3 This file is part of the AVR-Crypto-Lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 * \email daniel.otte@rub.de
23 * \license GPLv3 or later
30 #include "avr-asm-macros.S"
35 /******************************************************************************/
38 * void noekeon_omac_init(noekeon_omac_ctx_t *ctx){
43 * param ctx in r24:r25
46 .global omac_noekeon_init
56 /******************************************************************************/
59 * void omac_noekeon_tweak(uint8_t t, const void *key, noekeon_omac_ctx_t *ctx){
61 * noekeon_enc(ctx, key);
66 * param key in r22:r23
67 * param ctx in r20:r21
69 .global omac_noekeon_tweak
76 /******************************************************************************/
79 * void noekeon_omac_next(const void *buffer, const void *key, noekeon_omac_ctx_t *ctx){
80 * memxor(ctx, buffer, 16);
81 * noekeon_enc(ctx, key);
85 * param buffer in r24:r25
86 * param key in r22:r23
87 * param ctx in r20:r21
89 .global omac_noekeon_next
104 /******************************************************************************/
107 * void omac_noekeon_comppad(uint8_t *pad, const void *key, uint8_t length_b){
109 * memset(pad, 0, 16);
110 * noekeon_enc(pad, key);
111 * r=(length_b==128)?1:2;
116 * c1 = (pad[15-j])>>7;
117 * pad[15-j] = ((pad[15-j])<<1) | c2;
124 * pad[(length_b)/8] ^= 0x80 >> (length_b%8);
129 * param pad in r24:r25
130 * param key in r22:r23
131 * param length_b in r20
133 .global omac_noekeon_comppad
134 omac_noekeon_comppad:
143 pop_ r31, r30, r20 /* now Z points at pad, and r20 contains length_b */
169 /* the B/P calculation is done, now we have only to insert the one for
170 messages of a length != n*128 */
174 /* r20 contains the length in bits where a one must be appended via xor */
194 /******************************************************************************/
197 * void omac_noekeon_last(const void *buffer, uint8_t length_b, const void *key, noekeon_omac_ctx_t *ctx){
198 * while(length_b>128){
199 * omac_noekeon_next(buffer, key, ctx);
200 * buffer = (uint8_t*)buffer +16;
204 * omac_noekeon_comppad(pad, key, length_b);
205 * memxor(pad, buffer, (length_b+7)/8);
206 * omac_noekeon_next(pad, key, ctx);
210 * param buffer in r24:r25
211 * param length_b in r22
212 * param key in r20:r21
213 * param ctx in r18:r19
215 .global omac_noekeon_last
219 movw r28, r24 /* buffer */
220 movw r12, r20 /* key */
221 movw r14, r18 /* ctx */
222 mov r16, r22 /* length_b */
228 rcall omac_noekeon_next
238 rcall omac_noekeon_comppad
256 rcall omac_noekeon_next
263 /******************************************************************************/
266 *void omac_noekeon(void *dest, const void *msg, uint16_t msglength_b,
267 * const void *key, uint8_t t){
268 * omac_noekeon_init(dest);
270 * omac_noekeon_tweak(t,key,dest);
271 * while(msglength_b>128){
272 * omac_noekeon_next(msg, key, dest);
273 * msg = (uint8_t*)msg +16;
274 * msglength_b -= 128;
276 * omac_noekeon_last(msg, msglength_b, key, dest);
280 * param dest in r24:r25
281 * param msg in r22:r23
282 * param msglength_b in r20:r21
283 * param key in r18:r19
299 movw MSG0, r22 /* msg */
300 movw KEY0, r18 /* key */
301 movw LEN0, r20 /* msglength_b */
302 movw DST0, r24 /* dest */
303 /* omac_noekeon_init(dest); */
304 rcall omac_noekeon_init
310 /* omac_noekeon_tweak(t,key,dest); */
311 rcall omac_noekeon_tweak
320 /* omac_noekeon_next(msg, key, dest); */
321 rcall omac_noekeon_next
325 sbci r17, 0 /* wont change Z if result is zero */
332 /* omac_noekeon_last(msg, msglength_b, key, dest); */
333 call omac_noekeon_last