From: bg Date: Sat, 25 Sep 2010 12:04:19 +0000 (+0000) Subject: clean up X-Git-Url: https://git.cryptolib.org/?p=avr-crypto-lib.git;a=commitdiff_plain;h=7b5401ab9ce23a5da1de8b6c7de3a1aa20ac4cf8 clean up --- diff --git a/aes/aes_dec.c b/aes/aes_dec.c index 8c476de..778df62 100644 --- a/aes/aes_dec.c +++ b/aes/aes_dec.c @@ -19,7 +19,7 @@ #include #include -#include "gf256mul.h" +#include "gf256mul/gf256mul.h" #include "aes.h" #include "aes_invsbox.h" #include "aes_dec.h" diff --git a/aes/aes_enc.c b/aes/aes_enc.c index dadf9f4..7b48bbf 100644 --- a/aes/aes_enc.c +++ b/aes/aes_enc.c @@ -28,7 +28,7 @@ #include #include #include "aes.h" -#include "gf256mul.h" +#include "gf256mul/gf256mul.h" #include "aes_sbox.h" #include "aes_enc.h" #include diff --git a/aes/gf256mul.S b/aes/gf256mul.S deleted file mode 100644 index b269d3a..0000000 --- a/aes/gf256mul.S +++ /dev/null @@ -1,82 +0,0 @@ -/* gf256mul.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: gf256mul.S - * Author: Daniel Otte - * Date: 2008-12-19 - * License: GPLv3 or later - * Description: peasant's algorithm for multiplication in GF(2^8) - * - */ - -#include -#define OPTIMIZE_SMALL_A - -/* - * param a: r24 - * param b: r22 - * param reducer: r20 - */ -A = 23 -B = 22 -P = 24 -.global gf256mul - -#ifdef OPTIMIZE_SMALL_A -gf256mul: - mov A, r24 - clr r24 -1: - lsr A - breq 4f - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - rjmp 1b -4: - brcc 2f - eor P, B -2: - ret - -#else - -gf256mul: - mov r21, r24 - clr r24 - ldi r25, 8 -1: - lsr A - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - dec r25 - brne 1b - ret - -#endif diff --git a/aes/gf256mul.h b/aes/gf256mul.h deleted file mode 100644 index 87f1cb3..0000000 --- a/aes/gf256mul.h +++ /dev/null @@ -1,37 +0,0 @@ -/* gf256mul.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef GF256MUL_H_ -#define GF256MUL_H_ - -/** - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-12-19 - * \license GPLv3 - * \brief - * - * - */ - -#include - -uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); - -#endif /* GF256MUL_H_ */ - diff --git a/avr-makefile.inc b/avr-makefile.inc index f656cd3..c2c4cd3 100644 --- a/avr-makefile.inc +++ b/avr-makefile.inc @@ -8,7 +8,6 @@ FLASHCMD = avrdude -p $(MCU_TARGET) -P /dev/ttyUSB0 -c $(PROGRAMMER) -U fl DEP_DIR = deps/ TEST_DIR = test/ BIN_DIR = bin/ -TESTBIN_DIR = test_bin/ TESTSRC_DIR = test_src/ #uisp -dprog=bsd -dlpt=/dev/parport1 --upload if=$(PRG).hex ERASECMD = diff --git a/bcal-basic.c b/bcal-basic.c deleted file mode 100644 index 3d7a65c..0000000 --- a/bcal-basic.c +++ /dev/null @@ -1,94 +0,0 @@ -/* bcal-basic.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include -#include -#include -#include -#include "blockcipher_descriptor.h" -#include "keysize_descriptor.h" - -uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor, - const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx){ - if(!is_valid_keysize_P((PGM_VOID_P)pgm_read_word(&(cipher_descriptor->valid_keysize_desc)), - keysize_b)){ - return 1; - } - uint8_t flags; - bc_init_fpt init_fpt; - ctx->desc_ptr = (bcdesc_t*)cipher_descriptor; - ctx->keysize = keysize_b; - flags = pgm_read_byte(cipher_descriptor->flags); - init_fpt.initvoid = (void_fpt)(pgm_read_word(&(cipher_descriptor->init.initvoid))); - if(init_fpt.initvoid == NULL){ - if(!(ctx->ctx = malloc((keysize_b+7)/8))) - return 2; - memcpy(ctx->ctx, key, (keysize_b+7)/8); - return 0; - } - if(!(ctx->ctx = malloc(pgm_read_word(&(cipher_descriptor->ctxsize_B))))) - return 3; - if((flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){ - init_fpt.init1((void*)key, (ctx->ctx)); - }else{ - init_fpt.init2((void*)key, keysize_b, (ctx->ctx)); - } - return 0; -} - -void bcal_cipher_free(bcgen_ctx_t* ctx){ - if(!ctx) - return; - bc_free_fpt free_fpt; - free_fpt = (bc_free_fpt)(pgm_read_word(&(ctx->desc_ptr->free))); - if(free_fpt) - free_fpt((ctx->ctx)); - free(ctx->ctx); -} - -void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx){ - bc_enc_fpt enc_fpt; - enc_fpt.encvoid = (void_fpt)pgm_read_word(&(ctx->desc_ptr->enc.encvoid)); - if(!enc_fpt.encvoid){ - /* very bad error, no enciphering function specified */ - return; - } - enc_fpt.enc1(block, (ctx->ctx)); - -} - -void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx){ - bc_dec_fpt dec_fpt; - dec_fpt.decvoid = (void_fpt)pgm_read_word(&(ctx->desc_ptr->dec.decvoid)); - if(!dec_fpt.decvoid){ - /* very bad error, no deciphering function specified */ - return; - } - dec_fpt.dec1(block, (ctx->ctx)); -} - -uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc){ - return pgm_read_word(&(desc->blocksize_b)); -} - -PGM_VOID_P bcal_cipher_getKeysizeDesc(const bcdesc_t* desc){ - return (PGM_VOID_P)pgm_read_word(&(desc->valid_keysize_desc)); -} - - diff --git a/bcal-basic.h b/bcal-basic.h deleted file mode 100644 index e45b9b8..0000000 --- a/bcal-basic.h +++ /dev/null @@ -1,36 +0,0 @@ -/* bcal-basic.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef BCAL_BASIC_H_ -#define BCAL_BASIC_H_ - -#include -#include -#include "blockcipher_descriptor.h" -#include "keysize_descriptor.h" -#include - -uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor, - const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx); -void bcal_cipher_free(bcgen_ctx_t* ctx); -void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx); -void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx); -uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc); -PGM_VOID_P bcal_cipher_getKeysizeDesc(const bcdesc_t* desc); -#endif /* BCAL_BASIC_H_ */ diff --git a/bcal-cbc.c b/bcal-cbc.c deleted file mode 100644 index ee27c35..0000000 --- a/bcal-cbc.c +++ /dev/null @@ -1,84 +0,0 @@ -/* bcal-cbc.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include -#include -#include "bcal-cbc.h" -#include "bcal-basic.h" -#include "memxor.h" - -uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx){ - ctx->desc = (bcdesc_t*)desc; - ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; - ctx->prev_block = malloc(ctx->blocksize_B); - - if(ctx->prev_block==NULL){ - return 0x11; - } - return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); -} - -void bcal_cbc_free(bcal_cbc_ctx_t* ctx){ - bcal_cipher_free(&(ctx->cctx)); - free(ctx->prev_block); -} - - -void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx){ - if(iv){ - memcpy(ctx->prev_block, iv, ctx->blocksize_B); - } -} - -void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx){ - memxor(block, ctx->prev_block, ctx->blocksize_B); - bcal_cipher_enc(block, &(ctx->cctx)); - memcpy(ctx->prev_block, block, ctx->blocksize_B); -} - -void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx){ - uint8_t tmp[ctx->blocksize_B]; - memcpy(tmp, block, ctx->blocksize_B); - bcal_cipher_dec(block, &(ctx->cctx)); - memxor(block, ctx->prev_block, ctx->blocksize_B); - memcpy(ctx->prev_block, tmp, ctx->blocksize_B); -} -void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx){ - bcal_cipher_dec(block, &(ctx->cctx)); - memxor(block, prev_block, ctx->blocksize_B); -} - -void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){ - bcal_cbc_loadIV(iv, ctx); - while(msg_blocks--){ - bcal_cbc_encNext(msg, ctx); - msg = (uint8_t*)msg + ctx->blocksize_B; - } -} - -void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){ - msg=(uint8_t*)msg + (msg_blocks-1)*ctx->blocksize_B; - while(msg_blocks > 1){ - bcal_cbc_decRand(msg, (uint8_t*)msg-ctx->blocksize_B, ctx); - msg_blocks -= 1; - msg=(uint8_t*)msg-ctx->blocksize_B; - } - bcal_cbc_decRand(msg, iv, ctx); -} - diff --git a/bcal-cbc.h b/bcal-cbc.h deleted file mode 100644 index ba20186..0000000 --- a/bcal-cbc.h +++ /dev/null @@ -1,44 +0,0 @@ -/* bcal-cbc.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef BCALCBC_H_ -#define BCALCBC_H_ - -#include -#include "blockcipher_descriptor.h" -#include "bcal-basic.h" - -typedef struct{ - bcdesc_t* desc; - bcgen_ctx_t cctx; - uint8_t* prev_block; - uint8_t blocksize_B; -} bcal_cbc_ctx_t; - -uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx); -void bcal_cbc_free(bcal_cbc_ctx_t* ctx); -void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx); -void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx); -void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx); -void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx); -void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx); -void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx); - - -#endif /* BCALCBC_H_ */ diff --git a/bcal-cfb_bit.c b/bcal-cfb_bit.c deleted file mode 100644 index 2611b65..0000000 --- a/bcal-cfb_bit.c +++ /dev/null @@ -1,128 +0,0 @@ -/* bcal-cfb_bit.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include -#include -#include "bcal-cfb_bit.h" -#include "bcal-basic.h" - -static uint8_t read_bit(void* block, uint32_t index){ - uint8_t r; - r=((uint8_t*)block)[index/8]; - r=(r&(0x80>>(index&7)))?0xff:0x00; - return r; -} - -static void write_bit(void* block, uint32_t index, uint8_t value){ - if(value){ - /* set bit */ - ((uint8_t*)block)[index/8] |= 0x80>>(index&7); - }else{ - /* clear bit */ - ((uint8_t*)block)[index/8] &= ~(0x80>>(index&7)); - } -} - -uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx){ - ctx->desc = (bcdesc_t*)desc; - ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; - ctx->in_block=malloc(ctx->blocksize_B); - if(ctx->in_block==NULL){ - return 0x11; - } - if(size_b>bcal_cipher_getBlocksize_b(desc)){ - return 0x12; - } - ctx->size_b = size_b; - return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); -} - -void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx){ - free(ctx->in_block); - bcal_cipher_free(&(ctx->cctx)); -} - -void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx){ - if(iv){ - memcpy(ctx->in_block, iv, ctx->blocksize_B); - } -} - -void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){ - uint8_t tmp[ctx->blocksize_B]; - offset &= 7; - memcpy(tmp, ctx->in_block, ctx->blocksize_B); - bcal_cipher_enc(tmp, &(ctx->cctx)); - uint16_t i,j; - uint8_t a; - for(i=0; iblocksize_B*8-ctx->size_b; ++i){ - a = read_bit(ctx->in_block, i+ctx->size_b); - write_bit(ctx->in_block, i, a); - } - for(j=offset,i=0; isize_b; ++i, ++j){ - a = read_bit(tmp, i) ^ read_bit(block, j); - write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, a); - write_bit(block, j, a); - } -} - -void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){ - uint8_t tmp[ctx->blocksize_B]; - offset &= 7; - memcpy(tmp, ctx->in_block, ctx->blocksize_B); - bcal_cipher_enc(tmp, &(ctx->cctx)); - uint16_t i,j; - uint8_t a,b; - for(i=0; iblocksize_B*8-ctx->size_b; ++i){ - a = read_bit(ctx->in_block, i+ctx->size_b); - write_bit(ctx->in_block, i, a); - } - for(j=offset,i=0; isize_b; ++i, ++j){ - a = read_bit(tmp, i); - b = read_bit(block, j); - a ^= b; - write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, b); - write_bit(block, j, a); - } -} - -void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){ - bcal_cfb_b_loadIV(iv, ctx); - uint32_t addr; - addr = ((uint16_t)msg)*8+offset; - while(msg_blocks--){ - msg = (void*)((uint16_t)(addr/8)); - offset = addr&7; - bcal_cfb_b_encNext(msg, offset, ctx); - addr += ctx->size_b; - } -} - -void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){ - bcal_cfb_b_loadIV(iv, ctx); - uint32_t addr; - addr = ((uint16_t)msg)*8+offset; - while(msg_blocks--){ - msg = (void*)((uint16_t)(addr/8)); - offset = addr&7; - bcal_cfb_b_decNext(msg, offset, ctx); - addr += ctx->size_b; - } -} diff --git a/bcal-cfb_bit.h b/bcal-cfb_bit.h deleted file mode 100644 index df62e17..0000000 --- a/bcal-cfb_bit.h +++ /dev/null @@ -1,47 +0,0 @@ -/* bcal-cfb_bit.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#ifndef BCALCFB_BIT_H_ -#define BCALCFB_BIT_H_ - -#include -#include "bcal-basic.h" -#include "blockcipher_descriptor.h" - - -typedef struct{ - bcdesc_t* desc; - bcgen_ctx_t cctx; - uint8_t* in_block; - uint8_t blocksize_B; - uint16_t size_b; -} bcal_cfb_b_ctx_t; - - -uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx); -void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx); -void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx); -void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx); -void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx); -void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx); -void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx); - - -#endif /* BCALCFB_BIT_H_ */ diff --git a/bcal-cfb_byte.c b/bcal-cfb_byte.c deleted file mode 100644 index e0e5d22..0000000 --- a/bcal-cfb_byte.c +++ /dev/null @@ -1,88 +0,0 @@ -/* bcal-cfb_byte.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include -#include -#include "bcal-cfb_byte.h" -#include "bcal-basic.h" -#include "memxor.h" - - -uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx){ - ctx->desc = (bcdesc_t*)desc; - ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; - ctx->in_block=malloc(ctx->blocksize_B); - if(ctx->in_block==NULL){ - return 0x11; - } - if(size_b&7){ - return 0x12; - } - ctx->size_B = size_b/8; - return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); -} - -void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx){ - free(ctx->in_block); - bcal_cipher_free(&(ctx->cctx)); -} - -void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx){ - if(iv){ - memcpy(ctx->in_block, iv, ctx->blocksize_B); - } -} - -void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx){ - uint8_t tmp[ctx->blocksize_B]; - memcpy(tmp, ctx->in_block, ctx->blocksize_B); - bcal_cipher_enc(tmp, &(ctx->cctx)); - memxor(block, tmp, ctx->size_B); - memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B); - memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, block, ctx->size_B); -} - -void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx){ - uint8_t tmp[ctx->blocksize_B]; - uint8_t xblock[ctx->size_B]; - memcpy(xblock, block, ctx->size_B); - memcpy(tmp, ctx->in_block, ctx->blocksize_B); - bcal_cipher_enc(tmp, &(ctx->cctx)); - memxor(block, tmp, ctx->size_B); - memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B); - memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, xblock, ctx->size_B); -} - -void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){ - bcal_cfb_B_loadIV(iv, ctx); - while(msg_blocks--){ - bcal_cfb_B_encNext(msg, ctx); - msg = (uint8_t*)msg+ctx->size_B; - } -} - -void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){ - bcal_cfb_B_loadIV(iv, ctx); - while(msg_blocks--){ - bcal_cfb_B_decNext(msg, ctx); - msg = (uint8_t*)msg+ctx->size_B; - } -} - diff --git a/bcal-cfb_byte.h b/bcal-cfb_byte.h deleted file mode 100644 index 276a904..0000000 --- a/bcal-cfb_byte.h +++ /dev/null @@ -1,46 +0,0 @@ -/* bcal-cbc.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef BCALCFB_BYTE_H_ -#define BCALCFB_BYTE_H_ - -#include -#include "bcal-basic.h" -#include "blockcipher_descriptor.h" - - -typedef struct{ - bcdesc_t* desc; - bcgen_ctx_t cctx; - uint8_t* in_block; - uint8_t blocksize_B; - uint8_t size_B; -} bcal_cfb_B_ctx_t; - - -uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx); -void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx); -void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx); -void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx); -void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx); -void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx); -void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx); - - -#endif /* BCALCFB_BYTE_H_ */ diff --git a/bcal-cmac.c b/bcal-cmac.c deleted file mode 100644 index abc9dfa..0000000 --- a/bcal-cmac.c +++ /dev/null @@ -1,152 +0,0 @@ -/* bcal-omac.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include -#include -#include "bcal-basic.h" -#include "bcal-cmac.h" -#include "memxor.h" - - -static uint8_t left_shift_be_block(void* block, uint8_t blocksize_B){ - uint8_t c1=0, c2; - do{ - --blocksize_B; - c2 = (((uint8_t*)block)[blocksize_B])>>7; - (((uint8_t*)block)[blocksize_B]) <<= 1; - (((uint8_t*)block)[blocksize_B]) |= c1; - c1 = c2; - }while(blocksize_B); - return c1; -} - -static const uint8_t const_128 = 0x87; -static const uint8_t const_64 = 0x1b; - -uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx){ - uint8_t r; - ctx->desc = (bcdesc_t*)desc; - ctx->blocksize_B = bcal_cipher_getBlocksize_b(desc)/8; - if (ctx->blocksize_B!=128/8 && ctx->blocksize_B!=64/8){ - return 0x13; - } - ctx->accu = malloc(ctx->blocksize_B); - if(ctx->accu==NULL){ - return 0x14; - } - ctx->k1 = malloc(ctx->blocksize_B); - if(ctx->k1==NULL){ - return 0x15; - } - ctx->k2 = malloc(ctx->blocksize_B); - if(ctx->k2==NULL){ - return 0x16; - } - ctx->lastblock = malloc(ctx->blocksize_B); - if(ctx->lastblock==NULL){ - return 0x17; - } - r = bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); - if(r){ - return r; - } - if(ctx->blocksize_B==128/8){ - r = const_128; - }else{ - r = const_64; - } - /* subkey computation */ - memset(ctx->accu, 0x00, ctx->blocksize_B); - memset(ctx->k1, 0x00, ctx->blocksize_B); - bcal_cipher_enc(ctx->k1, &(ctx->cctx)); - if(left_shift_be_block(ctx->k1, ctx->blocksize_B)){ - ctx->k1[ctx->blocksize_B-1] ^= r; - } - memcpy(ctx->k2, ctx->k1, ctx->blocksize_B); - if(left_shift_be_block(ctx->k2, ctx->blocksize_B)){ - ctx->k2[ctx->blocksize_B-1] ^= r; - } - ctx->last_set=0; - return 0; -} - -void bcal_cmac_free(bcal_cmac_ctx_t* ctx){ - free(ctx->accu); - free(ctx->k1); - free(ctx->k2); - bcal_cipher_free(&(ctx->cctx)); -} - -void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){ - if(ctx->last_set){ - memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B); - bcal_cipher_enc(ctx->accu, &(ctx->cctx)); - } - memcpy(ctx->lastblock, block, ctx->blocksize_B); - ctx->last_set=1; -} - - -void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){ - uint16_t blocksize_b; - blocksize_b = ctx->blocksize_B*8; - while(length_b>=blocksize_b){ - bcal_cmac_nextBlock(ctx, block); - block = (uint8_t*)block + ctx->blocksize_B; - length_b -= blocksize_b; - } - if(ctx->last_set==0){ - memxor(ctx->accu, block, (length_b+7)/8); - memxor(ctx->accu, ctx->k2, ctx->blocksize_B); - ctx->accu[length_b/8] ^= 0x80>>(length_b&7); - }else{ - if(length_b==0){ - memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B); - memxor(ctx->accu, ctx->k1, ctx->blocksize_B); - }else{ - memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B); - bcal_cipher_enc(ctx->accu, &(ctx->cctx)); - memxor(ctx->accu, block, (length_b+7)/8); - memxor(ctx->accu, ctx->k2, ctx->blocksize_B); - ctx->accu[length_b/8] ^= 0x80>>(length_b&7); - } - } - bcal_cipher_enc(ctx->accu, &(ctx->cctx)); -} - -void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx){ - memcpy(dest, ctx->accu, length_b/8); - if(length_b&7){ - ((uint8_t*)dest)[length_b/8] &= 0xff>>(length_b&7); - ((uint8_t*)dest)[length_b/8] |= (0xff00>>(length_b&7))&(ctx->accu[length_b/8]); - } -} - -void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx){ - uint16_t blocksize_b; - blocksize_b = ctx->blocksize_B*8; - while(length_b>blocksize_b){ - bcal_cmac_nextBlock(ctx, block); - block = (uint8_t*)block + ctx->blocksize_B; - length_b -= blocksize_b; - } - bcal_cmac_lastBlock(ctx, block, length_b); - bcal_cmac_ctx2mac(dest, out_length_b, ctx); -} diff --git a/bcal-cmac.h b/bcal-cmac.h deleted file mode 100644 index be699b6..0000000 --- a/bcal-cmac.h +++ /dev/null @@ -1,45 +0,0 @@ -/* bcal-cmac.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef BCALCMAC_H_ -#define BCALCMAC_H_ - -#include -#include "bcal-basic.h" -#include "blockcipher_descriptor.h" - -typedef struct{ - bcdesc_t* desc; - bcgen_ctx_t cctx; - uint8_t* accu; - uint8_t* k1; - uint8_t* k2; - uint8_t* lastblock; - uint8_t last_set; - uint8_t blocksize_B; -} bcal_cmac_ctx_t; - -uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx); -void bcal_cmac_free(bcal_cmac_ctx_t* ctx); -void bcal_cmac_nextBlock(bcal_cmac_ctx_t* ctx, const void* block); -void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b); -void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx); -void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx); - -#endif /* BCALCMAC_H_ */ diff --git a/bcal-ctr.c b/bcal-ctr.c deleted file mode 100644 index 694cedd..0000000 --- a/bcal-ctr.c +++ /dev/null @@ -1,95 +0,0 @@ -/* bcal-ctr.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include -#include -#include "bcal-basic.h" -#include "bcal-ctr.h" -#include "memxor.h" - -static void increment_be(void* block, uint8_t size_B){ - uint16_t c=1; - do{ - --size_B; - c += ((uint8_t*)block)[size_B]; - ((uint8_t*)block)[size_B] = (uint8_t)c; - c>>=8; - }while(size_B); -} - -uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx){ - ctx->desc = (bcdesc_t*)desc; - if(inc_func){ - ctx->inc_func = inc_func; - }else{ - ctx->inc_func = increment_be; - } - ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; - ctx->in_block=malloc(ctx->blocksize_B); - if(ctx->in_block==NULL){ - return 0x11; - } - return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); -} - -void bcal_ctr_free(bcal_ctr_ctx_t* ctx){ - free(ctx->in_block); - bcal_cipher_free(&(ctx->cctx)); -} - -void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx){ - if(iv){ - memcpy(ctx->in_block, iv, ctx->blocksize_B); - } -} - -void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx){ - uint8_t tmp[ctx->blocksize_B]; - memcpy(tmp, ctx->in_block, ctx->blocksize_B); - bcal_cipher_enc(tmp, &(ctx->cctx)); - memxor(block, tmp, ctx->blocksize_B); - ctx->inc_func(ctx->in_block, ctx->blocksize_B); -} - -void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx){ - bcal_ctr_encNext(block, ctx); -} - -void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){ - bcal_ctr_loadIV(iv, ctx); - uint16_t blocksize_b; - blocksize_b = ctx->blocksize_B*8; - while(msg_len_b>blocksize_b){ - bcal_ctr_encNext(msg, ctx); - msg_len_b -= blocksize_b; - msg = (uint8_t*)msg + ctx->blocksize_B; - } - uint8_t tmp[ctx->blocksize_B]; - memcpy(tmp, ctx->in_block, ctx->blocksize_B); - bcal_cipher_enc(tmp, &(ctx->cctx)); - ctx->inc_func(ctx->in_block, ctx->blocksize_B); - tmp[msg_len_b/8] = 0xff00>>(msg_len_b&7); - memxor(msg, tmp, (msg_len_b+7)/8); -} - -void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){ - bcal_ctr_encMsg(iv, msg, msg_len_b, ctx); -} - diff --git a/bcal-ctr.h b/bcal-ctr.h deleted file mode 100644 index 55de485..0000000 --- a/bcal-ctr.h +++ /dev/null @@ -1,45 +0,0 @@ -/* bcal-ctr.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef BCALCTR_H_ -#define BCALCTR_H_ - -#include -#include "bcal-basic.h" -#include "blockcipher_descriptor.h" - -typedef void(*inc_fp_t)(void* block, uint8_t size_B); - -typedef struct{ - bcdesc_t* desc; - bcgen_ctx_t cctx; - uint8_t* in_block; - inc_fp_t inc_func; - uint8_t blocksize_B; -} bcal_ctr_ctx_t; - -uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx); -void bcal_ctr_free(bcal_ctr_ctx_t* ctx); -void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx); -void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx); -void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx); -void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx); -void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx); - -#endif /* BCALCTR_H_ */ diff --git a/bcal-eax.c b/bcal-eax.c deleted file mode 100644 index 9dceccd..0000000 --- a/bcal-eax.c +++ /dev/null @@ -1,119 +0,0 @@ -/* bca-eax.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include -#include "bcal-basic.h" -#include "blockcipher_descriptor.h" -#include "bcal-cmac.h" -#include "bcal-ctr.h" -#include "bcal-eax.h" -#include "memxor.h" - -uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx){ - uint8_t r; - ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; - ctx->nonce = malloc(ctx->blocksize_B); - if(ctx->nonce==NULL){ - return 0x81; - } - r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ctag)); - if(r){ - return r; - } - r = bcal_cmac_init(desc, key, keysize_b, &(ctx->htag)); - if(r){ - return (r|0x10); - } - r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ntag)); - if(r){ - return (r|0x20); - } - r = bcal_ctr_init(desc, key, keysize_b, NULL, &(ctx->cipher)); - if(r){ - return (r|0x30); - } - ctx->header_set=0; - uint8_t tmp[ctx->blocksize_B]; - memset(tmp, 0, ctx->blocksize_B); - bcal_cmac_nextBlock(&(ctx->ntag), tmp); - tmp[ctx->blocksize_B-1]=1; - bcal_cmac_nextBlock(&(ctx->htag), tmp); - tmp[ctx->blocksize_B-1]=2; - bcal_cmac_nextBlock(&(ctx->ctag), tmp); - return 0; -} - -void bcal_eax_free(bcal_eax_ctx_t* ctx){ - bcal_ctr_free(&(ctx->cipher)); - bcal_cmac_free(&(ctx->ctag)); - bcal_cmac_free(&(ctx->htag)); - bcal_cmac_free(&(ctx->ntag)); - free(ctx->nonce); -} - -void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx){ - bcal_cmac_lastBlock(&(ctx->ntag), nonce, length_b); - bcal_cmac_ctx2mac(ctx->nonce, ctx->blocksize_B*8, &(ctx->ntag)); - bcal_ctr_loadIV(ctx->nonce, &(ctx->cipher)); -} - -void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx){ - bcal_cmac_nextBlock(&(ctx->htag), header); -} - -void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx){ - bcal_cmac_lastBlock(&(ctx->htag), header, length_b); - ctx->header_set = 1; -} - -void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx){ - bcal_ctr_encNext(block, &(ctx->cipher)); - bcal_cmac_nextBlock(&(ctx->ctag), block); -} - -void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){ - bcal_ctr_encMsg(NULL, block, length_b, &(ctx->cipher)); - bcal_cmac_lastBlock(&(ctx->ctag), block, length_b); -} - -void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx){ - bcal_cmac_nextBlock(&(ctx->ctag), block); - bcal_ctr_decNext(block, &(ctx->cipher)); -} - -void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){ - bcal_cmac_lastBlock(&(ctx->ctag), block, length_b); - bcal_ctr_decMsg(NULL, block, length_b, &(ctx->cipher)); -} - -void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx){ - uint8_t tmp[ctx->blocksize_B]; - if(ctx->header_set==0){ - bcal_cmac_lastBlock(&(ctx->htag), NULL, 0); - } - - bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->htag)); - memxor(ctx->nonce, tmp, ctx->blocksize_B); - - bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->ctag)); - memxor(ctx->nonce, tmp, ctx->blocksize_B); - memcpy(dest, ctx->nonce, (length_b+7)/8); -} - diff --git a/bcal-eax.h b/bcal-eax.h deleted file mode 100644 index 190eee9..0000000 --- a/bcal-eax.h +++ /dev/null @@ -1,53 +0,0 @@ -/* bcal-eax.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef BCALEAX_H_ -#define BCALEAX_H_ - -#include -#include -#include "bcal-basic.h" -#include "blockcipher_descriptor.h" -#include "bcal-cmac.h" -#include "bcal-ctr.h" - -typedef struct{ - uint8_t* nonce; - bcal_cmac_ctx_t ntag; - bcal_cmac_ctx_t ctag; - bcal_cmac_ctx_t htag; - bcal_ctr_ctx_t cipher; - uint8_t blocksize_B; - uint8_t header_set; -} bcal_eax_ctx_t; - -uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx); -void bcal_eax_free(bcal_eax_ctx_t* ctx); -void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx); -void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx); -void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx); -void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx); -void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx); -void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx); -void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx); -void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx); -//void bcal_eax(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_eax_ctx_t* ctx); - -#endif /* BCALEAX_H_ */ - diff --git a/bcal-ofb.c b/bcal-ofb.c deleted file mode 100644 index d7ae757..0000000 --- a/bcal-ofb.c +++ /dev/null @@ -1,76 +0,0 @@ -/* bcal-ofb.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include -#include -#include "bcal-ofb.h" -#include "bcal-basic.h" -#include "memxor.h" - - -uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx){ - ctx->desc = (bcdesc_t*)desc; - ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; - ctx->in_block=malloc(ctx->blocksize_B); - if(ctx->in_block==NULL){ - return 0x11; - } - return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); -} - -void bcal_ofb_free(bcal_ofb_ctx_t* ctx){ - free(ctx->in_block); - bcal_cipher_free(&(ctx->cctx)); -} - -void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx){ - if(iv){ - memcpy(ctx->in_block, iv, ctx->blocksize_B); - } -} - -void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx){ - bcal_cipher_enc(ctx->in_block , &(ctx->cctx)); - memxor(block, ctx->in_block, ctx->blocksize_B); -} - -void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx){ - bcal_cipher_enc(ctx->in_block , &(ctx->cctx)); - memxor(block, ctx->in_block, ctx->blocksize_B); -} - - -void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){ - uint16_t block_len_b; - block_len_b = ctx->blocksize_B*8; - bcal_ofb_loadIV(iv, ctx); - while(msg_len_b>block_len_b){ - bcal_ofb_encNext(msg, ctx); - msg_len_b -= block_len_b; - msg = (uint8_t*)msg + ctx->blocksize_B; - } - bcal_cipher_enc(ctx->in_block, &(ctx->cctx)); - ctx->in_block[msg_len_b/8] = 0xff00>>(msg_len_b&7); - memxor(msg, ctx->in_block, (msg_len_b+7)/8); -} - -void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){ - bcal_ofb_encMsg(iv, msg, msg_len_b, ctx); -} - diff --git a/bcal-ofb.h b/bcal-ofb.h deleted file mode 100644 index aa69c05..0000000 --- a/bcal-ofb.h +++ /dev/null @@ -1,46 +0,0 @@ -/* bcal-ofb.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#ifndef BCALOFB_H_ -#define BCALOFB_H_ - -#include -#include "bcal-basic.h" -#include "blockcipher_descriptor.h" - - -typedef struct{ - bcdesc_t* desc; - bcgen_ctx_t cctx; - uint8_t* in_block; - uint8_t blocksize_B; -} bcal_ofb_ctx_t; - - -uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx); -void bcal_ofb_free(bcal_ofb_ctx_t* ctx); -void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx); -void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx); -void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx); -void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx); -void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx); - - -#endif /* BCALOFB_H_ */ diff --git a/bcal-performance.c b/bcal-performance.c deleted file mode 100644 index 36cc823..0000000 --- a/bcal-performance.c +++ /dev/null @@ -1,225 +0,0 @@ -/* bcal-performance.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * \file bcal-performance.c - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2010-02-16 - * \license GPLv3 or later - * - */ - -#include "bcal-performance.h" -#include "keysize_descriptor.h" -#include "blockcipher_descriptor.h" -#include "performance_test.h" -#include "stack_measuring.h" -#include "cli.h" -#include -#include -#include -#include - -#define PATTERN_A 0xAA -#define PATTERN_B 0x55 - - -static -void printvalue(unsigned long v){ - char str[20]; - int i; - ultoa(v, str, 10); - for(i=0; i<10-strlen(str); ++i){ - cli_putc(' '); - } - cli_putstr(str); -} - -void bcal_performance(const bcdesc_t* bcd){ - bcdesc_t bc; - memcpy_P(&bc, bcd, sizeof(bcdesc_t)); - uint8_t ctx[bc.ctxsize_B]; - uint8_t data[(bc.blocksize_b+7)/8]; - uint16_t keysize = get_keysize(bc.valid_keysize_desc); - uint8_t key[(keysize+7)/8]; - uint64_t t; - uint8_t i; - - if(bc.type!=BCDESC_TYPE_BLOCKCIPHER) - return; - calibrateTimer(); - print_overhead(); - cli_putstr_P(PSTR("\r\n\r\n === ")); - cli_putstr_P(bc.name); - cli_putstr_P(PSTR(" performance === " - "\r\n type: blockcipher" - "\r\n keysize (bits): ")); - printvalue(keysize); - - cli_putstr_P(PSTR("\r\n ctxsize (bytes): ")); - printvalue(bc.ctxsize_B); - - cli_putstr_P(PSTR("\r\n blocksize (bits): ")); - printvalue(bc.blocksize_b); - - - - t=0; - if(bc.init.init1){ - if((bc.flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){ - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - (bc.init.init1)(key, &ctx); - STOP_TIMER; - t += stopTimer(); - if(i!=31 && bc.free){ - bc.free(&ctx); - } - } - } else { - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - (bc.init.init2)(key, keysize, &ctx); - STOP_TIMER; - t += stopTimer(); - if(i!=31 && bc.free){ - bc.free(&ctx); - } - } - } - t>>=5; - cli_putstr_P(PSTR("\r\n init (cycles): ")); - printvalue(t); - } - t=0; - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - bc.enc.enc1(data, &ctx); - STOP_TIMER; - t += stopTimer(); - } - t>>=5; - cli_putstr_P(PSTR("\r\n encrypt (cycles): ")); - printvalue(t); - - t=0; - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - bc.dec.dec1(data, &ctx); - STOP_TIMER; - t += stopTimer(); - } - t>>=5; - cli_putstr_P(PSTR("\r\n decrypt (cycles): ")); - printvalue(t); - - if(bc.free){ - bc.free(&ctx); - } -} - -void bcal_stacksize(const bcdesc_t* bcd){ - bcdesc_t bc; - stack_measuring_ctx_t smctx; - memcpy_P(&bc, bcd, sizeof(bcdesc_t)); - uint8_t ctx[bc.ctxsize_B]; - uint8_t data[(bc.blocksize_b+7)/8]; - uint16_t keysize = get_keysize(bc.valid_keysize_desc); - uint8_t key[(keysize+7)/8]; - uint16_t t1, t2; - - if(bc.type!=BCDESC_TYPE_BLOCKCIPHER) - return; - cli_putstr_P(PSTR("\r\n\r\n === ")); - cli_putstr_P(bc.name); - cli_putstr_P(PSTR(" stack-usage === ")); - - if(bc.init.init1){ - if((bc.flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){ - cli(); - stack_measure_init(&smctx, PATTERN_A); - bc.init.init1(&ctx, key); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - bc.init.init1(&ctx, key); - t2 = stack_measure_final(&smctx); - sei(); - } else { - cli(); - stack_measure_init(&smctx, PATTERN_A); - bc.init.init2(&ctx, keysize, key); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - bc.init.init2(&ctx, keysize, key); - t2 = stack_measure_final(&smctx); - sei(); - } - t1 = (t1>t2)?t1:t2; - cli_putstr_P(PSTR("\r\n init (bytes): ")); - printvalue((unsigned long)t1); - } - cli(); - stack_measure_init(&smctx, PATTERN_A); - bc.enc.enc1(data, &ctx); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - bc.enc.enc1(data, &ctx); - t2 = stack_measure_final(&smctx); - sei(); - - t1 = (t1>t2)?t1:t2; - cli_putstr_P(PSTR("\r\n encBlock (bytes): ")); - printvalue((unsigned long)t1); - - cli(); - stack_measure_init(&smctx, PATTERN_A); - bc.dec.dec1(data, &ctx); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - bc.dec.dec1(data, &ctx); - t2 = stack_measure_final(&smctx); - sei(); - - t1 = (t1>t2)?t1:t2; - cli_putstr_P(PSTR("\r\n decBlock (bytes): ")); - printvalue((unsigned long)t1); - - if(bc.free){ - bc.free(&ctx); - } -} - -void bcal_performance_multiple(const bcdesc_t** bcd_list){ - const bcdesc_t* bcd; - for(;;){ - bcd = (void*)pgm_read_word(bcd_list); - if(!bcd){ - cli_putstr_P(PSTR("\r\n\r\n End of performance figures\r\n")); - return; - } - bcal_performance(bcd); - bcal_stacksize(bcd); - bcd_list = (void*)((uint8_t*)bcd_list + 2); - } -} diff --git a/bcal-performance.h b/bcal-performance.h deleted file mode 100644 index b8c5666..0000000 --- a/bcal-performance.h +++ /dev/null @@ -1,38 +0,0 @@ -/* bcal-performance.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * \file bcal-performance.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2010-02-16 - * \license GPLv3 or later - * - */ - -#ifndef BCAL_PERFORMANCE_H_ -#define BCAL_PERFORMANCE_H_ - -#include "blockcipher_descriptor.h" - -void bcal_performance(const bcdesc_t* hd); -void bcal_performance_multiple(const bcdesc_t** hd_list); - - -#endif /* BCAL_PERFORMANCE_H_ */ diff --git a/bcal_aes128.c b/bcal_aes128.c deleted file mode 100644 index 946d7a9..0000000 --- a/bcal_aes128.c +++ /dev/null @@ -1,55 +0,0 @@ -/* bcal_aes128.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_aes128.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-08 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "aes.h" -#include "aes128_enc.h" -#include "aes128_dec.h" -#include "aes_keyschedule.h" -#include "keysize_descriptor.h" - -const char aes128_str[] PROGMEM = "AES-128"; - -const uint8_t aes128_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128), - KS_TYPE_TERMINATOR }; - -const bcdesc_t aes128_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - aes128_str, - sizeof(aes128_ctx_t), - 128, - {(void_fpt)aes128_init}, - {(void_fpt)aes128_enc}, - {(void_fpt)aes128_dec}, - (bc_free_fpt)NULL, - aes128_keysize_desc -}; - - diff --git a/bcal_aes128.h b/bcal_aes128.h deleted file mode 100644 index 7257425..0000000 --- a/bcal_aes128.h +++ /dev/null @@ -1,35 +0,0 @@ -/* bcal_aes128.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_aes128.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-08 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "aes.h" -#include "aes128_enc.h" -#include "aes128_dec.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t aes128_desc; diff --git a/bcal_aes192.c b/bcal_aes192.c deleted file mode 100644 index 48f9954..0000000 --- a/bcal_aes192.c +++ /dev/null @@ -1,55 +0,0 @@ -/* bcal_aes192.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_aes192.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-08 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "aes.h" -#include "aes192_enc.h" -#include "aes192_dec.h" -#include "aes_keyschedule.h" -#include "keysize_descriptor.h" - -const char aes192_str[] PROGMEM = "AES-192"; - -const uint8_t aes192_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(192), - KS_TYPE_TERMINATOR }; - -const bcdesc_t aes192_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - aes192_str, - sizeof(aes192_ctx_t), - 128, - {(void_fpt)aes192_init}, - {(void_fpt)aes192_enc}, - {(void_fpt)aes192_dec}, - (bc_free_fpt)NULL, - aes192_keysize_desc -}; - - diff --git a/bcal_aes192.h b/bcal_aes192.h deleted file mode 100644 index cff8371..0000000 --- a/bcal_aes192.h +++ /dev/null @@ -1,35 +0,0 @@ -/* bcal_aes192.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_aes192.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-08 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "aes.h" -#include "aes192_enc.h" -#include "aes192_dec.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t aes192_desc; diff --git a/bcal_aes256.c b/bcal_aes256.c deleted file mode 100644 index 12f5665..0000000 --- a/bcal_aes256.c +++ /dev/null @@ -1,55 +0,0 @@ -/* bcal_aes256.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_aes256.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-08 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "aes.h" -#include "aes256_enc.h" -#include "aes256_dec.h" -#include "aes_keyschedule.h" -#include "keysize_descriptor.h" - -const char aes256_str[] PROGMEM = "AES-256"; - -const uint8_t aes256_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(256), - KS_TYPE_TERMINATOR }; - -const bcdesc_t aes256_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - aes256_str, - sizeof(aes256_ctx_t), - 128, - {(void_fpt)aes256_init}, - {(void_fpt)aes256_enc}, - {(void_fpt)aes256_dec}, - (bc_free_fpt)NULL, - aes256_keysize_desc -}; - - diff --git a/bcal_aes256.h b/bcal_aes256.h deleted file mode 100644 index 19dbb50..0000000 --- a/bcal_aes256.h +++ /dev/null @@ -1,35 +0,0 @@ -/* bcal_aes256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_aes256.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-08 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "aes.h" -#include "aes256_enc.h" -#include "aes256_dec.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t aes256_desc; diff --git a/bcal_camellia128.c b/bcal_camellia128.c deleted file mode 100644 index a891b9d..0000000 --- a/bcal_camellia128.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_camellia128.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_camellia128.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "camellia.h" -#include "keysize_descriptor.h" - -const char camellia128_str[] PROGMEM = "Camellia-128"; - -const uint8_t camellia128_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128), - KS_TYPE_TERMINATOR }; - -const bcdesc_t camellia128_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - camellia128_str, - sizeof(camellia128_ctx_t), - 128, - {(void_fpt)camellia128_init}, - {(void_fpt)camellia128_enc}, - {(void_fpt)camellia128_dec}, - (bc_free_fpt)NULL, - camellia128_keysize_desc -}; - - diff --git a/bcal_camellia128.h b/bcal_camellia128.h deleted file mode 100644 index bbe0199..0000000 --- a/bcal_camellia128.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_camellia128.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_camellia128.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "camellia.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t camellia128_desc; diff --git a/bcal_cast5.c b/bcal_cast5.c deleted file mode 100644 index bc91297..0000000 --- a/bcal_cast5.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_cast5.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_cast5.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "cast5.h" -#include "keysize_descriptor.h" - -const char cast5_str[] PROGMEM = "CAST5"; - -const uint8_t cast5_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(0), KS_INT(128), - KS_TYPE_TERMINATOR }; - -const bcdesc_t cast5_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - cast5_str, - sizeof(cast5_ctx_t), - 128, - {(void_fpt)cast5_init}, - {(void_fpt)cast5_enc}, - {(void_fpt)cast5_dec}, - (bc_free_fpt)NULL, - cast5_keysize_desc -}; - - diff --git a/bcal_cast5.h b/bcal_cast5.h deleted file mode 100644 index 2b620ea..0000000 --- a/bcal_cast5.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_cast5.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_cast5.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "cast5.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t cast5_desc; diff --git a/bcal_cast6.c b/bcal_cast6.c deleted file mode 100644 index 7df7825..0000000 --- a/bcal_cast6.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_cast6.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_cast6.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-03 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "cast6.h" -#include "keysize_descriptor.h" - -const char cast6_str[] PROGMEM = "CAST-256"; - -const uint8_t cast6_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(0), KS_INT(256), - KS_TYPE_TERMINATOR }; - -const bcdesc_t cast6_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - cast6_str, - sizeof(cast6_ctx_t), - 128, - {(void_fpt)cast6_init}, - {(void_fpt)cast6_enc}, - {(void_fpt)cast6_dec}, - (bc_free_fpt)NULL, - cast6_keysize_desc -}; - - diff --git a/bcal_cast6.h b/bcal_cast6.h deleted file mode 100644 index c327cf6..0000000 --- a/bcal_cast6.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_cast6.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_cast6.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-03 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "cast6.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t cast6_desc; diff --git a/bcal_des.c b/bcal_des.c deleted file mode 100644 index 04ed5e5..0000000 --- a/bcal_des.c +++ /dev/null @@ -1,61 +0,0 @@ -/* bcal_des.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_des.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "des.h" -#include "keysize_descriptor.h" - -const char des_str[] PROGMEM = "DES"; - -const uint8_t des_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(64), - KS_TYPE_TERMINATOR }; -static -void des_dummy_enc(void* block, void* key){ - des_enc(block, block, key); -} - -static -void des_dummy_dec(void* block, void* key){ - des_dec(block, block, key); -} - -const bcdesc_t des_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - des_str, - 8, - 128, - {(void_fpt)NULL}, - {(void_fpt)des_dummy_enc}, - {(void_fpt)des_dummy_dec}, - (bc_free_fpt)NULL, - des_keysize_desc -}; - - diff --git a/bcal_des.h b/bcal_des.h deleted file mode 100644 index 84f76d2..0000000 --- a/bcal_des.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_des.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_des.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "des.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t des_desc; diff --git a/bcal_noekeon.c b/bcal_noekeon.c deleted file mode 100644 index c58bdcb..0000000 --- a/bcal_noekeon.c +++ /dev/null @@ -1,41 +0,0 @@ -/* bcal_noekeon.c */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "noekeon.h" -#include "keysize_descriptor.h" - -const char noekeon_direct_str[] PROGMEM = "Noekeon-Direct"; -const char noekeon_indirect_str[] PROGMEM = "Noekeon-Indirect"; - -const uint8_t noekeon_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128), - KS_TYPE_TERMINATOR }; - -const bcdesc_t noekeon_direct_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_ENC_TYPE_1, - noekeon_direct_str, - 16, - 128, - {(void_fpt)NULL}, - {(void_fpt)noekeon_enc}, - {(void_fpt)noekeon_dec}, - (bc_free_fpt)NULL, - noekeon_keysize_desc -}; - -const bcdesc_t noekeon_indirect_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1 | BC_ENC_TYPE_1, - noekeon_indirect_str, - 16, - 128, - {(void_fpt)noekeon_init}, - {(void_fpt)noekeon_enc}, - {(void_fpt)noekeon_dec}, - (bc_free_fpt)NULL, - noekeon_keysize_desc -}; - - diff --git a/bcal_noekeon.h b/bcal_noekeon.h deleted file mode 100644 index e8ea544..0000000 --- a/bcal_noekeon.h +++ /dev/null @@ -1,10 +0,0 @@ -/* bcal_noekeon.h */ - -#include -#include "blockcipher_descriptor.h" -#include "noekeon.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t noekeon_direct_desc; -extern const bcdesc_t noekeon_indirect_desc; - diff --git a/bcal_present.c b/bcal_present.c deleted file mode 100644 index 96842b1..0000000 --- a/bcal_present.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_present.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_present.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "present.h" -#include "keysize_descriptor.h" - -const char present_str[] PROGMEM = "Present"; - -const uint8_t present_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(80), - KS_TYPE_TERMINATOR }; - -const bcdesc_t present_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - present_str, - sizeof(present_ctx_t), - 64, - {(void_fpt)present_init}, - {(void_fpt)present_enc}, - {(void_fpt)present_dec}, - (bc_free_fpt)NULL, - present_keysize_desc -}; - - diff --git a/bcal_present.h b/bcal_present.h deleted file mode 100644 index 1de8365..0000000 --- a/bcal_present.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_present.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_present.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "present.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t present_desc; diff --git a/bcal_rc5.c b/bcal_rc5.c deleted file mode 100644 index 9702168..0000000 --- a/bcal_rc5.c +++ /dev/null @@ -1,59 +0,0 @@ -/* bcal_rc5.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_rc5.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "rc5.h" -#include "keysize_descriptor.h" - -#define RC5_ROUNDS 12 - -const char rc5_str[] PROGMEM = "RC5"; - -const uint8_t rc5_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(1), KS_INT(2040), - KS_TYPE_TERMINATOR }; - -static -void rc5_dummy_init(void* key, uint16_t keysize_b, void* ctx){ - rc5_init(key, keysize_b, RC5_ROUNDS, ctx); -} - -const bcdesc_t rc5_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - rc5_str, - sizeof(rc5_ctx_t), - 128, - {(void_fpt)rc5_dummy_init}, - {(void_fpt)rc5_enc}, - {(void_fpt)rc5_dec}, - (bc_free_fpt)rc5_free, - rc5_keysize_desc -}; - - diff --git a/bcal_rc5.h b/bcal_rc5.h deleted file mode 100644 index 30d2100..0000000 --- a/bcal_rc5.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_rc5.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_rc5.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "rc5.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t rc5_desc; diff --git a/bcal_rc6.c b/bcal_rc6.c deleted file mode 100644 index e1b98e1..0000000 --- a/bcal_rc6.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_rc6.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_rc6.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "rc6.h" -#include "keysize_descriptor.h" - -const char rc6_str[] PROGMEM = "RC6"; - -const uint8_t rc6_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(1), KS_INT(2040), - KS_TYPE_TERMINATOR }; - -const bcdesc_t rc6_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - rc6_str, - sizeof(rc6_ctx_t), - 128, - {(void_fpt)rc6_init}, - {(void_fpt)rc6_enc}, - {(void_fpt)rc6_dec}, - (bc_free_fpt)rc6_free, - rc6_keysize_desc -}; - - diff --git a/bcal_rc6.h b/bcal_rc6.h deleted file mode 100644 index f6d0d1b..0000000 --- a/bcal_rc6.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_rc6.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_rc6.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "rc6.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t rc6_desc; diff --git a/bcal_seed.c b/bcal_seed.c deleted file mode 100644 index 590f027..0000000 --- a/bcal_seed.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_seed.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_seed.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "seed.h" -#include "keysize_descriptor.h" - -const char seed_str[] PROGMEM = "SEED"; - -const uint8_t seed_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128), - KS_TYPE_TERMINATOR }; - -const bcdesc_t seed_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - seed_str, - sizeof(seed_ctx_t), - 128, - {(void_fpt)seed_init}, - {(void_fpt)seed_enc}, - {(void_fpt)seed_dec}, - (bc_free_fpt)NULL, - seed_keysize_desc -}; - - diff --git a/bcal_seed.h b/bcal_seed.h deleted file mode 100644 index a8bdf2c..0000000 --- a/bcal_seed.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_seed.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_seed.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "seed.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t seed_desc; diff --git a/bcal_serpent.c b/bcal_serpent.c deleted file mode 100644 index df1b578..0000000 --- a/bcal_serpent.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_serpent.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_serpent.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "serpent.h" -#include "keysize_descriptor.h" - -const char serpent_str[] PROGMEM = "serpent"; - -const uint8_t serpent_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(1), KS_INT(256), - KS_TYPE_TERMINATOR }; - -const bcdesc_t serpent_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - serpent_str, - sizeof(serpent_ctx_t), - 128, - {(void_fpt)serpent_init}, - {(void_fpt)serpent_enc}, - {(void_fpt)serpent_dec}, - (bc_free_fpt)NULL, - serpent_keysize_desc -}; - - diff --git a/bcal_serpent.h b/bcal_serpent.h deleted file mode 100644 index 60fc8cc..0000000 --- a/bcal_serpent.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_serpent.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_serpent.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "serpent.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t serpent_desc; diff --git a/bcal_skipjack.c b/bcal_skipjack.c deleted file mode 100644 index 09caead..0000000 --- a/bcal_skipjack.c +++ /dev/null @@ -1,52 +0,0 @@ -/* bcal_skipjack.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_skipjack.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "skipjack.h" -#include "keysize_descriptor.h" - -const char skipjack_str[] PROGMEM = "Skipjack"; - -const uint8_t skipjack_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(80), - KS_TYPE_TERMINATOR }; - -const bcdesc_t skipjack_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - skipjack_str, - 10, - 64, - {(void_fpt)NULL}, - {(void_fpt)skipjack_enc}, - {(void_fpt)skipjack_dec}, - (bc_free_fpt)NULL, - skipjack_keysize_desc -}; - - diff --git a/bcal_skipjack.h b/bcal_skipjack.h deleted file mode 100644 index e238141..0000000 --- a/bcal_skipjack.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_skipjack.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_skipjack.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "skipjack.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t skipjack_desc; diff --git a/bcal_tdes.c b/bcal_tdes.c deleted file mode 100644 index 6a6f49d..0000000 --- a/bcal_tdes.c +++ /dev/null @@ -1,62 +0,0 @@ -/* bcal_tdes.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_tdes.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "des.h" -#include "keysize_descriptor.h" - -const char tdes_str[] PROGMEM = "TDES"; - -const uint8_t tdes_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(192), - KS_TYPE_TERMINATOR }; - -static -void tdes_dummy_enc(void* block, void* key){ - tdes_enc(block, block, key); -} - -static -void tdes_dummy_dec(void* block, void* key){ - tdes_dec(block, block, key); -} - -const bcdesc_t tdes_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - tdes_str, - 24, - 64, - {(void_fpt)NULL}, - {(void_fpt)tdes_dummy_enc}, - {(void_fpt)tdes_dummy_dec}, - (bc_free_fpt)NULL, - tdes_keysize_desc -}; - - diff --git a/bcal_tdes.h b/bcal_tdes.h deleted file mode 100644 index e2f2b31..0000000 --- a/bcal_tdes.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_tdes.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_tdes.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "des.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t tdes_desc; diff --git a/bcal_tdes2.c b/bcal_tdes2.c deleted file mode 100644 index d763366..0000000 --- a/bcal_tdes2.c +++ /dev/null @@ -1,70 +0,0 @@ -/* bcal_tdes2.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_tdes.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-02 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "des.h" -#include "keysize_descriptor.h" - -const char tdes2_str[] PROGMEM = "TDES-2"; - -const uint8_t tdes2_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128), - KS_TYPE_TERMINATOR }; - -static -void tdes_dummy_enc(void* block, void* key){ - tdes_enc(block, block, key); -} - -static -void tdes_dummy_dec(void* block, void* key){ - tdes_dec(block, block, key); -} - -static -void tdes2_init(void* key, void* ctx){ - memcpy(ctx, key, 16); - memcpy((uint8_t*)ctx+16, key, 8); -} - - - -const bcdesc_t tdes2_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - tdes2_str, - 24, - 64, - {(void_fpt)tdes2_init}, - {(void_fpt)tdes_dummy_enc}, - {(void_fpt)tdes_dummy_dec}, - (bc_free_fpt)NULL, - tdes2_keysize_desc -}; - - diff --git a/bcal_tdes2.h b/bcal_tdes2.h deleted file mode 100644 index 4dac992..0000000 --- a/bcal_tdes2.h +++ /dev/null @@ -1,38 +0,0 @@ -/* bcal_tdes2.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_tdes.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#ifndef BCAL_TDES2_H_ -#define BCAL_TDES2_H_ - -#include -#include "blockcipher_descriptor.h" -#include "des.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t tdes2_desc; - -#endif /* BCAL_TDES2_H_ */ diff --git a/bcal_threefish1024.c b/bcal_threefish1024.c deleted file mode 100644 index 8f1a108..0000000 --- a/bcal_threefish1024.c +++ /dev/null @@ -1,56 +0,0 @@ -/* bcal_threefish1024.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_threefish1024.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-20 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "threefish.h" -#include "keysize_descriptor.h" - -const char threefish1024_str[] PROGMEM = "Threefish-1024"; - -const uint8_t threefish1024_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(1024), - KS_TYPE_TERMINATOR }; - -static void threefish1024_dummy_init(void* key, void* ctx){ - threefish1024_init(key, NULL, ctx); -} - -const bcdesc_t threefish1024_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - threefish1024_str, - sizeof(threefish1024_ctx_t), - 1024, - {(void_fpt)threefish1024_dummy_init}, - {(void_fpt)threefish1024_enc}, - {(void_fpt)threefish1024_dec}, - (bc_free_fpt)NULL, - threefish1024_keysize_desc -}; - - diff --git a/bcal_threefish1024.h b/bcal_threefish1024.h deleted file mode 100644 index 67c9b3c..0000000 --- a/bcal_threefish1024.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_threefis1024.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_threefish1024.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-20 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "threefish.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t threefish1024_desc; diff --git a/bcal_threefish256.c b/bcal_threefish256.c deleted file mode 100644 index f95f1a2..0000000 --- a/bcal_threefish256.c +++ /dev/null @@ -1,56 +0,0 @@ -/* bcal_threefish256.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_threefish256.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-20 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "threefish.h" -#include "keysize_descriptor.h" - -const char threefish256_str[] PROGMEM = "Threefish-256"; - -const uint8_t threefish256_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(256), - KS_TYPE_TERMINATOR }; - -static void threefish256_dummy_init(void* key, void* ctx){ - threefish256_init(key, NULL, ctx); -} - -const bcdesc_t threefish256_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - threefish256_str, - sizeof(threefish256_ctx_t), - 256, - {(void_fpt)threefish256_dummy_init}, - {(void_fpt)threefish256_enc}, - {(void_fpt)threefish256_dec}, - (bc_free_fpt)NULL, - threefish256_keysize_desc -}; - - diff --git a/bcal_threefish256.h b/bcal_threefish256.h deleted file mode 100644 index d2819bf..0000000 --- a/bcal_threefish256.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_threefis256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_threefish256.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-20 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "threefish.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t threefish256_desc; diff --git a/bcal_threefish512.c b/bcal_threefish512.c deleted file mode 100644 index ff61a74..0000000 --- a/bcal_threefish512.c +++ /dev/null @@ -1,56 +0,0 @@ -/* bcal_threefish512.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_threefish512.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-20 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "threefish.h" -#include "keysize_descriptor.h" - -const char threefish512_str[] PROGMEM = "Threefish-512"; - -const uint8_t threefish512_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(512), - KS_TYPE_TERMINATOR }; - -static void threefish512_dummy_init(void* key, void* ctx){ - threefish512_init(key, NULL, ctx); -} - -const bcdesc_t threefish512_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_1, - threefish512_str, - sizeof(threefish512_ctx_t), - 512, - {(void_fpt)threefish512_dummy_init}, - {(void_fpt)threefish512_enc}, - {(void_fpt)threefish512_dec}, - (bc_free_fpt)NULL, - threefish512_keysize_desc -}; - - diff --git a/bcal_threefish512.h b/bcal_threefish512.h deleted file mode 100644 index 8f87d65..0000000 --- a/bcal_threefish512.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_threefis512.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_threefish512.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-20 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "threefish.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t threefish512_desc; diff --git a/bcal_xtea.c b/bcal_xtea.c deleted file mode 100644 index 5902c10..0000000 --- a/bcal_xtea.c +++ /dev/null @@ -1,62 +0,0 @@ -/* bcal_xtea.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_xtea.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "blockcipher_descriptor.h" -#include "xtea.h" -#include "keysize_descriptor.h" - -const char xtea_str[] PROGMEM = "XTEA"; - -const uint8_t xtea_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128), - KS_TYPE_TERMINATOR }; - -static -void xtea_dummy_enc(void* block, void* key){ - xtea_enc(block, block, key); -} - -static -void xtea_dummy_dec(void* block, void* key){ - xtea_dec(block, block, key); -} - -const bcdesc_t xtea_desc PROGMEM = { - BCDESC_TYPE_BLOCKCIPHER, - BC_INIT_TYPE_2, - xtea_str, - 16, - 64, - {(void_fpt)NULL}, - {(void_fpt)xtea_dummy_enc}, - {(void_fpt)xtea_dummy_dec}, - (bc_free_fpt)NULL, - xtea_keysize_desc -}; - - diff --git a/bcal_xtea.h b/bcal_xtea.h deleted file mode 100644 index 66e6d26..0000000 --- a/bcal_xtea.h +++ /dev/null @@ -1,33 +0,0 @@ -/* bcal_xtea.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bcal_xtea.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-09 - * \license GPLv3 or later - * - */ - -#include -#include "blockcipher_descriptor.h" -#include "xtea.h" -#include "keysize_descriptor.h" - -extern const bcdesc_t xtea_desc; diff --git a/blake/blake_large.c b/blake/blake_large.c index af967e2..d2425e6 100644 --- a/blake/blake_large.c +++ b/blake/blake_large.c @@ -28,7 +28,7 @@ #include #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "blake_large.h" #include "blake_common.h" diff --git a/blake/blake_small.c b/blake/blake_small.c index 0f99668..8425ac0 100644 --- a/blake/blake_small.c +++ b/blake/blake_small.c @@ -28,7 +28,7 @@ #include #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "blake_small.h" #include "blake_common.h" diff --git a/blake/memxor.S b/blake/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/blake/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/blake/memxor.h b/blake/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/blake/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/bmw/bmw_small.c b/bmw/bmw_small.c index 349ccf8..955c915 100644 --- a/bmw/bmw_small.c +++ b/bmw/bmw_small.c @@ -28,7 +28,7 @@ #include #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "bmw_small.h" diff --git a/bmw/memxor.S b/bmw/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/bmw/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/bmw/memxor.h b/bmw/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/bmw/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/cubehash/cubehash.c b/cubehash/cubehash.c index 0cc62b0..318d553 100644 --- a/cubehash/cubehash.c +++ b/cubehash/cubehash.c @@ -26,7 +26,7 @@ */ -#include "memxor.h" +#include "memxor/memxor.h" #include "cubehash.h" #include "cubehash_rotates.h" #include "xchg.h" diff --git a/cubehash/memxor.S b/cubehash/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/cubehash/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/cubehash/memxor.h b/cubehash/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/cubehash/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/dsa/base64_dec.c b/dsa/base64_dec.c deleted file mode 100644 index 322cec0..0000000 --- a/dsa/base64_dec.c +++ /dev/null @@ -1,246 +0,0 @@ -/* base64_dec.c */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -/** - * base64 decoder (RFC3548) - * Author: Daniel Otte - * License: GPLv3 - * - * - */ - -#include -#include "base64_dec.h" - -#include "test_src/cli.h" - -/* - #define USE_GCC_EXTENSION -*/ -#if 1 - -#ifdef USE_GCC_EXTENSION - -static -int ascii2bit6(char a){ - switch(a){ - case 'A'...'Z': - return a-'A'; - case 'a'...'z': - return a-'a'+26; - case '0'...'9': - return a-'0'+52; - case '+': - case '-': - return 62; - case '/': - case '_': - return 63; - default: - return -1; - } -} - -#else - -static -uint8_t ascii2bit6(char a){ - int r; - switch(a>>4){ - case 0x5: - case 0x4: - r=a-'A'; - if(r<0 || r>25){ - return -1; - } else { - return r; - } - case 0x7: - case 0x6: - r=a-'a'; - if(r<0 || r>25){ - return -1; - } else { - return r+26; - } - break; - case 0x3: - if(a>'9') - return -1; - return a-'0'+52; - default: - break; - } - switch (a){ - case '+': - case '-': - return 62; - case '/': - case '_': - return 63; - default: - return 0xff; - } -} - -#endif - -#else - -static -uint8_t ascii2bit6(uint8_t a){ - if(a>='A' && a<='Z'){ - return a-'A'; - } else { - if(a>='a' && a<= 'z'){ - return a-'a'+26; - } else { - if(a>='0' && a<='9'){ - return a-'0'+52; - } else { - if(a=='+' || a=='-'){ - return 62; - } else { - if(a=='/' || a=='_'){ - return 63; - } else { - return 0xff; - } - } - } - } - } -} - -#endif - -int base64_binlength(char* str, uint8_t strict){ - int l=0; - uint8_t term=0; - for(;;){ - if(*str=='\0') - break; - if(*str=='\n' || *str=='\r'){ - str++; - continue; - } - if(*str=='='){ - term++; - str++; - if(term==2){ - break; - } - continue; - } - if(term) - return -1; - if(ascii2bit6(*str)==-1){ - if(strict) - return -1; - } else { - l++; - } - str++; - } - switch(term){ - case 0: - if(l%4!=0) - return -1; - return l/4*3; - case 1: - if(l%4!=3) - return -1; - return (l+1)/4*3-1; - case 2: - if(l%4!=2) - return -1; - return (l+2)/4*3-2; - default: - return -1; - } -} - -/* - |543210543210543210543210| - |765432107654321076543210| - - . . . . - |54321054|32105432|10543210| - |76543210|76543210|76543210| - -*/ - -int base64dec(void* dest, const char* b64str, uint8_t strict){ - uint8_t buffer[4]; - uint8_t idx=0; - uint8_t term=0; - for(;;){ -// cli_putstr_P(PSTR("\r\n DBG: got 0x")); -// cli_hexdump(b64str, 1); - buffer[idx]= ascii2bit6(*b64str); -// cli_putstr_P(PSTR(" --> 0x")); -// cli_hexdump(buffer+idx, 1); - - if(buffer[idx]==0xFF){ - if(*b64str=='='){ - term++; - b64str++; - if(term==2) - goto finalize; /* definitly the end */ - }else{ - if(*b64str == '\0'){ - goto finalize; /* definitly the end */ - }else{ - if(*b64str == '\r' || *b64str == '\n' || !(strict)){ - b64str++; /* charcters that we simply ignore */ - }else{ - return -1; - } - } - } - }else{ - if(term) - return -1; /* this happens if we get a '=' in the stream */ - idx++; - b64str++; - } - if(idx==4){ - ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4; - ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2; - ((uint8_t*)dest)[2] = buffer[2]<<6 | buffer[3]; - dest = (uint8_t*)dest +3; - idx=0; - } - } - finalize: - /* the final touch */ - if(idx==0) - return 0; - if(term==1){ - ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4; - ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2; - return 0; - } - if(term==2){ - ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4; - return 0; - } - return -1; -} diff --git a/dsa/base64_dec.h b/dsa/base64_dec.h deleted file mode 100644 index 1c9f1d9..0000000 --- a/dsa/base64_dec.h +++ /dev/null @@ -1,29 +0,0 @@ -/* base64_dec.h */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -#ifndef BASE64_DEC_H_ -#define BASE64_DEC_H_ - -#include - -int base64_binlength(char* str, uint8_t strict); -int base64dec(void* dest, const char* b64str, uint8_t strict); - -#endif /*BASE64_DEC_H_*/ diff --git a/dsa/base64_enc.c b/dsa/base64_enc.c deleted file mode 100644 index c588998..0000000 --- a/dsa/base64_enc.c +++ /dev/null @@ -1,117 +0,0 @@ -/* base64_enc.c */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -/** - * base64 encoder (RFC3548) - * Author: Daniel Otte - * License: GPLv3 - * - * - */ - -#include -#include "base64_enc.h" - -#if 1 -#include - -char base64_alphabet[64] PROGMEM = { - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', - 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', - 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', - 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', - 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', - 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', - 'w', 'x', 'y', 'z', '0', '1', '2', '3', - '4', '5', '6', '7', '8', '9', '+', '/' }; - -static -char bit6toAscii(uint8_t a){ - a &= (uint8_t)0x3F; - return pgm_read_byte(base64_alphabet+a); -} - -#else - -static -char bit6toAscii(uint8_t a){ - a &= (uint8_t)0x3F; - - if(a<=25){ - return a+'A'; - } else { - if(a<=51){ - return a-26+'a'; - } else { - if(a<=61){ - return a-52+'0'; - } else { - if(a==62){ - return '+'; - } else { - return '/'; /* a == 63 */ - } - } - } - } -} - -#endif - -void base64enc(char* dest,const void* src, uint16_t length){ - uint16_t i,j; - uint8_t a[4]; - for(i=0; i>2; - a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F; - a[2]= (((((uint8_t*)src)[i*3+1])<<2) | ((((uint8_t*)src)[i*3+2])>>6)) & 0x3F; - a[3]= (((uint8_t*)src)[i*3+2]) & 0x3F; - for(j=0; j<4; ++j){ - *dest++=bit6toAscii(a[j]); - } - } - /* now we do the rest */ - switch(length%3){ - case 0: - break; - case 1: - a[0]=(((uint8_t*)src)[i*3+0])>>2; - a[1]=((((uint8_t*)src)[i*3+0])<<4)&0x3F; - *dest++ = bit6toAscii(a[0]); - *dest++ = bit6toAscii(a[1]); - *dest++ = '='; - *dest++ = '='; - break; - case 2: - a[0]= (((uint8_t*)src)[i*3+0])>>2; - a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F; - a[2]= ((((uint8_t*)src)[i*3+1])<<2) & 0x3F; - *dest++ = bit6toAscii(a[0]); - *dest++ = bit6toAscii(a[1]); - *dest++ = bit6toAscii(a[2]); - *dest++ = '='; - break; - default: /* this will not happen! */ - break; - } -/* finalize: */ - *dest='\0'; -} - diff --git a/dsa/base64_enc.h b/dsa/base64_enc.h deleted file mode 100644 index 89a5f86..0000000 --- a/dsa/base64_enc.h +++ /dev/null @@ -1,28 +0,0 @@ -/* base64_enc.h */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -#ifndef BASE64_ENC_H_ -#define BASE64_ENC_H_ - -#include - -void base64enc(char* dest, const void* src, uint16_t length); - -#endif /*BASE64_ENC_H_*/ diff --git a/dsa/bigint.c b/dsa/bigint.c deleted file mode 100644 index 7004e0d..0000000 --- a/dsa/bigint.c +++ /dev/null @@ -1,808 +0,0 @@ -/* bigint.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file bigint.c - * \author Daniel Otte - * \date 2010-02-22 - * - * \license GPLv3 or later - * - */ - - -#define STRING2(x) #x -#define STRING(x) STRING2(x) -#define STR_LINE STRING(__LINE__) - -#include "bigint.h" -#include -/* -#include "cli.h" -#include "bigint_io.h" -*/ -#ifndef MAX - #define MAX(a,b) (((a)>(b))?(a):(b)) -#endif - -#ifndef MIN - #define MIN(a,b) (((a)<(b))?(a):(b)) -#endif - -#define SET_FBS(a, v) do{(a)->info &=0xF8; (a)->info |= (v);}while(0) -#define GET_FBS(a) ((a)->info&BIGINT_FBS_MASK) -#define SET_NEG(a) (a)->info |= BIGINT_NEG_MASK -#define SET_POS(a) (a)->info &= ~BIGINT_NEG_MASK -#define XCHG(a,b) do{(a)^=(b); (b)^=(a); (a)^=(b);}while(0) -#define XCHG_PTR(a,b) do{ a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \ - b = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \ - a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b)));}while(0) - -#define GET_SIGN(a) ((a)->info&BIGINT_NEG_MASK) - -/******************************************************************************/ -void bigint_adjust(bigint_t* a){ - while(a->length_B!=0 && a->wordv[a->length_B-1]==0){ - a->length_B--; - } - if(a->length_B==0){ - a->info=0; - return; - } - uint8_t t; - uint8_t i = 0x07; - t = a->wordv[a->length_B-1]; - while((t&0x80)==0 && i){ - t<<=1; - i--; - } - SET_FBS(a, i); -} - -/******************************************************************************/ - -void bigint_copy(bigint_t* dest, const bigint_t* src){ - memcpy(dest->wordv, src->wordv, src->length_B); - dest->length_B = src->length_B; - dest->info = src->info; -} - -/******************************************************************************/ - -/* this should be implemented in assembly */ -/* -void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){ - uint16_t t=0, i; - if(a->length_B < b->length_B){ - XCHG_PTR(a,b); - } - for(i=0; ilength_B; ++i){ - t = a->wordv[i] + b->wordv[i] + t; - dest->wordv[i] = (uint8_t)t; - t>>=8; - } - for(; ilength_B; ++i){ - t = a->wordv[i] + t; - dest->wordv[i] = (uint8_t)t; - t>>=8; - } - dest->wordv[i++] = t; - dest->length_B = i; - bigint_adjust(dest); -} -*/ -/******************************************************************************/ - -/* this should be implemented in assembly */ -void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale){ - uint16_t i,j=0; - uint16_t t=0; - if(scale>dest->length_B) - memset(dest->wordv+dest->length_B, 0, scale-dest->length_B); - for(i=scale; ilength_B+scale; ++i,++j){ - t = a->wordv[j] + t; - if(dest->length_B>i){ - t += dest->wordv[i]; - } - dest->wordv[i] = (uint8_t)t; - t>>=8; - } - while(t){ - if(dest->length_B>i){ - t = dest->wordv[i] + t; - } - dest->wordv[i] = (uint8_t)t; - t>>=8; - ++i; - } - if(dest->length_B < i){ - dest->length_B = i; - } - bigint_adjust(dest); -} - -/******************************************************************************/ - -/* this should be implemented in assembly */ -void bigint_sub_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){ - int8_t borrow=0; - int8_t r; - int16_t t; - uint16_t i, min, max; - min = MIN(a->length_B, b->length_B); - max = MAX(a->length_B, b->length_B); - r = bigint_cmp_u(a,b); - if(r==0){ - dest->length_B = 0; - dest->wordv[0] = 0; - bigint_adjust(dest); - return; - } - if(b->length_B==0){ - dest->length_B = a->length_B; - memcpy(dest->wordv, a->wordv, a->length_B); - dest->info = a->info; - SET_POS(dest); - return; - } - if(a->length_B==0){ - dest->length_B = b->length_B; - memcpy(dest->wordv, b->wordv, b->length_B); - dest->info = b->info; - SET_NEG(dest); - return; - } - if(r<0){ - bigint_sub_u(dest, b, a); - SET_NEG(dest); - }else{ - for(i=0; iwordv[i] - b->wordv[i] - borrow; - if(t<0){ - borrow = 1; - dest->wordv[i]=(uint8_t)t; - }else{ - borrow = 0; - dest->wordv[i]=(uint8_t)t; - } - } - for(;iwordv[i] - borrow; - if(t<0){ - borrow = 1; - dest->wordv[i]=(uint8_t)t; - }else{ - borrow = 0; - dest->wordv[i]=(uint8_t)t; - } - - } - SET_POS(dest); - dest->length_B = i; - bigint_adjust(dest); - } -} - -/******************************************************************************/ - -int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){ - if(a->length_B > b->length_B){ - return 1; - } - if(a->length_B < b->length_B){ - return -1; - } - if(a->length_B==0){ - return 0; - } - uint16_t i; - i = a->length_B-1; - do{ - if(a->wordv[i]!=b->wordv[i]){ - if(a->wordv[i]>b->wordv[i]){ - return 1; - }else{ - return -1; - } - } - }while(i--); - return 0; -} - -/******************************************************************************/ - -void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){ - uint8_t s; - s = GET_SIGN(a)?2:0; - s |= GET_SIGN(b)?1:0; - switch(s){ - case 0: /* both positive */ - bigint_add_u(dest, a,b); - SET_POS(dest); - break; - case 1: /* a positive, b negative */ - bigint_sub_u(dest, a, b); - break; - case 2: /* a negative, b positive */ - bigint_sub_u(dest, b, a); - break; - case 3: /* both negative */ - bigint_add_u(dest, a, b); - SET_NEG(dest); - break; - default: /* how can this happen?*/ - break; - } -} - -/******************************************************************************/ - -void bigint_sub_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){ - uint8_t s; - s = GET_SIGN(a)?2:0; - s |= GET_SIGN(b)?1:0; - switch(s){ - case 0: /* both positive */ - bigint_sub_u(dest, a,b); - break; - case 1: /* a positive, b negative */ - bigint_add_u(dest, a, b); - SET_POS(dest); - break; - case 2: /* a negative, b positive */ - bigint_add_u(dest, a, b); - SET_NEG(dest); - break; - case 3: /* both negative */ - bigint_sub_u(dest, b, a); - break; - default: /* how can this happen?*/ - break; - } - -} - -/******************************************************************************/ - -int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b){ - uint8_t s; - if(a->length_B==0 && b->length_B==0){ - return 0; - } - s = GET_SIGN(a)?2:0; - s |= GET_SIGN(b)?1:0; - switch(s){ - case 0: /* both positive */ - return bigint_cmp_u(a, b); - break; - case 1: /* a positive, b negative */ - return 1; - break; - case 2: /* a negative, b positive */ - return -1; - break; - case 3: /* both negative */ - return bigint_cmp_u(b, a); - break; - default: /* how can this happen?*/ - break; - } - return 0; /* just to satisfy the compiler */ -} - -/******************************************************************************/ - -void bigint_shiftleft(bigint_t* a, uint16_t shift){ - uint16_t byteshift; - uint16_t i; - uint8_t bitshift; - uint16_t t=0; - byteshift = (shift+3)/8; - bitshift = shift&7; - memmove(a->wordv+byteshift, a->wordv, a->length_B); - memset(a->wordv, 0, byteshift); - if(bitshift!=0){ - if(bitshift<=4){ /* shift to the left */ - for(i=byteshift; ilength_B+byteshift; ++i){ - t |= (a->wordv[i])<wordv[i] = (uint8_t)t; - t >>= 8; - } - a->wordv[i] = (uint8_t)t; - byteshift++; - }else{ /* shift to the right */ - for(i=a->length_B+byteshift-1; i>byteshift-1; --i){ - t |= (a->wordv[i])<<(bitshift); - a->wordv[i] = (uint8_t)(t>>8); - t <<= 8; - } - t |= (a->wordv[i])<<(bitshift); - a->wordv[i] = (uint8_t)(t>>8); - } - } - a->length_B += byteshift; - bigint_adjust(a); -} - -/******************************************************************************/ - -void bigint_shiftright(bigint_t* a, uint16_t shift){ - uint16_t byteshift; - uint16_t i; - uint8_t bitshift; - uint16_t t=0; - byteshift = shift/8; - bitshift = shift&7; - if(byteshift >= a->length_B){ /* we would shift out more than we have */ - bigint_set_zero(a); - return; - } - if(byteshift == a->length_B-1 && bitshift>GET_FBS(a)){ - bigint_set_zero(a); - return; - } - if(byteshift){ - memmove(a->wordv, a->wordv+byteshift, a->length_B-byteshift); - memset(a->wordv+a->length_B-byteshift, 0, byteshift); - } - if(bitshift!=0){ - /* shift to the right */ - for(i=a->length_B-byteshift-1; i>0; --i){ - t |= (a->wordv[i])<<(8-bitshift); - a->wordv[i] = (uint8_t)(t>>8); - t <<= 8; - } - t |= (a->wordv[0])<<(8-bitshift); - a->wordv[0] = (uint8_t)(t>>8); - } - a->length_B -= byteshift; - bigint_adjust(a); -} - -/******************************************************************************/ - -void bigint_xor(bigint_t* dest, const bigint_t* a){ - uint16_t i; - for(i=0; ilength_B; ++i){ - dest->wordv[i] ^= a->wordv[i]; - } - bigint_adjust(dest); -} - -/******************************************************************************/ - -void bigint_set_zero(bigint_t* a){ - a->length_B=0; -} - -/******************************************************************************/ - -/* using the Karatsuba-Algorithm */ -/* x*y = (xh*yh)*b**2n + ((xh+xl)*(yh+yl) - xh*yh - xl*yl)*b**n + yh*yl */ -void bigint_mul_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){ - if(a->length_B==0 || b->length_B==0){ - bigint_set_zero(dest); - return; - } - if(dest==a || dest==b){ - bigint_t d; - uint8_t d_b[a->length_B+b->length_B]; - d.wordv = d_b; - bigint_mul_u(&d, a, b); - bigint_copy(dest, &d); - return; - } - if(a->length_B==1 || b->length_B==1){ - if(a->length_B!=1){ - XCHG_PTR(a,b); - } - uint16_t i, t=0; - uint8_t x = a->wordv[0]; - for(i=0; ilength_B; ++i){ - t += b->wordv[i]*x; - dest->wordv[i] = (uint8_t)t; - t>>=8; - } - dest->wordv[i] = (uint8_t)t; - dest->length_B=i+1; - bigint_adjust(dest); - return; - } - if(a->length_B<=4 && b->length_B<=4){ - uint32_t p=0, q=0; - uint64_t r; - memcpy(&p, a->wordv, a->length_B); - memcpy(&q, b->wordv, b->length_B); - r = (uint64_t)p*(uint64_t)q; - memcpy(dest->wordv, &r, a->length_B+b->length_B); - dest->length_B = a->length_B+b->length_B; - bigint_adjust(dest); - return; - } - bigint_set_zero(dest); - /* split a in xh & xl; split b in yh & yl */ - uint16_t n; - n=(MAX(a->length_B, b->length_B)+1)/2; - bigint_t xl, xh, yl, yh; - xl.wordv = a->wordv; - yl.wordv = b->wordv; - if(a->length_B<=n){ - xh.info=0; - xh.length_B = 0; - xl.length_B = a->length_B; - xl.info = 0; - }else{ - xl.length_B=n; - xl.info = 0; - bigint_adjust(&xl); - xh.wordv = a->wordv+n; - xh.length_B = a->length_B-n; - xh.info = 0; - } - if(b->length_B<=n){ - yh.info=0; - yh.length_B = 0; - yl.length_B = b->length_B; - yl.info = b->info; - }else{ - yl.length_B=n; - yl.info = 0; - bigint_adjust(&yl); - yh.wordv = b->wordv+n; - yh.length_B = b->length_B-n; - yh.info = 0; - } - /* now we have split up a and b */ - uint8_t tmp_b[2*n+2], m_b[2*(n+1)]; - bigint_t tmp, tmp2, m; - tmp.wordv = tmp_b; - tmp2.wordv = tmp_b+n+1; - m.wordv = m_b; - - bigint_mul_u(dest, &xl, &yl); /* dest <= xl*yl */ - bigint_add_u(&tmp2, &xh, &xl); /* tmp2 <= xh+xl */ - bigint_add_u(&tmp, &yh, &yl); /* tmp <= yh+yl */ - bigint_mul_u(&m, &tmp2, &tmp); /* m <= tmp2*tmp */ - bigint_mul_u(&tmp, &xh, &yh); /* h <= xh*yh */ - bigint_sub_u(&m, &m, dest); /* m <= m-dest */ - bigint_sub_u(&m, &m, &tmp); /* m <= m-h */ - bigint_add_scale_u(dest, &m, n); - bigint_add_scale_u(dest, &tmp, 2*n); -} - -/******************************************************************************/ - -void bigint_mul_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){ - uint8_t s; - s = GET_SIGN(a)?2:0; - s |= GET_SIGN(b)?1:0; - switch(s){ - case 0: /* both positive */ - bigint_mul_u(dest, a,b); - SET_POS(dest); - break; - case 1: /* a positive, b negative */ - bigint_mul_u(dest, a,b); - SET_NEG(dest); - break; - case 2: /* a negative, b positive */ - bigint_mul_u(dest, a,b); - SET_NEG(dest); - break; - case 3: /* both negative */ - bigint_mul_u(dest, a,b); - SET_POS(dest); - break; - default: /* how can this happen?*/ - break; - } -} - -/******************************************************************************/ - -/* square */ -/* (xh*b^n+xl)^2 = xh^2*b^2n + 2*xh*xl*b^n + xl^2 */ -void bigint_square(bigint_t* dest, const bigint_t* a){ - if(a->length_B<=4){ - uint64_t r=0; - memcpy(&r, a->wordv, a->length_B); - r = r*r; - memcpy(dest->wordv, &r, 2*a->length_B); - SET_POS(dest); - dest->length_B=2*a->length_B; - bigint_adjust(dest); - return; - } - if(dest==a){ - bigint_t d; - uint8_t d_b[a->length_B*2]; - d.wordv = d_b; - bigint_square(&d, a); - bigint_copy(dest, &d); - return; - } - uint16_t n; - n=(a->length_B+1)/2; - bigint_t xh, xl, tmp; /* x-high, x-low, temp */ - uint8_t buffer[2*n+1]; - xl.wordv = a->wordv; - xl.length_B = n; - xh.wordv = a->wordv+n; - xh.length_B = a->length_B-n; - tmp.wordv = buffer; - bigint_square(dest, &xl); - bigint_square(&tmp, &xh); - bigint_add_scale_u(dest, &tmp, 2*n); - bigint_mul_u(&tmp, &xl, &xh); - bigint_shiftleft(&tmp, 1); - bigint_add_scale_u(dest, &tmp, n); -} - -/******************************************************************************/ - -void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale){ - bigint_t tmp; - uint8_t tmp_b[b->length_B+1]; - uint16_t i,j,byteshift=bitscale/8; - uint8_t borrow=0; - int16_t t; - - if(a->length_B < b->length_B+byteshift){ - bigint_set_zero(a); - return; - } - - tmp.wordv = tmp_b; - bigint_copy(&tmp, b); - bigint_shiftleft(&tmp, bitscale&7); - - for(j=0,i=byteshift; iwordv[i] - tmp.wordv[j] - borrow; - a->wordv[i] = (uint8_t)t; - if(t<0){ - borrow = 1; - }else{ - borrow = 0; - } - } - while(borrow){ - if(i+1 > a->length_B){ - bigint_set_zero(a); - return; - } - a->wordv[i] -= borrow; - if(a->wordv[i]!=0xff){ - borrow=0; - } - ++i; - } - bigint_adjust(a); -} - -/******************************************************************************/ - -void bigint_reduce(bigint_t* a, const bigint_t* r){ -// bigint_adjust(r); - uint8_t rfbs = GET_FBS(r); - - if(r->length_B==0 || a->length_B==0){ - return; - } - while(a->length_B > r->length_B){ - bigint_sub_u_bitscale(a, r, (a->length_B-r->length_B)*8+GET_FBS(a)-rfbs-1); - } - while((GET_FBS(a) > rfbs+1) && (a->length_B == r->length_B)){ - bigint_sub_u_bitscale(a, r, GET_FBS(a)-rfbs-1); - } - while(bigint_cmp_u(a,r)>=0){ - bigint_sub_u(a,a,r); - } - bigint_adjust(a); -} - -/******************************************************************************/ - -/* calculate dest = a**exp % r */ -/* using square&multiply */ -void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, const bigint_t* r){ - if(a->length_B==0 || r->length_B==0){ - return; - } - - bigint_t res, base; - uint8_t base_b[MAX(a->length_B,r->length_B*2)], res_b[r->length_B*2]; - uint16_t i; - uint8_t j, t; - res.wordv = res_b; - base.wordv = base_b; - bigint_copy(&base, a); - bigint_reduce(&base, r); - res.wordv[0]=1; - res.length_B=1; - res.info = 0; - bigint_adjust(&res); - for(i=0; i+1length_B; ++i){ - t=exp->wordv[i]; - for(j=0; j<8; ++j){ - if(t&1){ - bigint_mul_u(&res, &res, &base); - bigint_reduce(&res, r); - } - bigint_square(&base, &base); - bigint_reduce(&base, r); - t>>=1; - } - } - t=exp->wordv[i]; - while(t){ - if(t&1){ - bigint_mul_u(&res, &res, &base); - bigint_reduce(&res, r); - } - bigint_square(&base, &base); - bigint_reduce(&base, r); - t>>=1; - } - SET_POS(&res); - bigint_copy(dest, &res); -} - -/******************************************************************************/ -/* gcd <-- gcd(x,y) a*x+b*y=gcd */ -void bigint_gcdext(bigint_t* gcd, bigint_t* a, bigint_t* b, const bigint_t* x, const bigint_t* y){ - bigint_t g, x_, y_, u, v, a_, b_, c_, d_; - volatile uint16_t i=0; - if(x->length_B==0 || y->length_B==0){ - return; - } - while(x->wordv[i]==0 && y->wordv[i]==0){ - ++i; - } - uint8_t g_b[i+2], x_b[x->length_B-i], y_b[y->length_B-i]; - uint8_t u_b[x->length_B-i], v_b[y->length_B-i]; - uint8_t a_b[y->length_B+2], c_b[y->length_B+2]; - uint8_t b_b[x->length_B+2], d_b[x->length_B+2]; - - g.wordv = g_b; - x_.wordv = x_b; - y_.wordv = y_b; - memset(g_b, 0, i); - g_b[i]=1; - g.length_B = i+1; - g.info=0; - x_.info = y_.info = 0; - x_.length_B = x->length_B-i; - y_.length_B = y->length_B-i; - memcpy(x_.wordv, x->wordv+i, x_.length_B); - memcpy(y_.wordv, y->wordv+i, y_.length_B); - for(i=0; (x_.wordv[0]&(1<=0){ - bigint_sub_u(&u, &u, &v); - bigint_sub_s(&a_, &a_, &c_); - bigint_sub_s(&b_, &b_, &d_); - }else{ - bigint_sub_u(&v, &v, &u); - bigint_sub_s(&c_, &c_, &a_); - bigint_sub_s(&d_, &d_, &b_); - } - }while(u.length_B); - if(gcd){ - bigint_mul_s(gcd, &v, &g); - } - if(a){ - bigint_copy(a, &c_); - } - if(b){ - bigint_copy(b, &d_); - } -} - -/******************************************************************************/ - -void bigint_inverse(bigint_t* dest, const bigint_t* a, const bigint_t* m){ - bigint_gcdext(NULL, dest, NULL, a, m); - while(dest->info&BIGINT_NEG_MASK){ - bigint_add_s(dest, dest, m); - } -} - -/******************************************************************************/ - -void bigint_changeendianess(bigint_t* a){ - uint8_t t, *p, *q; - p = a->wordv; - q = p+a->length_B-1; - while(p. -*/ -/** - * \file bigint.h - * \author Daniel Otte - * \date 2010-02-22 - * - * \license GPLv3 or later - * - */ - -#ifndef BIGINT_H_ -#define BIGINT_H_ - -#include - -#define BIGINT_FBS_MASK 0x07 /* the last three bits indicate which is the first bit set */ -#define BIGINT_NEG_MASK 0x80 /* this bit indicates a negative value */ -typedef struct{ - uint16_t length_B; - uint8_t info; - uint8_t *wordv; /* word vector, pointing to the LSB */ -}bigint_t; - - -/******************************************************************************/ - -void bigint_adjust(bigint_t* a); -void bigint_copy(bigint_t* dest, const bigint_t* src); -void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b); -void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale); -void bigint_sub_u(bigint_t* dest, const bigint_t* a, const bigint_t* b); -int8_t bigint_cmp_u(const bigint_t * a, const bigint_t * b); -void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b); -void bigint_sub_s(bigint_t* dest, const bigint_t* a, const bigint_t* b); -int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b); -void bigint_shiftleft(bigint_t* a, uint16_t shift); -void bigint_shiftright(bigint_t* a, uint16_t shift); -void bigint_xor(bigint_t* dest, const bigint_t* a); -void bigint_set_zero(bigint_t* a); -void bigint_mul_u(bigint_t* dest, const bigint_t* a, const bigint_t* b); -void bigint_mul_s(bigint_t* dest, const bigint_t* a, const bigint_t* b); -void bigint_square(bigint_t* dest, const bigint_t* a); -void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale); -void bigint_reduce(bigint_t* a, const bigint_t* r); -void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, const bigint_t* r); -void bigint_gcdext(bigint_t* gcd, bigint_t* a, bigint_t* b, const bigint_t* x, const bigint_t* y); -void bigint_inverse(bigint_t* dest, const bigint_t* a, const bigint_t* m); -void bigint_changeendianess(bigint_t* a); -/******************************************************************************/ - -#endif /*BIGINT_H_*/ diff --git a/dsa/bigint_add_u.S b/dsa/bigint_add_u.S deleted file mode 100644 index 7c34f1a..0000000 --- a/dsa/bigint_add_u.S +++ /dev/null @@ -1,137 +0,0 @@ -/* bigint_add_u.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/** - * \file bigint_add_u.S - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-03-01 - * \license GPLv3 or later - * - */ - -#include "avr-asm-macros.S" - -/* - param dest: r24:r25 - param a: r22:r23 - param b: r20:r21 -*/ -LEN_A_0 = 22 -LEN_A_1 = 23 -LEN_B_0 = 20 -LEN_B_1 = 21 - - -.global bigint_add_u -bigint_add_u: - push_range 28, 29 - push_range 24, 25 - movw r26, r24 ; X is our destination pointer - movw r30, r22 ; Z = a - movw r28, r20 ; Y = b - ldd LEN_A_0, Z+0 - ldd LEN_A_1, Z+1 - ldd LEN_B_0, Y+0 - ldd LEN_B_1, Y+1 - cp LEN_A_0, LEN_B_0 - cpc LEN_A_1, LEN_B_1 - brsh 3f - movw r18, LEN_A_0 ; swap length values - movw LEN_A_0, LEN_B_0 - movw LEN_B_0, r18 - movw r18, r30 ; swap pointers - movw r30, r28 - movw r28, r18 -3: ; now a is the longer integer - movw r24, LEN_A_0 - adiw r24, 0 - brne 4f - st X+, r1 ; store length - st X+, r1 - st X+, r1 ; store 0 in info field - rjmp 9f -4: - adiw r24, 1 - st X+, r24 ; store length - st X+, r25 - st X+, r1 ; store 0 in info field - ld r18, X+ - ld r19, X+ - movw r26, r18 - adiw r30, 3 ; adjust pointers to point at wordv - ld r18, Z+ - ld r19, Z+ - movw r30, r18 - adiw r28, 3 - ld r18, Y+ - ld r19, Y+ - movw r28, r18 - - sub LEN_A_0, LEN_B_0 - sbc LEN_A_1, LEN_B_1 - movw r24, LEN_B_0 - clr r0 - adiw r24, 0 - breq 6f - clc -5: - ld r0, Z+ - ld r1, Y+ - adc r0, r1 - st X+, r0 - dec r24 - brne 5b - rol r0 ; store carry bit - tst r25 - breq 6f - dec r25 - dec r24 - ror r0 ; write carry back - rjmp 5b -6: /* the main part is done */ - movw r24, LEN_A_0 - clr r1 - adiw r24, 0 - breq 8f -62: - ror r0 ; write carry back -7: - ld r0, Z+ - adc r0, r1 - st X+, r0 - dec r24 - brne 7b - rol r0 ; store carry bit - tst r25 - breq 8f - dec r25 - dec r24 - rjmp 62b -8: - ror r0 - clr r0 - rol r0 - st X+, r0 -9: - pop_range 24, 25 - pop_range 28, 29 - jmp bigint_adjust - - diff --git a/dsa/bigint_io.c b/dsa/bigint_io.c deleted file mode 100644 index 221c61c..0000000 --- a/dsa/bigint_io.c +++ /dev/null @@ -1,135 +0,0 @@ -/* bigint_io.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "cli.h" -#include "hexdigit_tab.h" -#include "bigint.h" -#include -#include -#include - -void bigint_print_hex(const bigint_t* a){ - if(a->length_B==0){ - cli_putc('0'); - return; - } - if(a->info&BIGINT_NEG_MASK){ - cli_putc('-'); - } -// cli_putc((a->info&BIGINT_NEG_MASK)?'-':'+'); /* print sign */ - if(a->wordv[a->length_B-1]<0x10){ - cli_putc(pgm_read_byte(hexdigit_tab_uc_P+a->wordv[a->length_B-1])); - cli_hexdump_rev(a->wordv, a->length_B-1); - } else { - cli_hexdump_rev(a->wordv, a->length_B); - } -} - -#define BLOCKSIZE 20 - -static uint8_t char2nibble(char c){ - if(c>='0' && c <='9'){ - return c-'0'; - } - c |= 'A'^'a'; /* to lower case */ - if(c>='a' && c <='f'){ - return c-'a'+10; - } - return 0xff; -} - -static uint16_t read_byte(void){ - uint8_t t1, t2; - char c; - c = cli_getc_cecho(); - if(c=='-'){ - return 0x0500; - } - t1 = char2nibble(c); - if(t1 == 0xff){ - return 0x0100; - } - c = cli_getc_cecho(); - t2 = char2nibble(c); - if(t2 == 0xff){ - return 0x0200|t1; - } - return (t1<<4)|t2; -} - -uint8_t bigint_read_hex_echo(bigint_t* a){ - uint16_t allocated=0; - uint8_t shift4=0; - uint16_t t; - a->length_B = 0; - a->wordv = NULL; - a->info = 0; - for(;;){ - if(allocated-a->length_B < 1){ - uint8_t *p; - p = realloc(a->wordv, allocated+=BLOCKSIZE); - if(p==NULL){ - cli_putstr_P(PSTR("\r\nERROR: Out of memory!")); - free(a->wordv); - return 0xff; - } - a->wordv=p; - } - t = read_byte(); - if(a->length_B==0){ - if(t&0x0400){ - /* got minus */ - a->info |= BIGINT_NEG_MASK; - continue; - }else{ - if(t==0x0100){ - free(a->wordv); - a->wordv=NULL; - return 1; - } - } - } - if(t<=0x00ff){ - a->wordv[a->length_B++] = (uint8_t)t; - }else{ - if(t&0x0200){ - shift4 = 1; - a->wordv[a->length_B++] = (uint8_t)((t&0x0f)<<4); - } - break; - } - } - /* we have to reverse the byte array */ - uint8_t tmp; - uint8_t *p, *q; - p = a->wordv; - q = a->wordv+a->length_B-1; - while(q>p){ - tmp = *p; - *p = *q; - *q = tmp; - p++; q--; - } - if(shift4){ - bigint_adjust(a); - bigint_shiftright(a, 4); - } - bigint_adjust(a); - return 0; -} diff --git a/dsa/bigint_io.h b/dsa/bigint_io.h deleted file mode 100644 index e47391d..0000000 --- a/dsa/bigint_io.h +++ /dev/null @@ -1,28 +0,0 @@ -/* bigint_io.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef BIGINT_IO_H_ -#define BIGINT_IO_H_ - -#include "bigint.h" - -void bigint_print_hex(const bigint_t* a); -uint8_t bigint_read_hex_echo(bigint_t* a); - -#endif /* BIGINT_IO_H_ */ diff --git a/dsa/dsa.h b/dsa/dsa.h index 6a894f6..121341c 100644 --- a/dsa/dsa.h +++ b/dsa/dsa.h @@ -21,8 +21,8 @@ #define DSA_H_ #include -#include "hfal-basic.h" -#include "bigint.h" +#include "hfal/hfal-basic.h" +#include "bigint/bigint.h" typedef struct{ bigint_t p; diff --git a/dsa/dsa_key_blob.c b/dsa/dsa_key_blob.c index fe31e53..b5e2478 100644 --- a/dsa/dsa_key_blob.c +++ b/dsa/dsa_key_blob.c @@ -22,7 +22,7 @@ #include #include "cli.h" #include "dsa.h" -#include "bigint.h" +#include "bigint/bigint.h" #define DSA_KEY_BLOB_SIZE 1024 diff --git a/dsa/dsa_sign.c b/dsa/dsa_sign.c index e9def2b..64552e9 100644 --- a/dsa/dsa_sign.c +++ b/dsa/dsa_sign.c @@ -19,10 +19,10 @@ #include #include "cli.h" -#include "bigint.h" +#include "bigint/bigint.h" #include "dsa.h" #include "hashfunction_descriptor.h" -#include "hfal-basic.h" +#include "hfal/hfal-basic.h" uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m, const dsa_ctx_t* ctx, const bigint_t* k){ diff --git a/dsa/dsa_verify.c b/dsa/dsa_verify.c index 1faa68e..5001b9b 100644 --- a/dsa/dsa_verify.c +++ b/dsa/dsa_verify.c @@ -18,9 +18,9 @@ */ #include -#include "bigint.h" +#include "bigint/bigint.h" #include "dsa.h" -#include "hfal-basic.h" +#include "hfal/hfal-basic.h" uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m, const dsa_ctx_t* ctx){ diff --git a/dsa/memxor.S b/dsa/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/dsa/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/dsa/memxor.h b/dsa/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/dsa/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/dsa/noekeon.h b/dsa/noekeon.h deleted file mode 100644 index 9c046f3..0000000 --- a/dsa/noekeon.h +++ /dev/null @@ -1,85 +0,0 @@ -/* noekeon.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef NOEKEON_H_ -#define NOEKEON_H_ - -/** - * \file noekeon.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-04-11 - * \license GPLv3 or later - * \brief Implementation of the Noekeon block cipher - * \ingroup Noekeon - * This is an implementation of the Noekeon block cipher. - * For more details on Noekeon see http://gro.noekeon.org/ - */ - -#include - -/** \typedef noekeon_ctx_t - * \brief holds key data for indirect mode - * - * A variable of this type may hold the key data for the indirect mode. - * For direct mode simply pass the key directly to the encryption or - * decryption function. - */ -typedef uint8_t noekeon_ctx_t[16]; - -/** \fn void noekeon_enc(void* buffer, const void* key) - * \brief noekeon encrytion funtion - * - * This function encrypts a block (64 bit = 8 byte) with the noekeon encrytion - * algorithm. Due to the two modes of noekeon (direct mode and indirect mode) - * the second parameter either points directly to the key (direct mode) or to a - * context generated by the noekeon_init() function (indirect mode). - * \param buffer pointer to the 64 bit (8 byte) block to encrypt - * \param key pointer to either the key (128 bit = 16 byte; direct mode) or - * to the context (indirect mode) - */ -void noekeon_enc(void* buffer, const void* key); - -/** \fn void noekeon_dec(void* buffer, const void* key) - * \brief noekeon encrytion funtion - * - * This function decrypts a block (64 bit = 8 byte) encrypted with the noekeon - * encrytion algorithm. Due to the two modes of noekeon (direct mode and - * indirect mode) the second parameter either points directly to the key - * (direct mode) or to a context generated by the noekeon_init() function - * (indirect mode). - * \param buffer pointer to the 64 bit (8 byte) block to decrypt - * \param key pointer to either the key (128 bit = 16 byte; direct mode) or - * to the context (indirect mode) - */ -void noekeon_dec(void* buffer, const void* key); - - -/** \fn void noekeon_init(const void* key, noekeon_ctx_t* ctx) - * \brief noekeon context generation function for indirect mode - * - * This function generates a context from the supplied key for using - * noekeon in indirect mode. For using noekeon in direct mode supply the key - * direct to the noekeon_enc() and noekeon_dec() functions. - * \param key pointer to the key (128 bit = 16 byte) - * \param ctx pointer to the context to fill with key material - * to the context (indirect mode) - */ -void noekeon_init(const void* key, noekeon_ctx_t* ctx); - -#endif /*NOEKEON_H_*/ diff --git a/dsa/noekeon_asm.S b/dsa/noekeon_asm.S deleted file mode 100644 index b0a2a16..0000000 --- a/dsa/noekeon_asm.S +++ /dev/null @@ -1,641 +0,0 @@ -/* noekeon_asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * noekeon assembler implementation for avr - * author: Daniel Otte - * email: daniel.otte@rub.de - * license: GPLv3 - */ - -#include - -.macro push_all - push r2 - push r3 - push r4 - push r5 - push r6 - push r7 - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 -.endm - -.macro pop_all - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - pop r7 - pop r6 - pop r5 - pop r4 - pop r3 - pop r2 - clr r1 -.endm - -push_all_func: - pop r31 - pop r30 - push_all - ijmp - -pop_all_func: - pop r31 - pop r30 - pop_all - ijmp - -.macro xchg a b - eor \a, \b - eor \b, \a - eor \a, \b -.endm - -.macro op32 op a b - \op \a\()_0, \b\()_0 - \op \a\()_1, \b\()_1 - \op \a\()_2, \b\()_2 - \op \a\()_3, \b\()_3 -.endm - - -.macro op32_4t op a b c d w x y z - \op \a, \w - \op \b, \x - \op \c, \y - \op \d, \z -.endm - - -.macro op32_prefix op p q a b c d w x y z - \op \p\()\a, \q\()\w - \op \p\()\b, \q\()\x - \op \p\()\c, \q\()\y - \op \p\()\d, \q\()\z -.endm - -; === bigendian_rotl32 === -; this function rotates a 32bit bigendian word n bits to the left -; param1: the 32-bit value -; given in r25,r24,r23,r22 (r22 is most significant) -; param2: the 8-bit parameter giving the number of bits to rotate -; given in r20 -; return: the rotatet 32-bit word -; given in r25,r24,r23,r22 - -bigendian_rotl32: - /* copy high bit of r22 to carry */ - mov r1, r22 -2: - rol r1 - - rol r25 - rol r24 - rol r23 - rol r22 - - dec r20 - brne 2b -bigendian_rotl32_exit: - clr r1 - ret - - -/******************************************************************************/ - -; === bigendian_rotl32 === -; this function rotates a 32bit bigendian word n bits to the right -; param1: the 32-bit value -; given in r25,r24,r23,r22 (r22 is most significant) -; param2: the 8-bit parameter giving the number of bits to rotate -; given in r20 -; return: the rotatet 32-bit word -; given in r25,r24,r23,r22 - -bigendian_rotr32: - /* copy high bit of r25 to carry */ - - mov r1, r25 -2: - ror r1 - - ror r22 - ror r23 - ror r24 - ror r25 - dec r20 - brne 2b -bigendian_rotr32_exit: - clr r1 - ret - -/******************************************************************************/ -/* -void theta(uint32_t* k, uint32_t* a){ - uint32_t temp; - temp = a[0] ^ a[2]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8); - a[1] ^= temp; - a[3] ^= temp; - - a[0] ^= k[0]; - a[1] ^= k[1]; - a[2] ^= k[2]; - a[3] ^= k[3]; - - temp = a[1] ^ a[3]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8); - a[0] ^= temp; - a[2] ^= temp; -} -*/ - -round_const: .byte 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, \ - 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, \ - 0xD4 - -;-- a[0] -state0_0 = 2 -state0_1 = 3 -state0_2 = 4 -state0_3 = 5 -;-- a[1] -state1_0 = 6 -state1_1 = 7 -state1_2 = 8 -state1_3 = 9 -;-- a[2] -state2_0 = 10 -state2_1 = 11 -state2_2 = 12 -state2_3 = 13 -;-- a[3] -state3_0 = 14 -state3_1 = 15 -state3_2 = 16 -state3_3 = 17 - -; === theta === -; -; param1: the state in r2-r17 -; param2: pointer to k in X (r26,r27) -; -temp_a = 18 -temp_b = 19 -temp_c = 20 -temp_d = 21 - -theta: - /* temp = a[0] ^ a[2]; temp ^= temp>>>8 ^ temp<<<8 */ - op32_prefix mov, temp_, state0_, a,b,c,d, 0,1,2,3 - op32_prefix eor, temp_, state2_, a,b,c,d, 0,1,2,3 - - mov r1, temp_a - eor r1, temp_b - eor r1, temp_c - eor r1, temp_d - - op32_prefix eor, temp_, r, a,b,c,d, 1,1,1,1 - - /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */ - /* a[1] ^= temp */ - eor state1_0, temp_c - eor state1_1, temp_d - eor state1_2, temp_a - eor state1_3, temp_b - /* a[3] ^= temp */ - eor state3_0, temp_c - eor state3_1, temp_d - eor state3_2, temp_a - eor state3_3, temp_b - - /* state ^ k (X points to K) */ - ldi r28, 2 - clr r29 /* Y points to r2 aka state0_0 */ - ldi temp_a, 16 -1: - ld r1, X+ - ld r0, Y - eor r1, r0 - st Y+, r1 - dec temp_a - brne 1b - sbiw r26, 16 /* set X back to key */ - - mov temp_a, state1_0 - mov temp_b, state1_1 - mov temp_c, state1_2 - mov temp_d, state1_3 - eor temp_a, state3_0 - eor temp_b, state3_1 - eor temp_c, state3_2 - eor temp_d, state3_3 - mov r1, temp_a - eor r1, temp_b - eor r1, temp_c - eor r1, temp_d - eor temp_a, r1 - eor temp_b, r1 - eor temp_c, r1 - eor temp_d, r1 - /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */ - /* a[0] ^= temp */ - eor state0_0, temp_c - eor state0_1, temp_d - eor state0_2, temp_a - eor state0_3, temp_b - /* a[2] ^= temp */ - eor state2_0, temp_c - eor state2_1, temp_d - eor state2_2, temp_a - eor state2_3, temp_b - - clr r1 - ret - -/******************************************************************************/ -#ifndef NOEKEON_NO_ENC -; === noekeon_enc === -; -; param1: pointer to buffer (r24,r25) -; param2: pointer to k (r22,r23) -; -.global noekeon_enc -noekeon_enc: - rcall push_all_func - /* load state */ - movw r26, r22 - ldi r28, 2 - clr r29 /* Y points at r2 aka state0_0 */ - movw r30, r24 /* Z points at state */ - push r30 - push r31 - ldi r22, 16 - push r22 /* 16 is also the number of rounds and gets pushed here */ -1: - ld r0, Z+ - st Y+, r0 - dec r22 - brne 1b - /* state loaded */ - push r1 /* push round constan2 (0x00) */ - ldi r20, 0x80 - push r20 /* push round constan2 (0x00) */ - rjmp 3f -2: - ldi r30, lo8(round_const+15) - ldi r31, hi8(round_const+15) - sub r30, r22 - sbci r31, 0 - clr r1 - push r1 - lpm r0, Z - push r0 -3: - rcall round /* pops rc2 & rc1 */ - pop r22 - dec r22 - push r22 - brne 2b - - pop r22 - - ldi r22, 0xD4 - eor state0_3, r22 - rcall theta - - pop r31 - pop r30 - clr r29 - ldi r28, 2 - ldi r22, 16 -1: - ld r0, Y+ - st Z+, r0 - dec r22 - brne 1b - - rcall pop_all_func - ret -#endif -/******************************************************************************/ -/******************************************************************************/ -#ifndef NOEKEON_NO_DEC - -; === noekeon_dec === -; -; param1: pointer to buffer/state (r24,r25) -; param2: pointer to k (r22,r23) -; -.global noekeon_dec -noekeon_dec: - rcall push_all_func - /* allocate 16 bytes on the stack */ - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - sbiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - - adiw r30, 1 - /* push state pointer */ - push r24 - push r25 - movw r26, r22 /* move key ptr to X */ - - /* set stackkey to zero */ - ldi r22, 16 -1: st Z+, r1 - dec r22 - brne 1b - - /* copy key to state */ - clr r29 - ldi r28, 2 - ldi r22, 16 -1: ld r0, X+ - st Y+, r0 - dec r22 - brne 1b - - movw r26, r30 - sbiw r26, 16 /* set X back to begining of stack key */ - rcall theta - - /* mov state to stackkey */ - clr r29 - ldi r28, 2 - ldi r22, 16 -1: ld r0, Y+ - st X+, r0 - dec r22 - brne 1b - sbiw r26, 16 /* set X back to begining of stack key */ - - /* move data from stateptr to state */ - pop r31 - pop r30 - push r30 - push r31 - clr r29 - ldi r28, 2 - ldi r22, 16 - push r22 -1: ld r0, Z+ - st Y+, r0 - dec r22 - brne 1b - -;--- snip 8< ---- - - ldi r20, 0xD4 - push r20 /* push round constant2 (0xD4) */ - push r22 /* push round constan1 (0x00) */ - rjmp 3f -2: - ldi r30, lo8(round_const-1) - ldi r31, hi8(round_const-1) - clr r1 - add r30, r22 - adc r31, r1 - lpm r0, Z - push r0 - push r1 -3: - rcall round /* pops rc2 & rc1 */ - pop r22 - dec r22 - push r22 - brne 2b -;---- - pop r22 - - rcall theta - ldi r22, 0x80 - eor state0_3, r22 - -write_state_back: - /* write state back */ - pop r31 /* pop state pointer */ - pop r30 - clr r29 - ldi r28, 2 - ldi r22, 16 -1: - ld r0, Y+ - st Z+, r0 - dec r22 - brne 1b - - /* remove key from stack */ - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - adiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - rcall pop_all_func - ret -#endif -/******************************************************************************/ - - -round: - pop r24 - pop r25 - pop r1 - eor state0_3, r1 - rcall theta - pop r1 - eor state0_3, r1 - push r25 - push r24 -pi_gamma_pi: - ldi r30, pm_lo8(bigendian_rotl32) - ldi r31, pm_hi8(bigendian_rotl32) - rcall pi - /* pi1 done; now gamma */ - rcall gamma_1 - /* a[0] <-> a[3] */ - xchg state0_0, state3_0 - xchg state0_1, state3_1 - xchg state0_2, state3_2 - xchg state0_3, state3_3 - /* a[2] ^= a[0] ^ a[1] ^ a[3] */ - op32 eor, state2, state0 - op32 eor, state2, state1 - op32 eor, state2, state3 - - rcall gamma_1 - ldi r30, pm_lo8(bigendian_rotr32) - ldi r31, pm_hi8(bigendian_rotr32) - rcall pi - ret - -gamma_1: - /* a[1] ^= ~(a[3]|a[2])*/ - mov r1, state3_0 - or r1, state2_0 - com r1 - eor state1_0, r1 - - mov r1, state3_1 - or r1, state2_1 - com r1 - eor state1_1, r1 - - mov r1, state3_2 - or r1, state2_2 - com r1 - eor state1_2, r1 - - mov r1, state3_3 - or r1, state2_3 - com r1 - eor state1_3, r1 - - /* a[0] ^= a[2]&a[1] */ - mov r1, state2_0 - and r1, state1_0 - eor state0_0, r1 - - mov r1, state2_1 - and r1, state1_1 - eor state0_1, r1 - - mov r1, state2_2 - and r1, state1_2 - eor state0_2, r1 - - mov r1, state2_3 - and r1, state1_3 - eor state0_3, r1 - ret - -pi: - /* a[1] <<<= 1*/ - mov r22, state1_0 - mov r23, state1_1 - mov r24, state1_2 - mov r25, state1_3 - ldi r20, 1 - icall - mov state1_0, r22 - mov state1_1, r23 - mov state1_2, r24 - mov state1_3, r25 - /* a[2] <<<= 5*/ - mov r22, state2_0 - mov r23, state2_1 - mov r24, state2_2 - mov r25, state2_3 - ldi r20, 5 - icall - mov state2_0, r22 - mov state2_1, r23 - mov state2_2, r24 - mov state2_3, r25 - /* a[3] <<<= 2*/ - mov r22, state3_0 - mov r23, state3_1 - mov r24, state3_2 - mov r25, state3_3 - ldi r20, 2 - icall - mov state3_0, r22 - mov state3_1, r23 - mov state3_2, r24 - mov state3_3, r25 - ret - -/******************************************************************************/ - -/* -void noekeon_init(void* key, noekeon_ctx_t* ctx){ - uint8_t nullv[16]; - - memset(nullv, 0, 16); - memcpy(ctx, key, 16); - noekeon_enc(ctx, nullv); -} -*/ - -#ifndef NOEKEON_NO_INIT - -.global noekeon_init -noekeon_init: -; === noekeon_init === -; -; param1: pointer to key (r24,r25) -; param2: pointer to context (r22,r23) -; - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - sbiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - - movw r26, r22 - adiw r30, 1 - movw r22, r30 - /* set nullv(stack) to zero */ - ldi r20, 16 -1: st Z+, r1 - dec r20 - brne 1b - - /* copy key data to ctx */ - movw r30, r24 - ldi r20, 16 -1: ld r1, Z+ - st X+, r1 - dec r20 - brne 1b - clr r1 - - sbiw r26, 16 - movw r24, r26 - rcall noekeon_enc - - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - adiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - ret - -#endif - - diff --git a/dsa/noekeon_prng.c b/dsa/noekeon_prng.c deleted file mode 100644 index 5b5bc29..0000000 --- a/dsa/noekeon_prng.c +++ /dev/null @@ -1,75 +0,0 @@ -/* noekeon_prng.c */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -/** - * \author Daniel Otte - * \date 2008-08-24 - * \license GPLv3 or later - * \brief random number generator based on noekeon running in CFB-mode - * - */ - -#include "noekeon.h" -#include "memxor.h" -#include -#include - -static uint8_t random_state[16]; -static uint8_t random_key[16]; -static uint8_t i=0; - -uint8_t random8(void){ - static uint8_t sr[16]; - - if(i==0){ - noekeon_enc(random_state, random_key); - memcpy(sr, random_state, 16); - i=15; - return sr[15]; - } - --i; - return sr[i]; -} - -void random_block(void* dest){ - i=0; - noekeon_enc(random_state, random_key); - memcpy(dest, random_state, 16); -} - -void srandom32(uint32_t seed){ - memcpy(random_key, &seed, 4); - memset(random_key+4, 0, 12); - memset(random_state, 0, 16); - i=0; -} - -void random_seed(const void* buffer){ - memcpy(random_key, buffer, 16); - memset(random_state, 0, 16); - i=0; -} - -void random_add(const void* buffer){ - i=0; - noekeon_enc(random_state, random_key); - memxor(random_key, random_state, 16); - memxor(random_key, buffer, 16); -} - - diff --git a/dsa/noekeon_prng.h b/dsa/noekeon_prng.h deleted file mode 100644 index ff9ca03..0000000 --- a/dsa/noekeon_prng.h +++ /dev/null @@ -1,40 +0,0 @@ -/* noekeon_prng.h */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -/** - * \author Daniel Otte - * \date 2008-08-24 - * \license GPLv3 or later - * \brief random number generator based on noekeon running in CFB-mode - * - */ - -#ifndef PRNG_H_ -#define PRNG_H_ - -#include - -uint8_t random8(void); -void random_block(void* dest); -void srandom32(uint32_t seed); -void random_seed(const void* buffer); -void random_add(const void* buffer); - -#endif /* PRNG_H_*/ - - diff --git a/dsa/sha1-asm.S b/dsa/sha1-asm.S deleted file mode 100644 index 4d185f9..0000000 --- a/dsa/sha1-asm.S +++ /dev/null @@ -1,883 +0,0 @@ -/* sha1-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; SHA1 implementation in assembler for AVR -SHA1_BLOCK_BITS = 512 -SHA1_HASH_BITS = 160 - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -.macro delay -/* - push r0 - push r1 - clr r0 -1: clr r1 -2: dec r1 - brne 2b - dec r0 - brne 1b - pop r1 - pop r0 // */ -.endm - -/* X points to Block */ -.macro dbg_hexdump length -/* - precall - hexdump \length - postcall - // */ -.endm - - - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha1_ctx_t is: -; -; [h0][h1][h2][h3][h4][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha1_ctx2hash -; === sha1_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha1_ctx structure -; given in r23,r22 -sha1_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 5 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha1 -; === sha1 === -; this function calculates SHA-1 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha1: -sha1_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r30, SPL - in r31, SPH - sbiw r30, 5*4+8 - in r0, SREG - cli - out SPL, r30 - out SREG, r0 - out SPH, r31 - - push r25 - push r24 - adiw r30, 1 - movw r16, r30 - - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha1_init - /* if length >= 512 */ -1: - tst r11 - brne 2f - tst r10 - breq 4f -2: - movw r24, r16 - movw r22, r12 - rcall sha1_nextBlock - ldi r19, 64 - add r12, r19 - adc r13, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha1_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha1_ctx2hash - -sha1_epilog: - in r30, SPL - in r31, SPH - adiw r30, 5*4+8 - in r0, SREG - cli - out SPL, r30 - out SREG, r0 - out SPH, r31 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha1_lastBlock -; === sha1_lastBlock === -; this function does padding & Co. for calculating SHA-1 hashes -; param1: the 16-bit pointer to sha1_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha1_lastBlock_localSpace = (SHA1_BLOCK_BITS/8+1) - - -sha1_lastBlock: - cpi r21, 0x02 - brlo sha1_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha1_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 2 - ldi r19, 64 - sub r22, r19 - sbc r23, r1 - rjmp sha1_lastBlock -sha1_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r0, SREG - subi r30, lo8(64) - sbci r31, hi8(64) /* ??? */ - cli - out SPL, r30 - out SREG, r0 - out SPH, r31 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha1_lastBlock_post_copy - mov r1, r18 -sha1_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha1_lastBlock_copy_loop -sha1_lastBlock_post_copy: -sha1_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha1_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha1_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*5+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha1_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha1_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha1_lastBlock_epilog -sha1_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 5*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha1_nextBlock - -sha1_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r0, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SREG, r0 - out SPH, r31 - clr r1 - ret - -/**/ -;########################################################### - -.global sha1_nextBlock -; === sha1_nextBlock === -; this is the core function for calculating SHA-1 hashes -; param1: the 16-bit pointer to sha1_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha1_nextBlock_localSpace = (16+5+1)*4 ; 16 32-bit values for w array and 5 32-bit values for a array (total 84 byte) - -xtmp = 0 -xNULL = 1 -W1 = 10 -W2 = 11 -T1 = 12 -T2 = 13 -T3 = 14 -T4 = 15 -LoopC = 16 -S = 17 -tmp1 = 18 -tmp2 = 19 -tmp3 = 20 -tmp4 = 21 -F1 = 22 -F2 = 23 -F3 = 24 -F4 = 25 - -/* byteorder: high number <--> high significance */ -sha1_nextBlock: - ; initial, let's make some space ready for local vars - /* replace push & pop by mem ops? */ - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack /* maybe removeable? */ - movw r30, r22 ; Z points to message - subi r20, lo8(sha1_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha1_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SREG, r0 - out SPH, r21 - - push r18 - push r19 /* push old SP on new stack */ - push r24 - push r25 /* param1 will be needed later */ - - /* load a[] with state */ - movw 28, r24 /* load pointer to state in Y */ - adiw r26, 1 ; X++ - - ldi LoopC, 5*4 -1: ld tmp1, Y+ - st X+, tmp1 - dec LoopC - brne 1b - - movw W1, r26 /* save pointer to w[0] */ - /* load w[] with endian fixed message */ - /* we might also use the changeendian32() function at bottom */ - movw r30, r22 /* mv param2 (ponter to msg) to Z */ - ldi LoopC, 16 -1: - ldd tmp1, Z+3 - st X+, tmp1 - ldd tmp1, Z+2 - st X+, tmp1 - ldd tmp1, Z+1 - st X+, tmp1 - ld tmp1, Z - st X+, tmp1 - adiw r30, 4 - dec LoopC - brne 1b - - ;clr LoopC /* LoopC is named t in FIPS 180-2 */ - clr xtmp -sha1_nextBlock_mainloop: - mov S, LoopC - lsl S - lsl S - andi S, 0x3C /* S is a bytepointer so *4 */ - /* load w[s] */ - movw r26, W1 - add r26, S /* X points at w[s] */ - adc r27, xNULL - ld T1, X+ - ld T2, X+ - ld T3, X+ - ld T4, X+ - -/* - push r26 - push r27 - push T4 - push T3 - push T2 - push T1 - in r26, SPL - in r27, SPH - adiw r26, 1 - dbg_hexdump 4 - pop T1 - pop T2 - pop T3 - pop T4 - pop r27 - pop r26 -*/ - - cpi LoopC, 16 - brlt sha1_nextBlock_mainloop_core - /* update w[s] */ - ldi tmp1, 2*4 - rcall 1f - ldi tmp1, 8*4 - rcall 1f - ldi tmp1, 13*4 - rcall 1f - rjmp 2f -1: /* this might be "outsourced" to save the jump above */ - add tmp1, S - andi tmp1, 0x3f - movw r26, W1 - add r26, tmp1 - adc r27, xNULL - ld tmp2, X+ - eor T1, tmp2 - ld tmp2, X+ - eor T2, tmp2 - ld tmp2, X+ - eor T3, tmp2 - ld tmp2, X+ - eor T4, tmp2 - ret -2: /* now we just hav to do a ROTL(T) and save T back */ - mov tmp2, T4 - rol tmp2 - rol T1 - rol T2 - rol T3 - rol T4 - movw r26, W1 - add r26, S - adc r27, xNULL - st X+, T1 - st X+, T2 - st X+, T3 - st X+, T4 - -sha1_nextBlock_mainloop_core: /* ther core function; T=ROTL5(a) ....*/ - /* T already contains w[s] */ - movw r26, W1 - sbiw r26, 4*1 /* X points at a[4] aka e */ - ld tmp1, X+ - add T1, tmp1 - ld tmp1, X+ - adc T2, tmp1 - ld tmp1, X+ - adc T3, tmp1 - ld tmp1, X+ - adc T4, tmp1 /* T = w[s]+e */ - sbiw r26, 4*5 /* X points at a[0] aka a */ - ld F1, X+ - ld F2, X+ - ld F3, X+ - ld F4, X+ - mov tmp1, F4 /* X points at a[1] aka b */ - ldi tmp2, 5 -1: - rol tmp1 - rol F1 - rol F2 - rol F3 - rol F4 - dec tmp2 - brne 1b - - add T1, F1 - adc T2, F2 - adc T3, F3 - adc T4, F4 /* T = ROTL(a,5) + e + w[s] */ - - /* now we have to do this fucking conditional stuff */ - ldi r30, lo8(sha1_nextBlock_xTable) - ldi r31, hi8(sha1_nextBlock_xTable) - add r30, xtmp - adc r31, xNULL - lpm tmp1, Z - cp tmp1, LoopC - brne 1f - inc xtmp -1: ldi r30, lo8(sha1_nextBlock_KTable) - ldi r31, hi8(sha1_nextBlock_KTable) - lsl xtmp - lsl xtmp - add r30, xtmp - adc r31, xNULL - lsr xtmp - lsr xtmp - - lpm tmp1, Z+ - add T1, tmp1 - lpm tmp1, Z+ - adc T2, tmp1 - lpm tmp1, Z+ - adc T3, tmp1 - lpm tmp1, Z+ - adc T4, tmp1 - /* T = ROTL(a,5) + e + kt + w[s] */ - - /* Z-4 is just pointing to kt ... */ - movw r28, r26 /* copy X in Y */ - adiw r30, 3*4 /* now Z points to the rigth locatin in our jump-vector-table */ - lsr r31 - ror r30 - - icall - mov F1, tmp1 - icall - mov F2, tmp1 - icall - mov F3, tmp1 - icall - - add T1, F1 - adc T2, F2 - adc T3, F3 - adc T4, tmp1 /* T = ROTL5(a) + f_t(b,c,d) + e + k_t + w[s] */ - /* X points still at a[1] aka b, Y points at a[2] aka c */ - /* update a[] */ -sha1_nextBlock_update_a: - /*first we move all vars in a[] "one up" e=d, d=c, c=b, b=a*/ - //adiw r28, 3*4 /* Y should point at a[4] aka e */ - movw r28, W1 - sbiw r28, 4 - - ldi tmp2, 4*4 -1: - ld tmp1, -Y - std Y+4, tmp1 - dec tmp2 - brne 1b - /* Y points at a[0] aka a*/ - - movw r28, W1 - sbiw r28, 5*4 - /* store T in a[0] aka a */ - st Y+, T1 - st Y+, T2 - st Y+, T3 - st Y+, T4 - /* Y points at a[1] aka b*/ - - /* rotate c */ - ldd T1, Y+1*4 - ldd T2, Y+1*4+1 - ldd T3, Y+1*4+2 - ldd T4, Y+1*4+3 - mov tmp1, T1 - ldi tmp2, 2 -1: ror tmp1 - ror T4 - ror T3 - ror T2 - ror T1 - dec tmp2 - brne 1b - std Y+1*4+0, T1 - std Y+1*4+1, T2 - std Y+1*4+2, T3 - std Y+1*4+3, T4 -/* - push r27 - push r26 - movw r26, W1 - sbiw r26, 4*5 - dbg_hexdump 4*5 - pop r26 - pop r27 -*/ - inc LoopC - cpi LoopC, 80 - brge 1f - rjmp sha1_nextBlock_mainloop -/**************************************/ -1: - /* littel patch */ - sbiw r28, 4 - -/* add a[] to state and inc length */ - pop r27 - pop r26 /* now X points to state (and Y still at a[0]) */ - ldi tmp4, 5 -1: clc - ldi tmp3, 4 -2: ld tmp1, X - ld tmp2, Y+ - adc tmp1, tmp2 - st X+, tmp1 - dec tmp3 - brne 2b - dec tmp4 - brne 1b - - /* now length += 512 */ - adiw r26, 1 /* we skip the least significant byte */ - ld tmp1, X - ldi tmp2, hi8(512) /* 2 */ - add tmp1, tmp2 - st X+, tmp1 - ldi tmp2, 6 -1: - ld tmp1, X - adc tmp1, xNULL - st X+, tmp1 - dec tmp2 - brne 1b - -; EPILOG -sha1_nextBlock_epilog: -/* now we should clean up the stack */ - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SREG, r0 - out SPH, r21 - - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - ret - -sha1_nextBlock_xTable: -.byte 20,40,60,0 -sha1_nextBlock_KTable: -.int 0x5a827999 -.int 0x6ed9eba1 -.int 0x8f1bbcdc -.int 0xca62c1d6 -sha1_nextBlock_JumpTable: -rjmp sha1_nextBlock_Ch - nop -rjmp sha1_nextBlock_Parity - nop -rjmp sha1_nextBlock_Maj - nop -rjmp sha1_nextBlock_Parity - - /* X and Y still point at a[1] aka b ; return value in tmp1 */ -sha1_nextBlock_Ch: - ld tmp1, Y+ - mov tmp2, tmp1 - com tmp2 - ldd tmp3, Y+3 /* load from c */ - and tmp1, tmp3 - ldd tmp3, Y+7 /* load from d */ - and tmp2, tmp3 - eor tmp1, tmp2 - ret - -sha1_nextBlock_Maj: - ld tmp1, Y+ - mov tmp2, tmp1 - ldd tmp3, Y+3 /* load from c */ - and tmp1, tmp3 - ldd tmp4, Y+7 /* load from d */ - and tmp2, tmp4 - eor tmp1, tmp2 - and tmp3, tmp4 - eor tmp1, tmp3 - ret - -sha1_nextBlock_Parity: - ld tmp1, Y+ - ldd tmp2, Y+3 /* load from c */ - eor tmp1, tmp2 - ldd tmp2, Y+7 /* load from d */ - eor tmp1, tmp2 - ret -/* -ch_str: .asciz "\r\nCh" -maj_str: .asciz "\r\nMaj" -parity_str: .asciz "\r\nParity" -*/ -;########################################################### - -.global sha1_init -;void sha1_init(sha1_ctx_t *state){ -; DEBUG_S("\r\nSHA1_INIT"); -; state->h[0] = 0x67452301; -; state->h[1] = 0xefcdab89; -; state->h[2] = 0x98badcfe; -; state->h[3] = 0x10325476; -; state->h[4] = 0xc3d2e1f0; -; state->length = 0; -;} -; param1: (Func3,r24) 16-bit pointer to sha1_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha1_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha1_init_vector)) - ldi r31, hi8((sha1_init_vector)) - ldi r22, 5*4 /* bytes to copy */ -sha1_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha1_init_vloop - ldi r22, 8 -sha1_init_lloop: - st X+, r1 - dec r22 - brne sha1_init_lloop - ret - -sha1_init_vector: -.int 0x67452301; -.int 0xefcdab89; -.int 0x98badcfe; -.int 0x10325476; -.int 0xc3d2e1f0; - diff --git a/dsa/sha1.h b/dsa/sha1.h deleted file mode 100644 index 6675d20..0000000 --- a/dsa/sha1.h +++ /dev/null @@ -1,117 +0,0 @@ -/* sha1.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha1.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2006-10-08 - * \license GPLv3 or later - * \brief SHA-1 declaration. - * \ingroup SHA-1 - * - */ - -#ifndef SHA1_H_ -#define SHA1_H_ - -#include -/** \def SHA1_HASH_BITS - * definees the size of a SHA-1 hash in bits - */ - -/** \def SHA1_HASH_BYTES - * definees the size of a SHA-1 hash in bytes - */ - -/** \def SHA1_BLOCK_BITS - * definees the size of a SHA-1 input block in bits - */ - -/** \def SHA1_BLOCK_BYTES - * definees the size of a SHA-1 input block in bytes - */ -#define SHA1_HASH_BITS 160 -#define SHA1_HASH_BYTES (SHA1_HASH_BITS/8) -#define SHA1_BLOCK_BITS 512 -#define SHA1_BLOCK_BYTES (SHA1_BLOCK_BITS/8) - -/** \typedef sha1_ctx_t - * \brief SHA-1 context type - * - * A vatiable of this type may hold the state of a SHA-1 hashing process - */ -typedef struct { - uint32_t h[5]; - uint64_t length; -} sha1_ctx_t; - -/** \typedef sha1_hash_t - * \brief hash value type - * A variable of this type may hold a SHA-1 hash value - */ -typedef uint8_t sha1_hash_t[SHA1_HASH_BITS/8]; - -/** \fn sha1_init(sha1_ctx_t *state) - * \brief initializes a SHA-1 context - * This function sets a ::sha1_ctx_t variable to the initialization vector - * for SHA-1 hashing. - * \param state pointer to the SHA-1 context variable - */ -void sha1_init(sha1_ctx_t *state); - -/** \fn sha1_nextBlock(sha1_ctx_t *state, const void* block) - * \brief process one input block - * This function processes one input block and updates the hash context - * accordingly - * \param state pointer to the state variable to update - * \param block pointer to the message block to process - */ -void sha1_nextBlock (sha1_ctx_t *state, const void* block); - -/** \fn sha1_lastBlock(sha1_ctx_t *state, const void* block, uint16_t length_b) - * \brief processes the given block and finalizes the context - * This function processes the last block in a SHA-1 hashing process. - * The block should have a maximum length of a single input block. - * \param state pointer to the state variable to update and finalize - * \param block pointer to themessage block to process - * \param length_b length of the message block in bits - */ -void sha1_lastBlock (sha1_ctx_t *state, const void* block, uint16_t length_b); - -/** \fn sha1_ctx2hash(sha1_hash_t *dest, sha1_ctx_t *state) - * \brief convert a state variable into an actual hash value - * Writes the hash value corresponding to the state to the memory pointed by dest. - * \param dest pointer to the hash value destination - * \param state pointer to the hash context - */ -void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state); - -/** \fn sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b) - * \brief hashing a message which in located entirely in RAM - * This function automatically hashes a message which is entirely in RAM with - * the SHA-1 hashing algorithm. - * \param dest pointer to the hash value destination - * \param msg pointer to the message which should be hashed - * \param length_b length of the message in bits - */ -void sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b); - - - -#endif /*SHA1_H_*/ diff --git a/dsa/sha256-asm.S b/dsa/sha256-asm.S deleted file mode 100644 index e9729a1..0000000 --- a/dsa/sha256-asm.S +++ /dev/null @@ -1,1040 +0,0 @@ -/* sha256-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; sha-256 implementation in assembler -SHA256_BLOCK_BITS = 512 -SHA256_HASH_BITS = 256 - - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -/* X points to Block */ -.macro dbg_hexdump length - precall - hexdump \length - postcall -.endm - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha256_ctx_t is: -; -; [h0][h1][h2][h3][h4][h5][h6][h7][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha256_ctx2hash -; === sha256_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha256_ctx structure -; given in r23,r22 -sha256_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 8 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha256 -; === sha256 === -; this function calculates SHA-256 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha256: -sha256_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r30, SPL - in r31, SPH - sbiw r30, 8*4+8 - in r0, SREG - cli - out SPL, r30 - out SREG, r0 - out SPH, r31 - - push r25 - push r24 - adiw r30, 1 - movw r16, r30 - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha256_init - /* if length > 0xffff */ -1: - tst r11 - brne 2f - tst r10 - breq 4f -2: - movw r24, r16 - movw r22, r12 - rcall sha256_nextBlock - ldi r19, 64 - add r12, r19 - adc r13, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha256_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha256_ctx2hash - -sha256_epilog: - in r30, SPL - in r31, SPH - adiw r30, 8*4+8 - in r0, SREG - cli - out SPL, r30 - out SREG, r0 - out SPH, r31 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha256_lastBlock -; === sha256_lastBlock === -; this function does padding & Co. for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1) - - -sha256_lastBlock: - cpi r21, 0x02 - brlo sha256_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 0x02 - ldi r19, 64 - add r22, r19 - adc r23, r1 - rjmp sha256_lastBlock -sha256_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r0, SREG - subi r30, lo8(64) - sbci r31, hi8(64) - cli - out SPL, r30 - out SREG,r0 - out SPH, r31 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha256_lastBlock_post_copy - mov r1, r18 -sha256_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha256_lastBlock_copy_loop -sha256_lastBlock_post_copy: -sha256_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha256_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*8+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha256_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha256_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha256_lastBlock_epilog -sha256_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 8*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha256_nextBlock - -sha256_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r0, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SREG,r0 - out SPH, r31 - clr r1 - ret - -/**/ -;########################################################### - -.global sha256_nextBlock -; === sha256_nextBlock === -; this is the core function for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte) - -Bck1 = 12 -Bck2 = 13 -Bck3 = 14 -Bck4 = 15 -Func1 = 22 -Func2 = 23 -Func3 = 24 -Func4 = 25 -Accu1 = 16 -Accu2 = 17 -Accu3 = 18 -Accu4 = 19 -XAccu1 = 8 -XAccu2 = 9 -XAccu3 = 10 -XAccu4 = 11 -T1 = 4 -T2 = 5 -T3 = 6 -T4 = 7 -LoopC = 1 -/* byteorder: high number <--> high significance */ -sha256_nextBlock: - ; initial, let's make some space ready for local vars - push r4 /* replace push & pop by mem ops? */ - push r5 - push r6 - push r7 - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack - movw r30, r22 ; Z points to message - subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha256_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SREG, r0 - out SPH, r21 - push r18 - push r19 - push r24 - push r25 /* param1 will be needed later */ - ; now we fill the w array with message (think about endianess) - adiw r26, 1 ; X++ - ldi r20, 16 -sha256_nextBlock_wcpyloop: - ld r23, Z+ - ld r22, Z+ - ld r19, Z+ - ld r18, Z+ - st X+, r18 - st X+, r19 - st X+, r22 - st X+, r23 - dec r20 - brne sha256_nextBlock_wcpyloop -/* for (i=16; i<64; ++i){ - w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16]; - } */ - /* r25,r24,r23,r24 (r21,r20) are function values - r19,r18,r17,r16 are the accumulator - r15,r14,r13,rBck1 are backup1 - r11,r10,r9 ,r8 are xor accu - r1 is round counter */ - - ldi r20, 64-16 - mov LoopC, r20 -sha256_nextBlock_wcalcloop: - movw r30, r26 ; cp X to Z - sbiw r30, 63 - sbiw r30, 1 ; substract 64 = 16*4 - ld Accu1, Z+ - ld Accu2, Z+ - ld Accu3, Z+ - ld Accu4, Z+ /* w[i] = w[i-16] */ - ld Bck1, Z+ - ld Bck2, Z+ - ld Bck3, Z+ - ld Bck4, Z+ /* backup = w[i-15] */ - /* now sigma 0 */ - mov Func1, Bck2 - mov Func2, Bck3 - mov Func3, Bck4 - mov Func4, Bck1 /* prerotated by 8 */ - ldi r20, 1 - rcall bitrotl - movw XAccu1, Func1 - movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/ -sigma0_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - ror Bck1 - dec Func2 - brne sigma0_shr - eor XAccu1, Bck1 - eor XAccu2, Bck2 - eor XAccu3, Bck3 - eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - ldd Func1, Z+7*4 /* now accu += w[i-7] */ - ldd Func2, Z+7*4+1 - ldd Func3, Z+7*4+2 - ldd Func4, Z+7*4+3 - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - ldd Bck1, Z+12*4 /* now backup = w[i-2]*/ - ldd Bck2, Z+12*4+1 - ldd Bck3, Z+12*4+2 - ldd Bck4, Z+12*4+3 - /* now sigma 1 */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 1 - rcall bitrotr - movw XAccu3, Func3 - movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */ -; movw Func1, Bck3 -; movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/ -sigma1_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - dec Func2 - brne sigma1_shr - eor XAccu1, Bck2 - eor XAccu2, Bck3 - eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - /* now let's store the shit */ - st X+, Accu1 - st X+, Accu2 - st X+, Accu3 - st X+, Accu4 - dec LoopC - breq 3f ; skip if zero - rjmp sha256_nextBlock_wcalcloop -3: - /* we are finished with w array X points one byte post w */ -/* init a array */ - pop r31 - pop r30 - push r30 - push r31 - ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */ -init_a_array: - ld r1, Z+ - st X+, r1 - dec r25 - brne init_a_array - -/* now the real fun begins */ -/* for (i=0; i<64; ++i){ - t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i]; - t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]); - memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; - a[4] += t1; - a[0] = t1 + t2; - } */ - /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */ - sbiw r26, 8*4 /* X still points at a[7]+1*/ - movw r28, r26 - ldi r30, lo8(sha256_kv) - ldi r31, hi8(sha256_kv) - dec r27 /* X - (64*4 == 256) */ - ldi r25, 64 - mov LoopC, r25 -sha256_main_loop: - /* now calculate t1 */ - /*CH(x,y,z) = (x&y)^((~x)&z)*/ - ldd T1, Y+5*4 - ldd T2, Y+5*4+1 - ldd T3, Y+5*4+2 - ldd T4, Y+5*4+3 /* y in T */ - ldd Func1, Y+4*4 - ldd Func2, Y+4*4+1 - ldd Func3, Y+4*4+2 - ldd Func4, Y+4*4+3 /* x in Func */ - ldd Bck1, Y+6*4 - ldd Bck2, Y+6*4+1 - ldd Bck3, Y+6*4+2 - ldd Bck4, Y+6*4+3 /* z in Bck */ - and T1, Func1 - and T2, Func2 - and T3, Func3 - and T4, Func4 - com Func1 - com Func2 - com Func3 - com Func4 - and Bck1, Func1 - and Bck2, Func2 - and Bck3, Func3 - and Bck4, Func4 - eor T1, Bck1 - eor T2, Bck2 - eor T3, Bck3 - eor T4, Bck4 /* done, CH(x,y,z) is in T */ - /* now SIGMA1(a[4]) */ - ldd Bck4, Y+4*4 /* think about using it from Func reg above*/ - ldd Bck1, Y+4*4+1 - ldd Bck2, Y+4*4+2 - ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */ - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotl /* rotr(x,6) */ - movw XAccu1, Func1 - movw XAccu3, Func3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 3 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - movw Func1, Bck3 /* this prerotates furteh 16 bits*/ - movw Func3, Bck1 /* so we have now prerotated by 24 bits*/ - ldi r20, 1 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* finished with SIGMA1, add it to T */ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 - /* now we've to add a[7], w[i] and k[i] */ - ldd XAccu1, Y+4*7 - ldd XAccu2, Y+4*7+1 - ldd XAccu3, Y+4*7+2 - ldd XAccu4, Y+4*7+3 - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add a[7] */ - ld XAccu1, X+ - ld XAccu2, X+ - ld XAccu3, X+ - ld XAccu4, X+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add w[i] */ - lpm XAccu1, Z+ - lpm XAccu2, Z+ - lpm XAccu3, Z+ - lpm XAccu4, Z+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add k[i] */ /* finished with t1 */ - /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/ - /* starting with MAJ(x,y,z) */ - ldd Func1, Y+4*0+0 - ldd Func2, Y+4*0+1 - ldd Func3, Y+4*0+2 - ldd Func4, Y+4*0+3 /* load x=a[0] */ - ldd XAccu1, Y+4*1+0 - ldd XAccu2, Y+4*1+1 - ldd XAccu3, Y+4*1+2 - ldd XAccu4, Y+4*1+3 /* load y=a[1] */ - and XAccu1, Func1 - and XAccu2, Func2 - and XAccu3, Func3 - and XAccu4, Func4 /* XAccu == (x & y) */ - ldd Bck1, Y+4*2+0 - ldd Bck2, Y+4*2+1 - ldd Bck3, Y+4*2+2 - ldd Bck4, Y+4*2+3 /* load z=a[2] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */ - ldd Func1, Y+4*1+0 - ldd Func2, Y+4*1+1 - ldd Func3, Y+4*1+2 - ldd Func4, Y+4*1+3 /* load y=a[1] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */ - /* SIGMA0(a[0]) */ - ldd Bck1, Y+4*0+0 /* we should combine this with above */ - ldd Bck2, Y+4*0+1 - ldd Bck3, Y+4*0+2 - ldd Bck4, Y+4*0+3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotr - movw Accu1, Func1 - movw Accu3, Func3 /* Accu = shr(a[0], 2) */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotate by 16 bits */ - ldi r20, 3 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */ - mov Func1, Bck4 - mov Func2, Bck1 - mov Func3, Bck2 - mov Func4, Bck3 /* prerotate by 24 bits */ - ldi r20, 2 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */ - add Accu1, XAccu1 /* add previous result (MAJ)*/ - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 - /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/ - /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */ - - ldi r21, 7*4 - adiw r28, 7*4 -a_shift_loop: - ld r25, -Y /* warning: this is PREdecrement */ - std Y+4, r25 - dec r21 - brne a_shift_loop - - ldd Bck1, Y+4*4+0 - ldd Bck2, Y+4*4+1 - ldd Bck3, Y+4*4+2 - ldd Bck4, Y+4*4+3 - add Bck1, T1 - adc Bck2, T2 - adc Bck3, T3 - adc Bck4, T4 - std Y+4*4+0, Bck1 - std Y+4*4+1, Bck2 - std Y+4*4+2, Bck3 - std Y+4*4+3, Bck4 - add Accu1, T1 - adc Accu2, T2 - adc Accu3, T3 - adc Accu4, T4 - std Y+4*0+0, Accu1 - std Y+4*0+1, Accu2 - std Y+4*0+2, Accu3 - std Y+4*0+3, Accu4 /* a array updated */ - - - dec LoopC - breq update_state - rjmp sha256_main_loop ;brne sha256_main_loop -update_state: - /* update state */ - /* pointers to state should still exist on the stack ;-) */ - pop r31 - pop r30 - ldi r21, 8 -update_state_loop: - ldd Accu1, Z+0 - ldd Accu2, Z+1 - ldd Accu3, Z+2 - ldd Accu4, Z+3 - ld Func1, Y+ - ld Func2, Y+ - ld Func3, Y+ - ld Func4, Y+ - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - st Z+, Accu1 - st Z+, Accu2 - st Z+, Accu3 - st Z+, Accu4 - dec r21 - brne update_state_loop - /* now we just have to update the length */ - adiw r30, 1 /* since we add 512, we can simply skip the LSB */ - ldi r21, 2 - ldi r22, 6 - ld r20, Z - add r20, r21 - st Z+, r20 - clr r21 -sha256_nextBlock_fix_length: - brcc sha256_nextBlock_epilog - ld r20, Z - adc r20, r21 - st Z+, r20 - dec r22 - brne sha256_nextBlock_fix_length - -; EPILOG -sha256_nextBlock_epilog: -/* now we should clean up the stack */ - - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SREG, r0 - out SPH, r21 - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - pop r7 - pop r6 - pop r5 - pop r4 - ret - -sha256_kv: ; round-key-vector stored in ProgMem -.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c -.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b -.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9 -.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429 -.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272 -.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a -.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e -.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671 - - -;########################################################### - -.global sha256_init -;uint32_t sha256_init_vector[]={ -; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, -; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 }; -; -;void sha256_init(sha256_ctx_t *state){ -; state->length=0; -; memcpy(state->h, sha256_init_vector, 8*4); -;} -; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha256_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha256_init_vector)) - ldi r31, hi8((sha256_init_vector)) - ldi r22, 32+8 -sha256_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha256_init_vloop - ret - -sha256_init_vector: -.word 0xE667, 0x6A09 -.word 0xAE85, 0xBB67 -.word 0xF372, 0x3C6E -.word 0xF53A, 0xA54F -.word 0x527F, 0x510E -.word 0x688C, 0x9B05 -.word 0xD9AB, 0x1F83 -.word 0xCD19, 0x5BE0 -.word 0x0000, 0x0000 -.word 0x0000, 0x0000 - -;########################################################### - -.global rotl32 -; === ROTL32 === -; function that rotates a 32 bit word to the left -; param1: the 32-bit word to rotate -; given in r25,r24,r23,r22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotl32: - cpi r20, 8 - brlo bitrotl - mov r21, r25 - mov r25, r24 - mov r24, r23 - mov r23, r22 - mov r22, r21 - subi r20, 8 - rjmp rotl32 -bitrotl: - clr r21 - clc -bitrotl_loop: - tst r20 - breq fixrotl -2: - rol r22 - rol r23 - rol r24 - rol r25 - rol r21 - dec r20 - brne 2b -fixrotl: - or r22, r21 - ret - - -;########################################################### - -.global rotr32 -; === ROTR32 === -; function that rotates a 32 bit word to the right -; param1: the 32-bit word to rotate -; given in r25,r24,r23,22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotr32: - cpi r20, 8 - brlo bitrotr - mov r21, r22 - mov r22, r23 - mov r23, r24 - mov r24, r25 - mov r25, r21 - subi r20, 8 - rjmp rotr32 -bitrotr: - clr r21 - clc -bitrotr_loop: - tst r20 - breq fixrotr -2: - ror r25 - ror r24 - ror r23 - ror r22 - ror r21 - dec r20 - brne 2b -fixrotr: - or r25, r21 - ret - - -;########################################################### - -.global change_endian32 -; === change_endian32 === -; function that changes the endianess of a 32-bit word -; param1: the 32-bit word -; given in r25,r24,r23,22 (r25 is most significant) -; modifys: r21, r22 -change_endian32: - movw r20, r22 ; (r22,r23) --> (r20,r21) - mov r22, r25 - mov r23, r24 - mov r24, r21 - mov r25, r20 - ret - diff --git a/dsa/sha256.h b/dsa/sha256.h deleted file mode 100644 index 24960a3..0000000 --- a/dsa/sha256.h +++ /dev/null @@ -1,122 +0,0 @@ -/* sha256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha256.h - * \author Daniel Otte - * \date 2006-05-16 - * \license GPLv3 or later - * - */ - -#ifndef SHA256_H_ -#define SHA256_H_ - -#define __LITTLE_ENDIAN__ - - -#include - -/** \def SHA256_HASH_BITS - * defines the size of a SHA-256 hash value in bits - */ - -/** \def SHA256_HASH_BYTES - * defines the size of a SHA-256 hash value in bytes - */ - -/** \def SHA256_BLOCK_BITS - * defines the size of a SHA-256 input block in bits - */ - -/** \def SHA256_BLOCK_BYTES - * defines the size of a SHA-256 input block in bytes - */ - -#define SHA256_HASH_BITS 256 -#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8) -#define SHA256_BLOCK_BITS 512 -#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8) - -/** \typedef sha256_ctx_t - * \brief SHA-256 context type - * - * A variable of this type may hold the state of a SHA-256 hashing process - */ -typedef struct { - uint32_t h[8]; - uint64_t length; -} sha256_ctx_t; - -/** \typedef sha256_hash_t - * \brief SHA-256 hash value type - * - * A variable of this type may hold the hash value produced by the - * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function. - */ -typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES]; - -/** \fn void sha256_init(sha256_ctx_t *state) - * \brief initialise a SHA-256 context - * - * This function sets a ::sha256_ctx_t to the initial values for hashing. - * \param state pointer to the SHA-256 hashing context - */ -void sha256_init(sha256_ctx_t *state); - -/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block) - * \brief update the context with a given block - * - * This function updates the SHA-256 hash context by processing the given block - * of fixed length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - */ -void sha256_nextBlock (sha256_ctx_t* state, const void* block); - -/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b) - * \brief finalize the context with the given block - * - * This function finalizes the SHA-256 hash context by processing the given block - * of variable length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - * \param length_b the length of the block in bits - */ -void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b); - -/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) - * \brief convert the hash state into the hash value - * This function reads the context and writes the hash value to the destination - * \param dest pointer to the location where the hash value should be written - * \param state pointer to the SHA-256 hash context - */ -void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state); - -/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b) - * \brief simple SHA-256 hashing function for direct hashing - * - * This function automaticaly hashes a given message of arbitary length with - * the SHA-256 hashing algorithm. - * \param dest pointer to the location where the hash value is going to be written to - * \param msg pointer to the message thats going to be hashed - * \param length_b length of the message in bits - */ -void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b); - -#endif /*SHA256_H_*/ diff --git a/echo/aes_sbox-asm.S b/echo/aes_sbox-asm.S deleted file mode 100644 index e609698..0000000 --- a/echo/aes_sbox-asm.S +++ /dev/null @@ -1,47 +0,0 @@ -/* aes_sbox-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file aes_dec-asm.S - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-10 - * \license GPLv3 or later - * - */ - -.balign 256 -.global aes_sbox -aes_sbox: -.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 -.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 -.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 -.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 -.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 -.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf -.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 -.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 -.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 -.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb -.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 -.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 -.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a -.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e -.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf -.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 - diff --git a/echo/echo.c b/echo/echo.c index 98ee47c..407b1c5 100644 --- a/echo/echo.c +++ b/echo/echo.c @@ -19,8 +19,8 @@ #include "echo.h" -#include "gf256mul.h" -#include "memxor.h" +#include "gf256mul/gf256mul.h" +#include "memxor/memxor.h" #include #include diff --git a/echo/gf256mul.S b/echo/gf256mul.S deleted file mode 100644 index b269d3a..0000000 --- a/echo/gf256mul.S +++ /dev/null @@ -1,82 +0,0 @@ -/* gf256mul.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: gf256mul.S - * Author: Daniel Otte - * Date: 2008-12-19 - * License: GPLv3 or later - * Description: peasant's algorithm for multiplication in GF(2^8) - * - */ - -#include -#define OPTIMIZE_SMALL_A - -/* - * param a: r24 - * param b: r22 - * param reducer: r20 - */ -A = 23 -B = 22 -P = 24 -.global gf256mul - -#ifdef OPTIMIZE_SMALL_A -gf256mul: - mov A, r24 - clr r24 -1: - lsr A - breq 4f - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - rjmp 1b -4: - brcc 2f - eor P, B -2: - ret - -#else - -gf256mul: - mov r21, r24 - clr r24 - ldi r25, 8 -1: - lsr A - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - dec r25 - brne 1b - ret - -#endif diff --git a/echo/gf256mul.h b/echo/gf256mul.h deleted file mode 100644 index 87f1cb3..0000000 --- a/echo/gf256mul.h +++ /dev/null @@ -1,37 +0,0 @@ -/* gf256mul.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef GF256MUL_H_ -#define GF256MUL_H_ - -/** - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-12-19 - * \license GPLv3 - * \brief - * - * - */ - -#include - -uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); - -#endif /* GF256MUL_H_ */ - diff --git a/echo/memxor.S b/echo/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/echo/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/echo/memxor.h b/echo/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/echo/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/entropium/entropium.c b/entropium/entropium.c index ed56607..b86cd1b 100644 --- a/entropium/entropium.c +++ b/entropium/entropium.c @@ -48,7 +48,7 @@ #include #include -#include "sha256.h" +#include "sha256/sha256.h" #include "entropium.h" /** diff --git a/entropium/sha256-asm.S b/entropium/sha256-asm.S deleted file mode 100644 index d9eb6b6..0000000 --- a/entropium/sha256-asm.S +++ /dev/null @@ -1,1042 +0,0 @@ -/* sha256-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; sha-256 implementation in assembler -SHA256_BLOCK_BITS = 512 -SHA256_HASH_BITS = 256 - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -/* X points to Block */ -.macro dbg_hexdump length - precall - hexdump \length - postcall -.endm - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha256_ctx_t is: -; -; [h0][h1][h2][h3][h4][h5][h6][h7][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha256_ctx2hash -; === sha256_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha256_ctx structure -; given in r23,r22 -sha256_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 8 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha256 -; === sha256 === -; this function calculates SHA-256 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha256: -sha256_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r16, SPL - in r17, SPH - subi r16, 8*4+8 - sbci r17, 0 - in r0, SREG - cli - out SPL, r16 - out SPH, r17 - out SREG, r0 - - push r25 - push r24 - inc r16 - adc r17, r1 - - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha256_init - /* if length >= 512 */ -1: - tst r11 - brne 4f - tst r10 - brne 4f - mov r19, r9 - cpi r19, 0x02 - brlo 4f - - movw r24, r16 - movw r22, r12 - rcall sha256_nextBlock - ldi r19, 0x64 - add r22, r19 - adc r23, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha256_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha256_ctx2hash - -sha256_epilog: - in r30, SPL - in r31, SPH - adiw r30, 8*4+8 - in r0, SREG - cli - out SPL, r30 - out SPH, r31 - out SREG, r0 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha256_lastBlock -; === sha256_lastBlock === -; this function does padding & Co. for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1) - - -sha256_lastBlock: - cpi r21, 0x02 - brlo sha256_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 0x02 - subi r23, -2 - rjmp sha256_lastBlock -sha256_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r1, SREG - subi r30, lo8(64) - sbci r31, hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha256_lastBlock_post_copy - mov r1, r18 -sha256_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha256_lastBlock_copy_loop -sha256_lastBlock_post_copy: -sha256_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha256_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*8+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha256_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha256_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha256_lastBlock_epilog -sha256_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 8*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha256_nextBlock - -sha256_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r1, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - clr r1 - clr r0 - ret - -/**/ -;########################################################### - -.global sha256_nextBlock -; === sha256_nextBlock === -; this is the core function for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte) - -Bck1 = 12 -Bck2 = 13 -Bck3 = 14 -Bck4 = 15 -Func1 = 22 -Func2 = 23 -Func3 = 24 -Func4 = 25 -Accu1 = 16 -Accu2 = 17 -Accu3 = 18 -Accu4 = 19 -XAccu1 = 8 -XAccu2 = 9 -XAccu3 = 10 -XAccu4 = 11 -T1 = 4 -T2 = 5 -T3 = 6 -T4 = 7 -LoopC = 1 -/* byteorder: high number <--> high significance */ -sha256_nextBlock: - ; initial, let's make some space ready for local vars - push r4 /* replace push & pop by mem ops? */ - push r5 - push r6 - push r7 - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack - movw r30, r22 ; Z points to message - subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha256_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - push r18 - push r19 - push r24 - push r25 /* param1 will be needed later */ - ; now we fill the w array with message (think about endianess) - adiw r26, 1 ; X++ - ldi r20, 16 -sha256_nextBlock_wcpyloop: - ld r23, Z+ - ld r22, Z+ - ld r19, Z+ - ld r18, Z+ - st X+, r18 - st X+, r19 - st X+, r22 - st X+, r23 - dec r20 - brne sha256_nextBlock_wcpyloop -/* for (i=16; i<64; ++i){ - w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16]; - } */ - /* r25,r24,r23,r24 (r21,r20) are function values - r19,r18,r17,r16 are the accumulator - r15,r14,r13,rBck1 are backup1 - r11,r10,r9 ,r8 are xor accu - r1 is round counter */ - - ldi r20, 64-16 - mov LoopC, r20 -sha256_nextBlock_wcalcloop: - movw r30, r26 ; cp X to Z - sbiw r30, 63 - sbiw r30, 1 ; substract 64 = 16*4 - ld Accu1, Z+ - ld Accu2, Z+ - ld Accu3, Z+ - ld Accu4, Z+ /* w[i] = w[i-16] */ - ld Bck1, Z+ - ld Bck2, Z+ - ld Bck3, Z+ - ld Bck4, Z+ /* backup = w[i-15] */ - /* now sigma 0 */ - mov Func1, Bck2 - mov Func2, Bck3 - mov Func3, Bck4 - mov Func4, Bck1 /* prerotated by 8 */ - ldi r20, 1 - rcall bitrotl - movw XAccu1, Func1 - movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/ -sigma0_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - ror Bck1 - dec Func2 - brne sigma0_shr - eor XAccu1, Bck1 - eor XAccu2, Bck2 - eor XAccu3, Bck3 - eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - ldd Func1, Z+7*4 /* now accu += w[i-7] */ - ldd Func2, Z+7*4+1 - ldd Func3, Z+7*4+2 - ldd Func4, Z+7*4+3 - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - ldd Bck1, Z+12*4 /* now backup = w[i-2]*/ - ldd Bck2, Z+12*4+1 - ldd Bck3, Z+12*4+2 - ldd Bck4, Z+12*4+3 - /* now sigma 1 */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 1 - rcall bitrotr - movw XAccu3, Func3 - movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */ -; movw Func1, Bck3 -; movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/ -sigma1_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - dec Func2 - brne sigma1_shr - eor XAccu1, Bck2 - eor XAccu2, Bck3 - eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - /* now let's store the shit */ - st X+, Accu1 - st X+, Accu2 - st X+, Accu3 - st X+, Accu4 - dec LoopC - breq 3f ; skip if zero - rjmp sha256_nextBlock_wcalcloop -3: - /* we are finished with w array X points one byte post w */ -/* init a array */ - pop r31 - pop r30 - push r30 - push r31 - ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */ -init_a_array: - ld r1, Z+ - st X+, r1 - dec r25 - brne init_a_array - -/* now the real fun begins */ -/* for (i=0; i<64; ++i){ - t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i]; - t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]); - memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; - a[4] += t1; - a[0] = t1 + t2; - } */ - /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */ - sbiw r26, 8*4 /* X still points at a[7]+1*/ - movw r28, r26 - ldi r30, lo8(sha256_kv) - ldi r31, hi8(sha256_kv) - dec r27 /* X - (64*4 == 256) */ - ldi r25, 64 - mov LoopC, r25 -sha256_main_loop: - /* now calculate t1 */ - /*CH(x,y,z) = (x&y)^((~x)&z)*/ - ldd T1, Y+5*4 - ldd T2, Y+5*4+1 - ldd T3, Y+5*4+2 - ldd T4, Y+5*4+3 /* y in T */ - ldd Func1, Y+4*4 - ldd Func2, Y+4*4+1 - ldd Func3, Y+4*4+2 - ldd Func4, Y+4*4+3 /* x in Func */ - ldd Bck1, Y+6*4 - ldd Bck2, Y+6*4+1 - ldd Bck3, Y+6*4+2 - ldd Bck4, Y+6*4+3 /* z in Bck */ - and T1, Func1 - and T2, Func2 - and T3, Func3 - and T4, Func4 - com Func1 - com Func2 - com Func3 - com Func4 - and Bck1, Func1 - and Bck2, Func2 - and Bck3, Func3 - and Bck4, Func4 - eor T1, Bck1 - eor T2, Bck2 - eor T3, Bck3 - eor T4, Bck4 /* done, CH(x,y,z) is in T */ - /* now SIGMA1(a[4]) */ - ldd Bck4, Y+4*4 /* think about using it from Func reg above*/ - ldd Bck1, Y+4*4+1 - ldd Bck2, Y+4*4+2 - ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */ - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotl /* rotr(x,6) */ - movw XAccu1, Func1 - movw XAccu3, Func3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 3 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - movw Func1, Bck3 /* this prerotates furteh 16 bits*/ - movw Func3, Bck1 /* so we have now prerotated by 24 bits*/ - ldi r20, 1 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* finished with SIGMA1, add it to T */ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 - /* now we've to add a[7], w[i] and k[i] */ - ldd XAccu1, Y+4*7 - ldd XAccu2, Y+4*7+1 - ldd XAccu3, Y+4*7+2 - ldd XAccu4, Y+4*7+3 - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add a[7] */ - ld XAccu1, X+ - ld XAccu2, X+ - ld XAccu3, X+ - ld XAccu4, X+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add w[i] */ - lpm XAccu1, Z+ - lpm XAccu2, Z+ - lpm XAccu3, Z+ - lpm XAccu4, Z+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add k[i] */ /* finished with t1 */ - /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/ - /* starting with MAJ(x,y,z) */ - ldd Func1, Y+4*0+0 - ldd Func2, Y+4*0+1 - ldd Func3, Y+4*0+2 - ldd Func4, Y+4*0+3 /* load x=a[0] */ - ldd XAccu1, Y+4*1+0 - ldd XAccu2, Y+4*1+1 - ldd XAccu3, Y+4*1+2 - ldd XAccu4, Y+4*1+3 /* load y=a[1] */ - and XAccu1, Func1 - and XAccu2, Func2 - and XAccu3, Func3 - and XAccu4, Func4 /* XAccu == (x & y) */ - ldd Bck1, Y+4*2+0 - ldd Bck2, Y+4*2+1 - ldd Bck3, Y+4*2+2 - ldd Bck4, Y+4*2+3 /* load z=a[2] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */ - ldd Func1, Y+4*1+0 - ldd Func2, Y+4*1+1 - ldd Func3, Y+4*1+2 - ldd Func4, Y+4*1+3 /* load y=a[1] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */ - /* SIGMA0(a[0]) */ - ldd Bck1, Y+4*0+0 /* we should combine this with above */ - ldd Bck2, Y+4*0+1 - ldd Bck3, Y+4*0+2 - ldd Bck4, Y+4*0+3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotr - movw Accu1, Func1 - movw Accu3, Func3 /* Accu = shr(a[0], 2) */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotate by 16 bits */ - ldi r20, 3 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */ - mov Func1, Bck4 - mov Func2, Bck1 - mov Func3, Bck2 - mov Func4, Bck3 /* prerotate by 24 bits */ - ldi r20, 2 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */ - add Accu1, XAccu1 /* add previous result (MAJ)*/ - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 - /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/ - /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */ - - ldi r21, 7*4 - adiw r28, 7*4 -a_shift_loop: - ld r25, -Y /* warning: this is PREdecrement */ - std Y+4, r25 - dec r21 - brne a_shift_loop - - ldd Bck1, Y+4*4+0 - ldd Bck2, Y+4*4+1 - ldd Bck3, Y+4*4+2 - ldd Bck4, Y+4*4+3 - add Bck1, T1 - adc Bck2, T2 - adc Bck3, T3 - adc Bck4, T4 - std Y+4*4+0, Bck1 - std Y+4*4+1, Bck2 - std Y+4*4+2, Bck3 - std Y+4*4+3, Bck4 - add Accu1, T1 - adc Accu2, T2 - adc Accu3, T3 - adc Accu4, T4 - std Y+4*0+0, Accu1 - std Y+4*0+1, Accu2 - std Y+4*0+2, Accu3 - std Y+4*0+3, Accu4 /* a array updated */ - - - dec LoopC - breq update_state - rjmp sha256_main_loop ;brne sha256_main_loop -update_state: - /* update state */ - /* pointers to state should still exist on the stack ;-) */ - pop r31 - pop r30 - ldi r21, 8 -update_state_loop: - ldd Accu1, Z+0 - ldd Accu2, Z+1 - ldd Accu3, Z+2 - ldd Accu4, Z+3 - ld Func1, Y+ - ld Func2, Y+ - ld Func3, Y+ - ld Func4, Y+ - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - st Z+, Accu1 - st Z+, Accu2 - st Z+, Accu3 - st Z+, Accu4 - dec r21 - brne update_state_loop - /* now we just have to update the length */ - adiw r30, 1 /* since we add 512, we can simply skip the LSB */ - ldi r21, 2 - ldi r22, 6 - ld r20, Z - add r20, r21 - st Z+, r20 - clr r21 -sha256_nextBlock_fix_length: - brcc sha256_nextBlock_epilog - ld r20, Z - adc r20, r21 - st Z+, r20 - dec r22 - brne sha256_nextBlock_fix_length - -; EPILOG -sha256_nextBlock_epilog: -/* now we should clean up the stack */ - - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - pop r7 - pop r6 - pop r5 - pop r4 - ret - -sha256_kv: ; round-key-vector stored in ProgMem -.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c -.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b -.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9 -.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429 -.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272 -.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a -.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e -.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671 - - -;########################################################### - -.global sha256_init -;uint32_t sha256_init_vector[]={ -; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, -; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 }; -; -;void sha256_init(sha256_ctx_t *state){ -; state->length=0; -; memcpy(state->h, sha256_init_vector, 8*4); -;} -; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha256_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha256_init_vector)) - ldi r31, hi8((sha256_init_vector)) - ldi r22, 32+8 -sha256_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha256_init_vloop - ret - -sha256_init_vector: -.word 0xE667, 0x6A09 -.word 0xAE85, 0xBB67 -.word 0xF372, 0x3C6E -.word 0xF53A, 0xA54F -.word 0x527F, 0x510E -.word 0x688C, 0x9B05 -.word 0xD9AB, 0x1F83 -.word 0xCD19, 0x5BE0 -.word 0x0000, 0x0000 -.word 0x0000, 0x0000 - -;########################################################### - -.global rotl32 -; === ROTL32 === -; function that rotates a 32 bit word to the left -; param1: the 32-bit word to rotate -; given in r25,r24,r23,r22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotl32: - cpi r20, 8 - brlo bitrotl - mov r21, r25 - mov r25, r24 - mov r24, r23 - mov r23, r22 - mov r22, r21 - subi r20, 8 - rjmp rotl32 -bitrotl: - clr r21 - clc -bitrotl_loop: - tst r20 - breq fixrotl - rol r22 - rol r23 - rol r24 - rol r25 - rol r21 - dec r20 - rjmp bitrotl_loop -fixrotl: - or r22, r21 - ret - - -;########################################################### - -.global rotr32 -; === ROTR32 === -; function that rotates a 32 bit word to the right -; param1: the 32-bit word to rotate -; given in r25,r24,r23,22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotr32: - cpi r20, 8 - brlo bitrotr - mov r21, r22 - mov r22, r23 - mov r23, r24 - mov r24, r25 - mov r25, r21 - subi r20, 8 - rjmp rotr32 -bitrotr: - clr r21 - clc -bitrotr_loop: - tst r20 - breq fixrotr - ror r25 - ror r24 - ror r23 - ror r22 - ror r21 - dec r20 - rjmp bitrotr_loop -fixrotr: - or r25, r21 - ret - - -;########################################################### - -.global change_endian32 -; === change_endian32 === -; function that changes the endianess of a 32-bit word -; param1: the 32-bit word -; given in r25,r24,r23,22 (r25 is most significant) -; modifys: r21, r22 -change_endian32: - movw r20, r22 ; (r22,r23) --> (r20,r21) - mov r22, r25 - mov r23, r24 - mov r24, r21 - mov r25, r20 - ret - diff --git a/entropium/sha256.h b/entropium/sha256.h deleted file mode 100644 index 24960a3..0000000 --- a/entropium/sha256.h +++ /dev/null @@ -1,122 +0,0 @@ -/* sha256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha256.h - * \author Daniel Otte - * \date 2006-05-16 - * \license GPLv3 or later - * - */ - -#ifndef SHA256_H_ -#define SHA256_H_ - -#define __LITTLE_ENDIAN__ - - -#include - -/** \def SHA256_HASH_BITS - * defines the size of a SHA-256 hash value in bits - */ - -/** \def SHA256_HASH_BYTES - * defines the size of a SHA-256 hash value in bytes - */ - -/** \def SHA256_BLOCK_BITS - * defines the size of a SHA-256 input block in bits - */ - -/** \def SHA256_BLOCK_BYTES - * defines the size of a SHA-256 input block in bytes - */ - -#define SHA256_HASH_BITS 256 -#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8) -#define SHA256_BLOCK_BITS 512 -#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8) - -/** \typedef sha256_ctx_t - * \brief SHA-256 context type - * - * A variable of this type may hold the state of a SHA-256 hashing process - */ -typedef struct { - uint32_t h[8]; - uint64_t length; -} sha256_ctx_t; - -/** \typedef sha256_hash_t - * \brief SHA-256 hash value type - * - * A variable of this type may hold the hash value produced by the - * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function. - */ -typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES]; - -/** \fn void sha256_init(sha256_ctx_t *state) - * \brief initialise a SHA-256 context - * - * This function sets a ::sha256_ctx_t to the initial values for hashing. - * \param state pointer to the SHA-256 hashing context - */ -void sha256_init(sha256_ctx_t *state); - -/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block) - * \brief update the context with a given block - * - * This function updates the SHA-256 hash context by processing the given block - * of fixed length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - */ -void sha256_nextBlock (sha256_ctx_t* state, const void* block); - -/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b) - * \brief finalize the context with the given block - * - * This function finalizes the SHA-256 hash context by processing the given block - * of variable length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - * \param length_b the length of the block in bits - */ -void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b); - -/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) - * \brief convert the hash state into the hash value - * This function reads the context and writes the hash value to the destination - * \param dest pointer to the location where the hash value should be written - * \param state pointer to the SHA-256 hash context - */ -void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state); - -/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b) - * \brief simple SHA-256 hashing function for direct hashing - * - * This function automaticaly hashes a given message of arbitary length with - * the SHA-256 hashing algorithm. - * \param dest pointer to the location where the hash value is going to be written to - * \param msg pointer to the message thats going to be hashed - * \param length_b length of the message in bits - */ -void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b); - -#endif /*SHA256_H_*/ diff --git a/gf256mul.S b/gf256mul.S deleted file mode 100644 index b269d3a..0000000 --- a/gf256mul.S +++ /dev/null @@ -1,82 +0,0 @@ -/* gf256mul.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: gf256mul.S - * Author: Daniel Otte - * Date: 2008-12-19 - * License: GPLv3 or later - * Description: peasant's algorithm for multiplication in GF(2^8) - * - */ - -#include -#define OPTIMIZE_SMALL_A - -/* - * param a: r24 - * param b: r22 - * param reducer: r20 - */ -A = 23 -B = 22 -P = 24 -.global gf256mul - -#ifdef OPTIMIZE_SMALL_A -gf256mul: - mov A, r24 - clr r24 -1: - lsr A - breq 4f - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - rjmp 1b -4: - brcc 2f - eor P, B -2: - ret - -#else - -gf256mul: - mov r21, r24 - clr r24 - ldi r25, 8 -1: - lsr A - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - dec r25 - brne 1b - ret - -#endif diff --git a/gf256mul.h b/gf256mul.h deleted file mode 100644 index 87f1cb3..0000000 --- a/gf256mul.h +++ /dev/null @@ -1,37 +0,0 @@ -/* gf256mul.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef GF256MUL_H_ -#define GF256MUL_H_ - -/** - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-12-19 - * \license GPLv3 - * \brief - * - * - */ - -#include - -uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); - -#endif /* GF256MUL_H_ */ - diff --git a/groestl/aes_sbox.c b/groestl/aes_sbox.c deleted file mode 100644 index 85b08de..0000000 --- a/groestl/aes_sbox.c +++ /dev/null @@ -1,23 +0,0 @@ -/* aes sbox */ - -#include -#include -uint8_t aes_sbox[256] PROGMEM = { - 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -}; - diff --git a/groestl/aes_sbox.h b/groestl/aes_sbox.h deleted file mode 100644 index 5bc03b7..0000000 --- a/groestl/aes_sbox.h +++ /dev/null @@ -1,33 +0,0 @@ -/* aes_sbox.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file aes_sbox.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2008-12-30 - * \license GPLv3 or later - * - */ -#ifndef AES_SBOX_H_ -#define AES_SBOX_H_ -#include - -extern uint8_t aes_sbox[]; - -#endif diff --git a/groestl/gf256mul.S b/groestl/gf256mul.S deleted file mode 100644 index b269d3a..0000000 --- a/groestl/gf256mul.S +++ /dev/null @@ -1,82 +0,0 @@ -/* gf256mul.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: gf256mul.S - * Author: Daniel Otte - * Date: 2008-12-19 - * License: GPLv3 or later - * Description: peasant's algorithm for multiplication in GF(2^8) - * - */ - -#include -#define OPTIMIZE_SMALL_A - -/* - * param a: r24 - * param b: r22 - * param reducer: r20 - */ -A = 23 -B = 22 -P = 24 -.global gf256mul - -#ifdef OPTIMIZE_SMALL_A -gf256mul: - mov A, r24 - clr r24 -1: - lsr A - breq 4f - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - rjmp 1b -4: - brcc 2f - eor P, B -2: - ret - -#else - -gf256mul: - mov r21, r24 - clr r24 - ldi r25, 8 -1: - lsr A - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - dec r25 - brne 1b - ret - -#endif diff --git a/groestl/gf256mul.h b/groestl/gf256mul.h deleted file mode 100644 index 87f1cb3..0000000 --- a/groestl/gf256mul.h +++ /dev/null @@ -1,37 +0,0 @@ -/* gf256mul.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef GF256MUL_H_ -#define GF256MUL_H_ - -/** - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-12-19 - * \license GPLv3 - * \brief - * - * - */ - -#include - -uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); - -#endif /* GF256MUL_H_ */ - diff --git a/groestl/groestl_large.c b/groestl/groestl_large.c index bcfd8e5..322e1c6 100644 --- a/groestl/groestl_large.c +++ b/groestl/groestl_large.c @@ -26,9 +26,9 @@ */ #include "groestl_large.h" -#include "aes_sbox.h" -#include "gf256mul.h" -#include "memxor.h" +#include "aes/aes_sbox.h" +#include "gf256mul/gf256mul.h" +#include "memxor/memxor.h" #include #include #include diff --git a/groestl/groestl_small.c b/groestl/groestl_small.c index 44ab7ee..7e59ca4 100644 --- a/groestl/groestl_small.c +++ b/groestl/groestl_small.c @@ -26,9 +26,9 @@ */ #include "groestl_small.h" -#include "aes_sbox.h" -#include "gf256mul.h" -#include "memxor.h" +#include "aes/aes_sbox.h" +#include "gf256mul/gf256mul.h" +#include "memxor/memxor.h" #include #include #include diff --git a/groestl/memxor.S b/groestl/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/groestl/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/groestl/memxor.h b/groestl/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/groestl/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/hfal-basic.c b/hfal-basic.c deleted file mode 100644 index 551a8bc..0000000 --- a/hfal-basic.c +++ /dev/null @@ -1,102 +0,0 @@ -/* hfal-basic.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include -#include "hashfunction_descriptor.h" -#include "hfal-basic.h" -#include - -uint8_t hfal_hash_init(const hfdesc_t* hash_descriptor, hfgen_ctx_t* ctx){ - hf_init_fpt f; - uint16_t tmp; - ctx->desc_ptr = (hfdesc_t*)hash_descriptor; - tmp = pgm_read_word(&(hash_descriptor->ctxsize_B)); - if(!(ctx->ctx=malloc(tmp))) - return 3; - f= (hf_init_fpt)pgm_read_word(&(hash_descriptor->init)); - f(ctx->ctx); - return 0; -} - -void hfal_hash_nextBlock(hfgen_ctx_t* ctx, const void* block){ - hf_nextBlock_fpt f; - hfdesc_t* x=(ctx->desc_ptr); - f =(hf_nextBlock_fpt)pgm_read_word(&(x->nextBlock)); - f(ctx->ctx, block); -} - -void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b){ - hf_lastBlock_fpt f; - hfdesc_t* x=ctx->desc_ptr; - f =(hf_lastBlock_fpt)pgm_read_word(&(x->lastBlock)); - f(ctx->ctx, block, length_b); -} - -void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx){ - hf_ctx2hash_fpt f; - hfdesc_t* x=ctx->desc_ptr; - f =(hf_ctx2hash_fpt)pgm_read_word(&(x->ctx2hash)); - f(dest, ctx->ctx); -} - -void hfal_hash_free(hfgen_ctx_t* ctx){ - hf_free_fpt f; - hfdesc_t* x=ctx->desc_ptr; - f =(hf_free_fpt)pgm_read_word(&(x->free)); - if(f) - f(ctx->ctx); - free(ctx->ctx); -} - -void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b){ - void_fpt f; - f = (void_fpt)pgm_read_word(&(hash_descriptor->mem)); - if(f){ - ((hf_mem_fpt)f)(dest, msg, length_b); - }else{ - uint16_t bs,bsb; - uint8_t ctx[pgm_read_word(&(hash_descriptor->ctxsize_B))]; - f=(void_fpt)(pgm_read_word(&(hash_descriptor->init))); - ((hf_init_fpt)f)(ctx); - bs=pgm_read_word(&(hash_descriptor->blocksize_b)); - bsb=bs/8; - f=(void_fpt)(pgm_read_word(&(hash_descriptor->nextBlock))); - while(length_b>bs){ - ((hf_nextBlock_fpt)f)(ctx, msg); - length_b -= bs; - msg = (uint8_t*)msg + bsb; - } - f=(void_fpt)(pgm_read_word(&(hash_descriptor->lastBlock))); - ((hf_lastBlock_fpt)f)(ctx, msg, length_b); - f=(void_fpt)(pgm_read_word(&(hash_descriptor->ctx2hash))); - ((hf_ctx2hash_fpt)f)(dest, ctx); - } -} - -uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor){ - uint16_t ret; - ret = pgm_read_word(&(hash_descriptor->blocksize_b)); - return ret; -} - -uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor){ - uint16_t ret; - ret = pgm_read_word(&(hash_descriptor->hashsize_b)); - return ret; -} diff --git a/hfal-basic.h b/hfal-basic.h deleted file mode 100644 index 7737e05..0000000 --- a/hfal-basic.h +++ /dev/null @@ -1,35 +0,0 @@ -/* hfal-basic.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef HFAL_BASIC_H_ -#define HFAL_BASIC_H_ - -#include -#include "hashfunction_descriptor.h" - -uint8_t hfal_hash_init(const hfdesc_t* hash_descriptor, hfgen_ctx_t* ctx); -void hfal_hash_nextBlock(hfgen_ctx_t* ctx, const void* block); -void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b); -void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx); -void hfal_hash_free(hfgen_ctx_t* ctx); -void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b); -uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor); -uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor); - -#endif /* HFAL_BASIC_H_ */ diff --git a/hfal-nessie.c b/hfal-nessie.c deleted file mode 100644 index 7188d0e..0000000 --- a/hfal-nessie.c +++ /dev/null @@ -1,61 +0,0 @@ -/* hfal-nessie.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \file hfal-nessie.c - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2009-05-10 - * \license GPLv3 or later - * - */ - -#include "nessie_hash_test.h" -#include "hashfunction_descriptor.h" -#include -#include - -void hfal_nessie(const hfdesc_t* hd){ - if(pgm_read_byte(&(hd->type))!=HFDESC_TYPE_HASHFUNCTION) - return; - char name[1+strlen_P((void*)pgm_read_word(&(hd->name)))]; - strcpy_P(name, (void*)pgm_read_word(&(hd->name))); - - nessie_hash_ctx.hashsize_b = pgm_read_word(&(hd->hashsize_b)); - nessie_hash_ctx.name = name; - nessie_hash_ctx.blocksize_B = pgm_read_word(&(hd->blocksize_b))/8; - nessie_hash_ctx.ctx_size_B = pgm_read_word(&(hd->ctxsize_B)); - nessie_hash_ctx.hash_init = (nessie_hash_init_fpt)pgm_read_word(&(hd->init)); - nessie_hash_ctx.hash_next = (nessie_hash_next_fpt)pgm_read_word(&(hd->nextBlock)); - nessie_hash_ctx.hash_last = (nessie_hash_last_fpt)pgm_read_word(&(hd->lastBlock)); - nessie_hash_ctx.hash_conv = (nessie_hash_conv_fpt)pgm_read_word(&(hd->ctx2hash)); - - nessie_hash_run(); -} - -void hfal_nessie_multiple(const hfdesc_t** hd_list){ - const hfdesc_t* hd; - for(;;){ - hd = (void*)pgm_read_word(hd_list); - if(!hd) - return; - hfal_nessie(hd); - hd_list = (void*)((uint8_t*)hd_list + 2); - } -} - diff --git a/hfal-nessie.h b/hfal-nessie.h deleted file mode 100644 index e9be131..0000000 --- a/hfal-nessie.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal-nessie.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \file hfal-nessie.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2009-05-10 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_NESSIE_H_ -#define HFAL_NESSIE_H_ - -#include "hashfunction_descriptor.h" - -void hfal_nessie(const hfdesc_t* hd); -void hfal_nessie_multiple(const hfdesc_t** hd_list); - -#endif /* HFAL_NESSIE_H_ */ diff --git a/hfal-performance.c b/hfal-performance.c deleted file mode 100644 index 5371f80..0000000 --- a/hfal-performance.c +++ /dev/null @@ -1,219 +0,0 @@ -/* hfal-performance.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \file hfal-performance.c - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2009-05-10 - * \license GPLv3 or later - * - */ - -#include "hfal-performance.h" -#include "hashfunction_descriptor.h" -#include "stack_measuring.h" -#include "cli.h" -#include "performance_test.h" -#include -#include -#include -#include - -#define PATTERN_A 0xAA -#define PATTERN_B 0x55 - -static -void printvalue(unsigned long v){ - char str[20]; - int i; - ultoa(v, str, 10); - for(i=0; i<10-strlen(str); ++i){ - cli_putc(' '); - } - cli_putstr(str); -} - -void hfal_performance(const hfdesc_t* hd){ - hfdesc_t hf; - memcpy_P(&hf, hd, sizeof(hfdesc_t)); - uint8_t ctx[hf.ctxsize_B]; - uint8_t data[(hf.blocksize_b+7)/8]; - uint8_t digest[(hf.hashsize_b+7)/8]; - uint64_t t; - uint8_t i; - - if(hf.type!=HFDESC_TYPE_HASHFUNCTION) - return; - calibrateTimer(); - print_overhead(); - cli_putstr_P(PSTR("\r\n\r\n === ")); - cli_putstr_P(hf.name); - cli_putstr_P(PSTR(" performance === " - "\r\n type: hashfunction" - "\r\n hashsize (bits): ")); - printvalue(hf.hashsize_b); - - cli_putstr_P(PSTR("\r\n ctxsize (bytes): ")); - printvalue(hf.ctxsize_B); - - cli_putstr_P(PSTR("\r\n blocksize (bits): ")); - printvalue(hf.blocksize_b); - - t=0; - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - hf.init(&ctx); - STOP_TIMER; - t += stopTimer(); - if(i!=31 && hf.free){ - hf.free(&ctx); - } - } - t>>=5; - cli_putstr_P(PSTR("\r\n init (cycles): ")); - printvalue(t); - - t=0; - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - hf.nextBlock(&ctx, data); - STOP_TIMER; - t += stopTimer(); - } - t>>=5; - cli_putstr_P(PSTR("\r\n nextBlock (cycles): ")); - printvalue(t); - - t=0; - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - hf.lastBlock(&ctx, data, 0); - STOP_TIMER; - t += stopTimer(); - } - t>>=5; - cli_putstr_P(PSTR("\r\n lastBlock (cycles): ")); - printvalue(t); - - t=0; - for(i=0; i<32; ++i){ - startTimer(0); - START_TIMER; - hf.ctx2hash(digest, &ctx); - STOP_TIMER; - t += stopTimer(); - } - t>>=5; - cli_putstr_P(PSTR("\r\n ctx2hash (cycles): ")); - printvalue(t); - - if(hf.free){ - hf.free(&ctx); - } -} - -void hfal_stacksize(const hfdesc_t* hd){ - hfdesc_t hf; - stack_measuring_ctx_t smctx; - memcpy_P(&hf, hd, sizeof(hfdesc_t)); - uint8_t ctx[hf.ctxsize_B]; - uint8_t data[(hf.blocksize_b+7)/8]; - uint8_t digest[(hf.hashsize_b+7)/8]; - uint16_t t1, t2; - - if(hf.type!=HFDESC_TYPE_HASHFUNCTION) - return; - cli_putstr_P(PSTR("\r\n\r\n === ")); - cli_putstr_P(hf.name); - cli_putstr_P(PSTR(" stack-usage === ")); - - cli(); - stack_measure_init(&smctx, PATTERN_A); - hf.init(&ctx); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - hf.init(&ctx); - t2 = stack_measure_final(&smctx); - sei(); - - t1 = (t1>t2)?t1:t2; - cli_putstr_P(PSTR("\r\n init (bytes): ")); - printvalue((unsigned long)t1); - - cli(); - stack_measure_init(&smctx, PATTERN_A); - hf.nextBlock(&ctx, data); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - hf.nextBlock(&ctx, data); - t2 = stack_measure_final(&smctx); - sei(); - - t1 = (t1>t2)?t1:t2; - cli_putstr_P(PSTR("\r\n nextBlock (bytes): ")); - printvalue((unsigned long)t1); - - cli(); - stack_measure_init(&smctx, PATTERN_A); - hf.lastBlock(&ctx, data, 0); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - hf.lastBlock(&ctx, data, 0); - t2 = stack_measure_final(&smctx); - sei(); - - t1 = (t1>t2)?t1:t2; - cli_putstr_P(PSTR("\r\n lastBlock (bytes): ")); - printvalue((unsigned long)t1); - - cli(); - stack_measure_init(&smctx, PATTERN_A); - hf.ctx2hash(digest, &ctx); - t1 = stack_measure_final(&smctx); - stack_measure_init(&smctx, PATTERN_B); - hf.ctx2hash(digest, &ctx); - t2 = stack_measure_final(&smctx); - sei(); - - t1 = (t1>t2)?t1:t2; - cli_putstr_P(PSTR("\r\n ctx2hash (bytes): ")); - printvalue((unsigned long)t1); - - if(hf.free){ - hf.free(&ctx); - } -} - -void hfal_performance_multiple(const hfdesc_t** hd_list){ - const hfdesc_t* hd; - for(;;){ - hd = (void*)pgm_read_word(hd_list); - if(!hd){ - cli_putstr_P(PSTR("\r\n\r\n End of performance figures\r\n")); - return; - } - hfal_performance(hd); - hfal_stacksize(hd); - hd_list = (void*)((uint8_t*)hd_list + 2); - } -} - diff --git a/hfal-performance.h b/hfal-performance.h deleted file mode 100644 index 65b0473..0000000 --- a/hfal-performance.h +++ /dev/null @@ -1,35 +0,0 @@ -/* hfal-performance.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \file hfal-performance.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2009-05-10 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_PERFORMANCE_H_ -#define HFAL_PERFORMANCE_H_ - -#include "hashfunction_descriptor.h" - -void hfal_performance(const hfdesc_t* hd); -void hfal_performance_multiple(const hfdesc_t** hd_list); -#endif /* HFAL_PERFORMANCE_H_ */ diff --git a/hfal-test.c b/hfal-test.c deleted file mode 100644 index 9efce38..0000000 --- a/hfal-test.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal-test.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \file hfal-test.c - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2009-05-10 - * \license GPLv3 or later - * - */ - -#include "hfal-basic.h" -#include "hashfunction_descriptor.h" -#include "cli.h" -#include -#include - -void hfal_test(const hfdesc_t* hd, void* msg, uint32_t length_b){ - if(pgm_read_byte(&(hd->type))!=HFDESC_TYPE_HASHFUNCTION) - return; - uint16_t dlen = (pgm_read_word(&(hd->hashsize_b))+7)/8; - uint8_t digest[dlen]; - cli_putstr_P(PSTR("\r\n=== ")); - cli_putstr_P((void*)pgm_read_word(&(hd->name))); - cli_putstr_P(PSTR(" ===\r\n message:")); - cli_hexdump_block(msg, (length_b+7)/8, 4, 16); - hfal_hash_mem(hd, digest, msg, length_b); - cli_putstr_P(PSTR(" \r\n digest:")); - cli_hexdump_block(digest, dlen, 4, 16); - cli_putstr_P(PSTR("\r\n")); -} - - diff --git a/hfal-test.h b/hfal-test.h deleted file mode 100644 index ac43338..0000000 --- a/hfal-test.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal-test.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \file hfal-test.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2009-05-10 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_TEST_H_ -#define HFAL_TEST_H_ - -#include "hashfunction_descriptor.h" -#include - -void hfal_test(const hfdesc_t* hd, void* msg, uint32_t length_b); - -#endif /* HFAL_TEST_H_ */ diff --git a/hfal_blake_large.c b/hfal_blake_large.c deleted file mode 100644 index f9f8180..0000000 --- a/hfal_blake_large.c +++ /dev/null @@ -1,67 +0,0 @@ -/* hfal_blake_large.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_blake_large.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-05-08 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "blake_large.h" - - -static const char blake48_str[] PROGMEM = "Blake-48"; -static const char blake64_str[] PROGMEM = "Blake-64"; - -const hfdesc_t blake48_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - blake48_str, - sizeof(blake48_ctx_t), - BLAKE48_BLOCKSIZE, - 384, - (hf_init_fpt)blake48_init, - (hf_nextBlock_fpt)blake_large_nextBlock, - (hf_lastBlock_fpt)blake_large_lastBlock, - (hf_ctx2hash_fpt)blake48_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)blake48 -}; - -const hfdesc_t blake64_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - blake64_str, - sizeof(blake64_ctx_t), - BLAKE64_BLOCKSIZE, - 512, - (hf_init_fpt)blake64_init, - (hf_nextBlock_fpt)blake_large_nextBlock, - (hf_lastBlock_fpt)blake_large_lastBlock, - (hf_ctx2hash_fpt)blake64_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)blake64 -}; - - diff --git a/hfal_blake_large.h b/hfal_blake_large.h deleted file mode 100644 index e894689..0000000 --- a/hfal_blake_large.h +++ /dev/null @@ -1,37 +0,0 @@ -/* hfal_blake_large.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_blake_large.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-05-08 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_BLAKE_LARGE_H_ -#define HFAL_BLAKE_LARGE_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t blake48_desc; -extern const hfdesc_t blake64_desc; - -#endif /* HFAL_BLAKE_LARGE_H_ */ diff --git a/hfal_blake_small.c b/hfal_blake_small.c deleted file mode 100644 index 1d890f6..0000000 --- a/hfal_blake_small.c +++ /dev/null @@ -1,67 +0,0 @@ -/* hfal_blake_small.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_blake_small.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-05-05 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "blake_small.h" - - -static const char blake28_str[] PROGMEM = "Blake-28"; -static const char blake32_str[] PROGMEM = "Blake-32"; - -const hfdesc_t blake28_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - blake28_str, - sizeof(blake28_ctx_t), - BLAKE28_BLOCKSIZE, - 224, - (hf_init_fpt)blake28_init, - (hf_nextBlock_fpt)blake_small_nextBlock, - (hf_lastBlock_fpt)blake_small_lastBlock, - (hf_ctx2hash_fpt)blake28_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)blake28 -}; - -const hfdesc_t blake32_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - blake32_str, - sizeof(blake32_ctx_t), - BLAKE32_BLOCKSIZE, - 256, - (hf_init_fpt)blake32_init, - (hf_nextBlock_fpt)blake_small_nextBlock, - (hf_lastBlock_fpt)blake_small_lastBlock, - (hf_ctx2hash_fpt)blake32_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)blake32 -}; - - diff --git a/hfal_blake_small.h b/hfal_blake_small.h deleted file mode 100644 index 70c8b83..0000000 --- a/hfal_blake_small.h +++ /dev/null @@ -1,37 +0,0 @@ -/* hfal_blake_small.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_blake_small.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-05-05 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_BLAKE_SMALL_H_ -#define HFAL_BLAKE_SMALL_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t blake28_desc; -extern const hfdesc_t blake32_desc; - -#endif /* HFAL_BLAKE_SMALL_H_ */ diff --git a/hfal_bmw_large.c b/hfal_bmw_large.c deleted file mode 100644 index 7497362..0000000 --- a/hfal_bmw_large.c +++ /dev/null @@ -1,67 +0,0 @@ -/* hfal_bmw_large.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_bmw_large.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-28 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "bmw_large.h" - - -static const char bmw384_str[] PROGMEM = "BlueMidnightWish-384"; -static const char bmw512_str[] PROGMEM = "BlueMidnightWish-512"; - -const hfdesc_t bmw384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - bmw384_str, - sizeof(bmw384_ctx_t), - BMW384_BLOCKSIZE, - 384, - (hf_init_fpt)bmw384_init, - (hf_nextBlock_fpt)bmw384_nextBlock, - (hf_lastBlock_fpt)bmw384_lastBlock, - (hf_ctx2hash_fpt)bmw384_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)bmw384 -}; - -const hfdesc_t bmw512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - bmw512_str, - sizeof(bmw512_ctx_t), - BMW512_BLOCKSIZE, - 512, - (hf_init_fpt)bmw512_init, - (hf_nextBlock_fpt)bmw512_nextBlock, - (hf_lastBlock_fpt)bmw512_lastBlock, - (hf_ctx2hash_fpt)bmw512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)bmw512 -}; - - diff --git a/hfal_bmw_large.h b/hfal_bmw_large.h deleted file mode 100644 index 667087e..0000000 --- a/hfal_bmw_large.h +++ /dev/null @@ -1,37 +0,0 @@ -/* hfal_bmw_large.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_bmw_large.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-28 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_BMW_LARGE_H_ -#define HFAL_BMW_LARGE_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t bmw384_desc; -extern const hfdesc_t bmw512_desc; - -#endif /* HFAL_BMW_LARGE_H_ */ diff --git a/hfal_bmw_small.c b/hfal_bmw_small.c deleted file mode 100644 index e87b239..0000000 --- a/hfal_bmw_small.c +++ /dev/null @@ -1,67 +0,0 @@ -/* hfal_bmw_small.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_bmw_small.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-28 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "bmw_small.h" - - -static const char bmw224_str[] PROGMEM = "BlueMidnightWish-224"; -static const char bmw256_str[] PROGMEM = "BlueMidnightWish-256"; - -const hfdesc_t bmw224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - bmw224_str, - sizeof(bmw224_ctx_t), - BMW224_BLOCKSIZE, - 224, - (hf_init_fpt)bmw224_init, - (hf_nextBlock_fpt)bmw224_nextBlock, - (hf_lastBlock_fpt)bmw224_lastBlock, - (hf_ctx2hash_fpt)bmw224_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)bmw224 -}; - -const hfdesc_t bmw256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - bmw256_str, - sizeof(bmw256_ctx_t), - BMW256_BLOCKSIZE, - 256, - (hf_init_fpt)bmw256_init, - (hf_nextBlock_fpt)bmw256_nextBlock, - (hf_lastBlock_fpt)bmw256_lastBlock, - (hf_ctx2hash_fpt)bmw256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)bmw256 -}; - - diff --git a/hfal_bmw_small.h b/hfal_bmw_small.h deleted file mode 100644 index 1ca350e..0000000 --- a/hfal_bmw_small.h +++ /dev/null @@ -1,37 +0,0 @@ -/* hfal_bmw_small.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_bmw_small.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-28 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_BMW_SMALL_H_ -#define HFAL_BMW_SMALL_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t bmw224_desc; -extern const hfdesc_t bmw256_desc; - -#endif /* HFAL_BMW_SMALL_H_ */ diff --git a/hfal_cubehash.c b/hfal_cubehash.c deleted file mode 100644 index f393cec..0000000 --- a/hfal_cubehash.c +++ /dev/null @@ -1,99 +0,0 @@ -/* hfal_cubehash.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_cubehash.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "cubehash.h" - - -static const char cubehash224_str[] PROGMEM = "CubeHash-224"; -static const char cubehash256_str[] PROGMEM = "CubeHash-256"; -static const char cubehash384_str[] PROGMEM = "CubeHash-384"; -static const char cubehash512_str[] PROGMEM = "CubeHash-512"; - -const hfdesc_t cubehash224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - cubehash224_str, - sizeof(cubehash_ctx_t), - CUBEHASH224_BLOCKSIZE, - 224, - (hf_init_fpt)cubehash224_init, - (hf_nextBlock_fpt)cubehash_nextBlock, - (hf_lastBlock_fpt)cubehash_lastBlock, - (hf_ctx2hash_fpt)cubehash224_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t cubehash256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - cubehash256_str, - sizeof(cubehash_ctx_t), - CUBEHASH256_BLOCKSIZE, - 256, - (hf_init_fpt)cubehash256_init, - (hf_nextBlock_fpt)cubehash_nextBlock, - (hf_lastBlock_fpt)cubehash_lastBlock, - (hf_ctx2hash_fpt)cubehash256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t cubehash384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - cubehash384_str, - sizeof(cubehash_ctx_t), - CUBEHASH384_BLOCKSIZE, - 384, - (hf_init_fpt)cubehash384_init, - (hf_nextBlock_fpt)cubehash_nextBlock, - (hf_lastBlock_fpt)cubehash_lastBlock, - (hf_ctx2hash_fpt)cubehash384_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t cubehash512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - cubehash512_str, - sizeof(cubehash_ctx_t), - CUBEHASH512_BLOCKSIZE, - 512, - (hf_init_fpt)cubehash512_init, - (hf_nextBlock_fpt)cubehash_nextBlock, - (hf_lastBlock_fpt)cubehash_lastBlock, - (hf_ctx2hash_fpt)cubehash512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - - diff --git a/hfal_cubehash.h b/hfal_cubehash.h deleted file mode 100644 index cd46625..0000000 --- a/hfal_cubehash.h +++ /dev/null @@ -1,32 +0,0 @@ -/* hfal_cubehash.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef HFAL_CUBEHASH_H_ -#define HFAL_CUBEHASH_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t cubehash224_desc; -extern const hfdesc_t cubehash256_desc; -extern const hfdesc_t cubehash384_desc; -extern const hfdesc_t cubehash512_desc; - - -#endif /* HFAL_CUBEHASH_H_ */ diff --git a/hfal_echo.c b/hfal_echo.c deleted file mode 100644 index 008b688..0000000 --- a/hfal_echo.c +++ /dev/null @@ -1,99 +0,0 @@ -/* hfal_echo.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_echo.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-21 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "echo.h" - - -static const char echo224_str[] PROGMEM = "ECHO-224"; -static const char echo256_str[] PROGMEM = "ECHO-256"; -static const char echo384_str[] PROGMEM = "ECHO-384"; -static const char echo512_str[] PROGMEM = "ECHO-512"; - -const hfdesc_t echo224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - echo224_str, - sizeof(echo_small_ctx_t), - ECHO224_BLOCKSIZE, - 224, - (hf_init_fpt)echo224_init, - (hf_nextBlock_fpt)echo_small_nextBlock, - (hf_lastBlock_fpt)echo_small_lastBlock, - (hf_ctx2hash_fpt)echo224_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t echo256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - echo256_str, - sizeof(echo_small_ctx_t), - ECHO256_BLOCKSIZE, - 256, - (hf_init_fpt)echo256_init, - (hf_nextBlock_fpt)echo_small_nextBlock, - (hf_lastBlock_fpt)echo_small_lastBlock, - (hf_ctx2hash_fpt)echo256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t echo384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - echo384_str, - sizeof(echo_large_ctx_t), - ECHO384_BLOCKSIZE, - 384, - (hf_init_fpt)echo384_init, - (hf_nextBlock_fpt)echo_large_nextBlock, - (hf_lastBlock_fpt)echo_large_lastBlock, - (hf_ctx2hash_fpt)echo384_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t echo512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - echo512_str, - sizeof(echo_large_ctx_t), - ECHO512_BLOCKSIZE, - 512, - (hf_init_fpt)echo512_init, - (hf_nextBlock_fpt)echo_large_nextBlock, - (hf_lastBlock_fpt)echo_large_lastBlock, - (hf_ctx2hash_fpt)echo512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - - diff --git a/hfal_echo.h b/hfal_echo.h deleted file mode 100644 index 1e5fa31..0000000 --- a/hfal_echo.h +++ /dev/null @@ -1,31 +0,0 @@ -/* hfal_echo.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef HFAL_ECHO_H_ -#define HFAL_ECHO_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t echo224_desc; -extern const hfdesc_t echo256_desc; -extern const hfdesc_t echo384_desc; -extern const hfdesc_t echo512_desc; - -#endif /* HFAL_ECHO_H_ */ diff --git a/hfal_groestl_large.c b/hfal_groestl_large.c deleted file mode 100644 index c8d9acb..0000000 --- a/hfal_groestl_large.c +++ /dev/null @@ -1,67 +0,0 @@ -/* hfal_groestl_large.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_groestl_large.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-05-05 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "groestl_large.h" -#include "groestl_small.h" - - -static const char groestl384_str[] PROGMEM = "Groestl-384"; -static const char groestl512_str[] PROGMEM = "Groestl-512"; - -const hfdesc_t groestl384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - groestl384_str, - sizeof(groestl384_ctx_t), - GROESTL384_BLOCKSIZE, - 384, - (hf_init_fpt)groestl384_init, - (hf_nextBlock_fpt)groestl_large_nextBlock, - (hf_lastBlock_fpt)groestl_large_lastBlock, - (hf_ctx2hash_fpt)groestl384_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)groestl384 -}; - -const hfdesc_t groestl512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - groestl512_str, - sizeof(groestl512_ctx_t), - GROESTL512_BLOCKSIZE, - 512, - (hf_init_fpt)groestl512_init, - (hf_nextBlock_fpt)groestl_large_nextBlock, - (hf_lastBlock_fpt)groestl_large_lastBlock, - (hf_ctx2hash_fpt)groestl512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)groestl512 -}; - diff --git a/hfal_groestl_large.h b/hfal_groestl_large.h deleted file mode 100644 index 6b50db1..0000000 --- a/hfal_groestl_large.h +++ /dev/null @@ -1,37 +0,0 @@ -/* hfal_groestl_large.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_groestl_large.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-06-11 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_GROESTL_LARGE_H_ -#define HFAL_GROESTL_LARGE_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t groestl384_desc; -extern const hfdesc_t groestl512_desc; - -#endif /* HFAL_GROESTL_LARGE_H_ */ diff --git a/hfal_groestl_small.c b/hfal_groestl_small.c deleted file mode 100644 index 27dbf57..0000000 --- a/hfal_groestl_small.c +++ /dev/null @@ -1,67 +0,0 @@ -/* hfal_groestl_small.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_groestl_small.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-05-05 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "groestl_small.h" - - -static const char groestl224_str[] PROGMEM = "Groestl-224"; -static const char groestl256_str[] PROGMEM = "Groestl-256"; - -const hfdesc_t groestl224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - groestl224_str, - sizeof(groestl224_ctx_t), - GROESTL224_BLOCKSIZE, - 224, - (hf_init_fpt)groestl224_init, - (hf_nextBlock_fpt)groestl_small_nextBlock, - (hf_lastBlock_fpt)groestl_small_lastBlock, - (hf_ctx2hash_fpt)groestl224_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)groestl224 -}; - -const hfdesc_t groestl256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - groestl256_str, - sizeof(groestl256_ctx_t), - GROESTL256_BLOCKSIZE, - 256, - (hf_init_fpt)groestl256_init, - (hf_nextBlock_fpt)groestl_small_nextBlock, - (hf_lastBlock_fpt)groestl_small_lastBlock, - (hf_ctx2hash_fpt)groestl256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)groestl256 -}; - - diff --git a/hfal_groestl_small.h b/hfal_groestl_small.h deleted file mode 100644 index deb7796..0000000 --- a/hfal_groestl_small.h +++ /dev/null @@ -1,37 +0,0 @@ -/* hfal_groestl_small.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_groestl_small.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-05-05 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_GROESTL_SMALL_H_ -#define HFAL_GROESTL_SMALL_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t groestl224_desc; -extern const hfdesc_t groestl256_desc; - -#endif /* HFAL_GROESTL_SMALL_H_ */ diff --git a/hfal_keccak.c b/hfal_keccak.c deleted file mode 100644 index 2f50bbb..0000000 --- a/hfal_keccak.c +++ /dev/null @@ -1,99 +0,0 @@ -/* hfal_keccak.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_keccak.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "keccak.h" - - -static const char keccak224_str[] PROGMEM = "Keccak-224"; -static const char keccak256_str[] PROGMEM = "Keccak-256"; -static const char keccak384_str[] PROGMEM = "Keccak-384"; -static const char keccak512_str[] PROGMEM = "Keccak-512"; - -const hfdesc_t keccak224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - keccak224_str, - sizeof(keccak_ctx_t), - KECCAK224_BLOCKSIZE, - 224, - (hf_init_fpt)keccak224_init, - (hf_nextBlock_fpt)keccak_nextBlock, - (hf_lastBlock_fpt)keccak_lastBlock, - (hf_ctx2hash_fpt)keccak224_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t keccak256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - keccak256_str, - sizeof(keccak_ctx_t), - KECCAK256_BLOCKSIZE, - 256, - (hf_init_fpt)keccak256_init, - (hf_nextBlock_fpt)keccak_nextBlock, - (hf_lastBlock_fpt)keccak_lastBlock, - (hf_ctx2hash_fpt)keccak256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t keccak384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - keccak384_str, - sizeof(keccak_ctx_t), - KECCAK384_BLOCKSIZE, - 384, - (hf_init_fpt)keccak384_init, - (hf_nextBlock_fpt)keccak_nextBlock, - (hf_lastBlock_fpt)keccak_lastBlock, - (hf_ctx2hash_fpt)keccak384_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - -const hfdesc_t keccak512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - keccak512_str, - sizeof(keccak_ctx_t), - KECCAK512_BLOCKSIZE, - 512, - (hf_init_fpt)keccak512_init, - (hf_nextBlock_fpt)keccak_nextBlock, - (hf_lastBlock_fpt)keccak_lastBlock, - (hf_ctx2hash_fpt)keccak512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - - diff --git a/hfal_keccak.h b/hfal_keccak.h deleted file mode 100644 index 662c6e3..0000000 --- a/hfal_keccak.h +++ /dev/null @@ -1,39 +0,0 @@ -/* hfal_keccak.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_keccak.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2010-02-09 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_KECCAK_H_ -#define HFAL_KECCAK_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t keccak224_desc; -extern const hfdesc_t keccak256_desc; -extern const hfdesc_t keccak384_desc; -extern const hfdesc_t keccak512_desc; - -#endif /* HFAL_KECCAK_H_ */ diff --git a/hfal_md5.c b/hfal_md5.c deleted file mode 100644 index 0ccee60..0000000 --- a/hfal_md5.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal_md5.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_md5.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "md5.h" - -static const char md5_str[] PROGMEM = "MD5"; - -const hfdesc_t md5_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - md5_str, - sizeof(md5_ctx_t), - 512, - 128, - (hf_init_fpt)md5_init, - (hf_nextBlock_fpt)md5_nextBlock, - (hf_lastBlock_fpt)md5_lastBlock, - (hf_ctx2hash_fpt)md5_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)md5 -}; - diff --git a/hfal_md5.h b/hfal_md5.h deleted file mode 100644 index 1c4d529..0000000 --- a/hfal_md5.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal_md5.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_md5.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_MD5_H_ -#define HFAL_MD5_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t md5_desc; - -#endif /* HFAL_MD5_H_ */ diff --git a/hfal_sha1.c b/hfal_sha1.c deleted file mode 100644 index 04023e7..0000000 --- a/hfal_sha1.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal_sha1.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_sha1.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-04 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "sha1.h" - -static const char sha1_str[] PROGMEM = "SHA-1"; - -const hfdesc_t sha1_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - sha1_str, - sizeof(sha1_ctx_t), - 512, - 160, - (hf_init_fpt)sha1_init, - (hf_nextBlock_fpt)sha1_nextBlock, - (hf_lastBlock_fpt)sha1_lastBlock, - (hf_ctx2hash_fpt)sha1_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)sha1 -}; - diff --git a/hfal_sha1.h b/hfal_sha1.h deleted file mode 100644 index d39e460..0000000 --- a/hfal_sha1.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal_sha1.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_sha1.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-04 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_SHA1_H_ -#define HFAL_SHA1_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t sha1_desc; - -#endif /* HFAL_SHA1_H_ */ diff --git a/hfal_sha256.c b/hfal_sha256.c deleted file mode 100644 index 0ae65c4..0000000 --- a/hfal_sha256.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal_sha256.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_sha256.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-04 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "sha256.h" - -static const char sha256_str[] PROGMEM = "SHA-256"; - -const hfdesc_t sha256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - sha256_str, - sizeof(sha256_ctx_t), - 512, - 256, - (hf_init_fpt)sha256_init, - (hf_nextBlock_fpt)sha256_nextBlock, - (hf_lastBlock_fpt)sha256_lastBlock, - (hf_ctx2hash_fpt)sha256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)sha256 -}; - diff --git a/hfal_sha256.h b/hfal_sha256.h deleted file mode 100644 index bf308a5..0000000 --- a/hfal_sha256.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal_sha256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_sha256.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-04 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_SHA256_H_ -#define HFAL_SHA256_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t sha256_desc; - -#endif /* HFAL_SHA256_H_ */ diff --git a/hfal_shabal.c b/hfal_shabal.c deleted file mode 100644 index bacce62..0000000 --- a/hfal_shabal.c +++ /dev/null @@ -1,113 +0,0 @@ -/* hfal_shabal.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_shabal.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-20 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "shabal.h" - - -static const char shabal192_str[] PROGMEM = "Shabal-192"; -static const char shabal224_str[] PROGMEM = "Shabal-224"; -static const char shabal256_str[] PROGMEM = "Shabal-256"; -static const char shabal384_str[] PROGMEM = "Shabal-384"; -static const char shabal512_str[] PROGMEM = "Shabal-512"; - -const hfdesc_t shabal192_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - shabal192_str, - sizeof(shabal_ctx_t), - SHABAL_BLOCKSIZE, - 192, - (hf_init_fpt)shabal192_init, - (hf_nextBlock_fpt)shabal_nextBlock, - (hf_lastBlock_fpt)shabal_lastBlock, - (hf_ctx2hash_fpt)shabal192_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)shabal192 -}; - -const hfdesc_t shabal224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - shabal224_str, - sizeof(shabal_ctx_t), - SHABAL_BLOCKSIZE, - 224, - (hf_init_fpt)shabal224_init, - (hf_nextBlock_fpt)shabal_nextBlock, - (hf_lastBlock_fpt)shabal_lastBlock, - (hf_ctx2hash_fpt)shabal224_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)shabal224 -}; - -const hfdesc_t shabal256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - shabal256_str, - sizeof(shabal_ctx_t), - SHABAL_BLOCKSIZE, - 256, - (hf_init_fpt)shabal256_init, - (hf_nextBlock_fpt)shabal_nextBlock, - (hf_lastBlock_fpt)shabal_lastBlock, - (hf_ctx2hash_fpt)shabal256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)shabal256 -}; - -const hfdesc_t shabal384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - shabal384_str, - sizeof(shabal_ctx_t), - SHABAL_BLOCKSIZE, - 384, - (hf_init_fpt)shabal384_init, - (hf_nextBlock_fpt)shabal_nextBlock, - (hf_lastBlock_fpt)shabal_lastBlock, - (hf_ctx2hash_fpt)shabal384_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)shabal384 -}; - -const hfdesc_t shabal512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - shabal512_str, - sizeof(shabal_ctx_t), - SHABAL_BLOCKSIZE, - 512, - (hf_init_fpt)shabal512_init, - (hf_nextBlock_fpt)shabal_nextBlock, - (hf_lastBlock_fpt)shabal_lastBlock, - (hf_ctx2hash_fpt)shabal512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)shabal512 -}; diff --git a/hfal_shabal.h b/hfal_shabal.h deleted file mode 100644 index 6299519..0000000 --- a/hfal_shabal.h +++ /dev/null @@ -1,40 +0,0 @@ -/* hfal_shabal.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_shabal.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-04-20 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_SHABAL_H_ -#define HFAL_SHABAL_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t shabal192_desc; -extern const hfdesc_t shabal224_desc; -extern const hfdesc_t shabal256_desc; -extern const hfdesc_t shabal384_desc; -extern const hfdesc_t shabal512_desc; - -#endif /* HFAL_SHABAL_H_ */ diff --git a/hfal_skein1024.c b/hfal_skein1024.c deleted file mode 100644 index 485bed5..0000000 --- a/hfal_skein1024.c +++ /dev/null @@ -1,162 +0,0 @@ -/* hfal_skein1024.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_skein1024.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-03-13 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "skein.h" - - -static const char skein1024_128_str[] PROGMEM = "Skein-1024-128"; -static const char skein1024_160_str[] PROGMEM = "Skein-1024-160"; -static const char skein1024_224_str[] PROGMEM = "Skein-1024-224"; -static const char skein1024_256_str[] PROGMEM = "Skein-1024-256"; -static const char skein1024_384_str[] PROGMEM = "Skein-1024-384"; -static const char skein1024_512_str[] PROGMEM = "Skein-1024-512"; -static const char skein1024_1024_str[] PROGMEM = "Skein-1024-1024"; - -void skein1024_128_init(skein1024_ctx_t* ctx){ - skein1024_init(ctx, 128); -} -void skein1024_160_init(skein1024_ctx_t* ctx){ - skein1024_init(ctx, 160); -} -void skein1024_224_init(skein1024_ctx_t* ctx){ - skein1024_init(ctx, 224); -} -void skein1024_256_init(skein1024_ctx_t* ctx){ - skein1024_init(ctx, 256); -} -void skein1024_384_init(skein1024_ctx_t* ctx){ - skein1024_init(ctx, 384); -} -void skein1024_512_init(skein1024_ctx_t* ctx){ - skein1024_init(ctx, 512); -} -void skein1024_1024_init(skein1024_ctx_t* ctx){ - skein1024_init(ctx, 1024); -} - -const hfdesc_t skein1024_128_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein1024_128_str, - sizeof(skein1024_ctx_t), - SKEIN1024_BLOCKSIZE, - 128, - (hf_init_fpt)skein1024_128_init, - (hf_nextBlock_fpt)skein1024_nextBlock, - (hf_lastBlock_fpt)skein1024_lastBlock, - (hf_ctx2hash_fpt)skein1024_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein1024_160_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein1024_160_str, - sizeof(skein1024_ctx_t), - SKEIN1024_BLOCKSIZE, - 160, - (hf_init_fpt)skein1024_160_init, - (hf_nextBlock_fpt)skein1024_nextBlock, - (hf_lastBlock_fpt)skein1024_lastBlock, - (hf_ctx2hash_fpt)skein1024_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein1024_224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein1024_224_str, - sizeof(skein1024_ctx_t), - SKEIN1024_BLOCKSIZE, - 224, - (hf_init_fpt)skein1024_224_init, - (hf_nextBlock_fpt)skein1024_nextBlock, - (hf_lastBlock_fpt)skein1024_lastBlock, - (hf_ctx2hash_fpt)skein1024_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein1024_256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein1024_256_str, - sizeof(skein1024_ctx_t), - SKEIN1024_BLOCKSIZE, - 256, - (hf_init_fpt)skein1024_256_init, - (hf_nextBlock_fpt)skein1024_nextBlock, - (hf_lastBlock_fpt)skein1024_lastBlock, - (hf_ctx2hash_fpt)skein1024_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein1024_384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein1024_384_str, - sizeof(skein1024_ctx_t), - SKEIN1024_BLOCKSIZE, - 384, - (hf_init_fpt)skein1024_384_init, - (hf_nextBlock_fpt)skein1024_nextBlock, - (hf_lastBlock_fpt)skein1024_lastBlock, - (hf_ctx2hash_fpt)skein1024_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein1024_512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein1024_512_str, - sizeof(skein1024_ctx_t), - SKEIN1024_BLOCKSIZE, - 512, - (hf_init_fpt)skein1024_512_init, - (hf_nextBlock_fpt)skein1024_nextBlock, - (hf_lastBlock_fpt)skein1024_lastBlock, - (hf_ctx2hash_fpt)skein1024_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein1024_1024_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein1024_1024_str, - sizeof(skein1024_ctx_t), - SKEIN1024_BLOCKSIZE, - 1024, - (hf_init_fpt)skein1024_1024_init, - (hf_nextBlock_fpt)skein1024_nextBlock, - (hf_lastBlock_fpt)skein1024_lastBlock, - (hf_ctx2hash_fpt)skein1024_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - diff --git a/hfal_skein1024.h b/hfal_skein1024.h deleted file mode 100644 index e2ce083..0000000 --- a/hfal_skein1024.h +++ /dev/null @@ -1,42 +0,0 @@ -/* hfal_skein1024.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_skein1024.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-03-13 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_SKEIN1024_H_ -#define HFAL_SKEIN1024_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t skein1024_128_desc; -extern const hfdesc_t skein1024_160_desc; -extern const hfdesc_t skein1024_224_desc; -extern const hfdesc_t skein1024_256_desc; -extern const hfdesc_t skein1024_384_desc; -extern const hfdesc_t skein1024_512_desc; -extern const hfdesc_t skein1024_1024_desc; - -#endif /* HFAL_SHA1024_H_ */ diff --git a/hfal_skein256.c b/hfal_skein256.c deleted file mode 100644 index c647e1e..0000000 --- a/hfal_skein256.c +++ /dev/null @@ -1,143 +0,0 @@ -/* hfal_skein256.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_skein256.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-03-13 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "skein.h" - - -static const char skein256_128_str[] PROGMEM = "Skein-256-128"; -static const char skein256_160_str[] PROGMEM = "Skein-256-160"; -static const char skein256_224_str[] PROGMEM = "Skein-256-224"; -static const char skein256_256_str[] PROGMEM = "Skein-256-256"; -static const char skein256_384_str[] PROGMEM = "Skein-256-384"; -static const char skein256_512_str[] PROGMEM = "Skein-256-512"; - -void skein256_128_init(skein256_ctx_t* ctx){ - skein256_init(ctx, 128); -} -void skein256_160_init(skein256_ctx_t* ctx){ - skein256_init(ctx, 160); -} -void skein256_224_init(skein256_ctx_t* ctx){ - skein256_init(ctx, 224); -} -void skein256_256_init(skein256_ctx_t* ctx){ - skein256_init(ctx, 256); -} -void skein256_384_init(skein256_ctx_t* ctx){ - skein256_init(ctx, 384); -} -void skein256_512_init(skein256_ctx_t* ctx){ - skein256_init(ctx, 512); -} - -const hfdesc_t skein256_128_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein256_128_str, - sizeof(skein256_ctx_t), - SKEIN256_BLOCKSIZE, - 128, - (hf_init_fpt)skein256_128_init, - (hf_nextBlock_fpt)skein256_nextBlock, - (hf_lastBlock_fpt)skein256_lastBlock, - (hf_ctx2hash_fpt)skein256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein256_160_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein256_160_str, - sizeof(skein256_ctx_t), - SKEIN256_BLOCKSIZE, - 160, - (hf_init_fpt)skein256_160_init, - (hf_nextBlock_fpt)skein256_nextBlock, - (hf_lastBlock_fpt)skein256_lastBlock, - (hf_ctx2hash_fpt)skein256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein256_224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein256_224_str, - sizeof(skein256_ctx_t), - SKEIN256_BLOCKSIZE, - 224, - (hf_init_fpt)skein256_224_init, - (hf_nextBlock_fpt)skein256_nextBlock, - (hf_lastBlock_fpt)skein256_lastBlock, - (hf_ctx2hash_fpt)skein256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein256_256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein256_256_str, - sizeof(skein256_ctx_t), - SKEIN256_BLOCKSIZE, - 256, - (hf_init_fpt)skein256_256_init, - (hf_nextBlock_fpt)skein256_nextBlock, - (hf_lastBlock_fpt)skein256_lastBlock, - (hf_ctx2hash_fpt)skein256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein256_384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein256_384_str, - sizeof(skein256_ctx_t), - SKEIN256_BLOCKSIZE, - 384, - (hf_init_fpt)skein256_384_init, - (hf_nextBlock_fpt)skein256_nextBlock, - (hf_lastBlock_fpt)skein256_lastBlock, - (hf_ctx2hash_fpt)skein256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein256_512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein256_512_str, - sizeof(skein256_ctx_t), - SKEIN256_BLOCKSIZE, - 512, - (hf_init_fpt)skein256_512_init, - (hf_nextBlock_fpt)skein256_nextBlock, - (hf_lastBlock_fpt)skein256_lastBlock, - (hf_ctx2hash_fpt)skein256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; diff --git a/hfal_skein256.h b/hfal_skein256.h deleted file mode 100644 index ae6cf3e..0000000 --- a/hfal_skein256.h +++ /dev/null @@ -1,41 +0,0 @@ -/* hfal_skein256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_skein256.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-03-13 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_SKEIN256_H_ -#define HFAL_SKEIN256_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t skein256_128_desc; -extern const hfdesc_t skein256_160_desc; -extern const hfdesc_t skein256_224_desc; -extern const hfdesc_t skein256_256_desc; -extern const hfdesc_t skein256_384_desc; -extern const hfdesc_t skein256_512_desc; - -#endif /* HFAL_SKEIN256_H_ */ diff --git a/hfal_skein512.c b/hfal_skein512.c deleted file mode 100644 index f78bc6f..0000000 --- a/hfal_skein512.c +++ /dev/null @@ -1,162 +0,0 @@ -/* hfal_skein512.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_skein512.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-03-13 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "skein.h" - - -static const char skein512_128_str[] PROGMEM = "Skein-512-128"; -static const char skein512_160_str[] PROGMEM = "Skein-512-160"; -static const char skein512_224_str[] PROGMEM = "Skein-512-224"; -static const char skein512_256_str[] PROGMEM = "Skein-512-256"; -static const char skein512_384_str[] PROGMEM = "Skein-512-384"; -static const char skein512_512_str[] PROGMEM = "Skein-512-512"; -static const char skein512_1024_str[] PROGMEM = "Skein-512-1024"; - -void skein512_128_init(skein512_ctx_t* ctx){ - skein512_init(ctx, 128); -} -void skein512_160_init(skein512_ctx_t* ctx){ - skein512_init(ctx, 160); -} -void skein512_224_init(skein512_ctx_t* ctx){ - skein512_init(ctx, 224); -} -void skein512_256_init(skein512_ctx_t* ctx){ - skein512_init(ctx, 256); -} -void skein512_384_init(skein512_ctx_t* ctx){ - skein512_init(ctx, 384); -} -void skein512_512_init(skein512_ctx_t* ctx){ - skein512_init(ctx, 512); -} -void skein512_1024_init(skein512_ctx_t* ctx){ - skein512_init(ctx, 1024); -} - -const hfdesc_t skein512_128_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein512_128_str, - sizeof(skein512_ctx_t), - SKEIN512_BLOCKSIZE, - 128, - (hf_init_fpt)skein512_128_init, - (hf_nextBlock_fpt)skein512_nextBlock, - (hf_lastBlock_fpt)skein512_lastBlock, - (hf_ctx2hash_fpt)skein512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein512_160_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein512_160_str, - sizeof(skein512_ctx_t), - SKEIN512_BLOCKSIZE, - 160, - (hf_init_fpt)skein512_160_init, - (hf_nextBlock_fpt)skein512_nextBlock, - (hf_lastBlock_fpt)skein512_lastBlock, - (hf_ctx2hash_fpt)skein512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein512_224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein512_224_str, - sizeof(skein512_ctx_t), - SKEIN512_BLOCKSIZE, - 224, - (hf_init_fpt)skein512_224_init, - (hf_nextBlock_fpt)skein512_nextBlock, - (hf_lastBlock_fpt)skein512_lastBlock, - (hf_ctx2hash_fpt)skein512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein512_256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein512_256_str, - sizeof(skein512_ctx_t), - SKEIN512_BLOCKSIZE, - 256, - (hf_init_fpt)skein512_256_init, - (hf_nextBlock_fpt)skein512_nextBlock, - (hf_lastBlock_fpt)skein512_lastBlock, - (hf_ctx2hash_fpt)skein512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein512_384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein512_384_str, - sizeof(skein512_ctx_t), - SKEIN512_BLOCKSIZE, - 384, - (hf_init_fpt)skein512_384_init, - (hf_nextBlock_fpt)skein512_nextBlock, - (hf_lastBlock_fpt)skein512_lastBlock, - (hf_ctx2hash_fpt)skein512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein512_512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein512_512_str, - sizeof(skein512_ctx_t), - SKEIN512_BLOCKSIZE, - 512, - (hf_init_fpt)skein512_512_init, - (hf_nextBlock_fpt)skein512_nextBlock, - (hf_lastBlock_fpt)skein512_lastBlock, - (hf_ctx2hash_fpt)skein512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; -const hfdesc_t skein512_1024_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - skein512_1024_str, - sizeof(skein512_ctx_t), - SKEIN512_BLOCKSIZE, - 1024, - (hf_init_fpt)skein512_1024_init, - (hf_nextBlock_fpt)skein512_nextBlock, - (hf_lastBlock_fpt)skein512_lastBlock, - (hf_ctx2hash_fpt)skein512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)NULL -}; - diff --git a/hfal_skein512.h b/hfal_skein512.h deleted file mode 100644 index 52fe48f..0000000 --- a/hfal_skein512.h +++ /dev/null @@ -1,42 +0,0 @@ -/* hfal_skein512.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_skein512.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-03-13 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_SKEIN512_H_ -#define HFAL_SKEIN512_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t skein512_128_desc; -extern const hfdesc_t skein512_160_desc; -extern const hfdesc_t skein512_224_desc; -extern const hfdesc_t skein512_256_desc; -extern const hfdesc_t skein512_384_desc; -extern const hfdesc_t skein512_512_desc; -extern const hfdesc_t skein512_1024_desc; - -#endif /* HFAL_SHA512_H_ */ diff --git a/hfal_twister224.c b/hfal_twister224.c deleted file mode 100644 index e533c40..0000000 --- a/hfal_twister224.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal_twister224.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister224.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-04 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "twister-small.h" - -static const char twister224_str[] PROGMEM = "Twister-224"; - -const hfdesc_t twister224_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - twister224_str, - sizeof(twister224_ctx_t), - 512, - 224, - (hf_init_fpt)twister224_init, - (hf_nextBlock_fpt)twister224_nextBlock, - (hf_lastBlock_fpt)twister224_lastBlock, - (hf_ctx2hash_fpt)twister224_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)twister224 -}; - diff --git a/hfal_twister224.h b/hfal_twister224.h deleted file mode 100644 index 87926e2..0000000 --- a/hfal_twister224.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal_twister224.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister224.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_TWISTER224_H_ -#define HFAL_TWISTER224_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t twister224_desc; - -#endif /* HFAL_TWISTER224_H_ */ diff --git a/hfal_twister256.c b/hfal_twister256.c deleted file mode 100644 index 0507be3..0000000 --- a/hfal_twister256.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal_twister256.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister256.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "twister-small.h" - -static const char twister256_str[] PROGMEM = "Twister-256"; - -const hfdesc_t twister256_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - twister256_str, - sizeof(twister256_ctx_t), - 512, - 256, - (hf_init_fpt)twister256_init, - (hf_nextBlock_fpt)twister256_nextBlock, - (hf_lastBlock_fpt)twister256_lastBlock, - (hf_ctx2hash_fpt)twister256_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)twister256 -}; - diff --git a/hfal_twister256.h b/hfal_twister256.h deleted file mode 100644 index 3c01faa..0000000 --- a/hfal_twister256.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal_twister256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister256.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_TWISTER256_H_ -#define HFAL_TWISTER256_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t twister256_desc; - -#endif /* HFAL_TWISTER256_H_ */ diff --git a/hfal_twister384.c b/hfal_twister384.c deleted file mode 100644 index 888078e..0000000 --- a/hfal_twister384.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal_twister384.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister384.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "twister-large.h" - -static const char twister384_str[] PROGMEM = "Twister-384"; - -const hfdesc_t twister384_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - twister384_str, - sizeof(twister384_ctx_t), - 512, - 384, - (hf_init_fpt)twister384_init, - (hf_nextBlock_fpt)twister384_nextBlock, - (hf_lastBlock_fpt)twister384_lastBlock, - (hf_ctx2hash_fpt)twister384_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)twister384 -}; - diff --git a/hfal_twister384.h b/hfal_twister384.h deleted file mode 100644 index 93c42cf..0000000 --- a/hfal_twister384.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal_twister384.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister384.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_TWISTER384_H_ -#define HFAL_TWISTER384_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t twister384_desc; - -#endif /* HFAL_TWISTER384_H_ */ diff --git a/hfal_twister512.c b/hfal_twister512.c deleted file mode 100644 index 4f6e7b0..0000000 --- a/hfal_twister512.c +++ /dev/null @@ -1,49 +0,0 @@ -/* hfal_twister512.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister512.c - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#include -#include -#include "hashfunction_descriptor.h" -#include "twister-large.h" - -static const char twister512_str[] PROGMEM = "Twister-512"; - -const hfdesc_t twister512_desc PROGMEM = { - HFDESC_TYPE_HASHFUNCTION, - 0, - twister512_str, - sizeof(twister512_ctx_t), - 512, - 512, - (hf_init_fpt)twister512_init, - (hf_nextBlock_fpt)twister512_nextBlock, - (hf_lastBlock_fpt)twister512_lastBlock, - (hf_ctx2hash_fpt)twister512_ctx2hash, - (hf_free_fpt)NULL, - (hf_mem_fpt)twister512 -}; - diff --git a/hfal_twister512.h b/hfal_twister512.h deleted file mode 100644 index 937c3d8..0000000 --- a/hfal_twister512.h +++ /dev/null @@ -1,36 +0,0 @@ -/* hfal_twister512.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file hfal_twister512.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-02-09 - * \license GPLv3 or later - * - */ - -#ifndef HFAL_TWISTER512_H_ -#define HFAL_TWISTER512_H_ - -#include -#include "hashfunction_descriptor.h" - -extern const hfdesc_t twister512_desc; - -#endif /* HFAL_TWISTER512_H_ */ diff --git a/hmac-md5/base64_dec.c b/hmac-md5/base64_dec.c deleted file mode 100644 index f057f54..0000000 --- a/hmac-md5/base64_dec.c +++ /dev/null @@ -1,246 +0,0 @@ -/* base64_dec.c */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -/** - * base64 decoder (RFC3548) - * Author: Daniel Otte - * License: GPLv3 - * - * - */ - -#include -#include "base64_dec.h" - -#include "test_src/cli.h" - -/* - #define USE_GCC_EXTENSION -*/ -#if 1 - -#ifdef USE_GCC_EXTENSION - -static -int ascii2bit6(char a){ - switch(a){ - case 'A'...'Z': - return a-'A'; - case 'a'...'z': - return a-'a'+26; - case '0'...'9': - return a-'0'+52; - case '+': - case '-': - return 62; - case '/': - case '_': - return 63; - default: - return -1; - } -} - -#else - -static -uint8_t ascii2bit6(char a){ - int r; - switch(a>>4){ - case 0x5: - case 0x4: - r=a-'A'; - if(r<0 || r>25){ - return -1; - } else { - return r; - } - case 0x7: - case 0x6: - r=a-'a'; - if(r<0 || r>25){ - return -1; - } else { - return r+26; - } - break; - case 0x3: - if(a>'9') - return -1; - return a-'0'+52; - default: - break; - } - switch (a){ - case '+': - case '-': - return 62; - case '/': - case '_': - return 63; - default: - return 0xff; - } -} - -#endif - -#else - -static -uint8_t ascii2bit6(uint8_t a){ - if(a>='A' && a<='Z'){ - return a-'A'; - } else { - if(a>='a' && a<= 'z'){ - return a-'a'+26; - } else { - if(a>='0' && a<='9'){ - return a-'0'+52; - } else { - if(a=='+' || a=='-'){ - return 62; - } else { - if(a=='/' || a=='_'){ - return 63; - } else { - return 0xff; - } - } - } - } - } -} - -#endif - -int base64_binlength(char* str, uint8_t strict){ - int l=0; - uint8_t term=0; - for(;;){ - if(*str=='\0') - break; - if(*str=='\n' || *str=='\r'){ - str++; - continue; - } - if(*str=='='){ - term++; - str++; - if(term==2){ - break; - } - continue; - } - if(term) - return -1; - if(ascii2bit6(*str)==-1){ - if(strict) - return -1; - } else { - l++; - } - str++; - } - switch(term){ - case 0: - if(l%4!=0) - return -1; - return l/4*3; - case 1: - if(l%4!=3) - return -1; - return (l+1)/4*3-1; - case 2: - if(l%4!=2) - return -1; - return (l+2)/4*3-2; - default: - return -1; - } -} - -/* - |543210543210543210543210| - |765432107654321076543210| - - . . . . - |54321054|32105432|10543210| - |76543210|76543210|76543210| - -*/ - -int base64dec(void* dest, char* b64str, uint8_t strict){ - uint8_t buffer[4]; - uint8_t idx=0; - uint8_t term=0; - for(;;){ -// cli_putstr_P(PSTR("\r\n DBG: got 0x")); -// cli_hexdump(b64str, 1); - buffer[idx]= ascii2bit6(*b64str); -// cli_putstr_P(PSTR(" --> 0x")); -// cli_hexdump(buffer+idx, 1); - - if(buffer[idx]==0xFF){ - if(*b64str=='='){ - term++; - b64str++; - if(term==2) - goto finalize; /* definitly the end */ - }else{ - if(*b64str == '\0'){ - goto finalize; /* definitly the end */ - }else{ - if(*b64str == '\r' || *b64str == '\n' || !(strict)){ - b64str++; /* charcters that we simply ignore */ - }else{ - return -1; - } - } - } - }else{ - if(term) - return -1; /* this happens if we get a '=' in the stream */ - idx++; - b64str++; - } - if(idx==4){ - ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4; - ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2; - ((uint8_t*)dest)[2] = buffer[2]<<6 | buffer[3]; - dest = (uint8_t*)dest +3; - idx=0; - } - } - finalize: - /* the final touch */ - if(idx==0) - return 0; - if(term==1){ - ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4; - ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2; - return 0; - } - if(term==2){ - ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4; - return 0; - } - return -1; -} diff --git a/hmac-md5/base64_dec.h b/hmac-md5/base64_dec.h deleted file mode 100644 index 39beff8..0000000 --- a/hmac-md5/base64_dec.h +++ /dev/null @@ -1,29 +0,0 @@ -/* base64_dec.h */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -#ifndef BASE64_DEC_H_ -#define BASE64_DEC_H_ - -#include - -int base64_binlength(char* str, uint8_t strict); -int base64dec(void* dest, char* b64str, uint8_t strict); - -#endif /*BASE64_DEC_H_*/ diff --git a/hmac-md5/base64_enc.c b/hmac-md5/base64_enc.c deleted file mode 100644 index 400f25c..0000000 --- a/hmac-md5/base64_enc.c +++ /dev/null @@ -1,117 +0,0 @@ -/* base64_enc.c */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -/** - * base64 encoder (RFC3548) - * Author: Daniel Otte - * License: GPLv3 - * - * - */ - -#include -#include "base64_enc.h" - -#if 1 -#include - -char base64_alphabet[64] PROGMEM = { - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', - 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', - 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', - 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', - 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', - 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', - 'w', 'x', 'y', 'z', '0', '1', '2', '3', - '4', '5', '6', '7', '8', '9', '+', '/' }; - -static -char bit6toAscii(uint8_t a){ - a &= (uint8_t)0x3F; - return pgm_read_byte(base64_alphabet+a); -} - -#else - -static -char bit6toAscii(uint8_t a){ - a &= (uint8_t)0x3F; - - if(a<=25){ - return a+'A'; - } else { - if(a<=51){ - return a-26+'a'; - } else { - if(a<=61){ - return a-52+'0'; - } else { - if(a==62){ - return '+'; - } else { - return '/'; /* a == 63 */ - } - } - } - } -} - -#endif - -void base64enc(char* dest, void* src, uint16_t length){ - uint16_t i,j; - uint8_t a[4]; - for(i=0; i>2; - a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F; - a[2]= (((((uint8_t*)src)[i*3+1])<<2) | ((((uint8_t*)src)[i*3+2])>>6)) & 0x3F; - a[3]= (((uint8_t*)src)[i*3+2]) & 0x3F; - for(j=0; j<4; ++j){ - *dest++=bit6toAscii(a[j]); - } - } - /* now we do the rest */ - switch(length%3){ - case 0: - break; - case 1: - a[0]=(((uint8_t*)src)[i*3+0])>>2; - a[1]=((((uint8_t*)src)[i*3+0])<<4)&0x3F; - *dest++ = bit6toAscii(a[0]); - *dest++ = bit6toAscii(a[1]); - *dest++ = '='; - *dest++ = '='; - break; - case 2: - a[0]= (((uint8_t*)src)[i*3+0])>>2; - a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F; - a[2]= ((((uint8_t*)src)[i*3+1])<<2) & 0x3F; - *dest++ = bit6toAscii(a[0]); - *dest++ = bit6toAscii(a[1]); - *dest++ = bit6toAscii(a[2]); - *dest++ = '='; - break; - default: /* this will not happen! */ - break; - } -/* finalize: */ - *dest='\0'; -} - diff --git a/hmac-md5/base64_enc.h b/hmac-md5/base64_enc.h deleted file mode 100644 index 9065132..0000000 --- a/hmac-md5/base64_enc.h +++ /dev/null @@ -1,28 +0,0 @@ -/* base64_enc.h */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -#ifndef BASE64_ENC_H_ -#define BASE64_ENC_H_ - -#include - -void base64enc(char* dest, void* src, uint16_t length); - -#endif /*BASE64_ENC_H_*/ diff --git a/hmac-md5/hmac-md5.c b/hmac-md5/hmac-md5.c index d72dca9..241ebcf 100644 --- a/hmac-md5/hmac-md5.c +++ b/hmac-md5/hmac-md5.c @@ -31,7 +31,7 @@ #include #include #include "config.h" -#include "md5.h" +#include "md5/md5.h" #include "hmac-md5.h" #define IPAD 0x36 diff --git a/hmac-md5/hmac-md5.h b/hmac-md5/hmac-md5.h index 5bbaeb9..6bd8e12 100644 --- a/hmac-md5/hmac-md5.h +++ b/hmac-md5/hmac-md5.h @@ -19,7 +19,7 @@ #ifndef HMACMD5_H_ #define HMACMD5_H_ -#include "md5.h" +#include "md5/md5.h" #define HMAC_MD5_BITS MD5_HASH_BITS #define HMAC_MD5_BYTES MD5_HASH_BYTES diff --git a/hmac-md5/md5-asm.S b/hmac-md5/md5-asm.S deleted file mode 100644 index de3b170..0000000 --- a/hmac-md5/md5-asm.S +++ /dev/null @@ -1,977 +0,0 @@ -/* md5-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * License: GPLv3 or later - * Date: 2008-11-15 -*/ - - -#include "avr-asm-macros.S" - -;########################################################### -; S-BOX - -T_table: -.hword 0xa478, 0xd76a, 0xb756, 0xe8c7, 0x70db, 0x2420, 0xceee, 0xc1bd, 0x0faf, 0xf57c -.hword 0xc62a, 0x4787, 0x4613, 0xa830, 0x9501, 0xfd46, 0x98d8, 0x6980, 0xf7af, 0x8b44 -.hword 0x5bb1, 0xffff, 0xd7be, 0x895c, 0x1122, 0x6b90, 0x7193, 0xfd98, 0x438e, 0xa679 -.hword 0x0821, 0x49b4, 0x2562, 0xf61e, 0xb340, 0xc040, 0x5a51, 0x265e, 0xc7aa, 0xe9b6 -.hword 0x105d, 0xd62f, 0x1453, 0x0244, 0xe681, 0xd8a1, 0xfbc8, 0xe7d3, 0xcde6, 0x21e1 -.hword 0x07d6, 0xc337, 0x0d87, 0xf4d5, 0x14ed, 0x455a, 0xe905, 0xa9e3, 0xa3f8, 0xfcef -.hword 0x02d9, 0x676f, 0x4c8a, 0x8d2a, 0x3942, 0xfffa, 0xf681, 0x8771, 0x6122, 0x6d9d -.hword 0x380c, 0xfde5, 0xea44, 0xa4be, 0xcfa9, 0x4bde, 0x4b60, 0xf6bb, 0xbc70, 0xbebf -.hword 0x7ec6, 0x289b, 0x27fa, 0xeaa1, 0x3085, 0xd4ef, 0x1d05, 0x0488, 0xd039, 0xd9d4 -.hword 0x99e5, 0xe6db, 0x7cf8, 0x1fa2, 0x5665, 0xc4ac, 0x2244, 0xf429, 0xff97, 0x432a -.hword 0x23a7, 0xab94, 0xa039, 0xfc93, 0x59c3, 0x655b, 0xcc92, 0x8f0c, 0xf47d, 0xffef -.hword 0x5dd1, 0x8584, 0x7e4f, 0x6fa8, 0xe6e0, 0xfe2c, 0x4314, 0xa301, 0x11a1, 0x4e08 -.hword 0x7e82, 0xf753, 0xf235, 0xbd3a, 0xd2bb, 0x2ad7, 0xd391, 0xeb86 - - -#define MD5_init_fast - -.global md5_init -#ifndef MD5_init_fast -;########################################################### -;void md5_init(md5_ctx_t *state) -; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram -; modifys: Z(r30,r31), X(r25,r26) -; size = 9+5*4 WORDS = 29 WORDS = 58 Bytes -md5_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8(md5_init_vector) - ldi r31, hi8(md5_init_vector) - ldi r24, 16+4 -md5_init_vloop: - lpm r0, Z+ - st X+, r0 - dec r24 - brne md5_init_vloop - ret - -md5_init_vector: -.hword 0x2301, 0x6745 -.hword 0xAB89, 0xEFCD -.hword 0xDCFE, 0x98BA -.hword 0x5476, 0x1032 -.hword 0x0000, 0x0000 - -#else -;########################################################### -.global md5_init_fast -;void md5_init(md5_ctx_t *state) -; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram -; modifys: r23, r22 -; cycles = 1+16*3+4*2+4 = 1+48+12 = 61 -; size = 1+16*2+4+1 WORDS = 38 WORDS = 76 Bytes -md5_init: -md5_init_fast: - movw r26, r24 - ldi r24, 0x01 - st X+, r24 - ldi r24, 0x23 - st X+, r24 - ldi r24, 0x45 - st X+, r24 - ldi r24, 0x67 - st X+, r24 - ldi r24, 0x89 - st X+, r24 - ldi r24, 0xAB - st X+, r24 - ldi r24, 0xCD - st X+, r24 - ldi r24, 0xEF - st X+, r24 - ldi r24, 0xFE - st X+, r24 - ldi r24, 0xDC - st X+, r24 - ldi r24, 0xBA - st X+, r24 - ldi r24, 0x98 - st X+, r24 - ldi r24, 0x76 - st X+, r24 - ldi r24, 0x54 - st X+, r24 - ldi r24, 0x32 - st X+, r24 - ldi r24, 0x10 - st X+, r24 - st X+, r1 - st X+, r1 - st X+, r1 - st X+, r1 - ret -#endif -;########################################################### - -/* -static -uint32_t md5_F(uint32_t x, uint32_t y, uint32_t z){ - return ((x&y)|((~x)&z)); -} -*/ -; x: r22-r25 -; y: r18-r21 -; z: r14-r17 -md5_F: - and r18, r22 - and r19, r23 - and r20, r24 - and r21, r25 - com r22 - com r23 - com r24 - com r25 - and r22, r14 - and r23, r15 - and r24, r16 - and r25, r17 - or r22, r18 - or r23, r19 - or r24, r20 - or r25, r21 - rjmp md5_core_F_exit - -/* -static -uint32_t md5_G(uint32_t x, uint32_t y, uint32_t z){ - return ((x&z)|((~z)&y)); -} -*/ - -; x: r22-r25 -; y: r18-r21 -; z: r14-r17 -md5_G: - and r22, r14 - and r23, r15 - and r24, r16 - and r25, r17 - com r14 - com r15 - com r16 - com r17 - and r18, r14 - and r19, r15 - and r20, r16 - and r21, r17 - or r22, r18 - or r23, r19 - or r24, r20 - or r25, r21 - rjmp md5_core_F_exit -/* -static -uint32_t md5_H(uint32_t x, uint32_t y, uint32_t z){ - return (x^y^z); -} -*/ -; x: r22-r25 -; y: r18-r21 -; z: r14-r17 -md5_H: - eor r22, r18 - eor r22, r14 - eor r23, r19 - eor r23, r15 - eor r24, r20 - eor r24, r16 - eor r25, r21 - eor r25, r17 - rjmp md5_core_F_exit -/* -static -uint32_t md5_I(uint32_t x, uint32_t y, uint32_t z){ - return (y ^ (x | (~z))); -} -*/ - -jump_table: - rjmp md5_F - rjmp md5_G - rjmp md5_H -; rjmp md5_I - -; x: r22-r25 -; y: r18-r21 -; z: r14-r17 -md5_I: - com r14 - com r15 - com r16 - com r17 - or r22, r14 - or r23, r15 - or r24, r16 - or r25, r17 - eor r22, r18 - eor r23, r19 - eor r24, r20 - eor r25, r21 - rjmp md5_core_F_exit - -as_table: -; (as+0)&3 (as+3)&3 (as+1)&3 (as+2)&3 -; Z X Y -; AS_SAVE0 AS_SAVE1 AS_SAVE2 AS_SAVE3 -.byte 1*4, 0*4, 2*4, 3*4 ;as=1 -.byte 2*4, 1*4, 3*4, 0*4 ;as=2 -.byte 3*4, 2*4, 0*4, 1*4 ;as=3 -.byte 0*4, 3*4, 1*4, 2*4 ;as=4 - -;########################################################### -.global md5_core -md5_core: - mov r21, r20 - mov r20, r18 - mov r19, r16 - mov r18, r14 -; rjmp md5_core_asm -/* -void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi){ - uint32_t t; - md5_func_t* funcs[]={md5_F, md5_G, md5_H, md5_I}; - as &= 0x3; - / * a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). * / - t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + *((uint32_t*)block) + md5_T[i] ; - a[as]=a[(as+1)&3] + ROTL32(t, s); -} -*/ -; a: r24-r25 -; block: r22-r23 -; as: r21 -; s: r20 -; i: r19 -; fi: r18 -P_A0 = 24 -P_A1 = 25 -P_B0 = 22 -P_B1 = 23 -P_AS = 21 -P_S = 20 -P_I = 19 -P_FI = 18 - -; x: r22-r25 -; y: r18-r21 -; z: r14-r17 - - -AS_SAVE0 = 4 -AS_SAVE1 = 5 -AS_SAVE2 = 6 -AS_SAVE3 = 7 -FI_SAVE = 8 -S_SAVE = 9 -ACCU0 = 10 -ACCU1 = 11 -ACCU2 = 12 -ACCU3 = 13 -ARG_X0 = 22 -ARG_X1 = 23 -ARG_X2 = 24 -ARG_X3 = 25 -ARG_Y0 = 18 -ARG_Y1 = 19 -ARG_Y2 = 20 -ARG_Y3 = 21 -ARG_Z0 = 14 -ARG_Z1 = 15 -ARG_Z2 = 16 -ARG_Z3 = 17 - - -md5_core_asm: - push r16 - push r17 - push_range 4, 8 - ldi r30, lo8(T_table) - ldi r31, hi8(T_table) - lsl P_I - rol r1 - lsl P_I - rol r1 - add r30, P_I - adc r31, r1 - clr r1 - mov FI_SAVE, r18 - /* loading T[i] into ACCU */ - lpm ACCU0, Z+ - lpm ACCU1, Z+ - lpm ACCU2, Z+ - lpm ACCU3, Z - /* add *block to ACCU */ - movw r30, P_B0 - ld r0, Z+ - add ACCU0, r0 - ld r0, Z+ - adc ACCU1, r0 - ld r0, Z+ - adc ACCU2, r0 - ld r0, Z+ - adc ACCU3, r0 - /* add a[as+0&3] to ACCU */ - ldi r30, lo8(as_table) - ldi r31, hi8(as_table) - dec P_AS - andi P_AS, 0x03 - lsl P_AS - lsl P_AS - add r30, r21 - adc r31, r1 ; Z points to the correct row in as_table - lpm AS_SAVE0, Z+ - lpm AS_SAVE1, Z+ - lpm AS_SAVE2, Z+ - lpm AS_SAVE3, Z - movw r26, r24 ; X points to a[0] - add r26, AS_SAVE0 - adc r27, r1 ; X points at a[as&3] - ld r0, X+ - add ACCU0, r0 - ld r0, X+ - adc ACCU1, r0 - ld r0, X+ - adc ACCU2, r0 - ld r0, X+ - adc ACCU3, r0 - mov S_SAVE, r20 - - movw r28, r24 - /* loading z value */ - movw r26, r28 - add r26, AS_SAVE1 - adc r27, r1 - ld ARG_Z0, X+ - ld ARG_Z1, X+ - ld ARG_Z2, X+ - ld ARG_Z3, X - - /* loading x value */ - movw r26, r28 - add r26, AS_SAVE2 - adc r27, r1 - ld ARG_X0, X+ - ld ARG_X1, X+ - ld ARG_X2, X+ - ld ARG_X3, X - - /* loading y value */ - movw r26, r28 - add r26, AS_SAVE3 - adc r27, r1 - ldi r30, pm_lo8(jump_table) - ldi r31, pm_hi8(jump_table) - add r30, FI_SAVE - adc r31, r1 ; Z points to the correct entry in our jump table - ld ARG_Y0, X+ - ld ARG_Y1, X+ - ld ARG_Y2, X+ - ld ARG_Y3, X - - ijmp /* calls the function pointed by Z */ -md5_core_F_exit: - - /* add ACCU to result of f() */ - add r22, ACCU0 - adc r23, ACCU1 - adc r24, ACCU2 - adc r25, ACCU3 - - /* rotate */ - mov r20, S_SAVE -rotl32: - cpi r20, 8 - brlo bitrotl - mov r21, r25 - mov r25, r24 - mov r24, r23 - mov r23, r22 - mov r22, r21 - subi r20, 8 - rjmp rotl32 -bitrotl: - mov r21, r25 -bitrotl_loop: - tst r20 - breq fixrotl -bitrotl_loop2: - lsl r21 - rol r22 - rol r23 - rol r24 - rol r25 - dec r20 - brne bitrotl_loop2 -fixrotl: - - /* add a[(as+1)&3] */ - movw r26, r28 - add r26, AS_SAVE2 - adc r27, r1 - ld r0, X+ - add r22, r0 - ld r0, X+ - adc r23, r0 - ld r0, X+ - adc r24, r0 - ld r0, X - adc r25, r0 - - /* store result */ - movw r26, r28 - add r26, AS_SAVE0 - adc r27, r1 - st X+, r22 - st X+, r23 - st X+, r24 - st X , r25 -md5_core_exit: - pop_range 4, 8 - pop r17 - pop r16 - ret - -;################################################################### -/* -void md5_nextBlock(md5_ctx_t *state, void* block){ - uint32_t a[4]; - uint8_t m,n,i=0; - - a[0]=state->a[0]; - a[1]=state->a[1]; - a[2]=state->a[2]; - a[3]=state->a[3]; - - / * round 1 * / - uint8_t s1t[]={7,12,17,22}; // 1,-1 1,4 2,-1 3,-2 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[m*4+n]), 4-n, s1t[n],i++,0); - } - } - / * round 2 * / - uint8_t s2t[]={5,9,14,20}; // 1,-3 1,1 2,-2 2,4 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[(1+m*4+n*5)&0xf]), 4-n, s2t[n],i++,1); - } - } - / * round 3 * / - uint8_t s3t[]={4,11,16,23}; // 0,4 1,3 2,0 3,-1 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[(5-m*4+n*3)&0xf]), 4-n, s3t[n],i++,2); - } - } - / * round 4 * / - uint8_t s4t[]={6,10,15,21}; // 1,-2 1,2 2,-1 3,-3 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[(0-m*4+n*7)&0xf]), 4-n, s4t[n],i++,3); - } - } - state->a[0] += a[0]; - state->a[1] += a[1]; - state->a[2] += a[2]; - state->a[3] += a[3]; - state->counter++; -} -*/ - -shift_table_1: .byte 7,12,17,22 -shift_table_2: .byte 5, 9,14,20 -shift_table_3: .byte 4,11,16,23 -shift_table_4: .byte 6,10,15,21 - -index_table_r2: -;(1+m*4+n*5)&0xf: - .byte 0x04, 0x18, 0x2c, 0x00 - .byte 0x14, 0x28, 0x3c, 0x10 - .byte 0x24, 0x38, 0x0c, 0x20 - .byte 0x34, 0x08, 0x1c, 0x30 - -index_table_r3: -;(5-m*4+n*3)&0xf: - .byte 0x14, 0x20, 0x2c, 0x38 - .byte 0x04, 0x10, 0x1c, 0x28 - .byte 0x34, 0x00, 0x0c, 0x18 - .byte 0x24, 0x30, 0x3c, 0x08 - -index_table_r4: -;(0-m*4+n*7)&0xf: - .byte 0x00, 0x1c, 0x38, 0x14 - .byte 0x30, 0x0c, 0x28, 0x04 - .byte 0x20, 0x3c, 0x18, 0x34 - .byte 0x10, 0x2c, 0x08, 0x24 - -APTR_REG = 2 -BPTR_REG = 4 -N_REG = 6 -M_REG = 7 -I_REG = 8 -.global md5_nextBlock -md5_nextBlock: - stack_alloc 16 - push_range 2, 17 - push r28 - push r29 - push r24 - push r25 - adiw r30, 1 /* Z now points to the beginning of the allocated memory */ - movw r2, r30 - movw r4, r22 - movw r26, r24 - ldi r20, 16 -1: - ld r0, X+ - st Z+, r0 - dec r20 - brne 1b - /* state now copied to stack memory */ - clr I_REG - /* Round 1 */ - clr M_REG - ldi r17, 4 -1: - clr N_REG - ldi r16, 4 -2: - movw r24, APTR_REG - movw r22, BPTR_REG - mov r0, M_REG - lsl r0 - lsl r0 - add r0, N_REG - lsl r0 - lsl r0 - add r22, r0 - adc r23, r1 - mov r21, r16 - ldi r30, lo8(shift_table_1) - ldi r31, hi8(shift_table_1) - add r30, N_REG - adc r31, r1 - lpm r20, Z - mov r19, I_REG - ldi r18, 0 - rcall md5_core_asm - inc I_REG - inc N_REG - dec r16 - brne 2b - inc M_REG - dec r17 - brne 1b - - /* Round 2 */ - clr M_REG - ldi r17, 4 -1: - clr N_REG - ldi r16, 4 -2: - movw r24, APTR_REG - movw r22, BPTR_REG - ldi r30, lo8(index_table_r2) - ldi r31, hi8(index_table_r2) - mov r0, M_REG - lsl r0 - lsl r0 - add r0, N_REG - add r30, r0 - adc r31, r1 - lpm r0, Z - add r22, r0 - adc r23, r1 - mov r21, r16 - ldi r30, lo8(shift_table_2) - ldi r31, hi8(shift_table_2) - add r30, N_REG - adc r31, r1 - lpm r20, Z - mov r19, I_REG - ldi r18, 1 - rcall md5_core_asm - inc I_REG - inc N_REG - dec r16 - brne 2b - inc M_REG - dec r17 - brne 1b - - /* Round 3 */ - clr M_REG - ldi r17, 4 -1: - clr N_REG - ldi r16, 4 -2: - movw r24, APTR_REG - movw r22, BPTR_REG - ldi r30, lo8(index_table_r3) - ldi r31, hi8(index_table_r3) - mov r0, M_REG - lsl r0 - lsl r0 - add r0, N_REG - add r30, r0 - adc r31, r1 - lpm r0, Z - add r22, r0 - adc r23, r1 - mov r21, r16 - ldi r30, lo8(shift_table_3) - ldi r31, hi8(shift_table_3) - add r30, N_REG - adc r31, r1 - lpm r20, Z - mov r19, I_REG - ldi r18, 2 - rcall md5_core_asm - inc I_REG - inc N_REG - dec r16 - brne 2b - inc M_REG - dec r17 - brne 1b - - /* Round 4 */ - clr M_REG - ldi r17, 4 -1: - clr N_REG - ldi r16, 4 -2: - movw r24, APTR_REG - movw r22, BPTR_REG - ldi r30, lo8(index_table_r4) - ldi r31, hi8(index_table_r4) - mov r0, M_REG - lsl r0 - lsl r0 - add r0, N_REG - add r30, r0 - adc r31, r1 - lpm r0, Z - add r22, r0 - adc r23, r1 - mov r21, r16 - ldi r30, lo8(shift_table_4) - ldi r31, hi8(shift_table_4) - add r30, N_REG - adc r31, r1 - lpm r20, Z - mov r19, I_REG - ldi r18, 3 - rcall md5_core_asm - inc I_REG - inc N_REG - dec r16 - brne 2b - inc M_REG - dec r17 - brne 1b - - - pop r27 - pop r26 /* X now points to the context */ - movw r30, APTR_REG - ldi r16, 4 -1: - ld r0, X - ld r2, Z+ - add r0, r2 - st X+, r0 - ld r0, X - ld r2, Z+ - adc r0, r2 - st X+, r0 - ld r0, X - ld r2, Z+ - adc r0, r2 - st X+, r0 - ld r0, X - ld r2, Z+ - adc r0, r2 - st X+, r0 - dec r16 - brne 1b - - ld r0, X - inc r0 - st X+, r0 - brne 2f - ld r0, X - inc r0 - st X+, r0 - brne 2f - ld r0, X - inc r0 - st X+, r0 - brne 2f - ld r0, X - inc r0 - st X+, r0 -2: - - pop r29 - pop r28 - pop_range 2, 17 - stack_free 16 - ret - -;############################################################################### -/* -void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){ - uint16_t l; - uint8_t b[64]; - while (length_b >= 512){ - md5_nextBlock(state, block); - length_b -= 512; - block = ((uint8_t*)block) + 512/8; - } - memset(b, 0, 64); - memcpy(b, block, length_b/8); - / * insert padding one * / - l=length_b/8; - if(length_b%8){ - uint8_t t; - t = ((uint8_t*)block)[l]; - t |= (0x80>>(length_b%8)); - b[l]=t; - }else{ - b[l]=0x80; - } - / * insert length value * / - if(l+sizeof(uint64_t) >= 512/8){ - md5_nextBlock(state, b); - state->counter--; - memset(b, 0, 64-8); - } - *((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b; - md5_nextBlock(state, b); -} -*/ -; state_ptr : r24,r25 -; block_ptr : r22,r23 -; length_b : r20,r21 -.global md5_lastBlock -md5_lastBlock: - stack_alloc_large 64 - push_range 12, 17 - push r30 - push r31 - movw r16, r20 /* length_b */ - movw r14, r22 /* block_ptr */ - movw r12, r24 /* state_ptr */ - ldi r18, 64 -2: - cpi r17, 2 /* hi8(512) */ - brlo 2f -1: - movw r24, r12 - movw r22, r14 - rcall md5_nextBlock - add r14, r18 - adc r15, r1 - subi r17, 2 - rjmp 2b -2: - pop r31 - pop r30 - - adiw r30, 1 /* adjust Z to point to buffer */ - movw r26, r14 - movw r24, r16 - adiw r24, 7 - - lsr r25 - ror r24 - lsr r25 - ror r24 - lsr r24 /* r24 now holds how many bytes are to copy */ - ldi r18, 64 - sub r18, r24 /* r18 will hold the amount of used bytes in buffer */ - tst r24 -4: - breq 5f - ld r0, X+ - st Z+, r0 - dec r24 - rjmp 4b /* Z points to the byte after msg in buffer */ -5: /* append 1-bit */ - mov r20, r16 - ldi r19, 0x80 - andi r20, 0x07 - brne bit_fucking - st Z+, r19 - dec r18 /* 'allocate' another byte in buffer */ - rjmp after_bit_fucking -bit_fucking: -1: - lsr r19 - dec r20 - brne 1b - or r0, r19 - st -Z, r0 - adiw r30, 1 -after_bit_fucking: - clt - cpi r18, 8 - brmi 2f - set /* store in t if the counter will also fit in this block (1 if fit)*/ -2: - tst r18 - breq 2f -1: /* fill remaning buffer with zeros */ - st Z+, r1 - dec r18 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r14, r30 /* r14:r15 now points to buffer */ - brts load_counter - /* counter does not fit, finalize this block */ - movw r24, r12 - movw r22, r14 - rcall md5_nextBlock - movw r30, r14 - ldi r20, 64-8 -3: - st Z+, r1 - dec r20 - brne 3b - -load_counter: - movw r26, r12 /* X points to state */ - adiw r26, 16 - ld r19, X+ - ld r20, X+ - ld r21, X+ - ld r22, X+ - brts post_counter_decrement /* do not decremen because counter fits */ -counter_decrement: - subi r19, 1 - sbci r20, 0 - sbci r21, 0 - sbci r22, 0 -post_counter_decrement: - clr r18 - clr r23 - lsl r19 - rol r20 - rol r21 - rol r22 - rol r23 - mov r18, r16 /* r16:r17 length_b */ - add r19, r17 - adc r20, r1 - adc r21, r1 - adc r22, r1 - adc r23, r1 - movw r30, r14 - adiw r30, 64-8 - st Z+, r18 - st Z+, r19 - st Z+, r20 - st Z+, r21 - st Z+, r22 - st Z+, r23 - st Z+, r1 - st Z, r1 - - sbiw r30, 63 -; sbiw r30, 1 - movw r24, r12 - movw r22, r30 - rcall md5_nextBlock -md5_lastBlock_exit: - pop_range 12, 17 - stack_free_large 64 - ret - - -;############################################################################### - - -.global md5_ctx2hash -md5_ctx2hash: - movw r26, r24 - movw r30, r22 - ldi r22, 16 -1: - ld r0, Z+ - st X+, r0 - dec r22 - brne 1b - ret - - -;############################################################################### - - -.global md5 -md5: - stack_alloc 20 - push_range 8, 17 - adiw r30, 1 - movw r8, r30 /* ctx */ - movw r10, r24 /* dest */ - movw r12, r22 /* msg */ - movw r14, r18 /* length (low) */ - movw r16, r20 /* length (high) */ - movw r24, r30 - rcall md5_init -1: - tst r16 - brne next_round - tst r17 - breq last_round -next_round: - movw r24, r8 - movw r22, r12 - rcall md5_nextBlock - ldi r22, 64 - add r12, r22 - adc r13, r1 - ldi r22, 2 - sub r15, r22 - sbci r16, 0 - sbci r17, 0 - rjmp 1b -last_round: - movw r24, r8 - movw r22, r12 - movw r20, r14 - rcall md5_lastBlock - movw r24, r10 - movw r22, r8 - rcall md5_ctx2hash - pop_range 8, 17 - stack_free 20 - ret - - - diff --git a/hmac-md5/md5.h b/hmac-md5/md5.h deleted file mode 100644 index 6b65c4a..0000000 --- a/hmac-md5/md5.h +++ /dev/null @@ -1,55 +0,0 @@ -/* md5.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * File: md5.h - * Author: Daniel Otte - * Date: 31.07.2006 - * License: GPL - * Description: Implementation of the MD5 hash algorithm as described in RFC 1321 - * - */ - - -#ifndef MD5_H_ -#define MD5_H_ - -#include - - -#define MD5_HASH_BITS 128 -#define MD5_HASH_BYTES (MD5_HASH_BITS/8) -#define MD5_BLOCK_BITS 512 -#define MD5_BLOCK_BYTES (MD5_BLOCK_BITS/8) - - -typedef struct md5_ctx_st { - uint32_t a[4]; - uint32_t counter; -} md5_ctx_t; - -typedef uint8_t md5_hash_t[MD5_HASH_BYTES]; - - -void md5_init(md5_ctx_t *s); -void md5_nextBlock(md5_ctx_t *state, const void* block); -void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length); -void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state); -void md5(md5_hash_t* dest, const void* msg, uint32_t length_b); - -#endif /*MD5_H_*/ diff --git a/hmac-sha1/hmac-sha1.c b/hmac-sha1/hmac-sha1.c index 56d90ac..7830402 100644 --- a/hmac-sha1/hmac-sha1.c +++ b/hmac-sha1/hmac-sha1.c @@ -31,7 +31,7 @@ #include #include #include "config.h" -#include "sha1.h" +#include "sha1/sha1.h" #include "hmac-sha1.h" #define IPAD 0x36 diff --git a/hmac-sha1/hmac-sha1.h b/hmac-sha1/hmac-sha1.h index d0be029..78fa7c0 100644 --- a/hmac-sha1/hmac-sha1.h +++ b/hmac-sha1/hmac-sha1.h @@ -19,7 +19,7 @@ #ifndef HMACSHA1_H_ #define HMACSHA1_H_ -#include "sha1.h" +#include "sha1/sha1.h" #define HMAC_SHA1_BITS SHA1_HASH_BITS #define HMAC_SHA1_BYTES SHA1_HASH_BYTES diff --git a/hmac-sha1/sha1-asm.S b/hmac-sha1/sha1-asm.S deleted file mode 100644 index f571685..0000000 --- a/hmac-sha1/sha1-asm.S +++ /dev/null @@ -1,886 +0,0 @@ -/* sha1-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; SHA1 implementation in assembler for AVR -SHA1_BLOCK_BITS = 512 -SHA1_HASH_BITS = 160 - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -.macro delay -/* - push r0 - push r1 - clr r0 -1: clr r1 -2: dec r1 - brne 2b - dec r0 - brne 1b - pop r1 - pop r0 // */ -.endm - -/* X points to Block */ -.macro dbg_hexdump length -/* - precall - hexdump \length - postcall - // */ -.endm - - - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha1_ctx_t is: -; -; [h0][h1][h2][h3][h4][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha1_ctx2hash -; === sha1_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha1_ctx structure -; given in r23,r22 -sha1_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 5 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha1 -; === sha1 === -; this function calculates SHA-1 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha1: -sha1_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r16, SPL - in r17, SPH - subi r16, 5*4+8 - sbci r17, 0 - in r0, SREG - cli - out SPL, r16 - out SPH, r17 - out SREG, r0 - - push r25 - push r24 - inc r16 - adc r17, r1 - - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha1_init - /* if length >= 512 */ -1: - tst r11 - brne 4f - tst r10 - brne 4f - mov r19, r9 - cpi r19, 0x02 - brlo 4f - - movw r24, r16 - movw r22, r12 - rcall sha1_nextBlock - ldi r19, 0x64 - add r22, r19 - adc r23, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha1_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha1_ctx2hash - -sha1_epilog: - in r30, SPL - in r31, SPH - adiw r30, 5*4+8 - in r0, SREG - cli - out SPL, r30 - out SPH, r31 - out SREG, r0 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha1_lastBlock -; === sha1_lastBlock === -; this function does padding & Co. for calculating SHA-1 hashes -; param1: the 16-bit pointer to sha1_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha1_lastBlock_localSpace = (SHA1_BLOCK_BITS/8+1) - - -sha1_lastBlock: - cpi r21, 0x02 - brlo sha1_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha1_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 2 - subi r23, -2 - rjmp sha1_lastBlock -sha1_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r1, SREG - subi r30, lo8(64) - sbci r31, hi8(64) /* ??? */ - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha1_lastBlock_post_copy - mov r1, r18 -sha1_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha1_lastBlock_copy_loop -sha1_lastBlock_post_copy: -sha1_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha1_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha1_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*5+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha1_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha1_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha1_lastBlock_epilog -sha1_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 5*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha1_nextBlock - -sha1_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r1, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - clr r1 - clr r0 - ret - -/**/ -;########################################################### - -.global sha1_nextBlock -; === sha1_nextBlock === -; this is the core function for calculating SHA-1 hashes -; param1: the 16-bit pointer to sha1_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha1_nextBlock_localSpace = (16+5+1)*4 ; 16 32-bit values for w array and 5 32-bit values for a array (total 84 byte) - -xtmp = 0 -xNULL = 1 -W1 = 10 -W2 = 11 -T1 = 12 -T2 = 13 -T3 = 14 -T4 = 15 -LoopC = 16 -S = 17 -tmp1 = 18 -tmp2 = 19 -tmp3 = 20 -tmp4 = 21 -F1 = 22 -F2 = 23 -F3 = 24 -F4 = 25 - -/* byteorder: high number <--> high significance */ -sha1_nextBlock: - ; initial, let's make some space ready for local vars - /* replace push & pop by mem ops? */ - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack /* maybe removeable? */ - movw r30, r22 ; Z points to message - subi r20, lo8(sha1_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha1_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - push r18 - push r19 /* push old SP on new stack */ - push r24 - push r25 /* param1 will be needed later */ - - /* load a[] with state */ - movw 28, r24 /* load pointer to state in Y */ - adiw r26, 1 ; X++ - - ldi LoopC, 5*4 -1: ld tmp1, Y+ - st X+, tmp1 - dec LoopC - brne 1b - - movw W1, r26 /* save pointer to w[0] */ - /* load w[] with endian fixed message */ - /* we might also use the changeendian32() function at bottom */ - movw r30, r22 /* mv param2 (ponter to msg) to Z */ - ldi LoopC, 16 -1: - ldd tmp1, Z+3 - st X+, tmp1 - ldd tmp1, Z+2 - st X+, tmp1 - ldd tmp1, Z+1 - st X+, tmp1 - ld tmp1, Z - st X+, tmp1 - adiw r30, 4 - dec LoopC - brne 1b - - ;clr LoopC /* LoopC is named t in FIPS 180-2 */ - clr xtmp -sha1_nextBlock_mainloop: - mov S, LoopC - lsl S - lsl S - andi S, 0x3C /* S is a bytepointer so *4 */ - /* load w[s] */ - movw r26, W1 - add r26, S /* X points at w[s] */ - adc r27, xNULL - ld T1, X+ - ld T2, X+ - ld T3, X+ - ld T4, X+ - - /**/ - push r26 - push r27 - push T4 - push T3 - push T2 - push T1 - in r26, SPL - in r27, SPH - adiw r26, 1 - dbg_hexdump 4 - pop T1 - pop T2 - pop T3 - pop T4 - pop r27 - pop r26 - /**/ - - cpi LoopC, 16 - brlt sha1_nextBlock_mainloop_core - /* update w[s] */ - ldi tmp1, 2*4 - rcall 1f - ldi tmp1, 8*4 - rcall 1f - ldi tmp1, 13*4 - rcall 1f - rjmp 2f -1: /* this might be "outsourced" to save the jump above */ - add tmp1, S - andi tmp1, 0x3f - movw r26, W1 - add r26, tmp1 - adc r27, xNULL - ld tmp2, X+ - eor T1, tmp2 - ld tmp2, X+ - eor T2, tmp2 - ld tmp2, X+ - eor T3, tmp2 - ld tmp2, X+ - eor T4, tmp2 - ret -2: /* now we just hav to do a ROTL(T) and save T back */ - mov tmp2, T4 - rol tmp2 - rol T1 - rol T2 - rol T3 - rol T4 - movw r26, W1 - add r26, S - adc r27, xNULL - st X+, T1 - st X+, T2 - st X+, T3 - st X+, T4 - -sha1_nextBlock_mainloop_core: /* ther core function; T=ROTL5(a) ....*/ - /* T already contains w[s] */ - movw r26, W1 - sbiw r26, 4*1 /* X points at a[4] aka e */ - ld tmp1, X+ - add T1, tmp1 - ld tmp1, X+ - adc T2, tmp1 - ld tmp1, X+ - adc T3, tmp1 - ld tmp1, X+ - adc T4, tmp1 /* T = w[s]+e */ - sbiw r26, 4*5 /* X points at a[0] aka a */ - ld F1, X+ - ld F2, X+ - ld F3, X+ - ld F4, X+ - mov tmp1, F4 /* X points at a[1] aka b */ - ldi tmp2, 5 -1: - rol tmp1 - rol F1 - rol F2 - rol F3 - rol F4 - dec tmp2 - brne 1b - - add T1, F1 - adc T2, F2 - adc T3, F3 - adc T4, F4 /* T = ROTL(a,5) + e + w[s] */ - - /* now we have to do this fucking conditional stuff */ - ldi r30, lo8(sha1_nextBlock_xTable) - ldi r31, hi8(sha1_nextBlock_xTable) - add r30, xtmp - adc r31, xNULL - lpm tmp1, Z - cp tmp1, LoopC - brne 1f - inc xtmp -1: ldi r30, lo8(sha1_nextBlock_KTable) - ldi r31, hi8(sha1_nextBlock_KTable) - lsl xtmp - lsl xtmp - add r30, xtmp - adc r31, xNULL - lsr xtmp - lsr xtmp - - lpm tmp1, Z+ - add T1, tmp1 - lpm tmp1, Z+ - adc T2, tmp1 - lpm tmp1, Z+ - adc T3, tmp1 - lpm tmp1, Z+ - adc T4, tmp1 - /* T = ROTL(a,5) + e + kt + w[s] */ - - /* Z-4 is just pointing to kt ... */ - movw r28, r26 /* copy X in Y */ - adiw r30, 3*4 /* now Z points to the rigth locatin in our jump-vector-table */ - lsr r31 - ror r30 - - icall - mov F1, tmp1 - icall - mov F2, tmp1 - icall - mov F3, tmp1 - icall - - add T1, F1 - adc T2, F2 - adc T3, F3 - adc T4, tmp1 /* T = ROTL5(a) + f_t(b,c,d) + e + k_t + w[s] */ - /* X points still at a[1] aka b, Y points at a[2] aka c */ - /* update a[] */ -sha1_nextBlock_update_a: - /*first we move all vars in a[] "one up" e=d, d=c, c=b, b=a*/ - //adiw r28, 3*4 /* Y should point at a[4] aka e */ - movw r28, W1 - sbiw r28, 4 - - ldi tmp2, 4*4 -1: - ld tmp1, -Y - std Y+4, tmp1 - dec tmp2 - brne 1b - /* Y points at a[0] aka a*/ - - movw r28, W1 - sbiw r28, 5*4 - /* store T in a[0] aka a */ - st Y+, T1 - st Y+, T2 - st Y+, T3 - st Y+, T4 - /* Y points at a[1] aka b*/ - - /* rotate c */ - ldd T1, Y+1*4 - ldd T2, Y+1*4+1 - ldd T3, Y+1*4+2 - ldd T4, Y+1*4+3 - mov tmp1, T1 - ldi tmp2, 2 -1: ror tmp1 - ror T4 - ror T3 - ror T2 - ror T1 - dec tmp2 - brne 1b - std Y+1*4+0, T1 - std Y+1*4+1, T2 - std Y+1*4+2, T3 - std Y+1*4+3, T4 - - push r27 - push r26 - movw r26, W1 - sbiw r26, 4*5 - dbg_hexdump 4*5 - pop r26 - pop r27 - - inc LoopC - cpi LoopC, 80 - brge 1f - rjmp sha1_nextBlock_mainloop -/**************************************/ -1: - /* littel patch */ - sbiw r28, 4 - -/* add a[] to state and inc length */ - pop r27 - pop r26 /* now X points to state (and Y still at a[0]) */ - ldi tmp4, 5 -1: clc - ldi tmp3, 4 -2: ld tmp1, X - ld tmp2, Y+ - adc tmp1, tmp2 - st X+, tmp1 - dec tmp3 - brne 2b - dec tmp4 - brne 1b - - /* now length += 512 */ - adiw r26, 1 /* we skip the least significant byte */ - ld tmp1, X - ldi tmp2, hi8(512) /* 2 */ - add tmp1, tmp2 - st X+, tmp1 - ldi tmp2, 6 -1: - ld tmp1, X - adc tmp1, xNULL - st X+, tmp1 - dec tmp2 - brne 1b - -; EPILOG -sha1_nextBlock_epilog: -/* now we should clean up the stack */ - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - ret - -sha1_nextBlock_xTable: -.byte 20,40,60,0 -sha1_nextBlock_KTable: -.int 0x5a827999 -.int 0x6ed9eba1 -.int 0x8f1bbcdc -.int 0xca62c1d6 -sha1_nextBlock_JumpTable: -rjmp sha1_nextBlock_Ch - nop -rjmp sha1_nextBlock_Parity - nop -rjmp sha1_nextBlock_Maj - nop -rjmp sha1_nextBlock_Parity - - /* X and Y still point at a[1] aka b ; return value in tmp1 */ -sha1_nextBlock_Ch: - ld tmp1, Y+ - mov tmp2, tmp1 - com tmp2 - ldd tmp3, Y+3 /* load from c */ - and tmp1, tmp3 - ldd tmp3, Y+7 /* load from d */ - and tmp2, tmp3 - eor tmp1, tmp2 - ret - -sha1_nextBlock_Maj: - ld tmp1, Y+ - mov tmp2, tmp1 - ldd tmp3, Y+3 /* load from c */ - and tmp1, tmp3 - ldd tmp4, Y+7 /* load from d */ - and tmp2, tmp4 - eor tmp1, tmp2 - and tmp3, tmp4 - eor tmp1, tmp3 - ret - -sha1_nextBlock_Parity: - ld tmp1, Y+ - ldd tmp2, Y+3 /* load from c */ - eor tmp1, tmp2 - ldd tmp2, Y+7 /* load from d */ - eor tmp1, tmp2 - ret -/* -ch_str: .asciz "\r\nCh" -maj_str: .asciz "\r\nMaj" -parity_str: .asciz "\r\nParity" -*/ -;########################################################### - -.global sha1_init -;void sha1_init(sha1_ctx_t *state){ -; DEBUG_S("\r\nSHA1_INIT"); -; state->h[0] = 0x67452301; -; state->h[1] = 0xefcdab89; -; state->h[2] = 0x98badcfe; -; state->h[3] = 0x10325476; -; state->h[4] = 0xc3d2e1f0; -; state->length = 0; -;} -; param1: (Func3,r24) 16-bit pointer to sha1_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha1_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha1_init_vector)) - ldi r31, hi8((sha1_init_vector)) - ldi r22, 5*4 /* bytes to copy */ -sha1_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha1_init_vloop - ldi r22, 8 -sha1_init_lloop: - st X+, r1 - dec r22 - brne sha1_init_lloop - ret - -sha1_init_vector: -.int 0x67452301; -.int 0xefcdab89; -.int 0x98badcfe; -.int 0x10325476; -.int 0xc3d2e1f0; - diff --git a/hmac-sha1/sha1.h b/hmac-sha1/sha1.h deleted file mode 100644 index 6675d20..0000000 --- a/hmac-sha1/sha1.h +++ /dev/null @@ -1,117 +0,0 @@ -/* sha1.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha1.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2006-10-08 - * \license GPLv3 or later - * \brief SHA-1 declaration. - * \ingroup SHA-1 - * - */ - -#ifndef SHA1_H_ -#define SHA1_H_ - -#include -/** \def SHA1_HASH_BITS - * definees the size of a SHA-1 hash in bits - */ - -/** \def SHA1_HASH_BYTES - * definees the size of a SHA-1 hash in bytes - */ - -/** \def SHA1_BLOCK_BITS - * definees the size of a SHA-1 input block in bits - */ - -/** \def SHA1_BLOCK_BYTES - * definees the size of a SHA-1 input block in bytes - */ -#define SHA1_HASH_BITS 160 -#define SHA1_HASH_BYTES (SHA1_HASH_BITS/8) -#define SHA1_BLOCK_BITS 512 -#define SHA1_BLOCK_BYTES (SHA1_BLOCK_BITS/8) - -/** \typedef sha1_ctx_t - * \brief SHA-1 context type - * - * A vatiable of this type may hold the state of a SHA-1 hashing process - */ -typedef struct { - uint32_t h[5]; - uint64_t length; -} sha1_ctx_t; - -/** \typedef sha1_hash_t - * \brief hash value type - * A variable of this type may hold a SHA-1 hash value - */ -typedef uint8_t sha1_hash_t[SHA1_HASH_BITS/8]; - -/** \fn sha1_init(sha1_ctx_t *state) - * \brief initializes a SHA-1 context - * This function sets a ::sha1_ctx_t variable to the initialization vector - * for SHA-1 hashing. - * \param state pointer to the SHA-1 context variable - */ -void sha1_init(sha1_ctx_t *state); - -/** \fn sha1_nextBlock(sha1_ctx_t *state, const void* block) - * \brief process one input block - * This function processes one input block and updates the hash context - * accordingly - * \param state pointer to the state variable to update - * \param block pointer to the message block to process - */ -void sha1_nextBlock (sha1_ctx_t *state, const void* block); - -/** \fn sha1_lastBlock(sha1_ctx_t *state, const void* block, uint16_t length_b) - * \brief processes the given block and finalizes the context - * This function processes the last block in a SHA-1 hashing process. - * The block should have a maximum length of a single input block. - * \param state pointer to the state variable to update and finalize - * \param block pointer to themessage block to process - * \param length_b length of the message block in bits - */ -void sha1_lastBlock (sha1_ctx_t *state, const void* block, uint16_t length_b); - -/** \fn sha1_ctx2hash(sha1_hash_t *dest, sha1_ctx_t *state) - * \brief convert a state variable into an actual hash value - * Writes the hash value corresponding to the state to the memory pointed by dest. - * \param dest pointer to the hash value destination - * \param state pointer to the hash context - */ -void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state); - -/** \fn sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b) - * \brief hashing a message which in located entirely in RAM - * This function automatically hashes a message which is entirely in RAM with - * the SHA-1 hashing algorithm. - * \param dest pointer to the hash value destination - * \param msg pointer to the message which should be hashed - * \param length_b length of the message in bits - */ -void sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b); - - - -#endif /*SHA1_H_*/ diff --git a/hmac-sha256/hmac-sha256.c b/hmac-sha256/hmac-sha256.c index 6a57189..c5e53fd 100644 --- a/hmac-sha256/hmac-sha256.c +++ b/hmac-sha256/hmac-sha256.c @@ -31,7 +31,7 @@ #include #include #include "config.h" -#include "sha256.h" +#include "sha256/sha256.h" #include "hmac-sha256.h" #define IPAD 0x36 diff --git a/hmac-sha256/hmac-sha256.h b/hmac-sha256/hmac-sha256.h index 4df6af5..e2bd178 100644 --- a/hmac-sha256/hmac-sha256.h +++ b/hmac-sha256/hmac-sha256.h @@ -19,7 +19,7 @@ #ifndef HMACSHA256_H_ #define HMACSHA256_H_ -#include "sha256.h" +#include "sha256/sha256.h" #define HMAC_SHA256_BITS SHA256_HASH_BITS #define HMAC_SHA256_BYTES SHA256_HASH_BYTES diff --git a/hmac-sha256/sha256-asm.S b/hmac-sha256/sha256-asm.S deleted file mode 100644 index d9eb6b6..0000000 --- a/hmac-sha256/sha256-asm.S +++ /dev/null @@ -1,1042 +0,0 @@ -/* sha256-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; sha-256 implementation in assembler -SHA256_BLOCK_BITS = 512 -SHA256_HASH_BITS = 256 - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -/* X points to Block */ -.macro dbg_hexdump length - precall - hexdump \length - postcall -.endm - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha256_ctx_t is: -; -; [h0][h1][h2][h3][h4][h5][h6][h7][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha256_ctx2hash -; === sha256_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha256_ctx structure -; given in r23,r22 -sha256_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 8 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha256 -; === sha256 === -; this function calculates SHA-256 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha256: -sha256_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r16, SPL - in r17, SPH - subi r16, 8*4+8 - sbci r17, 0 - in r0, SREG - cli - out SPL, r16 - out SPH, r17 - out SREG, r0 - - push r25 - push r24 - inc r16 - adc r17, r1 - - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha256_init - /* if length >= 512 */ -1: - tst r11 - brne 4f - tst r10 - brne 4f - mov r19, r9 - cpi r19, 0x02 - brlo 4f - - movw r24, r16 - movw r22, r12 - rcall sha256_nextBlock - ldi r19, 0x64 - add r22, r19 - adc r23, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha256_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha256_ctx2hash - -sha256_epilog: - in r30, SPL - in r31, SPH - adiw r30, 8*4+8 - in r0, SREG - cli - out SPL, r30 - out SPH, r31 - out SREG, r0 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha256_lastBlock -; === sha256_lastBlock === -; this function does padding & Co. for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1) - - -sha256_lastBlock: - cpi r21, 0x02 - brlo sha256_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 0x02 - subi r23, -2 - rjmp sha256_lastBlock -sha256_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r1, SREG - subi r30, lo8(64) - sbci r31, hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha256_lastBlock_post_copy - mov r1, r18 -sha256_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha256_lastBlock_copy_loop -sha256_lastBlock_post_copy: -sha256_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha256_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*8+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha256_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha256_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha256_lastBlock_epilog -sha256_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 8*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha256_nextBlock - -sha256_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r1, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - clr r1 - clr r0 - ret - -/**/ -;########################################################### - -.global sha256_nextBlock -; === sha256_nextBlock === -; this is the core function for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte) - -Bck1 = 12 -Bck2 = 13 -Bck3 = 14 -Bck4 = 15 -Func1 = 22 -Func2 = 23 -Func3 = 24 -Func4 = 25 -Accu1 = 16 -Accu2 = 17 -Accu3 = 18 -Accu4 = 19 -XAccu1 = 8 -XAccu2 = 9 -XAccu3 = 10 -XAccu4 = 11 -T1 = 4 -T2 = 5 -T3 = 6 -T4 = 7 -LoopC = 1 -/* byteorder: high number <--> high significance */ -sha256_nextBlock: - ; initial, let's make some space ready for local vars - push r4 /* replace push & pop by mem ops? */ - push r5 - push r6 - push r7 - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack - movw r30, r22 ; Z points to message - subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha256_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - push r18 - push r19 - push r24 - push r25 /* param1 will be needed later */ - ; now we fill the w array with message (think about endianess) - adiw r26, 1 ; X++ - ldi r20, 16 -sha256_nextBlock_wcpyloop: - ld r23, Z+ - ld r22, Z+ - ld r19, Z+ - ld r18, Z+ - st X+, r18 - st X+, r19 - st X+, r22 - st X+, r23 - dec r20 - brne sha256_nextBlock_wcpyloop -/* for (i=16; i<64; ++i){ - w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16]; - } */ - /* r25,r24,r23,r24 (r21,r20) are function values - r19,r18,r17,r16 are the accumulator - r15,r14,r13,rBck1 are backup1 - r11,r10,r9 ,r8 are xor accu - r1 is round counter */ - - ldi r20, 64-16 - mov LoopC, r20 -sha256_nextBlock_wcalcloop: - movw r30, r26 ; cp X to Z - sbiw r30, 63 - sbiw r30, 1 ; substract 64 = 16*4 - ld Accu1, Z+ - ld Accu2, Z+ - ld Accu3, Z+ - ld Accu4, Z+ /* w[i] = w[i-16] */ - ld Bck1, Z+ - ld Bck2, Z+ - ld Bck3, Z+ - ld Bck4, Z+ /* backup = w[i-15] */ - /* now sigma 0 */ - mov Func1, Bck2 - mov Func2, Bck3 - mov Func3, Bck4 - mov Func4, Bck1 /* prerotated by 8 */ - ldi r20, 1 - rcall bitrotl - movw XAccu1, Func1 - movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/ -sigma0_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - ror Bck1 - dec Func2 - brne sigma0_shr - eor XAccu1, Bck1 - eor XAccu2, Bck2 - eor XAccu3, Bck3 - eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - ldd Func1, Z+7*4 /* now accu += w[i-7] */ - ldd Func2, Z+7*4+1 - ldd Func3, Z+7*4+2 - ldd Func4, Z+7*4+3 - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - ldd Bck1, Z+12*4 /* now backup = w[i-2]*/ - ldd Bck2, Z+12*4+1 - ldd Bck3, Z+12*4+2 - ldd Bck4, Z+12*4+3 - /* now sigma 1 */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 1 - rcall bitrotr - movw XAccu3, Func3 - movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */ -; movw Func1, Bck3 -; movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/ -sigma1_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - dec Func2 - brne sigma1_shr - eor XAccu1, Bck2 - eor XAccu2, Bck3 - eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - /* now let's store the shit */ - st X+, Accu1 - st X+, Accu2 - st X+, Accu3 - st X+, Accu4 - dec LoopC - breq 3f ; skip if zero - rjmp sha256_nextBlock_wcalcloop -3: - /* we are finished with w array X points one byte post w */ -/* init a array */ - pop r31 - pop r30 - push r30 - push r31 - ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */ -init_a_array: - ld r1, Z+ - st X+, r1 - dec r25 - brne init_a_array - -/* now the real fun begins */ -/* for (i=0; i<64; ++i){ - t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i]; - t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]); - memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; - a[4] += t1; - a[0] = t1 + t2; - } */ - /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */ - sbiw r26, 8*4 /* X still points at a[7]+1*/ - movw r28, r26 - ldi r30, lo8(sha256_kv) - ldi r31, hi8(sha256_kv) - dec r27 /* X - (64*4 == 256) */ - ldi r25, 64 - mov LoopC, r25 -sha256_main_loop: - /* now calculate t1 */ - /*CH(x,y,z) = (x&y)^((~x)&z)*/ - ldd T1, Y+5*4 - ldd T2, Y+5*4+1 - ldd T3, Y+5*4+2 - ldd T4, Y+5*4+3 /* y in T */ - ldd Func1, Y+4*4 - ldd Func2, Y+4*4+1 - ldd Func3, Y+4*4+2 - ldd Func4, Y+4*4+3 /* x in Func */ - ldd Bck1, Y+6*4 - ldd Bck2, Y+6*4+1 - ldd Bck3, Y+6*4+2 - ldd Bck4, Y+6*4+3 /* z in Bck */ - and T1, Func1 - and T2, Func2 - and T3, Func3 - and T4, Func4 - com Func1 - com Func2 - com Func3 - com Func4 - and Bck1, Func1 - and Bck2, Func2 - and Bck3, Func3 - and Bck4, Func4 - eor T1, Bck1 - eor T2, Bck2 - eor T3, Bck3 - eor T4, Bck4 /* done, CH(x,y,z) is in T */ - /* now SIGMA1(a[4]) */ - ldd Bck4, Y+4*4 /* think about using it from Func reg above*/ - ldd Bck1, Y+4*4+1 - ldd Bck2, Y+4*4+2 - ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */ - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotl /* rotr(x,6) */ - movw XAccu1, Func1 - movw XAccu3, Func3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 3 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - movw Func1, Bck3 /* this prerotates furteh 16 bits*/ - movw Func3, Bck1 /* so we have now prerotated by 24 bits*/ - ldi r20, 1 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* finished with SIGMA1, add it to T */ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 - /* now we've to add a[7], w[i] and k[i] */ - ldd XAccu1, Y+4*7 - ldd XAccu2, Y+4*7+1 - ldd XAccu3, Y+4*7+2 - ldd XAccu4, Y+4*7+3 - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add a[7] */ - ld XAccu1, X+ - ld XAccu2, X+ - ld XAccu3, X+ - ld XAccu4, X+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add w[i] */ - lpm XAccu1, Z+ - lpm XAccu2, Z+ - lpm XAccu3, Z+ - lpm XAccu4, Z+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add k[i] */ /* finished with t1 */ - /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/ - /* starting with MAJ(x,y,z) */ - ldd Func1, Y+4*0+0 - ldd Func2, Y+4*0+1 - ldd Func3, Y+4*0+2 - ldd Func4, Y+4*0+3 /* load x=a[0] */ - ldd XAccu1, Y+4*1+0 - ldd XAccu2, Y+4*1+1 - ldd XAccu3, Y+4*1+2 - ldd XAccu4, Y+4*1+3 /* load y=a[1] */ - and XAccu1, Func1 - and XAccu2, Func2 - and XAccu3, Func3 - and XAccu4, Func4 /* XAccu == (x & y) */ - ldd Bck1, Y+4*2+0 - ldd Bck2, Y+4*2+1 - ldd Bck3, Y+4*2+2 - ldd Bck4, Y+4*2+3 /* load z=a[2] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */ - ldd Func1, Y+4*1+0 - ldd Func2, Y+4*1+1 - ldd Func3, Y+4*1+2 - ldd Func4, Y+4*1+3 /* load y=a[1] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */ - /* SIGMA0(a[0]) */ - ldd Bck1, Y+4*0+0 /* we should combine this with above */ - ldd Bck2, Y+4*0+1 - ldd Bck3, Y+4*0+2 - ldd Bck4, Y+4*0+3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotr - movw Accu1, Func1 - movw Accu3, Func3 /* Accu = shr(a[0], 2) */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotate by 16 bits */ - ldi r20, 3 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */ - mov Func1, Bck4 - mov Func2, Bck1 - mov Func3, Bck2 - mov Func4, Bck3 /* prerotate by 24 bits */ - ldi r20, 2 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */ - add Accu1, XAccu1 /* add previous result (MAJ)*/ - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 - /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/ - /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */ - - ldi r21, 7*4 - adiw r28, 7*4 -a_shift_loop: - ld r25, -Y /* warning: this is PREdecrement */ - std Y+4, r25 - dec r21 - brne a_shift_loop - - ldd Bck1, Y+4*4+0 - ldd Bck2, Y+4*4+1 - ldd Bck3, Y+4*4+2 - ldd Bck4, Y+4*4+3 - add Bck1, T1 - adc Bck2, T2 - adc Bck3, T3 - adc Bck4, T4 - std Y+4*4+0, Bck1 - std Y+4*4+1, Bck2 - std Y+4*4+2, Bck3 - std Y+4*4+3, Bck4 - add Accu1, T1 - adc Accu2, T2 - adc Accu3, T3 - adc Accu4, T4 - std Y+4*0+0, Accu1 - std Y+4*0+1, Accu2 - std Y+4*0+2, Accu3 - std Y+4*0+3, Accu4 /* a array updated */ - - - dec LoopC - breq update_state - rjmp sha256_main_loop ;brne sha256_main_loop -update_state: - /* update state */ - /* pointers to state should still exist on the stack ;-) */ - pop r31 - pop r30 - ldi r21, 8 -update_state_loop: - ldd Accu1, Z+0 - ldd Accu2, Z+1 - ldd Accu3, Z+2 - ldd Accu4, Z+3 - ld Func1, Y+ - ld Func2, Y+ - ld Func3, Y+ - ld Func4, Y+ - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - st Z+, Accu1 - st Z+, Accu2 - st Z+, Accu3 - st Z+, Accu4 - dec r21 - brne update_state_loop - /* now we just have to update the length */ - adiw r30, 1 /* since we add 512, we can simply skip the LSB */ - ldi r21, 2 - ldi r22, 6 - ld r20, Z - add r20, r21 - st Z+, r20 - clr r21 -sha256_nextBlock_fix_length: - brcc sha256_nextBlock_epilog - ld r20, Z - adc r20, r21 - st Z+, r20 - dec r22 - brne sha256_nextBlock_fix_length - -; EPILOG -sha256_nextBlock_epilog: -/* now we should clean up the stack */ - - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - pop r7 - pop r6 - pop r5 - pop r4 - ret - -sha256_kv: ; round-key-vector stored in ProgMem -.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c -.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b -.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9 -.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429 -.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272 -.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a -.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e -.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671 - - -;########################################################### - -.global sha256_init -;uint32_t sha256_init_vector[]={ -; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, -; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 }; -; -;void sha256_init(sha256_ctx_t *state){ -; state->length=0; -; memcpy(state->h, sha256_init_vector, 8*4); -;} -; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha256_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha256_init_vector)) - ldi r31, hi8((sha256_init_vector)) - ldi r22, 32+8 -sha256_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha256_init_vloop - ret - -sha256_init_vector: -.word 0xE667, 0x6A09 -.word 0xAE85, 0xBB67 -.word 0xF372, 0x3C6E -.word 0xF53A, 0xA54F -.word 0x527F, 0x510E -.word 0x688C, 0x9B05 -.word 0xD9AB, 0x1F83 -.word 0xCD19, 0x5BE0 -.word 0x0000, 0x0000 -.word 0x0000, 0x0000 - -;########################################################### - -.global rotl32 -; === ROTL32 === -; function that rotates a 32 bit word to the left -; param1: the 32-bit word to rotate -; given in r25,r24,r23,r22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotl32: - cpi r20, 8 - brlo bitrotl - mov r21, r25 - mov r25, r24 - mov r24, r23 - mov r23, r22 - mov r22, r21 - subi r20, 8 - rjmp rotl32 -bitrotl: - clr r21 - clc -bitrotl_loop: - tst r20 - breq fixrotl - rol r22 - rol r23 - rol r24 - rol r25 - rol r21 - dec r20 - rjmp bitrotl_loop -fixrotl: - or r22, r21 - ret - - -;########################################################### - -.global rotr32 -; === ROTR32 === -; function that rotates a 32 bit word to the right -; param1: the 32-bit word to rotate -; given in r25,r24,r23,22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotr32: - cpi r20, 8 - brlo bitrotr - mov r21, r22 - mov r22, r23 - mov r23, r24 - mov r24, r25 - mov r25, r21 - subi r20, 8 - rjmp rotr32 -bitrotr: - clr r21 - clc -bitrotr_loop: - tst r20 - breq fixrotr - ror r25 - ror r24 - ror r23 - ror r22 - ror r21 - dec r20 - rjmp bitrotr_loop -fixrotr: - or r25, r21 - ret - - -;########################################################### - -.global change_endian32 -; === change_endian32 === -; function that changes the endianess of a 32-bit word -; param1: the 32-bit word -; given in r25,r24,r23,22 (r25 is most significant) -; modifys: r21, r22 -change_endian32: - movw r20, r22 ; (r22,r23) --> (r20,r21) - mov r22, r25 - mov r23, r24 - mov r24, r21 - mov r25, r20 - ret - diff --git a/hmac-sha256/sha256.h b/hmac-sha256/sha256.h deleted file mode 100644 index 24960a3..0000000 --- a/hmac-sha256/sha256.h +++ /dev/null @@ -1,122 +0,0 @@ -/* sha256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha256.h - * \author Daniel Otte - * \date 2006-05-16 - * \license GPLv3 or later - * - */ - -#ifndef SHA256_H_ -#define SHA256_H_ - -#define __LITTLE_ENDIAN__ - - -#include - -/** \def SHA256_HASH_BITS - * defines the size of a SHA-256 hash value in bits - */ - -/** \def SHA256_HASH_BYTES - * defines the size of a SHA-256 hash value in bytes - */ - -/** \def SHA256_BLOCK_BITS - * defines the size of a SHA-256 input block in bits - */ - -/** \def SHA256_BLOCK_BYTES - * defines the size of a SHA-256 input block in bytes - */ - -#define SHA256_HASH_BITS 256 -#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8) -#define SHA256_BLOCK_BITS 512 -#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8) - -/** \typedef sha256_ctx_t - * \brief SHA-256 context type - * - * A variable of this type may hold the state of a SHA-256 hashing process - */ -typedef struct { - uint32_t h[8]; - uint64_t length; -} sha256_ctx_t; - -/** \typedef sha256_hash_t - * \brief SHA-256 hash value type - * - * A variable of this type may hold the hash value produced by the - * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function. - */ -typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES]; - -/** \fn void sha256_init(sha256_ctx_t *state) - * \brief initialise a SHA-256 context - * - * This function sets a ::sha256_ctx_t to the initial values for hashing. - * \param state pointer to the SHA-256 hashing context - */ -void sha256_init(sha256_ctx_t *state); - -/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block) - * \brief update the context with a given block - * - * This function updates the SHA-256 hash context by processing the given block - * of fixed length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - */ -void sha256_nextBlock (sha256_ctx_t* state, const void* block); - -/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b) - * \brief finalize the context with the given block - * - * This function finalizes the SHA-256 hash context by processing the given block - * of variable length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - * \param length_b the length of the block in bits - */ -void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b); - -/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) - * \brief convert the hash state into the hash value - * This function reads the context and writes the hash value to the destination - * \param dest pointer to the location where the hash value should be written - * \param state pointer to the SHA-256 hash context - */ -void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state); - -/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b) - * \brief simple SHA-256 hashing function for direct hashing - * - * This function automaticaly hashes a given message of arbitary length with - * the SHA-256 hashing algorithm. - * \param dest pointer to the location where the hash value is going to be written to - * \param msg pointer to the message thats going to be hashed - * \param length_b length of the message in bits - */ -void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b); - -#endif /*SHA256_H_*/ diff --git a/host/gf256_table_gen.c b/host/gf256_table_gen.c index b359411..395343a 100644 --- a/host/gf256_table_gen.c +++ b/host/gf256_table_gen.c @@ -28,7 +28,7 @@ #include #include #include -#include "gf256mul.h" +#include "gf256mul/gf256mul.h" int print_header = 1, print_braces = 1, diff --git a/host/gf256mul.c b/host/gf256mul.c index b3dd460..e2d7a88 100644 --- a/host/gf256mul.c +++ b/host/gf256mul.c @@ -25,7 +25,7 @@ * */ #include -#include "gf256mul.h" +#include "gf256mul/gf256mul.h" uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer){ uint8_t i; diff --git a/host/gf256mul.h b/host/gf256mul.h deleted file mode 100644 index 8cfea15..0000000 --- a/host/gf256mul.h +++ /dev/null @@ -1,29 +0,0 @@ -/* gf256mul.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file gf256mul.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2009-01-13 - * \license GPLv3 or later - * - */ -#include - -uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); diff --git a/host/performance2wiki.rb b/host/performance2wiki.rb deleted file mode 100644 index cfdc3ce..0000000 --- a/host/performance2wiki.rb +++ /dev/null @@ -1,122 +0,0 @@ -#!/usr/bin/ruby -# performnce to wiki - -=begin - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -=end - -=begin - === Twister-256 performance === - type: hash - hashsize (bits): 256 - ctxsize (bytes): 80 - blocksize (bits): 512 - init (cycles): 425 - nextBlock (cycles): 36535 - lastBlock (cycles): 8071 - ctx2hash (cycles): 19431 -=end - -def process_hashfunction(fin, name) - lb = fin.readline() - m = lb.match(/hashsize \(bits\):[\s]*([\d]*)/) - if(!m) - printf("unexpected string %s\n", lb) - end - hashsize = m[1].to_i() - lb = fin.readline() - m = lb.match(/ctxsize \(bytes\):[\s]*([\d]*)/) - ctxsize = m[1].to_i() - lb = fin.readline() - m = lb.match(/blocksize \(bits\):[\s]*([\d]*)/) - blocksize = m[1].to_i() - lb = fin.readline() - m = lb.match(/init \(cycles\):[\s]*([\d]*)/) - inittime = m[1].to_i() - lb = fin.readline() - m = lb.match(/nextBlock \(cycles\):[\s]*([\d]*)/) - nextblocktime = m[1].to_i() - lb = fin.readline() - m = lb.match(/lastBlock \(cycles\):[\s]*([\d]*)/) - lastblocktime = m[1].to_i() - lb = fin.readline() - m = lb.match(/ctx2hash \(cycles\):[\s]*([\d]*)/) - convtime = m[1].to_i() - begin - lb = fin.readline() - end until m = lb.match(/init \(bytes\):[\s]*([\d]*)/) - initstack = m[1].to_i() - lb = fin.readline() - m = lb.match(/nextBlock \(bytes\):[\s]*([\d]*)/) - nextblockstack = m[1].to_i() - lb = fin.readline() - m = lb.match(/lastBlock \(bytes\):[\s]*([\d]*)/) - lastblockstack = m[1].to_i() - lb = fin.readline() - m = lb.match(/ctx2hash \(bytes\):[\s]*([\d]*)/) - convstack = m[1].to_i() - s1 = (initstack>nextblockstack)?initstack:nextblockstack - s2 = (lastblockstack>convstack)?lastblockstack:convstack - stack = (s1>s2)?s1:s2 - - printf("| %20s || %3s || %3s || || %4d || %4d || %4d || %4d ||" + - " %6d || %6d || %7.2f || %6d || || || \n|-\n" , - name, $lang, $lang ,ctxsize, stack, hashsize, blocksize, - inittime, nextblocktime, nextblocktime.to_f/(blocksize/8), - lastblocktime+convtime) -end - - -$handlers = Hash.new -$handlers.default = 0 -$handlers["hashfunction"] = 1 #process_hashfunction - -def process_file(fname) - fin = File.open(fname, "r") - $lang = "asm" - $lang = "C" if fname.match(/_c.txt$/) - begin - begin - if fin.eof() - return - end - lb = fin.readline() - end while !m=lb.match(/=== (.*) performance ===/) - name = m[1]; - lb = fin.readline() - m = lb.match(/type:[\s]*([\w]*)/) - type = m[1] - if $handlers[type] != 0 - # handlers[type](fin, name) - process_hashfunction(fin, name) - else - printf("ERROR: unsupported type: %s !\n", type) - end - end while(true) - fin.close() -end - -for i in (0..ARGV.size-1) - process_file(ARGV[i]) -end - - - - - - - diff --git a/host/shavs_test.rb b/host/shavs_test.rb deleted file mode 100644 index 896377b..0000000 --- a/host/shavs_test.rb +++ /dev/null @@ -1,155 +0,0 @@ -#!/usr/bin/ruby -# shavs_test.rb -=begin - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -=end - -$debug = true; -$debug = false; -require 'rubygems' -require 'serialport' - -def init_system -# sleep 1 - $sp.print("exit\r") - sleep 0.5 - $sp.print("exit\r") - sleep 0.5 - $sp.print("echo off \r") - print("DBG i: " + "echo off \r"+"\n") if $debug -# line = $sp.readlines() -# print("DBG 0.0: ") -# print(line) - sleep 1 - $sp.print("shavs_set #{$algo_select}\r") - print("DBG i: " + "shavs_set #{$algo_select} \r"+"\n") # if $debug -# line = $sp.readlines() -# print("DBG 0.1: ") -# print(line) - sleep 1 - $sp.print("shavs_test1 \r") - print("DBG i: " + "shavs_test1 \r"+"\n") if $debug -# line = $sp.readlines() -# print("DBG 0.2: ") -# print(line) -end - -def get_md - begin - line = $sp.gets() - line = "" if line==nil - puts("DBG got: "+line) if $debug && line!="" - end while not /[\s]*MD[\s]*=.*/.match(line) - return line -end - -def send_md(md_string) - sleep(0.15) - for i in 0..md_string.length-1 - $sp.print(md_string[i].chr) -# print("DBG s: "+ md_string[i].chr) if $debug - if(i%5==4) - sleep(0.15) - end - end -end - -def run_test(filename) - nerrors = 0 - line=1 - if not File.exist?(filename) - puts("ERROR file "+filename+" does not exist!") - end - pos = 0 - file = File.new(filename, "r"); - until file.eof - sleep(0.5) - begin - lb=file.gets() - end while not (file.eof or (/[\s]*Len[\s]*=.*/.match(lb))) - puts("DBG sending: "+lb) if $debug - return if file.eof - $sp.print(lb.strip) - $sp.print("\r") - begin - lb=file.gets() - end while not (file.eof or (/[\s]*Msg[\s]*=.*/.match(lb))) - return if file.eof - puts("DBG sending: "+lb) if $debug - send_md(lb.strip) - avr_md = get_md() - begin - lb=file.gets() - end while not /[\s]*MD[\s]*=.*/.match(lb) - a = (/[\s]*MD[\s]*=[\s]*([0-9a-fA-F]*).*/.match(lb))[1]; - b = (/[\s]*MD[\s]*=[\s]*([0-9a-fA-F]*).*/.match(avr_md))[1]; - a.upcase! - b.upcase! - printf("\n%4d (%4d): ", line, (line-1)*$linewidth) if (pos%$linewidth==0 and $linewidth!=0) - line += 1 if (pos%$linewidth==0 and $linewidth!=0) - sleep(1) - #putc((a==b)?'*':'!') - if(a==b) - putc('*') - else - putc('!') -# printf("\nshould: %s\ngot: %s\n",lb,avr_md) - nerrors += 1 - end - pos += 1 - end - return nerrors.to_i -end - -if ARGV.size < 6 - STDERR.print < ARGV[1].to_i, - "data_bits" => ARGV[2].to_i, - "stop_bits" => ARGV[3].to_i, - "parity" => SerialPort::NONE } -$sp = SerialPort.new(ARGV[0], $params) -#$sp = SerialPort.new(ARGV[0], ARGV[1].to_i, ARGV[2].to_i, ARGV[3].to_i, SerialPort::NONE); - -$sp.read_timeout=1000; # 5 minutes -$sp.flow_control = SerialPort::SOFT -$algo_select = ARGV[4] -#irb - -init_system() - -nerrors = 0 -for i in (5..(ARGV.size-1)) - nerrors = run_test(ARGV[i]) - if nerrors == 0 - puts("\n[ok]") - else - puts("\n[errors: "+ nerrors.to_s() +"]") - end -end - $sp.print("EXIT\r"); - -#exit(0); - - diff --git a/keccak/keccak.c b/keccak/keccak.c index e7d5279..3b43a5f 100644 --- a/keccak/keccak.c +++ b/keccak/keccak.c @@ -21,7 +21,7 @@ #include #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "rotate64.h" #include "keccak.h" diff --git a/keccak/memxor.S b/keccak/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/keccak/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/keccak/memxor.h b/keccak/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/keccak/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/memxor.S b/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/memxor.h b/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/memxor_c.c b/memxor_c.c deleted file mode 100644 index 7485b3e..0000000 --- a/memxor_c.c +++ /dev/null @@ -1,12 +0,0 @@ -#include - -#include "memxor.h" - -void memxor(void* dest, const void* src, uint16_t n){ - while(n--){ - *((uint8_t*)dest) ^= *((uint8_t*)src); - dest = (uint8_t*)dest +1; - src = (uint8_t*)src +1; - } -} - diff --git a/mkfiles/aes.mk b/mkfiles/aes.mk index ca4c587..8372906 100644 --- a/mkfiles/aes.mk +++ b/mkfiles/aes.mk @@ -5,6 +5,7 @@ ALGO_NAME := AES BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := aes/ +$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ bcal/ $(ALGO_NAME)_OBJ := aes_enc-asm.o aes_dec-asm.o aes_sbox-asm.o aes_invsbox-asm.o \ aes_keyschedule-asm.o $(ALGO_NAME)_TEST_BIN := main-aes-test.o $(CLI_STD) $(BCAL_STD) \ diff --git a/mkfiles/aes128.mk b/mkfiles/aes128.mk index 6afa9ab..32e109c 100644 --- a/mkfiles/aes128.mk +++ b/mkfiles/aes128.mk @@ -5,6 +5,7 @@ ALGO_NAME := AES128_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := aes/ +$(ALGO_NAME)_INCDIR := gf256mul/ bcal/ $(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \ aes_keyschedule.o gf256mul.o aes128_enc.o aes128_dec.o $(ALGO_NAME)_TEST_BIN := main-aes128-test.o $(CLI_STD) $(BCAL_STD) \ diff --git a/mkfiles/aes192.mk b/mkfiles/aes192.mk index 37b7d9b..b4f8eb4 100644 --- a/mkfiles/aes192.mk +++ b/mkfiles/aes192.mk @@ -5,6 +5,7 @@ ALGO_NAME := AES192_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := aes/ +$(ALGO_NAME)_INCDIR := gf256mul/ bcal/ $(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \ aes_keyschedule.o gf256mul.o aes192_enc.o aes192_dec.o $(ALGO_NAME)_TEST_BIN := main-aes192-test.o $(CLI_STD) $(BCAL_STD) \ diff --git a/mkfiles/aes256.mk b/mkfiles/aes256.mk index 3a77f42..608fdbc 100644 --- a/mkfiles/aes256.mk +++ b/mkfiles/aes256.mk @@ -5,6 +5,7 @@ ALGO_NAME := AES256_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := aes/ +$(ALGO_NAME)_INCDIR := gf256mul/ bcal/ $(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \ aes_keyschedule.o gf256mul.o aes256_enc.o aes256_dec.o $(ALGO_NAME)_TEST_BIN := main-aes256-test.o $(CLI_STD) $(BCAL_STD) \ diff --git a/mkfiles/aes_asm_faster.mk b/mkfiles/aes_asm_faster.mk index ee5c649..798fc40 100644 --- a/mkfiles/aes_asm_faster.mk +++ b/mkfiles/aes_asm_faster.mk @@ -6,6 +6,7 @@ BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := aes/ +$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ bcal/ $(ALGO_NAME)_OBJ := aes_enc-asm.o aes_dec-asm_faster.o aes_sbox-asm.o aes_invsbox-asm.o \ aes_keyschedule-asm.o $(ALGO_NAME)_TEST_BIN := main-aes-test.o $(CLI_STD) $(BCAL_STD) \ diff --git a/mkfiles/aes_c.mk b/mkfiles/aes_c.mk index a317624..d8a0c1d 100644 --- a/mkfiles/aes_c.mk +++ b/mkfiles/aes_c.mk @@ -6,6 +6,7 @@ BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := aes/ +$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ bcal/ $(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \ aes_keyschedule.o gf256mul.o \ aes128_enc.o aes128_dec.o aes192_enc.o aes192_dec.o \ diff --git a/mkfiles/base64.mk b/mkfiles/base64.mk index 013b7ee..ee7261d 100644 --- a/mkfiles/base64.mk +++ b/mkfiles/base64.mk @@ -5,6 +5,7 @@ ALGO_NAME := BASE64 ENCODINGS += $(ALGO_NAME) $(ALGO_NAME)_DIR := base64/ +$(ALGO_NAME)_INCDIR := memxor/ noekeon/ $(ALGO_NAME)_OBJ := base64_enc.o base64_dec.o $(ALGO_NAME)_TEST_BIN := main-base64-test.o $(CLI_STD) \ performance_test.o noekeon_asm.o noekeon_prng.o memxor.o diff --git a/mkfiles/bigint.mk b/mkfiles/bigint.mk index 7e3a4b7..58d42c4 100644 --- a/mkfiles/bigint.mk +++ b/mkfiles/bigint.mk @@ -5,6 +5,7 @@ ALGO_NAME := BIGINT AUX += $(ALGO_NAME) $(ALGO_NAME)_DIR := bigint/ +$(ALGO_NAME)_INCDIR := memxor/ noekeon/ $(ALGO_NAME)_OBJ := bigint.o bigint_io.o bigint_add_u.o $(ALGO_NAME)_TEST_BIN := main-bigint-test.o $(CLI_STD) \ performance_test.o noekeon_asm.o noekeon_prng.o memxor.o diff --git a/mkfiles/blake_c.mk b/mkfiles/blake_c.mk index c79b89b..f6feec6 100644 --- a/mkfiles/blake_c.mk +++ b/mkfiles/blake_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := BLAKE_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := blake/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ $(ALGO_NAME)_OBJ := blake_small.o blake_large.o blake_common.o memxor.o $(ALGO_NAME)_TEST_BIN := main-blake-test.o hfal_blake_small.o hfal_blake_large.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/bmw.mk b/mkfiles/bmw.mk index 3f5f6c7..621ff44 100644 --- a/mkfiles/bmw.mk +++ b/mkfiles/bmw.mk @@ -5,6 +5,7 @@ ALGO_NAME := BMW HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := bmw/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := bmw_small-asm.o bmw_large.o $(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/bmw_c.mk b/mkfiles/bmw_c.mk index 03a1e9e..839859b 100644 --- a/mkfiles/bmw_c.mk +++ b/mkfiles/bmw_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := BMW_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := bmw/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ $(ALGO_NAME)_OBJ := bmw_small.o bmw_large.o memxor.o $(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/bmw_tiny.mk b/mkfiles/bmw_tiny.mk index f38cee3..358771a 100644 --- a/mkfiles/bmw_tiny.mk +++ b/mkfiles/bmw_tiny.mk @@ -5,6 +5,7 @@ ALGO_NAME := BMW_TINY HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := bmw/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := bmw_small-tinyasm.o bmw_large.o $(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/bmw_tiny_sep.mk b/mkfiles/bmw_tiny_sep.mk index a4d83ee..5d67b0f 100644 --- a/mkfiles/bmw_tiny_sep.mk +++ b/mkfiles/bmw_tiny_sep.mk @@ -5,6 +5,7 @@ ALGO_NAME := BMW_TINY_SEPERATE HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := bmw/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := bmw_256-tinyasm.o bmw_224-tinyasm.o bmw_large.o $(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/camellia.mk b/mkfiles/camellia.mk index 988b29a..3dc953d 100644 --- a/mkfiles/camellia.mk +++ b/mkfiles/camellia.mk @@ -5,6 +5,7 @@ ALGO_NAME := CAMELLIA BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := camellia/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := camellia128-stub.o camellia-asm.o $(ALGO_NAME)_TEST_BIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \ bcal_camellia128.o diff --git a/mkfiles/camellia_c.mk b/mkfiles/camellia_c.mk index d754f0e..5195cb8 100644 --- a/mkfiles/camellia_c.mk +++ b/mkfiles/camellia_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := CAMELLIA_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := camellia/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := camellia_C.o $(ALGO_NAME)_TEST_BIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \ bcal_camellia128.o diff --git a/mkfiles/cast5.mk b/mkfiles/cast5.mk index a2e5fd7..1ee7a56 100644 --- a/mkfiles/cast5.mk +++ b/mkfiles/cast5.mk @@ -5,6 +5,7 @@ ALGO_NAME := CAST5 BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := cast5/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := cast5.o $(ALGO_NAME)_TEST_BIN := main-cast5-test.o bcal_cast5.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/cast6.mk b/mkfiles/cast6.mk index 6d035b5..e262c1d 100644 --- a/mkfiles/cast6.mk +++ b/mkfiles/cast6.mk @@ -5,6 +5,7 @@ ALGO_NAME := CAST6 BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := cast6/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := cast6.o $(ALGO_NAME)_TEST_BIN := main-cast6-test.o bcal_cast6.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/cubehash_c.mk b/mkfiles/cubehash_c.mk index 051ae16..a4059b0 100644 --- a/mkfiles/cubehash_c.mk +++ b/mkfiles/cubehash_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := CUBEHASH_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := cubehash/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ $(ALGO_NAME)_OBJ := cubehash.o cubehash_rotates.o memxor.o xchg.o $(ALGO_NAME)_TEST_BIN := main-cubehash-test.o hfal_cubehash.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/des.mk b/mkfiles/des.mk index ae283d3..9476bde 100644 --- a/mkfiles/des.mk +++ b/mkfiles/des.mk @@ -5,6 +5,7 @@ ALGO_NAME := DES BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := des/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := des.o $(ALGO_NAME)_TEST_BIN := main-des-test.o bcal_des.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/dsa.mk b/mkfiles/dsa.mk index b3b64c1..a689860 100644 --- a/mkfiles/dsa.mk +++ b/mkfiles/dsa.mk @@ -5,6 +5,7 @@ ALGO_NAME := DSA SIGNATURE += $(ALGO_NAME) $(ALGO_NAME)_DIR := dsa/ +$(ALGO_NAME)_INCDIR := memxor/ bigint/ sha1/ noekeon/ base64/ hfal/ $(ALGO_NAME)_OBJ := bigint.o bigint_io.o bigint_add_u.o sha1-asm.o dsa_sign.o dsa_verify.o dsa_key_blob.o base64_enc.o $(ALGO_NAME)_TEST_BIN := main-dsa-test.o $(CLI_STD) hfal_sha1.o $(HFAL_STD) \ noekeon_asm.o noekeon_prng.o memxor.o diff --git a/mkfiles/echo_c.mk b/mkfiles/echo_c.mk index fffc898..b551030 100644 --- a/mkfiles/echo_c.mk +++ b/mkfiles/echo_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := ECHO_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := echo/ +$(ALGO_NAME)_INCDIR := aes/ memxor/ gf256mul/ hfal/ $(ALGO_NAME)_OBJ := echo.o memxor.o aes_enc_round-asm.o aes_sbox-asm.o gf256mul.o $(ALGO_NAME)_TEST_BIN := main-echo-test.o hfal_echo.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/entropium.mk b/mkfiles/entropium.mk index e87b3de..6af24f6 100644 --- a/mkfiles/entropium.mk +++ b/mkfiles/entropium.mk @@ -5,6 +5,7 @@ ALGO_NAME := ENTROPIUM PRNGS += $(ALGO_NAME) $(ALGO_NAME)_DIR := entropium/ +$(ALGO_NAME)_INCDIR := sha256/ $(ALGO_NAME)_OBJ := entropium.o sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-entropium-test.o $(CLI_STD) performance_test.o diff --git a/mkfiles/groestl_c.mk b/mkfiles/groestl_c.mk index 7d63a0d..85e8dc5 100644 --- a/mkfiles/groestl_c.mk +++ b/mkfiles/groestl_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := GROESTL_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := groestl/ +$(ALGO_NAME)_INCDIR := aes/ memxor/ gf256mul/ hfal/ $(ALGO_NAME)_OBJ := groestl_small.o groestl_large.o memxor.o aes_sbox.o gf256mul.o $(ALGO_NAME)_TEST_BIN := hfal_groestl_large.o hfal_groestl_small.o main-groestl-test.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/hmac-md5.mk b/mkfiles/hmac-md5.mk index fd23627..87718dd 100644 --- a/mkfiles/hmac-md5.mk +++ b/mkfiles/hmac-md5.mk @@ -5,6 +5,7 @@ ALGO_NAME := HMAC-MD5 MACS += $(ALGO_NAME) $(ALGO_NAME)_DIR := hmac-md5/ +$(ALGO_NAME)_INCDIR := md5/ mfal/ $(ALGO_NAME)_OBJ := hmac-md5.o md5-asm.o $(ALGO_NAME)_TEST_BIN := main-hmac-md5-test.o $(CLI_STD) \ nessie_mac_test.o nessie_common.o diff --git a/mkfiles/hmac-sha1.mk b/mkfiles/hmac-sha1.mk index 40958a7..f482a2c 100644 --- a/mkfiles/hmac-sha1.mk +++ b/mkfiles/hmac-sha1.mk @@ -5,6 +5,7 @@ ALGO_NAME := HMAC-SHA1 MACS += $(ALGO_NAME) $(ALGO_NAME)_DIR := hmac-sha1/ +$(ALGO_NAME)_INCDIR := sha1/ $(ALGO_NAME)_OBJ := hmac-sha1.o sha1-asm.o $(ALGO_NAME)_TEST_BIN := main-hmac-sha1-test.o $(CLI_STD) \ nessie_mac_test.o nessie_common.o diff --git a/mkfiles/hmac-sha256.mk b/mkfiles/hmac-sha256.mk index 4b25ea9..661c406 100644 --- a/mkfiles/hmac-sha256.mk +++ b/mkfiles/hmac-sha256.mk @@ -5,6 +5,7 @@ ALGO_NAME := HMAC-SHA256 MACS += $(ALGO_NAME) $(ALGO_NAME)_DIR := hmac-sha256/ +$(ALGO_NAME)_INCDIR := sha256/ $(ALGO_NAME)_OBJ := hmac-sha256.o sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-hmac-sha256-test.o $(CLI_STD) \ nessie_mac_test.o nessie_common.o diff --git a/mkfiles/keccak_c.mk b/mkfiles/keccak_c.mk index 9a9c172..f97c293 100644 --- a/mkfiles/keccak_c.mk +++ b/mkfiles/keccak_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := KECCAK_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := keccak/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ $(ALGO_NAME)_OBJ := keccak.o memxor.o rotate64.o $(ALGO_NAME)_TEST_BIN := main-keccak-test.o hfal_keccak.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/md5.mk b/mkfiles/md5.mk index bebdaa3..56c29aa 100644 --- a/mkfiles/md5.mk +++ b/mkfiles/md5.mk @@ -5,6 +5,7 @@ ALGO_NAME := MD5 HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := md5/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := md5-asm.o $(ALGO_NAME)_TEST_BIN := main-md5-test.o hfal_md5.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/md5_c.mk b/mkfiles/md5_c.mk index d7421e7..60087ca 100644 --- a/mkfiles/md5_c.mk +++ b/mkfiles/md5_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := MD5_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := md5/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := md5.o $(ALGO_NAME)_TEST_BIN := main-md5-test.o hfal_md5.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/mqq160-sign_c.mk b/mkfiles/mqq160-sign_c.mk index 7b97083..23b4acd 100644 --- a/mkfiles/mqq160-sign_c.mk +++ b/mkfiles/mqq160-sign_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := MQQ160-SIGN_C SIGNATURE += $(ALGO_NAME) $(ALGO_NAME)_DIR := mqq-sign/ +$(ALGO_NAME)_INCDIR := memxor/ $(ALGO_NAME)_OBJ := mqq160-sign.o mqq160-sign_P.o mqq160-sign_testkey.o memxor.o $(ALGO_NAME)_TEST_BIN := main-mqq160-sign-test.o performance_test.o stack_measuring.o $(CLI_STD) $(ALGO_NAME)_NESSIE_TEST := test diff --git a/mkfiles/mugi.mk b/mkfiles/mugi.mk index 36f4a04..22f84d1 100644 --- a/mkfiles/mugi.mk +++ b/mkfiles/mugi.mk @@ -5,6 +5,7 @@ ALGO_NAME := MUGI_C STREAM_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := mugi/ +$(ALGO_NAME)_INCDIR := aes/ gf256mul/ $(ALGO_NAME)_OBJ := mugi.o gf256mul.o aes_sbox.o $(ALGO_NAME)_TEST_BIN := main-mugi-test.o $(CLI_STD) \ nessie_stream_test.o nessie_common.o \ diff --git a/mkfiles/noekeon.mk b/mkfiles/noekeon.mk index 6427479..36e376c 100644 --- a/mkfiles/noekeon.mk +++ b/mkfiles/noekeon.mk @@ -4,7 +4,8 @@ ALGO_NAME := NOEKEON # comment out the following line for removement of noekeon from the build process BLOCK_CIPHERS += $(ALGO_NAME) - +$(ALGO_NAME)_DIR := noekeon/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := noekeon_asm.o $(ALGO_NAME)_TEST_BIN := main-noekeon-test.o bcal_noekeon.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/noekeon_c.mk b/mkfiles/noekeon_c.mk index a106a05..c88853d 100644 --- a/mkfiles/noekeon_c.mk +++ b/mkfiles/noekeon_c.mk @@ -4,7 +4,8 @@ ALGO_NAME := NOEKEON_C # comment out the following line for removement of noekeon from the build process BLOCK_CIPHERS += $(ALGO_NAME) - +$(ALGO_NAME)_DIR := noekeon/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := noekeon.o $(ALGO_NAME)_TEST_BIN := main-noekeon-test.o bcal_noekeon.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/omac_noekeon.mk b/mkfiles/omac_noekeon.mk index 5c8ba7c..5365b91 100644 --- a/mkfiles/omac_noekeon.mk +++ b/mkfiles/omac_noekeon.mk @@ -4,7 +4,8 @@ ALGO_NAME := OMAC_NOEKEON # comment out the following line for removement of noekeon from the build process MACS += $(ALGO_NAME) - +$(ALGO_NAME)_DIR := noekeon/ +$(ALGO_NAME)_INCDIR := memxor/ mfal/ $(ALGO_NAME)_OBJ := noekeon_asm.o omac_noekeon.o memxor.o $(ALGO_NAME)_TEST_BIN := main-omac-noekeon-test.o $(CLI_STD) \ nessie_mac_test.o nessie_common.o performance_test.o diff --git a/mkfiles/omac_noekeon_c.mk b/mkfiles/omac_noekeon_c.mk index 4346d33..d1960cf 100644 --- a/mkfiles/omac_noekeon_c.mk +++ b/mkfiles/omac_noekeon_c.mk @@ -4,7 +4,8 @@ ALGO_NAME := OMAC_NOEKEON_C # comment out the following line for removement of noekeon from the build process MACS += $(ALGO_NAME) - +$(ALGO_NAME)_DIR := noekeon/ +$(ALGO_NAME)_INCDIR := memxor/ mfal/ $(ALGO_NAME)_OBJ := noekeon_asm.o omac_noekeon_C.o memxor.o $(ALGO_NAME)_TEST_BIN := main-omac-noekeon-test.o $(CLI_STD) \ nessie_mac_test.o nessie_common.o performance_test.o diff --git a/mkfiles/present.mk b/mkfiles/present.mk index 3fd2d91..7c62345 100644 --- a/mkfiles/present.mk +++ b/mkfiles/present.mk @@ -5,6 +5,7 @@ ALGO_NAME := PRESENT BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := present/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := present.o $(ALGO_NAME)_TEST_BIN := main-present-test.o bcal_present.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/rc5.mk b/mkfiles/rc5.mk index fe006e3..0e986ef 100644 --- a/mkfiles/rc5.mk +++ b/mkfiles/rc5.mk @@ -5,6 +5,7 @@ ALGO_NAME := RC5 BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := rc5/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := rc5.o $(ALGO_NAME)_TEST_BIN := main-rc5-test.o bcal_rc5.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/rc6.mk b/mkfiles/rc6.mk index 75742c1..df56ef0 100644 --- a/mkfiles/rc6.mk +++ b/mkfiles/rc6.mk @@ -5,6 +5,7 @@ ALGO_NAME := RC6 BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := rc6/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := rc6.o $(ALGO_NAME)_TEST_BIN := main-rc6-test.o bcal_rc6.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/seed.mk b/mkfiles/seed.mk index 7d532d1..f3c3034 100644 --- a/mkfiles/seed.mk +++ b/mkfiles/seed.mk @@ -5,6 +5,7 @@ ALGO_NAME := SEED BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := seed/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := seed-asm.o $(ALGO_NAME)_TEST_BIN := main-seed-test.o bcal_seed.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/seed_C.mk b/mkfiles/seed_C.mk index 2bd3802..c83900a 100644 --- a/mkfiles/seed_C.mk +++ b/mkfiles/seed_C.mk @@ -5,6 +5,7 @@ ALGO_NAME := SEED_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := seed/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := seed_C.o $(ALGO_NAME)_TEST_BIN := main-seed-test.o bcal_seed.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/serpent-bitslice.mk b/mkfiles/serpent-bitslice.mk index 500de49..d49cdb6 100644 --- a/mkfiles/serpent-bitslice.mk +++ b/mkfiles/serpent-bitslice.mk @@ -5,6 +5,7 @@ ALGO_NAME := SERPENT_BITSLICE BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := serpent/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-bitslice-asm.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/serpent_asm_bitslice.mk b/mkfiles/serpent_asm_bitslice.mk index a36fe02..b4ffa80 100644 --- a/mkfiles/serpent_asm_bitslice.mk +++ b/mkfiles/serpent_asm_bitslice.mk @@ -5,6 +5,7 @@ ALGO_NAME := SERPENT_ASM_BITSLICE BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := serpent/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := serpent-sboxes-bitslice-asm.o serpent-asm.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/serpent_asm_fast.mk b/mkfiles/serpent_asm_fast.mk index d0dbc5c..5c4b984 100644 --- a/mkfiles/serpent_asm_fast.mk +++ b/mkfiles/serpent_asm_fast.mk @@ -5,6 +5,7 @@ ALGO_NAME := SERPENT_ASM_FAST BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := serpent/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-fast.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/serpent_asm_small.mk b/mkfiles/serpent_asm_small.mk index 61854eb..e29c4c9 100644 --- a/mkfiles/serpent_asm_small.mk +++ b/mkfiles/serpent_asm_small.mk @@ -5,6 +5,7 @@ ALGO_NAME := SERPENT_ASM_SMALL BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := serpent/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-small.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/serpent_c.mk b/mkfiles/serpent_c.mk index 1f912dc..378ecca 100644 --- a/mkfiles/serpent_c.mk +++ b/mkfiles/serpent_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := SERPENT_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := serpent/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := serpent.o serpent-sboxes_c.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/sha1.mk b/mkfiles/sha1.mk index c986aeb..5dda518 100644 --- a/mkfiles/sha1.mk +++ b/mkfiles/sha1.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHA1 HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := sha1/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := sha1-asm.o $(ALGO_NAME)_TEST_BIN := main-sha1-test.o hfal_sha1.o $(CLI_STD) $(HFAL_STD) dump-decl.o dump-asm.o $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/sha1_c.mk b/mkfiles/sha1_c.mk index 6998cbc..8caf85f 100644 --- a/mkfiles/sha1_c.mk +++ b/mkfiles/sha1_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHA1_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := sha1/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := sha1.o $(ALGO_NAME)_TEST_BIN := main-sha1-test.o hfal_sha1.o dump-asm.o dump-decl.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/sha256.mk b/mkfiles/sha256.mk index 9e56ed6..5076174 100644 --- a/mkfiles/sha256.mk +++ b/mkfiles/sha256.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHA256 HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := sha256/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-sha256-test.o dump-asm.o dump-decl.o hfal_sha256.o $(CLI_STD) $(HFAL_STD) diff --git a/mkfiles/sha256_c.mk b/mkfiles/sha256_c.mk index 6c58677..fdb92a3 100644 --- a/mkfiles/sha256_c.mk +++ b/mkfiles/sha256_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHA256_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := sha256/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := sha256.o $(ALGO_NAME)_TEST_BIN := main-sha256-test.o $(CLI_STD) $(HFAL_STD) hfal_sha256.o dump-asm.o dump-decl.o $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/shabal.mk b/mkfiles/shabal.mk index 853b88b..ea0f7dc 100644 --- a/mkfiles/shabal.mk +++ b/mkfiles/shabal.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHABAL HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := shabal/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := shabal-asm.o shabal192-asm.o shabal224-asm.o \ shabal256-asm.o shabal384-asm.o shabal512-asm.o $(ALGO_NAME)_TEST_BIN := main-shabal-test.o hfal_shabal.o $(CLI_STD) $(HFAL_STD) diff --git a/mkfiles/shabal_c.mk b/mkfiles/shabal_c.mk index d55c033..6b0ff0a 100644 --- a/mkfiles/shabal_c.mk +++ b/mkfiles/shabal_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHABAL_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := shabal/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := shabal.o shabal192.o shabal224.o shabal256.o shabal384.o shabal512.o $(ALGO_NAME)_TEST_BIN := main-shabal-test.o hfal_shabal.o $(CLI_STD) $(HFAL_STD) $(ALGO_NAME)_NESSIE_TEST := test nessie diff --git a/mkfiles/shabea.mk b/mkfiles/shabea.mk index 3d11cea..0b50d44 100644 --- a/mkfiles/shabea.mk +++ b/mkfiles/shabea.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHABEA BLOCK_CIPHERS_DONTUSE += $(ALGO_NAME) $(ALGO_NAME)_DIR := shabea/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := shabea.o sha256-asm.o memxor.o $(ALGO_NAME)_TEST_BIN := main-shabea-test.o $(CLI_STD) \ nessie_bc_test.o nessie_common.o performance_test.o diff --git a/mkfiles/shacal1enc.mk b/mkfiles/shacal1enc.mk index 3003638..8f968c9 100644 --- a/mkfiles/shacal1enc.mk +++ b/mkfiles/shacal1enc.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHACAL1ENC BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := shacal1/ +$(ALGO_NAME)_INCDIR := sha1/ bcal/ $(ALGO_NAME)_OBJ := shacal1_enc.o sha1-asm.o $(ALGO_NAME)_TEST_BIN := main-shacal1_enc-test.o $(CLI_STD) \ nessie_bc_test.o nessie_common.o performance_test.o diff --git a/mkfiles/shacal2enc.mk b/mkfiles/shacal2enc.mk index d5f0d9d..bbcedd1 100644 --- a/mkfiles/shacal2enc.mk +++ b/mkfiles/shacal2enc.mk @@ -5,6 +5,7 @@ ALGO_NAME := SHACAL2ENC BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := shacal2/ +$(ALGO_NAME)_INCDIR := sha256/ bcal/ $(ALGO_NAME)_OBJ := shacal2_enc.o sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-shacal2_enc-test.o $(CLI_STD) \ nessie_bc_test.o nessie_common.o performance_test.o diff --git a/mkfiles/skein.mk b/mkfiles/skein.mk index 123e6a0..a481bd0 100644 --- a/mkfiles/skein.mk +++ b/mkfiles/skein.mk @@ -5,6 +5,7 @@ ALGO_NAME := SKEIN HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := skein/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := threefish_mix.o \ threefish256_enc_asm.o ubi256_asm.o skein256_asm.o \ threefish512_enc_asm.o ubi512_asm.o skein512_asm.o \ diff --git a/mkfiles/skein_c.mk b/mkfiles/skein_c.mk index 676a024..4dc892f 100644 --- a/mkfiles/skein_c.mk +++ b/mkfiles/skein_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := SKEIN_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := skein/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ $(ALGO_NAME)_OBJ := threefish256_enc.o threefish512_enc.o threefish1024_enc.o threefish_mix_c.o\ ubi256.o ubi512.o ubi1024.o memxor.o skein256.o skein512.o skein1024.o $(ALGO_NAME)_TEST_BIN := main-skein-test.o hfal_skein256.o hfal_skein512.o hfal_skein1024.o $(CLI_STD) $(HFAL_STD) diff --git a/mkfiles/skipjack.mk b/mkfiles/skipjack.mk index 94d0195..9be9aba 100644 --- a/mkfiles/skipjack.mk +++ b/mkfiles/skipjack.mk @@ -5,6 +5,7 @@ ALGO_NAME := SKIPJACK BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := skipjack/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := skipjack.o $(ALGO_NAME)_TEST_BIN := main-skipjack-test.o bcal_skipjack.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/tdes.mk b/mkfiles/tdes.mk index c893bfc..54fc5af 100644 --- a/mkfiles/tdes.mk +++ b/mkfiles/tdes.mk @@ -5,6 +5,7 @@ ALGO_NAME := TDES BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := des/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := des.o $(ALGO_NAME)_TEST_BIN := main-tdes-test.o bcal_tdes.o bcal_tdes2.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/threefish.mk b/mkfiles/threefish.mk index f38cad1..9364b6d 100644 --- a/mkfiles/threefish.mk +++ b/mkfiles/threefish.mk @@ -5,6 +5,7 @@ ALGO_NAME := THREEFISH BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := skein/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := threefish256_enc_asm.o threefish512_enc_asm.o threefish1024_enc_asm.o\ threefish_mix.o threefish_invmix.o \ threefish256_dec_asm.o threefish512_dec_asm.o threefish1024_dec_asm.o diff --git a/mkfiles/threefish_C.mk b/mkfiles/threefish_C.mk index 8f0ab70..97145e5 100644 --- a/mkfiles/threefish_C.mk +++ b/mkfiles/threefish_C.mk @@ -5,6 +5,7 @@ ALGO_NAME := THREEFISH_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := skein/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := threefish256_enc.o threefish512_enc.o threefish1024_enc.o threefish_mix_c.o \ threefish_invmix_c.o threefish256_dec.o threefish512_dec.o threefish1024_dec.o $(ALGO_NAME)_TEST_BIN := main-threefish-test.o bcal_threefish256.o bcal_threefish512.o bcal_threefish1024.o $(CLI_STD) $(BCAL_STD) diff --git a/mkfiles/threefish_small.mk b/mkfiles/threefish_small.mk index bdb0438..c8b32b2 100644 --- a/mkfiles/threefish_small.mk +++ b/mkfiles/threefish_small.mk @@ -5,6 +5,7 @@ ALGO_NAME := THREEFISH_SMALL BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := skein/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := threefish256_enc_small.o threefish512_enc.o threefish1024_enc.o\ threefish_mix.o threefish_mix_4c.o threefish_invmix_c.o \ threefish256_dec.o threefish512_dec.o threefish1024_dec.o diff --git a/mkfiles/twister.mk b/mkfiles/twister.mk index 758f33c..ad1acd9 100644 --- a/mkfiles/twister.mk +++ b/mkfiles/twister.mk @@ -5,6 +5,7 @@ ALGO_NAME := TWISTER HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := twister/ +$(ALGO_NAME)_INCDIR := hfal/ $(ALGO_NAME)_OBJ := twister-small-asm.o twister-large-asm.o twister-asm.o \ twister224.o twister256.o twister384.o twister512.o $(ALGO_NAME)_TEST_BIN := main-twister-test.o hfal_twister224.o hfal_twister256.o \ diff --git a/mkfiles/twister_c.mk b/mkfiles/twister_c.mk index eb62653..b9aa097 100644 --- a/mkfiles/twister_c.mk +++ b/mkfiles/twister_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := TWISTER_C HASHES += $(ALGO_NAME) $(ALGO_NAME)_DIR := twister/ +$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ hfal/ $(ALGO_NAME)_OBJ := twister.o twister-small.o twister-large.o memxor.o gf256mul.o $(ALGO_NAME)_TEST_BIN := main-twister-test.o hfal_twister224.o hfal_twister256.o \ hfal_twister384.o hfal_twister512.o $(CLI_STD) $(HFAL_STD) diff --git a/mkfiles/ubi.mk b/mkfiles/ubi.mk index 80a94e0..d427d89 100644 --- a/mkfiles/ubi.mk +++ b/mkfiles/ubi.mk @@ -5,6 +5,7 @@ ALGO_NAME := UBI AUX += $(ALGO_NAME) $(ALGO_NAME)_DIR := skein/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := threefish_mix.o threefish256_enc_asm.o ubi256_asm.o \ threefish512_enc_asm.o ubi512_asm.o threefish1024_enc_asm.o \ ubi1024_asm.o memxor.o diff --git a/mkfiles/ubi_c.mk b/mkfiles/ubi_c.mk index d3ad307..85c5c7d 100644 --- a/mkfiles/ubi_c.mk +++ b/mkfiles/ubi_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := UBI_C AUX += $(ALGO_NAME) $(ALGO_NAME)_DIR := skein/ +$(ALGO_NAME)_INCDIR := memxor/ bcal/ $(ALGO_NAME)_OBJ := threefish256_enc.o threefish512_enc.o threefish1024_enc.o threefish_mix_c.o\ ubi256.o ubi512.o ubi1024.o memxor.o $(ALGO_NAME)_TEST_BIN := main-ubi-test.o $(CLI_STD) \ diff --git a/mkfiles/xtea.mk b/mkfiles/xtea.mk index 9b61ba8..ae244c3 100644 --- a/mkfiles/xtea.mk +++ b/mkfiles/xtea.mk @@ -5,6 +5,7 @@ ALGO_NAME := XTEA BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := xtea/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := xtea-asm.o $(ALGO_NAME)_TEST_BIN := main-xtea-test.o bcal_xtea.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mkfiles/xtea_c.mk b/mkfiles/xtea_c.mk index 4f89a4e..3a3a27d 100644 --- a/mkfiles/xtea_c.mk +++ b/mkfiles/xtea_c.mk @@ -5,6 +5,7 @@ ALGO_NAME := XTEA_C BLOCK_CIPHERS += $(ALGO_NAME) $(ALGO_NAME)_DIR := xtea/ +$(ALGO_NAME)_INCDIR := bcal/ $(ALGO_NAME)_OBJ := xtea.o $(ALGO_NAME)_TEST_BIN := main-xtea-test.o bcal_xtea.o $(CLI_STD) $(BCAL_STD) $(ALGO_NAME)_NESSIE_TEST := "nessie" diff --git a/mqq-sign/memxor.S b/mqq-sign/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/mqq-sign/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/mqq-sign/memxor.h b/mqq-sign/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/mqq-sign/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/mqq-sign/mqq160-sign.c b/mqq-sign/mqq160-sign.c index 2843f7b..e49f53a 100644 --- a/mqq-sign/mqq160-sign.c +++ b/mqq-sign/mqq160-sign.c @@ -18,7 +18,7 @@ #include #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "mqq160-sign.h" #include "cli.h" diff --git a/mqq-sign/mqq160-sign_P-stub.c b/mqq-sign/mqq160-sign_P-stub.c index d8c889f..f564e0d 100644 --- a/mqq-sign/mqq160-sign_P-stub.c +++ b/mqq-sign/mqq160-sign_P-stub.c @@ -31,7 +31,7 @@ #include #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "mqq160-sign.h" /* diff --git a/mqq-sign/mqq160-sign_P.c b/mqq-sign/mqq160-sign_P.c index 82c90ea..914a338 100644 --- a/mqq-sign/mqq160-sign_P.c +++ b/mqq-sign/mqq160-sign_P.c @@ -31,7 +31,7 @@ #include #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "mqq160-sign.h" static uint8_t mod20_table[32] PROGMEM = { diff --git a/mugi/aes_sbox.c b/mugi/aes_sbox.c deleted file mode 100644 index 85b08de..0000000 --- a/mugi/aes_sbox.c +++ /dev/null @@ -1,23 +0,0 @@ -/* aes sbox */ - -#include -#include -uint8_t aes_sbox[256] PROGMEM = { - 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -}; - diff --git a/mugi/aes_sbox.h b/mugi/aes_sbox.h deleted file mode 100644 index 5bc03b7..0000000 --- a/mugi/aes_sbox.h +++ /dev/null @@ -1,33 +0,0 @@ -/* aes_sbox.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file aes_sbox.h - * \email daniel.otte@rub.de - * \author Daniel Otte - * \date 2008-12-30 - * \license GPLv3 or later - * - */ -#ifndef AES_SBOX_H_ -#define AES_SBOX_H_ -#include - -extern uint8_t aes_sbox[]; - -#endif diff --git a/mugi/gf256mul.S b/mugi/gf256mul.S deleted file mode 100644 index b269d3a..0000000 --- a/mugi/gf256mul.S +++ /dev/null @@ -1,82 +0,0 @@ -/* gf256mul.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: gf256mul.S - * Author: Daniel Otte - * Date: 2008-12-19 - * License: GPLv3 or later - * Description: peasant's algorithm for multiplication in GF(2^8) - * - */ - -#include -#define OPTIMIZE_SMALL_A - -/* - * param a: r24 - * param b: r22 - * param reducer: r20 - */ -A = 23 -B = 22 -P = 24 -.global gf256mul - -#ifdef OPTIMIZE_SMALL_A -gf256mul: - mov A, r24 - clr r24 -1: - lsr A - breq 4f - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - rjmp 1b -4: - brcc 2f - eor P, B -2: - ret - -#else - -gf256mul: - mov r21, r24 - clr r24 - ldi r25, 8 -1: - lsr A - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - dec r25 - brne 1b - ret - -#endif diff --git a/mugi/gf256mul.h b/mugi/gf256mul.h deleted file mode 100644 index 87f1cb3..0000000 --- a/mugi/gf256mul.h +++ /dev/null @@ -1,37 +0,0 @@ -/* gf256mul.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef GF256MUL_H_ -#define GF256MUL_H_ - -/** - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-12-19 - * \license GPLv3 - * \brief - * - * - */ - -#include - -uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); - -#endif /* GF256MUL_H_ */ - diff --git a/mugi/mugi.c b/mugi/mugi.c index d196c6e..87adc01 100644 --- a/mugi/mugi.c +++ b/mugi/mugi.c @@ -29,9 +29,9 @@ #include #include #include -#include "aes_sbox.h" +#include "aes/aes_sbox.h" #include "mugi.h" -#include "gf256mul.h" +#include "gf256mul/gf256mul.h" /* #include "test_src/cli.h" / * only for debugging * / diff --git a/noekeon.c b/noekeon.c deleted file mode 100644 index f48d1e6..0000000 --- a/noekeon.c +++ /dev/null @@ -1,199 +0,0 @@ -/* noekeon.c */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * author: Daniel Otte - * email: daniel.otte@rub.de - * license: GPLv3 or later - * - * - * - */ - -#include -#include - -#ifdef __AVR__ - #include -#endif -#include "noekeon.h" -// #include "cli.h" - -#define ROUND_NR 16 - -#define RC_POS 0 - -static -void gamma(uint32_t* a){ - uint32_t tmp; - - a[1] ^= ~((a[3]) | (a[2])); - a[0] ^= a[2] & a[1]; - - tmp=a[3]; a[3]=a[0]; a[0]=tmp; - a[2] ^= a[0] ^ a[1] ^ a[3]; - - a[1] ^= ~((a[3]) | (a[2])); - a[0] ^= a[2] & a[1]; -} - -#define ROTL32(a,n) (((a)<>(32-n))) -#define ROTR32(a,n) (((a)>>n)|((a)<<(32-n))) - -static -void pi1(uint32_t* a){ - a[1] = ROTL32(a[1], 1); - a[2] = ROTL32(a[2], 5); - a[3] = ROTL32(a[3], 2); -} - -static -void pi2(uint32_t* a){ - a[1] = ROTR32(a[1], 1); - a[2] = ROTR32(a[2], 5); - a[3] = ROTR32(a[3], 2); -} - -static -void theta(const uint32_t* k, uint32_t* a){ - uint32_t temp; - - temp = a[0] ^ a[2]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8); - a[1] ^= temp; - a[3] ^= temp; - - a[0] ^= k[0]; - a[1] ^= k[1]; - a[2] ^= k[2]; - a[3] ^= k[3]; - - temp = a[1] ^ a[3]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8); - a[0] ^= temp; - a[2] ^= temp; - -} - -static -void noekeon_round(uint32_t* key, uint32_t* state, uint8_t const1, uint8_t const2){ - ((uint8_t*)state)[RC_POS] ^= const1; - theta(key, state); - ((uint8_t*)state)[RC_POS] ^= const2; - pi1(state); - gamma(state); - pi2(state); -} - -uint8_t rc_tab[] -#ifdef __AVR__ - PROGMEM -#endif - = { -/* 0x80, */ - 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, - 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, - 0xD4 -}; -/* for more rounds - 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, - 0x72, 0xE4, 0xD3, 0xBD, 0x61, 0xC2, 0x9F, 0x25, -*/ - -static -void changendian32(void* a){ - ((uint8_t*)a)[0] ^= ((uint8_t*)a)[3]; - ((uint8_t*)a)[3] ^= ((uint8_t*)a)[0]; - ((uint8_t*)a)[0] ^= ((uint8_t*)a)[3]; - - ((uint8_t*)a)[1] ^= ((uint8_t*)a)[2]; - ((uint8_t*)a)[2] ^= ((uint8_t*)a)[1]; - ((uint8_t*)a)[1] ^= ((uint8_t*)a)[2]; -} - -static -void changendian(void* a){ - changendian32((uint32_t*)(&(((uint32_t*)a)[0]))); - changendian32((uint32_t*)(&(((uint32_t*)a)[1]))); - changendian32((uint32_t*)(&(((uint32_t*)a)[2]))); - changendian32((uint32_t*)(&(((uint32_t*)a)[3]))); -} - -/******************************************************************************/ - -void noekeon_enc(void* buffer, const void* key){ - uint8_t rc=0x80; - uint8_t keyb[16]; - int8_t i; - - memcpy(keyb, key, 16); - changendian(buffer); - changendian(keyb); - - for(i=0; i=0; --i){ -#ifdef __AVR__ - rc = pgm_read_byte(rc_tab+i); -#else - rc = rc_tab[i]; -#endif - noekeon_round((uint32_t*)dkey, (uint32_t*)buffer, 0, rc); - } - theta((uint32_t*)dkey, (uint32_t*)buffer); - ((uint8_t*)buffer)[RC_POS] ^= 0x80; - - changendian(buffer); -} - -void noekeon_init(const void* key, noekeon_ctx_t* ctx){ - uint8_t nullv[16]; - - memset(nullv, 0, 16); - memcpy(ctx, key, 16); - noekeon_enc(ctx, nullv); -} - diff --git a/noekeon.h b/noekeon.h deleted file mode 100644 index 9c046f3..0000000 --- a/noekeon.h +++ /dev/null @@ -1,85 +0,0 @@ -/* noekeon.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef NOEKEON_H_ -#define NOEKEON_H_ - -/** - * \file noekeon.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-04-11 - * \license GPLv3 or later - * \brief Implementation of the Noekeon block cipher - * \ingroup Noekeon - * This is an implementation of the Noekeon block cipher. - * For more details on Noekeon see http://gro.noekeon.org/ - */ - -#include - -/** \typedef noekeon_ctx_t - * \brief holds key data for indirect mode - * - * A variable of this type may hold the key data for the indirect mode. - * For direct mode simply pass the key directly to the encryption or - * decryption function. - */ -typedef uint8_t noekeon_ctx_t[16]; - -/** \fn void noekeon_enc(void* buffer, const void* key) - * \brief noekeon encrytion funtion - * - * This function encrypts a block (64 bit = 8 byte) with the noekeon encrytion - * algorithm. Due to the two modes of noekeon (direct mode and indirect mode) - * the second parameter either points directly to the key (direct mode) or to a - * context generated by the noekeon_init() function (indirect mode). - * \param buffer pointer to the 64 bit (8 byte) block to encrypt - * \param key pointer to either the key (128 bit = 16 byte; direct mode) or - * to the context (indirect mode) - */ -void noekeon_enc(void* buffer, const void* key); - -/** \fn void noekeon_dec(void* buffer, const void* key) - * \brief noekeon encrytion funtion - * - * This function decrypts a block (64 bit = 8 byte) encrypted with the noekeon - * encrytion algorithm. Due to the two modes of noekeon (direct mode and - * indirect mode) the second parameter either points directly to the key - * (direct mode) or to a context generated by the noekeon_init() function - * (indirect mode). - * \param buffer pointer to the 64 bit (8 byte) block to decrypt - * \param key pointer to either the key (128 bit = 16 byte; direct mode) or - * to the context (indirect mode) - */ -void noekeon_dec(void* buffer, const void* key); - - -/** \fn void noekeon_init(const void* key, noekeon_ctx_t* ctx) - * \brief noekeon context generation function for indirect mode - * - * This function generates a context from the supplied key for using - * noekeon in indirect mode. For using noekeon in direct mode supply the key - * direct to the noekeon_enc() and noekeon_dec() functions. - * \param key pointer to the key (128 bit = 16 byte) - * \param ctx pointer to the context to fill with key material - * to the context (indirect mode) - */ -void noekeon_init(const void* key, noekeon_ctx_t* ctx); - -#endif /*NOEKEON_H_*/ diff --git a/noekeon_asm.S b/noekeon_asm.S deleted file mode 100644 index b0a2a16..0000000 --- a/noekeon_asm.S +++ /dev/null @@ -1,641 +0,0 @@ -/* noekeon_asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * noekeon assembler implementation for avr - * author: Daniel Otte - * email: daniel.otte@rub.de - * license: GPLv3 - */ - -#include - -.macro push_all - push r2 - push r3 - push r4 - push r5 - push r6 - push r7 - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 -.endm - -.macro pop_all - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - pop r7 - pop r6 - pop r5 - pop r4 - pop r3 - pop r2 - clr r1 -.endm - -push_all_func: - pop r31 - pop r30 - push_all - ijmp - -pop_all_func: - pop r31 - pop r30 - pop_all - ijmp - -.macro xchg a b - eor \a, \b - eor \b, \a - eor \a, \b -.endm - -.macro op32 op a b - \op \a\()_0, \b\()_0 - \op \a\()_1, \b\()_1 - \op \a\()_2, \b\()_2 - \op \a\()_3, \b\()_3 -.endm - - -.macro op32_4t op a b c d w x y z - \op \a, \w - \op \b, \x - \op \c, \y - \op \d, \z -.endm - - -.macro op32_prefix op p q a b c d w x y z - \op \p\()\a, \q\()\w - \op \p\()\b, \q\()\x - \op \p\()\c, \q\()\y - \op \p\()\d, \q\()\z -.endm - -; === bigendian_rotl32 === -; this function rotates a 32bit bigendian word n bits to the left -; param1: the 32-bit value -; given in r25,r24,r23,r22 (r22 is most significant) -; param2: the 8-bit parameter giving the number of bits to rotate -; given in r20 -; return: the rotatet 32-bit word -; given in r25,r24,r23,r22 - -bigendian_rotl32: - /* copy high bit of r22 to carry */ - mov r1, r22 -2: - rol r1 - - rol r25 - rol r24 - rol r23 - rol r22 - - dec r20 - brne 2b -bigendian_rotl32_exit: - clr r1 - ret - - -/******************************************************************************/ - -; === bigendian_rotl32 === -; this function rotates a 32bit bigendian word n bits to the right -; param1: the 32-bit value -; given in r25,r24,r23,r22 (r22 is most significant) -; param2: the 8-bit parameter giving the number of bits to rotate -; given in r20 -; return: the rotatet 32-bit word -; given in r25,r24,r23,r22 - -bigendian_rotr32: - /* copy high bit of r25 to carry */ - - mov r1, r25 -2: - ror r1 - - ror r22 - ror r23 - ror r24 - ror r25 - dec r20 - brne 2b -bigendian_rotr32_exit: - clr r1 - ret - -/******************************************************************************/ -/* -void theta(uint32_t* k, uint32_t* a){ - uint32_t temp; - temp = a[0] ^ a[2]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8); - a[1] ^= temp; - a[3] ^= temp; - - a[0] ^= k[0]; - a[1] ^= k[1]; - a[2] ^= k[2]; - a[3] ^= k[3]; - - temp = a[1] ^ a[3]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8); - a[0] ^= temp; - a[2] ^= temp; -} -*/ - -round_const: .byte 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, \ - 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, \ - 0xD4 - -;-- a[0] -state0_0 = 2 -state0_1 = 3 -state0_2 = 4 -state0_3 = 5 -;-- a[1] -state1_0 = 6 -state1_1 = 7 -state1_2 = 8 -state1_3 = 9 -;-- a[2] -state2_0 = 10 -state2_1 = 11 -state2_2 = 12 -state2_3 = 13 -;-- a[3] -state3_0 = 14 -state3_1 = 15 -state3_2 = 16 -state3_3 = 17 - -; === theta === -; -; param1: the state in r2-r17 -; param2: pointer to k in X (r26,r27) -; -temp_a = 18 -temp_b = 19 -temp_c = 20 -temp_d = 21 - -theta: - /* temp = a[0] ^ a[2]; temp ^= temp>>>8 ^ temp<<<8 */ - op32_prefix mov, temp_, state0_, a,b,c,d, 0,1,2,3 - op32_prefix eor, temp_, state2_, a,b,c,d, 0,1,2,3 - - mov r1, temp_a - eor r1, temp_b - eor r1, temp_c - eor r1, temp_d - - op32_prefix eor, temp_, r, a,b,c,d, 1,1,1,1 - - /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */ - /* a[1] ^= temp */ - eor state1_0, temp_c - eor state1_1, temp_d - eor state1_2, temp_a - eor state1_3, temp_b - /* a[3] ^= temp */ - eor state3_0, temp_c - eor state3_1, temp_d - eor state3_2, temp_a - eor state3_3, temp_b - - /* state ^ k (X points to K) */ - ldi r28, 2 - clr r29 /* Y points to r2 aka state0_0 */ - ldi temp_a, 16 -1: - ld r1, X+ - ld r0, Y - eor r1, r0 - st Y+, r1 - dec temp_a - brne 1b - sbiw r26, 16 /* set X back to key */ - - mov temp_a, state1_0 - mov temp_b, state1_1 - mov temp_c, state1_2 - mov temp_d, state1_3 - eor temp_a, state3_0 - eor temp_b, state3_1 - eor temp_c, state3_2 - eor temp_d, state3_3 - mov r1, temp_a - eor r1, temp_b - eor r1, temp_c - eor r1, temp_d - eor temp_a, r1 - eor temp_b, r1 - eor temp_c, r1 - eor temp_d, r1 - /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */ - /* a[0] ^= temp */ - eor state0_0, temp_c - eor state0_1, temp_d - eor state0_2, temp_a - eor state0_3, temp_b - /* a[2] ^= temp */ - eor state2_0, temp_c - eor state2_1, temp_d - eor state2_2, temp_a - eor state2_3, temp_b - - clr r1 - ret - -/******************************************************************************/ -#ifndef NOEKEON_NO_ENC -; === noekeon_enc === -; -; param1: pointer to buffer (r24,r25) -; param2: pointer to k (r22,r23) -; -.global noekeon_enc -noekeon_enc: - rcall push_all_func - /* load state */ - movw r26, r22 - ldi r28, 2 - clr r29 /* Y points at r2 aka state0_0 */ - movw r30, r24 /* Z points at state */ - push r30 - push r31 - ldi r22, 16 - push r22 /* 16 is also the number of rounds and gets pushed here */ -1: - ld r0, Z+ - st Y+, r0 - dec r22 - brne 1b - /* state loaded */ - push r1 /* push round constan2 (0x00) */ - ldi r20, 0x80 - push r20 /* push round constan2 (0x00) */ - rjmp 3f -2: - ldi r30, lo8(round_const+15) - ldi r31, hi8(round_const+15) - sub r30, r22 - sbci r31, 0 - clr r1 - push r1 - lpm r0, Z - push r0 -3: - rcall round /* pops rc2 & rc1 */ - pop r22 - dec r22 - push r22 - brne 2b - - pop r22 - - ldi r22, 0xD4 - eor state0_3, r22 - rcall theta - - pop r31 - pop r30 - clr r29 - ldi r28, 2 - ldi r22, 16 -1: - ld r0, Y+ - st Z+, r0 - dec r22 - brne 1b - - rcall pop_all_func - ret -#endif -/******************************************************************************/ -/******************************************************************************/ -#ifndef NOEKEON_NO_DEC - -; === noekeon_dec === -; -; param1: pointer to buffer/state (r24,r25) -; param2: pointer to k (r22,r23) -; -.global noekeon_dec -noekeon_dec: - rcall push_all_func - /* allocate 16 bytes on the stack */ - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - sbiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - - adiw r30, 1 - /* push state pointer */ - push r24 - push r25 - movw r26, r22 /* move key ptr to X */ - - /* set stackkey to zero */ - ldi r22, 16 -1: st Z+, r1 - dec r22 - brne 1b - - /* copy key to state */ - clr r29 - ldi r28, 2 - ldi r22, 16 -1: ld r0, X+ - st Y+, r0 - dec r22 - brne 1b - - movw r26, r30 - sbiw r26, 16 /* set X back to begining of stack key */ - rcall theta - - /* mov state to stackkey */ - clr r29 - ldi r28, 2 - ldi r22, 16 -1: ld r0, Y+ - st X+, r0 - dec r22 - brne 1b - sbiw r26, 16 /* set X back to begining of stack key */ - - /* move data from stateptr to state */ - pop r31 - pop r30 - push r30 - push r31 - clr r29 - ldi r28, 2 - ldi r22, 16 - push r22 -1: ld r0, Z+ - st Y+, r0 - dec r22 - brne 1b - -;--- snip 8< ---- - - ldi r20, 0xD4 - push r20 /* push round constant2 (0xD4) */ - push r22 /* push round constan1 (0x00) */ - rjmp 3f -2: - ldi r30, lo8(round_const-1) - ldi r31, hi8(round_const-1) - clr r1 - add r30, r22 - adc r31, r1 - lpm r0, Z - push r0 - push r1 -3: - rcall round /* pops rc2 & rc1 */ - pop r22 - dec r22 - push r22 - brne 2b -;---- - pop r22 - - rcall theta - ldi r22, 0x80 - eor state0_3, r22 - -write_state_back: - /* write state back */ - pop r31 /* pop state pointer */ - pop r30 - clr r29 - ldi r28, 2 - ldi r22, 16 -1: - ld r0, Y+ - st Z+, r0 - dec r22 - brne 1b - - /* remove key from stack */ - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - adiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - rcall pop_all_func - ret -#endif -/******************************************************************************/ - - -round: - pop r24 - pop r25 - pop r1 - eor state0_3, r1 - rcall theta - pop r1 - eor state0_3, r1 - push r25 - push r24 -pi_gamma_pi: - ldi r30, pm_lo8(bigendian_rotl32) - ldi r31, pm_hi8(bigendian_rotl32) - rcall pi - /* pi1 done; now gamma */ - rcall gamma_1 - /* a[0] <-> a[3] */ - xchg state0_0, state3_0 - xchg state0_1, state3_1 - xchg state0_2, state3_2 - xchg state0_3, state3_3 - /* a[2] ^= a[0] ^ a[1] ^ a[3] */ - op32 eor, state2, state0 - op32 eor, state2, state1 - op32 eor, state2, state3 - - rcall gamma_1 - ldi r30, pm_lo8(bigendian_rotr32) - ldi r31, pm_hi8(bigendian_rotr32) - rcall pi - ret - -gamma_1: - /* a[1] ^= ~(a[3]|a[2])*/ - mov r1, state3_0 - or r1, state2_0 - com r1 - eor state1_0, r1 - - mov r1, state3_1 - or r1, state2_1 - com r1 - eor state1_1, r1 - - mov r1, state3_2 - or r1, state2_2 - com r1 - eor state1_2, r1 - - mov r1, state3_3 - or r1, state2_3 - com r1 - eor state1_3, r1 - - /* a[0] ^= a[2]&a[1] */ - mov r1, state2_0 - and r1, state1_0 - eor state0_0, r1 - - mov r1, state2_1 - and r1, state1_1 - eor state0_1, r1 - - mov r1, state2_2 - and r1, state1_2 - eor state0_2, r1 - - mov r1, state2_3 - and r1, state1_3 - eor state0_3, r1 - ret - -pi: - /* a[1] <<<= 1*/ - mov r22, state1_0 - mov r23, state1_1 - mov r24, state1_2 - mov r25, state1_3 - ldi r20, 1 - icall - mov state1_0, r22 - mov state1_1, r23 - mov state1_2, r24 - mov state1_3, r25 - /* a[2] <<<= 5*/ - mov r22, state2_0 - mov r23, state2_1 - mov r24, state2_2 - mov r25, state2_3 - ldi r20, 5 - icall - mov state2_0, r22 - mov state2_1, r23 - mov state2_2, r24 - mov state2_3, r25 - /* a[3] <<<= 2*/ - mov r22, state3_0 - mov r23, state3_1 - mov r24, state3_2 - mov r25, state3_3 - ldi r20, 2 - icall - mov state3_0, r22 - mov state3_1, r23 - mov state3_2, r24 - mov state3_3, r25 - ret - -/******************************************************************************/ - -/* -void noekeon_init(void* key, noekeon_ctx_t* ctx){ - uint8_t nullv[16]; - - memset(nullv, 0, 16); - memcpy(ctx, key, 16); - noekeon_enc(ctx, nullv); -} -*/ - -#ifndef NOEKEON_NO_INIT - -.global noekeon_init -noekeon_init: -; === noekeon_init === -; -; param1: pointer to key (r24,r25) -; param2: pointer to context (r22,r23) -; - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - sbiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - - movw r26, r22 - adiw r30, 1 - movw r22, r30 - /* set nullv(stack) to zero */ - ldi r20, 16 -1: st Z+, r1 - dec r20 - brne 1b - - /* copy key data to ctx */ - movw r30, r24 - ldi r20, 16 -1: ld r1, Z+ - st X+, r1 - dec r20 - brne 1b - clr r1 - - sbiw r26, 16 - movw r24, r26 - rcall noekeon_enc - - in r30, _SFR_IO_ADDR(SPL) - in r31, _SFR_IO_ADDR(SPH) - adiw r30, 16 - out _SFR_IO_ADDR(SPH), r31 - out _SFR_IO_ADDR(SPL), r30 - ret - -#endif - - diff --git a/noekeon_cbc_enc.S b/noekeon_cbc_enc.S deleted file mode 100644 index 0c0b89a..0000000 --- a/noekeon_cbc_enc.S +++ /dev/null @@ -1,99 +0,0 @@ -/* noekeon_cbc_enc.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-08-06 - * \license GPLv3 or later - * - * - * - */ - -.macro push_ p1:req p2:vararg - push \p1 -.ifnb \p2 - push_ \p2 -.endif -.endm - -.macro pop_ p1:req p2:vararg - pop \p1 -.ifnb \p2 - pop_ \p2 -.endif -.endm - -.extern noekeon_enc - -/* - * void noekeon_cbc_enc(void* buffer, uint8_t block_cnt, const void* key) - */ - -/* param buffer is passed in r24:r25 - * param block_cnt is passed in r22 (r23 is 0) - * param key is passed in r20:r21 - */ -.global noekeon_cbc_enc - noekeon_cbc_enc: - push r22 - movw r22, r20 - push_ r22, r23, r24, r25 - rcall noekeon_enc -1: - pop_ r27, r26, r23, r22 - pop r16 /* block counter */ - dec r16 - breq 9f - push r16 - /* xor blocks */ - movw r30, r26 - adiw r30, 16 - ldi r16, 16 -2: - ld r17, X+ - ld r18, Z - eor r18, r17 - st Z+, r18 - dec r16 - brne 2b - - /* call encryption function; X points to our new block */ - push_ r22, r23, r26, r27 - movw r24, r26 - rcall noekeon_enc - rjmp 1b -9: - ret - - - - - - - - - - - - - - - - diff --git a/noekeon_cbc_enc.h b/noekeon_cbc_enc.h deleted file mode 100644 index e9ced11..0000000 --- a/noekeon_cbc_enc.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef NOEKEON_CBC_ENC_H_ -#define NOEKEON_CBC_ENC_H_ - -#include -#include "noekeon.h" - -void noekeon_cbc_enc(void* buffer, uint8_t block_cnt, const void* key); - -#endif /*NOEKEON_CBC_ENC_H_*/ diff --git a/noekeon_ctr.S b/noekeon_ctr.S deleted file mode 100644 index bf366ba..0000000 --- a/noekeon_ctr.S +++ /dev/null @@ -1,70 +0,0 @@ -/* noekeon_ctr.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-08-06 - * \license GPLv3 or later - * - * - * - */ - -.extern noekeon_enc - -/* - * void noekeon_ctr_next(void* buffer, const noekeon_ctr_ctx_t* ctx); - */ -.global noekeon_ctr_next -/* - * param buffer passed in r24:r25 - * param ctx passed in r22:r23 - */ -noekeon_ctr_next: - /* copy counter to buffer */ - movw r26, r24 /* copy buffer pointer to X */ - movw r30, r22 /* copy counter pointer to Z */ - ldi r16, 16 -1: - ld r0, Z+ - st X+, r0 - dec r16 - brne 1b - /* increment counter */ - movw r30, r22 /* copy counter pointer to Z */ - ldi r17, 1 - ldi r16, 15 - ld r0, Z - add r0, r17 - st Z+, r0 -1: - ld r0, Z - adc r0, r1 - st Z+, r0 - dec r16 - brne 1b - /* call encryption routine */ - /* we can leave the first param as is, but have to adjust the second to point to the key */ - //adiw r22, 16 - ldi r16, 16 - add r22, r16 - adc r23, r0 -// rcall noekeon_enc -// ret - rjmp noekeon_enc /* noekeon_enc will return for us */ diff --git a/noekeon_ctr.h b/noekeon_ctr.h deleted file mode 100644 index d7a601f..0000000 --- a/noekeon_ctr.h +++ /dev/null @@ -1,42 +0,0 @@ -/* noekeon_ctr.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-08-06 - * \license GPLv3 or later - * - * - * - */ - -#ifndef NOEKEON_CTR_H_ -#define NOEKEON_CTR_H_ - -#include -#include "noekeon.h" - -typedef struct{ - uint8_t counter[16]; - uint8_t key[16]; -}noekeon_ctr_ctx_t; - -void noekeon_ctr_next(void* buffer, const noekeon_ctr_ctx_t* ctx); - -#endif /*NOEKEON_CTR_H_*/ diff --git a/noekeon_prng.c b/noekeon_prng.c deleted file mode 100644 index 4e73c7c..0000000 --- a/noekeon_prng.c +++ /dev/null @@ -1,67 +0,0 @@ -/* noekeon_prng.c */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -/** - * \author Daniel Otte - * \date 2008-08-24 - * \license GPLv3 or later - * \brief random number generator based on noekeon running in CFB-mode - * - */ - -#include "noekeon.h" -#include "memxor.h" -#include -#include - -static uint8_t random_state[16]; -static uint8_t random_key[16]; -static uint8_t i=0; - -uint8_t random8(void){ - static uint8_t sr[16]; - - if(i==0){ - noekeon_enc(random_state, random_key); - memcpy(sr, random_state, 16); - i=15; - return sr[15]; - } - --i; - return sr[i]; -} - -void random_block(void* dest){ - i=0; - noekeon_enc(random_state, random_key); - memcpy(dest, random_state, 16); -} - -void srandom32(uint32_t seed){ - memcpy(random_key, &seed, 4); -} - -void random_seed(const void* buffer){ - memcpy(random_key, buffer, 16); -} - -void random_add(const void* buffer){ - memxor(random_key, buffer, 16); -} - - diff --git a/noekeon_prng.h b/noekeon_prng.h deleted file mode 100644 index ff9ca03..0000000 --- a/noekeon_prng.h +++ /dev/null @@ -1,40 +0,0 @@ -/* noekeon_prng.h */ -/* - * This file is part of the AVR-Crypto-Lib. - * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -/** - * \author Daniel Otte - * \date 2008-08-24 - * \license GPLv3 or later - * \brief random number generator based on noekeon running in CFB-mode - * - */ - -#ifndef PRNG_H_ -#define PRNG_H_ - -#include - -uint8_t random8(void); -void random_block(void* dest); -void srandom32(uint32_t seed); -void random_seed(const void* buffer); -void random_add(const void* buffer); - -#endif /* PRNG_H_*/ - - diff --git a/omac_noekeon.S b/omac_noekeon.S deleted file mode 100644 index 598280b..0000000 --- a/omac_noekeon.S +++ /dev/null @@ -1,353 +0,0 @@ -/* noekeon_omac.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-08-24 - * \license GPLv3 or later - * - * - * - */ - -#include -#include "avr-asm-macros.S" - -.extern noekeon_enc - - -/******************************************************************************/ - -/* - * void noekeon_omac_init(noekeon_omac_ctx_t* ctx){ - * memset(ctx, 0, 16); - * } - */ -/* - * param ctx in r24:r25 - */ - -.global omac_noekeon_init -omac_noekeon_init: - movw r30, r24 - ldi r24, 16 -1: - st Z+, r1 - dec r24 - brne 1b - ret - -/******************************************************************************/ - -/* - * void omac_noekeon_tweak(uint8_t t, const void* key, noekeon_omac_ctx_t* ctx){ - * *ctx[15] = t; - * noekeon_enc(ctx, key); - * } - */ -/* - * param t in r24 - * param key in r22:r23 - * param ctx in r20:r21 - */ -.global omac_noekeon_tweak -omac_noekeon_tweak: - movw r30, r20 - std Z+15, r24 - movw r24, r20 - rjmp noekeon_enc - -/******************************************************************************/ - -/* - * void noekeon_omac_next(const void* buffer, const void* key, noekeon_omac_ctx_t* ctx){ - * memxor(ctx, buffer, 16); - * noekeon_enc(ctx, key); - * } - */ -/* - * param buffer in r24:r25 - * param key in r22:r23 - * param ctx in r20:r21 - */ -.global omac_noekeon_next -omac_noekeon_next: - movw r26, r20 - movw r30, r24 - ldi r24, 16 -1: - ld r0, X - ld r25, Z+ - eor r0, r25 - st X+, r0 - dec r24 - brne 1b - movw r24, r20 - rjmp noekeon_enc - -/******************************************************************************/ - -/* - * void omac_noekeon_comppad(uint8_t* pad, const void* key, uint8_t length_b){ - * uint8_t c1,c2,r,j; - * memset(pad, 0, 16); - * noekeon_enc(pad, key); - * r=(length_b==128)?1:2; - * for(;r!=0;--r){ - * c1=0; - * for(j=0;j<16;++j){ - * c2 = c1; - * c1 = (pad[15-j])>>7; - * pad[15-j] = ((pad[15-j])<<1) | c2; - * } - * if(c1){ - * pad[15] ^= 0x87; - * } - * } - * if(length_b<128){ - * pad[(length_b)/8] ^= 0x80 >> (length_b%8); - * } - *} - */ -/* - * param pad in r24:r25 - * param key in r22:r23 - * param length_b in r20 - */ -.global omac_noekeon_comppad -omac_noekeon_comppad: - push_ r20, r24, r25 - ldi r20, 16 - movw r30, r24 -1: - st Z+, r1 - dec r20 - brne 1b - rcall noekeon_enc - pop_ r31, r30, r20 /* now Z points at pad, and r20 contains length_b */ - ldi r21, 1 - clt - cpi r20, 128 - breq 2f - set - inc r21 -2: - adiw r30, 16 - ldi r24, 16 - clc -3: - ld r0, -Z - rol r0 - st Z, r0 - dec r24 - brne 3b - - brcc 4f - ldi r24, 0x87 - ldd r0, Z+15 - eor r0, r24 - std Z+15, r0 -4: - dec r21 - brne 2b - /* the B/P calculation is done, now we have only to insert the one for - messages of a length != n*128 */ - brts 5f - ret -5: - /* r20 contains the length in bits where a one must be appended via xor */ - mov r21, r20 - lsr r21 - lsr r21 - lsr r21 - add r30, r21 - adc r31, r1 - andi r20, 0x07 - ldi r21, 0x80 -6: tst r20 - breq 8f -7: lsr r21 - dec r20 - brne 7b -8: - ld r24, Z - eor r24, r21 - st Z, r24 - ret - -/******************************************************************************/ - -/* - * void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, noekeon_omac_ctx_t* ctx){ - * while(length_b>128){ - * omac_noekeon_next(buffer, key, ctx); - * buffer = (uint8_t*)buffer +16; - * length_b -= 128; - * } - * uint8_t pad[16]; - * omac_noekeon_comppad(pad, key, length_b); - * memxor(pad, buffer, (length_b+7)/8); - * omac_noekeon_next(pad, key, ctx); - *} - */ -/* - * param buffer in r24:r25 - * param length_b in r22 - * param key in r20:r21 - * param ctx in r18:r19 - */ -.global omac_noekeon_last -omac_noekeon_last: - push_range 10, 16 - push_ r28, r29 - movw r28, r24 /* buffer */ - movw r12, r20 /* key */ - movw r14, r18 /* ctx */ - mov r16, r22 /* length_b */ -1: - cpi r16, 129 - brlo 2f - movw r22, r20 - movw r20, r18 - rcall omac_noekeon_next - adiw r28, 16 - subi r16, 128 -2: - stack_alloc 16 - adiw r30, 1 - movw r10, r30 - movw r24, r30 - movw r22, r12 - mov r20, r16 - rcall omac_noekeon_comppad - movw r30, r10 - subi r16, -7 - lsr r16 - lsr r16 - lsr r16 - breq 4f -3: - ld r0, Z - ld r24, Y+ - eor r0, r24 - st Z+, r0 - dec r16 - brne 3b -4: - movw r24, r10 - movw r22, r12 - movw r20, r14 - rcall omac_noekeon_next - stack_free 16 - - pop_ r29, r28 - pop_range 10, 16 - ret - -/******************************************************************************/ - -/* - *void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b, - * const void* key, uint8_t t){ - * omac_noekeon_init(dest); - * if(t!=0xff) - * omac_noekeon_tweak(t,key,dest); - * while(msglength_b>128){ - * omac_noekeon_next(msg, key, dest); - * msg = (uint8_t*)msg +16; - * msglength_b -= 128; - * } - * omac_noekeon_last(msg, msglength_b, key, dest); - *} - */ -/* - * param dest in r24:r25 - * param msg in r22:r23 - * param msglength_b in r20:r21 - * param key in r18:r19 - * param t in r16 - */ -MSG0 = 28 -MSG1 = 29 -KEY0 = 10 -KEY1 = 11 -LEN0 = 12 -LEN1 = 13 -DST0 = 14 -DST1 = 15 - -.global omac_noekeon -omac_noekeon: - push_ r28, r29 - push_range 10, 17 - movw MSG0, r22 /* msg */ - movw KEY0, r18 /* key */ - movw LEN0, r20 /* msglength_b */ - movw DST0, r24 /* dest */ - /* omac_noekeon_init(dest); */ - rcall omac_noekeon_init - cpi r16, 0xff - breq 1f - mov r24, r16 - movw r22, KEY0 - movw r20, DST0 - /* omac_noekeon_tweak(t,key,dest); */ - rcall omac_noekeon_tweak -1: - movw r16, LEN0 - tst r17 - breq 4f -3: - movw r24, MSG0 - movw r22, KEY0 - movw r20, DST0 - /* omac_noekeon_next(msg, key, dest); */ - rcall omac_noekeon_next - adiw MSG0, 16 - subi r16, 128 - sez - sbci r17, 0 /* wont change Z if result is zero */ - brne 3b -4: - movw r24, MSG0 - mov r22, r16 - movw r20, KEY0 - movw r18, DST0 - /* omac_noekeon_last(msg, msglength_b, key, dest); */ - call omac_noekeon_last - - pop_range 10, 17 - pop_ r29, r28 - ret - - - - - - - - - - - - - - - - diff --git a/omac_noekeon.h b/omac_noekeon.h deleted file mode 100644 index a4db052..0000000 --- a/omac_noekeon.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \author Daniel Otte - * \email daniel.otte@rub.de - * \license GPLv3 or later - * - * - * - */ - -#ifndef NOEKEON_OMAC_H_ -#define NOEKEON_OMAC_H_ - -#include "noekeon.h" -#include - -typedef uint8_t omac_noekeon_ctx_t[16]; - -void omac_noekeon_init(omac_noekeon_ctx_t* ctx); -void omac_noekeon_tweak(uint8_t t, const void* key, omac_noekeon_ctx_t* ctx); -void omac_noekeon_next(const void* buffer, const void* key, - omac_noekeon_ctx_t* ctx); -void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, - omac_noekeon_ctx_t* ctx); -void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b, - const void* key, uint8_t t); - -#endif /*NOEKEON_OMAC_H_*/ diff --git a/omac_noekeon_C.c b/omac_noekeon_C.c deleted file mode 100644 index 3046ede..0000000 --- a/omac_noekeon_C.c +++ /dev/null @@ -1,74 +0,0 @@ -#include "noekeon.h" -#include "omac_noekeon.h" -#include "memxor.h" -#include -#include - - -void omac_noekeon_init(omac_noekeon_ctx_t* ctx){ - memset(ctx, 0, 16); -} - - -void omac_noekeon_tweak(uint8_t t, const void* key, omac_noekeon_ctx_t* ctx){ - *ctx[15] = t; - noekeon_enc(ctx, key); -} - -void omac_noekeon_next(const void* buffer, const void* key, omac_noekeon_ctx_t* ctx){ - memxor(ctx, buffer, 16); - noekeon_enc(ctx, key); -} - -static -void omac_noekeon_comppad(uint8_t* pad, const void* key, uint8_t length_b){ - uint8_t c1,c2,r,j; - memset(pad, 0, 16); - noekeon_enc(pad, key); - r=(length_b==128)?1:2; - for(;r!=0;--r){ - c1=0; - for(j=0;j<16;++j){ - c2 = c1; - c1 = (pad[15-j])>>7; - pad[15-j] = ((pad[15-j])<<1) | c2; - } - if(c1){ - pad[15] ^= 0x87; - } - } - if(length_b<128){ - pad[(length_b)/8] ^= 0x80 >> (length_b%8); - } -} - -void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, omac_noekeon_ctx_t* ctx){ - while(length_b>128){ - omac_noekeon_next(buffer, key, ctx); - buffer = (uint8_t*)buffer +16; - length_b -= 128; - } - uint8_t pad[16]; - omac_noekeon_comppad(pad, key, length_b); - memxor(pad, buffer, (length_b+7)/8); - omac_noekeon_next(pad, key, ctx); -} - - -void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b, - const void* key, uint8_t t){ - omac_noekeon_init(dest); - if(t!=0xff) - omac_noekeon_tweak(t,key,dest); - while(msglength_b>128){ - omac_noekeon_next(msg, key, dest); - msg = (uint8_t*)msg +16; - msglength_b -= 128; - } - omac_noekeon_last(msg, msglength_b, key, dest); -} - - - - - diff --git a/serpent/memxor.S b/serpent/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/serpent/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/serpent/memxor.h b/serpent/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/serpent/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/serpent/serpent.c b/serpent/serpent.c index 40ccecd..41dca4b 100644 --- a/serpent/serpent.c +++ b/serpent/serpent.c @@ -26,7 +26,7 @@ #include #include /* memset() */ #include -#include "memxor.h" +#include "memxor/memxor.h" #include "serpent.h" #include "serpent-sboxes.h" diff --git a/shabea/memxor.S b/shabea/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/shabea/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/shabea/memxor.h b/shabea/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/shabea/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/shabea/sha256-asm.S b/shabea/sha256-asm.S deleted file mode 100644 index d9eb6b6..0000000 --- a/shabea/sha256-asm.S +++ /dev/null @@ -1,1042 +0,0 @@ -/* sha256-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; sha-256 implementation in assembler -SHA256_BLOCK_BITS = 512 -SHA256_HASH_BITS = 256 - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -/* X points to Block */ -.macro dbg_hexdump length - precall - hexdump \length - postcall -.endm - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha256_ctx_t is: -; -; [h0][h1][h2][h3][h4][h5][h6][h7][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha256_ctx2hash -; === sha256_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha256_ctx structure -; given in r23,r22 -sha256_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 8 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha256 -; === sha256 === -; this function calculates SHA-256 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha256: -sha256_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r16, SPL - in r17, SPH - subi r16, 8*4+8 - sbci r17, 0 - in r0, SREG - cli - out SPL, r16 - out SPH, r17 - out SREG, r0 - - push r25 - push r24 - inc r16 - adc r17, r1 - - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha256_init - /* if length >= 512 */ -1: - tst r11 - brne 4f - tst r10 - brne 4f - mov r19, r9 - cpi r19, 0x02 - brlo 4f - - movw r24, r16 - movw r22, r12 - rcall sha256_nextBlock - ldi r19, 0x64 - add r22, r19 - adc r23, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha256_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha256_ctx2hash - -sha256_epilog: - in r30, SPL - in r31, SPH - adiw r30, 8*4+8 - in r0, SREG - cli - out SPL, r30 - out SPH, r31 - out SREG, r0 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha256_lastBlock -; === sha256_lastBlock === -; this function does padding & Co. for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1) - - -sha256_lastBlock: - cpi r21, 0x02 - brlo sha256_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 0x02 - subi r23, -2 - rjmp sha256_lastBlock -sha256_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r1, SREG - subi r30, lo8(64) - sbci r31, hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha256_lastBlock_post_copy - mov r1, r18 -sha256_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha256_lastBlock_copy_loop -sha256_lastBlock_post_copy: -sha256_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha256_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*8+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha256_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha256_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha256_lastBlock_epilog -sha256_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 8*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha256_nextBlock - -sha256_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r1, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - clr r1 - clr r0 - ret - -/**/ -;########################################################### - -.global sha256_nextBlock -; === sha256_nextBlock === -; this is the core function for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte) - -Bck1 = 12 -Bck2 = 13 -Bck3 = 14 -Bck4 = 15 -Func1 = 22 -Func2 = 23 -Func3 = 24 -Func4 = 25 -Accu1 = 16 -Accu2 = 17 -Accu3 = 18 -Accu4 = 19 -XAccu1 = 8 -XAccu2 = 9 -XAccu3 = 10 -XAccu4 = 11 -T1 = 4 -T2 = 5 -T3 = 6 -T4 = 7 -LoopC = 1 -/* byteorder: high number <--> high significance */ -sha256_nextBlock: - ; initial, let's make some space ready for local vars - push r4 /* replace push & pop by mem ops? */ - push r5 - push r6 - push r7 - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack - movw r30, r22 ; Z points to message - subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha256_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - push r18 - push r19 - push r24 - push r25 /* param1 will be needed later */ - ; now we fill the w array with message (think about endianess) - adiw r26, 1 ; X++ - ldi r20, 16 -sha256_nextBlock_wcpyloop: - ld r23, Z+ - ld r22, Z+ - ld r19, Z+ - ld r18, Z+ - st X+, r18 - st X+, r19 - st X+, r22 - st X+, r23 - dec r20 - brne sha256_nextBlock_wcpyloop -/* for (i=16; i<64; ++i){ - w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16]; - } */ - /* r25,r24,r23,r24 (r21,r20) are function values - r19,r18,r17,r16 are the accumulator - r15,r14,r13,rBck1 are backup1 - r11,r10,r9 ,r8 are xor accu - r1 is round counter */ - - ldi r20, 64-16 - mov LoopC, r20 -sha256_nextBlock_wcalcloop: - movw r30, r26 ; cp X to Z - sbiw r30, 63 - sbiw r30, 1 ; substract 64 = 16*4 - ld Accu1, Z+ - ld Accu2, Z+ - ld Accu3, Z+ - ld Accu4, Z+ /* w[i] = w[i-16] */ - ld Bck1, Z+ - ld Bck2, Z+ - ld Bck3, Z+ - ld Bck4, Z+ /* backup = w[i-15] */ - /* now sigma 0 */ - mov Func1, Bck2 - mov Func2, Bck3 - mov Func3, Bck4 - mov Func4, Bck1 /* prerotated by 8 */ - ldi r20, 1 - rcall bitrotl - movw XAccu1, Func1 - movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/ -sigma0_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - ror Bck1 - dec Func2 - brne sigma0_shr - eor XAccu1, Bck1 - eor XAccu2, Bck2 - eor XAccu3, Bck3 - eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - ldd Func1, Z+7*4 /* now accu += w[i-7] */ - ldd Func2, Z+7*4+1 - ldd Func3, Z+7*4+2 - ldd Func4, Z+7*4+3 - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - ldd Bck1, Z+12*4 /* now backup = w[i-2]*/ - ldd Bck2, Z+12*4+1 - ldd Bck3, Z+12*4+2 - ldd Bck4, Z+12*4+3 - /* now sigma 1 */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 1 - rcall bitrotr - movw XAccu3, Func3 - movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */ -; movw Func1, Bck3 -; movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/ -sigma1_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - dec Func2 - brne sigma1_shr - eor XAccu1, Bck2 - eor XAccu2, Bck3 - eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - /* now let's store the shit */ - st X+, Accu1 - st X+, Accu2 - st X+, Accu3 - st X+, Accu4 - dec LoopC - breq 3f ; skip if zero - rjmp sha256_nextBlock_wcalcloop -3: - /* we are finished with w array X points one byte post w */ -/* init a array */ - pop r31 - pop r30 - push r30 - push r31 - ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */ -init_a_array: - ld r1, Z+ - st X+, r1 - dec r25 - brne init_a_array - -/* now the real fun begins */ -/* for (i=0; i<64; ++i){ - t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i]; - t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]); - memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; - a[4] += t1; - a[0] = t1 + t2; - } */ - /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */ - sbiw r26, 8*4 /* X still points at a[7]+1*/ - movw r28, r26 - ldi r30, lo8(sha256_kv) - ldi r31, hi8(sha256_kv) - dec r27 /* X - (64*4 == 256) */ - ldi r25, 64 - mov LoopC, r25 -sha256_main_loop: - /* now calculate t1 */ - /*CH(x,y,z) = (x&y)^((~x)&z)*/ - ldd T1, Y+5*4 - ldd T2, Y+5*4+1 - ldd T3, Y+5*4+2 - ldd T4, Y+5*4+3 /* y in T */ - ldd Func1, Y+4*4 - ldd Func2, Y+4*4+1 - ldd Func3, Y+4*4+2 - ldd Func4, Y+4*4+3 /* x in Func */ - ldd Bck1, Y+6*4 - ldd Bck2, Y+6*4+1 - ldd Bck3, Y+6*4+2 - ldd Bck4, Y+6*4+3 /* z in Bck */ - and T1, Func1 - and T2, Func2 - and T3, Func3 - and T4, Func4 - com Func1 - com Func2 - com Func3 - com Func4 - and Bck1, Func1 - and Bck2, Func2 - and Bck3, Func3 - and Bck4, Func4 - eor T1, Bck1 - eor T2, Bck2 - eor T3, Bck3 - eor T4, Bck4 /* done, CH(x,y,z) is in T */ - /* now SIGMA1(a[4]) */ - ldd Bck4, Y+4*4 /* think about using it from Func reg above*/ - ldd Bck1, Y+4*4+1 - ldd Bck2, Y+4*4+2 - ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */ - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotl /* rotr(x,6) */ - movw XAccu1, Func1 - movw XAccu3, Func3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 3 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - movw Func1, Bck3 /* this prerotates furteh 16 bits*/ - movw Func3, Bck1 /* so we have now prerotated by 24 bits*/ - ldi r20, 1 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* finished with SIGMA1, add it to T */ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 - /* now we've to add a[7], w[i] and k[i] */ - ldd XAccu1, Y+4*7 - ldd XAccu2, Y+4*7+1 - ldd XAccu3, Y+4*7+2 - ldd XAccu4, Y+4*7+3 - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add a[7] */ - ld XAccu1, X+ - ld XAccu2, X+ - ld XAccu3, X+ - ld XAccu4, X+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add w[i] */ - lpm XAccu1, Z+ - lpm XAccu2, Z+ - lpm XAccu3, Z+ - lpm XAccu4, Z+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add k[i] */ /* finished with t1 */ - /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/ - /* starting with MAJ(x,y,z) */ - ldd Func1, Y+4*0+0 - ldd Func2, Y+4*0+1 - ldd Func3, Y+4*0+2 - ldd Func4, Y+4*0+3 /* load x=a[0] */ - ldd XAccu1, Y+4*1+0 - ldd XAccu2, Y+4*1+1 - ldd XAccu3, Y+4*1+2 - ldd XAccu4, Y+4*1+3 /* load y=a[1] */ - and XAccu1, Func1 - and XAccu2, Func2 - and XAccu3, Func3 - and XAccu4, Func4 /* XAccu == (x & y) */ - ldd Bck1, Y+4*2+0 - ldd Bck2, Y+4*2+1 - ldd Bck3, Y+4*2+2 - ldd Bck4, Y+4*2+3 /* load z=a[2] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */ - ldd Func1, Y+4*1+0 - ldd Func2, Y+4*1+1 - ldd Func3, Y+4*1+2 - ldd Func4, Y+4*1+3 /* load y=a[1] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */ - /* SIGMA0(a[0]) */ - ldd Bck1, Y+4*0+0 /* we should combine this with above */ - ldd Bck2, Y+4*0+1 - ldd Bck3, Y+4*0+2 - ldd Bck4, Y+4*0+3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotr - movw Accu1, Func1 - movw Accu3, Func3 /* Accu = shr(a[0], 2) */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotate by 16 bits */ - ldi r20, 3 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */ - mov Func1, Bck4 - mov Func2, Bck1 - mov Func3, Bck2 - mov Func4, Bck3 /* prerotate by 24 bits */ - ldi r20, 2 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */ - add Accu1, XAccu1 /* add previous result (MAJ)*/ - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 - /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/ - /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */ - - ldi r21, 7*4 - adiw r28, 7*4 -a_shift_loop: - ld r25, -Y /* warning: this is PREdecrement */ - std Y+4, r25 - dec r21 - brne a_shift_loop - - ldd Bck1, Y+4*4+0 - ldd Bck2, Y+4*4+1 - ldd Bck3, Y+4*4+2 - ldd Bck4, Y+4*4+3 - add Bck1, T1 - adc Bck2, T2 - adc Bck3, T3 - adc Bck4, T4 - std Y+4*4+0, Bck1 - std Y+4*4+1, Bck2 - std Y+4*4+2, Bck3 - std Y+4*4+3, Bck4 - add Accu1, T1 - adc Accu2, T2 - adc Accu3, T3 - adc Accu4, T4 - std Y+4*0+0, Accu1 - std Y+4*0+1, Accu2 - std Y+4*0+2, Accu3 - std Y+4*0+3, Accu4 /* a array updated */ - - - dec LoopC - breq update_state - rjmp sha256_main_loop ;brne sha256_main_loop -update_state: - /* update state */ - /* pointers to state should still exist on the stack ;-) */ - pop r31 - pop r30 - ldi r21, 8 -update_state_loop: - ldd Accu1, Z+0 - ldd Accu2, Z+1 - ldd Accu3, Z+2 - ldd Accu4, Z+3 - ld Func1, Y+ - ld Func2, Y+ - ld Func3, Y+ - ld Func4, Y+ - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - st Z+, Accu1 - st Z+, Accu2 - st Z+, Accu3 - st Z+, Accu4 - dec r21 - brne update_state_loop - /* now we just have to update the length */ - adiw r30, 1 /* since we add 512, we can simply skip the LSB */ - ldi r21, 2 - ldi r22, 6 - ld r20, Z - add r20, r21 - st Z+, r20 - clr r21 -sha256_nextBlock_fix_length: - brcc sha256_nextBlock_epilog - ld r20, Z - adc r20, r21 - st Z+, r20 - dec r22 - brne sha256_nextBlock_fix_length - -; EPILOG -sha256_nextBlock_epilog: -/* now we should clean up the stack */ - - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - pop r7 - pop r6 - pop r5 - pop r4 - ret - -sha256_kv: ; round-key-vector stored in ProgMem -.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c -.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b -.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9 -.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429 -.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272 -.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a -.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e -.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671 - - -;########################################################### - -.global sha256_init -;uint32_t sha256_init_vector[]={ -; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, -; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 }; -; -;void sha256_init(sha256_ctx_t *state){ -; state->length=0; -; memcpy(state->h, sha256_init_vector, 8*4); -;} -; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha256_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha256_init_vector)) - ldi r31, hi8((sha256_init_vector)) - ldi r22, 32+8 -sha256_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha256_init_vloop - ret - -sha256_init_vector: -.word 0xE667, 0x6A09 -.word 0xAE85, 0xBB67 -.word 0xF372, 0x3C6E -.word 0xF53A, 0xA54F -.word 0x527F, 0x510E -.word 0x688C, 0x9B05 -.word 0xD9AB, 0x1F83 -.word 0xCD19, 0x5BE0 -.word 0x0000, 0x0000 -.word 0x0000, 0x0000 - -;########################################################### - -.global rotl32 -; === ROTL32 === -; function that rotates a 32 bit word to the left -; param1: the 32-bit word to rotate -; given in r25,r24,r23,r22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotl32: - cpi r20, 8 - brlo bitrotl - mov r21, r25 - mov r25, r24 - mov r24, r23 - mov r23, r22 - mov r22, r21 - subi r20, 8 - rjmp rotl32 -bitrotl: - clr r21 - clc -bitrotl_loop: - tst r20 - breq fixrotl - rol r22 - rol r23 - rol r24 - rol r25 - rol r21 - dec r20 - rjmp bitrotl_loop -fixrotl: - or r22, r21 - ret - - -;########################################################### - -.global rotr32 -; === ROTR32 === -; function that rotates a 32 bit word to the right -; param1: the 32-bit word to rotate -; given in r25,r24,r23,22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotr32: - cpi r20, 8 - brlo bitrotr - mov r21, r22 - mov r22, r23 - mov r23, r24 - mov r24, r25 - mov r25, r21 - subi r20, 8 - rjmp rotr32 -bitrotr: - clr r21 - clc -bitrotr_loop: - tst r20 - breq fixrotr - ror r25 - ror r24 - ror r23 - ror r22 - ror r21 - dec r20 - rjmp bitrotr_loop -fixrotr: - or r25, r21 - ret - - -;########################################################### - -.global change_endian32 -; === change_endian32 === -; function that changes the endianess of a 32-bit word -; param1: the 32-bit word -; given in r25,r24,r23,22 (r25 is most significant) -; modifys: r21, r22 -change_endian32: - movw r20, r22 ; (r22,r23) --> (r20,r21) - mov r22, r25 - mov r23, r24 - mov r24, r21 - mov r25, r20 - ret - diff --git a/shabea/sha256.h b/shabea/sha256.h deleted file mode 100644 index 24960a3..0000000 --- a/shabea/sha256.h +++ /dev/null @@ -1,122 +0,0 @@ -/* sha256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha256.h - * \author Daniel Otte - * \date 2006-05-16 - * \license GPLv3 or later - * - */ - -#ifndef SHA256_H_ -#define SHA256_H_ - -#define __LITTLE_ENDIAN__ - - -#include - -/** \def SHA256_HASH_BITS - * defines the size of a SHA-256 hash value in bits - */ - -/** \def SHA256_HASH_BYTES - * defines the size of a SHA-256 hash value in bytes - */ - -/** \def SHA256_BLOCK_BITS - * defines the size of a SHA-256 input block in bits - */ - -/** \def SHA256_BLOCK_BYTES - * defines the size of a SHA-256 input block in bytes - */ - -#define SHA256_HASH_BITS 256 -#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8) -#define SHA256_BLOCK_BITS 512 -#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8) - -/** \typedef sha256_ctx_t - * \brief SHA-256 context type - * - * A variable of this type may hold the state of a SHA-256 hashing process - */ -typedef struct { - uint32_t h[8]; - uint64_t length; -} sha256_ctx_t; - -/** \typedef sha256_hash_t - * \brief SHA-256 hash value type - * - * A variable of this type may hold the hash value produced by the - * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function. - */ -typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES]; - -/** \fn void sha256_init(sha256_ctx_t *state) - * \brief initialise a SHA-256 context - * - * This function sets a ::sha256_ctx_t to the initial values for hashing. - * \param state pointer to the SHA-256 hashing context - */ -void sha256_init(sha256_ctx_t *state); - -/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block) - * \brief update the context with a given block - * - * This function updates the SHA-256 hash context by processing the given block - * of fixed length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - */ -void sha256_nextBlock (sha256_ctx_t* state, const void* block); - -/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b) - * \brief finalize the context with the given block - * - * This function finalizes the SHA-256 hash context by processing the given block - * of variable length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - * \param length_b the length of the block in bits - */ -void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b); - -/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) - * \brief convert the hash state into the hash value - * This function reads the context and writes the hash value to the destination - * \param dest pointer to the location where the hash value should be written - * \param state pointer to the SHA-256 hash context - */ -void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state); - -/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b) - * \brief simple SHA-256 hashing function for direct hashing - * - * This function automaticaly hashes a given message of arbitary length with - * the SHA-256 hashing algorithm. - * \param dest pointer to the location where the hash value is going to be written to - * \param msg pointer to the message thats going to be hashed - * \param length_b length of the message in bits - */ -void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b); - -#endif /*SHA256_H_*/ diff --git a/shabea/shabea.c b/shabea/shabea.c index b59e138..e5ca5d8 100644 --- a/shabea/shabea.c +++ b/shabea/shabea.c @@ -33,10 +33,10 @@ */ #include #include -#include "sha256.h" +#include "sha256/sha256.h" #include "config.h" -#include "memxor.h" +#include "memxor/memxor.h" /* diff --git a/shacal1/sha1-asm.S b/shacal1/sha1-asm.S deleted file mode 100644 index f571685..0000000 --- a/shacal1/sha1-asm.S +++ /dev/null @@ -1,886 +0,0 @@ -/* sha1-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; SHA1 implementation in assembler for AVR -SHA1_BLOCK_BITS = 512 -SHA1_HASH_BITS = 160 - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -.macro delay -/* - push r0 - push r1 - clr r0 -1: clr r1 -2: dec r1 - brne 2b - dec r0 - brne 1b - pop r1 - pop r0 // */ -.endm - -/* X points to Block */ -.macro dbg_hexdump length -/* - precall - hexdump \length - postcall - // */ -.endm - - - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha1_ctx_t is: -; -; [h0][h1][h2][h3][h4][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha1_ctx2hash -; === sha1_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha1_ctx structure -; given in r23,r22 -sha1_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 5 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha1 -; === sha1 === -; this function calculates SHA-1 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha1: -sha1_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r16, SPL - in r17, SPH - subi r16, 5*4+8 - sbci r17, 0 - in r0, SREG - cli - out SPL, r16 - out SPH, r17 - out SREG, r0 - - push r25 - push r24 - inc r16 - adc r17, r1 - - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha1_init - /* if length >= 512 */ -1: - tst r11 - brne 4f - tst r10 - brne 4f - mov r19, r9 - cpi r19, 0x02 - brlo 4f - - movw r24, r16 - movw r22, r12 - rcall sha1_nextBlock - ldi r19, 0x64 - add r22, r19 - adc r23, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha1_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha1_ctx2hash - -sha1_epilog: - in r30, SPL - in r31, SPH - adiw r30, 5*4+8 - in r0, SREG - cli - out SPL, r30 - out SPH, r31 - out SREG, r0 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha1_lastBlock -; === sha1_lastBlock === -; this function does padding & Co. for calculating SHA-1 hashes -; param1: the 16-bit pointer to sha1_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha1_lastBlock_localSpace = (SHA1_BLOCK_BITS/8+1) - - -sha1_lastBlock: - cpi r21, 0x02 - brlo sha1_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha1_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 2 - subi r23, -2 - rjmp sha1_lastBlock -sha1_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r1, SREG - subi r30, lo8(64) - sbci r31, hi8(64) /* ??? */ - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha1_lastBlock_post_copy - mov r1, r18 -sha1_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha1_lastBlock_copy_loop -sha1_lastBlock_post_copy: -sha1_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha1_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha1_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*5+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha1_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha1_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha1_lastBlock_epilog -sha1_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 5*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha1_nextBlock - -sha1_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r1, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - clr r1 - clr r0 - ret - -/**/ -;########################################################### - -.global sha1_nextBlock -; === sha1_nextBlock === -; this is the core function for calculating SHA-1 hashes -; param1: the 16-bit pointer to sha1_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha1_nextBlock_localSpace = (16+5+1)*4 ; 16 32-bit values for w array and 5 32-bit values for a array (total 84 byte) - -xtmp = 0 -xNULL = 1 -W1 = 10 -W2 = 11 -T1 = 12 -T2 = 13 -T3 = 14 -T4 = 15 -LoopC = 16 -S = 17 -tmp1 = 18 -tmp2 = 19 -tmp3 = 20 -tmp4 = 21 -F1 = 22 -F2 = 23 -F3 = 24 -F4 = 25 - -/* byteorder: high number <--> high significance */ -sha1_nextBlock: - ; initial, let's make some space ready for local vars - /* replace push & pop by mem ops? */ - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack /* maybe removeable? */ - movw r30, r22 ; Z points to message - subi r20, lo8(sha1_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha1_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - push r18 - push r19 /* push old SP on new stack */ - push r24 - push r25 /* param1 will be needed later */ - - /* load a[] with state */ - movw 28, r24 /* load pointer to state in Y */ - adiw r26, 1 ; X++ - - ldi LoopC, 5*4 -1: ld tmp1, Y+ - st X+, tmp1 - dec LoopC - brne 1b - - movw W1, r26 /* save pointer to w[0] */ - /* load w[] with endian fixed message */ - /* we might also use the changeendian32() function at bottom */ - movw r30, r22 /* mv param2 (ponter to msg) to Z */ - ldi LoopC, 16 -1: - ldd tmp1, Z+3 - st X+, tmp1 - ldd tmp1, Z+2 - st X+, tmp1 - ldd tmp1, Z+1 - st X+, tmp1 - ld tmp1, Z - st X+, tmp1 - adiw r30, 4 - dec LoopC - brne 1b - - ;clr LoopC /* LoopC is named t in FIPS 180-2 */ - clr xtmp -sha1_nextBlock_mainloop: - mov S, LoopC - lsl S - lsl S - andi S, 0x3C /* S is a bytepointer so *4 */ - /* load w[s] */ - movw r26, W1 - add r26, S /* X points at w[s] */ - adc r27, xNULL - ld T1, X+ - ld T2, X+ - ld T3, X+ - ld T4, X+ - - /**/ - push r26 - push r27 - push T4 - push T3 - push T2 - push T1 - in r26, SPL - in r27, SPH - adiw r26, 1 - dbg_hexdump 4 - pop T1 - pop T2 - pop T3 - pop T4 - pop r27 - pop r26 - /**/ - - cpi LoopC, 16 - brlt sha1_nextBlock_mainloop_core - /* update w[s] */ - ldi tmp1, 2*4 - rcall 1f - ldi tmp1, 8*4 - rcall 1f - ldi tmp1, 13*4 - rcall 1f - rjmp 2f -1: /* this might be "outsourced" to save the jump above */ - add tmp1, S - andi tmp1, 0x3f - movw r26, W1 - add r26, tmp1 - adc r27, xNULL - ld tmp2, X+ - eor T1, tmp2 - ld tmp2, X+ - eor T2, tmp2 - ld tmp2, X+ - eor T3, tmp2 - ld tmp2, X+ - eor T4, tmp2 - ret -2: /* now we just hav to do a ROTL(T) and save T back */ - mov tmp2, T4 - rol tmp2 - rol T1 - rol T2 - rol T3 - rol T4 - movw r26, W1 - add r26, S - adc r27, xNULL - st X+, T1 - st X+, T2 - st X+, T3 - st X+, T4 - -sha1_nextBlock_mainloop_core: /* ther core function; T=ROTL5(a) ....*/ - /* T already contains w[s] */ - movw r26, W1 - sbiw r26, 4*1 /* X points at a[4] aka e */ - ld tmp1, X+ - add T1, tmp1 - ld tmp1, X+ - adc T2, tmp1 - ld tmp1, X+ - adc T3, tmp1 - ld tmp1, X+ - adc T4, tmp1 /* T = w[s]+e */ - sbiw r26, 4*5 /* X points at a[0] aka a */ - ld F1, X+ - ld F2, X+ - ld F3, X+ - ld F4, X+ - mov tmp1, F4 /* X points at a[1] aka b */ - ldi tmp2, 5 -1: - rol tmp1 - rol F1 - rol F2 - rol F3 - rol F4 - dec tmp2 - brne 1b - - add T1, F1 - adc T2, F2 - adc T3, F3 - adc T4, F4 /* T = ROTL(a,5) + e + w[s] */ - - /* now we have to do this fucking conditional stuff */ - ldi r30, lo8(sha1_nextBlock_xTable) - ldi r31, hi8(sha1_nextBlock_xTable) - add r30, xtmp - adc r31, xNULL - lpm tmp1, Z - cp tmp1, LoopC - brne 1f - inc xtmp -1: ldi r30, lo8(sha1_nextBlock_KTable) - ldi r31, hi8(sha1_nextBlock_KTable) - lsl xtmp - lsl xtmp - add r30, xtmp - adc r31, xNULL - lsr xtmp - lsr xtmp - - lpm tmp1, Z+ - add T1, tmp1 - lpm tmp1, Z+ - adc T2, tmp1 - lpm tmp1, Z+ - adc T3, tmp1 - lpm tmp1, Z+ - adc T4, tmp1 - /* T = ROTL(a,5) + e + kt + w[s] */ - - /* Z-4 is just pointing to kt ... */ - movw r28, r26 /* copy X in Y */ - adiw r30, 3*4 /* now Z points to the rigth locatin in our jump-vector-table */ - lsr r31 - ror r30 - - icall - mov F1, tmp1 - icall - mov F2, tmp1 - icall - mov F3, tmp1 - icall - - add T1, F1 - adc T2, F2 - adc T3, F3 - adc T4, tmp1 /* T = ROTL5(a) + f_t(b,c,d) + e + k_t + w[s] */ - /* X points still at a[1] aka b, Y points at a[2] aka c */ - /* update a[] */ -sha1_nextBlock_update_a: - /*first we move all vars in a[] "one up" e=d, d=c, c=b, b=a*/ - //adiw r28, 3*4 /* Y should point at a[4] aka e */ - movw r28, W1 - sbiw r28, 4 - - ldi tmp2, 4*4 -1: - ld tmp1, -Y - std Y+4, tmp1 - dec tmp2 - brne 1b - /* Y points at a[0] aka a*/ - - movw r28, W1 - sbiw r28, 5*4 - /* store T in a[0] aka a */ - st Y+, T1 - st Y+, T2 - st Y+, T3 - st Y+, T4 - /* Y points at a[1] aka b*/ - - /* rotate c */ - ldd T1, Y+1*4 - ldd T2, Y+1*4+1 - ldd T3, Y+1*4+2 - ldd T4, Y+1*4+3 - mov tmp1, T1 - ldi tmp2, 2 -1: ror tmp1 - ror T4 - ror T3 - ror T2 - ror T1 - dec tmp2 - brne 1b - std Y+1*4+0, T1 - std Y+1*4+1, T2 - std Y+1*4+2, T3 - std Y+1*4+3, T4 - - push r27 - push r26 - movw r26, W1 - sbiw r26, 4*5 - dbg_hexdump 4*5 - pop r26 - pop r27 - - inc LoopC - cpi LoopC, 80 - brge 1f - rjmp sha1_nextBlock_mainloop -/**************************************/ -1: - /* littel patch */ - sbiw r28, 4 - -/* add a[] to state and inc length */ - pop r27 - pop r26 /* now X points to state (and Y still at a[0]) */ - ldi tmp4, 5 -1: clc - ldi tmp3, 4 -2: ld tmp1, X - ld tmp2, Y+ - adc tmp1, tmp2 - st X+, tmp1 - dec tmp3 - brne 2b - dec tmp4 - brne 1b - - /* now length += 512 */ - adiw r26, 1 /* we skip the least significant byte */ - ld tmp1, X - ldi tmp2, hi8(512) /* 2 */ - add tmp1, tmp2 - st X+, tmp1 - ldi tmp2, 6 -1: - ld tmp1, X - adc tmp1, xNULL - st X+, tmp1 - dec tmp2 - brne 1b - -; EPILOG -sha1_nextBlock_epilog: -/* now we should clean up the stack */ - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - ret - -sha1_nextBlock_xTable: -.byte 20,40,60,0 -sha1_nextBlock_KTable: -.int 0x5a827999 -.int 0x6ed9eba1 -.int 0x8f1bbcdc -.int 0xca62c1d6 -sha1_nextBlock_JumpTable: -rjmp sha1_nextBlock_Ch - nop -rjmp sha1_nextBlock_Parity - nop -rjmp sha1_nextBlock_Maj - nop -rjmp sha1_nextBlock_Parity - - /* X and Y still point at a[1] aka b ; return value in tmp1 */ -sha1_nextBlock_Ch: - ld tmp1, Y+ - mov tmp2, tmp1 - com tmp2 - ldd tmp3, Y+3 /* load from c */ - and tmp1, tmp3 - ldd tmp3, Y+7 /* load from d */ - and tmp2, tmp3 - eor tmp1, tmp2 - ret - -sha1_nextBlock_Maj: - ld tmp1, Y+ - mov tmp2, tmp1 - ldd tmp3, Y+3 /* load from c */ - and tmp1, tmp3 - ldd tmp4, Y+7 /* load from d */ - and tmp2, tmp4 - eor tmp1, tmp2 - and tmp3, tmp4 - eor tmp1, tmp3 - ret - -sha1_nextBlock_Parity: - ld tmp1, Y+ - ldd tmp2, Y+3 /* load from c */ - eor tmp1, tmp2 - ldd tmp2, Y+7 /* load from d */ - eor tmp1, tmp2 - ret -/* -ch_str: .asciz "\r\nCh" -maj_str: .asciz "\r\nMaj" -parity_str: .asciz "\r\nParity" -*/ -;########################################################### - -.global sha1_init -;void sha1_init(sha1_ctx_t *state){ -; DEBUG_S("\r\nSHA1_INIT"); -; state->h[0] = 0x67452301; -; state->h[1] = 0xefcdab89; -; state->h[2] = 0x98badcfe; -; state->h[3] = 0x10325476; -; state->h[4] = 0xc3d2e1f0; -; state->length = 0; -;} -; param1: (Func3,r24) 16-bit pointer to sha1_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha1_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha1_init_vector)) - ldi r31, hi8((sha1_init_vector)) - ldi r22, 5*4 /* bytes to copy */ -sha1_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha1_init_vloop - ldi r22, 8 -sha1_init_lloop: - st X+, r1 - dec r22 - brne sha1_init_lloop - ret - -sha1_init_vector: -.int 0x67452301; -.int 0xefcdab89; -.int 0x98badcfe; -.int 0x10325476; -.int 0xc3d2e1f0; - diff --git a/shacal1/sha1.h b/shacal1/sha1.h deleted file mode 100644 index 6675d20..0000000 --- a/shacal1/sha1.h +++ /dev/null @@ -1,117 +0,0 @@ -/* sha1.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha1.h - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2006-10-08 - * \license GPLv3 or later - * \brief SHA-1 declaration. - * \ingroup SHA-1 - * - */ - -#ifndef SHA1_H_ -#define SHA1_H_ - -#include -/** \def SHA1_HASH_BITS - * definees the size of a SHA-1 hash in bits - */ - -/** \def SHA1_HASH_BYTES - * definees the size of a SHA-1 hash in bytes - */ - -/** \def SHA1_BLOCK_BITS - * definees the size of a SHA-1 input block in bits - */ - -/** \def SHA1_BLOCK_BYTES - * definees the size of a SHA-1 input block in bytes - */ -#define SHA1_HASH_BITS 160 -#define SHA1_HASH_BYTES (SHA1_HASH_BITS/8) -#define SHA1_BLOCK_BITS 512 -#define SHA1_BLOCK_BYTES (SHA1_BLOCK_BITS/8) - -/** \typedef sha1_ctx_t - * \brief SHA-1 context type - * - * A vatiable of this type may hold the state of a SHA-1 hashing process - */ -typedef struct { - uint32_t h[5]; - uint64_t length; -} sha1_ctx_t; - -/** \typedef sha1_hash_t - * \brief hash value type - * A variable of this type may hold a SHA-1 hash value - */ -typedef uint8_t sha1_hash_t[SHA1_HASH_BITS/8]; - -/** \fn sha1_init(sha1_ctx_t *state) - * \brief initializes a SHA-1 context - * This function sets a ::sha1_ctx_t variable to the initialization vector - * for SHA-1 hashing. - * \param state pointer to the SHA-1 context variable - */ -void sha1_init(sha1_ctx_t *state); - -/** \fn sha1_nextBlock(sha1_ctx_t *state, const void* block) - * \brief process one input block - * This function processes one input block and updates the hash context - * accordingly - * \param state pointer to the state variable to update - * \param block pointer to the message block to process - */ -void sha1_nextBlock (sha1_ctx_t *state, const void* block); - -/** \fn sha1_lastBlock(sha1_ctx_t *state, const void* block, uint16_t length_b) - * \brief processes the given block and finalizes the context - * This function processes the last block in a SHA-1 hashing process. - * The block should have a maximum length of a single input block. - * \param state pointer to the state variable to update and finalize - * \param block pointer to themessage block to process - * \param length_b length of the message block in bits - */ -void sha1_lastBlock (sha1_ctx_t *state, const void* block, uint16_t length_b); - -/** \fn sha1_ctx2hash(sha1_hash_t *dest, sha1_ctx_t *state) - * \brief convert a state variable into an actual hash value - * Writes the hash value corresponding to the state to the memory pointed by dest. - * \param dest pointer to the hash value destination - * \param state pointer to the hash context - */ -void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state); - -/** \fn sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b) - * \brief hashing a message which in located entirely in RAM - * This function automatically hashes a message which is entirely in RAM with - * the SHA-1 hashing algorithm. - * \param dest pointer to the hash value destination - * \param msg pointer to the message which should be hashed - * \param length_b length of the message in bits - */ -void sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b); - - - -#endif /*SHA1_H_*/ diff --git a/shacal1/shacal1_enc.c b/shacal1/shacal1_enc.c index 634f18d..62e5cd4 100644 --- a/shacal1/shacal1_enc.c +++ b/shacal1/shacal1_enc.c @@ -28,7 +28,7 @@ #include #include -#include "sha1.h" +#include "sha1/sha1.h" #include "shacal1_enc.h" void shacal1_enc(void* buffer, void* key, uint16_t keysize_b){ diff --git a/shacal2/sha256-asm.S b/shacal2/sha256-asm.S deleted file mode 100644 index d9eb6b6..0000000 --- a/shacal2/sha256-asm.S +++ /dev/null @@ -1,1042 +0,0 @@ -/* sha256-asm.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * Author: Daniel Otte - * - * License: GPLv3 or later -*/ -; sha-256 implementation in assembler -SHA256_BLOCK_BITS = 512 -SHA256_HASH_BITS = 256 - -.macro precall - /* push r18 - r27, r30 - r31*/ - push r0 - push r1 - push r18 - push r19 - push r20 - push r21 - push r22 - push r23 - push r24 - push r25 - push r26 - push r27 - push r30 - push r31 - clr r1 -.endm - -.macro postcall - pop r31 - pop r30 - pop r27 - pop r26 - pop r25 - pop r24 - pop r23 - pop r22 - pop r21 - pop r20 - pop r19 - pop r18 - pop r1 - pop r0 -.endm - - -.macro hexdump length - push r27 - push r26 - ldi r25, '\r' - mov r24, r25 - call uart_putc - ldi r25, '\n' - mov r24, r25 - call uart_putc - pop r26 - pop r27 - movw r24, r26 -.if \length > 16 - ldi r22, lo8(16) - ldi r23, hi8(16) - push r27 - push r26 - call uart_hexdump - pop r26 - pop r27 - adiw r26, 16 - hexdump \length-16 -.else - ldi r22, lo8(\length) - ldi r23, hi8(\length) - call uart_hexdump -.endif -.endm - -/* X points to Block */ -.macro dbg_hexdump length - precall - hexdump \length - postcall -.endm - -.section .text - -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -; -;sha256_ctx_t is: -; -; [h0][h1][h2][h3][h4][h5][h6][h7][length] -; hn is 32 bit large, length is 64 bit large - -;########################################################### - -.global sha256_ctx2hash -; === sha256_ctx2hash === -; this function converts a state into a normal hash (bytestring) -; param1: the 16-bit destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to sha256_ctx structure -; given in r23,r22 -sha256_ctx2hash: - movw r26, r22 - movw r30, r24 - ldi r21, 8 - sbiw r26, 4 -1: - ldi r20, 4 - adiw r26, 8 -2: - ld r0, -X - st Z+, r0 - dec r20 - brne 2b - - dec r21 - brne 1b - - ret - -;########################################################### - -.global sha256 -; === sha256 === -; this function calculates SHA-256 hashes from messages in RAM -; param1: the 16-bit hash destination pointer -; given in r25,r24 (r25 is most significant) -; param2: the 16-bit pointer to message -; given in r23,r22 -; param3: 32-bit length value (length of message in bits) -; given in r21,r20,r19,r18 -sha256: -sha256_prolog: - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r16 - push r17 - in r16, SPL - in r17, SPH - subi r16, 8*4+8 - sbci r17, 0 - in r0, SREG - cli - out SPL, r16 - out SPH, r17 - out SREG, r0 - - push r25 - push r24 - inc r16 - adc r17, r1 - - movw r8, r18 /* backup of length*/ - movw r10, r20 - - movw r12, r22 /* backup pf msg-ptr */ - - movw r24, r16 - rcall sha256_init - /* if length >= 512 */ -1: - tst r11 - brne 4f - tst r10 - brne 4f - mov r19, r9 - cpi r19, 0x02 - brlo 4f - - movw r24, r16 - movw r22, r12 - rcall sha256_nextBlock - ldi r19, 0x64 - add r22, r19 - adc r23, r1 - /* length -= 512 */ - ldi r19, 0x02 - sub r9, r19 - sbc r10, r1 - sbc r11, r1 - rjmp 1b - -4: - movw r24, r16 - movw r22, r12 - movw r20, r8 - rcall sha256_lastBlock - - pop r24 - pop r25 - movw r22, r16 - rcall sha256_ctx2hash - -sha256_epilog: - in r30, SPL - in r31, SPH - adiw r30, 8*4+8 - in r0, SREG - cli - out SPL, r30 - out SPH, r31 - out SREG, r0 - pop r17 - pop r16 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - -;########################################################### - - -; block MUST NOT be larger than 64 bytes - -.global sha256_lastBlock -; === sha256_lastBlock === -; this function does padding & Co. for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -; param3: an 16-bit integer specifing length of block in bits -; given in r21,r20 -sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1) - - -sha256_lastBlock: - cpi r21, 0x02 - brlo sha256_lastBlock_prolog - push r25 - push r24 - push r23 - push r22 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r22 - pop r23 - pop r24 - pop r25 - subi r21, 0x02 - subi r23, -2 - rjmp sha256_lastBlock -sha256_lastBlock_prolog: - /* allocate space on stack */ - in r30, SPL - in r31, SPH - in r1, SREG - subi r30, lo8(64) - sbci r31, hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - - adiw r30, 1 /* SP points to next free byte on stack */ - mov r18, r20 /* r20 = LSB(length) */ - lsr r18 - lsr r18 - lsr r18 - bst r21, 0 /* may be we should explain this ... */ - bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */ - - - movw r26, r22 /* X points to begin of msg */ - tst r18 - breq sha256_lastBlock_post_copy - mov r1, r18 -sha256_lastBlock_copy_loop: - ld r0, X+ - st Z+, r0 - dec r1 - brne sha256_lastBlock_copy_loop -sha256_lastBlock_post_copy: -sha256_lastBlock_insert_stuffing_bit: - ldi r19, 0x80 - mov r0,r19 - ldi r19, 0x07 - and r19, r20 /* if we are in bitmode */ - breq 2f /* no bitmode */ -1: - lsr r0 - dec r19 - brne 1b - ld r19, X -/* maybe we should do some ANDing here, just for safety */ - or r0, r19 -2: - st Z+, r0 - inc r18 - -/* checking stuff here */ - cpi r18, 64-8+1 - brsh 0f - rjmp sha256_lastBlock_insert_zeros -0: - /* oh shit, we landed here */ - /* first we have to fill it up with zeros */ - ldi r19, 64 - sub r19, r18 - breq 2f -1: - st Z+, r1 - dec r19 - brne 1b -2: - sbiw r30, 63 - sbiw r30, 1 - movw r22, r30 - - push r31 - push r30 - push r25 - push r24 - push r21 - push r20 - rcall sha256_nextBlock - pop r20 - pop r21 - pop r24 - pop r25 - pop r30 - pop r31 - - /* now we should subtract 512 from length */ - movw r26, r24 - adiw r26, 4*8+1 /* we can skip the lowest byte */ - ld r19, X - subi r19, hi8(512) - st X+, r19 - ldi r18, 6 -1: - ld r19, X - sbci r19, 0 - st X+, r19 - dec r18 - brne 1b - -; clr r18 /* not neccessary ;-) */ - /* reset Z pointer to begin of block */ - -sha256_lastBlock_insert_zeros: - ldi r19, 64-8 - sub r19, r18 - breq sha256_lastBlock_insert_length - clr r1 -1: - st Z+, r1 /* r1 is still zero */ - dec r19 - brne 1b - -; rjmp sha256_lastBlock_epilog -sha256_lastBlock_insert_length: - movw r26, r24 /* X points to state */ - adiw r26, 8*4 /* X points to (state.length) */ - adiw r30, 8 /* Z points one after the last byte of block */ - ld r0, X+ - add r0, r20 - st -Z, r0 - ld r0, X+ - adc r0, r21 - st -Z, r0 - ldi r19, 6 -1: - ld r0, X+ - adc r0, r1 - st -Z, r0 - dec r19 - brne 1b - - sbiw r30, 64-8 - movw r22, r30 - rcall sha256_nextBlock - -sha256_lastBlock_epilog: - in r30, SPL - in r31, SPH - in r1, SREG - adiw r30, 63 ; lo8(64) - adiw r30, 1 ; hi8(64) - cli - out SPL, r30 - out SPH, r31 - out SREG,r1 - clr r1 - clr r0 - ret - -/**/ -;########################################################### - -.global sha256_nextBlock -; === sha256_nextBlock === -; this is the core function for calculating SHA-256 hashes -; param1: the 16-bit pointer to sha256_ctx structure -; given in r25,r24 (r25 is most significant) -; param2: an 16-bit pointer to 64 byte block to hash -; given in r23,r22 -sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte) - -Bck1 = 12 -Bck2 = 13 -Bck3 = 14 -Bck4 = 15 -Func1 = 22 -Func2 = 23 -Func3 = 24 -Func4 = 25 -Accu1 = 16 -Accu2 = 17 -Accu3 = 18 -Accu4 = 19 -XAccu1 = 8 -XAccu2 = 9 -XAccu3 = 10 -XAccu4 = 11 -T1 = 4 -T2 = 5 -T3 = 6 -T4 = 7 -LoopC = 1 -/* byteorder: high number <--> high significance */ -sha256_nextBlock: - ; initial, let's make some space ready for local vars - push r4 /* replace push & pop by mem ops? */ - push r5 - push r6 - push r7 - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push r16 - push r17 - push r28 - push r29 - in r20, SPL - in r21, SPH - movw r18, r20 ;backup SP -; movw r26, r20 ; X points to free space on stack - movw r30, r22 ; Z points to message - subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63 - sbci r21, hi8(sha256_nextBlock_localSpace) - movw r26, r20 ; X points to free space on stack - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - push r18 - push r19 - push r24 - push r25 /* param1 will be needed later */ - ; now we fill the w array with message (think about endianess) - adiw r26, 1 ; X++ - ldi r20, 16 -sha256_nextBlock_wcpyloop: - ld r23, Z+ - ld r22, Z+ - ld r19, Z+ - ld r18, Z+ - st X+, r18 - st X+, r19 - st X+, r22 - st X+, r23 - dec r20 - brne sha256_nextBlock_wcpyloop -/* for (i=16; i<64; ++i){ - w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16]; - } */ - /* r25,r24,r23,r24 (r21,r20) are function values - r19,r18,r17,r16 are the accumulator - r15,r14,r13,rBck1 are backup1 - r11,r10,r9 ,r8 are xor accu - r1 is round counter */ - - ldi r20, 64-16 - mov LoopC, r20 -sha256_nextBlock_wcalcloop: - movw r30, r26 ; cp X to Z - sbiw r30, 63 - sbiw r30, 1 ; substract 64 = 16*4 - ld Accu1, Z+ - ld Accu2, Z+ - ld Accu3, Z+ - ld Accu4, Z+ /* w[i] = w[i-16] */ - ld Bck1, Z+ - ld Bck2, Z+ - ld Bck3, Z+ - ld Bck4, Z+ /* backup = w[i-15] */ - /* now sigma 0 */ - mov Func1, Bck2 - mov Func2, Bck3 - mov Func3, Bck4 - mov Func4, Bck1 /* prerotated by 8 */ - ldi r20, 1 - rcall bitrotl - movw XAccu1, Func1 - movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/ -sigma0_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - ror Bck1 - dec Func2 - brne sigma0_shr - eor XAccu1, Bck1 - eor XAccu2, Bck2 - eor XAccu3, Bck3 - eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - ldd Func1, Z+7*4 /* now accu += w[i-7] */ - ldd Func2, Z+7*4+1 - ldd Func3, Z+7*4+2 - ldd Func4, Z+7*4+3 - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - ldd Bck1, Z+12*4 /* now backup = w[i-2]*/ - ldd Bck2, Z+12*4+1 - ldd Bck3, Z+12*4+2 - ldd Bck4, Z+12*4+3 - /* now sigma 1 */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 1 - rcall bitrotr - movw XAccu3, Func3 - movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */ -; movw Func1, Bck3 -; movw Func3, Bck1 /* prerotated by 16 */ - ldi r20, 2 - rcall bitrotr - eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/ - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/ -sigma1_shr: - lsr Bck4 - ror Bck3 - ror Bck2 - dec Func2 - brne sigma1_shr - eor XAccu1, Bck2 - eor XAccu2, Bck3 - eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */ - add Accu1, XAccu1 - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 /* finished with sigma0 */ - /* now let's store the shit */ - st X+, Accu1 - st X+, Accu2 - st X+, Accu3 - st X+, Accu4 - dec LoopC - breq 3f ; skip if zero - rjmp sha256_nextBlock_wcalcloop -3: - /* we are finished with w array X points one byte post w */ -/* init a array */ - pop r31 - pop r30 - push r30 - push r31 - ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */ -init_a_array: - ld r1, Z+ - st X+, r1 - dec r25 - brne init_a_array - -/* now the real fun begins */ -/* for (i=0; i<64; ++i){ - t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i]; - t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]); - memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; - a[4] += t1; - a[0] = t1 + t2; - } */ - /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */ - sbiw r26, 8*4 /* X still points at a[7]+1*/ - movw r28, r26 - ldi r30, lo8(sha256_kv) - ldi r31, hi8(sha256_kv) - dec r27 /* X - (64*4 == 256) */ - ldi r25, 64 - mov LoopC, r25 -sha256_main_loop: - /* now calculate t1 */ - /*CH(x,y,z) = (x&y)^((~x)&z)*/ - ldd T1, Y+5*4 - ldd T2, Y+5*4+1 - ldd T3, Y+5*4+2 - ldd T4, Y+5*4+3 /* y in T */ - ldd Func1, Y+4*4 - ldd Func2, Y+4*4+1 - ldd Func3, Y+4*4+2 - ldd Func4, Y+4*4+3 /* x in Func */ - ldd Bck1, Y+6*4 - ldd Bck2, Y+6*4+1 - ldd Bck3, Y+6*4+2 - ldd Bck4, Y+6*4+3 /* z in Bck */ - and T1, Func1 - and T2, Func2 - and T3, Func3 - and T4, Func4 - com Func1 - com Func2 - com Func3 - com Func4 - and Bck1, Func1 - and Bck2, Func2 - and Bck3, Func3 - and Bck4, Func4 - eor T1, Bck1 - eor T2, Bck2 - eor T3, Bck3 - eor T4, Bck4 /* done, CH(x,y,z) is in T */ - /* now SIGMA1(a[4]) */ - ldd Bck4, Y+4*4 /* think about using it from Func reg above*/ - ldd Bck1, Y+4*4+1 - ldd Bck2, Y+4*4+2 - ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */ - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotl /* rotr(x,6) */ - movw XAccu1, Func1 - movw XAccu3, Func3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 3 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 - movw Func1, Bck3 /* this prerotates furteh 16 bits*/ - movw Func3, Bck1 /* so we have now prerotated by 24 bits*/ - ldi r20, 1 - rcall bitrotr /* rotr(x,11) */ - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* finished with SIGMA1, add it to T */ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 - /* now we've to add a[7], w[i] and k[i] */ - ldd XAccu1, Y+4*7 - ldd XAccu2, Y+4*7+1 - ldd XAccu3, Y+4*7+2 - ldd XAccu4, Y+4*7+3 - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add a[7] */ - ld XAccu1, X+ - ld XAccu2, X+ - ld XAccu3, X+ - ld XAccu4, X+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add w[i] */ - lpm XAccu1, Z+ - lpm XAccu2, Z+ - lpm XAccu3, Z+ - lpm XAccu4, Z+ - add T1, XAccu1 - adc T2, XAccu2 - adc T3, XAccu3 - adc T4, XAccu4 /* add k[i] */ /* finished with t1 */ - /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/ - /* starting with MAJ(x,y,z) */ - ldd Func1, Y+4*0+0 - ldd Func2, Y+4*0+1 - ldd Func3, Y+4*0+2 - ldd Func4, Y+4*0+3 /* load x=a[0] */ - ldd XAccu1, Y+4*1+0 - ldd XAccu2, Y+4*1+1 - ldd XAccu3, Y+4*1+2 - ldd XAccu4, Y+4*1+3 /* load y=a[1] */ - and XAccu1, Func1 - and XAccu2, Func2 - and XAccu3, Func3 - and XAccu4, Func4 /* XAccu == (x & y) */ - ldd Bck1, Y+4*2+0 - ldd Bck2, Y+4*2+1 - ldd Bck3, Y+4*2+2 - ldd Bck4, Y+4*2+3 /* load z=a[2] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */ - ldd Func1, Y+4*1+0 - ldd Func2, Y+4*1+1 - ldd Func3, Y+4*1+2 - ldd Func4, Y+4*1+3 /* load y=a[1] */ - and Func1, Bck1 - and Func2, Bck2 - and Func3, Bck3 - and Func4, Bck4 - eor XAccu1, Func1 - eor XAccu2, Func2 - eor XAccu3, Func3 - eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */ - /* SIGMA0(a[0]) */ - ldd Bck1, Y+4*0+0 /* we should combine this with above */ - ldd Bck2, Y+4*0+1 - ldd Bck3, Y+4*0+2 - ldd Bck4, Y+4*0+3 - movw Func1, Bck1 - movw Func3, Bck3 - ldi r20, 2 - rcall bitrotr - movw Accu1, Func1 - movw Accu3, Func3 /* Accu = shr(a[0], 2) */ - movw Func1, Bck3 - movw Func3, Bck1 /* prerotate by 16 bits */ - ldi r20, 3 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */ - mov Func1, Bck4 - mov Func2, Bck1 - mov Func3, Bck2 - mov Func4, Bck3 /* prerotate by 24 bits */ - ldi r20, 2 - rcall bitrotl - eor Accu1, Func1 - eor Accu2, Func2 - eor Accu3, Func3 - eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */ - add Accu1, XAccu1 /* add previous result (MAJ)*/ - adc Accu2, XAccu2 - adc Accu3, XAccu3 - adc Accu4, XAccu4 - /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/ - /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */ - - ldi r21, 7*4 - adiw r28, 7*4 -a_shift_loop: - ld r25, -Y /* warning: this is PREdecrement */ - std Y+4, r25 - dec r21 - brne a_shift_loop - - ldd Bck1, Y+4*4+0 - ldd Bck2, Y+4*4+1 - ldd Bck3, Y+4*4+2 - ldd Bck4, Y+4*4+3 - add Bck1, T1 - adc Bck2, T2 - adc Bck3, T3 - adc Bck4, T4 - std Y+4*4+0, Bck1 - std Y+4*4+1, Bck2 - std Y+4*4+2, Bck3 - std Y+4*4+3, Bck4 - add Accu1, T1 - adc Accu2, T2 - adc Accu3, T3 - adc Accu4, T4 - std Y+4*0+0, Accu1 - std Y+4*0+1, Accu2 - std Y+4*0+2, Accu3 - std Y+4*0+3, Accu4 /* a array updated */ - - - dec LoopC - breq update_state - rjmp sha256_main_loop ;brne sha256_main_loop -update_state: - /* update state */ - /* pointers to state should still exist on the stack ;-) */ - pop r31 - pop r30 - ldi r21, 8 -update_state_loop: - ldd Accu1, Z+0 - ldd Accu2, Z+1 - ldd Accu3, Z+2 - ldd Accu4, Z+3 - ld Func1, Y+ - ld Func2, Y+ - ld Func3, Y+ - ld Func4, Y+ - add Accu1, Func1 - adc Accu2, Func2 - adc Accu3, Func3 - adc Accu4, Func4 - st Z+, Accu1 - st Z+, Accu2 - st Z+, Accu3 - st Z+, Accu4 - dec r21 - brne update_state_loop - /* now we just have to update the length */ - adiw r30, 1 /* since we add 512, we can simply skip the LSB */ - ldi r21, 2 - ldi r22, 6 - ld r20, Z - add r20, r21 - st Z+, r20 - clr r21 -sha256_nextBlock_fix_length: - brcc sha256_nextBlock_epilog - ld r20, Z - adc r20, r21 - st Z+, r20 - dec r22 - brne sha256_nextBlock_fix_length - -; EPILOG -sha256_nextBlock_epilog: -/* now we should clean up the stack */ - - pop r21 - pop r20 - in r0, SREG - cli ; we want to be uninterrupted while updating SP - out SPL, r20 - out SPH, r21 - out SREG, r0 - - clr r1 - pop r29 - pop r28 - pop r17 - pop r16 - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - pop r7 - pop r6 - pop r5 - pop r4 - ret - -sha256_kv: ; round-key-vector stored in ProgMem -.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c -.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b -.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9 -.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429 -.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272 -.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a -.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e -.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671 - - -;########################################################### - -.global sha256_init -;uint32_t sha256_init_vector[]={ -; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, -; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 }; -; -;void sha256_init(sha256_ctx_t *state){ -; state->length=0; -; memcpy(state->h, sha256_init_vector, 8*4); -;} -; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram -; modifys: Z(r30,r31), Func1, r22 -sha256_init: - movw r26, r24 ; (24,25) --> (26,27) load X with param1 - ldi r30, lo8((sha256_init_vector)) - ldi r31, hi8((sha256_init_vector)) - ldi r22, 32+8 -sha256_init_vloop: - lpm r23, Z+ - st X+, r23 - dec r22 - brne sha256_init_vloop - ret - -sha256_init_vector: -.word 0xE667, 0x6A09 -.word 0xAE85, 0xBB67 -.word 0xF372, 0x3C6E -.word 0xF53A, 0xA54F -.word 0x527F, 0x510E -.word 0x688C, 0x9B05 -.word 0xD9AB, 0x1F83 -.word 0xCD19, 0x5BE0 -.word 0x0000, 0x0000 -.word 0x0000, 0x0000 - -;########################################################### - -.global rotl32 -; === ROTL32 === -; function that rotates a 32 bit word to the left -; param1: the 32-bit word to rotate -; given in r25,r24,r23,r22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotl32: - cpi r20, 8 - brlo bitrotl - mov r21, r25 - mov r25, r24 - mov r24, r23 - mov r23, r22 - mov r22, r21 - subi r20, 8 - rjmp rotl32 -bitrotl: - clr r21 - clc -bitrotl_loop: - tst r20 - breq fixrotl - rol r22 - rol r23 - rol r24 - rol r25 - rol r21 - dec r20 - rjmp bitrotl_loop -fixrotl: - or r22, r21 - ret - - -;########################################################### - -.global rotr32 -; === ROTR32 === -; function that rotates a 32 bit word to the right -; param1: the 32-bit word to rotate -; given in r25,r24,r23,22 (r25 is most significant) -; param2: an 8-bit value telling how often to rotate -; given in r20 -; modifys: r21, r22 -rotr32: - cpi r20, 8 - brlo bitrotr - mov r21, r22 - mov r22, r23 - mov r23, r24 - mov r24, r25 - mov r25, r21 - subi r20, 8 - rjmp rotr32 -bitrotr: - clr r21 - clc -bitrotr_loop: - tst r20 - breq fixrotr - ror r25 - ror r24 - ror r23 - ror r22 - ror r21 - dec r20 - rjmp bitrotr_loop -fixrotr: - or r25, r21 - ret - - -;########################################################### - -.global change_endian32 -; === change_endian32 === -; function that changes the endianess of a 32-bit word -; param1: the 32-bit word -; given in r25,r24,r23,22 (r25 is most significant) -; modifys: r21, r22 -change_endian32: - movw r20, r22 ; (r22,r23) --> (r20,r21) - mov r22, r25 - mov r23, r24 - mov r24, r21 - mov r25, r20 - ret - diff --git a/shacal2/sha256.h b/shacal2/sha256.h deleted file mode 100644 index 24960a3..0000000 --- a/shacal2/sha256.h +++ /dev/null @@ -1,122 +0,0 @@ -/* sha256.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/** - * \file sha256.h - * \author Daniel Otte - * \date 2006-05-16 - * \license GPLv3 or later - * - */ - -#ifndef SHA256_H_ -#define SHA256_H_ - -#define __LITTLE_ENDIAN__ - - -#include - -/** \def SHA256_HASH_BITS - * defines the size of a SHA-256 hash value in bits - */ - -/** \def SHA256_HASH_BYTES - * defines the size of a SHA-256 hash value in bytes - */ - -/** \def SHA256_BLOCK_BITS - * defines the size of a SHA-256 input block in bits - */ - -/** \def SHA256_BLOCK_BYTES - * defines the size of a SHA-256 input block in bytes - */ - -#define SHA256_HASH_BITS 256 -#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8) -#define SHA256_BLOCK_BITS 512 -#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8) - -/** \typedef sha256_ctx_t - * \brief SHA-256 context type - * - * A variable of this type may hold the state of a SHA-256 hashing process - */ -typedef struct { - uint32_t h[8]; - uint64_t length; -} sha256_ctx_t; - -/** \typedef sha256_hash_t - * \brief SHA-256 hash value type - * - * A variable of this type may hold the hash value produced by the - * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function. - */ -typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES]; - -/** \fn void sha256_init(sha256_ctx_t *state) - * \brief initialise a SHA-256 context - * - * This function sets a ::sha256_ctx_t to the initial values for hashing. - * \param state pointer to the SHA-256 hashing context - */ -void sha256_init(sha256_ctx_t *state); - -/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block) - * \brief update the context with a given block - * - * This function updates the SHA-256 hash context by processing the given block - * of fixed length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - */ -void sha256_nextBlock (sha256_ctx_t* state, const void* block); - -/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b) - * \brief finalize the context with the given block - * - * This function finalizes the SHA-256 hash context by processing the given block - * of variable length. - * \param state pointer to the SHA-256 hash context - * \param block pointer to the block of fixed length (512 bit = 64 byte) - * \param length_b the length of the block in bits - */ -void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b); - -/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) - * \brief convert the hash state into the hash value - * This function reads the context and writes the hash value to the destination - * \param dest pointer to the location where the hash value should be written - * \param state pointer to the SHA-256 hash context - */ -void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state); - -/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b) - * \brief simple SHA-256 hashing function for direct hashing - * - * This function automaticaly hashes a given message of arbitary length with - * the SHA-256 hashing algorithm. - * \param dest pointer to the location where the hash value is going to be written to - * \param msg pointer to the message thats going to be hashed - * \param length_b length of the message in bits - */ -void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b); - -#endif /*SHA256_H_*/ diff --git a/shacal2/shacal2_enc.c b/shacal2/shacal2_enc.c index b5380e5..c0cadcd 100644 --- a/shacal2/shacal2_enc.c +++ b/shacal2/shacal2_enc.c @@ -28,7 +28,7 @@ #include #include -#include "sha256.h" +#include "sha256/sha256.h" #include "shacal2_enc.h" diff --git a/shacal2/shacal2_enc.h b/shacal2/shacal2_enc.h index ffa277c..3aeeafc 100644 --- a/shacal2/shacal2_enc.h +++ b/shacal2/shacal2_enc.h @@ -20,7 +20,7 @@ #define SHACAL2_ENC_H_ #include -#include "sha256.h" +#include "sha256/sha256.h" #define SHACAL2_BLOCKSIZE SHA256_HASH_BITS #define SHACAL2_BLOCKSIZE_B ((SHACAL2_BLOCKSIZE+7)/8) diff --git a/skein/memxor.S b/skein/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/skein/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/skein/memxor.h b/skein/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/skein/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/skein/ubi1024.c b/skein/ubi1024.c index ae17cb3..6e9cc4c 100644 --- a/skein/ubi1024.c +++ b/skein/ubi1024.c @@ -27,7 +27,7 @@ #include #include #include "threefish.h" -#include "memxor.h" +#include "memxor/memxor.h" #include "ubi.h" void ubi1024_init(ubi1024_ctx_t* ctx, const void* g, uint8_t type){ diff --git a/skein/ubi256.c b/skein/ubi256.c index 09eb1e9..31523da 100644 --- a/skein/ubi256.c +++ b/skein/ubi256.c @@ -27,7 +27,7 @@ #include #include #include "threefish.h" -#include "memxor.h" +#include "memxor/memxor.h" #include "ubi.h" void ubi256_init(ubi256_ctx_t* ctx, const void* g, uint8_t type){ diff --git a/skein/ubi512.c b/skein/ubi512.c index d6bab2d..a2bd33e 100644 --- a/skein/ubi512.c +++ b/skein/ubi512.c @@ -27,7 +27,7 @@ #include #include #include "threefish.h" -#include "memxor.h" +#include "memxor/memxor.h" #include "ubi.h" void ubi512_init(ubi512_ctx_t* ctx, const void* g, uint8_t type){ diff --git a/test_src/cmacvs.c b/test_src/cmacvs.c index 64bfd0b..60a56c8 100644 --- a/test_src/cmacvs.c +++ b/test_src/cmacvs.c @@ -30,8 +30,8 @@ #include #include #include "blockcipher_descriptor.h" -#include "bcal-basic.h" -#include "bcal-cmac.h" +#include "bcal/bcal-basic.h" +#include "bcal/bcal-cmac.h" #include "cmacvs.h" #include "string-extras.h" #include "cli.h" diff --git a/test_src/main-aes-test.c b/test_src/main-aes-test.c index 9ec7056..88f87d5 100644 --- a/test_src/main-aes-test.c +++ b/test_src/main-aes-test.c @@ -33,18 +33,18 @@ #include "performance_test.h" #include "dump.h" -#include "bcal_aes128.h" -#include "bcal_aes192.h" -#include "bcal_aes256.h" -#include "bcal-cbc.h" -#include "bcal-cfb_byte.h" -#include "bcal-cfb_bit.h" -#include "bcal-ofb.h" -#include "bcal-ctr.h" -#include "bcal-cmac.h" -#include "bcal-eax.h" +#include "bcal/bcal_aes128.h" +#include "bcal/bcal_aes192.h" +#include "bcal/bcal_aes256.h" +#include "bcal/bcal-cbc.h" +#include "bcal/bcal-cfb_byte.h" +#include "bcal/bcal-cfb_bit.h" +#include "bcal/bcal-ofb.h" +#include "bcal/bcal-ctr.h" +#include "bcal/bcal-cmac.h" +#include "bcal/bcal-eax.h" #include "cmacvs.h" -#include "bcal-performance.h" +#include "bcal/bcal-performance.h" #include #include diff --git a/test_src/main-aes128-test.c b/test_src/main-aes128-test.c index 1934026..4bd2e97 100644 --- a/test_src/main-aes128-test.c +++ b/test_src/main-aes128-test.c @@ -31,8 +31,8 @@ #include "cli.h" #include "performance_test.h" #include "blockcipher_descriptor.h" -#include "bcal-performance.h" -#include "bcal_aes128.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_aes128.h" #include #include #include diff --git a/test_src/main-aes192-test.c b/test_src/main-aes192-test.c index 1274b28..96fbf3e 100644 --- a/test_src/main-aes192-test.c +++ b/test_src/main-aes192-test.c @@ -31,8 +31,8 @@ #include "cli.h" #include "performance_test.h" #include "blockcipher_descriptor.h" -#include "bcal-performance.h" -#include "bcal_aes192.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_aes192.h" #include #include #include diff --git a/test_src/main-aes256-test.c b/test_src/main-aes256-test.c index 1715026..68a82ac 100644 --- a/test_src/main-aes256-test.c +++ b/test_src/main-aes256-test.c @@ -31,8 +31,8 @@ #include "cli.h" #include "performance_test.h" #include "blockcipher_descriptor.h" -#include "bcal-performance.h" -#include "bcal_aes256.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_aes256.h" #include #include #include diff --git a/test_src/main-base64-test.c b/test_src/main-base64-test.c index caf60fa..6187874 100644 --- a/test_src/main-base64-test.c +++ b/test_src/main-base64-test.c @@ -26,8 +26,8 @@ #include "uart_i.h" #include "debug.h" -#include "noekeon.h" -#include "noekeon_prng.h" +#include "noekeon/noekeon.h" +#include "noekeon/noekeon_prng.h" #include "base64_enc.h" #include "base64_dec.h" diff --git a/test_src/main-bigint-test.c b/test_src/main-bigint-test.c index 8fd4136..06d8706 100644 --- a/test_src/main-bigint-test.c +++ b/test_src/main-bigint-test.c @@ -26,8 +26,8 @@ #include "uart_i.h" #include "debug.h" -#include "noekeon.h" -#include "noekeon_prng.h" +#include "noekeon/noekeon.h" +#include "noekeon/noekeon_prng.h" #include "bigint.h" #include "bigint_io.h" diff --git a/test_src/main-blake-test.c b/test_src/main-blake-test.c index 6b18c38..aec3149 100644 --- a/test_src/main-blake-test.c +++ b/test_src/main-blake-test.c @@ -28,11 +28,11 @@ #include "blake_small.h" #include "blake_large.h" -#include "hfal_blake_small.h" -#include "hfal_blake_large.h" -#include "hfal-nessie.h" -#include "hfal-test.h" -#include "hfal-performance.h" +#include "hfal/hfal_blake_small.h" +#include "hfal/hfal_blake_large.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-test.h" +#include "hfal/hfal-performance.h" #include "shavs.h" #include "cli.h" #include "nessie_hash_test.h" diff --git a/test_src/main-bmw-test.c b/test_src/main-bmw-test.c index 2da30a0..f46f395 100644 --- a/test_src/main-bmw-test.c +++ b/test_src/main-bmw-test.c @@ -28,14 +28,14 @@ #include "bmw_small.h" #include "bmw_large.h" #include "cli.h" -#include "hfal_bmw_small.h" -#include "hfal_bmw_large.h" +#include "hfal/hfal_bmw_small.h" +#include "hfal/hfal_bmw_large.h" #include "shavs.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal-nessie.h" -#include "hfal-performance.h" -#include "hfal-test.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-performance.h" +#include "hfal/hfal-test.h" #include #include diff --git a/test_src/main-camellia-test.c b/test_src/main-camellia-test.c index fb9f881..ddcefac 100644 --- a/test_src/main-camellia-test.c +++ b/test_src/main-camellia-test.c @@ -30,8 +30,8 @@ #include "nessie_bc_test.h" #include "performance_test.h" #include "cli.h" -#include "bcal_camellia128.h" -#include "bcal-performance.h" +#include "bcal/bcal_camellia128.h" +#include "bcal/bcal-performance.h" #include #include #include diff --git a/test_src/main-cast5-test.c b/test_src/main-cast5-test.c index 3db72a7..392d8c0 100644 --- a/test_src/main-cast5-test.c +++ b/test_src/main-cast5-test.c @@ -29,8 +29,8 @@ #include #include "nessie_bc_test.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_cast5.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_cast5.h" #include "cli.h" #include diff --git a/test_src/main-cast6-test.c b/test_src/main-cast6-test.c index c295b69..bc7cb73 100644 --- a/test_src/main-cast6-test.c +++ b/test_src/main-cast6-test.c @@ -12,8 +12,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_cast6.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_cast6.h" #include #include diff --git a/test_src/main-cubehash-test.c b/test_src/main-cubehash-test.c index 2ae29e7..f69868c 100644 --- a/test_src/main-cubehash-test.c +++ b/test_src/main-cubehash-test.c @@ -27,13 +27,13 @@ #include "cubehash.h" #include "cli.h" -#include "hfal_cubehash.h" +#include "hfal/hfal_cubehash.h" #include "shavs.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal-nessie.h" -#include "hfal-performance.h" -#include "hfal-test.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-performance.h" +#include "hfal/hfal-test.h" #include #include diff --git a/test_src/main-des-test.c b/test_src/main-des-test.c index f6d237c..19ddadd 100644 --- a/test_src/main-des-test.c +++ b/test_src/main-des-test.c @@ -30,8 +30,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_des.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_des.h" #include #include diff --git a/test_src/main-dsa-test.c b/test_src/main-dsa-test.c index acbffa9..d599b77 100644 --- a/test_src/main-dsa-test.c +++ b/test_src/main-dsa-test.c @@ -26,18 +26,18 @@ #include "uart_i.h" #include "debug.h" -#include "noekeon.h" -#include "noekeon_prng.h" -#include "bigint.h" -#include "bigint_io.h" +#include "noekeon/noekeon.h" +#include "noekeon/noekeon_prng.h" +#include "bigint/bigint.h" +#include "bigint/bigint_io.h" #include "dsa.h" #include "dsa_key_blob.h" #include "cli.h" #include "performance_test.h" -#include "hfal_sha1.h" -#include "base64_enc.h" -#include "base64_dec.h" +#include "hfal/hfal_sha1.h" +#include "base64/base64_enc.h" +#include "base64/base64_dec.h" #include #include #include diff --git a/test_src/main-echo-test.c b/test_src/main-echo-test.c index b4d81a9..073cdd0 100644 --- a/test_src/main-echo-test.c +++ b/test_src/main-echo-test.c @@ -27,13 +27,13 @@ #include "echo.h" #include "cli.h" -#include "hfal_echo.h" +#include "hfal/hfal_echo.h" #include "shavs.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal-nessie.h" -#include "hfal-performance.h" -#include "hfal-test.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-performance.h" +#include "hfal/hfal-test.h" #include #include diff --git a/test_src/main-groestl-test.c b/test_src/main-groestl-test.c index 5b46497..ff47dc4 100644 --- a/test_src/main-groestl-test.c +++ b/test_src/main-groestl-test.c @@ -28,11 +28,11 @@ #include "groestl_small.h" #include "groestl_large.h" -#include "hfal_groestl_small.h" -#include "hfal_groestl_large.h" -#include "hfal-nessie.h" -#include "hfal-test.h" -#include "hfal-performance.h" +#include "hfal/hfal_groestl_small.h" +#include "hfal/hfal_groestl_large.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-test.h" +#include "hfal/hfal-performance.h" #include "shavs.h" #include "cli.h" #include "nessie_hash_test.h" diff --git a/test_src/main-hmac-md5-test.c b/test_src/main-hmac-md5-test.c index fcf6dce..0ae2d66 100644 --- a/test_src/main-hmac-md5-test.c +++ b/test_src/main-hmac-md5-test.c @@ -26,7 +26,7 @@ #include "uart_i.h" #include "debug.h" -#include "md5.h" +#include "md5/md5.h" #include "hmac-md5.h" /* #include "base64_enc.h" diff --git a/test_src/main-hmac-sha1-test.c b/test_src/main-hmac-sha1-test.c index 538d36a..2dc9fcc 100644 --- a/test_src/main-hmac-sha1-test.c +++ b/test_src/main-hmac-sha1-test.c @@ -26,7 +26,7 @@ #include "uart_i.h" #include "debug.h" -#include "sha1.h" +#include "sha1/sha1.h" #include "hmac-sha1.h" #include "nessie_mac_test.h" diff --git a/test_src/main-hmac-sha256-test.c b/test_src/main-hmac-sha256-test.c index b6ca3fa..b98fb20 100644 --- a/test_src/main-hmac-sha256-test.c +++ b/test_src/main-hmac-sha256-test.c @@ -26,7 +26,7 @@ #include "uart_i.h" #include "debug.h" -#include "sha256.h" +#include "sha256/sha256.h" #include "hmac-sha256.h" #include "cli.h" diff --git a/test_src/main-keccak-test.c b/test_src/main-keccak-test.c index 80ed373..ba66f31 100644 --- a/test_src/main-keccak-test.c +++ b/test_src/main-keccak-test.c @@ -27,13 +27,13 @@ #include "keccak.h" #include "cli.h" -#include "hfal_keccak.h" +#include "hfal/hfal_keccak.h" #include "shavs.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal-nessie.h" -#include "hfal-performance.h" -#include "hfal-test.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-performance.h" +#include "hfal/hfal-test.h" #include #include diff --git a/test_src/main-md5-test.c b/test_src/main-md5-test.c index 08c03cd..b046354 100644 --- a/test_src/main-md5-test.c +++ b/test_src/main-md5-test.c @@ -29,8 +29,8 @@ #include "md5.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal_md5.h" -#include "hfal-performance.h" +#include "hfal/hfal_md5.h" +#include "hfal/hfal-performance.h" #include #include diff --git a/test_src/main-noekeon-test.c b/test_src/main-noekeon-test.c index 47f9661..f19a91c 100644 --- a/test_src/main-noekeon-test.c +++ b/test_src/main-noekeon-test.c @@ -26,12 +26,12 @@ #include "uart_i.h" #include "debug.h" -#include +#include #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_noekeon.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_noekeon.h" #include #include diff --git a/test_src/main-omac-noekeon-test.c b/test_src/main-omac-noekeon-test.c index 117a2e1..4e85268 100644 --- a/test_src/main-omac-noekeon-test.c +++ b/test_src/main-omac-noekeon-test.c @@ -26,7 +26,7 @@ #include "uart_i.h" #include "debug.h" -#include "noekeon.h" +#include "noekeon/noekeon.h" #include "omac_noekeon.h" #include "cli.h" diff --git a/test_src/main-present-test.c b/test_src/main-present-test.c index 96b0ff7..23d3506 100644 --- a/test_src/main-present-test.c +++ b/test_src/main-present-test.c @@ -30,8 +30,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_present.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_present.h" #include #include diff --git a/test_src/main-rc5-test.c b/test_src/main-rc5-test.c index 95a3e06..6c7da70 100644 --- a/test_src/main-rc5-test.c +++ b/test_src/main-rc5-test.c @@ -30,8 +30,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_rc5.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_rc5.h" #include #include diff --git a/test_src/main-rc6-test.c b/test_src/main-rc6-test.c index 67513ad..b7e7786 100644 --- a/test_src/main-rc6-test.c +++ b/test_src/main-rc6-test.c @@ -30,8 +30,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_rc6.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_rc6.h" #include #include diff --git a/test_src/main-seed-test.c b/test_src/main-seed-test.c index 9ff4b3f..30433b8 100644 --- a/test_src/main-seed-test.c +++ b/test_src/main-seed-test.c @@ -35,8 +35,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_seed.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_seed.h" #include #include diff --git a/test_src/main-serpent-test.c b/test_src/main-serpent-test.c index 51575b9..db97c86 100644 --- a/test_src/main-serpent-test.c +++ b/test_src/main-serpent-test.c @@ -30,8 +30,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_serpent.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_serpent.h" #include #include diff --git a/test_src/main-sha1-test.c b/test_src/main-sha1-test.c index 1b19d0a..d1d819e 100644 --- a/test_src/main-sha1-test.c +++ b/test_src/main-sha1-test.c @@ -28,15 +28,15 @@ #include "sha1.h" #include "nessie_hash_test.h" -#include "hfal_sha1.h" -#include "hfal-performance.h" +#include "hfal/hfal_sha1.h" +#include "hfal/hfal-performance.h" #include #include #include #include "cli.h" #include "shavs.h" -#include "hfal_sha1.h" +#include "hfal/hfal_sha1.h" #include "dump.h" char* algo_name = "SHA-1"; diff --git a/test_src/main-sha256-test.c b/test_src/main-sha256-test.c index 1907390..292a898 100644 --- a/test_src/main-sha256-test.c +++ b/test_src/main-sha256-test.c @@ -29,15 +29,15 @@ #include "sha256.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal-performance.h" -#include "hfal-nessie.h" +#include "hfal/hfal-performance.h" +#include "hfal/hfal-nessie.h" #include #include #include #include "cli.h" #include "shavs.h" -#include "hfal_sha256.h" +#include "hfal/hfal_sha256.h" #include "dump.h" char* algo_name = "SHA-256"; diff --git a/test_src/main-shabal-test.c b/test_src/main-shabal-test.c index bcdc57a..7995df3 100644 --- a/test_src/main-shabal-test.c +++ b/test_src/main-shabal-test.c @@ -28,10 +28,10 @@ #include "shabal.h" #include "cli.h" -#include "hfal_shabal.h" -#include "hfal-test.h" -#include "hfal-nessie.h" -#include "hfal-performance.h" +#include "hfal/hfal_shabal.h" +#include "hfal/hfal-test.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-performance.h" #include "shavs.h" #include "nessie_hash_test.h" #include "performance_test.h" diff --git a/test_src/main-skein-test.c b/test_src/main-skein-test.c index 2f0b04e..dc46b13 100644 --- a/test_src/main-skein-test.c +++ b/test_src/main-skein-test.c @@ -27,16 +27,16 @@ #include "debug.h" #include "skein.h" -#include "hfal_skein256.h" -#include "hfal_skein512.h" -#include "hfal_skein1024.h" +#include "hfal/hfal_skein256.h" +#include "hfal/hfal_skein512.h" +#include "hfal/hfal_skein1024.h" #include "cli.h" #include "shavs.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal-performance.h" -#include "hfal-nessie.h" -#include "hfal-basic.h" +#include "hfal/hfal-performance.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-basic.h" #include diff --git a/test_src/main-skipjack-test.c b/test_src/main-skipjack-test.c index 3f1c75f..2192816 100644 --- a/test_src/main-skipjack-test.c +++ b/test_src/main-skipjack-test.c @@ -30,8 +30,8 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_skipjack.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_skipjack.h" #include #include diff --git a/test_src/main-tdes-test.c b/test_src/main-tdes-test.c index 7adc19e..4586199 100644 --- a/test_src/main-tdes-test.c +++ b/test_src/main-tdes-test.c @@ -30,9 +30,9 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_tdes.h" -#include "bcal_tdes2.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_tdes.h" +#include "bcal/bcal_tdes2.h" #include #include diff --git a/test_src/main-threefish-test.c b/test_src/main-threefish-test.c index 31748e4..f01aef7 100644 --- a/test_src/main-threefish-test.c +++ b/test_src/main-threefish-test.c @@ -30,10 +30,10 @@ #include "nessie_bc_test.h" #include "cli.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_threefish256.h" -#include "bcal_threefish512.h" -#include "bcal_threefish1024.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_threefish256.h" +#include "bcal/bcal_threefish512.h" +#include "bcal/bcal_threefish1024.h" #include #include diff --git a/test_src/main-twister-test.c b/test_src/main-twister-test.c index b4efd94..b9a47cb 100644 --- a/test_src/main-twister-test.c +++ b/test_src/main-twister-test.c @@ -30,13 +30,13 @@ #include "twister-large.h" #include "nessie_hash_test.h" #include "performance_test.h" -#include "hfal_twister224.h" -#include "hfal_twister256.h" -#include "hfal_twister384.h" -#include "hfal_twister512.h" -#include "hfal-nessie.h" -#include "hfal-performance.h" -#include "hfal-test.h" +#include "hfal/hfal_twister224.h" +#include "hfal/hfal_twister256.h" +#include "hfal/hfal_twister384.h" +#include "hfal/hfal_twister512.h" +#include "hfal/hfal-nessie.h" +#include "hfal/hfal-performance.h" +#include "hfal/hfal-test.h" #include "shavs.h" diff --git a/test_src/main-xtea-test.c b/test_src/main-xtea-test.c index c40046f..6fae984 100644 --- a/test_src/main-xtea-test.c +++ b/test_src/main-xtea-test.c @@ -29,8 +29,8 @@ #include "xtea.h" #include "nessie_bc_test.h" #include "performance_test.h" -#include "bcal-performance.h" -#include "bcal_xtea.h" +#include "bcal/bcal-performance.h" +#include "bcal/bcal_xtea.h" #include "cli.h" #include diff --git a/test_src/shavs.c b/test_src/shavs.c index 39b862b..3b0b389 100644 --- a/test_src/shavs.c +++ b/test_src/shavs.c @@ -30,7 +30,7 @@ #include #include #include "hashfunction_descriptor.h" -#include "hfal-basic.h" +#include "hfal/hfal-basic.h" #include "shavs.h" #include "string-extras.h" #include "cli.h" diff --git a/twister/gf256mul.S b/twister/gf256mul.S deleted file mode 100644 index b269d3a..0000000 --- a/twister/gf256mul.S +++ /dev/null @@ -1,82 +0,0 @@ -/* gf256mul.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: gf256mul.S - * Author: Daniel Otte - * Date: 2008-12-19 - * License: GPLv3 or later - * Description: peasant's algorithm for multiplication in GF(2^8) - * - */ - -#include -#define OPTIMIZE_SMALL_A - -/* - * param a: r24 - * param b: r22 - * param reducer: r20 - */ -A = 23 -B = 22 -P = 24 -.global gf256mul - -#ifdef OPTIMIZE_SMALL_A -gf256mul: - mov A, r24 - clr r24 -1: - lsr A - breq 4f - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - rjmp 1b -4: - brcc 2f - eor P, B -2: - ret - -#else - -gf256mul: - mov r21, r24 - clr r24 - ldi r25, 8 -1: - lsr A - brcc 2f - eor P, B -2: - lsl B - brcc 3f - eor B, r20 -3: - dec r25 - brne 1b - ret - -#endif diff --git a/twister/gf256mul.h b/twister/gf256mul.h deleted file mode 100644 index 87f1cb3..0000000 --- a/twister/gf256mul.h +++ /dev/null @@ -1,37 +0,0 @@ -/* gf256mul.h */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#ifndef GF256MUL_H_ -#define GF256MUL_H_ - -/** - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-12-19 - * \license GPLv3 - * \brief - * - * - */ - -#include - -uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); - -#endif /* GF256MUL_H_ */ - diff --git a/twister/memxor.S b/twister/memxor.S deleted file mode 100644 index a32058b..0000000 --- a/twister/memxor.S +++ /dev/null @@ -1,66 +0,0 @@ -/* memxor.S */ -/* - This file is part of the AVR-Crypto-Lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - * File: memxor.S - * Author: Daniel Otte - * Date: 2008-08-07 - * License: GPLv3 or later - * Description: memxor, XORing one block into another - * - */ - -/* - * void memxor(void* dest, const void* src, uint16_t n); - */ - /* - * param dest is passed in r24:r25 - * param src is passed in r22:r23 - * param n is passed in r20:r21 - */ -.global memxor -memxor: - movw r30, r24 - movw r26, r22 - movw r24, r20 - adiw r24, 0 - breq 2f -1: - ld r20, X+ - ld r21, Z - eor r20, r21 - st Z+, r20 - sbiw r24, 1 - brne 1b -2: - ret - - - - - - - - - - - - - - diff --git a/twister/memxor.h b/twister/memxor.h deleted file mode 100644 index a62a616..0000000 --- a/twister/memxor.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef MEMXOR_H_ -#define MEMXOR_H_ -#include - -void memxor(void* dest, const void* src, uint16_t n); - -#endif diff --git a/twister/twister-large.c b/twister/twister-large.c index 1775488..3455b5e 100644 --- a/twister/twister-large.c +++ b/twister/twister-large.c @@ -19,7 +19,7 @@ #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "twister.h" #include "twister-large.h" diff --git a/twister/twister-small-stub.c b/twister/twister-small-stub.c index 9eb4112..72cbe9c 100644 --- a/twister/twister-small-stub.c +++ b/twister/twister-small-stub.c @@ -2,7 +2,7 @@ #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "twister-small.h" /*********************************************************************/ diff --git a/twister/twister-small.c b/twister/twister-small.c index 5fb0536..4a05f19 100644 --- a/twister/twister-small.c +++ b/twister/twister-small.c @@ -2,7 +2,7 @@ #include #include -#include "memxor.h" +#include "memxor/memxor.h" #include "twister-small.h" /*********************************************************************/ diff --git a/twister/twister.c b/twister/twister.c index c82e22e..40f3836 100644 --- a/twister/twister.c +++ b/twister/twister.c @@ -23,10 +23,10 @@ #include #include "twister.h" #include "twister_tables.h" -#include "memxor.h" +#include "memxor/memxor.h" //#ifndef TWISTER_MUL_TABLE -# include "gf256mul.h" +# include "gf256mul/gf256mul.h" //#endif #define MDS(a,b) pgm_read_byte(&(twister_mds[(a)][(b)]))