/* camellia-asm.S */
/*
- This file is part of the Crypto-avr-lib/microcrypt-lib.
+ This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
camellia_s:
movw r26, r24 ; backup r24,r25 -> X
clr r25
- call camellia_s2
+ rcall camellia_s2
mov r26, r24
mov r24, r27
- call camellia_s1
+ rcall camellia_s1
mov r27, r24
mov r24, r23
- call camellia_s3
+ rcall camellia_s3
mov r23, r24
mov r24, r22
- call camellia_s4
+ rcall camellia_s4
mov r22, r24
mov r24, r21
- call camellia_s2
+ rcall camellia_s2
mov r21, r24
mov r24, r20
- call camellia_s3
+ rcall camellia_s3
mov r20, r24
mov r24, r19
- call camellia_s4
+ rcall camellia_s4
mov r19, r24
mov r24, r18
- call camellia_s1
+ rcall camellia_s1
mov r18, r24
movw r24, r26
eor r23, r15
eor r24, r16
eor r25, r17
- call camellia_s
- call camellia_p
+ rcall camellia_s
+ rcall camellia_p
ret
;##############################################################################
B2 = 19
.global camellia128_keyop_rot15
camellia128_keyop_rot15:
- movw r30, r24 ; Z points at LSB of kl ;-- 0
+ movw r30, r24 ; Z points at LSB of kl ;-- 0
ldi r22, 2
-2: adiw r30, 15 ;-- 15
+2: adiw r30, 15 ;-- 15
ld r21, Z
- ld r20, -Z ;-- 14
+ ld r20, -Z ;-- 14
movw B1, r20 ; store Backup of the 2 MSB of kl
ror r20
ldi r21, 14
-1: ld r20, -Z ;-- 13..0
+1: ld r20, -Z ;-- 13..0
ror r20
- std Z+2, r20 ;-- (15..2)
+ std Z+2, r20 ;-- (15..2)
dec r21
brne 1b
ror B2
ror B1
- st Z+, B1 ;-- 1
+ st Z+, B1 ;-- 1
st Z, B2
- adiw r30, 15 ;-- 16
+ adiw r30, 15 ;-- 16
dec r22
brne 2b
B2 = 19
.global camellia128_keyop_inv_rot15
camellia128_keyop_inv_rot15:
- movw r30, r24 ; Z points at LSB of kl ;-- 0
+ movw r30, r24 ; Z points at LSB of kl ;-- 0
movw r26, r24 ; X also
ldi r22, 2
-2: ;-- 0
- ld r20, Z+ ;-- 0/1
- ld r21, Z+ ;-- 1/2
+2: ;-- 0
+ ld r20, Z+ ;-- 0/1
+ ld r21, Z+ ;-- 1/2
movw B1, r20 ; store Backup of the 2 LSB of kl
rol r21
ldi r20, 14
-1: ld r21, Z+ ;-- 2/14..3/16
+1: ld r21, Z+ ;-- 2/14..3/16
rol r21
- st X+, r21 ;-- (0..13)/(1..14)
+ st X+, r21 ;-- (0..13)/(1..14)
dec r20
brne 1b
rol B1
rol B2
- st X+, B1 ;-- 14/15
- st X+, B2 ;-- 15/16
+ st X+, B1 ;-- 14/15
+ st X+, B2 ;-- 15/16
dec r22
brne 2b
neg r22
SBRS xro_sec, 2 // KEY_DIR
rjmp 2f
- call camellia128_keyop_inv
+ rcall camellia128_keyop_inv
rjmp 3f
-2: call camellia128_keyop
+2: rcall camellia128_keyop
3: /* loop back */
SWAP_R br1_sec, bl1_sec
SWAP_R br2_sec, bl2_sec
dec loop_cnt
breq 2f
- jmp main_loop
+ rjmp main_loop
2:
pop r7
pop r8
// / * step 1 * /
ldi r26, lo8(camellia_sigma)
ldi r27, hi8(camellia_sigma)
- call X64_xor_in
- call camellia_s
- call camellia_p // / * f(x,k) is done * /
+ rcall X64_xor_in
+ rcall camellia_s
+ rcall camellia_p // / * f(x,k) is done * /
sbiw r30, 128/8
movw r28, r30 ; Z&Y point on kar now
call Y64_load_xor_store
// / * step 2 now * /
- call X64_xor_in
- call camellia_s
- call camellia_p // / * f(x,k) is done * /
- call Y64_load_xor_store
+ rcall X64_xor_in
+ rcall camellia_s
+ rcall camellia_p // / * f(x,k) is done * /
+ rcall Y64_load_xor_store
// / * now the xor part (kl and kr) * /
sbiw r30, 128/8 ; Z points to klr
brne 1b
// / * now s->kar ^= camellia_f(s->kal, camellia_sigma[2]); * /
- call X64_load ; load sigma[2]
+ rcall X64_load ; load sigma[2]
movw r26, r28 ; X&Y point at kal
- call X64_xor_in
- call camellia_s
- call camellia_p
+ rcall X64_xor_in
+ rcall camellia_s
+ rcall camellia_p
sbiw r28, 128/8/2 ; Y points at kar
- call Y64_load_xor_store
+ rcall Y64_load_xor_store
// / * now s->kal ^= camellia_f(s->kar, camellia_sigma[3]); * /
sbiw r26, 128/8 ;
- call X64_load ; load kar
+ rcall X64_load ; load kar
ldi r26, lo8(camellia_sigma+3*8)
ldi r27, hi8(camellia_sigma+3*8)
- call X64_xor_in ; xor sigma[3] in
- call camellia_s
- call camellia_p
- call Y64_load_xor_store
+ rcall X64_xor_in ; xor sigma[3] in
+ rcall camellia_s
+ rcall camellia_p
+ rcall Y64_load_xor_store
pop r28
pop r29
+