From b07fb998ba047b641edb843e73f5284fe5fff9af Mon Sep 17 00:00:00 2001
From: bg <bg@b1d182e4-1ff8-0310-901f-bddb46175740>
Date: Wed, 6 Aug 2008 14:06:57 +0000
Subject: [PATCH 1/1] new noekeon modes, + noekeon optimized

---
 Makefile          |   3 +
 noekeon_asm.S     |   2 +-
 noekeon_cbc_enc.S |  99 +++++++++++++++++++++
 noekeon_cbc_enc.h |   9 ++
 noekeon_ctr.S     |  70 +++++++++++++++
 noekeon_ctr.h     |  42 +++++++++
 noekeon_omac.S    | 217 ++++++++++++++++++++++++++++++++++++++++++++++
 noekeon_omac.h    |  10 +++
 8 files changed, 451 insertions(+), 1 deletion(-)
 create mode 100644 noekeon_cbc_enc.S
 create mode 100644 noekeon_cbc_enc.h
 create mode 100644 noekeon_ctr.S
 create mode 100644 noekeon_ctr.h
 create mode 100644 noekeon_omac.S
 create mode 100644 noekeon_omac.h

diff --git a/Makefile b/Makefile
index 06b4475..c06b398 100644
--- a/Makefile
+++ b/Makefile
@@ -204,6 +204,9 @@ docu:
 %.lst: %.elf
 	$(OBJDUMP) -h -S $< > $@
 
+%.lst: %.o
+	$(OBJDUMP) -h -S $< > $@
+
 # Rules for building the .text rom images
 
 %.hex: %.elf
diff --git a/noekeon_asm.S b/noekeon_asm.S
index 146cbb4..5b23292 100644
--- a/noekeon_asm.S
+++ b/noekeon_asm.S
@@ -290,7 +290,7 @@ theta:
 #ifndef NOEKEON_NO_ENC
 ; === noekeon_enc ===
 ;
-;  param1: pointer to buffer/state (r24,r25)
+;  param1: pointer to buffer (r24,r25)
 ;  param2: pointer to k (r22,r23) 
 ;
 .global noekeon_enc
diff --git a/noekeon_cbc_enc.S b/noekeon_cbc_enc.S
new file mode 100644
index 0000000..c563dfc
--- /dev/null
+++ b/noekeon_cbc_enc.S
@@ -0,0 +1,99 @@
+/* noekeon_cbc_enc.S */
+/*
+    This file is part of the Crypto-avr-lib/microcrypt-lib.
+    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \author  Daniel Otte
+ * \email   daniel.otte@rub.de
+ * \date    2008-08-06
+ * \license GPLv3 or later
+ * 
+ * 
+ * 
+ */
+
+.macro push_ p1:req p2:vararg
+	push \p1
+.ifnb \p2	
+	push_ \p2
+.endif
+.endm
+
+.macro pop_ p1:req p2:vararg
+	pop \p1
+.ifnb \p2	
+	pop_ \p2
+.endif
+.endm
+
+.extern noekeon_enc
+
+/*
+ * void noekeon_cbc_enc(void* buffer, uint8_t block_cnt, const void* key)
+ */
+ 
+/* param buffer    is passed in r24:r25
+ * param block_cnt is passed in r22 (r23 is 0)
+ * param key       is passed in r20:r21
+ */
+.global noekeon_cbc_enc
+ noekeon_cbc_enc:
+	push r22
+	movw r22, r20
+	push_ r22, r23, r24, r25
+	rcall noekeon_enc
+1:
+	pop_ r27, r26, r23, r22
+	pop r16 /* bloc  counter */
+	dec r16
+	breq 9f
+	push r16
+	/* xor blocks */
+	movw r30, r26
+	adiw r30, 16
+	ldi r16, 16
+2:
+	ld r17, X+
+	ld r18, Z
+	eor r18, r17
+	st Z+, r18
+	dec r16
+	brne 2b
+	
+	/* call encryption function; X points to our new block */
+	push_ r22, r23, r26, r27
+	movw r24, r26
+	rcall noekeon_enc
+	rjmp 1b
+9: 
+	ret	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
diff --git a/noekeon_cbc_enc.h b/noekeon_cbc_enc.h
new file mode 100644
index 0000000..e9ced11
--- /dev/null
+++ b/noekeon_cbc_enc.h
@@ -0,0 +1,9 @@
+#ifndef NOEKEON_CBC_ENC_H_
+#define NOEKEON_CBC_ENC_H_
+
+#include <stdint.h>
+#include "noekeon.h"
+
+void noekeon_cbc_enc(void* buffer, uint8_t block_cnt, const void* key);
+
+#endif /*NOEKEON_CBC_ENC_H_*/
diff --git a/noekeon_ctr.S b/noekeon_ctr.S
new file mode 100644
index 0000000..9b1d44d
--- /dev/null
+++ b/noekeon_ctr.S
@@ -0,0 +1,70 @@
+/* noekeon_ctr.S */
+/*
+    This file is part of the Crypto-avr-lib/microcrypt-lib.
+    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \author  Daniel Otte
+ * \email   daniel.otte@rub.de
+ * \date    2008-08-06
+ * \license GPLv3 or later
+ * 
+ * 
+ * 
+ */
+ 
+.extern noekeon_enc
+
+/*
+ * void noekeon_ctr_next(void* buffer, const noekeon_ctr_ctx_t* ctx); 
+ */
+.global noekeon_ctr_next
+/*
+ * param buffer passed in r24:r25
+ * param ctx    passed in r22:r23
+ */
+noekeon_ctr_next:
+	/* copy counter to buffer */
+	movw r26, r24 /* copy buffer  pointer to X */
+	movw r30, r22 /* copy counter pointer to Z */  
+	ldi r16, 16
+1:	
+	ld r0, Z+
+	st X+, r0
+	dec r16
+	brne 1b
+	/* increment counter */	
+	movw r30, r22 /* copy counter pointer to Z */  
+	ldi r17, 1
+	ldi r16, 15
+	ld  r0, Z
+	add r0, r17
+	st  Z+, r0
+1:	
+	ld  r0, Z
+	adc r0, r1
+	st  Z+, r0
+	dec r16
+	brne 1b
+	/* call encryption routine */
+	/* we can leave the first param as is, but have to adjust the second to point to the key */
+	//adiw r22, 16
+	ldi r16, 16
+	add r22, r16
+	adc r23, r0
+//	rcall noekeon_enc
+//	ret
+	rjmp noekeon_enc /* noekeon_enc will return for us */ 
diff --git a/noekeon_ctr.h b/noekeon_ctr.h
new file mode 100644
index 0000000..8ebdac7
--- /dev/null
+++ b/noekeon_ctr.h
@@ -0,0 +1,42 @@
+/* noekeon_ctr.h */
+/*
+    This file is part of the Crypto-avr-lib/microcrypt-lib.
+    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \author  Daniel Otte
+ * \email   daniel.otte@rub.de
+ * \date    2008-08-06
+ * \license GPLv3 or later
+ * 
+ * 
+ * 
+ */
+ 
+#ifndef NOEKEON_CTR_H_
+#define NOEKEON_CTR_H_
+
+#include <stdint.h>
+#include "noekeon.h"
+
+typedef struct{
+	uint8_t counter[16];
+	uint8_t key[16];
+}noekeon_ctr_ctx_t;
+
+void noekeon_ctr_next(void* buffer, const noekeon_ctr_ctx_t* ctx);
+
+#endif /*NOEKEON_CTR_H_*/
diff --git a/noekeon_omac.S b/noekeon_omac.S
new file mode 100644
index 0000000..47b264a
--- /dev/null
+++ b/noekeon_omac.S
@@ -0,0 +1,217 @@
+/* noekeon_omac.S */
+/*
+    This file is part of the Crypto-avr-lib/microcrypt-lib.
+    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \author  Daniel Otte
+ * \email   daniel.otte@rub.de
+ * \date    2008-08-06
+ * \license GPLv3 or later
+ * 
+ * 
+ * 
+ */
+
+#include <avr/io.h>
+
+
+.macro push_ p1:req, p2:vararg
+	push \p1
+.ifnb \p2	
+	push_ \p2
+.endif
+.endm
+
+.macro pop_ p1:req, p2:vararg
+	pop \p1
+.ifnb \p2	
+	pop_ \p2
+.endif
+.endm
+
+.macro push_range from:req, to:req
+	push \from
+.if     \to-\from
+	push_range "(\from+1)",\to
+.endif		
+.endm
+
+.macro pop_range from:req, to:req
+	pop \to
+.if     \to-\from
+	pop_range \from,"(\to-1)"	
+.endif
+.endm
+
+.macro stack_alloc size:req, reg1=r30, reg2=r31
+	in \reg1, _SFR_IO_ADDR(SPL)
+	in \reg2, _SFR_IO_ADDR(SPH)
+	sbiw r30, \size 
+	out  _SFR_IO_ADDR(SPH), \reg2
+	out  _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+.macro stack_free size:req, reg1=r30, reg2=r31
+	in \reg1, _SFR_IO_ADDR(SPL)
+	in \reg2, _SFR_IO_ADDR(SPH)
+	adiw r30, \size 
+	out  _SFR_IO_ADDR(SPH), \reg2
+	out  _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+push_r18_r27_func:
+	pop r31
+	pop r30
+	push_range 18, 27
+	ijmp
+
+pop_r18_r27_func:
+	pop r31
+	pop r30
+	pop_range 18, 27
+	ijmp
+
+.extern noekeon_enc
+
+/*
+ * void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b, 
+ *                   const void* key, uint8_t t)  
+ */
+
+/* param dest        is passed in r24:r25
+ * param msg         is passed in r22:r23
+ * param msglength_b is passed in r20:r21
+ * param key         is passed in r18:r19
+ * param t           is passed in r16
+ */
+.global noekeon_omac
+noekeon_omac:
+	stack_alloc 48
+	ldi r17, 48
+1:
+	st Z+, r1
+	dec r17
+	brne 1b
+	sbiw r30, 48
+	mov r26, r22
+	mov r22, r18
+	mov r18, r24
+	mov r24, r30
+	cpi r16, 0xff
+	breq 2f
+	st Z, r16
+	rcall push_r18_r27_func
+	rcall noekeon_enc
+	rcall pop_r18_r27_func
+	movw r30, r24  
+2:	
+	tst r21
+	brne fullblock
+	cpi r20, 128+1
+	brlo lastblock
+fullblock:	
+	/* copy block to stack buffer */
+	ldi r16, 16
+1:	
+	ld r0, X+
+	ld r17, Z
+	eor r0, r17
+	st Z+, r0
+	dec r16
+	brne 1b
+	rcall push_r18_r27_func
+	rcall noekeon_enc
+	rcall pop_r18_r27_func
+	movw r30, r24
+	subi r20, 128
+	sbci r21, 0
+	rjmp 2 
+lastblock:
+	adiw r24, 16
+	rcall push_r18_r27_func
+	rcall noekeon_enc
+	rcall pop_r18_r27_func
+
+	bst r20, 6 /* set t bit if msglength_b%128==0*/
+2:
+	ldi r16, 16
+	clc
+	movw r30, r24 /* z points to encrypted null  vector (L) */	
+1:	
+	ld r0, Z
+	rol r0
+	st Z+, r0
+	dec r16
+	brne 1b
+	brtc 2f
+	clt
+	rjmp 2b
+2: /* B/P has been calculated */
+	ldi r16, 16
+	sbiw r30, 32
+3:
+	ld r0, Z
+	ldd r17, Z+16
+	eor r0, r17
+	st Z+, r0
+	dec r16
+	brne 3b
+   /* B/P has been xored into stack buffer */
+   /* now we have to xor-in the remaining message */
+    mov r16, r20
+    subi r16, -7
+    lsr r16
+    lsr r16
+    lsr r16  /* r 1*/
+    sbiw r30, 16
+4: 
+    ld r0, X+
+    ld r17, Z
+    eor r0, r17
+    st Z+, r0
+    dec r16
+    brne 4b
+    /* now we have only to insert the 1 at the end of message if msglength_b%128 != 0 */
+    sbiw r30, 1
+    andi r20, 0x07
+    breq 7f
+    ldi r17, 1
+5:
+    dec r20
+    breq 6f
+    lsl r17
+    rjmp 5b  
+6:
+	ld r0, Z
+	eor r0, r17
+	st Z, r0
+7:
+	call noekeon_enc
+	stack_free 48
+	ret
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/noekeon_omac.h b/noekeon_omac.h
new file mode 100644
index 0000000..a31c910
--- /dev/null
+++ b/noekeon_omac.h
@@ -0,0 +1,10 @@
+#ifndef NOEKEON_OMAC_H_
+#define NOEKEON_OMAC_H_
+
+#include "noekeon.h"
+#include <stdint.h>
+
+void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b,
+                  const void* key, uint8_t t);
+
+#endif /*NOEKEON_OMAC_H_*/
-- 
2.39.2