$sp.print(md_string[i].chr)
# print("DBG s: "+ md_string[i].chr) if $debug
if(i%20==19)
- sleep(0.1)
+# sleep(0.1)
end
end
end
def run_test(filename)
errors = 0
+ line=1
if not File.exist?(filename)
puts("ERROR file "+filename+" does not exist!")
end
b = (/[\s]*MD[\s]*=[\s]*([0-9a-fA-F]*).*/.match(avr_md))[1];
a.upcase!
b.upcase!
- puts("") if (pos%$linewidth==0 and $linewidth!=0)
+ printf("\n%4d: ", line) if (pos%$linewidth==0 and $linewidth!=0)
+ line += 1 if (pos%$linewidth==0 and $linewidth!=0)
#putc((a==b)?'*':'!')
if(a==b)
putc('*')
for i in (5..(ARGV.size-1))
errors = run_test(ARGV[i])
if errors == 0
- puts("[ok]")
+ puts("\n[ok]")
else
- puts("[errors: "+errors.to_s+"]")
+ puts("\n[errors: "+errors.to_s+"]")
end
end
$sp.print("EXIT\r");
# Makefile for Skein
-ALGO_NAME := SHABAL_C
+ALGO_NAME := SHABAL
# comment out the following line for removement of Skein from the build process
HASHES += $(ALGO_NAME)
-$(ALGO_NAME)_OBJ := shabal.o
+$(ALGO_NAME)_OBJ := shabal-asm.o shabal192-asm.o shabal224-asm.o \
+ shabal256-asm.o shabal384-asm.o shabal512-asm.o
$(ALGO_NAME)_TEST_BIN := main-shabal-test.o debug.o uart.o hexdigit_tab.o \
dbz_strings.o nessie_common.o cli.o string-extras.o performance_test.o \
nessie_hash_test.o hfal-basic.o hfal_shabal.o shavs.o
--- /dev/null
+# Makefile for Skein
+ALGO_NAME := SHABAL_C
+
+# comment out the following line for removement of Skein from the build process
+HASHES += $(ALGO_NAME)
+
+
+$(ALGO_NAME)_OBJ := shabal.o shabal192.o shabal224.o shabal256.o shabal384.o shabal512.o
+$(ALGO_NAME)_TEST_BIN := main-shabal-test.o debug.o uart.o hexdigit_tab.o \
+ dbz_strings.o nessie_common.o cli.o string-extras.o performance_test.o \
+ nessie_hash_test.o hfal-basic.o hfal_shabal.o shavs.o
+$(ALGO_NAME)_NESSIE_TEST := test nessie
+$(ALGO_NAME)_PERFORMANCE_TEST := performance
+
--- /dev/null
+/* shabal-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \file shabal-asm.S
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-04-27
+ * \license GPLv3 or later
+ */
+
+#include "avr-asm-macros.S"
+
+/******************************************************************************/
+/*
+void shabal_p(shabal_ctx_t* ctx, const void* m){
+ uint8_t i,j;
+ for(i=0;i<16;++i){
+ ctx->b[i] = ROTL32(ctx->b[i],17);
+ }
+ for(j=0;j<SHABAL_P;++j){
+ for(i=0;i<16;++i){
+ ctx->a[(i+16*j)%SHABAL_R] =
+ shabal_u(ctx->a[(i+16*j)%SHABAL_R]
+ ^ shabal_v(ROTL32(ctx->a[(i+16*j+SHABAL_R-1)%SHABAL_R],15))
+ ^ ctx->c[(8-i+16)%16])
+ ^ ctx->b[(i+SHABAL_O1)%16]
+ ^ ((ctx->b[(i+SHABAL_O2)%16]) & ~(ctx->b[(i+SHABAL_O3)%16]))
+ ^ ((uint32_t*)m)[i];
+ ctx->b[i] = ROTL32(ctx->b[i], 1) ^ ~(ctx->a[(i+16*j)%SHABAL_R]);
+ }
+ }
+
+ for(j=0;j<36;++j){
+ ctx->a[j%SHABAL_R] += ctx->c[(j+3)%16];
+ }
+}
+*/
+MB0 = 2
+MB1 = 3
+AB0 = 4
+AB1 = 5
+BB0 = 6
+BB1 = 7
+CB0 = 8
+CB1 = 9
+AL0 = 10
+AL1 = 11
+AL2 = 12
+AL3 = 13
+A0 = 14
+A1 = 15
+A2 = 16
+A3 = 17
+B0 = 18
+B1 = 19
+B2 = 20
+B3 = 21
+I = 22
+J = 23
+T0 = 26
+T1 = 27
+T2 = 28
+T3 = 29
+/*
+ * param ctx: r24:r25
+ * param m: r22:r23
+ */
+; .global shabal_p
+shabal_p:
+ push_range 2, 17
+ push r28
+ push r29
+ movw MB0, r22
+ movw r30, r24
+ adiw r30, 8
+ ld BB0, Z+
+ ld BB1, Z+
+ ld CB0, Z+
+ ld CB1, Z+
+ movw AB0, r30
+ movw r30, BB0
+ adiw r30, 16*4-1
+ adiw r30, 1
+ ldi r24, 16
+1:
+ ld A3, -Z
+ ld A2, -Z
+ ld A1, -Z
+ ld A0, -Z
+ mov r0, A3
+ rol r0
+ rol A0
+ rol A1
+ rol A2
+ rol A3
+ std Z+0, A2
+ std Z+1, A3
+ std Z+2, A0
+ std Z+3, A1
+ dec r24
+ brne 1b
+ movw B0, A2
+ movw B2, A0
+ /* load ctx->a[(i+16*j-1)%12]*/
+ movw r26, AB0
+ adiw r26, 4*11
+ ld AL0, X+
+ ld AL1, X+
+ ld AL2, X+
+ ld AL3, X+
+ clr I
+ clr J
+1:
+ /* ROTL32(AL, 15)*/
+ movw T0, AL2
+ movw T2, AL0
+ mov r0, T0
+ ror r0
+ ror T3
+ ror T2
+ ror T1
+ ror T0
+ movw AL0, T0
+ movw AL2, T2
+ /* apply V to AL */
+ movw A0, AL0
+ movw A2, AL2
+ lsl A0
+ rol A1
+ rol A2
+ rol A3
+ lsl A0
+ rol A1
+ rol A2
+ rol A3
+ add A0, AL0
+ adc A1, AL1
+ adc A2, AL2
+ adc A3, AL3
+ /* xor in ctx->c[(8-i+16)%16] */
+ ldi T0, 24
+ sub T0, I
+ andi T0, 0x0f
+ lsl T0
+ lsl T0
+ movw r30, CB0
+ add r30, T0
+ adc r31, r1
+ ld r0, Z+
+ eor A0, r0
+ ld r0, Z+
+ eor A1, r0
+ ld r0, Z+
+ eor A2, r0
+ ld r0, Z+
+ eor A3, r0
+ /* xor in ctx->a[(i+16*j)%12] */
+ mov T0, J
+ swap T0 /* *=16 */
+ add T0, I
+ ldi r30, lo8(mod12table)
+ ldi r31, hi8(mod12table)
+ add r30, T0
+ adc r31, r1
+ lpm T0, Z
+ movw r30, AB0
+ add r30, T0
+ adc r31, r1
+ movw T2, r30
+ ld r0, Z+
+ eor A0, r0
+ ld r0, Z+
+ eor A1, r0
+ ld r0, Z+
+ eor A2, r0
+ ld r0, Z+
+ eor A3, r0
+ /* AL = 3*A */
+ movw AL0, A0
+ movw AL2, A2
+ lsl AL0
+ rol AL1
+ rol AL2
+ rol AL3
+ add AL0, A0
+ adc AL1, A1
+ adc AL2, A2
+ adc AL3, A3
+ /* xor in ctx->b[(i+13)%16] */
+ ldi T0, 13
+ add T0, I
+ andi T0, 0x0f
+ lsl T0
+ lsl T0
+ movw r30, BB0
+ add r30, T0
+ adc r31, r1
+ ld r0, Z+
+ eor AL0, r0
+ ld r0, Z+
+ eor AL1, r0
+ ld r0, Z+
+ eor AL2, r0
+ ld r0, Z+
+ eor AL3, r0
+ /* load ctx->b[(i+9)%16] into A */
+ ldi T0, 9
+ add T0, I
+ andi T0, 0x0f
+ lsl T0
+ lsl T0
+ movw r30, BB0
+ add r30, T0
+ adc r31, r1
+ ld A0, Z+
+ ld A1, Z+
+ ld A2, Z+
+ ld A3, Z+
+ /* and in ~(ctx->b[(i+6)%16]) */
+ ldi T0, 6
+ add T0, I
+ andi T0, 0x0f
+ lsl T0
+ lsl T0
+ movw r30, BB0
+ add r30, T0
+ adc r31, r1
+ ld r0, Z+
+ com r0
+ and A0, r0
+ ld r0, Z+
+ com r0
+ and A1, r0
+ ld r0, Z+
+ com r0
+ and A2, r0
+ ld r0, Z+
+ com r0
+ and A3, r0
+ /* xor A into AL */
+ eor AL0, A0
+ eor AL1, A1
+ eor AL2, A2
+ eor AL3, A3
+ /* xor m[i] into AL */
+ mov T0, I
+ lsl T0
+ lsl T0
+ movw r30, MB0
+ add r30, T0
+ adc r31, r1
+ ld r0, Z+
+ eor AL0, r0
+ ld r0, Z+
+ eor AL1, r0
+ ld r0, Z+
+ eor AL2, r0
+ ld r0, Z+
+ eor AL3, r0
+ /* A (AL) is done, now store it */
+ movw r30, T2
+ st Z+, AL0
+ st Z+, AL1
+ st Z+, AL2
+ st Z+, AL3
+ /* process ctx->b[i] */
+ /* ROTL32(b, 1)*/
+ mov r0, B3
+ rol r0
+ rol B0
+ rol B1
+ rol B2
+ rol B3
+ /* xor in ~(ctx->a[(i+16*j)%SHABAL_R]) */
+ movw A0, AL0
+ movw A2, AL2
+ com A0
+ com A1
+ com A2
+ com A3
+ eor B0, A0
+ eor B1, A1
+ eor B2, A2
+ eor B3, A3
+ /* store B */
+ movw r30, BB0
+ mov T0, I
+ lsl T0
+ lsl T0
+ add r30, T0
+ adc r31, r1
+ st Z+, B0
+ st Z+, B1
+ st Z+, B2
+ st Z+, B3
+ inc I
+ cpi I, 16
+ brne local_reload
+ inc J
+ cpi J, 3
+ brne global_reload
+ rjmp addition
+global_reload:
+ clr I
+local_reload:
+ mov T0, I
+ lsl T0
+ lsl T0
+ movw r30, BB0
+ add r30, T0
+ adc r31, r1
+ ld B0, Z+
+ ld B1, Z+
+ ld B2, Z+
+ ld B3, Z+
+
+ rjmp 1b
+addition:
+ clr J
+ movw r30, AB0
+ movw r26, CB0
+ adiw r26, 3*4
+1:
+ /* J = 0..11 */
+ ld AL0, X+
+ ld A0, Z
+ add A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ inc J
+ cpi J, 12
+ brne 1b
+ /* J = 12 */
+ movw r30, AB0
+ ld AL0, X+
+ ld A0, Z
+ add A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ inc J
+ /* J= 13..23*/
+ movw r26, CB0
+1:
+ ld AL0, X+
+ ld A0, Z
+ add A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ inc J
+ cpi J, 24
+ brne 1b
+ /* J= 24..28*/
+ movw r30, AB0
+1:
+ ld AL0, X+
+ ld A0, Z
+ add A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ inc J
+ cpi J, 29
+ brne 1b
+
+ /* J= 29..35*/
+ movw r26, CB0
+1:
+ ld AL0, X+
+ ld A0, Z
+ add A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ ld AL0, X+
+ ld A0, Z
+ adc A0, AL0
+ st Z+, A0
+ inc J
+ cpi J, 36
+ brne 1b
+exit:
+ pop r29
+ pop r28
+ pop_range 2, 17
+ ret
+
+mod12table:
+ .byte 0, 4, 8, 12, 16, 20, 24, 28
+ .byte 32, 36, 40, 44, 0, 4, 8, 12
+ .byte 16, 20, 24, 28, 32, 36, 40, 44
+ .byte 0, 4, 8, 12, 16, 20, 24, 28
+ .byte 32, 36, 40, 44, 0, 4, 8, 12
+ .byte 16, 20, 24, 28, 32, 36, 40, 44
+
+/******************************************************************************/
+/*
+void shabal_nextBlock(shabal_ctx_t* ctx, const void* block){
+ uint8_t i;
+ uint32_t* t;
+ for(i=0;i<16;++i){
+ ctx->b[i] += ((uint32_t*)block)[i];
+ }
+ ctx->a[0] ^= ctx->w.w32[0];
+ ctx->a[1] ^= ctx->w.w32[1];
+ shabal_p(ctx, block);
+ for(i=0;i<16;++i){
+ ctx->c[i] -= ((uint32_t*)block)[i];
+ }
+ ctx->w.w64++;
+ t = ctx->c;
+ ctx->c = ctx->b;
+ ctx->b = t;
+}
+*/
+/*
+ * param ctx: r24:r25
+ * param block: r22:r23
+ */
+MB0 = 14
+MB1 = 15
+CTX0 = 16
+CTX1 = 17
+.global shabal_nextBlock
+shabal_nextBlock:
+ push_range 14, 17
+ movw CTX0, r24
+ movw MB0, r22
+ /* xor W into A and increment W */
+ movw r30, CTX0
+ ldi r19, 8
+ sec
+1:
+ ld r20, Z
+ ldd r21, Z+(8+4)
+ eor r21, r20
+ std Z+(8+4), r21
+ adc r20, r1
+ st Z+, r20
+ dec r19
+ brne 1b
+ /* add block to ctx->b */
+ ld r26, Z+
+ ld r27, Z
+ movw r30, MB0
+ ldi r19, 16
+1:
+ ld r0, X
+ ld r18, Z+
+ add r0, r18
+ st X+, r0
+ ld r0, X
+ ld r18, Z+
+ adc r0, r18
+ st X+, r0
+ ld r0, X
+ ld r18, Z+
+ adc r0, r18
+ st X+, r0
+ ld r0, X
+ ld r18, Z+
+ adc r0, r18
+ st X+, r0
+ dec r19
+ brne 1b
+ /* call shbal_p */
+ rcall shabal_p
+ /* sub block from ctx->c */
+ movw r30, CTX0
+ adiw r30, 8+2
+ ld r26, Z+
+ ld r27, Z
+ movw r30, MB0
+ ldi r19, 16
+1:
+ ld r0, X
+ ld r18, Z+
+ sub r0, r18
+ st X+, r0
+ ld r0, X
+ ld r18, Z+
+ sbc r0, r18
+ st X+, r0
+ ld r0, X
+ ld r18, Z+
+ sbc r0, r18
+ st X+, r0
+ ld r0, X
+ ld r18, Z+
+ sbc r0, r18
+ st X+, r0
+ dec r19
+ brne 1b
+ /* xchange ctx->b with ctx->c*/
+ movw r30, CTX0
+ ldd r22, Z+8
+ ldd r23, Z+9
+ ldd r24, Z+10
+ ldd r25, Z+11
+ std Z+10, r22
+ std Z+11, r23
+ std Z+8, r24
+ std Z+9, r25
+ pop_range 14, 17
+ ret
+
+/******************************************************************************/
+/*
+void shabal_lastBlock(shabal_ctx_t* ctx, const void* block, uint16_t length_b){
+ uint8_t i,j;
+ uint32_t* t;
+ uint8_t buffer[64];
+ while(length_b>=SHABAL_BLOCKSIZE){
+ shabal_nextBlock(ctx, block);
+ block = (uint8_t*)block + SHABAL_BLOCKSIZE_B;
+ length_b -= SHABAL_BLOCKSIZE;
+ }
+ memset(buffer, 0, 64);
+ memcpy(buffer, block, (length_b+7)/8);
+ buffer[length_b/8] |= 0x80>>(length_b%8);
+ for(i=0;i<16;++i){
+ ctx->b[i] += ((uint32_t*)buffer)[i];
+ }
+ for(j=0; j<4;++j){
+ ctx->a[0] ^= ctx->w.w32[0];
+ ctx->a[1] ^= ctx->w.w32[1];
+ shabal_p(ctx, buffer);
+ t = ctx->c;
+ ctx->c = ctx->b;
+ ctx->b = t;
+ }
+}
+*/
+I = 16
+LEN0 = 16
+LEN1 = 17
+CTX0 = 14
+CTX1 = 15
+MB0 = 12
+MB1 = 13
+/*
+ * param ctx: r24:r25
+ * param block: r22:r23
+ * param length_b: r20:r21
+ */
+.global shabal_lastBlock
+shabal_lastBlock:
+ push_range 12, 17
+ movw CTX0, r24
+ movw MB0, r22
+ movw LEN0, r20
+1:
+ cpi LEN1, 0x02
+ brlo 2f
+ movw r24, CTX0
+ movw r22, MB0
+ rcall shabal_nextBlock
+ subi LEN1, 0x02
+ ldi r18, 64
+ add MB0, r18
+ adc MB1, r1
+ rjmp 1b
+2:
+ stack_alloc_large 64
+ adiw r30, 1 /* Z points at buffer */
+ movw r26, MB0
+ /* r24 = LEN/8*/
+ movw r24, LEN0
+ lsr r25
+ ror r24
+ lsr r24
+ lsr r24
+ ldi r25, 64-1
+ sub r25, r24
+ tst r24
+ breq 32f
+31:
+ ld r0, X+
+ st Z+, r0
+ dec r24
+ brne 31b
+32:
+ ldi r18, 0x80
+ andi LEN0, 0x07
+ breq append_0x80
+ ld r0, X+
+33:
+ lsr r18
+ dec LEN0
+ brne 33b
+ or r0, r18
+ st Z+, r0
+ rjmp append_zeros
+append_0x80:
+ st Z+, r18
+append_zeros:
+ tst r25
+ breq 4f
+34: st Z+, r1
+ dec r25
+ brne 34b
+4:
+ sbiw r30, 63
+ sbiw r30, 1
+ movw MB0, r30
+ movw r26, CTX0
+ adiw r26, 8
+ ld r24, X+
+ ld r25, X
+ movw r26, r24
+ ldi r18, 16
+41:
+ ld r24, X
+ ld r25, Z+
+ add r24, r25
+ st X+, r24
+ ld r24, X
+ ld r25, Z+
+ adc r24, r25
+ st X+, r24
+ ld r24, X
+ ld r25, Z+
+ adc r24, r25
+ st X+, r24
+ ld r24, X
+ ld r25, Z+
+ adc r24, r25
+ st X+, r24
+ dec r18
+ brne 41b
+ /* final loop */
+ ldi I, 4
+5:
+ /* xor W into A */
+ movw r30, CTX0
+ ldi r19, 8
+51:
+ ld r24, Z+
+ ldd r25, Z+(8+4-1)
+ eor r24, r25
+ std Z+(8+4-1), r24
+ dec r19
+ brne 51b
+ movw r24, CTX0
+ movw r22, MB0
+ rcall shabal_p
+ movw r30, CTX0
+ ldd r22, Z+8
+ ldd r23, Z+9
+ ldd r24, Z+10
+ ldd r25, Z+11
+ std Z+10, r22
+ std Z+11, r23
+ std Z+8, r24
+ std Z+9, r25
+ dec I
+ brne 5b
+
+ stack_free_large 64
+ pop_range 12, 17
+ ret
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#include <stdint.h>
#include "shabal.h"
-#include <avr/pgmspace.h>
#include <string.h>
#define SHABAL_O1 13
for(i=0;i<16;++i){
ctx->b[i] = ROTL32(ctx->b[i],17);
}
- for(j=0;j<SHABAL_P;++j){
+ for(j=0;j<SHABAL_P;j++){
for(i=0;i<16;++i){
- ctx->a[(i+16*j)%SHABAL_R] =
- shabal_u(ctx->a[(i+16*j)%SHABAL_R]
- ^ shabal_v(ROTL32(ctx->a[(i+16*j+SHABAL_R-1)%SHABAL_R],15))
+ ctx->a[(i+j*16)%SHABAL_R] =
+ shabal_u(ctx->a[(i+j*16)%SHABAL_R]
+ ^ shabal_v(ROTL32(ctx->a[(i+j*16+SHABAL_R-1)%SHABAL_R],15))
^ ctx->c[(8-i+16)%16])
^ ctx->b[(i+SHABAL_O1)%16]
^ ((ctx->b[(i+SHABAL_O2)%16]) & ~(ctx->b[(i+SHABAL_O3)%16]))
^ ((uint32_t*)m)[i];
- ctx->b[i] = ROTL32(ctx->b[i], 1) ^ ~(ctx->a[(i+16*j)%SHABAL_R]);
+ ctx->b[i] = ROTL32(ctx->b[i], 1) ^ ~(ctx->a[(i+j*16)%SHABAL_R]);
}
}
for(j=0;j<36;++j){
ctx->a[j%SHABAL_R] += ctx->c[(j+3)%16];
}
-/*
- for (j=0; j<36; j++){
- ctx->a[(36 - 1 - j)%12] =
- ctx->a[(36 - 1 - j) % 12]
- + ctx->c[(36 * 16 + 6 - j) % 16];
-
- }
-*/
-}
-
-uint32_t shabal192_iv[] PROGMEM = {
- /* A */
- 0xFD749ED4, 0xB798E530, 0x33904B6F, 0x46BDA85E,
- 0x076934B4, 0x454B4058, 0x77F74527, 0xFB4CF465,
- 0x62931DA9, 0xE778C8DB, 0x22B3998E, 0xAC15CFB9,
- /* B */
- 0x58BCBAC4, 0xEC47A08E, 0xAEE933B2, 0xDFCBC824,
- 0xA7944804, 0xBF65BDB0, 0x5A9D4502, 0x59979AF7,
- 0xC5CEA54E, 0x4B6B8150, 0x16E71909, 0x7D632319,
- 0x930573A0, 0xF34C63D1, 0xCAF914B4, 0xFDD6612C,
- /* C */
- 0x61550878, 0x89EF2B75, 0xA1660C46, 0x7EF3855B,
- 0x7297B58C, 0x1BC67793, 0x7FB1C723, 0xB66FC640,
- 0x1A48B71C, 0xF0976D17, 0x088CE80A, 0xA454EDF3,
- 0x1C096BF4, 0xAC76224B, 0x5215781C, 0xCD5D2669
-};
-
-
-uint32_t shabal224_iv[] PROGMEM = {
- /* A */
- 0xA5201467, 0xA9B8D94A, 0xD4CED997, 0x68379D7B,
- 0xA7FC73BA, 0xF1A2546B, 0x606782BF, 0xE0BCFD0F,
- 0x2F25374E, 0x069A149F, 0x5E2DFF25, 0xFAECF061,
- /* B */
- 0xEC9905D8, 0xF21850CF, 0xC0A746C8, 0x21DAD498,
- 0x35156EEB, 0x088C97F2, 0x26303E40, 0x8A2D4FB5,
- 0xFEEE44B6, 0x8A1E9573, 0x7B81111A, 0xCBC139F0,
- 0xA3513861, 0x1D2C362E, 0x918C580E, 0xB58E1B9C,
- /* C */
- 0xE4B573A1, 0x4C1A0880, 0x1E907C51, 0x04807EFD,
- 0x3AD8CDE5, 0x16B21302, 0x02512C53, 0x2204CB18,
- 0x99405F2D, 0xE5B648A1, 0x70AB1D43, 0xA10C25C2,
- 0x16F1AC05, 0x38BBEB56, 0x9B01DC60, 0xB1096D83
-};
-
-uint32_t shabal256_iv[] PROGMEM = {
- /* A */
- 0x52F84552, 0xE54B7999, 0x2D8EE3EC, 0xB9645191,
- 0xE0078B86, 0xBB7C44C9, 0xD2B5C1CA, 0xB0D2EB8C,
- 0x14CE5A45, 0x22AF50DC, 0xEFFDBC6B, 0xEB21B74A,
- /* B */
- 0xB555C6EE, 0x3E710596, 0xA72A652F, 0x9301515F,
- 0xDA28C1FA, 0x696FD868, 0x9CB6BF72, 0x0AFE4002,
- 0xA6E03615, 0x5138C1D4, 0xBE216306, 0xB38B8890,
- 0x3EA8B96B, 0x3299ACE4, 0x30924DD4, 0x55CB34A5,
- /* C */
- 0xB405F031, 0xC4233EBA, 0xB3733979, 0xC0DD9D55,
- 0xC51C28AE, 0xA327B8E1, 0x56C56167, 0xED614433,
- 0x88B59D60, 0x60E2CEBA, 0x758B4B8B, 0x83E82A7F,
- 0xBC968828, 0xE6E00BF7, 0xBA839E55, 0x9B491C60
-};
-
-uint32_t shabal384_iv[] PROGMEM = {
- /* A */
- 0xC8FCA331, 0xE55C504E, 0x003EBF26, 0xBB6B8D83,
- 0x7B0448C1, 0x41B82789, 0x0A7C9601, 0x8D659CFF,
- 0xB6E2673E, 0xCA54C77B, 0x1460FD7E, 0x3FCB8F2D,
- /* B */
- 0x527291FC, 0x2A16455F, 0x78E627E5, 0x944F169F,
- 0x1CA6F016, 0xA854EA25, 0x8DB98ABE, 0xF2C62641,
- 0x30117DCB, 0xCF5C4309, 0x93711A25, 0xF9F671B8,
- 0xB01D2116, 0x333F4B89, 0xB285D165, 0x86829B36,
- /* C */
- 0xF764B11A, 0x76172146, 0xCEF6934D, 0xC6D28399,
- 0xFE095F61, 0x5E6018B4, 0x5048ECF5, 0x51353261,
- 0x6E6E36DC, 0x63130DAD, 0xA9C69BD6, 0x1E90EA0C,
- 0x7C35073B, 0x28D95E6D, 0xAA340E0D, 0xCB3DEE70
-};
-
-uint32_t shabal512_iv[] PROGMEM = {
- /* A */
- 0x20728DFD, 0x46C0BD53, 0xE782B699, 0x55304632,
- 0x71B4EF90, 0x0EA9E82C, 0xDBB930F1, 0xFAD06B8B,
- 0xBE0CAE40, 0x8BD14410, 0x76D2ADAC, 0x28ACAB7F,
- /* B */
- 0xC1099CB7, 0x07B385F3, 0xE7442C26, 0xCC8AD640,
- 0xEB6F56C7, 0x1EA81AA9, 0x73B9D314, 0x1DE85D08,
- 0x48910A5A, 0x893B22DB, 0xC5A0DF44, 0xBBC4324E,
- 0x72D2F240, 0x75941D99, 0x6D8BDE82, 0xA1A7502B,
- /* C */
- 0xD9BF68D1, 0x58BAD750, 0x56028CB2, 0x8134F359,
- 0xB5D469D8, 0x941A8CC2, 0x418B2A6E, 0x04052780,
- 0x7F07D787, 0x5194358F, 0x3C60D665, 0xBE97D79A,
- 0x950C3434, 0xAED9A06D, 0x2537DC8D, 0x7CDB5969,
-};
-
-void shabal192_init(shabal_ctx_t* ctx){
- uint8_t i;
- ctx->b = ctx->b_buffer;
- ctx->c = ctx->c_buffer;
- ctx->w.w64 = 1LL;
- for(i=0;i<SHABAL_R;++i){
- ctx->a[i] = pgm_read_dword(&(shabal192_iv[i]));
- }
- for(i=0;i<16;++i){
- ctx->b[i] = pgm_read_dword(&(shabal192_iv[SHABAL_R+i]));
- }
- for(i=0;i<16;++i){
- ctx->c[i] = pgm_read_dword(&(shabal192_iv[SHABAL_R+16+i]));
- }
-}
-
-void shabal224_init(shabal_ctx_t* ctx){
- uint8_t i;
- ctx->b = ctx->b_buffer;
- ctx->c = ctx->c_buffer;
- ctx->w.w64 = 1LL;
- for(i=0;i<SHABAL_R;++i){
- ctx->a[i] = pgm_read_dword(&(shabal224_iv[i]));
- }
- for(i=0;i<16;++i){
- ctx->b[i] = pgm_read_dword(&(shabal224_iv[SHABAL_R+i]));
- }
- for(i=0;i<16;++i){
- ctx->c[i] = pgm_read_dword(&(shabal224_iv[SHABAL_R+16+i]));
- }
-}
-void shabal256_init(shabal_ctx_t* ctx){
- uint8_t i;
- ctx->b = ctx->b_buffer;
- ctx->c = ctx->c_buffer;
- ctx->w.w64 = 1LL;
- for(i=0;i<SHABAL_R;++i){
- ctx->a[i] = pgm_read_dword(&(shabal256_iv[i]));
- }
- for(i=0;i<16;++i){
- ctx->b[i] = pgm_read_dword(&(shabal256_iv[SHABAL_R+i]));
- }
- for(i=0;i<16;++i){
- ctx->c[i] = pgm_read_dword(&(shabal256_iv[SHABAL_R+16+i]));
- }
-}
-void shabal384_init(shabal_ctx_t* ctx){
- uint8_t i;
- ctx->b = ctx->b_buffer;
- ctx->c = ctx->c_buffer;
- ctx->w.w64 = 1LL;
- for(i=0;i<SHABAL_R;++i){
- ctx->a[i] = pgm_read_dword(&(shabal384_iv[i]));
- }
- for(i=0;i<16;++i){
- ctx->b[i] = pgm_read_dword(&(shabal384_iv[SHABAL_R+i]));
- }
- for(i=0;i<16;++i){
- ctx->c[i] = pgm_read_dword(&(shabal384_iv[SHABAL_R+16+i]));
- }
-}
-void shabal512_init(shabal_ctx_t* ctx){
- uint8_t i;
- ctx->b = ctx->b_buffer;
- ctx->c = ctx->c_buffer;
- ctx->w.w64 = 1LL;
- for(i=0;i<SHABAL_R;++i){
- ctx->a[i] = pgm_read_dword(&(shabal512_iv[i]));
- }
- for(i=0;i<16;++i){
- ctx->b[i] = pgm_read_dword(&(shabal512_iv[SHABAL_R+i]));
- }
- for(i=0;i<16;++i){
- ctx->c[i] = pgm_read_dword(&(shabal512_iv[SHABAL_R+16+i]));
- }
}
void shabal_nextBlock(shabal_ctx_t* ctx, const void* block){
for(i=0;i<16;++i){
ctx->b[i] += ((uint32_t*)buffer)[i];
}
- ctx->a[0] ^= ctx->w.w32[0];
- ctx->a[1] ^= ctx->w.w32[1];
- shabal_p(ctx, buffer);
- t = ctx->c;
- ctx->c = ctx->b;
- ctx->b = t;
- for(j=0; j<3;++j){
+ for(j=0; j<4;++j){
ctx->a[0] ^= ctx->w.w32[0];
ctx->a[1] ^= ctx->w.w32[1];
shabal_p(ctx, buffer);
}
-static inline
void shabal_ctx2hash(void* dest, const shabal_ctx_t* ctx, uint16_t outlength_b){
memcpy(dest, &(ctx->c[16-outlength_b/32]), outlength_b/8);
}
-
-void shabal192_ctx2hash(void* dest, const shabal_ctx_t* ctx){
- shabal_ctx2hash(dest, ctx, 192);
-}
-
-void shabal224_ctx2hash(void* dest, const shabal_ctx_t* ctx){
- shabal_ctx2hash(dest, ctx, 224);
-}
-
-void shabal256_ctx2hash(void* dest, const shabal_ctx_t* ctx){
- shabal_ctx2hash(dest, ctx, 256);
-}
-
-void shabal384_ctx2hash(void* dest, const shabal_ctx_t* ctx){
- shabal_ctx2hash(dest, ctx, 384);
-}
-
-void shabal512_ctx2hash(void* dest, const shabal_ctx_t* ctx){
- shabal_ctx2hash(dest, ctx, 512);
-}
-
-void shabal192(void* dest, void* msg, uint32_t length_b){
- shabal_ctx_t ctx;
- shabal192_init(&ctx);
- while(length_b>=SHABAL_BLOCKSIZE){
- shabal_nextBlock(&ctx, msg);
- msg = (uint8_t*)msg+SHABAL_BLOCKSIZE_B;
- length_b -= SHABAL_BLOCKSIZE;
- }
- shabal_lastBlock(&ctx, msg, length_b);
- shabal192_ctx2hash(dest, &ctx);
-}
-
-void shabal224(void* dest, void* msg, uint32_t length_b){
- shabal_ctx_t ctx;
- shabal224_init(&ctx);
- while(length_b>=SHABAL_BLOCKSIZE){
- shabal_nextBlock(&ctx, msg);
- msg = (uint8_t*)msg+SHABAL_BLOCKSIZE_B;
- length_b -= SHABAL_BLOCKSIZE;
- }
- shabal_lastBlock(&ctx, msg, length_b);
- shabal224_ctx2hash(dest, &ctx);
-}
-
-void shabal256(void* dest, void* msg, uint32_t length_b){
- shabal_ctx_t ctx;
- shabal256_init(&ctx);
- while(length_b>=SHABAL_BLOCKSIZE){
- shabal_nextBlock(&ctx, msg);
- msg = (uint8_t*)msg+SHABAL_BLOCKSIZE_B;
- length_b -= SHABAL_BLOCKSIZE;
- }
- shabal_lastBlock(&ctx, msg, length_b);
- shabal256_ctx2hash(dest, &ctx);
-}
-
-void shabal384(void* dest, void* msg, uint32_t length_b){
- shabal_ctx_t ctx;
- shabal384_init(&ctx);
- while(length_b>=SHABAL_BLOCKSIZE){
- shabal_nextBlock(&ctx, msg);
- msg = (uint8_t*)msg+SHABAL_BLOCKSIZE_B;
- length_b -= SHABAL_BLOCKSIZE;
- }
- shabal_lastBlock(&ctx, msg, length_b);
- shabal384_ctx2hash(dest, &ctx);
-}
-
-void shabal512(void* dest, void* msg, uint32_t length_b){
- shabal_ctx_t ctx;
- shabal512_init(&ctx);
- while(length_b>=SHABAL_BLOCKSIZE){
- shabal_nextBlock(&ctx, msg);
- msg = (uint8_t*)msg+SHABAL_BLOCKSIZE_B;
- length_b -= SHABAL_BLOCKSIZE;
- }
- shabal_lastBlock(&ctx, msg, length_b);
- shabal512_ctx2hash(dest, &ctx);
-}
typedef struct{
union{
- uint64_t w64;
- uint32_t w32[2];
+ uint64_t w64;
+ uint32_t w32[2];
} w; /* the counter */
- uint32_t a[SHABAL_R];
uint32_t *b;
- uint32_t b_buffer[16];
uint32_t *c;
+ uint32_t a[SHABAL_R];
+ uint32_t b_buffer[16];
uint32_t c_buffer[16];
}shabal_ctx_t;
void shabal384(void* dest, void* msg, uint32_t length_b);
void shabal512(void* dest, void* msg, uint32_t length_b);
+void shabal_ctx2hash(void* dest, const shabal_ctx_t* ctx, uint16_t outlength_b);
+
#endif /* SHABAL_H_ */
--- /dev/null
+/* shabal192-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \file shabal192-asm.S
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-04-27
+ * \license GPLv3 or later
+ */
+
+#include "avr-asm-macros.S"
+
+shabal192_iv:
+ /* A */
+.long 0xFD749ED4, 0xB798E530, 0x33904B6F, 0x46BDA85E
+.long 0x076934B4, 0x454B4058, 0x77F74527, 0xFB4CF465
+.long 0x62931DA9, 0xE778C8DB, 0x22B3998E, 0xAC15CFB9
+ /* B */
+.long 0x58BCBAC4, 0xEC47A08E, 0xAEE933B2, 0xDFCBC824
+.long 0xA7944804, 0xBF65BDB0, 0x5A9D4502, 0x59979AF7
+.long 0xC5CEA54E, 0x4B6B8150, 0x16E71909, 0x7D632319
+.long 0x930573A0, 0xF34C63D1, 0xCAF914B4, 0xFDD6612C
+ /* C */
+.long 0x61550878, 0x89EF2B75, 0xA1660C46, 0x7EF3855B
+.long 0x7297B58C, 0x1BC67793, 0x7FB1C723, 0xB66FC640
+.long 0x1A48B71C, 0xF0976D17, 0x088CE80A, 0xA454EDF3
+.long 0x1C096BF4, 0xAC76224B, 0x5215781C, 0xCD5D2669
+
+
+/******************************************************************************/
+/*
+void shabal192_init(shabal_ctx_t* ctx){
+ uint8_t i;
+ ctx->b = ctx->b_buffer;
+ ctx->c = ctx->c_buffer;
+ ctx->w.w64 = 1LL;
+ for(i=0;i<SHABAL_R;++i){
+ ctx->a[i] = pgm_read_dword(&(shabal192_iv[i]));
+ }
+ for(i=0;i<16;++i){
+ ctx->b[i] = pgm_read_dword(&(shabal192_iv[SHABAL_R+i]));
+ }
+ for(i=0;i<16;++i){
+ ctx->c[i] = pgm_read_dword(&(shabal192_iv[SHABAL_R+16+i]));
+ }
+}
+*/
+/*
+ * param ctx: r24,r25
+ */
+.global shabal192_init
+shabal192_init:
+ movw r26, r24
+ ldi r24, 1
+ st X+, r24
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ movw r24, r26
+ adiw r24, 12*4+2+2
+ st X+, r24
+ st X+, r25
+ adiw r24, 4*16-1
+ adiw r24, 1
+ st X+, r24
+ st X+, r25
+ ldi r24, (12+16+16)
+ ldi r30, lo8(shabal192_iv)
+ ldi r31, hi8(shabal192_iv)
+1: lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+/*
+ * param dest: r24:r25
+ * param ctx: r22:r23
+ */
+.global shabal192_ctx2hash
+shabal192_ctx2hash:
+ movw r26, r24
+ movw r30, r22
+ ldd r24, Z+(8+2)
+ ldd r25, Z+(8+2+1)
+ movw r30, r24
+ adiw r30, (16-192/32)*4
+ ldi r24, 192/8
+1: ld r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+/*
+void shabal192(void* dest, void* msg, uint32_t length_b){
+ shabal_ctx_t ctx;
+ shabal192_init(&ctx);
+ while(length_b>=SHABAL_BLOCKSIZE){
+ shabal_nextBlock(&ctx, msg);
+ msg = (uint8_t*)msg+SHABAL_BLOCKSIZE_B;
+ length_b -= SHABAL_BLOCKSIZE;
+ }
+ shabal_lastBlock(&ctx, msg, length_b);
+ shabal192_ctx2hash(dest, &ctx);
+}
+*/
+/*
+ * param dest: r24:r25
+ * param msg: r22:r23
+ * param length_b: r18:r21
+ */
+DST0 = 8
+DST1 = 9
+CTX0 = 10
+CTX1 = 11
+MSG0 = 12
+MSG1 = 13
+LEN2 = 14
+LEN3 = 15
+LEN0 = 16
+LEN1 = 17
+.global shabal192
+shabal192:
+ push_range 8, 17
+ stack_alloc_large 188
+ adiw r30, 1 /* Z points to stack space (ctx) */
+ movw CTX0, r30
+ movw DST0, r24
+ movw MSG0, r22
+ movw LEN0, r18
+ movw LEN2, r20
+ movw r24, r30
+ rcall shabal192_init
+2:
+ tst LEN2
+ brne 3f
+ tst LEN3
+ breq 4f
+3:
+ movw r24, CTX0
+ movw r22, MSG0
+ rcall shabal_nextBlock
+ subi LEN1, 0x02
+ sbc LEN2, r1
+ sbc LEN3, r1
+ ldi r18, 64
+ add MSG0, r18
+ adc MSG1, r1
+ rjmp 2b
+4:
+ movw r24, CTX0
+ movw r22, MSG0
+ movw r20, LEN0
+ rcall shabal_lastBlock
+ movw r24, DST0
+ movw r22, CTX0
+ rcall shabal192_ctx2hash
+ stack_free_large2 188
+ pop_range 8, 17
+ ret
+
+
--- /dev/null
+/* shabal224-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \file shabal224-asm.S
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-04-27
+ * \license GPLv3 or later
+ */
+
+#include "avr-asm-macros.S"
+
+/******************************************************************************/
+
+shabal224_iv:
+ /* A */
+.long 0xA5201467, 0xA9B8D94A, 0xD4CED997, 0x68379D7B
+.long 0xA7FC73BA, 0xF1A2546B, 0x606782BF, 0xE0BCFD0F
+.long 0x2F25374E, 0x069A149F, 0x5E2DFF25, 0xFAECF061
+ /* B */
+.long 0xEC9905D8, 0xF21850CF, 0xC0A746C8, 0x21DAD498
+.long 0x35156EEB, 0x088C97F2, 0x26303E40, 0x8A2D4FB5
+.long 0xFEEE44B6, 0x8A1E9573, 0x7B81111A, 0xCBC139F0
+.long 0xA3513861, 0x1D2C362E, 0x918C580E, 0xB58E1B9C
+ /* C */
+.long 0xE4B573A1, 0x4C1A0880, 0x1E907C51, 0x04807EFD
+.long 0x3AD8CDE5, 0x16B21302, 0x02512C53, 0x2204CB18
+.long 0x99405F2D, 0xE5B648A1, 0x70AB1D43, 0xA10C25C2
+.long 0x16F1AC05, 0x38BBEB56, 0x9B01DC60, 0xB1096D83
+
+
+/******************************************************************************/
+/*
+ * param ctx: r24,r25
+ */
+.global shabal224_init
+shabal224_init:
+ movw r26, r24
+ ldi r24, 1
+ st X+, r24
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ movw r24, r26
+ adiw r24, 12*4+4
+ st X+, r24
+ st X+, r25
+ adiw r24, 4*16-1
+ adiw r24, 1
+ st X+, r24
+ st X+, r25
+ ldi r24, (12+16+16)
+ ldi r30, lo8(shabal224_iv)
+ ldi r31, hi8(shabal224_iv)
+1: lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+
+.global shabal224_ctx2hash
+shabal224_ctx2hash:
+ movw r26, r24
+ movw r30, r22
+ ldd r24, Z+(8+2)
+ ldd r25, Z+(8+2+1)
+ movw r30, r24
+ adiw r30, (16-224/32)*4
+ ldi r24, 224/8
+1: ld r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+/*
+ * param dest: r24:r25
+ * param msg: r22:r23
+ * param length_b: r18:r21
+ */
+DST0 = 8
+DST1 = 9
+CTX0 = 10
+CTX1 = 11
+MSG0 = 12
+MSG1 = 13
+LEN2 = 14
+LEN3 = 15
+LEN0 = 16
+LEN1 = 17
+.global shabal224
+shabal224:
+ push_range 8, 17
+ stack_alloc_large 188
+ adiw r30, 1 /* Z points to stack space (ctx) */
+ movw CTX0, r30
+ movw DST0, r24
+ movw MSG0, r22
+ movw LEN0, r18
+ movw LEN2, r20
+ movw r24, r30
+ rcall shabal224_init
+2:
+ tst LEN2
+ brne 3f
+ tst LEN3
+ breq 4f
+3:
+ movw r24, CTX0
+ movw r22, MSG0
+ rcall shabal_nextBlock
+ subi LEN1, 0x02
+ sbc LEN2, r1
+ sbc LEN3, r1
+ ldi r18, 64
+ add MSG0, r18
+ adc MSG1, r1
+ rjmp 2b
+4:
+ movw r24, CTX0
+ movw r22, MSG0
+ movw r20, LEN0
+ rcall shabal_lastBlock
+ movw r24, DST0
+ movw r22, CTX0
+ rcall shabal224_ctx2hash
+ stack_free_large2 188
+ pop_range 8, 17
+ ret
+
+
--- /dev/null
+/* shabal256-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \file shabal256-asm.S
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-04-27
+ * \license GPLv3 or later
+ */
+
+#include "avr-asm-macros.S"
+
+/******************************************************************************/
+
+shabal256_iv:
+ /* A */
+.long 0x52F84552, 0xE54B7999, 0x2D8EE3EC, 0xB9645191
+.long 0xE0078B86, 0xBB7C44C9, 0xD2B5C1CA, 0xB0D2EB8C
+.long 0x14CE5A45, 0x22AF50DC, 0xEFFDBC6B, 0xEB21B74A
+ /* B */
+.long 0xB555C6EE, 0x3E710596, 0xA72A652F, 0x9301515F
+.long 0xDA28C1FA, 0x696FD868, 0x9CB6BF72, 0x0AFE4002
+.long 0xA6E03615, 0x5138C1D4, 0xBE216306, 0xB38B8890
+.long 0x3EA8B96B, 0x3299ACE4, 0x30924DD4, 0x55CB34A5
+ /* C */
+.long 0xB405F031, 0xC4233EBA, 0xB3733979, 0xC0DD9D55
+.long 0xC51C28AE, 0xA327B8E1, 0x56C56167, 0xED614433
+.long 0x88B59D60, 0x60E2CEBA, 0x758B4B8B, 0x83E82A7F
+.long 0xBC968828, 0xE6E00BF7, 0xBA839E55, 0x9B491C60
+
+/******************************************************************************/
+/*
+ * param ctx: r24,r25
+ */
+.global shabal256_init
+shabal256_init:
+ movw r26, r24
+ ldi r24, 1
+ st X+, r24
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ movw r24, r26
+ adiw r24, 12*4+4
+ st X+, r24
+ st X+, r25
+ adiw r24, 4*16-1
+ adiw r24, 1
+ st X+, r24
+ st X+, r25
+ ldi r24, (12+16+16)
+ ldi r30, lo8(shabal256_iv)
+ ldi r31, hi8(shabal256_iv)
+1: lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+
+.global shabal256_ctx2hash
+shabal256_ctx2hash:
+ movw r26, r24
+ movw r30, r22
+ ldd r24, Z+(8+2)
+ ldd r25, Z+(8+2+1)
+ movw r30, r24
+ adiw r30, (16-256/32)*4
+ ldi r24, 256/8
+1: ld r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+/*
+ * param dest: r24:r25
+ * param msg: r22:r23
+ * param length_b: r18:r21
+ */
+DST0 = 8
+DST1 = 9
+CTX0 = 10
+CTX1 = 11
+MSG0 = 12
+MSG1 = 13
+LEN2 = 14
+LEN3 = 15
+LEN0 = 16
+LEN1 = 17
+.global shabal256
+shabal256:
+ push_range 8, 17
+ stack_alloc_large 188
+ adiw r30, 1 /* Z points to stack space (ctx) */
+ movw CTX0, r30
+ movw DST0, r24
+ movw MSG0, r22
+ movw LEN0, r18
+ movw LEN2, r20
+ movw r24, r30
+ rcall shabal256_init
+2:
+ tst LEN2
+ brne 3f
+ tst LEN3
+ breq 4f
+3:
+ movw r24, CTX0
+ movw r22, MSG0
+ rcall shabal_nextBlock
+ subi LEN1, 0x02
+ sbc LEN2, r1
+ sbc LEN3, r1
+ ldi r18, 64
+ add MSG0, r18
+ adc MSG1, r1
+ rjmp 2b
+4:
+ movw r24, CTX0
+ movw r22, MSG0
+ movw r20, LEN0
+ rcall shabal_lastBlock
+ movw r24, DST0
+ movw r22, CTX0
+ rcall shabal256_ctx2hash
+ stack_free_large2 188
+ pop_range 8, 17
+ ret
+
+
--- /dev/null
+/* shabal384-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \file shabal384-asm.S
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-04-27
+ * \license GPLv3 or later
+ */
+
+#include "avr-asm-macros.S"
+
+/******************************************************************************/
+
+shabal384_iv:
+ /* A */
+.long 0xC8FCA331, 0xE55C504E, 0x003EBF26, 0xBB6B8D83
+.long 0x7B0448C1, 0x41B82789, 0x0A7C9601, 0x8D659CFF
+.long 0xB6E2673E, 0xCA54C77B, 0x1460FD7E, 0x3FCB8F2D
+ /* B */
+.long 0x527291FC, 0x2A16455F, 0x78E627E5, 0x944F169F
+.long 0x1CA6F016, 0xA854EA25, 0x8DB98ABE, 0xF2C62641
+.long 0x30117DCB, 0xCF5C4309, 0x93711A25, 0xF9F671B8
+.long 0xB01D2116, 0x333F4B89, 0xB285D165, 0x86829B36
+ /* C */
+.long 0xF764B11A, 0x76172146, 0xCEF6934D, 0xC6D28399
+.long 0xFE095F61, 0x5E6018B4, 0x5048ECF5, 0x51353261
+.long 0x6E6E36DC, 0x63130DAD, 0xA9C69BD6, 0x1E90EA0C
+.long 0x7C35073B, 0x28D95E6D, 0xAA340E0D, 0xCB3DEE70
+
+/******************************************************************************/
+/*
+ * param ctx: r24,r25
+ */
+.global shabal384_init
+shabal384_init:
+ movw r26, r24
+ ldi r24, 1
+ st X+, r24
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ movw r24, r26
+ adiw r24, 12*4+4
+ st X+, r24
+ st X+, r25
+ adiw r24, 4*16-1
+ adiw r24, 1
+ st X+, r24
+ st X+, r25
+ ldi r24, (12+16+16)
+ ldi r30, lo8(shabal384_iv)
+ ldi r31, hi8(shabal384_iv)
+1: lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+
+.global shabal384_ctx2hash
+shabal384_ctx2hash:
+ movw r26, r24
+ movw r30, r22
+ ldd r24, Z+(8+2)
+ ldd r25, Z+(8+2+1)
+ movw r30, r24
+ adiw r30, (16-384/32)*4
+ ldi r24, 384/8
+1: ld r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+/*
+ * param dest: r24:r25
+ * param msg: r22:r23
+ * param length_b: r18:r21
+ */
+DST0 = 8
+DST1 = 9
+CTX0 = 10
+CTX1 = 11
+MSG0 = 12
+MSG1 = 13
+LEN2 = 14
+LEN3 = 15
+LEN0 = 16
+LEN1 = 17
+.global shabal384
+shabal384:
+ push_range 8, 17
+ stack_alloc_large 188
+ adiw r30, 1 /* Z points to stack space (ctx) */
+ movw CTX0, r30
+ movw DST0, r24
+ movw MSG0, r22
+ movw LEN0, r18
+ movw LEN2, r20
+ movw r24, r30
+ rcall shabal384_init
+2:
+ tst LEN2
+ brne 3f
+ tst LEN3
+ breq 4f
+3:
+ movw r24, CTX0
+ movw r22, MSG0
+ rcall shabal_nextBlock
+ subi LEN1, 0x02
+ sbc LEN2, r1
+ sbc LEN3, r1
+ ldi r18, 64
+ add MSG0, r18
+ adc MSG1, r1
+ rjmp 2b
+4:
+ movw r24, CTX0
+ movw r22, MSG0
+ movw r20, LEN0
+ rcall shabal_lastBlock
+ movw r24, DST0
+ movw r22, CTX0
+ rcall shabal384_ctx2hash
+ stack_free_large2 188
+ pop_range 8, 17
+ ret
+
--- /dev/null
+/* shabal512-asm.S */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \file shabal512-asm.S
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-04-27
+ * \license GPLv3 or later
+ */
+
+#include "avr-asm-macros.S"
+
+/******************************************************************************/
+
+shabal512_iv:
+ /* A */
+.long 0x20728DFD, 0x46C0BD53, 0xE782B699, 0x55304632
+.long 0x71B4EF90, 0x0EA9E82C, 0xDBB930F1, 0xFAD06B8B
+.long 0xBE0CAE40, 0x8BD14410, 0x76D2ADAC, 0x28ACAB7F
+ /* B */
+.long 0xC1099CB7, 0x07B385F3, 0xE7442C26, 0xCC8AD640
+.long 0xEB6F56C7, 0x1EA81AA9, 0x73B9D314, 0x1DE85D08
+.long 0x48910A5A, 0x893B22DB, 0xC5A0DF44, 0xBBC4324E
+.long 0x72D2F240, 0x75941D99, 0x6D8BDE82, 0xA1A7502B
+ /* C */
+.long 0xD9BF68D1, 0x58BAD750, 0x56028CB2, 0x8134F359
+.long 0xB5D469D8, 0x941A8CC2, 0x418B2A6E, 0x04052780
+.long 0x7F07D787, 0x5194358F, 0x3C60D665, 0xBE97D79A
+.long 0x950C3434, 0xAED9A06D, 0x2537DC8D, 0x7CDB5969
+
+/******************************************************************************/
+/*
+ * param ctx: r24,r25
+ */
+.global shabal512_init
+shabal512_init:
+ movw r26, r24
+ ldi r24, 1
+ st X+, r24
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ st X+, r1
+ movw r24, r26
+ adiw r24, 12*4+4
+ st X+, r24
+ st X+, r25
+ adiw r24, 4*16-1
+ adiw r24, 1
+ st X+, r24
+ st X+, r25
+ ldi r24, (12+16+16)
+ ldi r30, lo8(shabal512_iv)
+ ldi r31, hi8(shabal512_iv)
+1: lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ lpm r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+
+.global shabal512_ctx2hash
+shabal512_ctx2hash:
+ movw r26, r24
+ movw r30, r22
+ ldd r24, Z+(8+2)
+ ldd r25, Z+(8+2+1)
+ movw r30, r24
+ ; adiw r30, (16-512/32)*4
+ ldi r24, 512/8
+1: ld r0, Z+
+ st X+, r0
+ dec r24
+ brne 1b
+ ret
+
+/******************************************************************************/
+/*
+ * param dest: r24:r25
+ * param msg: r22:r23
+ * param length_b: r18:r21
+ */
+DST0 = 8
+DST1 = 9
+CTX0 = 10
+CTX1 = 11
+MSG0 = 12
+MSG1 = 13
+LEN2 = 14
+LEN3 = 15
+LEN0 = 16
+LEN1 = 17
+.global shabal512
+shabal512:
+ push_range 8, 17
+ stack_alloc_large 188
+ adiw r30, 1 /* Z points to stack space (ctx) */
+ movw CTX0, r30
+ movw DST0, r24
+ movw MSG0, r22
+ movw LEN0, r18
+ movw LEN2, r20
+ movw r24, r30
+ rcall shabal512_init
+2:
+ tst LEN2
+ brne 3f
+ tst LEN3
+ breq 4f
+3:
+ movw r24, CTX0
+ movw r22, MSG0
+ rcall shabal_nextBlock
+ subi LEN1, 0x02
+ sbc LEN2, r1
+ sbc LEN3, r1
+ ldi r18, 64
+ add MSG0, r18
+ adc MSG1, r1
+ rjmp 2b
+4:
+ movw r24, CTX0
+ movw r22, MSG0
+ movw r20, LEN0
+ rcall shabal_lastBlock
+ movw r24, DST0
+ movw r22, CTX0
+ rcall shabal512_ctx2hash
+ stack_free_large2 188
+ pop_range 8, 17
+ ret
+
testrun_stdtest_shabal512(mb, strlen(mb)*8);
}
+void testshort(void){
+ uint8_t ma[64];
+ memset(ma, 0, 64);
+ testrun_stdtest_shabal192(ma, 64*8);
+}
+
+void shabal_ctx_dump(shabal_ctx_t* ctx){
+ uint8_t i;
+ void* p;
+ cli_putstr_P(PSTR("\r\n=== shabal ctx dump ===\r\n size = "));
+ i=sizeof(shabal_ctx_t);
+ if(i>=100)
+ cli_putc('0'+i/100);
+ if(i>=10)
+ cli_putc('0'+(i/10)%10);
+ cli_putc('0'+i%10);
+ cli_putstr_P(PSTR("\r\n a = "));
+ cli_hexdump_block(ctx->a, 12*4, 5, 4*8);
+ cli_putstr_P(PSTR("\r\n b_buffer = "));
+ cli_hexdump_block(ctx->b_buffer, 12*4, 5, 4*8);
+ cli_putstr_P(PSTR("\r\n c_buffer = "));
+ cli_hexdump_block(ctx->c_buffer, 12*4, 5, 4*8);
+ if(ctx->b == &(ctx->b_buffer[0]))
+ cli_putstr_P(PSTR("\r\nb --> b_buffer"));
+ if(ctx->b == &(ctx->c_buffer[0]))
+ cli_putstr_P(PSTR("\r\nb --> c_buffer"));
+ if(ctx->c == &(ctx->b_buffer[0]))
+ cli_putstr_P(PSTR("\r\nc --> b_buffer"));
+ if(ctx->c == &(ctx->c_buffer[0]))
+ cli_putstr_P(PSTR("\r\nc --> c_buffer"));
+ cli_putstr_P(PSTR("\r\n b = "));
+ cli_hexdump(&(ctx->b), 2);
+ p = ctx->b_buffer;
+ cli_putstr_P(PSTR("\r\n b (should) = "));
+ cli_hexdump(&p, 2);
+ cli_putstr_P(PSTR("\r\n c = "));
+ cli_hexdump(&(ctx->c), 2);
+ p = ctx->c_buffer;
+ cli_putstr_P(PSTR("\r\n c (should) = "));
+ cli_hexdump(&p, 2);
+}
+
+
+void testinit_192(void){
+ shabal_ctx_t ctx;
+ shabal192_init(&ctx);
+ shabal_ctx_dump(&ctx);
+}
+
+void testinit_224(void){
+ shabal_ctx_t ctx;
+ shabal224_init(&ctx);
+ shabal_ctx_dump(&ctx);
+}
+
+void testinit_256(void){
+ shabal_ctx_t ctx;
+ shabal256_init(&ctx);
+ shabal_ctx_dump(&ctx);
+}
+
+void testinit_384(void){
+ shabal_ctx_t ctx;
+ shabal384_init(&ctx);
+ shabal_ctx_dump(&ctx);
+}
+
+void testinit_512(void){
+ shabal_ctx_t ctx;
+ shabal512_init(&ctx);
+ shabal_ctx_dump(&ctx);
+}
+void testinit(void){
+ testinit_192();
+ testinit_224();
+ testinit_256();
+ testinit_384();
+ testinit_512();
+}
+
void performance_shabal(void){
uint64_t t;
char str[16];
cli_putstr(str);
startTimer(1);
- shabal192_init(&ctx);
+ shabal224_init(&ctx);
t = stopTimer();
cli_putstr_P(PSTR("\r\n\tctx-gen time (224): "));
ultoa((unsigned long)t, str, 10);
cli_putstr(str);
startTimer(1);
- shabal192_init(&ctx);
+ shabal256_init(&ctx);
t = stopTimer();
cli_putstr_P(PSTR("\r\n\tctx-gen time (256): "));
ultoa((unsigned long)t, str, 10);
cli_putstr(str);
startTimer(1);
- shabal192_init(&ctx);
+ shabal384_init(&ctx);
t = stopTimer();
cli_putstr_P(PSTR("\r\n\tctx-gen time (384): "));
ultoa((unsigned long)t, str, 10);
cli_putstr(str);
startTimer(1);
- shabal192_init(&ctx);
+ shabal512_init(&ctx);
t = stopTimer();
cli_putstr_P(PSTR("\r\n\tctx-gen time (512): "));
ultoa((unsigned long)t, str, 10);
const char nessie_str[] PROGMEM = "nessie";
const char test_str[] PROGMEM = "test";
+const char testinit192_str[] PROGMEM = "testinit192";
+const char testinit_str[] PROGMEM = "testinit";
+const char testshort_str[] PROGMEM = "short";
const char ztest_str[] PROGMEM = "zerotest";
const char performance_str[] PROGMEM = "performance";
const char echo_str[] PROGMEM = "echo";
cmdlist_entry_t cmdlist[] PROGMEM = {
{ nessie_str, NULL, testrun_nessie_shabal},
{ test_str, NULL, testrun_stdtest_shabal},
+ { testinit192_str, NULL, testinit_192},
+ { testinit_str, NULL, testinit},
+ { testshort_str, NULL, testshort},
{ performance_str, NULL, performance_shabal},
{ shavs_list_str, NULL, shavs_listalgos},
{ shavs_set_str, (void*)1, (void_fpt)shavs_setalgo},
}
}
+void performance_skein(void){
+}
+
+
/*****************************************************************************
* main *
*****************************************************************************/
cmdlist_entry_t cmdlist[] PROGMEM = {
// { nessie_str, NULL, testrun_nessie_skein},
+ { performance_str, NULL, performance_skein},
{ test_str, NULL, testrun_stdtest_skein},
{ ztest_str, (void*)1, (void_fpt)zeromsg_test_common},
{ shavs_list_str, NULL, shavs_listalgos},
projects / avr-crypto-lib.git / commitdiff