From: bg Date: Wed, 27 Aug 2008 02:05:47 +0000 (+0000) Subject: new OMAC (CMAC) with Noekeon; + some bug fixes for the nessie test-env X-Git-Url: https://git.cryptolib.org/?p=avr-crypto-lib.git;a=commitdiff_plain;h=cf1c79ef3fa4bb22f0cab28b2b6e958293aca739 new OMAC (CMAC) with Noekeon; + some bug fixes for the nessie test-env --- diff --git a/config.h b/config.h index 05e65c2..a4624a6 100644 --- a/config.h +++ b/config.h @@ -26,7 +26,7 @@ /* uart.[ch] defines */ #define UART_INTERRUPT 1 -#define UART_BAUD_RATE 9600 +#define UART_BAUD_RATE 38400 #define UART_RXBUFSIZE 16 #define UART_TXBUFSIZE 16 #define UART_LINE_BUFFER_SIZE 40 diff --git a/md5.c b/md5.c index 1c87b53..88f4f68 100644 --- a/md5.c +++ b/md5.c @@ -20,9 +20,8 @@ * \file md5.c * \author Daniel Otte * \date 2006-07-31 - * \par License: - * GPLv3 or later - * \brief Implementation of the MD5 hash algorithm as described in RFC 1321 + * \license GPLv3 or later + * \brief Implementation of the MD5 hash algorithm as described in RFC 1321 * */ diff --git a/mkfiles/hmac-sha256.mk b/mkfiles/hmac-sha256.mk index fe14892..6b66546 100644 --- a/mkfiles/hmac-sha256.mk +++ b/mkfiles/hmac-sha256.mk @@ -6,7 +6,7 @@ MACS += $(ALGO_NAME) $(ALGO_NAME)_OBJ := hmac-sha256.o sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-hmac-sha256-test.o debug.o uart.o serial-tools.o \ - nessie_mac_test.o nessie_common.o + nessie_mac_test.o nessie_common.o cli.o $(ALGO_NAME)_NESSIE_TEST := "nessie" $(ALGO_NAME)_PEROFRMANCE_TEST := "performance" diff --git a/noekeon.h b/noekeon.h index f0eaf52..5817d9f 100644 --- a/noekeon.h +++ b/noekeon.h @@ -44,7 +44,7 @@ typedef uint8_t noekeon_ctx_t[16]; * \param key pointer to either the key (128 bit = 16 byte; direct mode) or * to the context (indirect mode) */ -void noekeon_enc(void* buffer, void* key); +void noekeon_enc(void* buffer, const void* key); /** \fn void noekeon_enc(void* buffer, void* key) * \brief noekeon encrytion funtion @@ -58,7 +58,7 @@ void noekeon_enc(void* buffer, void* key); * \param key pointer to either the key (128 bit = 16 byte; direct mode) or * to the context (indirect mode) */ -void noekeon_dec(void* buffer, void* key); +void noekeon_dec(void* buffer, const void* key); /** \fn void noekeon_init(void* key, noekeon_ctx_t* ctx) @@ -71,6 +71,6 @@ void noekeon_dec(void* buffer, void* key); * \param ctx pointer to the context to fill with key material * to the context (indirect mode) */ -void noekeon_init(void* key, noekeon_ctx_t* ctx); +void noekeon_init(const void* key, noekeon_ctx_t* ctx); #endif /*NOEKEON_H_*/ diff --git a/noekeon_omac.S b/noekeon_omac.S deleted file mode 100644 index d3d7c14..0000000 --- a/noekeon_omac.S +++ /dev/null @@ -1,175 +0,0 @@ -/* noekeon_omac.S */ -/* - This file is part of the Crypto-avr-lib/microcrypt-lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -/* - * \author Daniel Otte - * \email daniel.otte@rub.de - * \date 2008-08-06 - * \license GPLv3 or later - * - * - * - */ - -#include -#include "avr-asm-macros.S" - - -push_r18_r27_func: - pop r31 - pop r30 - push_range 18, 27 - ijmp - -pop_r18_r27_func: - pop r31 - pop r30 - pop_range 18, 27 - ijmp - -.extern noekeon_enc - -/* - * void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b, - * const void* key, uint8_t t) - */ - -/* param dest is passed in r24:r25 - * param msg is passed in r22:r23 - * param msglength_b is passed in r20:r21 - * param key is passed in r18:r19 - * param t is passed in r16 - */ -.global noekeon_omac -noekeon_omac: - stack_alloc 48 - adiw r30, 1 - ldi r17, 48 -1: - st Z+, r1 - dec r17 - brne 1b - sbiw r30, 48 - movw r26, r22 - movw r22, r18 - movw r18, r24 - movw r24, r30 - cpi r16, 0xff - breq 2f - st Z, r16 - rcall push_r18_r27_func - rcall noekeon_enc - rcall pop_r18_r27_func - movw r30, r24 -2: - tst r21 - brne fullblock - cpi r20, 128+1 - brlo lastblock -fullblock: - /* copy block to stack buffer */ - ldi r16, 16 -1: - ld r0, X+ - ld r17, Z - eor r0, r17 - st Z+, r0 - dec r16 - brne 1b - rcall push_r18_r27_func - rcall noekeon_enc - rcall pop_r18_r27_func - movw r30, r24 - subi r20, 128 - sbci r21, 0 - rjmp 2 -lastblock: - adiw r24, 16 - rcall push_r18_r27_func - rcall noekeon_enc - rcall pop_r18_r27_func - - bst r20, 6 /* set t bit if msglength_b%128==0*/ -2: - ldi r16, 16 - clc - movw r30, r24 /* z points to encrypted null vector (L) */ -1: - ld r0, Z - rol r0 - st Z+, r0 - dec r16 - brne 1b - brtc 2f - clt - rjmp 2b -2: /* B/P has been calculated */ - ldi r16, 16 - sbiw r30, 32 -3: - ld r0, Z - ldd r17, Z+16 - eor r0, r17 - st Z+, r0 - dec r16 - brne 3b - /* B/P has been xored into stack buffer */ - /* now we have to xor-in the remaining message */ - mov r16, r20 - subi r16, -7 - lsr r16 - lsr r16 - lsr r16 /* r 1*/ - sbiw r30, 16 -4: - ld r0, X+ - ld r17, Z - eor r0, r17 - st Z+, r0 - dec r16 - brne 4b - /* now we have only to insert the 1 at the end of message if msglength_b%128 != 0 */ - sbiw r30, 1 - andi r20, 0x07 - breq 7f - ldi r17, 1 -5: - dec r20 - breq 6f - lsl r17 - rjmp 5b -6: - ld r0, Z - eor r0, r17 - st Z, r0 -7: - call noekeon_enc - stack_free 48 - ret - - - - - - - - - - - - diff --git a/noekeon_omac.h b/noekeon_omac.h deleted file mode 100644 index a31c910..0000000 --- a/noekeon_omac.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef NOEKEON_OMAC_H_ -#define NOEKEON_OMAC_H_ - -#include "noekeon.h" -#include - -void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b, - const void* key, uint8_t t); - -#endif /*NOEKEON_OMAC_H_*/ diff --git a/omac_noekeon.S b/omac_noekeon.S new file mode 100644 index 0000000..a02f605 --- /dev/null +++ b/omac_noekeon.S @@ -0,0 +1,353 @@ +/* noekeon_omac.S */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2008-08-24 + * \license GPLv3 or later + * + * + * + */ + +#include +#include "avr-asm-macros.S" + +.extern noekeon_enc + + +/******************************************************************************/ + +/* + * void noekeon_omac_init(noekeon_omac_ctx_t* ctx){ + * memset(ctx, 0, 16); + * } + */ +/* + * param ctx in r24:r25 + */ + +.global omac_noekeon_init +omac_noekeon_init: + movw r30, r24 + ldi r24, 16 +1: + st Z+, r1 + dec r24 + brne 1b + ret + +/******************************************************************************/ + +/* + * void omac_noekeon_tweak(uint8_t t, const void* key, noekeon_omac_ctx_t* ctx){ + * *ctx[15] = t; + * noekeon_enc(ctx, key); + * } + */ +/* + * param t in r24 + * param key in r22:r23 + * param ctx in r20:r21 + */ +.global omac_noekeon_tweak +omac_noekeon_tweak: + movw r30, r20 + std Z+15, r24 + movw r24, r20 + rjmp noekeon_enc + +/******************************************************************************/ + +/* + * void noekeon_omac_next(const void* buffer, const void* key, noekeon_omac_ctx_t* ctx){ + * memxor(ctx, buffer, 16); + * noekeon_enc(ctx, key); + * } + */ +/* + * param buffer in r24:r25 + * param key in r22:r23 + * param ctx in r20:r21 + */ +.global omac_noekeon_next +omac_noekeon_next: + movw r26, r20 + movw r30, r24 + ldi r24, 16 +1: + ld r0, X + ld r25, Z+ + eor r0, r25 + st X+, r0 + dec r24 + brne 1b + movw r24, r20 + rjmp noekeon_enc + +/******************************************************************************/ + +/* + * void omac_noekeon_comppad(uint8_t* pad, const void* key, uint8_t length_b){ + * uint8_t c1,c2,r,j; + * memset(pad, 0, 16); + * noekeon_enc(pad, key); + * r=(length_b==128)?1:2; + * for(;r!=0;--r){ + * c1=0; + * for(j=0;j<16;++j){ + * c2 = c1; + * c1 = (pad[15-j])>>7; + * pad[15-j] = ((pad[15-j])<<1) | c2; + * } + * if(c1){ + * pad[15] ^= 0x87; + * } + * } + * if(length_b<128){ + * pad[(length_b)/8] ^= 0x80 >> (length_b%8); + * } + *} + */ +/* + * param pad in r24:r25 + * param key in r22:r23 + * param length_b in r20 + */ +.global omac_noekeon_comppad +omac_noekeon_comppad: + push_ r20, r24, r25 + ldi r20, 16 + movw r30, r24 +1: + st Z+, r1 + dec r20 + brne 1b + rcall noekeon_enc + pop_ r31, r30, r20 /* now Z points at pad, and r20 contains length_b */ + ldi r21, 1 + clt + cpi r20, 128 + breq 2f + set + inc r21 +2: + adiw r30, 16 + ldi r24, 16 + clc +3: + ld r0, -Z + rol r0 + st Z, r0 + dec r24 + brne 3b + + brcc 4f + ldi r24, 0x87 + ldd r0, Z+15 + eor r0, r24 + std Z+15, r0 +4: + dec r21 + brne 2b + /* the B/P calculation is done, now we have only to insert the one for + messages of a length != n*128 */ + brts 5f + ret +5: + /* r20 contains the length in bits where a one must be appended via xor */ + mov r21, r20 + lsr r21 + lsr r21 + lsr r21 + add r30, r21 + adc r31, r1 + andi r20, 0x07 + ldi r21, 0x80 +6: tst r20 + breq 8f +7: lsr r21 + dec r20 + brne 7b +8: + ld r24, Z + eor r24, r21 + st Z, r24 + ret + +/******************************************************************************/ + +/* + * void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, noekeon_omac_ctx_t* ctx){ + * while(length_b>128){ + * omac_noekeon_next(buffer, key, ctx); + * buffer = (uint8_t*)buffer +16; + * length_b -= 128; + * } + * uint8_t pad[16]; + * omac_noekeon_comppad(pad, key, length_b); + * memxor(pad, buffer, (length_b+7)/8); + * omac_noekeon_next(pad, key, ctx); + *} + */ +/* + * param buffer in r24:r25 + * param length_b in r22 + * param key in r20:r21 + * param ctx in r18:r19 + */ +.global omac_noekeon_last +omac_noekeon_last: + push_range 10, 16 + push_ r28, r29 + movw r28, r24 /* buffer */ + movw r12, r20 /* key */ + movw r14, r18 /* ctx */ + mov r16, r22 /* length_b */ +1: + cpi r16, 129 + brlo 2f + movw r22, r20 + movw r20, r18 + rcall omac_noekeon_next + adiw r28, 16 + subi r16, 128 +2: + stack_alloc 16 + adiw r30, 1 + movw r10, r30 + movw r24, r30 + movw r22, r12 + mov r20, r16 + rcall omac_noekeon_comppad + movw r30, r10 + subi r16, -7 + lsr r16 + lsr r16 + lsr r16 + breq 4f +3: + ld r0, Z + ld r24, Y+ + eor r0, r24 + st Z+, r0 + dec r16 + brne 3b +4: + movw r24, r10 + movw r22, r12 + movw r20, r14 + rcall omac_noekeon_next + stack_free 16 + + pop_ r29, r28 + pop_range 10, 16 + ret + +/******************************************************************************/ + +/* + *void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b, + * const void* key, uint8_t t){ + * omac_noekeon_init(dest); + * if(t!=0xff) + * omac_noekeon_tweak(t,key,dest); + * while(msglength_b>128){ + * omac_noekeon_next(msg, key, dest); + * msg = (uint8_t*)msg +16; + * msglength_b -= 128; + * } + * omac_noekeon_last(msg, msglength_b, key, dest); + *} + */ +/* + * param dest in r24:r25 + * param msg in r22:r23 + * param msglength_b in r20:r21 + * param key in r18:r19 + * param t in r16 + */ +MSG0 = 28 +MSG1 = 29 +KEY0 = 10 +KEY1 = 11 +LEN0 = 12 +LEN1 = 13 +DST0 = 14 +DST1 = 15 + +.global omac_noekeon +omac_noekeon: + push_ r28, r29 + push_range 10, 17 + movw MSG0, r22 /* msg */ + movw KEY0, r18 /* key */ + movw LEN0, r20 /* msglength_b */ + movw DST0, r24 /* dest */ + /* omac_noekeon_init(dest); */ + rcall omac_noekeon_init + cpi r16, 0xff + breq 1f + mov r24, r16 + movw r22, KEY0 + movw r20, DST0 + /* omac_noekeon_tweak(t,key,dest); */ + rcall omac_noekeon_tweak +1: + movw r16, LEN0 + tst r17 + breq 4f +3: + movw r24, MSG0 + movw r22, KEY0 + movw r20, DST0 + /* omac_noekeon_next(msg, key, dest); */ + rcall omac_noekeon_next + adiw MSG0, 16 + subi r16, 128 + sez + sbci r17, 0 /* wont change Z if result is zero */ + brne 3b +4: + movw r24, MSG0 + mov r22, r16 + movw r20, KEY0 + movw r18, DST0 + /* omac_noekeon_last(msg, msglength_b, key, dest); */ + call omac_noekeon_last + + pop_range 10, 17 + pop_ r29, r28 + ret + + + + + + + + + + + + + + + + diff --git a/omac_noekeon.h b/omac_noekeon.h new file mode 100644 index 0000000..a5c73d2 --- /dev/null +++ b/omac_noekeon.h @@ -0,0 +1,18 @@ +#ifndef NOEKEON_OMAC_H_ +#define NOEKEON_OMAC_H_ + +#include "noekeon.h" +#include + +typedef uint8_t noekeon_omac_ctx_t[16]; + +void omac_noekeon_init(noekeon_omac_ctx_t* ctx); +void omac_noekeont_tweak(uint8_t t, const void* key, noekeon_omac_ctx_t* ctx); +void omac_noekeon_next(const void* buffer, const void* key, + noekeon_omac_ctx_t* ctx); +void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, + noekeon_omac_ctx_t* ctx); +void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b, + const void* key, uint8_t t); + +#endif /*NOEKEON_OMAC_H_*/ diff --git a/sha1.c b/sha1.c index 89e9f8d..f812be9 100644 --- a/sha1.c +++ b/sha1.c @@ -19,9 +19,8 @@ /** * \file sha1.c * \author Daniel Otte - * \date 08.10.2006 - * \par License: - * GPLv3 + * \date 2006-10-08 + * \license GPLv3 or later * \brief SHA-1 implementation. * */ diff --git a/test_src/main-hmac-sha256-test.c b/test_src/main-hmac-sha256-test.c index 819ed57..7b55237 100644 --- a/test_src/main-hmac-sha256-test.c +++ b/test_src/main-hmac-sha256-test.c @@ -29,6 +29,7 @@ #include "sha256.h" #include "hmac-sha256.h" +#include "cli.h" #include "nessie_mac_test.h" #include @@ -81,12 +82,14 @@ int main (void){ uart_putstr(algo_name); uart_putstr_P(PSTR(")\r\nloaded and running\r\n")); -restart: + PGM_P u = PSTR("nessie\0test\0"); + void_fpt v[] = {testrun_nessie_hmacsha256, testrun_nessie_hmacsha256}; + while(1){ - if (!getnextwordn(str,20)) {DEBUG_S("DBG: W1\r\n"); goto error;} - if (strcmp(str, "nessie")) {DEBUG_S("DBG: 1b\r\n"); goto error;} - testrun_nessie_hmacsha256(); - goto restart; + if (!getnextwordn(str,20)){DEBUG_S("DBG: W1\r\n"); goto error;} + if(execcommand_d0_P(str, u, v)<0){ + uart_putstr_P(PSTR("\r\nunknown command\r\n")); + } continue; error: uart_putstr("ERROR\r\n"); diff --git a/test_src/nessie_common.c b/test_src/nessie_common.c index 020d5ab..ff087bf 100644 --- a/test_src/nessie_common.c +++ b/test_src/nessie_common.c @@ -87,7 +87,8 @@ void nessie_print_set_vector(uint8_t set, uint16_t vector){ uart_putstr_P(PSTR("\r\n\r\nSet ")); uart_putc('0'+set%10); uart_putstr_P(PSTR(", vector#")); - uart_putc((vector<100)?' ':'0'+vector/100); + uart_putc((vector<1000)?' ':'0'+vector/1000); + uart_putc((vector<100)?' ':'0'+(vector/100)%10); uart_putc((vector<10 )?' ':'0'+(vector/10)%10); uart_putc('0'+vector%10); uart_putc(':'); diff --git a/test_src/nessie_mac_test.c b/test_src/nessie_mac_test.c index 12863df..f8cfb28 100644 --- a/test_src/nessie_mac_test.c +++ b/test_src/nessie_mac_test.c @@ -50,7 +50,7 @@ void ascii_mac(char* data, char* desc, uint8_t* key){ PRINTKEY; nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx); sl = strlen(data); - while(sl>=nessie_mac_ctx.blocksize_B){ + while(sl>nessie_mac_ctx.blocksize_B){ nessie_mac_ctx.mac_next(data, ctx); data += nessie_mac_ctx.blocksize_B; sl -= nessie_mac_ctx.blocksize_B; @@ -75,7 +75,7 @@ void amillion_mac(uint8_t* key){ memset(block, 'a', nessie_mac_ctx.blocksize_B); nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx); - while(n>=nessie_mac_ctx.blocksize_B){ + while(n>nessie_mac_ctx.blocksize_B){ nessie_mac_ctx.mac_next(block, ctx); n -= nessie_mac_ctx.blocksize_B; } @@ -106,7 +106,7 @@ void zero_mac(uint16_t n, uint8_t* key){ memset(block, 0, nessie_mac_ctx.blocksize_B); nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b,ctx);; - while(n>=nessie_mac_ctx.blocksize_B*8){ + while(n>nessie_mac_ctx.blocksize_B*8){ nessie_mac_ctx.mac_next(block, ctx); n -= nessie_mac_ctx.blocksize_B*8; } @@ -148,12 +148,15 @@ void one_in512_mac(uint16_t pos, uint8_t* key){ /* now the real stuff */ memset(block, 0, 512/8); block[pos>>3] = 0x80>>(pos&0x7); - nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx);; - while(n>=nessie_mac_ctx.blocksize_B*8){ - nessie_mac_ctx.mac_next(block, ctx); + uint8_t* bp; + bp = block; + nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx); + while(n>nessie_mac_ctx.blocksize_B*8){ + nessie_mac_ctx.mac_next(bp, ctx); n -= nessie_mac_ctx.blocksize_B*8; + bp += nessie_mac_ctx.blocksize_B; } - nessie_mac_ctx.mac_last(block, n, key, nessie_mac_ctx.keysize_b, ctx); + nessie_mac_ctx.mac_last(bp, n, key, nessie_mac_ctx.keysize_b, ctx); nessie_mac_ctx.mac_conv(mac, ctx); PRINTMAC; } @@ -171,7 +174,7 @@ void tv4_mac(uint8_t* key){ memset(block, 0, 256/8); nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx);; - while(n>=nessie_mac_ctx.blocksize_B*8){ + while(n>nessie_mac_ctx.blocksize_B*8){ nessie_mac_ctx.mac_next(block, ctx); n -= nessie_mac_ctx.blocksize_B*8; } @@ -215,6 +218,7 @@ void nessie_mac_run(void){ {"Now is the time for all ", "\"Now is the time for all \""}, {"Now is the time for it", "\"Now is the time for it\""} }; + set=1; nessie_print_setheader(set); for(i=0; i