From 38806fc75038026e167a26eff90b6111066a3642 Mon Sep 17 00:00:00 2001 From: bg Date: Fri, 16 Feb 2007 06:16:12 +0000 Subject: [PATCH] + fix hmac-sha256 + camelia (128 bit Key only) C/ASM and C only --- COPYING | 339 +++++++++++++++ Makefile | 7 +- camellia-asm.S | 977 +++++++++++++++++++++++++++++++++++++++++++ camellia.c | 210 ++++++++++ camellia.h | 19 + camellia_C.c | 529 +++++++++++++++++++++++ hmac-sha256.c | 6 +- hmac-sha256.h | 17 + main-camellia-test.c | 233 +++++++++++ main-md5-test.c | 81 ++++ 10 files changed, 2414 insertions(+), 4 deletions(-) create mode 100644 COPYING create mode 100644 camellia-asm.S create mode 100644 camellia.c create mode 100644 camellia.h create mode 100644 camellia_C.c create mode 100644 hmac-sha256.h create mode 100644 main-camellia-test.c create mode 100644 main-md5-test.c diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..9285110 --- /dev/null +++ b/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/Makefile b/Makefile index 43a45c7..c2d824c 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,12 @@ -PRG = skipjack +PRG = rc6 +# camellia # cryptotest -OBJ = main-skipjack-test.o debug.o uart.o serial-tools.o skipjack.o +# OBJ = main-camellia-test.o debug.o uart.o serial-tools.o camellia.o camellia-asm.o +# main-skipjack-test.o debug.o uart.o serial-tools.o skipjack.o # main-sha1-test.o debug.o uart.o serial-tools.o sha1-asm.o # main-md5-test.o debug.o uart.o serial-tools.o md5.o # main-cast5-test.o debug.o uart.o serial-tools.o cast5.o +OBJ = main-rc6-test.o debug.o uart.o serial-tools.o rc6.o # main.o debug.o uart.o serial-tools.o sha256-asm.o xtea-asm.o arcfour-asm.o prng.o cast5.o MCU_TARGET = atmega32 OPTIMIZE = -Os diff --git a/camellia-asm.S b/camellia-asm.S new file mode 100644 index 0000000..36701b2 --- /dev/null +++ b/camellia-asm.S @@ -0,0 +1,977 @@ +/* + * File: camellis-asm.S + * Author: Daniel Otte + * Date: 10.11.2006 + * License: GPL + * Description: Implementation of the camellia block cipher algorithm. + * + */ + +.macro SWAP_R A, B + eor \A, \B + eor \B, \A + eor \A, \B +.endm + +.macro precall + /* push r18 - r27, r30 - r31*/ + push r0 + push r1 + push r18 + push r19 + push r20 + push r21 + push r22 + push r23 + push r24 + push r25 + push r26 + push r27 + push r30 + push r31 + clr r1 +.endm + +.macro postcall + pop r31 + pop r30 + pop r27 + pop r26 + pop r25 + pop r24 + pop r23 + pop r22 + pop r21 + pop r20 + pop r19 + pop r18 + pop r1 + pop r0 +.endm + + +.macro hexdump length + push r27 + push r26 + ldi r25, '\r' + mov r24, r25 + call uart_putc + ldi r25, '\n' + mov r24, r25 + call uart_putc + pop r26 + pop r27 + movw r24, r26 +.if \length > 16 + ldi r22, lo8(16) + ldi r23, hi8(16) + push r27 + push r26 + call uart_hexdump + pop r26 + pop r27 + adiw r26, 16 + hexdump \length-16 +.else + ldi r22, lo8(\length) + ldi r23, hi8(\length) + call uart_hexdump +.endif +.endm + +/* X points to Block */ +.macro dbg_hexdump length + precall + hexdump \length + postcall +.endm + +SPL = 0x3D +SPH = 0x3E +SREG = 0x3F +NULLr = 1 + + +camellia_sbox: +.byte 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65 +.byte 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189 +.byte 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26 +.byte 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77 +.byte 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153 +.byte 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215 +.byte 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34 +.byte 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80 +.byte 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210 +.byte 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148 +.byte 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226 +.byte 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46 +.byte 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89 +.byte 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250 +.byte 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164 +.byte 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 + +//.global camellia_sigma +/* +camellia_sigma: +.quad 0xA09E667F3BCC908B +.quad 0xB67AE8584CAA73B2 +.quad 0xC6EF372FE94F82BE +.quad 0x54FF53A5F1D36F1C +.quad 0x10E527FADE682D1D +.quad 0xB05688C2B3E6C1FD +*/ + + + +/* uint8_t camellia_s1(uint8_t b) */ +.global camellia_s1 +camellia_s1: + ldi r30, lo8(camellia_sbox) + ldi r31, hi8(camellia_sbox) + add r30, r24 + adc r31, NULLr + lpm r24, Z + clr r25 + ret + +.global camellia_s2 +camellia_s2: + ldi r30, lo8(camellia_sbox) + ldi r31, hi8(camellia_sbox) + add r30, r24 + adc r31, NULLr + lpm r24, Z + lsl r24 + adc r24, NULLr + clr r25 + ret + +.global camellia_s3 +camellia_s3: + ldi r30, lo8(camellia_sbox) + ldi r31, hi8(camellia_sbox) + add r30, r24 + adc r31, NULLr + lpm r24, Z + bst r24, 0 + lsr r24 + bld r24, 7 + clr r25 + ret + +.global camellia_s4 +camellia_s4: + ldi r30, lo8(camellia_sbox) + ldi r31, hi8(camellia_sbox) + lsl r24 + adc r24, NULLr + add r30, r24 + adc r31, NULLr + lpm r24, Z + clr r25 + ret + +.global camellia_s +/* uint64_t camellia_s(uint64_t d){ + #define D ((uint8_t*)(&d)) + D[7] = camellia_s1(D[7]); // MSB + D[6] = camellia_s2(D[6]); + D[5] = camellia_s3(D[5]); + D[4] = camellia_s4(D[4]); + + D[3] = camellia_s2(D[3]); + D[2] = camellia_s3(D[2]); + D[1] = camellia_s4(D[1]); + D[0] = camellia_s1(D[0]); // LSB + #undef D + return d; +}*/ +; parameters +; d: r18-r25 (r18 is LSB) +camellia_s: + movw r26, r24 ; backup r24,r25 -> X + clr r25 + call camellia_s2 + mov r26, r24 + + mov r24, r27 + call camellia_s1 + mov r27, r24 + + mov r24, r23 + call camellia_s3 + mov r23, r24 + + mov r24, r22 + call camellia_s4 + mov r22, r24 + + mov r24, r21 + call camellia_s2 + mov r21, r24 + + mov r24, r20 + call camellia_s3 + mov r20, r24 + + mov r24, r19 + call camellia_s4 + mov r19, r24 + + + mov r24, r18 + call camellia_s1 + mov r18, r24 + + movw r24, r26 + ret + +;############################################################################## +/* uint64_t camellia_p(uint64_t d) */ +; param: r18-r25 (r18 is LSB) +z1 = 25 +z2 = 24 +z3 = 23 +z4 = 22 +z5 = 21 +z6 = 20 +z7 = 19 +z8 = 18 + +.global camellia_p +camellia_p: + eor z1, z6 + eor z2, z7 + eor z3, z8 + eor z4, z5 + eor z5, z3 + eor z6, z4 + eor z7, z1 + eor z8, z2 + ;--------- + eor z1, z8 + eor z2, z5 + eor z3, z6 + eor z4, z7 + eor z5, z4 + eor z6, z1 + eor z7, z2 + eor z8, z3 + ;--------- + movw r26, z8 + movw r30, z6 ; backup z5 bis z8 + movw z8, z4 + movw z6, z2 + movw z4, r26 + movw z2, r30 + ret + + +;############################################################################## + +/* uint64_t camellia_f(uint64_t x, uint64_t k) */ +; param x: r18-r25 +; param k: r10-r17 +.global camellia_f +camellia_f: + eor r18, r10 + eor r19, r11 + eor r20, r12 + eor r21, r13 + eor r22, r14 + eor r23, r15 + eor r24, r16 + eor r25, r17 + call camellia_s + call camellia_p + ret + +;############################################################################## + +/* uint64_t camellia_fl(uint64_t x, uint64_t k) */ +; param x: r18-r25 xl: r22-r25, xr: r18-r21 +; param k: r10-r17 kl: r14-r17, kr: r10-r13 +kl1 = 14 +kl2 = 15 +kl3 = 16 +kl4 = 17 +kr1 = 10 +kr2 = 11 +kr3 = 12 +kr4 = 13 +xr1 = 18 +xr2 = 19 +xr3 = 20 +xr4 = 21 +xl1 = 22 +xl2 = 23 +xl3 = 24 +xl4 = 25 +.global camellia_fl +camellia_fl: + and kl1, xl1 + and kl2, xl2 + and kl3, xl3 + and kl4, xl4 + mov r26, kl4 + rol r26 + rol kl1 + rol kl2 + rol kl3 + rol kl4 + eor xr1, kl1 + eor xr2, kl2 + eor xr3, kl3 + eor xr4, kl4 + // that was part one + or kr1, xr1 + or kr2, xr2 + or kr3, xr3 + or kr4, xr4 + eor xl1, kr1 + eor xl2, kr2 + eor xl3, kr3 + eor xl4, kr4 + ret + +;############################################################################## + +/* uint64_t camellia_fl_inv(uint64_t y, uint64_t k) */ +; param y: r18-r25 yl: r22-r25, yr: r18-r21 +; param k: r10-r17 kl: r14-r17, kr: r10-r13 +kl1 = 14 +kl2 = 15 +kl3 = 16 +kl4 = 17 +kr1 = 10 +kr2 = 11 +kr3 = 12 +kr4 = 13 +yr1 = 18 +yr2 = 19 +yr3 = 20 +yr4 = 21 +yl1 = 22 +yl2 = 23 +yl3 = 24 +yl4 = 25 +.global camellia_fl_inv +camellia_fl_inv: + or kr1, yr1 + or kr2, yr2 + or kr3, yr3 + or kr4, yr4 + eor yl1, kr1 + eor yl2, kr2 + eor yl3, kr3 + eor yl4, kr4 + // the first one is done + and kl1, yl1 + and kl2, yl2 + and kl3, yl3 + and kl4, yl4 + mov r26, kl4 + rol r26 + rol kl1 + rol kl2 + rol kl3 + rol kl4 + eor yr1, kl1 + eor yr2, kl2 + eor yr3, kl3 + eor yr4, kl4 + ret + +;############################################################################## +; param s: r24-r25 +; param q: r22 +B1 = 18 +B2 = 19 +.global camellia128_keyop_rot15 +camellia128_keyop_rot15: + movw r30, r24 ; Z points at LSB of kl ;-- 0 + ldi r22, 2 +2: adiw r30, 15 ;-- 15 + ld r21, Z + ld r20, -Z ;-- 14 + movw B1, r20 ; store Backup of the 2 MSB of kl + ror r20 + + ldi r21, 14 +1: ld r20, -Z ;-- 13..0 + ror r20 + std Z+2, r20 ;-- (15..2) + dec r21 + brne 1b + + ror B2 + ror B1 + st Z+, B1 ;-- 1 + st Z, B2 + adiw r30, 15 ;-- 16 + + dec r22 + brne 2b + ret + +;############################################################################## +; param s: r24-r25 +; param q: r22 +.global camellia128_keyop_rot17 +camellia128_keyop_rot17: + push r8 + push r9 + push r10 + push r11 + push r12 + push r13 + push r14 + push r15 + push r16 + push r17 + clt + movw r30, r24 + clr r27 +2: ldi r26, 8 + mov r1, r26 + lsl r1 ; r1=16 + ;push r1 + ; load 128bit value + ldd r0, Z+15 + rol r0 +1: ld r0, Z+ + rol r0 + st X+, r0 + dec r1 + brne 1b + + st -Z, 21 + st -Z, 20 + st -Z, 19 + st -Z, 18 + st -Z, 17 + st -Z, 16 + st -Z, 15 + st -Z, 14 ;-- + st -Z, 13 + st -Z, 12 + st -Z, 11 + st -Z, 10 + st -Z, 9 + st -Z, 8 + st -Z, 23 + st -Z, 22 + + brts 2f + set + adiw r30, 16 + rjmp 2b +2: + pop r17 + pop r16 + pop r15 + pop r14 + pop r13 + pop r12 + pop r11 + pop r10 + pop r9 + pop r8 + ret + +;############################################################################## +; param s: r24-r25 +; param q: r22 +.global camellia128_keyop +camellia128_keyop: + cpi r22, 1 + breq camellia128_keyop_rot17 + rjmp camellia128_keyop_rot15 + +;############################################################################## +; param s: r24-r25 +; param q: r22 +B1 = 18 +B2 = 19 +.global camellia128_keyop_inv_rot15 +camellia128_keyop_inv_rot15: + movw r30, r24 ; Z points at LSB of kl ;-- 0 + movw r26, r24 ; X also + ldi r22, 2 +2: ;-- 0 + ld r20, Z+ ;-- 0/1 + ld r21, Z+ ;-- 1/2 + movw B1, r20 ; store Backup of the 2 LSB of kl + rol r21 + + ldi r20, 14 +1: ld r21, Z+ ;-- 2/14..3/16 + rol r21 + st X+, r21 ;-- (0..13)/(1..14) + dec r20 + brne 1b + + rol B1 + rol B2 + st X+, B1 ;-- 14/15 + st X+, B2 ;-- 15/16 + + dec r22 + brne 2b + ret + +;############################################################################## +; param s: r24-r25 +; param q: r22 +.global camellia128_keyop_inv_rot17 +camellia128_keyop_inv_rot17: + push r8 + push r9 + push r10 + push r11 + push r12 + push r13 + push r14 + push r15 + push r16 + push r17 + clt + movw r30, r24 + clr r27 +2: ldi r26, 8 + mov r1, r26 + lsl r1 ; r1=16 + ; load 128bit value + + ld r0, Z + adiw r30, 16 + ror r0 +1: ld r0, -Z + ror r0 + st X+, r0 + dec r1 + brne 1b + + st Z+, 21 + st Z+, 20 + st Z+, 19 + st Z+, 18 + st Z+, 17 + st Z+, 16 + st Z+, 15 + st Z+, 14 ;-- + st Z+, 13 + st Z+, 12 + st Z+, 11 + st Z+, 10 + st Z+, 9 + st Z+, 8 + st Z+, 23 + st Z+, 22 + + brts 2f + set +; adiw r30, 16 + rjmp 2b +2: + pop r17 + pop r16 + pop r15 + pop r14 + pop r13 + pop r12 + pop r11 + pop r10 + pop r9 + pop r8 + ret + +;############################################################################## +; param s: r24-r25 +; param q: r22 +.global camellia128_keyop_inv +camellia128_keyop_inv: + cpi r22, 1 + breq camellia128_keyop_inv_rot17 + rjmp camellia128_keyop_inv_rot15 + +;############################################################################## +; param p: r24-r25 pointer to data +; param l: r22 length of word +.global change_endian +change_endian: + movw r26, r24 + movw r30, r24 + add r30, r22 + adc r31, r1 + lsr r22 +1: + ld r20, X + ld r21, -Z + st X+, r21 + st Z, r20 + dec r22 + brne 1b + ret + +;############################################################################## + +#define SEL_KA 1 +#define SEL_KL 0 +#define KEY_POSTC1 0x00 +#define KEY_POSTC2 0x01 +#define KEY_INC2 0x02 +#define KEY_DIR 0x04 +#define KEY_DIR_NORM 0x00 +#define KEY_DIR_INV 0x04 +#define KEY_AMMOUNT 0x08 +#define KEY_ROL17 0x08 +#define KEY_ROL15 0x00 +/* +void camellia_6rounds(camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){ + uint8_t i; + uint64_t* k[4]; + k[0] = &(s->kll); + k[1] = &(s->klr); + k[2] = &(s->kal); + k[3] = &(s->kar); + for(i=0; i<3; ++i){ / * each cycle * / + br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)])); + keychoice >>= 1; + + if((i == 1) && (roundop&KEY_INC2)){ + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(s,(roundop&KEY_AMMOUNT)?1:-1); + } + + bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)])); + keychoice >>= 1; + + / * check if we should do some keyop * / + if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){ + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(s,(roundop&KEY_AMMOUNT)?1:-1); + / * isn't it fuckin nice what we can do in C?! * / + } + } +} +*/ +; param s: r24-r25 +; param bl: r22-r23 +; param br: r20-r21 +; param roundop: r18 +; param keychoice: r16 +s1 = 24 +s2 = 25 +bl1 = 22 +bl2 = 23 +br1 = 20 +br2 = 22 +xro = 18 +kc = 16 +xro_sec = 17 +br1_sec = 10 +br2_sec = 11 +bl1_sec = 12 +bl2_sec = 13 +s1_sec = 14 +t = 9 +loop_cnt = 8 +keyop_time = 7 + +.global camellia_6rounds +camellia_6rounds: + push r17 + push r16 + push r15 + push r14 + push r13 + push r12 + push r11 + push r10 + push r9 + push r8 + push r7 + + ldi r17, 6 + mov loop_cnt, r17 + mov xro_sec, xro + movw br1_sec, br1 + movw bl1_sec, bl1 + movw s1_sec, s1 + clr keyop_time + inc keyop_time + sec + rol keyop_time // keyop_time == 3 + SBRC xro, 1 // KEY_INC2 + rjmp 1f + SBRS xro, 0 // KEY_POSTC1 + inc keyop_time + SBRS xro, 0 // KEY_POSTC1 + inc keyop_time + rjmp 2f +1: inc keyop_time +2: +main_loop: + /* now we load the key to r18-r25 */ + movw r26, s1_sec + SBRC kc, 0 /* select between KA and KL */ + adiw r26, 16 + SBRC xro_sec, 2 // KEY_DIR + rjmp 2f + SBRS loop_cnt, 0 /* enc */ + adiw r26, 8 + rjmp 3f +2: SBRC loop_cnt, 0 /* dec */ + adiw r26, 8 + rjmp 3f +3: + lsr kc + ld r18, X+ + ld r19, X+ + ld r20, X+ + ld r21, X+ + ld r22, X+ + ld r23, X+ + ld r24, X+ + ld r25, X+ + /* now we xor bl in */ + movw r26, bl1_sec + ld r0, X+ + eor r18, r0 + ld r0, X+ + eor r19, r0 + ld r0, X+ + eor r20, r0 + ld r0, X+ + eor r21, r0 + ld r0, X+ + eor r22, r0 + ld r0, X+ + eor r23, r0 + ld r0, X+ + eor r24, r0 + ld r0, X+ + eor r25, r0 + /* f(x,k) = p(s(x xor k)) ; xor is done */ + call camellia_s; + call camellia_p; + +// in r26, SPL +// in r27, SPH +// sbiw r26, 9 +// dbg_hexdump 10 + /* now we have to xor the result into br */ + clr r31 + ldi r30, 18 + movw r26, br1_sec +; ldi r1, 8 ;-- this won't work + clr r1 + sec + ror r1 + swap r1 +1: ld r0, X + ld t, Z+ + eor r0, t + st X+, r0 + dec r1 + brne 1b + + /* check for keyop */ + cp loop_cnt, keyop_time + brne 3f + movw s1, s1_sec + ldi r22, 1 + SBRS xro_sec, 3 // KEY_ROL17 + neg r22 + SBRS xro_sec, 2 // KEY_DIR + rjmp 2f + call camellia128_keyop_inv + rjmp 3f +2: call camellia128_keyop +3: /* loop back */ + SWAP_R br1_sec, bl1_sec + SWAP_R br2_sec, bl2_sec + dec loop_cnt + breq 2f + jmp main_loop +2: + pop r7 + pop r8 + pop r9 + pop r10 + pop r11 + pop r12 + pop r13 + pop r14 + pop r15 + pop r16 + pop r17 + ret + +;############################################################################## +/* +void camellia128_init(camellia128_ctx_t* s, uint8_t* key){ + uint8_t i; + s->kll = 0; //((uint64_t*)key)[0]; + + / * load the key, endian-adjusted, to kll,klr * / + for(i=0; i<8; ++i){ + s->kll <<= 8; + s->kll |= *key++; + } + for(i=0; i<8; ++i){ + s->klr <<= 8; + s->klr |= *key++; + } + + s->kal = s->kll; + s->kar = s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma[0]); + s->kal ^= camellia_f(s->kar, camellia_sigma[1]); + + s->kal ^= s->kll; + s->kar ^= s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma[2]); + s->kal ^= camellia_f(s->kar, camellia_sigma[3]); + / * * / +// uart_putstr("\n\r----------------init finished--------------------"); +} +*/ +/* +X64_xor_in: + ld r0, X+ + eor r18, r0 + ld r0, X+ + eor r19, r0 + ld r0, X+ + eor r20, r0 + ld r0, X+ + eor r21, r0 + ld r0, X+ + eor r22, r0 + ld r0, X+ + eor r23, r0 + ld r0, X+ + eor r24, r0 + ld r0, X+ + eor r25, r0 + ret + +X64_load: + ld r18, X+ + ld r19, X+ + ld r20, X+ + ld r21, X+ + ld r22, X+ + ld r23, X+ + ld r24, X+ + ld r25, X+ + ret + +Y64_load_xor_store: + ld r0, Y + eor r18, r0 + st Y+, r18 + ld r0, Y + eor r19, r0 + st Y+, r19 + ld r0, Y + eor r20, r0 + st Y+, r20 + ld r0, Y + eor r21, r0 + st Y+, r21 + ld r0, Y + eor r22, r0 + st Y+, r22 + ld r0, Y + eor r23, r0 + st Y+, r23 + ld r0, Y + eor r24, r0 + st Y+, r24 + ld r0, Y + eor r25, r0 + st Y+, r25 + ret + +; param s: r24-r25 +; param *k: r22-r23 +//.global camellia128_init +camellia128_init: + push r29 + push r28 + movw r30, r24 ; Z is statepointer + movw r26, r22 ; X is keypointer + clr r29 + ldi r28, 18 +// / * load key into kl, ka and kal to r18:r25 * / + adiw r26, 128/8 ;-- 16 + ldi r16, (128/8)-1 +1: ld r17, -X + std Z+(128/8), r17 + st Z+, r17 + sbrs r16, 3 + st Y+, r17 ; this should only be done the last 8 rounds 0<=r16<=7 + dec r16 + brpl 1b +// / * step 1 * / + ldi r26, lo8(camellia_sigma) + ldi r27, hi8(camellia_sigma) + call X64_xor_in + call camellia_s + call camellia_p // / * f(x,k) is done * / + sbiw r30, 128/8 + movw r28, r30 ; Z&Y point on kar now + call Y64_load_xor_store + +// / * step 2 now * / + call X64_xor_in + call camellia_s + call camellia_p // / * f(x,k) is done * / + call Y64_load_xor_store + +// / * now the xor part (kl and kr) * / + sbiw r30, 128/8 ; Z points to klr + ldi r16, 128/8 +1: ld r0, Z+ + ldd r1, Z+(128/8)-1 + eor r0, r1 + std Z+(128/8)-1, r0 + dec r16 + brne 1b + +// / * now s->kar ^= camellia_f(s->kal, camellia_sigma[2]); * / + call X64_load ; load sigma[2] + movw r26, r28 ; X&Y point at kal + call X64_xor_in + call camellia_s + call camellia_p + sbiw r28, 128/8/2 ; Y points at kar + call Y64_load_xor_store + +// / * now s->kal ^= camellia_f(s->kar, camellia_sigma[3]); * / + sbiw r26, 128/8 ; + call X64_load ; load kar + ldi r26, lo8(camellia_sigma+3*8) + ldi r27, hi8(camellia_sigma+3*8) + call X64_xor_in ; xor sigma[3] in + call camellia_s + call camellia_p + call Y64_load_xor_store + + pop r28 + pop r29 + ret + +//*/ + + + + + + + + + diff --git a/camellia.c b/camellia.c new file mode 100644 index 0000000..d838c6b --- /dev/null +++ b/camellia.c @@ -0,0 +1,210 @@ +/** + * + * + * + * + */ + +#include +#include +#include +#include "camellia.h" +#include "uart.h" +#include "debug.h" +#include + +/*****************************************************************************/ +uint64_t camellia_f(uint64_t x, uint64_t k); +/*****************************************************************************/ +uint64_t camellia_fl(uint64_t x, uint64_t k); +/*****************************************************************************/ +uint64_t camellia_fl_inv(uint64_t y, uint64_t k); +/*****************************************************************************/ +void change_endian(void* data, uint8_t length); + +uint64_t camellia_sigma[6]={ + 0xA09E667F3BCC908BLL, + 0xB67AE8584CAA73B2LL, + 0xC6EF372FE94F82BELL, + 0x54FF53A5F1D36F1CLL, + 0x10E527FADE682D1DLL, + 0xB05688C2B3E6C1FDLL +}; + +/*****************************************************************************/ + +void camellia128_ctx_dump(camellia128_ctx_t *s){ + uart_putstr("\r\n==State Dump=="); + uart_putstr("\n\rKAl: "); uart_hexdump(&(s->kal), 8); + uart_putstr("\n\rKAr: "); uart_hexdump(&(s->kar), 8); + uart_putstr("\n\rKLl: "); uart_hexdump(&(s->kll), 8); + uart_putstr("\n\rKLr: "); uart_hexdump(&(s->klr), 8); + return; +} + +/*****************************************************************************/ +//* +//extern prog_uint64_t camellia_sigma[6]; + +void camellia128_init(camellia128_ctx_t* s, uint8_t* key){ + uint8_t i; + s->kll = 0; //((uint64_t*)key)[0]; + +// / * load the key, endian-adjusted, to kll,klr * / + for(i=0; i<8; ++i){ + s->kll <<= 8; + s->kll |= *key++; + } + for(i=0; i<8; ++i){ + s->klr <<= 8; + s->klr |= *key++; + } + + s->kal = s->kll; + s->kar = s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma[0]); + s->kal ^= camellia_f(s->kar, camellia_sigma[1]); + + s->kal ^= s->kll; + s->kar ^= s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma[2]); + s->kal ^= camellia_f(s->kar, camellia_sigma[3]); +// / ** / +// uart_putstr("\n\r----------------init finished--------------------"); +} +//*/ +/*****************************************************************************/ +void camellia128_keyop(camellia128_ctx_t* s, int8_t q); +/*****************************************************************************/ +void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q); +/*****************************************************************************/ + +#define SEL_KA 1 +#define SEL_KL 0 + +#define KEY_POSTC1 0x00 +#define KEY_POSTC2 0x01 +#define KEY_INC2 0x02 + +#define KEY_DIR 0x04 +#define KEY_DIR_NORM 0x00 +#define KEY_DIR_INV 0x04 + +#define KEY_AMMOUNT 0x08 +#define KEY_ROL17 0x08 +#define KEY_ROL15 0x00 + +void camellia_6rounds(camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice); +/*****************************************************************************/ + + +void camellia128_enc(camellia128_ctx_t* s, void* block){ + + #define BL (((uint64_t*)block)[0]) + #define BR (((uint64_t*)block)[1]) + /* endian adjustment */ + /*BL*/ + /* 1 2 3 4 5 6 7 8 + * 8 7 6 5 4 3 2 1 + */ + + uint64_t temp64; + + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); + + /* Prewhitening */ + BL ^= s->kll; + BR ^= s->klr; + + /* the first 6 */ + camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33); + /* FL injection */ + camellia128_keyop(s, -1); + BL = camellia_fl(BL, s->kal); + BR = camellia_fl_inv(BR, s->kar); + camellia128_keyop(s, -1); + /* middle 6 */ + camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34); + /* FL injection */ + camellia128_keyop(s, 1); + BL = camellia_fl(BL, s->kll); + BR = camellia_fl_inv(BR, s->klr); + camellia128_keyop(s, 1); + /* last 6 */ + camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C); + /* Postwhitening */ + BR ^= s->kal; + BL ^= s->kar; + + temp64 = BR; + BR = BL; + BL = temp64; + + + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); + + #undef BL + #undef BR +} + +/*****************************************************************************/ + +void camellia128_dec(camellia128_ctx_t* s, void* block){ + + #define BL (((uint64_t*)block)[1]) + #define BR (((uint64_t*)block)[0]) + /* endian adjustment */ + /*BL*/ + /* 1 2 3 4 5 6 7 8 + * 8 7 6 5 4 3 2 1 + */ + + uint64_t temp64; + + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); + + camellia128_keyop_inv(s, 1); + /* Prewhitening */ + BR ^= s->kal; /* kw3 */ + BL ^= s->kar; /* kw4 */ + /* the first 6 */ + camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C); + /* FL injection */ + camellia128_keyop_inv(s, 1); + BR = camellia_fl(BR, s->klr); + BL = camellia_fl_inv(BL, s->kll); + camellia128_keyop_inv(s, 1); + /* middle 6 */ + camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B); + /* FL injection */ + camellia128_keyop_inv(s, -1); + BR = camellia_fl(BR, s->kar); + BL = camellia_fl_inv(BL, s->kal); + camellia128_keyop_inv(s, -1); + /* last 6 */ + camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33); + + /* Postwhitening */ + BL ^= s->kll; /* kw1 */ + BR ^= s->klr; /* kw2 */ + + temp64 = BR; + BR = BL; + BL = temp64; + + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); + +} + +/*****************************************************************************/ +/*****************************************************************************/ + + + +/* EOF */ diff --git a/camellia.h b/camellia.h new file mode 100644 index 0000000..6ced2b2 --- /dev/null +++ b/camellia.h @@ -0,0 +1,19 @@ +#ifndef CAMELLIA_H_ +#define CAMELLIA_H_ + +#include + +typedef struct camellia128_ctx_s{ + uint64_t klr; + uint64_t kll; + uint64_t kar; + uint64_t kal; +}camellia128_ctx_t; + + +void camellia128_init(camellia128_ctx_t* s, uint8_t* key); +void camellia128_enc(camellia128_ctx_t* s, void* block); +void camellia128_dec(camellia128_ctx_t* s, void* block); + + +#endif /*CAMELLIA_H_*/ diff --git a/camellia_C.c b/camellia_C.c new file mode 100644 index 0000000..bff7a32 --- /dev/null +++ b/camellia_C.c @@ -0,0 +1,529 @@ +/** + * + * + * + * + */ + +#include +#include +#include +#include "camellia.h" +#include "uart.h" +#include "debug.h" +#include + +/*****************************************************************************/ + +uint8_t rol(uint8_t a, uint8_t n){return ((a<>(8-n)));} + +/*****************************************************************************/ + +uint8_t ror(uint8_t a, uint8_t n){return ((a<<(8-n)) | (a>>n));} + +/*****************************************************************************/ + +uint32_t rol32(uint32_t a, uint8_t n){ + return ((a<>(32-n))); +} + +/*****************************************************************************/ + +uint64_t rol64(uint64_t a, uint8_t n){ + return ((a<>(64-n))); +} + +/*****************************************************************************/ + +uint8_t camellia_s1_table[256] PROGMEM = { + 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, + 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, + 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, + 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, + 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, + 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, + 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, + 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, + 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, + 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, + 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, + 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, + 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, + 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, + 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, + 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 +}; + +/*****************************************************************************/ + +uint8_t camellia_s1(uint8_t b){ + return pgm_read_byte_near(&(camellia_s1_table[b])); +} + +/*****************************************************************************/ + +uint8_t camellia_s2(uint8_t b){ + return rol(pgm_read_byte_near(&(camellia_s1_table[b])),1); +} + +/*****************************************************************************/ + +uint8_t camellia_s3(uint8_t b){ + return ror(pgm_read_byte_near(&(camellia_s1_table[b])),1); +} + +/*****************************************************************************/ + +uint8_t camellia_s4(uint8_t b){ + return pgm_read_byte_near(&(camellia_s1_table[rol(b,1)])); +} + +/*****************************************************************************/ + +uint64_t camellia_s(uint64_t d){ +// uart_putstr("\n\r S von "); uart_hexdump(&(d), 8); + #define D ((uint8_t*)(&d)) + D[7] = camellia_s1(D[7]); + D[6] = camellia_s2(D[6]); + D[5] = camellia_s3(D[5]); + D[4] = camellia_s4(D[4]); + + D[3] = camellia_s2(D[3]); + D[2] = camellia_s3(D[2]); + D[1] = camellia_s4(D[1]); + D[0] = camellia_s1(D[0]); + #undef D +// uart_putstr(" ist "); uart_hexdump(&(d), 8); + return d; +} + +/*****************************************************************************/ + +uint64_t camellia_p(uint64_t d){ + uint64_t z=0; + #define D ((uint8_t*)(&d)) + #define Z ((uint8_t*)(&z)) +/* + Z[0] = D[4] ^ D[3] ^ D[1]; + Z[1] = D[5] ^ D[0] ^ D[2]; + Z[2] = D[6] ^ D[1] ^ D[3]; + Z[3] = D[7] ^ D[2] ^ D[0]; + Z[4] = D[0] ^ D[6] ^ D[5]; + Z[5] = D[1] ^ D[7] ^ D[6]; + Z[6] = D[2] ^ D[4] ^ D[7]; + Z[7] = D[3] ^ D[5] ^ D[4]; +*/ +// Z[7] = z1 z3 z4 z6 z7 z8 +// uart_putstr("\n\r P von "); uart_hexdump(&(d), 8); + + Z[7] = D[7] ^ D[5] ^ D[4] ^ D[2] ^ D[1] ^ D[0]; + Z[6] = D[7] ^ D[6] ^ D[4] ^ D[3] ^ D[1] ^ D[0]; + Z[5] = D[7] ^ D[6] ^ D[5] ^ D[3] ^ D[2] ^ D[0]; + Z[4] = D[6] ^ D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ; + Z[3] = D[7] ^ D[6] ^ D[2] ^ D[1] ^ D[0]; + Z[2] = D[6] ^ D[5] ^ D[3] ^ D[1] ^ D[0]; + Z[1] = D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[0]; + Z[0] = D[7] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ; + +// uart_putstr(" ist "); uart_hexdump(&(z), 8); + + #undef Z + #undef D + return z; +} + +/*****************************************************************************/ + +uint64_t camellia_f(uint64_t x, uint64_t k){ + uint64_t y; + y = camellia_p(camellia_s(x ^ k)); +/* + uart_putstr("\r\nEfunc X="); + uart_hexdump(&(x), 8); + uart_putstr(" K="); + uart_hexdump(&(k), 8); + uart_putstr(" Y="); + uart_hexdump(&(y), 8); +*/ + return y; +} + +/*****************************************************************************/ + +uint64_t camellia_fl(uint64_t x, uint64_t k){ + volatile uint64_t lx[1], lk[1], y[1]; + lx[0]=x; lk[0] = k; + + #define Y ((uint32_t*)y) + #define X ((uint32_t*)lx) + #define K ((uint32_t*)lk) + + Y[0] = rol32((X[1]) & K[1],1) ^ (X[0]); /* Yr */ + Y[1] = (Y[0] | K[0]) ^ (X[1]); /* Yl */ + +/* + uart_putstr("\r\nFL("); + uart_hexdump(&(x), 8); + uart_putstr(", "); + uart_hexdump(&(k), 8); + uart_putstr(") = "); + uart_hexdump(y, 8); +*/ + #undef K + #undef X + #undef Y + return y[0]; +} + +/*****************************************************************************/ + +uint64_t camellia_fl_inv(uint64_t y, uint64_t k){ +//volatile uint32_t xl, xr; + volatile uint64_t ly[1], lk[1], x[1]; + ly[0]=y; lk[0] = k; + #define Y ((uint32_t*)ly) + #define X ((uint32_t*)x) + #define K ((uint32_t*)lk) + + X[1]=(Y[0] | K[0]) ^ Y[1]; + X[0]=rol32((X[1] & K[1]),1) ^ Y[0]; + +/* + uart_putstr("\r\nFL_inv("); + uart_hexdump(&(y), 8); + uart_putstr(", "); + uart_hexdump(&(k), 8); + uart_putstr(") = "); +*/ + #undef K + #undef X + #undef Y + return x[0]; +} + +/*****************************************************************************/ + +uint64_t camellia_sigma[6]={ + 0xA09E667F3BCC908BLL, + 0xB67AE8584CAA73B2LL, + 0xC6EF372FE94F82BELL, + 0x54FF53A5F1D36F1CLL, + 0x10E527FADE682D1DLL, + 0xB05688C2B3E6C1FDLL +}; + +/*****************************************************************************/ + +void camellia128_ctx_dump(camellia128_ctx_t *s){ + uart_putstr("\r\n==State Dump=="); + uart_putstr("\n\rKAl: "); uart_hexdump(&(s->kal), 8); + uart_putstr("\n\rKAr: "); uart_hexdump(&(s->kar), 8); + uart_putstr("\n\rKLl: "); uart_hexdump(&(s->kll), 8); + uart_putstr("\n\rKLr: "); uart_hexdump(&(s->klr), 8); + return; +} + +/*****************************************************************************/ + +void camellia128_init(camellia128_ctx_t* s, uint8_t* key){ + uint8_t i; + s->kll = 0; //((uint64_t*)key)[0]; + + /* load the key, endian-adjusted, to kll,klr */ + for(i=0; i<8; ++i){ + s->kll <<= 8; + s->kll |= *key++; + } + for(i=0; i<8; ++i){ + s->klr <<= 8; + s->klr |= *key++; + } + + s->kal = s->kll; + s->kar = s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma[0]); + s->kal ^= camellia_f(s->kar, camellia_sigma[1]); + + s->kal ^= s->kll; + s->kar ^= s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma[2]); + s->kal ^= camellia_f(s->kar, camellia_sigma[3]); + /**/ +// uart_putstr("\n\r----------------init finished--------------------"); +} + +/*****************************************************************************/ + +void camellia128_keyop(camellia128_ctx_t* s, int8_t q){ + /* first we do 16 bit left-rols for kl and ka (128bit each) */ + uint32_t temp; + + temp = (s->kal)>>(64-16-q); + s->kal = s->kal<<(16+q) | s->kar>>(64-16-q); + s->kar = s->kar<<(16+q) | temp; + + temp = (s->kll)>>(64-16-q); + s->kll = s->kll<<(16+q) | s->klr>>(64-16-q); + s->klr = s->klr<<(16+q) | temp; + /* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */ +} + +/*****************************************************************************/ + +void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){ + /* first we do 16 bit right-rols for kl and ka (128bit each) */ + uint32_t temp; + + temp = (s->kar)&(0xffffff>>(24-16-q)); + s->kar = s->kar>>(16+q) | s->kal<<(64-16-q); + s->kal = s->kal>>(16+q) | ((uint64_t)temp)<<(64-16-q); + + temp = (s->klr)&(0xffffff>>(24-16-q)); + s->klr = s->klr>>(16+q) | s->kll<<(64-16-q); + s->kll = s->kll>>(16+q) | ((uint64_t)temp)<<(64-16-q); + /* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */ +} + +/*****************************************************************************/ + +#define SEL_KA 1 +#define SEL_KL 0 + +#define KEY_POSTC1 0x00 +#define KEY_POSTC2 0x01 +#define KEY_INC2 0x02 + +#define KEY_DIR 0x04 +#define KEY_DIR_NORM 0x00 +#define KEY_DIR_INV 0x04 + +#define KEY_AMMOUNT 0x08 +#define KEY_ROL17 0x08 +#define KEY_ROL15 0x00 + +void camellia_6rounds(camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){ + uint8_t i; + uint64_t* k[4]; + k[0] = &(s->kll); + k[1] = &(s->klr); + k[2] = &(s->kal); + k[3] = &(s->kar); + for(i=0; i<3; ++i){ /* each cycle */ + br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)])); + keychoice >>= 1; + + if((i == 1) && (roundop&KEY_INC2)){ + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(s,(roundop&KEY_AMMOUNT)?1:-1); + } + + bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)])); + keychoice >>= 1; + + /* check if we should do some keyop */ + if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){ + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(s,(roundop&KEY_AMMOUNT)?1:-1); + /* isn't it fuckin nice what we can do in C?! */ + } + } +} + +/*****************************************************************************/ + + +void camellia128_enc(camellia128_ctx_t* s, void* block){ + + #define BL (((uint64_t*)block)[0]) + #define BR (((uint64_t*)block)[1]) + /* endian adjustment */ + /*BL*/ + /* 1 2 3 4 5 6 7 8 + * 8 7 6 5 4 3 2 1 + */ + + uint64_t temp64; + + temp64 = BL; + BL = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + temp64 = BR; + BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + + /* Prewhitening */ + BL ^= s->kll; + BR ^= s->klr; + + /* the first 6 */ +/* + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->kar); + camellia128_keyop(s, -1); + BR ^= camellia_f(BL, s->kll); + BL ^= camellia_f(BR, s->klr); + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->kar); +*/ + camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33); + /* FL injection */ + camellia128_keyop(s, -1); + BL = camellia_fl(BL, s->kal); + BR = camellia_fl_inv(BR, s->kar); + camellia128_keyop(s, -1); + /* middle 6 */ +/* BR ^= camellia_f(BL, s->kll); + BL ^= camellia_f(BR, s->klr); + BR ^= camellia_f(BL, s->kal); + camellia128_keyop(s, -1); + BL ^= camellia_f(BR, s->klr); + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->kar); +/*/ + camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34); + /* FL injection */ + camellia128_keyop(s, 1); + BL = camellia_fl(BL, s->kll); + BR = camellia_fl_inv(BR, s->klr); + camellia128_keyop(s, 1); + /* last 6 */ +/* BR ^= camellia_f(BL, s->kll); + BL ^= camellia_f(BR, s->klr); + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->kar); + camellia128_keyop(s, 1); + + BR ^= camellia_f(BL, s->kll); + BL ^= camellia_f(BR, s->klr); +*/ + camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C); + /* Postwhitening */ + BR ^= s->kal; + BL ^= s->kar; + + temp64 = BR; + BR = BL; + BL = temp64; + + + BL = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + temp64 = BR; + BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + + #undef BL + #undef BR +} + +/*****************************************************************************/ + +void camellia128_dec(camellia128_ctx_t* s, void* block){ + + #define BL (((uint64_t*)block)[1]) + #define BR (((uint64_t*)block)[0]) + /* endian adjustment */ + /*BL*/ + /* 1 2 3 4 5 6 7 8 + * 8 7 6 5 4 3 2 1 + */ + + uint64_t temp64; + + temp64 = BL; + + BL = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + temp64 = BR; + BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + + camellia128_keyop_inv(s, 1); + /* Prewhitening */ + BR ^= s->kal; /* kw3 */ + BL ^= s->kar; /* kw4 */ + + /* the first 6 */ +/* + BL ^= camellia_f(BR, s->klr); /* k18 * / + BR ^= camellia_f(BL, s->kll); /* k17 * / + camellia128_keyop_inv(s, 1); + BL ^= camellia_f(BR, s->kar); + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->klr); + BR ^= camellia_f(BL, s->kll); +*/ + camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C); + + /* FL injection */ + camellia128_keyop_inv(s, 1); + BR = camellia_fl(BR, s->klr); + BL = camellia_fl_inv(BL, s->kll); + camellia128_keyop_inv(s, 1); + /* middle 6 */ +/* BL ^= camellia_f(BR, s->kar); + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->klr); + camellia128_keyop_inv(s, -1); + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->klr); + BR ^= camellia_f(BL, s->kll); +*/ + camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B); + + /* FL injection */ + camellia128_keyop_inv(s, -1); + BR = camellia_fl(BR, s->kar); + BL = camellia_fl_inv(BL, s->kal); + camellia128_keyop_inv(s, -1); + /* last 6 */ +/* + BL ^= camellia_f(BR, s->kar); + BR ^= camellia_f(BL, s->kal); + BL ^= camellia_f(BR, s->klr); + BR ^= camellia_f(BL, s->kll); + camellia128_keyop_inv(s, -1); + BL ^= camellia_f(BR, s->kar); + BR ^= camellia_f(BL, s->kal); +/*/ + camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33); + + /* Postwhitening */ + BL ^= s->kll; /* kw1 */ + BR ^= s->klr; /* kw2 */ + + temp64 = BR; + BR = BL; + BL = temp64; + + + BL = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + temp64 = BR; + BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ + | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ + | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ + | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + +} + +/*****************************************************************************/ +/*****************************************************************************/ + + + +/* EOF */ diff --git a/hmac-sha256.c b/hmac-sha256.c index 3483f12..e6fe3bc 100644 --- a/hmac-sha256.c +++ b/hmac-sha256.c @@ -79,6 +79,8 @@ void hmac_sha256(void* dest, void* key, uint16_t kl, void* msg, uint64_t ml){ /* uint8_t i; uint8_t buffer[SHA256_BLOCK_BITS/8]; + memset(buffer, 0, SHA256_BLOCK_BITS/8); + /* if key is larger than a block we have to hash it*/ if (kl > SHA256_BLOCK_BITS){ sha256((void*)buffer, key, kl); @@ -101,9 +103,9 @@ void hmac_sha256(void* dest, void* key, uint16_t kl, void* msg, uint64_t ml){ /* for (i=0; i +#include +#include + + +#ifndef BOOL +#define BOOL + #ifndef __BOOL + #define __BOOL + #ifndef __BOOL__ + #define __BOOL__ + typedef enum{false=0,true=1} bool; + #endif + #endif +#endif + + + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +/***************************************************************************** + * self tests * + *****************************************************************************/ +void camellia128_ctx_dump(camellia128_ctx_t *s); + +void test_encrypt(uint8_t *block, uint8_t *key, uint16_t keylength, bool print){ + camellia128_ctx_t s; + if (print){ + uart_putstr("\r\nCamellia (enc):\r\n key:\t\t"); + uart_hexdump(key, keylength/8); + uart_putstr("\r\n plaintext:\t"); + uart_hexdump(block, 16); + } + + camellia128_init(&s, key);; + camellia128_enc(&s, block); + if (print){ + uart_putstr("\r\n ciphertext:\t"); + uart_hexdump(block, 16); + } +} + +void test_decrypt(uint8_t *block, uint8_t *key, uint16_t keylength, bool print){ + camellia128_ctx_t s; + if (print){ + uart_putstr("\r\nCamellia (dec):\r\n key:\t\t"); + uart_hexdump(key, keylength/8); + uart_putstr("\r\n ciphertext:\t"); + uart_hexdump(block, 16); + } + camellia128_init(&s, key); + camellia128_dec(&s, block); + if (print){ + uart_putstr("\r\n plaintext:\t"); + uart_hexdump(block, 16); + } +} + +void nessie_test_iterate(uint8_t *block, uint8_t *key){ + uint16_t i; + test_encrypt(block, key, 128, true); + test_decrypt(block, key, 128, true); + uart_putstr("\r\n100 times:"); + for(i=0; i<99; ++i){ + test_encrypt(block, key, 128, false); + } + test_encrypt(block, key, 128, true); + uart_putstr("\r\n1000 times:"); + for(i=0; i<(999-100); ++i){ + test_encrypt(block, key, 128, false); + } + test_encrypt(block, key, 128, true); +} + +void nessie_test_iterate_inv(uint8_t *block, uint8_t *key){ + uint16_t i; + test_decrypt(block, key, 128, true); + test_encrypt(block, key, 128, true); + uart_putstr("\r\n100 times:"); + for(i=0; i<99; ++i){ + test_decrypt(block, key, 128, false); + } + test_encrypt(block, key, 128, true); + uart_putstr("\r\n1000 times:"); + for(i=0; i<(999-100); ++i){ + test_decrypt(block, key, 128, false); + } + test_decrypt(block, key, 128, true); +} + +prog_uint8_t ntt_test_values_in[16] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 +}; + +prog_uint8_t ntt_test_values_out[16] = { + 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, + 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 +}; + +int memcmp_P(const void *s1, PGM_P s2, size_t n){ + uint8_t b; + while(n--){ + b = pgm_read_byte_near(s2); + if( *((uint8_t*)s1) != b) + return(*((uint8_t*)s1)-b); + ++s1; ++s2; + } + return 0; +} + +void testrun_camellia(void){ + /* we run the NESSIE test for Camellia here see + * https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/camellia/Camellia-128-128.verified.test-vectors + * for the vectors + */ + unsigned j, setn; + uint8_t block[16]; + uint8_t key[16]; + memcpy_P(block, ntt_test_values_in, 16); + memcpy_P(key, ntt_test_values_in, 16); + test_encrypt(block, key, 128, true); + if(memcmp_P(block, ntt_test_values_out, 16)){ + uart_putstr("\t[FAILED]\r\n"); + return; + } + uart_putstr("\t[OK]"); + test_decrypt(block, key, 128, true); + if(memcmp_P(block, ntt_test_values_in, 16)){ + uart_putstr("\t[FAILED]\r\n"); + return; + } + uart_putstr("\t[OK]"); + +/* test set #1 & #2 */ + setn=1; + for(setn=1; setn<=2; ++setn){ + for(j=0; j<128; ++j){ + uart_putstr("\r\n\r\n### SET: "); + uart_hexdump(&setn,1); + uart_putstr(" Vector: "); + uart_hexdump(&j,1); + + memset(block, 0, 16); + memset(key, 0, 16); + ((setn&0x1)?key:block)[j>>3] = 1<<(((~j)&0x7)); + nessie_test_iterate(block, key); + } + } +/* test set #3 */ + for(j=0; j<256; ++j){ + uart_putstr("\r\n### SET: "); + uart_hexdump(&setn,1); + uart_putstr(" Vector: "); + uart_hexdump(&j,1); + + memset(block, j, 16); + memset(key, 0, 16); + nessie_test_iterate(block, key); + } + setn++; +/* test set #4 (some strange values*/ + setn++; +/* test ser #5 & #6 (same as 1&2 but enc and dec exchanged)*/ + for(setn=5; setn<=6; ++setn){ + for(j=0; j<128; ++j){ + uart_putstr("\r\n\r\n### SET: "); + uart_hexdump(&setn,1); + uart_putstr(" Vector: "); + uart_hexdump(&j,1); + + memset(block, 0, 16); + memset(key, 0, 16); + ((setn&0x1)?key:block)[j>>3] = 1<<(((~j)&0x7)); + nessie_test_iterate_inv(block, key); + } + } +/* test set #7 */ + for(j=0; j<256; ++j){ + uart_putstr("\r\n### SET: "); + uart_hexdump(&setn,1); + uart_putstr(" Vector: "); + uart_hexdump(&j,1); + + memset(block, j, 16); + memset(key, 0, 16); + nessie_test_iterate_inv(block, key); + } + setn++; +/* test set #4 (some strange values*/ + setn++; +} + + + +/***************************************************************************** + * main * + *****************************************************************************/ + +int main (void){ + char str[20]; + + + DEBUG_INIT(); + uart_putstr("\r\n"); + + uart_putstr("\r\n\r\nCrypto-VS (Camellia)\r\nloaded and running\r\n"); +restart: + while(1){ + if (!getnextwordn(str,20)) {DEBUG_S("DBG: W1\r\n"); goto error;} + if (strcmp(str, "test")) {DEBUG_S("DBG: 1b\r\n"); goto error;} + testrun_camellia(); + goto restart; + continue; + error: + uart_putstr("ERROR\r\n"); + } /* while (1) */ +} + diff --git a/main-md5-test.c b/main-md5-test.c new file mode 100644 index 0000000..8d0e114 --- /dev/null +++ b/main-md5-test.c @@ -0,0 +1,81 @@ +/* + * md5 test suit + * +*/ + +#include "config.h" +#include "serial-tools.h" +#include "uart.h" +#include "debug.h" + +#include "md5.h" + +#include +#include + + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +/***************************************************************************** + * self tests * + *****************************************************************************/ + +/* + * MD5 test suite: + * MD5 ("") = d41d8cd98f00b204e9800998ecf8427e + * MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661 + * MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72 + * MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0 + * MD5 ("abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b + * MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = + * d174ab98d277d9f5a5611c2c9f419d9f + * MD5 ("123456789012345678901234567890123456789012345678901234567890123456 + * 78901234567890") = 57edf4a22be3c955ac49da2e2107b67a + */ + +void testrun_md5(void){ + md5_ctx_t s; + char* testv[]={"", "a", "abc", "message digest", "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; + uint8_t i; + + uart_putstr("\r\n=== MD5 test suit ==="); + for(i=0; i<7; ++i){ + uart_putstr("\r\n MD5 (\""); + uart_putstr(testv[i]); + uart_putstr("\") = \r\n"); + md5_init(&s); + md5_lastBlock(&s, testv[i], strlen(testv[i])*8); + uart_hexdump(&s.a[0], 16); + } +} + + + +/***************************************************************************** + * main * + *****************************************************************************/ + +int main (void){ + char str[20]; + + + DEBUG_INIT(); + uart_putstr("\r\n"); + + uart_putstr("\r\n\r\nCrypto-VS (MD5)\r\nloaded and running\r\n"); +restart: + while(1){ + if (!getnextwordn(str,20)) {DEBUG_S("DBG: W1\r\n"); goto error;} + if (strcmp(str, "test")) {DEBUG_S("DBG: 1b\r\n"); goto error;} + testrun_md5(); + goto restart; + continue; + error: + uart_putstr("ERROR\r\n"); + } /* while (1) */ +} + -- 2.39.5