#!/usr/bin/ruby
-require "serialport.so"
+require 'serialport'
if ARGV.size < 5
STDERR.print <<EOF
puts("\nPort: "+ARGV[0]+ "@"+ARGV[1]+" "+ARGV[2]+"N"+ARGV[3]+"\n");
$linewidth = 16
$sp = SerialPort.new(ARGV[0], ARGV[1].to_i, ARGV[2].to_i, ARGV[3].to_i, SerialPort::NONE);
-$sp.read_timeout=5000; # 5 seconds
+$sp.read_timeout=1*60*1000; # 5 minutes
+$extended_wait=10;
$sp.write(command);
def readTestVector(param)
set=0;
vector=0;
begin
- lb=$sp.gets();
+ ctr=$extended_wait;
+ while((lb=$sp.gets())==nil && ctr>=0)do
+ ctr -= 1;
+ end
if (m=/unknown command/.match(lb) || m=/[Ee][Rr]{2}[Oo][Rr]/.match(lb))
puts("ERROR: "+lb);
exit(2);
buffer += lb;
begin
- lb=$sp.gets();
+ ctr=$extended_wait;
+ while((lb=$sp.gets())==nil && ctr>=0)do
+ ctr -= 1;
+ end
if(lb==nil)
return false;
end
fname+=m[1]+".";
end
buffer+=lb;
- lb = $sp.gets();
+ ctr=$extended_wait;
+ while((lb=$sp.gets())==nil && ctr>=0)do
+ ctr -= 1;
+ end
end
if(param!="")
fname+=param+".";
if(vector!=0 && vector % $linewidth==0)
print("\n ")
end
- printf(" %3u", vector);
+ printf(" %4u", vector);
+ end
+ ctr=$extended_wait;
+ while((lb=$sp.gets())==nil && ctr>=0)do
+ ctr -= 1;
end
- lb=$sp.gets();
if(lb==nil)
file.close();
return false;
end
if(readTestVector(param)==false)
- puts("ERROR: test seem not to be implemented");
+ puts("ERROR: test seems not to be implemented");
exit(3);
end
# comment out the following line for removement of SEED from the build process
BLOCK_CIPHERS += $(ALGO_NAME)
-$(ALGO_NAME)_OBJ := seed.o seed-asm.o
+$(ALGO_NAME)_OBJ := seed-stub.o seed-asm.o
$(ALGO_NAME)_TEST_BIN := main-seed-test.o debug.o uart.o serial-tools.o \
nessie_bc_test.o nessie_common.o \
cli.o performance_test.o
* GPLv3 or later
*
*/
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-/*******************************************************************************
-
- void changeendian32(uint32_t * a){
- *a = (*a & 0x000000FF) << 24 |
- (*a & 0x0000FF00) << 8 |
- (*a & 0x00FF0000) >> 8 |
- (*a & 0xFF000000) >> 24;
- }
-
-*/
-/*
-.global changeendian32
-; === change_endian32 ===
-; function that changes the endianess of a 32-bit word
-; param1: the 32-bit word
-; given in r25,r24,r23,22 (r25 is most significant)
-; modifys: r21, r22
-changeendian32:
- movw r20, r22 ; (r22,r23) --> (r20,r21)
- mov r22, r25
- mov r23, r24
- mov r24, r21
- mov r25, r20
- ret
-
-*/
-
-/*******************************************************************************
- uint32_t bigendian_sum32(uint32_t a, uint32_t b){
- changeendian32(&a);
- changeendian32(&b);
- a += b;
- changeendian32(&a);
- return a;
- }
-*/
+#include "avr-asm-macros.S"
.global bigendian_sum32
; === bigendian_sum32 ===
sbc r23, r19
sbc r22, r18
ret
-
+/******************************************************************************/
+/*
+#define M0 0xfc
+#define M1 0xf3
+#define M2 0xcf
+#define M3 0x3f
+
+#define X3 (((uint8_t*)(&x))[0])
+#define X2 (((uint8_t*)(&x))[1])
+#define X1 (((uint8_t*)(&x))[2])
+#define X0 (((uint8_t*)(&x))[3])
+
+#define Z3 (((uint8_t*)(&z))[0])
+#define Z2 (((uint8_t*)(&z))[1])
+#define Z1 (((uint8_t*)(&z))[2])
+#define Z0 (((uint8_t*)(&z))[3])
+
+uint32_t g_function(uint32_t x){
+ uint32_t z;
+ / * sbox substitution * /
+ X3 = pgm_read_byte(&(seed_sbox2[X3]));
+ X2 = pgm_read_byte(&(seed_sbox1[X2]));
+ X1 = pgm_read_byte(&(seed_sbox2[X1]));
+ X0 = pgm_read_byte(&(seed_sbox1[X0]));
+ / * now the permutation * /
+ Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3);
+ Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0);
+ Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1);
+ Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2);
+ return z;
+}
+*/
+M0 = 0xfc
+M1 = 0xf3
+M2 = 0xcf
+M3 = 0x3f
+X0 = 18
+X1 = 19
+X2 = 20
+X3 = 21
+Z0 = 25
+Z1 = 24
+Z2 = 23
+Z3 = 22
+T0 = X0
+T1 = 26
+T2 = 27
+T3 = X1
+/*
+ * param x: r22:r25
+ * X0 = R25
+ * X1 = R24
+ * X2 = R23
+ * X3 = R22
+ */
+.global g_function
+g_function:
+ ldi r30, lo8(seed_sbox1)
+ ldi r31, hi8(seed_sbox1)
+ movw r26, r30
+ add r30, Z2
+ adc r31, r1
+ lpm X2, Z
+ movw r30, r26
+ add r30, Z0
+ adc r31, r1
+ lpm X0, Z
+ inc r27 /* switch X to point to sbox2 */
+ movw r30, r26
+ add r30, Z3
+ adc r31, r1
+ lpm X3, Z
+ movw r30, r26
+ add r30, Z1
+ adc r31, r1
+ lpm X1, Z
+ /* now the secound part */
+ mov Z0, X0
+ mov Z1, X0
+ mov Z2, X0
+ mov Z3, X0
+ andi Z0, M0
+ andi Z1, M1
+ andi Z2, M2
+ andi Z3, M3
+ mov T0, X1
+ mov T1, X1
+ mov T2, X1
+ ; mov T3, X1 /* T3 = X1 */
+ andi T0, M1
+ andi T1, M2
+ andi T2, M3
+ andi T3, M0
+ eor Z0, T0
+ eor Z1, T1
+ eor Z2, T2
+ eor Z3, T3
+ mov T0, X2
+ mov T1, X2
+ mov T2, X2
+ mov T3, X2
+ andi T0, M2
+ andi T1, M3
+ andi T2, M0
+ andi T3, M1
+ eor Z0, T0
+ eor Z1, T1
+ eor Z2, T2
+ eor Z3, T3
+ mov T0, X3
+ mov T1, X3
+ mov T2, X3
+ mov T3, X3
+ andi T0, M3
+ andi T1, M0
+ andi T2, M1
+ andi T3, M2
+ eor Z0, T0
+ eor Z1, T1
+ eor Z2, T2
+ eor Z3, T3
+ ret
+
+seed_sbox1:
+.byte 169, 133, 214, 211, 84, 29, 172, 37
+.byte 93, 67, 24, 30, 81, 252, 202, 99
+.byte 40, 68, 32, 157, 224, 226, 200, 23
+.byte 165, 143, 3, 123, 187, 19, 210, 238
+.byte 112, 140, 63, 168, 50, 221, 246, 116
+.byte 236, 149, 11, 87, 92, 91, 189, 1
+.byte 36, 28, 115, 152, 16, 204, 242, 217
+.byte 44, 231, 114, 131, 155, 209, 134, 201
+.byte 96, 80, 163, 235, 13, 182, 158, 79
+.byte 183, 90, 198, 120, 166, 18, 175, 213
+.byte 97, 195, 180, 65, 82, 125, 141, 8
+.byte 31, 153, 0, 25, 4, 83, 247, 225
+.byte 253, 118, 47, 39, 176, 139, 14, 171
+.byte 162, 110, 147, 77, 105, 124, 9, 10
+.byte 191, 239, 243, 197, 135, 20, 254, 100
+.byte 222, 46, 75, 26, 6, 33, 107, 102
+.byte 2, 245, 146, 138, 12, 179, 126, 208
+.byte 122, 71, 150, 229, 38, 128, 173, 223
+.byte 161, 48, 55, 174, 54, 21, 34, 56
+.byte 244, 167, 69, 76, 129, 233, 132, 151
+.byte 53, 203, 206, 60, 113, 17, 199, 137
+.byte 117, 251, 218, 248, 148, 89, 130, 196
+.byte 255, 73, 57, 103, 192, 207, 215, 184
+.byte 15, 142, 66, 35, 145, 108, 219, 164
+.byte 52, 241, 72, 194, 111, 61, 45, 64
+.byte 190, 62, 188, 193, 170, 186, 78, 85
+.byte 59, 220, 104, 127, 156, 216, 74, 86
+.byte 119, 160, 237, 70, 181, 43, 101, 250
+.byte 227, 185, 177, 159, 94, 249, 230, 178
+.byte 49, 234, 109, 95, 228, 240, 205, 136
+.byte 22, 58, 88, 212, 98, 41, 7, 51
+.byte 232, 27, 5, 121, 144, 106, 42, 154
+seed_sbox2:
+.byte 56, 232, 45, 166, 207, 222, 179, 184
+.byte 175, 96, 85, 199, 68, 111, 107, 91
+.byte 195, 98, 51, 181, 41, 160, 226, 167
+.byte 211, 145, 17, 6, 28, 188, 54, 75
+.byte 239, 136, 108, 168, 23, 196, 22, 244
+.byte 194, 69, 225, 214, 63, 61, 142, 152
+.byte 40, 78, 246, 62, 165, 249, 13, 223
+.byte 216, 43, 102, 122, 39, 47, 241, 114
+.byte 66, 212, 65, 192, 115, 103, 172, 139
+.byte 247, 173, 128, 31, 202, 44, 170, 52
+.byte 210, 11, 238, 233, 93, 148, 24, 248
+.byte 87, 174, 8, 197, 19, 205, 134, 185
+.byte 255, 125, 193, 49, 245, 138, 106, 177
+.byte 209, 32, 215, 2, 34, 4, 104, 113
+.byte 7, 219, 157, 153, 97, 190, 230, 89
+.byte 221, 81, 144, 220, 154, 163, 171, 208
+.byte 129, 15, 71, 26, 227, 236, 141, 191
+.byte 150, 123, 92, 162, 161, 99, 35, 77
+.byte 200, 158, 156, 58, 12, 46, 186, 110
+.byte 159, 90, 242, 146, 243, 73, 120, 204
+.byte 21, 251, 112, 117, 127, 53, 16, 3
+.byte 100, 109, 198, 116, 213, 180, 234, 9
+.byte 118, 25, 254, 64, 18, 224, 189, 5
+.byte 250, 1, 240, 42, 94, 169, 86, 67
+.byte 133, 20, 137, 155, 176, 229, 72, 121
+.byte 151, 252, 30, 130, 33, 140, 27, 95
+.byte 119, 84, 178, 29, 37, 79, 0, 70
+.byte 237, 88, 82, 235, 126, 218, 201, 253
+.byte 48, 149, 101, 60, 182, 228, 187, 124
+.byte 14, 80, 57, 38, 50, 132, 105, 147
+.byte 55, 231, 36, 164, 203, 83, 10, 135
+.byte 217, 76, 131, 143, 206, 59, 74, 183
--- /dev/null
+/* seed.c */
+/*
+ This file is part of the Crypto-avr-lib/microcrypt-lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+ /**
+ * \file seed.c
+ * \author Daniel Otte
+ * \date 2007-06-1
+ * \brief SEED parts in C for AVR
+ * \par License
+ * GPL
+ *
+ */
+#include <stdint.h>
+#include <avr/pgmspace.h>
+#include <string.h>
+#include "seed_sbox.h"
+#include "uart.h"
+#include "debug.h"
+
+
+static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1);
+uint32_t g_function(uint32_t x);
+
+uint32_t bigendian_sum32(uint32_t a, uint32_t b);
+uint32_t bigendian_sub32(uint32_t a, uint32_t b);
+
+/******************************************************************************/
+static inline
+uint64_t bigendian_rotl8_64(uint64_t a){
+ /*
+ changeendian64(&a);
+ a = (a<<8) | (a>>(64-8));
+ changeendian64(&a);
+ */
+ a = (a>>8) | (a<<(64-8));
+ return a;
+}
+
+/******************************************************************************/
+static inline
+uint64_t bigendian_rotr8_64(uint64_t a){
+ /*
+ changeendian64(&a);
+ a = (a>>8) | (a<<(64-8));
+ changeendian64(&a);
+ */
+ a = (a<<8) | (a>>(64-8));
+ return a;
+}
+
+/******************************************************************************/
+static
+uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){
+ uint32_t c,d;
+
+ c = a & 0x00000000FFFFFFFFLL;
+ d = (a>>32) & 0x00000000FFFFFFFFLL;
+
+ c ^= k0; d ^= k1;
+ d ^= c;
+ d = g_function(d);
+ c = bigendian_sum32(c,d);
+ c = g_function(c);
+ d = bigendian_sum32(c,d);
+ d = g_function(d);
+ c = bigendian_sum32(c,d);
+ a = ((uint64_t)d << 32) | c;
+ return a;
+}
+
+/******************************************************************************/
+#if 0
+#define M0 0xfc
+#define M1 0xf3
+#define M2 0xcf
+#define M3 0x3f
+
+#define X3 (((uint8_t*)(&x))[0])
+#define X2 (((uint8_t*)(&x))[1])
+#define X1 (((uint8_t*)(&x))[2])
+#define X0 (((uint8_t*)(&x))[3])
+
+#define Z3 (((uint8_t*)(&z))[0])
+#define Z2 (((uint8_t*)(&z))[1])
+#define Z1 (((uint8_t*)(&z))[2])
+#define Z0 (((uint8_t*)(&z))[3])
+
+static
+uint32_t g_function(uint32_t x){
+ uint32_t z;
+ /* sbox substitution */
+ X3 = pgm_read_byte(&(seed_sbox2[X3]));
+ X2 = pgm_read_byte(&(seed_sbox1[X2]));
+ X1 = pgm_read_byte(&(seed_sbox2[X1]));
+ X0 = pgm_read_byte(&(seed_sbox1[X0]));
+ /* now the permutation */
+ Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3);
+ Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0);
+ Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1);
+ Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2);
+ return z;
+}
+#endif
+/******************************************************************************/
+typedef struct {
+ uint32_t k0, k1;
+} keypair_t;
+
+static
+keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){
+ keypair_t ret;
+ if (curround>15){
+ /* ERROR */
+ ret.k0 = ret.k1 = 0;
+ } else {
+ /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */
+ ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
+ ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
+ ret.k0 = g_function(ret.k0);
+ ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
+ ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(ret.k1);
+
+ if (curround & 1){
+ /* odd round (1,3,5, ...) */
+ ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] );
+ } else {
+ /* even round (0,2,4, ...) */
+ ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]);
+ }
+ }
+ return ret;
+}
+
+
+/******************************************************************************/
+static
+keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){
+ keypair_t ret;
+ if (curround>15){
+ /* ERROR */
+ ret.k0 = ret.k1 = 0;
+ } else {
+ if (curround & 1){
+ /* odd round (1,3,5, ..., 15) */
+ ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] );
+ } else {
+ /* even round (0,2,4, ..., 14) */
+ ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]);
+ }
+ /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */
+ ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
+ ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
+ ret.k0 = g_function(ret.k0);
+ ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
+ ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(ret.k1);
+ }
+ return ret;
+}
+
+/******************************************************************************/
+
+typedef struct{
+ uint32_t k[4];
+} seed_ctx_t;
+
+/******************************************************************************/
+
+void seed_init(uint8_t * key, seed_ctx_t * ctx){
+ memcpy(ctx->k, key, 128/8);
+}
+
+/******************************************************************************/
+
+#define L (((uint64_t*)buffer)[0])
+#define R (((uint64_t*)buffer)[1])
+
+void seed_enc(void * buffer, seed_ctx_t * ctx){
+ uint8_t r;
+ keypair_t k;
+ for(r=0; r<8; ++r){
+ k = getnextkeys(ctx->k, 2*r);
+/*
+ DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
+*/
+ L ^= f_function(R,k.k0,k.k1);
+
+ k = getnextkeys(ctx->k, 2*r+1);
+/*
+ DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
+*/
+ R ^= f_function(L,k.k0,k.k1);
+ }
+ /* just an exchange without temp. variable */
+ L ^= R;
+ R ^= L;
+ L ^= R;
+}
+
+/******************************************************************************/
+
+#define L (((uint64_t*)buffer)[0])
+#define R (((uint64_t*)buffer)[1])
+
+void seed_dec(void * buffer, seed_ctx_t * ctx){
+ int8_t r;
+ keypair_t k;
+ for(r=7; r>=0; --r){
+ k = getprevkeys(ctx->k, 2*r+1);
+/*
+ DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
+*/
+ L ^= f_function(R,k.k0,k.k1);
+
+ k = getprevkeys(ctx->k, 2*r+0);
+/*
+ DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
+*/
+ R ^= f_function(L,k.k0,k.k1);
+ }
+ /* just an exchange without temp. variable */
+ L ^= R;
+ R ^= L;
+ L ^= R;
+}
+
+
+
+
+
+
+
+
+
+
+
+++ /dev/null
-/* seed.c */
-/*
- This file is part of the Crypto-avr-lib/microcrypt-lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
- /**
- * \file seed.c
- * \author Daniel Otte
- * \date 2007-06-1
- * \brief SEED parts in C for AVR
- * \par License
- * GPL
- *
- */
-#include <stdint.h>
-#include <avr/pgmspace.h>
-#include <string.h>
-#include "seed_sbox.h"
-#include "uart.h"
-#include "debug.h"
-
-
-static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1);
-static uint32_t g_function(uint32_t x);
-
-/******************************************************************************/
-/*
-void changeendian32(uint32_t * a){
- *a = (*a & 0x000000FF) << 24 |
- (*a & 0x0000FF00) << 8 |
- (*a & 0x00FF0000) >> 8 |
- (*a & 0xFF000000) >> 24;
-}
-*/
-/******************************************************************************/
-/*
-void changeendian64(uint64_t * a){
- *a = (*a & 0x00000000000000FFLL) << 56 |
- (*a & 0x000000000000FF00LL) << 40 |
- (*a & 0x0000000000FF0000LL) << 24 |
- (*a & 0x00000000FF000000LL) << 8 |
- (*a & 0x000000FF00000000LL) >> 8 |
- (*a & 0x0000FF0000000000LL) >> 24 |
- (*a & 0x00FF000000000000LL) >> 40 |
- (*a & 0xFF00000000000000LL) >> 56 ;
-}
-*/
-/******************************************************************************/
-
-uint32_t bigendian_sum32(uint32_t a, uint32_t b);/*{
- changeendian32(&a);
- changeendian32(&b);
- a += b;
- changeendian32(&a);
- return a;
-}
-*/
-/******************************************************************************/
-/* static */
-uint32_t bigendian_sub32(uint32_t a, uint32_t b);/*{
- changeendian32(&a);
- changeendian32(&b);
- a -= b;
- changeendian32(&a);
- return a;
-}
-*/
-/******************************************************************************/
-static inline
-uint64_t bigendian_rotl8_64(uint64_t a){
- /*
- changeendian64(&a);
- a = (a<<8) | (a>>(64-8));
- changeendian64(&a);
- */
- a = (a>>8) | (a<<(64-8));
- return a;
-}
-
-/******************************************************************************/
-static inline
-uint64_t bigendian_rotr8_64(uint64_t a){
- /*
- changeendian64(&a);
- a = (a>>8) | (a<<(64-8));
- changeendian64(&a);
- */
- a = (a<<8) | (a>>(64-8));
- return a;
-}
-
-/******************************************************************************/
-static
-uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){
- uint32_t c,d;
-
- c = a & 0x00000000FFFFFFFFLL;
- d = (a>>32) & 0x00000000FFFFFFFFLL;
-
- c ^= k0; d ^= k1;
- d ^= c;
- d = g_function(d);
- c = bigendian_sum32(c,d);
- c = g_function(c);
- d = bigendian_sum32(c,d);
- d = g_function(d);
- c = bigendian_sum32(c,d);
- a = ((uint64_t)d << 32) | c;
- return a;
-}
-
-/******************************************************************************/
-#define M0 0xfc
-#define M1 0xf3
-#define M2 0xcf
-#define M3 0x3f
-
-#define X3 (((uint8_t*)(&x))[0])
-#define X2 (((uint8_t*)(&x))[1])
-#define X1 (((uint8_t*)(&x))[2])
-#define X0 (((uint8_t*)(&x))[3])
-
-#define Z3 (((uint8_t*)(&z))[0])
-#define Z2 (((uint8_t*)(&z))[1])
-#define Z1 (((uint8_t*)(&z))[2])
-#define Z0 (((uint8_t*)(&z))[3])
-
-static
-uint32_t g_function(uint32_t x){
- uint32_t z;
- /* sbox substitution */
- X3 = pgm_read_byte(&(seed_sbox2[X3]));
- X2 = pgm_read_byte(&(seed_sbox1[X2]));
- X1 = pgm_read_byte(&(seed_sbox2[X1]));
- X0 = pgm_read_byte(&(seed_sbox1[X0]));
- /* now the permutation */
- Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3);
- Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0);
- Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1);
- Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2);
- return z;
-}
-/******************************************************************************/
-typedef struct {
- uint32_t k0, k1;
-} keypair_t;
-
-keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){
- keypair_t ret;
- if (curround>15){
- /* ERROR */
- ret.k0 = ret.k1 = 0;
- } else {
- /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */
- ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
- ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
- ret.k0 = g_function(ret.k0);
- ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
- ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = g_function(ret.k1);
-
- if (curround & 1){
- /* odd round (1,3,5, ...) */
- ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] );
- } else {
- /* even round (0,2,4, ...) */
- ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]);
- }
- }
- return ret;
-}
-
-
-/******************************************************************************/
-
-keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){
- keypair_t ret;
- if (curround>15){
- /* ERROR */
- ret.k0 = ret.k1 = 0;
- } else {
- if (curround & 1){
- /* odd round (1,3,5, ..., 15) */
- ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] );
- } else {
- /* even round (0,2,4, ..., 14) */
- ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]);
- }
- /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */
- ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
- ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
- ret.k0 = g_function(ret.k0);
- ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
- ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = g_function(ret.k1);
- }
- return ret;
-}
-
-/******************************************************************************/
-
-typedef struct{
- uint32_t k[4];
-} seed_ctx_t;
-
-/******************************************************************************/
-
-void seed_init(uint8_t * key, seed_ctx_t * ctx){
- memcpy(ctx->k, key, 128/8);
-}
-
-/******************************************************************************/
-
-#define L (((uint64_t*)buffer)[0])
-#define R (((uint64_t*)buffer)[1])
-
-void seed_enc(void * buffer, seed_ctx_t * ctx){
- uint8_t r;
- keypair_t k;
- for(r=0; r<8; ++r){
- k = getnextkeys(ctx->k, 2*r);
-/*
- DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
-*/
- L ^= f_function(R,k.k0,k.k1);
-
- k = getnextkeys(ctx->k, 2*r+1);
-/*
- DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
-*/
- R ^= f_function(L,k.k0,k.k1);
- }
- /* just an exchange without temp. variable */
- L ^= R;
- R ^= L;
- L ^= R;
-}
-
-/******************************************************************************/
-
-#define L (((uint64_t*)buffer)[0])
-#define R (((uint64_t*)buffer)[1])
-
-void seed_dec(void * buffer, seed_ctx_t * ctx){
- int8_t r;
- keypair_t k;
- for(r=7; r>=0; --r){
- k = getprevkeys(ctx->k, 2*r+1);
-/*
- DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
-*/
- L ^= f_function(R,k.k0,k.k1);
-
- k = getprevkeys(ctx->k, 2*r+0);
-/*
- DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
-*/
- R ^= f_function(L,k.k0,k.k1);
- }
- /* just an exchange without temp. variable */
- L ^= R;
- R ^= L;
- L ^= R;
-}
-
-
-
-
-
-
-
-
-
-
-
--- /dev/null
+/* seed_C.c */
+/*
+ This file is part of the Crypto-avr-lib/microcrypt-lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+ /**
+ * \file seed_C.c
+ * \author Daniel Otte
+ * \date 2007-06-1
+ * \brief SEED parts in C for AVR
+ * \par License
+ * GPL
+ *
+ */
+#include <stdint.h>
+#include <avr/pgmspace.h>
+#include <string.h>
+#include "seed_sbox.h"
+#include "uart.h"
+#include "debug.h"
+
+/******************************************************************************/
+
+static
+void changeendian32(uint32_t * a){
+ *a = (*a & 0x000000FF) << 24 |
+ (*a & 0x0000FF00) << 8 |
+ (*a & 0x00FF0000) >> 8 |
+ (*a & 0xFF000000) >> 24;
+}
+
+/******************************************************************************/
+static
+uint32_t bigendian_sum32(uint32_t a, uint32_t b){
+ changeendian32(&a);
+ changeendian32(&b);
+ a += b;
+ changeendian32(&a);
+ return a;
+}
+
+/******************************************************************************/
+static
+uint32_t bigendian_sub32(uint32_t a, uint32_t b){
+ changeendian32(&a);
+ changeendian32(&b);
+ a -= b;
+ changeendian32(&a);
+ return a;
+}
+
+/******************************************************************************/
+static inline
+uint64_t bigendian_rotl8_64(uint64_t a){
+ /*
+ changeendian64(&a);
+ a = (a<<8) | (a>>(64-8));
+ changeendian64(&a);
+ */
+ a = (a>>8) | (a<<(64-8));
+ return a;
+}
+
+/******************************************************************************/
+static inline
+uint64_t bigendian_rotr8_64(uint64_t a){
+ /*
+ changeendian64(&a);
+ a = (a>>8) | (a<<(64-8));
+ changeendian64(&a);
+ */
+ a = (a<<8) | (a>>(64-8));
+ return a;
+}
+
+/******************************************************************************/
+static
+uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){
+ uint32_t c,d;
+
+ c = a & 0x00000000FFFFFFFFLL;
+ d = (a>>32) & 0x00000000FFFFFFFFLL;
+
+ c ^= k0; d ^= k1;
+ d ^= c;
+ d = g_function(d);
+ c = bigendian_sum32(c,d);
+ c = g_function(c);
+ d = bigendian_sum32(c,d);
+ d = g_function(d);
+ c = bigendian_sum32(c,d);
+ a = ((uint64_t)d << 32) | c;
+ return a;
+}
+
+/******************************************************************************/
+#define M0 0xfc
+#define M1 0xf3
+#define M2 0xcf
+#define M3 0x3f
+
+#define X3 (((uint8_t*)(&x))[0])
+#define X2 (((uint8_t*)(&x))[1])
+#define X1 (((uint8_t*)(&x))[2])
+#define X0 (((uint8_t*)(&x))[3])
+
+#define Z3 (((uint8_t*)(&z))[0])
+#define Z2 (((uint8_t*)(&z))[1])
+#define Z1 (((uint8_t*)(&z))[2])
+#define Z0 (((uint8_t*)(&z))[3])
+
+static
+uint32_t g_function(uint32_t x){
+ uint32_t z;
+ /* sbox substitution */
+ X3 = pgm_read_byte(&(seed_sbox2[X3]));
+ X2 = pgm_read_byte(&(seed_sbox1[X2]));
+ X1 = pgm_read_byte(&(seed_sbox2[X1]));
+ X0 = pgm_read_byte(&(seed_sbox1[X0]));
+ /* now the permutation */
+ Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3);
+ Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0);
+ Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1);
+ Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2);
+ return z;
+}
+/******************************************************************************/
+typedef struct {
+ uint32_t k0, k1;
+} keypair_t;
+
+keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){
+ keypair_t ret;
+ if (curround>15){
+ /* ERROR */
+ ret.k0 = ret.k1 = 0;
+ } else {
+ /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */
+ ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
+ ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
+ ret.k0 = g_function(ret.k0);
+ ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
+ ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(ret.k1);
+
+ if (curround & 1){
+ /* odd round (1,3,5, ...) */
+ ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] );
+ } else {
+ /* even round (0,2,4, ...) */
+ ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]);
+ }
+ }
+ return ret;
+}
+
+
+/******************************************************************************/
+
+keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){
+ keypair_t ret;
+ if (curround>15){
+ /* ERROR */
+ ret.k0 = ret.k1 = 0;
+ } else {
+ if (curround & 1){
+ /* odd round (1,3,5, ..., 15) */
+ ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] );
+ } else {
+ /* even round (0,2,4, ..., 14) */
+ ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]);
+ }
+ /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */
+ ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
+ ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
+ ret.k0 = g_function(ret.k0);
+ ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
+ ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
+ ret.k1 = g_function(ret.k1);
+ }
+ return ret;
+}
+
+/******************************************************************************/
+
+typedef struct{
+ uint32_t k[4];
+} seed_ctx_t;
+
+/******************************************************************************/
+
+void seed_init(uint8_t * key, seed_ctx_t * ctx){
+ memcpy(ctx->k, key, 128/8);
+}
+
+/******************************************************************************/
+
+#define L (((uint64_t*)buffer)[0])
+#define R (((uint64_t*)buffer)[1])
+
+void seed_enc(void * buffer, seed_ctx_t * ctx){
+ uint8_t r;
+ keypair_t k;
+ for(r=0; r<8; ++r){
+ k = getnextkeys(ctx->k, 2*r);
+/*
+ DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
+*/
+ L ^= f_function(R,k.k0,k.k1);
+
+ k = getnextkeys(ctx->k, 2*r+1);
+/*
+ DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
+*/
+ R ^= f_function(L,k.k0,k.k1);
+ }
+ /* just an exchange without temp. variable */
+ L ^= R;
+ R ^= L;
+ L ^= R;
+}
+
+/******************************************************************************/
+
+#define L (((uint64_t*)buffer)[0])
+#define R (((uint64_t*)buffer)[1])
+
+void seed_dec(void * buffer, seed_ctx_t * ctx){
+ int8_t r;
+ keypair_t k;
+ for(r=7; r>=0; --r){
+ k = getprevkeys(ctx->k, 2*r+1);
+/*
+ DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
+*/
+ L ^= f_function(R,k.k0,k.k1);
+
+ k = getprevkeys(ctx->k, 2*r+0);
+/*
+ DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
+ DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
+ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
+ DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
+*/
+ R ^= f_function(L,k.k0,k.k1);
+ }
+ /* just an exchange without temp. variable */
+ L ^= R;
+ R ^= L;
+ L ^= R;
+}
+
+
+
+
+
+
+
+
+
+
+
#include <stdint.h>
#include <avr/pgmspace.h>
-
+/*
uint8_t seed_sbox1[256] PROGMEM ={
169, 133, 214, 211, 84, 29, 172, 37,
93, 67, 24, 30, 81, 252, 202, 99,
55, 231, 36, 164, 203, 83, 10, 135,
217, 76, 131, 143, 206, 59, 74, 183
};
-
+*/
/* key constants */
-/*
-uint32_t seed_kc[16] PROGMEM ={
- 0x9e3779b9,
- 0x3c6ef373,
- 0x78dde6e6,
- 0xf1bbcdcc,
- 0xe3779b99,
- 0xc6ef3733,
- 0x8dde6e67,
- 0x1bbcdccf,
- 0x3779b99e,
- 0x6ef3733c,
- 0xdde6e678,
- 0xbbcdccf1,
- 0x779b99e3,
- 0xef3733c6,
- 0xde6e678d,
- 0xbcdccf1b
-};
-// */
-/* key constants (mal andersrum) */
-// /*
uint32_t seed_kc[16] PROGMEM ={
0xb979379e,
0x73f36e3c,
0x8d676ede,
0x1bcfdcbc
};
-// */
+
#endif /*SEED_SBOX_H_*/
projects / avr-crypto-lib.git / commitdiff