3 This file is part of the Crypto-avr-lib/microcrypt-lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 * License: GPLv3 or later
25 .include "avr-asm-macros.S"
27 ;###########################################################
31 .hword 0xa478, 0xd76a, 0xb756, 0xe8c7, 0x70db, 0x2420, 0xceee, 0xc1bd, 0x0faf, 0xf57c
32 .hword 0xc62a, 0x4787, 0x4613, 0xa830, 0x9501, 0xfd46, 0x98d8, 0x6980, 0xf7af, 0x8b44
33 .hword 0x5bb1, 0xffff, 0xd7be, 0x895c, 0x1122, 0x6b90, 0x7193, 0xfd98, 0x438e, 0xa679
34 .hword 0x0821, 0x49b4, 0x2562, 0xf61e, 0xb340, 0xc040, 0x5a51, 0x265e, 0xc7aa, 0xe9b6
35 .hword 0x105d, 0xd62f, 0x1453, 0x0244, 0xe681, 0xd8a1, 0xfbc8, 0xe7d3, 0xcde6, 0x21e1
36 .hword 0x07d6, 0xc337, 0x0d87, 0xf4d5, 0x14ed, 0x455a, 0xe905, 0xa9e3, 0xa3f8, 0xfcef
37 .hword 0x02d9, 0x676f, 0x4c8a, 0x8d2a, 0x3942, 0xfffa, 0xf681, 0x8771, 0x6122, 0x6d9d
38 .hword 0x380c, 0xfde5, 0xea44, 0xa4be, 0xcfa9, 0x4bde, 0x4b60, 0xf6bb, 0xbc70, 0xbebf
39 .hword 0x7ec6, 0x289b, 0x27fa, 0xeaa1, 0x3085, 0xd4ef, 0x1d05, 0x0488, 0xd039, 0xd9d4
40 .hword 0x99e5, 0xe6db, 0x7cf8, 0x1fa2, 0x5665, 0xc4ac, 0x2244, 0xf429, 0xff97, 0x432a
41 .hword 0x23a7, 0xab94, 0xa039, 0xfc93, 0x59c3, 0x655b, 0xcc92, 0x8f0c, 0xf47d, 0xffef
42 .hword 0x5dd1, 0x8584, 0x7e4f, 0x6fa8, 0xe6e0, 0xfe2c, 0x4314, 0xa301, 0x11a1, 0x4e08
43 .hword 0x7e82, 0xf753, 0xf235, 0xbd3a, 0xd2bb, 0x2ad7, 0xd391, 0xeb86
50 ;###########################################################
51 ;void md5_init(md5_ctx_t *state)
52 ; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram
53 ; modifys: Z(r30,r31), X(r25,r26)
54 ; size = 9+5*4 WORDS = 29 WORDS = 58 Bytes
56 movw r26, r24 ; (24,25) --> (26,27) load X with param1
57 ldi r30, lo8(md5_init_vector)
58 ldi r31, hi8(md5_init_vector)
75 ;###########################################################
77 ;void md5_init(md5_ctx_t *state)
78 ; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram
80 ; cycles = 1+16*3+4*2+4 = 1+48+12 = 61
81 ; size = 1+16*2+4+1 WORDS = 38 WORDS = 76 Bytes
123 ;###########################################################
127 uint32_t md5_F(uint32_t x, uint32_t y, uint32_t z){
128 return ((x&y)|((~x)&z));
155 uint32_t md5_G(uint32_t x, uint32_t y, uint32_t z){
156 return ((x&z)|((~z)&y));
183 uint32_t md5_H(uint32_t x, uint32_t y, uint32_t z){
202 uint32_t md5_I(uint32_t x, uint32_t y, uint32_t z){
203 return (y ^ (x | (~z)));
232 ; (as+0)&3 (as+3)&3 (as+1)&3 (as+2)&3
234 ; AS_SAVE0 AS_SAVE1 AS_SAVE2 AS_SAVE3
235 .byte 1*4, 0*4, 2*4, 3*4 ;as=1
236 .byte 2*4, 1*4, 3*4, 0*4 ;as=2
237 .byte 3*4, 2*4, 0*4, 1*4 ;as=3
238 .byte 0*4, 3*4, 1*4, 2*4 ;as=4
240 ;###########################################################
249 void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi){
251 md5_func_t* funcs[]={md5_F, md5_G, md5_H, md5_I};
253 / * a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). * /
254 t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + *((uint32_t*)block) + md5_T[i] ;
255 a[as]=a[(as+1)&3] + ROTL32(t, s);
306 ldi r30, lo8(T_table)
307 ldi r31, hi8(T_table)
316 /* loading T[i] into ACCU */
321 /* add *block to ACCU */
331 /* add a[as+0&3] to ACCU */
332 ldi r30, lo8(as_table)
333 ldi r31, hi8(as_table)
339 adc r31, r1 ; Z points to the correct row in as_table
344 movw r26, r24 ; X points to a[0]
346 adc r27, r1 ; X points at a[as&3]
358 /* loading z value */
367 /* loading x value */
376 /* loading y value */
380 ldi r30, pm_lo8(jump_table)
381 ldi r31, pm_hi8(jump_table)
383 adc r31, r1 ; Z points to the correct entry in our jump table
389 ijmp /* calls the function pointed by Z */
392 /* add ACCU to result of f() */
425 /* add a[(as+1)&3] */
452 ;###################################################################
454 void md5_nextBlock(md5_ctx_t *state, void* block){
464 uint8_t s1t[]={7,12,17,22}; // 1,-1 1,4 2,-1 3,-2
467 md5_core(a, &(((uint32_t*)block)[m*4+n]), 4-n, s1t[n],i++,0);
471 uint8_t s2t[]={5,9,14,20}; // 1,-3 1,1 2,-2 2,4
474 md5_core(a, &(((uint32_t*)block)[(1+m*4+n*5)&0xf]), 4-n, s2t[n],i++,1);
478 uint8_t s3t[]={4,11,16,23}; // 0,4 1,3 2,0 3,-1
481 md5_core(a, &(((uint32_t*)block)[(5-m*4+n*3)&0xf]), 4-n, s3t[n],i++,2);
485 uint8_t s4t[]={6,10,15,21}; // 1,-2 1,2 2,-1 3,-3
488 md5_core(a, &(((uint32_t*)block)[(0-m*4+n*7)&0xf]), 4-n, s4t[n],i++,3);