+++ /dev/null
-/* seed-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file seed-asm.S
- * \author Daniel Otte
- * \date 2007-06-1
- * \brief SEED parts in assembler for AVR
- * \par License
- * GPLv3 or later
- *
- */
-#include "avr-asm-macros.S"
-
-/******************************************************************************/
-/*
-#define M0 0xfc
-#define M1 0xf3
-#define M2 0xcf
-#define M3 0x3f
-
-#define X3 (((uint8_t*)(&x))[0])
-#define X2 (((uint8_t*)(&x))[1])
-#define X1 (((uint8_t*)(&x))[2])
-#define X0 (((uint8_t*)(&x))[3])
-
-#define Z3 (((uint8_t*)(&z))[0])
-#define Z2 (((uint8_t*)(&z))[1])
-#define Z1 (((uint8_t*)(&z))[2])
-#define Z0 (((uint8_t*)(&z))[3])
-
-uint32_t g_function(uint32_t x){
- uint32_t z;
- / * sbox substitution * /
- X3 = pgm_read_byte(&(seed_sbox2[X3]));
- X2 = pgm_read_byte(&(seed_sbox1[X2]));
- X1 = pgm_read_byte(&(seed_sbox2[X1]));
- X0 = pgm_read_byte(&(seed_sbox1[X0]));
- / * now the permutation * /
- Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3);
- Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0);
- Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1);
- Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2);
- return z;
-}
-*/
-M0 = 0xfc
-M1 = 0xf3
-M2 = 0xcf
-M3 = 0x3f
-X0 = 18
-X1 = 19
-X2 = 20
-X3 = 21
-Z0 = 25
-Z1 = 24
-Z2 = 23
-Z3 = 22
-T0 = X0
-T1 = 26
-T2 = 27
-T3 = X1
-/*
- * param x: r22:r25
- * X0 = R25
- * X1 = R24
- * X2 = R23
- * X3 = R22
- */
-seed_g_function:
- ldi r30, lo8(seed_sbox1)
- ldi r31, hi8(seed_sbox1)
- movw r26, r30
- add r30, Z2
- adc r31, r1
- lpm X2, Z
- movw r30, r26
- add r30, Z0
- adc r31, r1
- lpm X0, Z
- inc r27 /* switch X to point to sbox2 */
- movw r30, r26
- add r30, Z3
- adc r31, r1
- lpm X3, Z
- movw r30, r26
- add r30, Z1
- adc r31, r1
- lpm X1, Z
- /* now the secound part */
- mov Z0, X0
- mov Z1, X0
- mov Z2, X0
- mov Z3, X0
- andi Z0, M0
- andi Z1, M1
- andi Z2, M2
- andi Z3, M3
- mov T0, X1
- mov T1, X1
- mov T2, X1
- ; mov T3, X1 /* T3 = X1 */
- andi T0, M1
- andi T1, M2
- andi T2, M3
- andi T3, M0
- eor Z0, T0
- eor Z1, T1
- eor Z2, T2
- eor Z3, T3
- mov T0, X2
- mov T1, X2
- mov T2, X2
- mov T3, X2
- andi T0, M2
- andi T1, M3
- andi T2, M0
- andi T3, M1
- eor Z0, T0
- eor Z1, T1
- eor Z2, T2
- eor Z3, T3
- mov T0, X3
- mov T1, X3
- mov T2, X3
- mov T3, X3
- andi T0, M3
- andi T1, M0
- andi T2, M1
- andi T3, M2
- eor Z0, T0
- eor Z1, T1
- eor Z2, T2
- eor Z3, T3
- ret
-
-seed_sbox1:
-.byte 169, 133, 214, 211, 84, 29, 172, 37
-.byte 93, 67, 24, 30, 81, 252, 202, 99
-.byte 40, 68, 32, 157, 224, 226, 200, 23
-.byte 165, 143, 3, 123, 187, 19, 210, 238
-.byte 112, 140, 63, 168, 50, 221, 246, 116
-.byte 236, 149, 11, 87, 92, 91, 189, 1
-.byte 36, 28, 115, 152, 16, 204, 242, 217
-.byte 44, 231, 114, 131, 155, 209, 134, 201
-.byte 96, 80, 163, 235, 13, 182, 158, 79
-.byte 183, 90, 198, 120, 166, 18, 175, 213
-.byte 97, 195, 180, 65, 82, 125, 141, 8
-.byte 31, 153, 0, 25, 4, 83, 247, 225
-.byte 253, 118, 47, 39, 176, 139, 14, 171
-.byte 162, 110, 147, 77, 105, 124, 9, 10
-.byte 191, 239, 243, 197, 135, 20, 254, 100
-.byte 222, 46, 75, 26, 6, 33, 107, 102
-.byte 2, 245, 146, 138, 12, 179, 126, 208
-.byte 122, 71, 150, 229, 38, 128, 173, 223
-.byte 161, 48, 55, 174, 54, 21, 34, 56
-.byte 244, 167, 69, 76, 129, 233, 132, 151
-.byte 53, 203, 206, 60, 113, 17, 199, 137
-.byte 117, 251, 218, 248, 148, 89, 130, 196
-.byte 255, 73, 57, 103, 192, 207, 215, 184
-.byte 15, 142, 66, 35, 145, 108, 219, 164
-.byte 52, 241, 72, 194, 111, 61, 45, 64
-.byte 190, 62, 188, 193, 170, 186, 78, 85
-.byte 59, 220, 104, 127, 156, 216, 74, 86
-.byte 119, 160, 237, 70, 181, 43, 101, 250
-.byte 227, 185, 177, 159, 94, 249, 230, 178
-.byte 49, 234, 109, 95, 228, 240, 205, 136
-.byte 22, 58, 88, 212, 98, 41, 7, 51
-.byte 232, 27, 5, 121, 144, 106, 42, 154
-
-
-seed_sbox2:
-.byte 56, 232, 45, 166, 207, 222, 179, 184
-.byte 175, 96, 85, 199, 68, 111, 107, 91
-.byte 195, 98, 51, 181, 41, 160, 226, 167
-.byte 211, 145, 17, 6, 28, 188, 54, 75
-.byte 239, 136, 108, 168, 23, 196, 22, 244
-.byte 194, 69, 225, 214, 63, 61, 142, 152
-.byte 40, 78, 246, 62, 165, 249, 13, 223
-.byte 216, 43, 102, 122, 39, 47, 241, 114
-.byte 66, 212, 65, 192, 115, 103, 172, 139
-.byte 247, 173, 128, 31, 202, 44, 170, 52
-.byte 210, 11, 238, 233, 93, 148, 24, 248
-.byte 87, 174, 8, 197, 19, 205, 134, 185
-.byte 255, 125, 193, 49, 245, 138, 106, 177
-.byte 209, 32, 215, 2, 34, 4, 104, 113
-.byte 7, 219, 157, 153, 97, 190, 230, 89
-.byte 221, 81, 144, 220, 154, 163, 171, 208
-.byte 129, 15, 71, 26, 227, 236, 141, 191
-.byte 150, 123, 92, 162, 161, 99, 35, 77
-.byte 200, 158, 156, 58, 12, 46, 186, 110
-.byte 159, 90, 242, 146, 243, 73, 120, 204
-.byte 21, 251, 112, 117, 127, 53, 16, 3
-.byte 100, 109, 198, 116, 213, 180, 234, 9
-.byte 118, 25, 254, 64, 18, 224, 189, 5
-.byte 250, 1, 240, 42, 94, 169, 86, 67
-.byte 133, 20, 137, 155, 176, 229, 72, 121
-.byte 151, 252, 30, 130, 33, 140, 27, 95
-.byte 119, 84, 178, 29, 37, 79, 0, 70
-.byte 237, 88, 82, 235, 126, 218, 201, 253
-.byte 48, 149, 101, 60, 182, 228, 187, 124
-.byte 14, 80, 57, 38, 50, 132, 105, 147
-.byte 55, 231, 36, 164, 203, 83, 10, 135
-.byte 217, 76, 131, 143, 206, 59, 74, 183
-
-/******************************************************************************/
-
-/*
-static
-uint64_t f_function(const uint64_t* a, uint32_t k0, uint32_t k1){
- uint32_t c,d;
-
- c = *a & 0x00000000FFFFFFFFLL;
- d = (*a>>32) & 0x00000000FFFFFFFFLL;
-
- c ^= k0; d ^= k1;
- d ^= c;
- d = g_function(d);
- c = bigendian_sum32(c,d);
- c = g_function(c);
- d = bigendian_sum32(c,d);
- d = g_function(d);
- c = bigendian_sum32(c,d);
- return ((uint64_t)d << 32) | c;
-}
-*/
-/*
- * param a r24:r25
- * param k0 r20:r23
- * param k1 r16:r19
- */
-D0 = 10
-D1 = 11
-C0 = 12
-C1 = 13
-C2 = 14
-C3 = 15
-D2 = 16
-D3 = 17
-seed_f_function:
- push_range 10, 17
- movw r30, r24
- ld C0, Z+
- ld C1, Z+
- ld C2, Z+
- ld C3, Z+
- eor C0, r20
- eor C1, r21
- eor C2, r22
- eor C3, r23
- ld r22, Z+
- ld r23, Z+
- ld r24, Z+
- ld r25, Z+
- eor r22, r16
- eor r23, r17
- eor r24, r18
- eor r25, r19
- eor r22, C0
- eor r23, C1
- eor r24, C2
- eor r25, C3
- rcall seed_g_function
- mov D0, r22
- mov D1, r23
- mov D2, r24
- mov D3, r25
-
- add r25, C3
- adc r24, C2
- adc r23, C1
- adc r22, C0
- rcall seed_g_function
- mov C0, r22
- mov C1, r23
- mov C2, r24
- mov C3, r25
-
- add r25, D3
- adc r24, D2
- adc r23, D1
- adc r22, D0
- rcall seed_g_function
- mov D0, r22
- mov D1, r23
- mov D2, r24
- mov D3, r25
-
- add C3, r25
- adc C2, r24
- adc C1, r23
- adc C0, r22
-
- mov r18, C0
- mov r19, C1
- mov r20, C2
- mov r21, C3
-
- pop_range 10, 17
- ret
-
-/******************************************************************************/
-/*
-void seed_init(uint8_t * key, seed_ctx_t * ctx){
- memcpy(ctx->k, key, 128/8);
-}
-*/
-
-.global seed_init
-seed_init:
- movw r26, r24
- movw r30, r22
- ldi r22, 16
-1:
- ld r0, X+
- st Z+, r0
- dec r22
- brne 1b
- ret
-/******************************************************************************/
-/*
-typedef struct {
- uint32_t k0, k1;
-} keypair_t;
-
-keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){
- keypair_t ret;
- if (curround>15){
- / * ERROR * /
- ret.k0 = ret.k1 = 0;
- } else {
- / * ret.k0 = seed_g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = seed_g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); * /
- ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
- ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
- ret.k0 = seed_g_function(ret.k0);
- ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
- ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = seed_g_function(ret.k1);
-
- if (curround & 1){
- / * odd round (1,3,5, ...) * /
- ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] );
- } else {
- / * even round (0,2,4, ...) * /
- ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]);
- }
- }
- return ret;
-}
-*/
-/*
- * param keystate: r24:r25
- * param curround: r22
- */
-XRC0 = 10
-XRC1 = 11
-XRC2 = 12
-XRC3 = 13
-D0 = 14
-D1 = 15
-D2 = 16
-D3 = 17
-
-compute_keys:
- ldi r30, lo8(seed_kc)
- ldi r31, hi8(seed_kc)
- lsl r22
- lsl r22
- add r30, r22
- adc r31, r1
- lpm XRC0, Z+
- lpm XRC1, Z+
- lpm XRC2, Z+
- lpm XRC3, Z+
- movw r28, r24
- ldd r25, Y+0*4+3
- ldd r24, Y+0*4+2
- ldd r23, Y+0*4+1
- ldd r22, Y+0*4+0
-
- ldd r0, Y+2*4+3
- add r25, r0
- ldd r0, Y+2*4+2
- adc r24, r0
- ldd r0, Y+2*4+1
- adc r23, r0
- ldd r0, Y+2*4+0
- adc r22, r0
-
- sub r25, XRC3
- sbc r24, XRC2
- sbc r23, XRC1
- sbc r22, XRC0
- rcall seed_g_function
- mov D0, r22
- mov D1, r23
- mov D2, r24
- mov D3, r25
-
-
- ldd r25, Y+1*4+3
- ldd r24, Y+1*4+2
- ldd r23, Y+1*4+1
- ldd r22, Y+1*4+0
-
- ldd r0, Y+3*4+3
- sub r25, r0
- ldd r0, Y+3*4+2
- sbc r24, r0
- ldd r0, Y+3*4+1
- sbc r23, r0
- ldd r0, Y+3*4+0
- sbc r22, r0
-
- add r25, XRC3
- adc r24, XRC2
- adc r23, XRC1
- adc r22, XRC0
- rcall seed_g_function
-
- mov r21, D3
- mov r20, D2
- mov r19, D1
- mov r18, D0
- ret
-
-seed_getnextkeys:
- push_range 10, 17
- push r28
- push r29
-; andi r22, 0x0F
- bst r22,0
- rcall compute_keys
- brtc even_round
-odd_round:
-
- adiw r28, 8
- ld r26, Y
- ldd r0, Y+1
- std Y+0, r0
- ldd r0, Y+2
- std Y+1, r0
- ldd r0, Y+3
- std Y+2, r0
- ldd r0, Y+4
- std Y+3, r0
- ldd r0, Y+5
- std Y+4, r0
- ldd r0, Y+6
- std Y+5, r0
- ldd r0, Y+7
- std Y+6, r0
- std Y+7, r26
-/*
- movw r30, r28
- ld r26, Z+
- ldi r27, 7
-1:
- ld r0, Z+
- st Y+, r0
- dec r27
- brne 1b
- st Y, r26
-*/
- rjmp 4f
-
-even_round:
-
- ldd r26, Y+7
- ldd r0, Y+6
- std Y+7, r0
- ldd r0, Y+5
- std Y+6, r0
- ldd r0, Y+4
- std Y+5, r0
- ldd r0, Y+3
- std Y+4, r0
- ldd r0, Y+2
- std Y+3, r0
- ldd r0, Y+1
- std Y+2, r0
- ldd r0, Y+0
- std Y+1, r0
- std Y+0, r26
-/*
- adiw r28, 7
- ld r26, Y
- ldi r27, 7
-1:
- ld r0, -Y
- std Y+1, r0
- dec r27
- brne 1b
- st Y, r26
-*/
-4:
- pop r29
- pop r28
- pop_range 10, 17
- ret
-
-/******************************************************************************/
-/*
-keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){
- keypair_t ret;
- if (curround>15){
- / * ERROR * /
- ret.k0 = ret.k1 = 0;
- } else {
- if (curround & 1){
- / * odd round (1,3,5, ..., 15) * /
- ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] );
- } else {
- / * even round (0,2,4, ..., 14) * /
- ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]);
- }
- / * ret.k0 = seed_g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = seed_g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); * /
- ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
- ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
- ret.k0 = seed_g_function(ret.k0);
- ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
- ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
- ret.k1 = seed_g_function(ret.k1);
- }
- return ret;
-}
-*/
-/*
- * param keystate: r24:r25
- * param curround: r22
- */
-
-seed_getprevkeys:
- push_range 10, 17
- push r28
- push r29
- movw r28, r24
-; andi r22, 0x0F
- bst r22, 0
- brts r_odd_round
-r_even_round:
- ldd r26, Y+0
- ldd r0, Y+1
- std Y+0, r0
- ldd r0, Y+2
- std Y+1, r0
- ldd r0, Y+3
- std Y+2, r0
- ldd r0, Y+4
- std Y+3, r0
- ldd r0, Y+5
- std Y+4, r0
- ldd r0, Y+6
- std Y+5, r0
- ldd r0, Y+7
- std Y+6, r0
- std Y+7, r26
-/*
- movw r30, r28
- ld r26, Z+
- ldi r27, 7
-1:
- ld r0, Z+
- st Y+, r0
- dec r27
- brne 1b
- st Y, r26
-*/
-
- rjmp 4f
-r_odd_round:
- ldd r26, Y+8+7
- ldd r0, Y+8+6
- std Y+8+7, r0
- ldd r0, Y+8+5
- std Y+8+6, r0
- ldd r0, Y+8+4
- std Y+8+5, r0
- ldd r0, Y+8+3
- std Y+8+4, r0
- ldd r0, Y+8+2
- std Y+8+3, r0
- ldd r0, Y+8+1
- std Y+8+2, r0
- ldd r0, Y+8+0
- std Y+8+1, r0
- std Y+8+0, r26
-/*
- adiw r28, 7
- ld r26, Y
- ldi r27, 7
-1:
- ld r0, -Y
- std Y+1, r0
- dec r27
- brne 1b
- st Y, r26
-*/
-4:
- rcall compute_keys
-
- pop r29
- pop r28
- pop_range 10, 17
- ret
-
-/******************************************************************************/
-
-seed_kc:
-.long 0xb979379e
-.long 0x73f36e3c
-.long 0xe6e6dd78
-.long 0xcccdbbf1
-.long 0x999b77e3
-.long 0x3337efc6
-.long 0x676ede8d
-.long 0xcfdcbc1b
-.long 0x9eb97937
-.long 0x3c73f36e
-.long 0x78e6e6dd
-.long 0xf1cccdbb
-.long 0xe3999b77
-.long 0xc63337ef
-.long 0x8d676ede
-.long 0x1bcfdcbc
-
-/******************************************************************************/
-/*
-#define L (((uint64_t*)buffer)[0])
-#define R (((uint64_t*)buffer)[1])
-
-void seed_enc(void * buffer, seed_ctx_t * ctx){
- uint8_t r;
- keypair_t k;
- for(r=0; r<8; ++r){
- k = seed_getnextkeys(ctx->k, 2*r);
-/ *
- DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
-* /
- L ^= seed_f_function(&R,k.k0,k.k1);
-
- k = seed_getnextkeys(ctx->k, 2*r+1);
-/ *
- DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
-* /
- R ^= seed_f_function(&L,k.k0,k.k1);
- }
- / * just an exchange without temp. variable * /
- L ^= R;
- R ^= L;
- L ^= R;
-}
-*/
-/*
- * param buffer: r24:r25
- * param ctx: r22:r23
- */
-CTR = 9
-xLPTR = 10
-xRPTR = 12
-CPTR = 14
-
-.global seed_enc
-seed_enc:
- push_range 9, 17
- push r28
- push r29
- clr CTR
- movw xLPTR, r24
- adiw r24, 8
- movw xRPTR, r24
- movw CPTR, r22
-1:
- movw r28, xLPTR
- movw r24, CPTR
- mov r22, CTR
- lsl r22
- rcall seed_getnextkeys
-
- /* use pen & paper to understand the following permutation */
- movw r16, r22
- movw r22, r18
- movw r18, r24
- movw r24, r20
- movw r20, r22
- movw r22, r24
- movw r24, xRPTR
-
- rcall seed_f_function
-
- ld r0, Y
- eor r0, r18
- st Y+, r0
- ld r0, Y
- eor r0, r19
- st Y+, r0
- ld r0, Y
- eor r0, r20
- st Y+, r0
- ld r0, Y
- eor r0, r21
- st Y+, r0
- ld r0, Y
- eor r0, r22
- st Y+, r0
- ld r0, Y
- eor r0, r23
- st Y+, r0
- ld r0, Y
- eor r0, r24
- st Y+, r0
- ld r0, Y
- eor r0, r25
- st Y+, r0
- /* secound half */
- movw r24, CPTR
- mov r22, CTR
- lsl r22
- inc r22
- rcall seed_getnextkeys
-
- movw r16, r22
- movw r22, r18
- movw r18, r24
- movw r24, r20
- movw r20, r22
- movw r22, r24
- movw r24, xLPTR
-
- rcall seed_f_function
-
- ld r0, Y
- eor r0, r18
- st Y+, r0
- ld r0, Y
- eor r0, r19
- st Y+, r0
- ld r0, Y
- eor r0, r20
- st Y+, r0
- ld r0, Y
- eor r0, r21
- st Y+, r0
- ld r0, Y
- eor r0, r22
- st Y+, r0
- ld r0, Y
- eor r0, r23
- st Y+, r0
- ld r0, Y
- eor r0, r24
- st Y+, r0
- ld r0, Y
- eor r0, r25
- st Y+, r0
-
- inc CTR
- bst CTR, 3
- brts 3f
- rjmp 1b
-3:
- movw r28, xLPTR
- movw r30, xRPTR
- ldi r17, 8
-4:
- ld r10, Y
- ld r11, Z
- st Z+, r10
- st Y+, r11
- dec r17
- brne 4b
-5:
- pop r29
- pop r28
- pop_range 9, 17
- ret
-
-/******************************************************************************/
-/*
-#define L (((uint64_t*)buffer)[0])
-#define R (((uint64_t*)buffer)[1])
-
-void seed_dec(void * buffer, seed_ctx_t * ctx){
- int8_t r;
- keypair_t k;
- for(r=7; r>=0; --r){
- k = seed_getprevkeys(ctx->k, 2*r+1);
-/ *
- DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8);
-* /
- L ^= seed_f_function(&R,k.k0,k.k1);
-
- k = seed_getprevkeys(ctx->k, 2*r+0);
-/ *
- DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4);
- DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4);
- DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8);
- DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8);
-* /
- R ^= seed_f_function(&L,k.k0,k.k1);
- }
- / * just an exchange without temp. variable * /
- L ^= R;
- R ^= L;
- L ^= R;
-}
-*/
-/*
- * param buffer: r24:r25
- * param ctx: r22:r23
- */
-CTR = 9
-xLPTR = 10
-xRPTR = 12
-CPTR = 14
-
-.global seed_dec
-seed_dec:
- push_range 9, 17
- push r28
- push r29
- ldi r16, 7
- mov CTR, r16
- movw xLPTR, r24
- adiw r24, 8
- movw xRPTR, r24
- movw CPTR, r22
-1:
- movw r28, xLPTR
- movw r24, CPTR
- mov r22, CTR
- lsl r22
- inc r22
- rcall seed_getprevkeys
-
- /* use pen & paper to understand the following permutation */
- movw r16, r22
- movw r22, r18
- movw r18, r24
- movw r24, r20
- movw r20, r22
- movw r22, r24
- movw r24, xRPTR
-
- rcall seed_f_function
-
- ld r0, Y
- eor r0, r18
- st Y+, r0
- ld r0, Y
- eor r0, r19
- st Y+, r0
- ld r0, Y
- eor r0, r20
- st Y+, r0
- ld r0, Y
- eor r0, r21
- st Y+, r0
- ld r0, Y
- eor r0, r22
- st Y+, r0
- ld r0, Y
- eor r0, r23
- st Y+, r0
- ld r0, Y
- eor r0, r24
- st Y+, r0
- ld r0, Y
- eor r0, r25
- st Y+, r0
- /* secound half */
- movw r24, CPTR
- mov r22, CTR
- lsl r22
- rcall seed_getprevkeys
-
- movw r16, r22
- movw r22, r18
- movw r18, r24
- movw r24, r20
- movw r20, r22
- movw r22, r24
- movw r24, xLPTR
-
- rcall seed_f_function
-
- ld r0, Y
- eor r0, r18
- st Y+, r0
- ld r0, Y
- eor r0, r19
- st Y+, r0
- ld r0, Y
- eor r0, r20
- st Y+, r0
- ld r0, Y
- eor r0, r21
- st Y+, r0
- ld r0, Y
- eor r0, r22
- st Y+, r0
- ld r0, Y
- eor r0, r23
- st Y+, r0
- ld r0, Y
- eor r0, r24
- st Y+, r0
- ld r0, Y
- eor r0, r25
- st Y+, r0
-
- dec CTR
- brmi 3f
- rjmp 1b
-3:
- movw r28, xLPTR
- movw r30, xRPTR
- ldi r17, 8
-4:
- ld r10, Y
- ld r11, Z
- st Z+, r10
- st Y+, r11
- dec r17
- brne 4b
-5:
- pop r29
- pop r28
- pop_range 9, 17
- ret
-
projects / avr-crypto-lib.git / blobdiff