (hfdesc_t*)&echo512_desc,
NULL
};
0xFD, 0x29, 0xD1, 0x04, 0xCE
};
+uint8_t intermediate_data2[] PROGMEM = {
+ 0x75, 0x8E, 0xA3, 0xFE, 0xA7, 0x38, 0x97, 0x3D,
+ 0xB0, 0xB8, 0xBE, 0x7E, 0x59, 0x9B, 0xBE, 0xF4,
+ 0x51, 0x93, 0x73, 0xD6, 0xE6, 0xDC, 0xD7, 0x19,
+ 0x5E, 0xA8, 0x85, 0xFC, 0x99, 0x1D, 0x89, 0x67,
+ 0x62, 0x99, 0x27, 0x59, 0xC2, 0xA0, 0x90, 0x02,
+ 0x91, 0x2F, 0xB0, 0x8E, 0x0C, 0xB5, 0xB7, 0x6F,
+ 0x49, 0x16, 0x2A, 0xEB, 0x8C, 0xF8, 0x7B, 0x17,
+ 0x2C, 0xF3, 0xAD, 0x19, 0x02, 0x53, 0xDF, 0x61,
+ 0x2F, 0x77, 0xB1, 0xF0, 0xC5, 0x32, 0xE3, 0xB5,
+ 0xFC, 0x99, 0xC2, 0xD3, 0x1F, 0x8F, 0x65, 0x01,
+ 0x16, 0x95, 0xA0, 0x87, 0xA3, 0x5E, 0xE4, 0xEE,
+ 0xE5, 0xE3, 0x34, 0xC3, 0x69, 0xD8, 0xEE, 0x5D,
+ 0x29, 0xF6, 0x95, 0x81, 0x5D, 0x86, 0x6D, 0xA9,
+ 0x9D, 0xF3, 0xF7, 0x94, 0x03
+};
+
void echo256_interm(void){
echo_small_ctx_t ctx;
uint8_t data[1384/8];
cli_hexdump(hash, 32);
}
+void echo512_interm(void){
+ echo_large_ctx_t ctx;
+ uint8_t data[872/8];
+ uint8_t hash[64];
+ echo512_init(&ctx);
+ memcpy_P(data, intermediate_data2, 872/8);
+ cli_putstr_P(PSTR("\r\ninit done "));
+ echo_large_lastBlock(&ctx, data, 872);
+ cli_putstr_P(PSTR("\r\nlastblock done "));
+ echo512_ctx2hash(hash, &ctx);
+ cli_putstr_P(PSTR("\r\nhash = "));
+ cli_hexdump(hash, 64);
+}
+
void echo256_test0(void){
echo_small_ctx_t ctx;
uint8_t hash[32];
const char nessie_str[] PROGMEM = "nessie";
const char test256_str[] PROGMEM = "test256";
const char interm_str[] PROGMEM = "interm";
+const char interm2_str[] PROGMEM = "interm2";
const char performance_str[] PROGMEM = "performance";
const char echo_str[] PROGMEM = "echo";
const char shavs_list_str[] PROGMEM = "shavs_list";
cmdlist_entry_t cmdlist[] PROGMEM = {
{ nessie_str, NULL, testrun_nessie_echo },
{ interm_str, NULL, echo256_interm },
+ { interm2_str, NULL, echo512_interm },
{ test256_str, NULL, echo256_test0 },
{ performance_str, NULL, performance_echo },
{ shavs_list_str, NULL, shavs_listalgos },
projects / avr-crypto-lib.git / commitdiff