From: bg Date: Wed, 10 Dec 2008 23:59:43 +0000 (+0000) Subject: further working on seed (openssl supports it :-); X-Git-Url: https://git.cryptolib.org/?a=commitdiff_plain;h=e363148c4ed1265a963d310102ce5dd7c9e1e326;p=avr-crypto-lib.git further working on seed (openssl supports it :-); plain C version is working and assembler enhanced version was enhanced --- diff --git a/get_test.rb b/get_test.rb index a2a5163..987a5b1 100644 --- a/get_test.rb +++ b/get_test.rb @@ -1,6 +1,6 @@ #!/usr/bin/ruby -require "serialport.so" +require 'serialport' if ARGV.size < 5 STDERR.print <=7)?ARGV[6]:""; puts("\nPort: "+ARGV[0]+ "@"+ARGV[1]+" "+ARGV[2]+"N"+ARGV[3]+"\n"); $linewidth = 16 $sp = SerialPort.new(ARGV[0], ARGV[1].to_i, ARGV[2].to_i, ARGV[3].to_i, SerialPort::NONE); -$sp.read_timeout=5000; # 5 seconds +$sp.read_timeout=1*60*1000; # 5 minutes +$extended_wait=10; $sp.write(command); def readTestVector(param) @@ -26,7 +27,10 @@ def readTestVector(param) set=0; vector=0; begin - lb=$sp.gets(); + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; + end if (m=/unknown command/.match(lb) || m=/[Ee][Rr]{2}[Oo][Rr]/.match(lb)) puts("ERROR: "+lb); exit(2); @@ -38,7 +42,10 @@ def readTestVector(param) buffer += lb; begin - lb=$sp.gets(); + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; + end if(lb==nil) return false; end @@ -51,7 +58,10 @@ def readTestVector(param) fname+=m[1]+"."; end buffer+=lb; - lb = $sp.gets(); + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; + end end if(param!="") fname+=param+"."; @@ -71,9 +81,12 @@ def readTestVector(param) if(vector!=0 && vector % $linewidth==0) print("\n ") end - printf(" %3u", vector); + printf(" %4u", vector); + end + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; end - lb=$sp.gets(); if(lb==nil) file.close(); return false; @@ -86,7 +99,7 @@ def readTestVector(param) end if(readTestVector(param)==false) - puts("ERROR: test seem not to be implemented"); + puts("ERROR: test seems not to be implemented"); exit(3); end diff --git a/mkfiles/seed.mk b/mkfiles/seed.mk index ca2afce..5487e70 100644 --- a/mkfiles/seed.mk +++ b/mkfiles/seed.mk @@ -4,7 +4,7 @@ ALGO_NAME := SEED # comment out the following line for removement of SEED from the build process BLOCK_CIPHERS += $(ALGO_NAME) -$(ALGO_NAME)_OBJ := seed.o seed-asm.o +$(ALGO_NAME)_OBJ := seed-stub.o seed-asm.o $(ALGO_NAME)_TEST_BIN := main-seed-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o \ cli.o performance_test.o diff --git a/seed-asm.S b/seed-asm.S index 780ac6b..bf9c840 100644 --- a/seed-asm.S +++ b/seed-asm.S @@ -25,47 +25,7 @@ * GPLv3 or later * */ -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -/******************************************************************************* - - void changeendian32(uint32_t * a){ - *a = (*a & 0x000000FF) << 24 | - (*a & 0x0000FF00) << 8 | - (*a & 0x00FF0000) >> 8 | - (*a & 0xFF000000) >> 24; - } - -*/ -/* -.global changeendian32 -; === change_endian32 === -; function that changes the endianess of a 32-bit word -; param1: the 32-bit word -; given in r25,r24,r23,22 (r25 is most significant) -; modifys: r21, r22 -changeendian32: - movw r20, r22 ; (r22,r23) --> (r20,r21) - mov r22, r25 - mov r23, r24 - mov r24, r21 - mov r25, r20 - ret - -*/ - -/******************************************************************************* - uint32_t bigendian_sum32(uint32_t a, uint32_t b){ - changeendian32(&a); - changeendian32(&b); - a += b; - changeendian32(&a); - return a; - } -*/ +#include "avr-asm-macros.S" .global bigendian_sum32 ; === bigendian_sum32 === @@ -96,10 +56,198 @@ bigendian_sub32: sbc r23, r19 sbc r22, r18 ret - +/******************************************************************************/ +/* +#define M0 0xfc +#define M1 0xf3 +#define M2 0xcf +#define M3 0x3f + +#define X3 (((uint8_t*)(&x))[0]) +#define X2 (((uint8_t*)(&x))[1]) +#define X1 (((uint8_t*)(&x))[2]) +#define X0 (((uint8_t*)(&x))[3]) + +#define Z3 (((uint8_t*)(&z))[0]) +#define Z2 (((uint8_t*)(&z))[1]) +#define Z1 (((uint8_t*)(&z))[2]) +#define Z0 (((uint8_t*)(&z))[3]) + +uint32_t g_function(uint32_t x){ + uint32_t z; + / * sbox substitution * / + X3 = pgm_read_byte(&(seed_sbox2[X3])); + X2 = pgm_read_byte(&(seed_sbox1[X2])); + X1 = pgm_read_byte(&(seed_sbox2[X1])); + X0 = pgm_read_byte(&(seed_sbox1[X0])); + / * now the permutation * / + Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3); + Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0); + Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1); + Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2); + return z; +} +*/ +M0 = 0xfc +M1 = 0xf3 +M2 = 0xcf +M3 = 0x3f +X0 = 18 +X1 = 19 +X2 = 20 +X3 = 21 +Z0 = 25 +Z1 = 24 +Z2 = 23 +Z3 = 22 +T0 = X0 +T1 = 26 +T2 = 27 +T3 = X1 +/* + * param x: r22:r25 + * X0 = R25 + * X1 = R24 + * X2 = R23 + * X3 = R22 + */ +.global g_function +g_function: + ldi r30, lo8(seed_sbox1) + ldi r31, hi8(seed_sbox1) + movw r26, r30 + add r30, Z2 + adc r31, r1 + lpm X2, Z + movw r30, r26 + add r30, Z0 + adc r31, r1 + lpm X0, Z + inc r27 /* switch X to point to sbox2 */ + movw r30, r26 + add r30, Z3 + adc r31, r1 + lpm X3, Z + movw r30, r26 + add r30, Z1 + adc r31, r1 + lpm X1, Z + /* now the secound part */ + mov Z0, X0 + mov Z1, X0 + mov Z2, X0 + mov Z3, X0 + andi Z0, M0 + andi Z1, M1 + andi Z2, M2 + andi Z3, M3 + mov T0, X1 + mov T1, X1 + mov T2, X1 + ; mov T3, X1 /* T3 = X1 */ + andi T0, M1 + andi T1, M2 + andi T2, M3 + andi T3, M0 + eor Z0, T0 + eor Z1, T1 + eor Z2, T2 + eor Z3, T3 + mov T0, X2 + mov T1, X2 + mov T2, X2 + mov T3, X2 + andi T0, M2 + andi T1, M3 + andi T2, M0 + andi T3, M1 + eor Z0, T0 + eor Z1, T1 + eor Z2, T2 + eor Z3, T3 + mov T0, X3 + mov T1, X3 + mov T2, X3 + mov T3, X3 + andi T0, M3 + andi T1, M0 + andi T2, M1 + andi T3, M2 + eor Z0, T0 + eor Z1, T1 + eor Z2, T2 + eor Z3, T3 + ret + +seed_sbox1: +.byte 169, 133, 214, 211, 84, 29, 172, 37 +.byte 93, 67, 24, 30, 81, 252, 202, 99 +.byte 40, 68, 32, 157, 224, 226, 200, 23 +.byte 165, 143, 3, 123, 187, 19, 210, 238 +.byte 112, 140, 63, 168, 50, 221, 246, 116 +.byte 236, 149, 11, 87, 92, 91, 189, 1 +.byte 36, 28, 115, 152, 16, 204, 242, 217 +.byte 44, 231, 114, 131, 155, 209, 134, 201 +.byte 96, 80, 163, 235, 13, 182, 158, 79 +.byte 183, 90, 198, 120, 166, 18, 175, 213 +.byte 97, 195, 180, 65, 82, 125, 141, 8 +.byte 31, 153, 0, 25, 4, 83, 247, 225 +.byte 253, 118, 47, 39, 176, 139, 14, 171 +.byte 162, 110, 147, 77, 105, 124, 9, 10 +.byte 191, 239, 243, 197, 135, 20, 254, 100 +.byte 222, 46, 75, 26, 6, 33, 107, 102 +.byte 2, 245, 146, 138, 12, 179, 126, 208 +.byte 122, 71, 150, 229, 38, 128, 173, 223 +.byte 161, 48, 55, 174, 54, 21, 34, 56 +.byte 244, 167, 69, 76, 129, 233, 132, 151 +.byte 53, 203, 206, 60, 113, 17, 199, 137 +.byte 117, 251, 218, 248, 148, 89, 130, 196 +.byte 255, 73, 57, 103, 192, 207, 215, 184 +.byte 15, 142, 66, 35, 145, 108, 219, 164 +.byte 52, 241, 72, 194, 111, 61, 45, 64 +.byte 190, 62, 188, 193, 170, 186, 78, 85 +.byte 59, 220, 104, 127, 156, 216, 74, 86 +.byte 119, 160, 237, 70, 181, 43, 101, 250 +.byte 227, 185, 177, 159, 94, 249, 230, 178 +.byte 49, 234, 109, 95, 228, 240, 205, 136 +.byte 22, 58, 88, 212, 98, 41, 7, 51 +.byte 232, 27, 5, 121, 144, 106, 42, 154 +seed_sbox2: +.byte 56, 232, 45, 166, 207, 222, 179, 184 +.byte 175, 96, 85, 199, 68, 111, 107, 91 +.byte 195, 98, 51, 181, 41, 160, 226, 167 +.byte 211, 145, 17, 6, 28, 188, 54, 75 +.byte 239, 136, 108, 168, 23, 196, 22, 244 +.byte 194, 69, 225, 214, 63, 61, 142, 152 +.byte 40, 78, 246, 62, 165, 249, 13, 223 +.byte 216, 43, 102, 122, 39, 47, 241, 114 +.byte 66, 212, 65, 192, 115, 103, 172, 139 +.byte 247, 173, 128, 31, 202, 44, 170, 52 +.byte 210, 11, 238, 233, 93, 148, 24, 248 +.byte 87, 174, 8, 197, 19, 205, 134, 185 +.byte 255, 125, 193, 49, 245, 138, 106, 177 +.byte 209, 32, 215, 2, 34, 4, 104, 113 +.byte 7, 219, 157, 153, 97, 190, 230, 89 +.byte 221, 81, 144, 220, 154, 163, 171, 208 +.byte 129, 15, 71, 26, 227, 236, 141, 191 +.byte 150, 123, 92, 162, 161, 99, 35, 77 +.byte 200, 158, 156, 58, 12, 46, 186, 110 +.byte 159, 90, 242, 146, 243, 73, 120, 204 +.byte 21, 251, 112, 117, 127, 53, 16, 3 +.byte 100, 109, 198, 116, 213, 180, 234, 9 +.byte 118, 25, 254, 64, 18, 224, 189, 5 +.byte 250, 1, 240, 42, 94, 169, 86, 67 +.byte 133, 20, 137, 155, 176, 229, 72, 121 +.byte 151, 252, 30, 130, 33, 140, 27, 95 +.byte 119, 84, 178, 29, 37, 79, 0, 70 +.byte 237, 88, 82, 235, 126, 218, 201, 253 +.byte 48, 149, 101, 60, 182, 228, 187, 124 +.byte 14, 80, 57, 38, 50, 132, 105, 147 +.byte 55, 231, 36, 164, 203, 83, 10, 135 +.byte 217, 76, 131, 143, 206, 59, 74, 183 diff --git a/seed-stub.c b/seed-stub.c new file mode 100644 index 0000000..ff64489 --- /dev/null +++ b/seed-stub.c @@ -0,0 +1,266 @@ +/* seed.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + /** + * \file seed.c + * \author Daniel Otte + * \date 2007-06-1 + * \brief SEED parts in C for AVR + * \par License + * GPL + * + */ +#include +#include +#include +#include "seed_sbox.h" +#include "uart.h" +#include "debug.h" + + +static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1); +uint32_t g_function(uint32_t x); + +uint32_t bigendian_sum32(uint32_t a, uint32_t b); +uint32_t bigendian_sub32(uint32_t a, uint32_t b); + +/******************************************************************************/ +static inline +uint64_t bigendian_rotl8_64(uint64_t a){ + /* + changeendian64(&a); + a = (a<<8) | (a>>(64-8)); + changeendian64(&a); + */ + a = (a>>8) | (a<<(64-8)); + return a; +} + +/******************************************************************************/ +static inline +uint64_t bigendian_rotr8_64(uint64_t a){ + /* + changeendian64(&a); + a = (a>>8) | (a<<(64-8)); + changeendian64(&a); + */ + a = (a<<8) | (a>>(64-8)); + return a; +} + +/******************************************************************************/ +static +uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ + uint32_t c,d; + + c = a & 0x00000000FFFFFFFFLL; + d = (a>>32) & 0x00000000FFFFFFFFLL; + + c ^= k0; d ^= k1; + d ^= c; + d = g_function(d); + c = bigendian_sum32(c,d); + c = g_function(c); + d = bigendian_sum32(c,d); + d = g_function(d); + c = bigendian_sum32(c,d); + a = ((uint64_t)d << 32) | c; + return a; +} + +/******************************************************************************/ +#if 0 +#define M0 0xfc +#define M1 0xf3 +#define M2 0xcf +#define M3 0x3f + +#define X3 (((uint8_t*)(&x))[0]) +#define X2 (((uint8_t*)(&x))[1]) +#define X1 (((uint8_t*)(&x))[2]) +#define X0 (((uint8_t*)(&x))[3]) + +#define Z3 (((uint8_t*)(&z))[0]) +#define Z2 (((uint8_t*)(&z))[1]) +#define Z1 (((uint8_t*)(&z))[2]) +#define Z0 (((uint8_t*)(&z))[3]) + +static +uint32_t g_function(uint32_t x){ + uint32_t z; + /* sbox substitution */ + X3 = pgm_read_byte(&(seed_sbox2[X3])); + X2 = pgm_read_byte(&(seed_sbox1[X2])); + X1 = pgm_read_byte(&(seed_sbox2[X1])); + X0 = pgm_read_byte(&(seed_sbox1[X0])); + /* now the permutation */ + Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3); + Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0); + Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1); + Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2); + return z; +} +#endif +/******************************************************************************/ +typedef struct { + uint32_t k0, k1; +} keypair_t; + +static +keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + /* ERROR */ + ret.k0 = ret.k1 = 0; + } else { + /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(ret.k1); + + if (curround & 1){ + /* odd round (1,3,5, ...) */ + ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] ); + } else { + /* even round (0,2,4, ...) */ + ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]); + } + } + return ret; +} + + +/******************************************************************************/ +static +keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + /* ERROR */ + ret.k0 = ret.k1 = 0; + } else { + if (curround & 1){ + /* odd round (1,3,5, ..., 15) */ + ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] ); + } else { + /* even round (0,2,4, ..., 14) */ + ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]); + } + /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(ret.k1); + } + return ret; +} + +/******************************************************************************/ + +typedef struct{ + uint32_t k[4]; +} seed_ctx_t; + +/******************************************************************************/ + +void seed_init(uint8_t * key, seed_ctx_t * ctx){ + memcpy(ctx->k, key, 128/8); +} + +/******************************************************************************/ + +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) + +void seed_enc(void * buffer, seed_ctx_t * ctx){ + uint8_t r; + keypair_t k; + for(r=0; r<8; ++r){ + k = getnextkeys(ctx->k, 2*r); +/* + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +*/ + L ^= f_function(R,k.k0,k.k1); + + k = getnextkeys(ctx->k, 2*r+1); +/* + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +*/ + R ^= f_function(L,k.k0,k.k1); + } + /* just an exchange without temp. variable */ + L ^= R; + R ^= L; + L ^= R; +} + +/******************************************************************************/ + +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) + +void seed_dec(void * buffer, seed_ctx_t * ctx){ + int8_t r; + keypair_t k; + for(r=7; r>=0; --r){ + k = getprevkeys(ctx->k, 2*r+1); +/* + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +*/ + L ^= f_function(R,k.k0,k.k1); + + k = getprevkeys(ctx->k, 2*r+0); +/* + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +*/ + R ^= f_function(L,k.k0,k.k1); + } + /* just an exchange without temp. variable */ + L ^= R; + R ^= L; + L ^= R; +} + + + + + + + + + + + diff --git a/seed.c b/seed.c deleted file mode 100644 index ba26fa2..0000000 --- a/seed.c +++ /dev/null @@ -1,302 +0,0 @@ -/* seed.c */ -/* - This file is part of the Crypto-avr-lib/microcrypt-lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - /** - * \file seed.c - * \author Daniel Otte - * \date 2007-06-1 - * \brief SEED parts in C for AVR - * \par License - * GPL - * - */ -#include -#include -#include -#include "seed_sbox.h" -#include "uart.h" -#include "debug.h" - - -static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1); -static uint32_t g_function(uint32_t x); - -/******************************************************************************/ -/* -void changeendian32(uint32_t * a){ - *a = (*a & 0x000000FF) << 24 | - (*a & 0x0000FF00) << 8 | - (*a & 0x00FF0000) >> 8 | - (*a & 0xFF000000) >> 24; -} -*/ -/******************************************************************************/ -/* -void changeendian64(uint64_t * a){ - *a = (*a & 0x00000000000000FFLL) << 56 | - (*a & 0x000000000000FF00LL) << 40 | - (*a & 0x0000000000FF0000LL) << 24 | - (*a & 0x00000000FF000000LL) << 8 | - (*a & 0x000000FF00000000LL) >> 8 | - (*a & 0x0000FF0000000000LL) >> 24 | - (*a & 0x00FF000000000000LL) >> 40 | - (*a & 0xFF00000000000000LL) >> 56 ; -} -*/ -/******************************************************************************/ - -uint32_t bigendian_sum32(uint32_t a, uint32_t b);/*{ - changeendian32(&a); - changeendian32(&b); - a += b; - changeendian32(&a); - return a; -} -*/ -/******************************************************************************/ -/* static */ -uint32_t bigendian_sub32(uint32_t a, uint32_t b);/*{ - changeendian32(&a); - changeendian32(&b); - a -= b; - changeendian32(&a); - return a; -} -*/ -/******************************************************************************/ -static inline -uint64_t bigendian_rotl8_64(uint64_t a){ - /* - changeendian64(&a); - a = (a<<8) | (a>>(64-8)); - changeendian64(&a); - */ - a = (a>>8) | (a<<(64-8)); - return a; -} - -/******************************************************************************/ -static inline -uint64_t bigendian_rotr8_64(uint64_t a){ - /* - changeendian64(&a); - a = (a>>8) | (a<<(64-8)); - changeendian64(&a); - */ - a = (a<<8) | (a>>(64-8)); - return a; -} - -/******************************************************************************/ -static -uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ - uint32_t c,d; - - c = a & 0x00000000FFFFFFFFLL; - d = (a>>32) & 0x00000000FFFFFFFFLL; - - c ^= k0; d ^= k1; - d ^= c; - d = g_function(d); - c = bigendian_sum32(c,d); - c = g_function(c); - d = bigendian_sum32(c,d); - d = g_function(d); - c = bigendian_sum32(c,d); - a = ((uint64_t)d << 32) | c; - return a; -} - -/******************************************************************************/ -#define M0 0xfc -#define M1 0xf3 -#define M2 0xcf -#define M3 0x3f - -#define X3 (((uint8_t*)(&x))[0]) -#define X2 (((uint8_t*)(&x))[1]) -#define X1 (((uint8_t*)(&x))[2]) -#define X0 (((uint8_t*)(&x))[3]) - -#define Z3 (((uint8_t*)(&z))[0]) -#define Z2 (((uint8_t*)(&z))[1]) -#define Z1 (((uint8_t*)(&z))[2]) -#define Z0 (((uint8_t*)(&z))[3]) - -static -uint32_t g_function(uint32_t x){ - uint32_t z; - /* sbox substitution */ - X3 = pgm_read_byte(&(seed_sbox2[X3])); - X2 = pgm_read_byte(&(seed_sbox1[X2])); - X1 = pgm_read_byte(&(seed_sbox2[X1])); - X0 = pgm_read_byte(&(seed_sbox1[X0])); - /* now the permutation */ - Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3); - Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0); - Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1); - Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2); - return z; -} -/******************************************************************************/ -typedef struct { - uint32_t k0, k1; -} keypair_t; - -keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){ - keypair_t ret; - if (curround>15){ - /* ERROR */ - ret.k0 = ret.k1 = 0; - } else { - /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ - ret.k0 = bigendian_sum32(keystate[0], keystate[2]); - ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); - ret.k0 = g_function(ret.k0); - ret.k1 = bigendian_sub32(keystate[1], keystate[3]); - ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(ret.k1); - - if (curround & 1){ - /* odd round (1,3,5, ...) */ - ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] ); - } else { - /* even round (0,2,4, ...) */ - ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]); - } - } - return ret; -} - - -/******************************************************************************/ - -keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){ - keypair_t ret; - if (curround>15){ - /* ERROR */ - ret.k0 = ret.k1 = 0; - } else { - if (curround & 1){ - /* odd round (1,3,5, ..., 15) */ - ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] ); - } else { - /* even round (0,2,4, ..., 14) */ - ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]); - } - /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ - ret.k0 = bigendian_sum32(keystate[0], keystate[2]); - ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); - ret.k0 = g_function(ret.k0); - ret.k1 = bigendian_sub32(keystate[1], keystate[3]); - ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(ret.k1); - } - return ret; -} - -/******************************************************************************/ - -typedef struct{ - uint32_t k[4]; -} seed_ctx_t; - -/******************************************************************************/ - -void seed_init(uint8_t * key, seed_ctx_t * ctx){ - memcpy(ctx->k, key, 128/8); -} - -/******************************************************************************/ - -#define L (((uint64_t*)buffer)[0]) -#define R (((uint64_t*)buffer)[1]) - -void seed_enc(void * buffer, seed_ctx_t * ctx){ - uint8_t r; - keypair_t k; - for(r=0; r<8; ++r){ - k = getnextkeys(ctx->k, 2*r); -/* - DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); -*/ - L ^= f_function(R,k.k0,k.k1); - - k = getnextkeys(ctx->k, 2*r+1); -/* - DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); -*/ - R ^= f_function(L,k.k0,k.k1); - } - /* just an exchange without temp. variable */ - L ^= R; - R ^= L; - L ^= R; -} - -/******************************************************************************/ - -#define L (((uint64_t*)buffer)[0]) -#define R (((uint64_t*)buffer)[1]) - -void seed_dec(void * buffer, seed_ctx_t * ctx){ - int8_t r; - keypair_t k; - for(r=7; r>=0; --r){ - k = getprevkeys(ctx->k, 2*r+1); -/* - DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); -*/ - L ^= f_function(R,k.k0,k.k1); - - k = getprevkeys(ctx->k, 2*r+0); -/* - DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); -*/ - R ^= f_function(L,k.k0,k.k1); - } - /* just an exchange without temp. variable */ - L ^= R; - R ^= L; - L ^= R; -} - - - - - - - - - - - diff --git a/seed_C.c b/seed_C.c new file mode 100644 index 0000000..f055e7f --- /dev/null +++ b/seed_C.c @@ -0,0 +1,286 @@ +/* seed_C.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + /** + * \file seed_C.c + * \author Daniel Otte + * \date 2007-06-1 + * \brief SEED parts in C for AVR + * \par License + * GPL + * + */ +#include +#include +#include +#include "seed_sbox.h" +#include "uart.h" +#include "debug.h" + +/******************************************************************************/ + +static +void changeendian32(uint32_t * a){ + *a = (*a & 0x000000FF) << 24 | + (*a & 0x0000FF00) << 8 | + (*a & 0x00FF0000) >> 8 | + (*a & 0xFF000000) >> 24; +} + +/******************************************************************************/ +static +uint32_t bigendian_sum32(uint32_t a, uint32_t b){ + changeendian32(&a); + changeendian32(&b); + a += b; + changeendian32(&a); + return a; +} + +/******************************************************************************/ +static +uint32_t bigendian_sub32(uint32_t a, uint32_t b){ + changeendian32(&a); + changeendian32(&b); + a -= b; + changeendian32(&a); + return a; +} + +/******************************************************************************/ +static inline +uint64_t bigendian_rotl8_64(uint64_t a){ + /* + changeendian64(&a); + a = (a<<8) | (a>>(64-8)); + changeendian64(&a); + */ + a = (a>>8) | (a<<(64-8)); + return a; +} + +/******************************************************************************/ +static inline +uint64_t bigendian_rotr8_64(uint64_t a){ + /* + changeendian64(&a); + a = (a>>8) | (a<<(64-8)); + changeendian64(&a); + */ + a = (a<<8) | (a>>(64-8)); + return a; +} + +/******************************************************************************/ +static +uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ + uint32_t c,d; + + c = a & 0x00000000FFFFFFFFLL; + d = (a>>32) & 0x00000000FFFFFFFFLL; + + c ^= k0; d ^= k1; + d ^= c; + d = g_function(d); + c = bigendian_sum32(c,d); + c = g_function(c); + d = bigendian_sum32(c,d); + d = g_function(d); + c = bigendian_sum32(c,d); + a = ((uint64_t)d << 32) | c; + return a; +} + +/******************************************************************************/ +#define M0 0xfc +#define M1 0xf3 +#define M2 0xcf +#define M3 0x3f + +#define X3 (((uint8_t*)(&x))[0]) +#define X2 (((uint8_t*)(&x))[1]) +#define X1 (((uint8_t*)(&x))[2]) +#define X0 (((uint8_t*)(&x))[3]) + +#define Z3 (((uint8_t*)(&z))[0]) +#define Z2 (((uint8_t*)(&z))[1]) +#define Z1 (((uint8_t*)(&z))[2]) +#define Z0 (((uint8_t*)(&z))[3]) + +static +uint32_t g_function(uint32_t x){ + uint32_t z; + /* sbox substitution */ + X3 = pgm_read_byte(&(seed_sbox2[X3])); + X2 = pgm_read_byte(&(seed_sbox1[X2])); + X1 = pgm_read_byte(&(seed_sbox2[X1])); + X0 = pgm_read_byte(&(seed_sbox1[X0])); + /* now the permutation */ + Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3); + Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0); + Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1); + Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2); + return z; +} +/******************************************************************************/ +typedef struct { + uint32_t k0, k1; +} keypair_t; + +keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + /* ERROR */ + ret.k0 = ret.k1 = 0; + } else { + /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(ret.k1); + + if (curround & 1){ + /* odd round (1,3,5, ...) */ + ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] ); + } else { + /* even round (0,2,4, ...) */ + ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]); + } + } + return ret; +} + + +/******************************************************************************/ + +keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + /* ERROR */ + ret.k0 = ret.k1 = 0; + } else { + if (curround & 1){ + /* odd round (1,3,5, ..., 15) */ + ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] ); + } else { + /* even round (0,2,4, ..., 14) */ + ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]); + } + /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(ret.k1); + } + return ret; +} + +/******************************************************************************/ + +typedef struct{ + uint32_t k[4]; +} seed_ctx_t; + +/******************************************************************************/ + +void seed_init(uint8_t * key, seed_ctx_t * ctx){ + memcpy(ctx->k, key, 128/8); +} + +/******************************************************************************/ + +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) + +void seed_enc(void * buffer, seed_ctx_t * ctx){ + uint8_t r; + keypair_t k; + for(r=0; r<8; ++r){ + k = getnextkeys(ctx->k, 2*r); +/* + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +*/ + L ^= f_function(R,k.k0,k.k1); + + k = getnextkeys(ctx->k, 2*r+1); +/* + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +*/ + R ^= f_function(L,k.k0,k.k1); + } + /* just an exchange without temp. variable */ + L ^= R; + R ^= L; + L ^= R; +} + +/******************************************************************************/ + +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) + +void seed_dec(void * buffer, seed_ctx_t * ctx){ + int8_t r; + keypair_t k; + for(r=7; r>=0; --r){ + k = getprevkeys(ctx->k, 2*r+1); +/* + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +*/ + L ^= f_function(R,k.k0,k.k1); + + k = getprevkeys(ctx->k, 2*r+0); +/* + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +*/ + R ^= f_function(L,k.k0,k.k1); + } + /* just an exchange without temp. variable */ + L ^= R; + R ^= L; + L ^= R; +} + + + + + + + + + + + diff --git a/seed_sbox.h b/seed_sbox.h index 6164f4a..91ce4c6 100644 --- a/seed_sbox.h +++ b/seed_sbox.h @@ -31,7 +31,7 @@ #include #include - +/* uint8_t seed_sbox1[256] PROGMEM ={ 169, 133, 214, 211, 84, 29, 172, 37, 93, 67, 24, 30, 81, 252, 202, 99, @@ -101,30 +101,8 @@ uint8_t seed_sbox2[256] PROGMEM ={ 55, 231, 36, 164, 203, 83, 10, 135, 217, 76, 131, 143, 206, 59, 74, 183 }; - +*/ /* key constants */ -/* -uint32_t seed_kc[16] PROGMEM ={ - 0x9e3779b9, - 0x3c6ef373, - 0x78dde6e6, - 0xf1bbcdcc, - 0xe3779b99, - 0xc6ef3733, - 0x8dde6e67, - 0x1bbcdccf, - 0x3779b99e, - 0x6ef3733c, - 0xdde6e678, - 0xbbcdccf1, - 0x779b99e3, - 0xef3733c6, - 0xde6e678d, - 0xbcdccf1b -}; -// */ -/* key constants (mal andersrum) */ -// /* uint32_t seed_kc[16] PROGMEM ={ 0xb979379e, 0x73f36e3c, @@ -143,5 +121,5 @@ uint32_t seed_kc[16] PROGMEM ={ 0x8d676ede, 0x1bcfdcbc }; -// */ + #endif /*SEED_SBOX_H_*/