From 7c4486d3328c45462fd276916cb94b80b48725fc Mon Sep 17 00:00:00 2001 From: bg Date: Sun, 21 Sep 2008 21:38:10 +0000 Subject: [PATCH 01/16] forgotten file, my fault --- test_src/main-a5_1-test.c | 86 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 test_src/main-a5_1-test.c diff --git a/test_src/main-a5_1-test.c b/test_src/main-a5_1-test.c new file mode 100644 index 0000000..a330286 --- /dev/null +++ b/test_src/main-a5_1-test.c @@ -0,0 +1,86 @@ +/* main-a5_1-test.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * A5/1 test-suit + * +*/ + +#include "config.h" +#include "serial-tools.h" +#include "uart.h" +#include "debug.h" + +#include +#include "nessie_stream_test.h" + +#include +#include + +char* cipher_name = "A5_1"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ +void a51_genctx_dummy(uint8_t* key, uint16_t keysize, void* ctx){ + a5_1_init(ctx,key, keysize, NULL, 0); +} + + + +void testrun_nessie_a51(void){ + nessie_stream_ctx.outsize_b = 8; /* actually unused */ + nessie_stream_ctx.keysize_b = 64; + nessie_stream_ctx.ivsize_b = 64; + nessie_stream_ctx.name = cipher_name; + nessie_stream_ctx.ctx_size_B = sizeof(a5_1_ctx_t); + nessie_stream_ctx.cipher_genctx = (nessie_stream_genctx_fpt)a51_genctx_dummy; + nessie_stream_ctx.cipher_enc = (nessie_stream_genenc_fpt)a5_1_gen; + + nessie_stream_run(); +} + + + +/***************************************************************************** + * main * + *****************************************************************************/ + +int main (void){ + char str[20]; + DEBUG_INIT(); + uart_putstr("\r\n"); + + uart_putstr_P(PSTR("\r\n\r\nCrypto-VS (")); + uart_putstr(cipher_name); + uart_putstr_P(PSTR(")\r\nloaded and running\r\n")); + +restart: + while(1){ + if (!getnextwordn(str,20)) {DEBUG_S("DBG: W1\r\n"); goto error;} + if (strcmp(str, "nessie")) {DEBUG_S("DBG: 1b\r\n"); goto error;} + testrun_nessie_a51(); + goto restart; + continue; + error: + uart_putstr("ERROR\r\n"); + } + + +} + -- 2.39.2 From 5ac75cfae217122b540c1a6d258054230dc534c3 Mon Sep 17 00:00:00 2001 From: bg Date: Tue, 25 Nov 2008 01:23:22 +0000 Subject: [PATCH 02/16] new MD5 ins ASM with C (working on pure ASM implementation) plus enhancments in asm Macros small changes in MD5 C-implementation (migth be a little faster) little bug fixed in Nessie-Hash-Test --- Makefile | 20 +- arcfour.c | 10 +- arcfour.h | 40 +-- avr-asm-macros.S | 4 +- avr-makefile.inc | 4 +- config.h | 8 +- md5-asm.S | 521 ++++++++++++++++++++++++++++++++++++ md5-stub.c | 135 ++++++++++ md5.c | 27 +- mkfiles/md5_asm.mk | 12 + sha256-asm.S | 14 +- test_src/cli.c | 6 +- test_src/main-md5-test.c | 13 +- test_src/nessie_hash_test.c | 16 +- test_src/performance_test.c | 4 +- test_src/uart.c | 3 + 16 files changed, 769 insertions(+), 68 deletions(-) create mode 100644 md5-asm.S create mode 100644 md5-stub.c create mode 100644 mkfiles/md5_asm.mk diff --git a/Makefile b/Makefile index 57abdad..359e592 100644 --- a/Makefile +++ b/Makefile @@ -14,15 +14,18 @@ include mkfiles/*.mk ALGORITHMS = $(BLOCK_CIPHERS) $(STREAM_CIPHERS) $(HASHES) $(PRNGS) $(MACS) ALGORITHMS_OBJ = $(patsubst %,%_OBJ, $(ALGORITHMS)) +ALGORITHMS_TEST_BIN = $(patsubst %,%_TEST_BIN, $(ALGORITHMS)) + define OBJinBINDIR_TEMPLATE $(1) = $(2) endef + $(foreach a, $(ALGORITHMS_OBJ), $(eval $(call OBJinBINDIR_TEMPLATE, $(a), $(patsubst %.o,$(BIN_DIR)%.o,$($(a)))))) -ALGORITHMS_TEST_BIN = $(patsubst %,%_TEST_BIN, $(ALGORITHMS)) + $(foreach a, $(ALGORITHMS_TEST_BIN), $(eval $(call OBJinBINDIR_TEMPLATE, $(a), $(patsubst %.o,$(TESTBIN_DIR)%.o,$($(a)))))) -ALGORITHMS_TEST_BIN_IMM = $(foreach a, $(ALGORITHMS_TEST_BIN), $($(a))) +#ALGORITHMS_TEST_BIN_IMM = $(foreach a, $(ALGORITHMS_TEST_BIN), $($(a))) ALGORITHMS_NESSIE_TEST = $(patsubst %,%_NESSIE_TEST, $(ALGORITHMS)) ALGORITHMS_PERFORMANCE_TEST = $(patsubst %,%_PERORMANCE_TEST, $(ALGORITHMS)) @@ -73,7 +76,7 @@ info: @echo " $(MACS)" @echo " PRNG functions:" @echo " $(PRNGS)" -# @echo " ALGORITHMS_TEST_BIN" +# @echo " ALGORITHMS_TEST_BIN:" # @echo " $(ALGORITHMS_TEST_BIN)" # @echo " ALGORITHMS_TEST_TARGET_ELF:" # @echo " $(ALGORITHMS_TEST_TARGET_ELF)" @@ -116,6 +119,15 @@ endef $(foreach algo, $(ALGORITHMS), $(eval $(call OBJ_TEMPLATE, $(algo), $($(algo)_OBJ)))) + +#------------------------------------------------------------------------------- + +define TESTBIN_TEMPLATE +$(1)_TEST_BIN: $(2) +endef + +$(foreach algo, $(ALGORITHMS), $(eval $(call TESTBIN_TEMPLATE, $(algo), $($(algo)_TEST_BIN)))) + #------------------------------------------------------------------------------- $(BLOCK_CIPHERS_OBJ): $(patsubst %,%_OBJ, $(BLOCK_CIPHERS)) @@ -124,8 +136,6 @@ $(HASHES_OBJ): $(patsubst %,%_OBJ, $(HASHES)) $(PRNGS_OBJ): $(patsubst %,%_OBJ, $(PRNGS)) $(MACS_OBJ): $(patsubst %,%_OBJ, $(MACS)) -$(ALGORITHMS_TEST_BIN): $(ALGORITHMS_TEST_BIN_IMM) - #------------------------------------------------------------------------------- define SIZE_TEMPLATE diff --git a/arcfour.c b/arcfour.c index 93b2e26..5dcb84f 100644 --- a/arcfour.c +++ b/arcfour.c @@ -16,16 +16,16 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ -/* +/* * File: arcfour.c * Author: Daniel Otte * email: daniel.otte@rub.de * Date: 2006-06-07 * License: GPLv3 or later * Description: Implementation of the ARCFOUR (RC4 compatible) stream cipher algorithm. - * + * */ - + #include #include "arcfour.h" @@ -38,7 +38,7 @@ void arcfour_init(const void *key, uint8_t length_B, arcfour_ctx_t *ctx){ uint16_t x,y=0; for(x=0; x<= 255; ++x) ctx->s[x]=x; - + for(x=0; x<= 255; ++x){ y += ctx->s[x] + ((uint8_t*)key)[x % length_B]; y &= 0xff; @@ -46,7 +46,7 @@ void arcfour_init(const void *key, uint8_t length_B, arcfour_ctx_t *ctx){ t = ctx->s[y]; ctx->s[y] = ctx->s[x]; ctx->s[x] = t; - } + } ctx->i = ctx->j = 0; } diff --git a/arcfour.h b/arcfour.h index 23fb458..9adf28d 100644 --- a/arcfour.h +++ b/arcfour.h @@ -16,29 +16,29 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ -/* +/* * File: arcfour.h * Author: Daniel Otte * Date: 2006-06-07 * License: GPLv3+ - * Description: Implementation of the ARCFOUR (RC4 compatible) stream cipher algorithm. + * Description: Implementation of the ARCFOUR (RC4 compatible) stream cipher algorithm. */ - -/** + +/** * \file arcfour.h * \author Daniel Otte * \date 2006-06-07 * \license GPLv3+ - * \brief Implementation of the ARCFOUR (RC4 compatible) stream cipher algorithm. - * + * \brief Implementation of the ARCFOUR (RC4 compatible) stream cipher algorithm. + * * This header file defines the interface of the ARCFOUR cipher implementation. - * + * * This implementation aims to be compatible with the ARCFOUR description - * availabe at + * available at * http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt */ - - + + #ifndef ARCFOUR_H_ #define ARCFOUR_H_ @@ -46,46 +46,46 @@ /** \typedef arcfour_ctx_t * \brief type for arcfour context - * + * * A variable of this type may contain a complete ARCFOUR context. * The context is used to store the state of the cipher and gets * created by the arcfour_init(arcfour_ctx_t *c, uint8_t *key, uint8_t length_B) * function. The context is of the fixed size of 258 bytes */ - + /** \struct arcfour_ctx_st * \brief base for ::arcfour_ctx_t - * + * * The struct holds the two indices and the S-Box */ typedef struct arcfour_ctx_st { uint8_t i,j; uint8_t s[256]; } arcfour_ctx_t; - + /** \fn void arcfour_init(arcfour_ctx_t *ctx, void *key, uint8_t length_B) * \brief setup a context with a key - * + * * This function sets up a ::arcfour_ctx_t context using * the supplied key of the given length. * \param ctx pointer to the context * \param key pointer to the key * \param length_B length of the key in bytes (between 1 and 255) */ - + void arcfour_init(const void *key, uint8_t length_B, arcfour_ctx_t *ctx); /** \fn uint8_t arcfour_gen(arcfour_ctx_t *ctx) * \brief generates a byte of keystream - * + * * This function generates the next byte of keystream - * from the supplied ::arcfour_ctx_t context which is updated acordingly - * + * from the supplied ::arcfour_ctx_t context which is updated accordingly + * * \param ctx pointer to the context * \return byte of keystream */ - + uint8_t arcfour_gen(arcfour_ctx_t *ctx); #endif diff --git a/avr-asm-macros.S b/avr-asm-macros.S index 2acb4a1..f878be8 100644 --- a/avr-asm-macros.S +++ b/avr-asm-macros.S @@ -67,8 +67,8 @@ sbiw \reg1, \size cli out _SFR_IO_ADDR(SPH), \reg2 - out _SFR_IO_ADDR(SPL), \reg1 out _SFR_IO_ADDR(SREG), r0 + out _SFR_IO_ADDR(SPL), \reg1 .endm .macro stack_free size:req, reg1=r30, reg2=r31 @@ -78,8 +78,8 @@ adiw \reg1, \size cli out _SFR_IO_ADDR(SPH), \reg2 - out _SFR_IO_ADDR(SPL), \reg1 out _SFR_IO_ADDR(SREG), r0 + out _SFR_IO_ADDR(SPL), \reg1 .endm /******************************************************************************* diff --git a/avr-makefile.inc b/avr-makefile.inc index ac8e647..08457a3 100644 --- a/avr-makefile.inc +++ b/avr-makefile.inc @@ -1,9 +1,9 @@ -OBJ = $(SERPENT_OBJ) MCU_TARGET = atmega644 OPTIMIZE = -Os DEFS = -D$(call uc, $(MCU_TARGET)) FLASHCMD = avrdude -p $(MCU_TARGET) -P /dev/ttyUSB0 -c avr911 -U flash:w:# no space at the end +#FLASHCMD = avrdude -p $(MCU_TARGET) -c usbasp -U flash:w:# no space at the end DEP_DIR = deps/ BIN_DIR = bin/ TESTBIN_DIR = test_bin/ @@ -21,7 +21,7 @@ CC = avr-gcc override CFLAGS = -MMD -MF$(DEP_DIR)$(patsubst %.c,%.d,$(patsubst $(TESTSRC_DIR)%,%,$<)) -I. -gdwarf-2 -pedantic -std=c99 -Wall -Wstrict-prototypes $(OPTIMIZE) -mmcu=$(MCU_TARGET) $(DEFS) override LDFLAGS = -gdwarf-2 -Wl,-Map, -override ASFLAGS = -mmcu=$(MCU_TARGET) -gdwarf-2 +override ASFLAGS = -mmcu=$(MCU_TARGET) -Wa,--gdwarf-2 SIZESTAT_FILE = sizestats.txt diff --git a/config.h b/config.h index 06548bd..529ff51 100644 --- a/config.h +++ b/config.h @@ -20,13 +20,17 @@ #define __CONFIG_H__ #include + #define F_CPU 16000000 /* Oszillator-Frequenz in Hz */ +// #define F_CPU 14745600 + + #define DEBUG uart /* uart.[ch] defines */ #define UART_INTERRUPT 1 -#define UART_BAUD_RATE 38400 +#define UART_BAUD_RATE 9600 #define UART_RXBUFSIZE 16 #define UART_TXBUFSIZE 16 #define UART_LINE_BUFFER_SIZE 40 @@ -41,8 +45,6 @@ #define UART_CTS_BIT 1 */ -//#define ATMEGA644 /* this is now done by make */ - #define CLI_AUTO_HELP #endif diff --git a/md5-asm.S b/md5-asm.S new file mode 100644 index 0000000..ee5f942 --- /dev/null +++ b/md5-asm.S @@ -0,0 +1,521 @@ +/* md5-asm.S */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * Author: Daniel Otte + * License: GPLv3 or later + * Date: 2008-11-15 +*/ + +.include "avr-asm-macros.S" + +;########################################################### +; S-BOX + +T_table: +.hword 0xa478, 0xd76a, 0xb756, 0xe8c7, 0x70db, 0x2420, 0xceee, 0xc1bd, 0x0faf, 0xf57c +.hword 0xc62a, 0x4787, 0x4613, 0xa830, 0x9501, 0xfd46, 0x98d8, 0x6980, 0xf7af, 0x8b44 +.hword 0x5bb1, 0xffff, 0xd7be, 0x895c, 0x1122, 0x6b90, 0x7193, 0xfd98, 0x438e, 0xa679 +.hword 0x0821, 0x49b4, 0x2562, 0xf61e, 0xb340, 0xc040, 0x5a51, 0x265e, 0xc7aa, 0xe9b6 +.hword 0x105d, 0xd62f, 0x1453, 0x0244, 0xe681, 0xd8a1, 0xfbc8, 0xe7d3, 0xcde6, 0x21e1 +.hword 0x07d6, 0xc337, 0x0d87, 0xf4d5, 0x14ed, 0x455a, 0xe905, 0xa9e3, 0xa3f8, 0xfcef +.hword 0x02d9, 0x676f, 0x4c8a, 0x8d2a, 0x3942, 0xfffa, 0xf681, 0x8771, 0x6122, 0x6d9d +.hword 0x380c, 0xfde5, 0xea44, 0xa4be, 0xcfa9, 0x4bde, 0x4b60, 0xf6bb, 0xbc70, 0xbebf +.hword 0x7ec6, 0x289b, 0x27fa, 0xeaa1, 0x3085, 0xd4ef, 0x1d05, 0x0488, 0xd039, 0xd9d4 +.hword 0x99e5, 0xe6db, 0x7cf8, 0x1fa2, 0x5665, 0xc4ac, 0x2244, 0xf429, 0xff97, 0x432a +.hword 0x23a7, 0xab94, 0xa039, 0xfc93, 0x59c3, 0x655b, 0xcc92, 0x8f0c, 0xf47d, 0xffef +.hword 0x5dd1, 0x8584, 0x7e4f, 0x6fa8, 0xe6e0, 0xfe2c, 0x4314, 0xa301, 0x11a1, 0x4e08 +.hword 0x7e82, 0xf753, 0xf235, 0xbd3a, 0xd2bb, 0x2ad7, 0xd391, 0xeb86 + + +#define MD5_init_fast + +.global md5_init +#ifndef MD5_init_fast +;########################################################### +;void md5_init(md5_ctx_t *state) +; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram +; modifys: Z(r30,r31), X(r25,r26) +; size = 9+5*4 WORDS = 29 WORDS = 58 Bytes +md5_init: + movw r26, r24 ; (24,25) --> (26,27) load X with param1 + ldi r30, lo8(md5_init_vector) + ldi r31, hi8(md5_init_vector) + ldi r24, 16+4 +md5_init_vloop: + lpm r0, Z+ + st X+, r0 + dec r24 + brne md5_init_vloop + ret + +md5_init_vector: +.hword 0x2301, 0x6745 +.hword 0xAB89, 0xEFCD +.hword 0xDCFE, 0x98BA +.hword 0x5476, 0x1032 +.hword 0x0000, 0x0000 + +#else +;########################################################### +.global md5_init_fast +;void md5_init(md5_ctx_t *state) +; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram +; modifys: r23, r22 +; cycles = 1+16*3+4*2+4 = 1+48+12 = 61 +; size = 1+16*2+4+1 WORDS = 38 WORDS = 76 Bytes +md5_init: +md5_init_fast: + movw r26, r24 + ldi r24, 0x01 + st X+, r24 + ldi r24, 0x23 + st X+, r24 + ldi r24, 0x45 + st X+, r24 + ldi r24, 0x67 + st X+, r24 + ldi r24, 0x89 + st X+, r24 + ldi r24, 0xAB + st X+, r24 + ldi r24, 0xCD + st X+, r24 + ldi r24, 0xEF + st X+, r24 + ldi r24, 0xFE + st X+, r24 + ldi r24, 0xDC + st X+, r24 + ldi r24, 0xBA + st X+, r24 + ldi r24, 0x98 + st X+, r24 + ldi r24, 0x76 + st X+, r24 + ldi r24, 0x54 + st X+, r24 + ldi r24, 0x32 + st X+, r24 + ldi r24, 0x10 + st X+, r24 + st X+, r1 + st X+, r1 + st X+, r1 + st X+, r1 + ret +#endif +;########################################################### + +/* +static +uint32_t md5_F(uint32_t x, uint32_t y, uint32_t z){ + return ((x&y)|((~x)&z)); +} +*/ +; x: r22-r25 +; y: r18-r21 +; z: r14-r17 +md5_F: + and r18, r22 + and r19, r23 + and r20, r24 + and r21, r25 + com r22 + com r23 + com r24 + com r25 + and r22, r14 + and r23, r15 + and r24, r16 + and r25, r17 + or r22, r18 + or r23, r19 + or r24, r20 + or r25, r21 + rjmp md5_core_F_exit + +/* +static +uint32_t md5_G(uint32_t x, uint32_t y, uint32_t z){ + return ((x&z)|((~z)&y)); +} +*/ + +; x: r22-r25 +; y: r18-r21 +; z: r14-r17 +md5_G: + and r22, r14 + and r23, r15 + and r24, r16 + and r25, r17 + com r14 + com r15 + com r16 + com r17 + and r18, r14 + and r19, r15 + and r20, r16 + and r21, r17 + or r22, r18 + or r23, r19 + or r24, r20 + or r25, r21 + rjmp md5_core_F_exit +/* +static +uint32_t md5_H(uint32_t x, uint32_t y, uint32_t z){ + return (x^y^z); +} +*/ +; x: r22-r25 +; y: r18-r21 +; z: r14-r17 +md5_H: + eor r22, r18 + eor r22, r14 + eor r23, r19 + eor r23, r15 + eor r24, r20 + eor r24, r16 + eor r25, r21 + eor r25, r17 + rjmp md5_core_F_exit +/* +static +uint32_t md5_I(uint32_t x, uint32_t y, uint32_t z){ + return (y ^ (x | (~z))); +} +*/ + +jump_table: + rjmp md5_F + rjmp md5_G + rjmp md5_H +; rjmp md5_I + +; x: r22-r25 +; y: r18-r21 +; z: r14-r17 +md5_I: + com r14 + com r15 + com r16 + com r17 + or r22, r14 + or r23, r15 + or r24, r16 + or r25, r17 + eor r22, r18 + eor r23, r19 + eor r24, r20 + eor r25, r21 + rjmp md5_core_F_exit + +as_table: +; (as+0)&3 (as+3)&3 (as+1)&3 (as+2)&3 +; Z X Y +; AS_SAVE0 AS_SAVE1 AS_SAVE2 AS_SAVE3 +.byte 1*4, 0*4, 2*4, 3*4 ;as=1 +.byte 2*4, 1*4, 3*4, 0*4 ;as=2 +.byte 3*4, 2*4, 0*4, 1*4 ;as=3 +.byte 0*4, 3*4, 1*4, 2*4 ;as=4 + +;########################################################### +.global md5_core +md5_core: + mov r21, r20 + mov r20, r18 + mov r19, r16 + mov r18, r14 +; rjmp md5_core_asm +/* +void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi){ + uint32_t t; + md5_func_t* funcs[]={md5_F, md5_G, md5_H, md5_I}; + as &= 0x3; + / * a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). * / + t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + *((uint32_t*)block) + md5_T[i] ; + a[as]=a[(as+1)&3] + ROTL32(t, s); +} +*/ +; a: r24-r25 +; block: r22-r23 +; as: r21 +; s: r20 +; i: r19 +; fi: r18 +P_A0 = 24 +P_A1 = 25 +P_B0 = 22 +P_B1 = 23 +P_AS = 21 +P_S = 20 +P_I = 19 +P_FI = 18 + +; x: r22-r25 +; y: r18-r21 +; z: r14-r17 + + +AS_SAVE0 = 4 +AS_SAVE1 = 5 +AS_SAVE2 = 6 +AS_SAVE3 = 7 +FI_SAVE = 8 +S_SAVE = 9 +ACCU0 = 10 +ACCU1 = 11 +ACCU2 = 12 +ACCU3 = 13 +ARG_X0 = 22 +ARG_X1 = 23 +ARG_X2 = 24 +ARG_X3 = 25 +ARG_Y0 = 18 +ARG_Y1 = 19 +ARG_Y2 = 20 +ARG_Y3 = 21 +ARG_Z0 = 14 +ARG_Z1 = 15 +ARG_Z2 = 16 +ARG_Z3 = 17 + + +md5_core_asm: + push r28 + push r29 + push_range 4, 17 + ldi r30, lo8(T_table) + ldi r31, hi8(T_table) + lsl P_I + rol r1 + lsl P_I + rol r1 + add r30, P_I + adc r31, r1 + clr r1 + mov FI_SAVE, r18 + /* loading T[i] into ACCU */ + lpm ACCU0, Z+ + lpm ACCU1, Z+ + lpm ACCU2, Z+ + lpm ACCU3, Z + /* add *block to ACCU */ + movw r30, P_B0 + ld r0, Z+ + add ACCU0, r0 + ld r0, Z+ + adc ACCU1, r0 + ld r0, Z+ + adc ACCU2, r0 + ld r0, Z+ + adc ACCU3, r0 + /* add a[as+0&3] to ACCU */ + ldi r30, lo8(as_table) + ldi r31, hi8(as_table) + dec P_AS + andi P_AS, 0x03 + lsl P_AS + lsl P_AS + add r30, r21 + adc r31, r1 ; Z points to the correct row in as_table + lpm AS_SAVE0, Z+ + lpm AS_SAVE1, Z+ + lpm AS_SAVE2, Z+ + lpm AS_SAVE3, Z + movw r26, r24 ; X points to a[0] + add r26, AS_SAVE0 + adc r27, r1 ; X points at a[as&3] + ld r0, X+ + add ACCU0, r0 + ld r0, X+ + adc ACCU1, r0 + ld r0, X+ + adc ACCU2, r0 + ld r0, X+ + adc ACCU3, r0 + mov S_SAVE, r20 + + movw r28, r24 + /* loading z value */ + movw r26, r28 + add r26, AS_SAVE1 + adc r27, r1 + ld ARG_Z0, X+ + ld ARG_Z1, X+ + ld ARG_Z2, X+ + ld ARG_Z3, X + + /* loading x value */ + movw r26, r28 + add r26, AS_SAVE2 + adc r27, r1 + ld ARG_X0, X+ + ld ARG_X1, X+ + ld ARG_X2, X+ + ld ARG_X3, X + + /* loading y value */ + movw r26, r28 + add r26, AS_SAVE3 + adc r27, r1 + ldi r30, pm_lo8(jump_table) + ldi r31, pm_hi8(jump_table) + add r30, FI_SAVE + adc r31, r1 ; Z points to the correct entry in our jump table + ld ARG_Y0, X+ + ld ARG_Y1, X+ + ld ARG_Y2, X+ + ld ARG_Y3, X + + ijmp /* calls the function pointed by Z */ +md5_core_F_exit: + + /* add ACCU to result of f() */ + add r22, ACCU0 + adc r23, ACCU1 + adc r24, ACCU2 + adc r25, ACCU3 + + /* rotate */ + mov r20, S_SAVE +rotl32: + cpi r20, 8 + brlo bitrotl + mov r21, r25 + mov r25, r24 + mov r24, r23 + mov r23, r22 + mov r22, r21 + subi r20, 8 + rjmp rotl32 +bitrotl: + mov r21, r25 +bitrotl_loop: + tst r20 + breq fixrotl +bitrotl_loop2: + lsl r21 + rol r22 + rol r23 + rol r24 + rol r25 + dec r20 + brne bitrotl_loop2 +fixrotl: + + /* add a[(as+1)&3] */ + movw r26, r28 + add r26, AS_SAVE2 + adc r27, r1 + ld r0, X+ + add r22, r0 + ld r0, X+ + adc r23, r0 + ld r0, X+ + adc r24, r0 + ld r0, X + adc r25, r0 + + /* store result */ + movw r26, r28 + add r26, AS_SAVE0 + adc r27, r1 + st X+, r22 + st X+, r23 + st X+, r24 + st X , r25 +md5_core_exit: + pop_range 4, 17 + pop r29 + pop r28 + ret + +;################################################################### +/* +void md5_nextBlock(md5_ctx_t *state, void* block){ + uint32_t a[4]; + uint8_t m,n,i=0; + + a[0]=state->a[0]; + a[1]=state->a[1]; + a[2]=state->a[2]; + a[3]=state->a[3]; + + / * round 1 * / + uint8_t s1t[]={7,12,17,22}; // 1,-1 1,4 2,-1 3,-2 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[m*4+n]), 4-n, s1t[n],i++,0); + } + } + / * round 2 * / + uint8_t s2t[]={5,9,14,20}; // 1,-3 1,1 2,-2 2,4 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[(1+m*4+n*5)&0xf]), 4-n, s2t[n],i++,1); + } + } + / * round 3 * / + uint8_t s3t[]={4,11,16,23}; // 0,4 1,3 2,0 3,-1 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[(5-m*4+n*3)&0xf]), 4-n, s3t[n],i++,2); + } + } + / * round 4 * / + uint8_t s4t[]={6,10,15,21}; // 1,-2 1,2 2,-1 3,-3 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[(0-m*4+n*7)&0xf]), 4-n, s4t[n],i++,3); + } + } + state->a[0] += a[0]; + state->a[1] += a[1]; + state->a[2] += a[2]; + state->a[3] += a[3]; + state->counter++; +} +*/ +/* +shift_table: + .byte 7,12,17,22 + .byte 5, 9,14,20 + .byte 4,11,16,23 + .byte 6,10,15,21 + +md5_nextBlock: + stack_alloc 4*4 + + + + + stack_free 4*4 + + +*/ + + + + + + + diff --git a/md5-stub.c b/md5-stub.c new file mode 100644 index 0000000..f9fb945 --- /dev/null +++ b/md5-stub.c @@ -0,0 +1,135 @@ +/* md5-asm.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + #include "md5.h" + #include "uart.h" + #include + #include + + #undef DEBUG + +void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi); + +/* +#define ROTL32(x,n) (((x)<<(n)) | ((x)>>(32-(n)))) + +static +void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi){ + uint32_t t; + md5_func_t* funcs[]={md5_F, md5_G, md5_H, md5_I}; + as &= 0x3; + // * a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). * / +#ifdef DEBUG + char funcc[]={'*', '-', '+', '~'}; + uart_putstr("\r\n DBG: md5_core ["); + uart_putc(funcc[fi]); + uart_hexdump(&as, 1); uart_putc(' '); + uart_hexdump(&k, 1); uart_putc(' '); + uart_hexdump(&s, 1); uart_putc(' '); + uart_hexdump(&i, 1); uart_putc(']'); +#endif + t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + *((uint32_t*)block) + md5_T[i] ; + a[as]=a[(as+1)&3] + ROTL32(t, s); +} +*/ + + +void md5_nextBlock(md5_ctx_t *state, void* block){ + uint32_t a[4]; + uint8_t m,n,i=0; + /* this requires other mixed sboxes */ +#ifdef DEBUG + uart_putstr("\r\n DBG: md5_nextBlock: block:\r\n"); + uart_hexdump(block, 16); uart_putstr("\r\n"); + uart_hexdump(block+16, 16); uart_putstr("\r\n"); + uart_hexdump(block+32, 16); uart_putstr("\r\n"); + uart_hexdump(block+48, 16); uart_putstr("\r\n"); +#endif + + a[0]=state->a[0]; + a[1]=state->a[1]; + a[2]=state->a[2]; + a[3]=state->a[3]; + + /* round 1 */ + uint8_t s1t[]={7,12,17,22}; // 1,-1 1,4 2,-1 3,-2 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[m*4+n]), 4-n, s1t[n],i++,0); + } + } + /* round 2 */ + uint8_t s2t[]={5,9,14,20}; // 1,-3 1,1 2,-2 2,4 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[(1+m*4+n*5)&0xf]), 4-n, s2t[n],i++,1); + } + } + /* round 3 */ + uint8_t s3t[]={4,11,16,23}; // 0,4 1,3 2,0 3,-1 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[(5-m*4+n*3)&0xf]), 4-n, s3t[n],i++,2); + } + } + /* round 4 */ + uint8_t s4t[]={6,10,15,21}; // 1,-2 1,2 2,-1 3,-3 + for(m=0;m<4;++m){ + for(n=0;n<4;++n){ + md5_core(a, &(((uint32_t*)block)[(0-m*4+n*7)&0xf]), 4-n, s4t[n],i++,3); + } + } + state->a[0] += a[0]; + state->a[1] += a[1]; + state->a[2] += a[2]; + state->a[3] += a[3]; + state->counter++; +} + +void md5_lastBlock(md5_ctx_t *state, void* block, uint16_t length_b){ + uint16_t l; + uint8_t b[64]; + while (length_b >= 512){ + md5_nextBlock(state, block); + length_b -= 512; + block = ((uint8_t*)block) + 512/8; + } + memset(b, 0, 64); + memcpy(b, block, length_b/8); + /* insert padding one */ + l=length_b/8; + if(length_b%8){ + uint8_t t; + t = ((uint8_t*)block)[l]; + t |= (0x80>>(length_b%8)); + b[l]=t; + }else{ + b[l]=0x80; + } + /* insert length value */ + if(l+sizeof(uint64_t) >= 512/8){ + md5_nextBlock(state, b); + state->counter--; + memset(b, 0, 64); + } + *((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b; + md5_nextBlock(state, b); +} + + diff --git a/md5.c b/md5.c index 88f4f68..c995b2a 100644 --- a/md5.c +++ b/md5.c @@ -40,19 +40,23 @@ void md5_init(md5_ctx_t *s){ s->a[2] = 0x98badcfe; s->a[3] = 0x10325476; } - + +static uint32_t md5_F(uint32_t x, uint32_t y, uint32_t z){ return ((x&y)|((~x)&z)); } +static uint32_t md5_G(uint32_t x, uint32_t y, uint32_t z){ return ((x&z)|((~z)&y)); } +static uint32_t md5_H(uint32_t x, uint32_t y, uint32_t z){ return (x^y^z); } +static uint32_t md5_I(uint32_t x, uint32_t y, uint32_t z){ return (y ^ (x | (~z))); } @@ -61,7 +65,8 @@ typedef uint32_t md5_func_t(uint32_t, uint32_t, uint32_t); #define ROTL32(x,n) (((x)<<(n)) | ((x)>>(32-(n)))) -void md5_core(uint32_t* a, uint8_t as, void* block, uint8_t k, uint8_t s, uint8_t i, uint8_t fi){ +static +void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi){ uint32_t t; md5_func_t* funcs[]={md5_F, md5_G, md5_H, md5_I}; as &= 0x3; @@ -75,7 +80,7 @@ void md5_core(uint32_t* a, uint8_t as, void* block, uint8_t k, uint8_t s, uint8_ uart_hexdump(&s, 1); uart_putc(' '); uart_hexdump(&i, 1); uart_putc(']'); #endif - t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + ((uint32_t*)block)[k] + md5_T[i] ; + t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + *((uint32_t*)block) + md5_T[i] ; a[as]=a[(as+1)&3] + ROTL32(t, s); } @@ -97,31 +102,31 @@ void md5_nextBlock(md5_ctx_t *state, void* block){ a[3]=state->a[3]; /* round 1 */ - uint8_t s1t[]={7,12,17,22}; + uint8_t s1t[]={7,12,17,22}; // 1,-1 1,4 2,-1 3,-2 for(m=0;m<4;++m){ for(n=0;n<4;++n){ - md5_core(a, 4-n, block, m*4+n, s1t[n],i++,0); + md5_core(a, &(((uint32_t*)block)[m*4+n]), 4-n, s1t[n],i++,0); } } /* round 2 */ - uint8_t s2t[]={5,9,14,20}; + uint8_t s2t[]={5,9,14,20}; // 1,-3 1,1 2,-2 2,4 for(m=0;m<4;++m){ for(n=0;n<4;++n){ - md5_core(a, 4-n, block, (1+m*4+n*5)&0xf, s2t[n],i++,1); + md5_core(a, &(((uint32_t*)block)[(1+m*4+n*5)&0xf]), 4-n, s2t[n],i++,1); } } /* round 3 */ - uint8_t s3t[]={4,11,16,23}; + uint8_t s3t[]={4,11,16,23}; // 0,4 1,3 2,0 3,-1 for(m=0;m<4;++m){ for(n=0;n<4;++n){ - md5_core(a, 4-n, block, (5-m*4+n*3)&0xf, s3t[n],i++,2); + md5_core(a, &(((uint32_t*)block)[(5-m*4+n*3)&0xf]), 4-n, s3t[n],i++,2); } } /* round 4 */ - uint8_t s4t[]={6,10,15,21}; + uint8_t s4t[]={6,10,15,21}; // 1,-2 1,2 2,-1 3,-3 for(m=0;m<4;++m){ for(n=0;n<4;++n){ - md5_core(a, 4-n, block, (0-m*4+n*7)&0xf, s4t[n],i++,3); + md5_core(a, &(((uint32_t*)block)[(0-m*4+n*7)&0xf]), 4-n, s4t[n],i++,3); } } state->a[0] += a[0]; diff --git a/mkfiles/md5_asm.mk b/mkfiles/md5_asm.mk new file mode 100644 index 0000000..8cba137 --- /dev/null +++ b/mkfiles/md5_asm.mk @@ -0,0 +1,12 @@ +# Makefile for MD5 +ALGO_NAME := MD5_ASM + +# comment out the following line for removement of MD5 from the build process +HASHES += $(ALGO_NAME) + +$(ALGO_NAME)_OBJ := md5-asm.o md5-stub.o +$(ALGO_NAME)_TEST_BIN := main-md5-test.o debug.o uart.o serial-tools.o \ + nessie_hash_test.o nessie_common.o cli.o performance_test.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" + diff --git a/sha256-asm.S b/sha256-asm.S index 403506e..6795604 100644 --- a/sha256-asm.S +++ b/sha256-asm.S @@ -919,24 +919,18 @@ sha256_kv: ; round-key-vector stored in ProgMem ; state->length=0; ; memcpy(state->h, sha256_init_vector, 8*4); ;} -; param1: (Func3,r24) 16-bit pointer to sha256_ctx_t struct in ram +; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram ; modifys: Z(r30,r31), Func1, r22 sha256_init: movw r26, r24 ; (24,25) --> (26,27) load X with param1 ldi r30, lo8((sha256_init_vector)) ldi r31, hi8((sha256_init_vector)) - ldi r22, 32 + ldi r22, 32+8 sha256_init_vloop: lpm r23, Z+ st X+, r23 dec r22 brne sha256_init_vloop - ldi r22, 8 - clr r1 ;this should not be needed -sha256_init_lloop: - st X+, r1 - dec r22 - brne sha256_init_lloop ret sha256_init_vector: @@ -948,6 +942,8 @@ sha256_init_vector: .word 0x688C, 0x9B05 .word 0xD9AB, 0x1F83 .word 0xCD19, 0x5BE0 +.word 0x0000, 0x0000 +.word 0x0000, 0x0000 ;########################################################### @@ -968,7 +964,7 @@ rotl32: mov r23, r22 mov r22, r21 subi r20, 8 - rjmp rotr32 + rjmp rotl32 bitrotl: clr r21 clc diff --git a/test_src/cli.c b/test_src/cli.c index e8ed063..37bbb25 100644 --- a/test_src/cli.c +++ b/test_src/cli.c @@ -80,9 +80,11 @@ int16_t execcommand_d0_P(const char* str, PGM_P v, void(*fpt[])(void) ){ if(i!=-1){ if(fpt[i]) fpt[i](); + return i; + }else{ + cli_auto_help_P(v); + return -1; } - cli_auto_help_P(v); - return -1; } diff --git a/test_src/main-md5-test.c b/test_src/main-md5-test.c index 490ee48..c3e40da 100644 --- a/test_src/main-md5-test.c +++ b/test_src/main-md5-test.c @@ -85,7 +85,12 @@ void testrun_nessie_md5(void){ void testrun_md5(void){ md5_ctx_t s; - char* testv[]={"", "a", "abc", "message digest", "abcdefghijklmnopqrstuvwxyz", + char* testv[]={ + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; uint8_t i; @@ -94,10 +99,10 @@ void testrun_md5(void){ for(i=0; i<7; ++i){ uart_putstr("\r\n MD5 (\""); uart_putstr(testv[i]); - uart_putstr("\") = \r\n"); + uart_putstr("\") = \r\n\t"); md5_init(&s); md5_lastBlock(&s, testv[i], strlen(testv[i])*8); - uart_hexdump(&s.a[0], 16); + uart_hexdump(&(s.a[0]), 16); } } @@ -141,7 +146,7 @@ void testrun_performance_md5(void){ /***************************************************************************** - * main * + * main * *****************************************************************************/ int main (void){ diff --git a/test_src/nessie_hash_test.c b/test_src/nessie_hash_test.c index a870b82..27b9892 100644 --- a/test_src/nessie_hash_test.c +++ b/test_src/nessie_hash_test.c @@ -151,12 +151,22 @@ static void tv4_hash(void){ uint8_t ctx[nessie_hash_ctx.ctx_size_B]; uint8_t hash[(nessie_hash_ctx.hashsize_b+7)/8]; - uint8_t block[256/8]; - uint16_t n=256; + uint8_t block[nessie_hash_ctx.hashsize_b/8]; + uint16_t n=nessie_hash_ctx.hashsize_b; uint32_t i; uart_putstr_P(PSTR("\r\n message=")); - uart_putstr(PSTR("256 zero bits")); + if(nessie_hash_ctx.hashsize_b>=10000) + uart_putc('0' + (nessie_hash_ctx.hashsize_b/10000)%10); + if(nessie_hash_ctx.hashsize_b>=1000) + uart_putc('0' + (nessie_hash_ctx.hashsize_b/1000)%10); + if(nessie_hash_ctx.hashsize_b>=100) + uart_putc('0' + (nessie_hash_ctx.hashsize_b/100)%10); + if(nessie_hash_ctx.hashsize_b>=10) + uart_putc('0' + (nessie_hash_ctx.hashsize_b/10)%10); + uart_putc('0' + nessie_hash_ctx.hashsize_b%10); + + uart_putstr_P(PSTR(" zero bits")); memset(block, 0, 256/8); nessie_hash_ctx.hash_init(ctx); diff --git a/test_src/performance_test.c b/test_src/performance_test.c index 04a26bd..5853c84 100644 --- a/test_src/performance_test.c +++ b/test_src/performance_test.c @@ -51,13 +51,13 @@ ISR(TIMER1_OVF_vect){ } void calibrateTimer(void){ + volatile uint8_t i; startTimer(1); stopTimer(); const_overhead = TCNT1; startTimer(1); TCNT1=0xFFFE; - ; ; ; ; -// asm volatile("NOP\n"::); asm volatile("NOP\n"::); + i++; stopTimer(); int_overhead = TCNT1; } diff --git a/test_src/uart.c b/test_src/uart.c index e35106c..cf952ed 100644 --- a/test_src/uart.c +++ b/test_src/uart.c @@ -33,6 +33,9 @@ #define UBRRH UBRR0H #define UBRRL UBRR0L #define URSEL UMSEL +#define USART_UDRE_vect USART0_UDRE_vect +#define USART_RXC_vect USART0_RX_vect +#define UCSRA UCSR0A #endif #ifdef ATMEGA644 -- 2.39.2 From e9d9457ed0ea1d8027bc68c28db14bc4caed1f91 Mon Sep 17 00:00:00 2001 From: bg Date: Tue, 25 Nov 2008 05:43:08 +0000 Subject: [PATCH 03/16] more ASM fun --- md5-asm.S | 256 ++++++++++++++++++++++++++++++++++++++++++++++++++--- md5-stub.c | 3 +- 2 files changed, 245 insertions(+), 14 deletions(-) diff --git a/md5-asm.S b/md5-asm.S index ee5f942..4932bb5 100644 --- a/md5-asm.S +++ b/md5-asm.S @@ -22,7 +22,8 @@ * Date: 2008-11-15 */ -.include "avr-asm-macros.S" + +#include "avr-asm-macros.S" ;########################################################### ; S-BOX @@ -495,23 +496,252 @@ void md5_nextBlock(md5_ctx_t *state, void* block){ state->counter++; } */ -/* -shift_table: - .byte 7,12,17,22 - .byte 5, 9,14,20 - .byte 4,11,16,23 - .byte 6,10,15,21 +shift_table_1: .byte 7,12,17,22 +shift_table_2: .byte 5, 9,14,20 +shift_table_3: .byte 4,11,16,23 +shift_table_4: .byte 6,10,15,21 + +index_table_r2: +;(1+m*4+n*5)&0xf: + .byte 0x04, 0x18, 0x2c, 0x00 + .byte 0x14, 0x28, 0x3c, 0x10 + .byte 0x24, 0x38, 0x0c, 0x20 + .byte 0x34, 0x08, 0x1c, 0x30 + +index_table_r3: +;(5-m*4+n*3)&0xf: + .byte 0x14, 0x20, 0x2c, 0x38 + .byte 0x04, 0x10, 0x1c, 0x28 + .byte 0x34, 0x00, 0x0c, 0x18 + .byte 0x24, 0x30, 0x3c, 0x08 + +index_table_r4: +;(0-m*4+n*7)&0xf: + .byte 0x00, 0x1c, 0x38, 0x14 + .byte 0x30, 0x0c, 0x28, 0x04 + .byte 0x20, 0x3c, 0x18, 0x34 + .byte 0x10, 0x2c, 0x08, 0x24 + +APTR_REG = 2 +BPTR_REG = 4 +N_REG = 6 +M_REG = 7 +I_REG = 8 +.global md5_nextBlock md5_nextBlock: - stack_alloc 4*4 - - - + stack_alloc 16 + push_range 2, 8 + push r16 + push r17 + push r24 + push r25 + adiw r30, 1 /* Z now points to the beginning of the allocated memory */ + movw r2, r30 + movw r4, r22 + movw r26, r24 + ldi r20, 16 +1: + ld r0, X+ + st Z+, r0 + dec r20 + brne 1b + /* state now copied to stack memory */ + clr I_REG + /* Round 1 */ + clr M_REG + ldi r17, 4 +1: + clr N_REG + ldi r16, 4 +2: + movw r24, APTR_REG + movw r22, BPTR_REG + mov r0, M_REG + lsl r0 + lsl r0 + add r0, N_REG + lsl r0 + lsl r0 + add r22, r0 + adc r23, r1 + mov r21, r16 + ldi r30, lo8(shift_table_1) + ldi r31, hi8(shift_table_1) + add r30, N_REG + adc r31, r1 + lpm r20, Z + mov r19, I_REG + ldi r18, 0 + rcall md5_core_asm + inc I_REG + inc N_REG + dec r16 + brne 2b + inc M_REG + dec r17 + brne 1b + + /* Round 2 */ + clr M_REG + ldi r17, 4 +1: + clr N_REG + ldi r16, 4 +2: + movw r24, APTR_REG + movw r22, BPTR_REG + ldi r30, lo8(index_table_r2) + ldi r31, hi8(index_table_r2) + mov r0, M_REG + lsl r0 + lsl r0 + add r0, N_REG + add r30, r0 + adc r31, r1 + lpm r0, Z + add r22, r0 + adc r23, r1 + mov r21, r16 + ldi r30, lo8(shift_table_2) + ldi r31, hi8(shift_table_2) + add r30, N_REG + adc r31, r1 + lpm r20, Z + mov r19, I_REG + ldi r18, 1 + rcall md5_core_asm + inc I_REG + inc N_REG + dec r16 + brne 2b + inc M_REG + dec r17 + brne 1b + + /* Round 3 */ + clr M_REG + ldi r17, 4 +1: + clr N_REG + ldi r16, 4 +2: + movw r24, APTR_REG + movw r22, BPTR_REG + ldi r30, lo8(index_table_r3) + ldi r31, hi8(index_table_r3) + mov r0, M_REG + lsl r0 + lsl r0 + add r0, N_REG + add r30, r0 + adc r31, r1 + lpm r0, Z + add r22, r0 + adc r23, r1 + mov r21, r16 + ldi r30, lo8(shift_table_3) + ldi r31, hi8(shift_table_3) + add r30, N_REG + adc r31, r1 + lpm r20, Z + mov r19, I_REG + ldi r18, 2 + rcall md5_core_asm + inc I_REG + inc N_REG + dec r16 + brne 2b + inc M_REG + dec r17 + brne 1b + + /* Round 4 */ + clr M_REG + ldi r17, 4 +1: + clr N_REG + ldi r16, 4 +2: + movw r24, APTR_REG + movw r22, BPTR_REG + ldi r30, lo8(index_table_r4) + ldi r31, hi8(index_table_r4) + mov r0, M_REG + lsl r0 + lsl r0 + add r0, N_REG + add r30, r0 + adc r31, r1 + lpm r0, Z + add r22, r0 + adc r23, r1 + mov r21, r16 + ldi r30, lo8(shift_table_4) + ldi r31, hi8(shift_table_4) + add r30, N_REG + adc r31, r1 + lpm r20, Z + mov r19, I_REG + ldi r18, 3 + rcall md5_core_asm + inc I_REG + inc N_REG + dec r16 + brne 2b + inc M_REG + dec r17 + brne 1b + + + pop r27 + pop r26 /* X now points to the context */ + movw r30, APTR_REG + ldi r16, 4 +1: + ld r0, X + ld r2, Z+ + add r0, r2 + st X+, r0 + ld r0, X + ld r2, Z+ + adc r0, r2 + st X+, r0 + ld r0, X + ld r2, Z+ + adc r0, r2 + st X+, r0 + ld r0, X + ld r2, Z+ + adc r0, r2 + st X+, r0 + dec r16 + brne 1b - stack_free 4*4 + ld r0, X + inc r0 + st X+, r0 + brne 2f + ld r0, X + inc r0 + st X+, r0 + brne 2f + ld r0, X + inc r0 + st X+, r0 + brne 2f + ld r0, X + inc r0 + st X+, r0 +2: + + pop r17 + pop r16 + pop_range 2, 8 + stack_free 16 + ret -*/ diff --git a/md5-stub.c b/md5-stub.c index f9fb945..fedbe8b 100644 --- a/md5-stub.c +++ b/md5-stub.c @@ -49,7 +49,7 @@ void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_ } */ - +#if 0 void md5_nextBlock(md5_ctx_t *state, void* block){ uint32_t a[4]; uint8_t m,n,i=0; @@ -101,6 +101,7 @@ void md5_nextBlock(md5_ctx_t *state, void* block){ state->a[3] += a[3]; state->counter++; } +#endif void md5_lastBlock(md5_ctx_t *state, void* block, uint16_t length_b){ uint16_t l; -- 2.39.2 From a397db40b94b01a3ed72f9367961cf68d82593d1 Mon Sep 17 00:00:00 2001 From: bg Date: Fri, 5 Dec 2008 12:53:15 +0000 Subject: [PATCH 04/16] md5_lastBlock() now in ASM --- avr-asm-macros.S | 27 ++++++ md5-asm.S | 196 +++++++++++++++++++++++++++++++++++---- md5-stub.c | 115 +++-------------------- md5.c | 23 ++++- md5.h | 15 ++- test_src/main-md5-test.c | 7 +- 6 files changed, 254 insertions(+), 129 deletions(-) diff --git a/avr-asm-macros.S b/avr-asm-macros.S index f878be8..4991cee 100644 --- a/avr-asm-macros.S +++ b/avr-asm-macros.S @@ -82,6 +82,33 @@ out _SFR_IO_ADDR(SPL), \reg1 .endm + +.macro stack_alloc_large size:req, reg1=r30, reg2=r31 + in r0, _SFR_IO_ADDR(SREG) + in \reg1, _SFR_IO_ADDR(SPL) + in \reg2, _SFR_IO_ADDR(SPH) + subi \reg1, lo8(\size) + sbci \reg2, hi8(\size) + cli + out _SFR_IO_ADDR(SPH), \reg2 + out _SFR_IO_ADDR(SREG), r0 + out _SFR_IO_ADDR(SPL), \reg1 +.endm + +.macro stack_free_large size:req, reg1=r30, reg2=r31 + in r0, _SFR_IO_ADDR(SREG) + in \reg1, _SFR_IO_ADDR(SPL) + in \reg2, _SFR_IO_ADDR(SPH) + adiw \reg1, 63 + adiw \reg1, (\size-63) + cli + out _SFR_IO_ADDR(SPH), \reg2 + out _SFR_IO_ADDR(SREG), r0 + out _SFR_IO_ADDR(SPL), \reg1 +.endm + + + /******************************************************************************* * END of MACRO SECTION * *******************************************************************************/ diff --git a/md5-asm.S b/md5-asm.S index 4932bb5..2928fe3 100644 --- a/md5-asm.S +++ b/md5-asm.S @@ -301,9 +301,9 @@ ARG_Z3 = 17 md5_core_asm: - push r28 - push r29 - push_range 4, 17 + push r16 + push r17 + push_range 4, 8 ldi r30, lo8(T_table) ldi r31, hi8(T_table) lsl P_I @@ -445,9 +445,9 @@ fixrotl: st X+, r24 st X , r25 md5_core_exit: - pop_range 4, 17 - pop r29 - pop r28 + pop_range 4, 8 + pop r17 + pop r16 ret ;################################################################### @@ -531,9 +531,9 @@ I_REG = 8 .global md5_nextBlock md5_nextBlock: stack_alloc 16 - push_range 2, 8 - push r16 - push r17 + push_range 2, 17 + push r28 + push r29 push r24 push r25 adiw r30, 1 /* Z now points to the beginning of the allocated memory */ @@ -735,16 +735,180 @@ md5_nextBlock: st X+, r0 2: - pop r17 - pop r16 - pop_range 2, 8 + pop r29 + pop r28 + pop_range 2, 17 stack_free 16 ret - - - - +;############################################################################### +/* +void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){ + uint16_t l; + uint8_t b[64]; + while (length_b >= 512){ + md5_nextBlock(state, block); + length_b -= 512; + block = ((uint8_t*)block) + 512/8; + } + memset(b, 0, 64); + memcpy(b, block, length_b/8); + / * insert padding one * / + l=length_b/8; + if(length_b%8){ + uint8_t t; + t = ((uint8_t*)block)[l]; + t |= (0x80>>(length_b%8)); + b[l]=t; + }else{ + b[l]=0x80; + } + / * insert length value * / + if(l+sizeof(uint64_t) >= 512/8){ + md5_nextBlock(state, b); + state->counter--; + memset(b, 0, 64-8); + } + *((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b; + md5_nextBlock(state, b); +} +*/ +; state_ptr : r24,r25 +; block_ptr : r22,r23 +; length_b : r20,r21 +.global md5_lastBlock +md5_lastBlock: + stack_alloc_large 64 + push_range 12, 17 + push r30 + push r31 + movw r16, r20 /* length_b */ + movw r14, r22 /* block_ptr */ + movw r12, r24 /* state_ptr */ + + cpi r17, 2 /* hi8(512) */ + brlo 2f +1: + movw r24, r12 + movw r22, r14 + rcall md5_nextBlock + ldi r18, 64 + add r14, r18 + adc r15, r1 + subi r17, 2 + brge 1b +2: + pop r31 + pop r30 + + adiw r30, 1 + movw r26, r14 + movw r24, r16 + adiw r24, 7 + + lsr r25 + ror r24 + lsr r24 + lsr r24 /* r24 now holds how many bytes are to copy */ + ldi r18, 64 + sub r18, r24 + tst r24 +4: + breq 5f + ld r0, X+ + st Z+, r0 + dec r24 + rjmp 4b +5: /* append 1-bit */ + mov r20, r16 + andi r20, 0x07 + brne bit_fucking + ldi r19, 0x80 + st Z+, r19 + dec r18 + rjmp after_bit_fucking +bit_fucking: + ldi r19, 0x80 +1: + lsr r19 + dec r20 + brne 1b + or r0, r19 + st -Z, r0 + adiw r30, 1 +after_bit_fucking: + clt + cpi r18, 8 + brmi 2f + set /* store in t if the counter will also fit in this block */ +2: + tst r18 + breq 2f +1: + st Z+, r1 + dec r18 + brne 1b +2: + sbiw r30, 63 + sbiw r30, 1 + movw r14, r30 + brts load_counter + movw r24, r12 + movw r22, r14 + rcall md5_nextBlock + movw r30, r14 + ldi r20, 64-8 +3: + st Z+, r1 + dec r20 + brne 3b + +load_counter: + movw r26, r12 + adiw r26, 16 + ld r19, X+ + ld r20, X+ + ld r21, X+ + ld r22, X+ + brts post_counter_decrement + subi r19, 1 + sbci r20, 0 + sbci r21, 0 + sbci r22, 0 +post_counter_decrement: + clr r18 + clr r23 + lsl r19 + rol r20 + rol r21 + rol r22 + rol r23 + add r18, r16 + adc r19, r17 + adc r20, r1 + adc r21, r1 + adc r22, r1 + adc r23, r1 + movw r30, r14 + adiw r30, 64-8 + st Z+, r18 + st Z+, r19 + st Z+, r20 + st Z+, r21 + st Z+, r22 + st Z+, r23 + st Z+, r1 + st Z, r1 + + sbiw r30, 63 +; sbiw r30, 1 + movw r24, r12 + movw r22, r30 + rcall md5_nextBlock +md5_lastBlock_exit: + pop_range 12, 17 + stack_free_large 64 + ret diff --git a/md5-stub.c b/md5-stub.c index fedbe8b..2631c37 100644 --- a/md5-stub.c +++ b/md5-stub.c @@ -24,113 +24,20 @@ #undef DEBUG -void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi); -/* -#define ROTL32(x,n) (((x)<<(n)) | ((x)>>(32-(n)))) - -static -void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi){ - uint32_t t; - md5_func_t* funcs[]={md5_F, md5_G, md5_H, md5_I}; - as &= 0x3; - // * a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). * / -#ifdef DEBUG - char funcc[]={'*', '-', '+', '~'}; - uart_putstr("\r\n DBG: md5_core ["); - uart_putc(funcc[fi]); - uart_hexdump(&as, 1); uart_putc(' '); - uart_hexdump(&k, 1); uart_putc(' '); - uart_hexdump(&s, 1); uart_putc(' '); - uart_hexdump(&i, 1); uart_putc(']'); -#endif - t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + *((uint32_t*)block) + md5_T[i] ; - a[as]=a[(as+1)&3] + ROTL32(t, s); +void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){ + memcpy(dest, state->a, MD5_HASH_BYTES); } -*/ - -#if 0 -void md5_nextBlock(md5_ctx_t *state, void* block){ - uint32_t a[4]; - uint8_t m,n,i=0; - /* this requires other mixed sboxes */ -#ifdef DEBUG - uart_putstr("\r\n DBG: md5_nextBlock: block:\r\n"); - uart_hexdump(block, 16); uart_putstr("\r\n"); - uart_hexdump(block+16, 16); uart_putstr("\r\n"); - uart_hexdump(block+32, 16); uart_putstr("\r\n"); - uart_hexdump(block+48, 16); uart_putstr("\r\n"); -#endif - - a[0]=state->a[0]; - a[1]=state->a[1]; - a[2]=state->a[2]; - a[3]=state->a[3]; - /* round 1 */ - uint8_t s1t[]={7,12,17,22}; // 1,-1 1,4 2,-1 3,-2 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[m*4+n]), 4-n, s1t[n],i++,0); - } - } - /* round 2 */ - uint8_t s2t[]={5,9,14,20}; // 1,-3 1,1 2,-2 2,4 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[(1+m*4+n*5)&0xf]), 4-n, s2t[n],i++,1); - } - } - /* round 3 */ - uint8_t s3t[]={4,11,16,23}; // 0,4 1,3 2,0 3,-1 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[(5-m*4+n*3)&0xf]), 4-n, s3t[n],i++,2); - } - } - /* round 4 */ - uint8_t s4t[]={6,10,15,21}; // 1,-2 1,2 2,-1 3,-3 - for(m=0;m<4;++m){ - for(n=0;n<4;++n){ - md5_core(a, &(((uint32_t*)block)[(0-m*4+n*7)&0xf]), 4-n, s4t[n],i++,3); - } +void md5(md5_hash_t* dest, const void* msg, uint32_t length_b){ + md5_ctx_t ctx; + md5_init(&ctx); + while(length_b>=MD5_BLOCK_BITS){ + md5_nextBlock(&ctx, msg); + msg = (uint8_t*)msg + MD5_BLOCK_BYTES; + length_b -= MD5_BLOCK_BITS; } - state->a[0] += a[0]; - state->a[1] += a[1]; - state->a[2] += a[2]; - state->a[3] += a[3]; - state->counter++; + md5_lastBlock(&ctx, msg, length_b); + md5_ctx2hash(dest, &ctx); } -#endif - -void md5_lastBlock(md5_ctx_t *state, void* block, uint16_t length_b){ - uint16_t l; - uint8_t b[64]; - while (length_b >= 512){ - md5_nextBlock(state, block); - length_b -= 512; - block = ((uint8_t*)block) + 512/8; - } - memset(b, 0, 64); - memcpy(b, block, length_b/8); - /* insert padding one */ - l=length_b/8; - if(length_b%8){ - uint8_t t; - t = ((uint8_t*)block)[l]; - t |= (0x80>>(length_b%8)); - b[l]=t; - }else{ - b[l]=0x80; - } - /* insert length value */ - if(l+sizeof(uint64_t) >= 512/8){ - md5_nextBlock(state, b); - state->counter--; - memset(b, 0, 64); - } - *((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b; - md5_nextBlock(state, b); -} - diff --git a/md5.c b/md5.c index c995b2a..ac07042 100644 --- a/md5.c +++ b/md5.c @@ -84,7 +84,7 @@ void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_ a[as]=a[(as+1)&3] + ROTL32(t, s); } -void md5_nextBlock(md5_ctx_t *state, void* block){ +void md5_nextBlock(md5_ctx_t *state, const void* block){ uint32_t a[4]; uint8_t m,n,i=0; /* this requires other mixed sboxes */ @@ -136,7 +136,7 @@ void md5_nextBlock(md5_ctx_t *state, void* block){ state->counter++; } -void md5_lastBlock(md5_ctx_t *state, void* block, uint16_t length_b){ +void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){ uint16_t l; uint8_t b[64]; while (length_b >= 512){ @@ -160,8 +160,25 @@ void md5_lastBlock(md5_ctx_t *state, void* block, uint16_t length_b){ if(l+sizeof(uint64_t) >= 512/8){ md5_nextBlock(state, b); state->counter--; - memset(b, 0, 64); + memset(b, 0, 64-8); } *((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b; md5_nextBlock(state, b); } + +void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){ + memcpy(dest, state->a, MD5_HASH_BYTES); +} + +void md5(md5_hash_t* dest, const void* msg, uint32_t length_b){ + md5_ctx_t ctx; + md5_init(&ctx); + while(length_b>=MD5_BLOCK_BITS){ + md5_nextBlock(&ctx, msg); + msg = (uint8_t*)msg + MD5_BLOCK_BYTES; + length_b -= MD5_BLOCK_BITS; + } + md5_lastBlock(&ctx, msg, length_b); + md5_ctx2hash(dest, &ctx); +} + diff --git a/md5.h b/md5.h index f7e51f2..446575f 100644 --- a/md5.h +++ b/md5.h @@ -31,14 +31,25 @@ #include + +#define MD5_HASH_BITS 128 +#define MD5_HASH_BYTES (MD5_HASH_BITS/8) +#define MD5_BLOCK_BITS 512 +#define MD5_BLOCK_BYTES (MD5_BLOCK_BITS/8) + + typedef struct md5_ctx_st { uint32_t a[4]; uint32_t counter; } md5_ctx_t; +typedef uint8_t md5_hash_t[MD5_HASH_BYTES]; + void md5_init(md5_ctx_t *s); -void md5_nextBlock(md5_ctx_t *state, void* block); -void md5_lastBlock(md5_ctx_t *state, void* block, uint16_t length); +void md5_nextBlock(md5_ctx_t *state, const void* block); +void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length); +void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state); +void md5(md5_hash_t* dest, const void* msg, uint32_t length_b); #endif /*MD5_H_*/ diff --git a/test_src/main-md5-test.c b/test_src/main-md5-test.c index c3e40da..1bc69fa 100644 --- a/test_src/main-md5-test.c +++ b/test_src/main-md5-test.c @@ -84,7 +84,7 @@ void testrun_nessie_md5(void){ */ void testrun_md5(void){ - md5_ctx_t s; + md5_hash_t hash; char* testv[]={ "", "a", @@ -100,9 +100,8 @@ void testrun_md5(void){ uart_putstr("\r\n MD5 (\""); uart_putstr(testv[i]); uart_putstr("\") = \r\n\t"); - md5_init(&s); - md5_lastBlock(&s, testv[i], strlen(testv[i])*8); - uart_hexdump(&(s.a[0]), 16); + md5(&hash, testv[i], strlen(testv[i])*8); + uart_hexdump(hash, 16); } } -- 2.39.2 From d5e258765801a9b13be0e0502de94d7cb8c40629 Mon Sep 17 00:00:00 2001 From: bg Date: Fri, 5 Dec 2008 15:09:16 +0000 Subject: [PATCH 05/16] MD5 now completly in ASM --- md5-asm.S | 64 ++++++++++++++++++++++++++++++++++++++++++++-- md5-stub.c | 43 ------------------------------- mkfiles/md5_asm.mk | 4 +-- 3 files changed, 64 insertions(+), 47 deletions(-) delete mode 100644 md5-stub.c diff --git a/md5-asm.S b/md5-asm.S index 2928fe3..be8f50b 100644 --- a/md5-asm.S +++ b/md5-asm.S @@ -785,7 +785,7 @@ md5_lastBlock: movw r16, r20 /* length_b */ movw r14, r22 /* block_ptr */ movw r12, r24 /* state_ptr */ - +2: cpi r17, 2 /* hi8(512) */ brlo 2f 1: @@ -796,7 +796,7 @@ md5_lastBlock: add r14, r18 adc r15, r1 subi r17, 2 - brge 1b + rjmp 2b 2: pop r31 pop r30 @@ -911,5 +911,65 @@ md5_lastBlock_exit: ret +;############################################################################### + + +.global md5_ctx2hash +md5_ctx2hash: + movw r26, r24 + movw r30, r22 + ldi r22, 16 +1: + ld r0, Z+ + st X+, r0 + dec r22 + brne 1b + ret + + +;############################################################################### + + +.global md5 +md5: + stack_alloc 20 + push_range 8, 17 + adiw r30, 1 + movw r8, r30 /* ctx */ + movw r10, r24 /* dest */ + movw r12, r22 /* msg */ + movw r14, r18 /* length (low) */ + movw r16, r20 /* length (high) */ + movw r24, r30 + rcall md5_init +1: + tst r16 + brne next_round + tst r17 + breq last_round +next_round: + movw r24, r8 + movw r22, r12 + rcall md5_nextBlock + ldi r22, 64 + add r12, r22 + adc r13, r1 + ldi r22, 2 + sub r15, r22 + sbci r16, 0 + sbci r17, 0 + rjmp 1b +last_round: + movw r24, r8 + movw r22, r12 + movw r20, r14 + rcall md5_lastBlock + movw r24, r10 + movw r22, r8 + rcall md5_ctx2hash + pop_range 8, 17 + stack_free 20 + ret + diff --git a/md5-stub.c b/md5-stub.c deleted file mode 100644 index 2631c37..0000000 --- a/md5-stub.c +++ /dev/null @@ -1,43 +0,0 @@ -/* md5-asm.c */ -/* - This file is part of the Crypto-avr-lib/microcrypt-lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - #include "md5.h" - #include "uart.h" - #include - #include - - #undef DEBUG - - -void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){ - memcpy(dest, state->a, MD5_HASH_BYTES); -} - -void md5(md5_hash_t* dest, const void* msg, uint32_t length_b){ - md5_ctx_t ctx; - md5_init(&ctx); - while(length_b>=MD5_BLOCK_BITS){ - md5_nextBlock(&ctx, msg); - msg = (uint8_t*)msg + MD5_BLOCK_BYTES; - length_b -= MD5_BLOCK_BITS; - } - md5_lastBlock(&ctx, msg, length_b); - md5_ctx2hash(dest, &ctx); -} - diff --git a/mkfiles/md5_asm.mk b/mkfiles/md5_asm.mk index 8cba137..00a1fde 100644 --- a/mkfiles/md5_asm.mk +++ b/mkfiles/md5_asm.mk @@ -4,9 +4,9 @@ ALGO_NAME := MD5_ASM # comment out the following line for removement of MD5 from the build process HASHES += $(ALGO_NAME) -$(ALGO_NAME)_OBJ := md5-asm.o md5-stub.o +$(ALGO_NAME)_OBJ := md5-asm.o $(ALGO_NAME)_TEST_BIN := main-md5-test.o debug.o uart.o serial-tools.o \ nessie_hash_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" -- 2.39.2 From 12883cff6e7d233365e8477e08f90c75fa5a48b2 Mon Sep 17 00:00:00 2001 From: bg Date: Tue, 9 Dec 2008 21:10:19 +0000 Subject: [PATCH 06/16] camellia (C and ASM mixed) seems to work now; pure C version still broken --- camellia.c | 38 +++++++++++++++++------------------ camellia.h | 6 +++--- camellia_C.c | 32 ++++++++++++++--------------- test_src/main-camellia-test.c | 35 ++++++++++++++++++++++++++++++-- 4 files changed, 71 insertions(+), 40 deletions(-) diff --git a/camellia.c b/camellia.c index a561d4e..4c5b1c8 100644 --- a/camellia.c +++ b/camellia.c @@ -63,8 +63,8 @@ uint32_t PROGMEM camellia_sigma[12]={ /* 48 byte table */ #define SIGMA(p) (( ((uint64_t)(pgm_read_dword((prog_uint32_t*)camellia_sigma+2*(p)+1)))<<32) | \ ((uint64_t)(pgm_read_dword((prog_uint32_t*)camellia_sigma+2*(p)+0))) ) */ -#define SIGMA(p) (( ((uint64_t)(pgm_read_dword(((prog_uint32_t*)camellia_sigma)[2*(p)+1])))<<32) | \ - ((uint64_t)(pgm_read_dword(((prog_uint32_t*)camellia_sigma)[2*(p)+0]))) ) +#define SIGMA(p) (( ((uint64_t)(pgm_read_dword(&(((prog_uint32_t*)camellia_sigma)[2*(p)+1]))))<<32) | \ + ((uint64_t)(pgm_read_dword(&(((prog_uint32_t*)camellia_sigma)[2*(p)+0])))) ) @@ -82,7 +82,7 @@ void camellia128_ctx_dump(camellia128_ctx_t *s){ /*****************************************************************************/ /* extern prog_uint64_t camellia_sigma[6]; */ -void camellia128_init(uint8_t* key, camellia128_ctx_t* s){ +void camellia128_init(const uint8_t* key, camellia128_ctx_t* s){ uint8_t i; s->kll = 0; /* ((uint64_t*)key)[0]; */ @@ -112,7 +112,7 @@ void camellia128_init(uint8_t* key, camellia128_ctx_t* s){ /*****************************************************************************/ void camellia128_keyop(camellia128_ctx_t* s, int8_t q); /*****************************************************************************/ -void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q); +void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q); /*****************************************************************************/ #define SEL_KA 1 @@ -130,12 +130,12 @@ void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q); #define KEY_ROL17 0x08 #define KEY_ROL15 0x00 -void camellia_6rounds(camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, +void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice); /*****************************************************************************/ -void camellia128_enc(void* block, camellia128_ctx_t* s){ +void camellia128_enc(void* block, const camellia128_ctx_t* s){ #define BL (((uint64_t*)block)[0]) #define BR (((uint64_t*)block)[1]) @@ -157,17 +157,17 @@ void camellia128_enc(void* block, camellia128_ctx_t* s){ /* the first 6 */ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33); /* FL injection */ - camellia128_keyop(s, -1); + camellia128_keyop((camellia128_ctx_t*)s, -1); BL = camellia_fl(BL, s->kal); BR = camellia_fl_inv(BR, s->kar); - camellia128_keyop(s, -1); + camellia128_keyop((camellia128_ctx_t*)s, -1); /* middle 6 */ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34); /* FL injection */ - camellia128_keyop(s, 1); + camellia128_keyop((camellia128_ctx_t*)s, 1); BL = camellia_fl(BL, s->kll); BR = camellia_fl_inv(BR, s->klr); - camellia128_keyop(s, 1); + camellia128_keyop((camellia128_ctx_t*)s, 1); /* last 6 */ camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C); /* Postwhitening */ @@ -178,7 +178,7 @@ void camellia128_enc(void* block, camellia128_ctx_t* s){ BR = BL; BL = temp64; - camellia128_keyop(s,1); + camellia128_keyop((camellia128_ctx_t*)s,1); change_endian(&BL, 64/8); change_endian(&BR, 64/8); @@ -189,14 +189,14 @@ void camellia128_enc(void* block, camellia128_ctx_t* s){ /*****************************************************************************/ -void camellia128_dec(void* block, camellia128_ctx_t* s){ +void camellia128_dec(void* block, const camellia128_ctx_t* s){ #define BL (((uint64_t*)block)[1]) #define BR (((uint64_t*)block)[0]) /* endian adjustment */ /*BL*/ - /* 1 2 3 4 5 6 7 8 - * 8 7 6 5 4 3 2 1 + /* 1 2 3 4 5 6 7 8 + * 8 7 6 5 4 3 2 1 */ uint64_t temp64; @@ -204,24 +204,24 @@ void camellia128_dec(void* block, camellia128_ctx_t* s){ change_endian(&BL, 64/8); change_endian(&BR, 64/8); - camellia128_keyop_inv(s, 1); + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); /* Prewhitening */ BR ^= s->kal; /* kw3 */ BL ^= s->kar; /* kw4 */ /* the first 6 */ camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C); /* FL injection */ - camellia128_keyop_inv(s, 1); + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); BR = camellia_fl(BR, s->klr); BL = camellia_fl_inv(BL, s->kll); - camellia128_keyop_inv(s, 1); + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); /* middle 6 */ camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B); /* FL injection */ - camellia128_keyop_inv(s, -1); + camellia128_keyop_inv((camellia128_ctx_t*)s, -1); BR = camellia_fl(BR, s->kar); BL = camellia_fl_inv(BL, s->kal); - camellia128_keyop_inv(s, -1); + camellia128_keyop_inv((camellia128_ctx_t*)s, -1); /* last 6 */ camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33); diff --git a/camellia.h b/camellia.h index a636efa..9970089 100644 --- a/camellia.h +++ b/camellia.h @@ -29,9 +29,9 @@ typedef struct camellia128_ctx_s{ }camellia128_ctx_t; -void camellia128_init(uint8_t* key, camellia128_ctx_t* s); -void camellia128_enc(void* block, camellia128_ctx_t* s); -void camellia128_dec(void* block, camellia128_ctx_t* s); +void camellia128_init(const uint8_t* key, camellia128_ctx_t* s); +void camellia128_enc(void* block, const camellia128_ctx_t* s); +void camellia128_dec(void* block, const camellia128_ctx_t* s); #endif /*CAMELLIA_H_*/ diff --git a/camellia_C.c b/camellia_C.c index 1eea731..f341d6b 100644 --- a/camellia_C.c +++ b/camellia_C.c @@ -169,15 +169,15 @@ uint64_t camellia_f(uint64_t x, uint64_t k){ /*****************************************************************************/ uint64_t camellia_fl(uint64_t x, uint64_t k){ - volatile uint64_t lx[1], lk[1], y[1]; + uint64_t lx[1], lk[1], y[1]; lx[0]=x; lk[0] = k; #define Y ((uint32_t*)y) #define X ((uint32_t*)lx) #define K ((uint32_t*)lk) - Y[0] = rol32((X[1]) & K[1],1) ^ (X[0]); /* Yr */ - Y[1] = (Y[0] | K[0]) ^ (X[1]); /* Yl */ + Y[0] = rol32((X[1]) & K[1] ,1) ^ (X[0]); /* Yr */ + Y[1] = (Y[0] | K[0]) ^ (X[1]); /* Yl */ /* uart_putstr("\r\nFL("); @@ -243,7 +243,7 @@ void camellia128_ctx_dump(camellia128_ctx_t *s){ /*****************************************************************************/ -void camellia128_init(camellia128_ctx_t* s, uint8_t* key){ +void camellia128_init(const uint8_t* key, camellia128_ctx_t* s){ uint8_t i; s->kll = 0; //((uint64_t*)key)[0]; @@ -321,7 +321,7 @@ void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){ #define KEY_ROL17 0x08 #define KEY_ROL15 0x00 -void camellia_6rounds(camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){ +void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){ uint8_t i; uint64_t* k[4]; k[0] = &(s->kll); @@ -350,7 +350,7 @@ void camellia_6rounds(camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t /*****************************************************************************/ -void camellia128_enc(camellia128_ctx_t* s, void* block){ +void camellia128_enc(void* block, const camellia128_ctx_t* s){ #define BL (((uint64_t*)block)[0]) #define BR (((uint64_t*)block)[1]) @@ -389,10 +389,10 @@ void camellia128_enc(camellia128_ctx_t* s, void* block){ */ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33); /* FL injection */ - camellia128_keyop(s, -1); + camellia128_keyop((camellia128_ctx_t*)s, -1); BL = camellia_fl(BL, s->kal); BR = camellia_fl_inv(BR, s->kar); - camellia128_keyop(s, -1); + camellia128_keyop((camellia128_ctx_t*)s, -1); /* middle 6 */ /* BR ^= camellia_f(BL, s->kll); BL ^= camellia_f(BR, s->klr); @@ -404,10 +404,10 @@ void camellia128_enc(camellia128_ctx_t* s, void* block){ /*/ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34); /* FL injection */ - camellia128_keyop(s, 1); + camellia128_keyop((camellia128_ctx_t*)s, 1); BL = camellia_fl(BL, s->kll); BR = camellia_fl_inv(BR, s->klr); - camellia128_keyop(s, 1); + camellia128_keyop((camellia128_ctx_t*)s, 1); /* last 6 */ /* BR ^= camellia_f(BL, s->kll); BL ^= camellia_f(BR, s->klr); @@ -444,14 +444,14 @@ void camellia128_enc(camellia128_ctx_t* s, void* block){ /*****************************************************************************/ -void camellia128_dec(camellia128_ctx_t* s, void* block){ +void camellia128_dec(void* block, const camellia128_ctx_t* s){ #define BL (((uint64_t*)block)[1]) #define BR (((uint64_t*)block)[0]) /* endian adjustment */ /*BL*/ /* 1 2 3 4 5 6 7 8 - * 8 7 6 5 4 3 2 1 + * 8 7 6 5 4 3 2 1 */ uint64_t temp64; @@ -468,7 +468,7 @@ void camellia128_dec(camellia128_ctx_t* s, void* block){ | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ - camellia128_keyop_inv(s, 1); + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); /* Prewhitening */ BR ^= s->kal; /* kw3 */ BL ^= s->kar; /* kw4 */ @@ -486,10 +486,10 @@ void camellia128_dec(camellia128_ctx_t* s, void* block){ camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C); /* FL injection */ - camellia128_keyop_inv(s, 1); + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); BR = camellia_fl(BR, s->klr); BL = camellia_fl_inv(BL, s->kll); - camellia128_keyop_inv(s, 1); + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); /* middle 6 */ /* BL ^= camellia_f(BR, s->kar); BR ^= camellia_f(BL, s->kal); @@ -505,7 +505,7 @@ void camellia128_dec(camellia128_ctx_t* s, void* block){ camellia128_keyop_inv(s, -1); BR = camellia_fl(BR, s->kar); BL = camellia_fl_inv(BL, s->kal); - camellia128_keyop_inv(s, -1); + camellia128_keyop_inv((camellia128_ctx_t*)s, -1); /* last 6 */ /* BL ^= camellia_f(BR, s->kar); diff --git a/test_src/main-camellia-test.c b/test_src/main-camellia-test.c index 4d64a50..19153b5 100644 --- a/test_src/main-camellia-test.c +++ b/test_src/main-camellia-test.c @@ -103,9 +103,40 @@ void test_performance_camellia(void){ /***************************************************************************** * self tests * *****************************************************************************/ +/* +128-bit key +key 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 +plaintext 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 +ciphertext 67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43 +*/ +void testrun_camellia(void){ + + uint8_t data[16] = { 0x01, 0x23, 0x45, 0x67, + 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, + 0x76, 0x54, 0x32, 0x10 }; +/* + uint8_t data[16] = { + 0x10, 0x32, 0x54, 0x76, + 0x98, 0xba, 0xdc, 0xfe, + 0xfe, 0xcd, 0xab, 0x89 + 0x67, 0x89, 0x67, 0x01}; +*/ + camellia128_ctx_t ctx; + camellia128_init(data, &ctx); + uart_putstr_P(PSTR("\r\n key: ")); + uart_hexdump(data, 16); + uart_putstr_P(PSTR("\r\n plaintext: ")); + uart_hexdump(data, 16); + camellia128_enc(data, &ctx); + uart_putstr_P(PSTR("\r\n ciphertext: ")); + uart_hexdump(data, 16); + +} + /***************************************************************************** - * main * + * main * *****************************************************************************/ int main (void){ @@ -120,7 +151,7 @@ int main (void){ uart_putstr_P(PSTR(")\r\nloaded and running\r\n")); PGM_P u = PSTR("nessie\0test\0performance\0"); - void_fpt v[] = {testrun_nessie_camellia, testrun_nessie_camellia, test_performance_camellia}; + void_fpt v[] = {testrun_nessie_camellia, testrun_camellia, test_performance_camellia}; while(1){ if (!getnextwordn(str,20)){DEBUG_S("DBG: W1\r\n"); goto error;} -- 2.39.2 From 9b567bc05f6ff8c98fbc8a140f1faf6f60da30ac Mon Sep 17 00:00:00 2001 From: bg Date: Wed, 10 Dec 2008 15:18:23 +0000 Subject: [PATCH 07/16] fixing lot of typos, camellia_C now seems to work --- camellia-asm.S | 30 ++-- camellia.h | 2 +- camellia.c => camellia128-stub.c | 23 +-- camellia_C.c | 236 +++++++++++-------------------- mkfiles/a5_1.mk | 2 +- mkfiles/arcfour.mk | 2 +- mkfiles/arcfour_c.mk | 2 +- mkfiles/camellia.mk | 4 +- mkfiles/cast5.mk | 2 +- mkfiles/des.mk | 2 +- mkfiles/entropium.mk | 2 +- mkfiles/grain.mk | 2 +- mkfiles/hmac-sha1.mk | 2 +- mkfiles/hmac-sha256.mk | 2 +- mkfiles/md5.mk | 2 +- mkfiles/noekeon.mk | 2 +- mkfiles/noekeon_c.mk | 2 +- mkfiles/present.mk | 2 +- mkfiles/rc5.mk | 2 +- mkfiles/rc6.mk | 2 +- mkfiles/seed.mk | 2 +- mkfiles/serpent-bitslice.mk | 2 +- mkfiles/serpent_asm_fast.mk | 2 +- mkfiles/serpent_asm_small.mk | 2 +- mkfiles/serpent_c.mk | 2 +- mkfiles/sha1.mk | 2 +- mkfiles/sha1_c.mk | 2 +- mkfiles/sha256.mk | 2 +- mkfiles/sha256_c.mk | 2 +- mkfiles/shabea.mk | 2 +- mkfiles/shacal1enc.mk | 2 +- mkfiles/shacal2enc.mk | 2 +- mkfiles/skipjack.mk | 2 +- mkfiles/tdes.mk | 2 +- mkfiles/trivium.mk | 2 +- mkfiles/xtea.mk | 2 +- mkfiles/xtea_c.mk | 2 +- test_src/main-camellia-test.c | 19 +-- 38 files changed, 155 insertions(+), 223 deletions(-) rename camellia.c => camellia128-stub.c (96%) diff --git a/camellia-asm.S b/camellia-asm.S index 6e58ca5..eeb7b49 100644 --- a/camellia-asm.S +++ b/camellia-asm.S @@ -407,26 +407,26 @@ B1 = 18 B2 = 19 .global camellia128_keyop_rot15 camellia128_keyop_rot15: - movw r30, r24 ; Z points at LSB of kl ;-- 0 + movw r30, r24 ; Z points at LSB of kl ;-- 0 ldi r22, 2 -2: adiw r30, 15 ;-- 15 +2: adiw r30, 15 ;-- 15 ld r21, Z - ld r20, -Z ;-- 14 + ld r20, -Z ;-- 14 movw B1, r20 ; store Backup of the 2 MSB of kl ror r20 ldi r21, 14 -1: ld r20, -Z ;-- 13..0 +1: ld r20, -Z ;-- 13..0 ror r20 - std Z+2, r20 ;-- (15..2) + std Z+2, r20 ;-- (15..2) dec r21 brne 1b ror B2 ror B1 - st Z+, B1 ;-- 1 + st Z+, B1 ;-- 1 st Z, B2 - adiw r30, 15 ;-- 16 + adiw r30, 15 ;-- 16 dec r22 brne 2b @@ -513,26 +513,26 @@ B1 = 18 B2 = 19 .global camellia128_keyop_inv_rot15 camellia128_keyop_inv_rot15: - movw r30, r24 ; Z points at LSB of kl ;-- 0 + movw r30, r24 ; Z points at LSB of kl ;-- 0 movw r26, r24 ; X also ldi r22, 2 -2: ;-- 0 - ld r20, Z+ ;-- 0/1 - ld r21, Z+ ;-- 1/2 +2: ;-- 0 + ld r20, Z+ ;-- 0/1 + ld r21, Z+ ;-- 1/2 movw B1, r20 ; store Backup of the 2 LSB of kl rol r21 ldi r20, 14 -1: ld r21, Z+ ;-- 2/14..3/16 +1: ld r21, Z+ ;-- 2/14..3/16 rol r21 - st X+, r21 ;-- (0..13)/(1..14) + st X+, r21 ;-- (0..13)/(1..14) dec r20 brne 1b rol B1 rol B2 - st X+, B1 ;-- 14/15 - st X+, B2 ;-- 15/16 + st X+, B1 ;-- 14/15 + st X+, B2 ;-- 15/16 dec r22 brne 2b diff --git a/camellia.h b/camellia.h index 9970089..0ae637d 100644 --- a/camellia.h +++ b/camellia.h @@ -29,7 +29,7 @@ typedef struct camellia128_ctx_s{ }camellia128_ctx_t; -void camellia128_init(const uint8_t* key, camellia128_ctx_t* s); +void camellia128_init(const void* key, camellia128_ctx_t* s); void camellia128_enc(void* block, const camellia128_ctx_t* s); void camellia128_dec(void* block, const camellia128_ctx_t* s); diff --git a/camellia.c b/camellia128-stub.c similarity index 96% rename from camellia.c rename to camellia128-stub.c index 4c5b1c8..3461d1f 100644 --- a/camellia.c +++ b/camellia128-stub.c @@ -1,4 +1,4 @@ -/* camellia.c */ +/* camellia128-stub.c */ /* This file is part of the Crypto-avr-lib/microcrypt-lib. Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) @@ -27,10 +27,11 @@ #include #include #include "camellia.h" -#include "uart.h" -#include "debug.h" -#include - +#if 0 + #include "uart.h" + #include "debug.h" + #include +#endif /*****************************************************************************/ uint64_t camellia_f(uint64_t x, uint64_t k); /*****************************************************************************/ @@ -69,7 +70,7 @@ uint32_t PROGMEM camellia_sigma[12]={ /* 48 byte table */ /*****************************************************************************/ - +/* void camellia128_ctx_dump(camellia128_ctx_t *s){ uart_putstr_P(PSTR("\r\n==State Dump==")); uart_putstr_P(PSTR("\n\rKAl: ")); uart_hexdump(&(s->kal), 8); @@ -78,22 +79,24 @@ void camellia128_ctx_dump(camellia128_ctx_t *s){ uart_putstr_P(PSTR("\n\rKLr: ")); uart_hexdump(&(s->klr), 8); return; } - +*/ /*****************************************************************************/ /* extern prog_uint64_t camellia_sigma[6]; */ -void camellia128_init(const uint8_t* key, camellia128_ctx_t* s){ +void camellia128_init(const void* key, camellia128_ctx_t* s){ uint8_t i; s->kll = 0; /* ((uint64_t*)key)[0]; */ /* load the key, endian-adjusted, to kll,klr */ for(i=0; i<8; ++i){ s->kll <<= 8; - s->kll |= *key++; + s->kll |= *((uint8_t*)key); + key = (uint8_t*)key+1; } for(i=0; i<8; ++i){ s->klr <<= 8; - s->klr |= *key++; + s->klr |= *((uint8_t*)key); + key = (uint8_t*)key+1; } s->kal = s->kll; diff --git a/camellia_C.c b/camellia_C.c index f341d6b..1db82f3 100644 --- a/camellia_C.c +++ b/camellia_C.c @@ -27,10 +27,11 @@ #include #include #include "camellia.h" -#include "uart.h" -#include "debug.h" -#include - +#if 0 + #include "uart.h" + #include "debug.h" + #include +#endif /*****************************************************************************/ uint8_t rol(uint8_t a, uint8_t n){return ((a<>(8-n)));} @@ -54,22 +55,22 @@ uint64_t rol64(uint64_t a, uint8_t n){ /*****************************************************************************/ uint8_t camellia_s1_table[256] PROGMEM = { - 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, - 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, - 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, - 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, - 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, - 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, - 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, - 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, - 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, - 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, - 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, - 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, - 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, - 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, - 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, - 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 + 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, + 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, + 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, + 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, + 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, + 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, + 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, + 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, + 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, + 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, + 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, + 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, + 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, + 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, + 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, + 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 }; /*****************************************************************************/ @@ -155,29 +156,24 @@ uint64_t camellia_p(uint64_t d){ uint64_t camellia_f(uint64_t x, uint64_t k){ uint64_t y; y = camellia_p(camellia_s(x ^ k)); -/* - uart_putstr("\r\nEfunc X="); - uart_hexdump(&(x), 8); - uart_putstr(" K="); - uart_hexdump(&(k), 8); - uart_putstr(" Y="); - uart_hexdump(&(y), 8); -*/ return y; } /*****************************************************************************/ uint64_t camellia_fl(uint64_t x, uint64_t k){ - uint64_t lx[1], lk[1], y[1]; - lx[0]=x; lk[0] = k; - +// uint64_t lx, lk, y; + uint32_t lx[2], lk[2], yr, yl; + lx[0]=(uint32_t)x; + lx[1]=(uint32_t)(x>>32); + lk[0]=(uint32_t)k; + lk[1]=(uint32_t)(k>>32); #define Y ((uint32_t*)y) #define X ((uint32_t*)lx) #define K ((uint32_t*)lk) - Y[0] = rol32((X[1]) & K[1] ,1) ^ (X[0]); /* Yr */ - Y[1] = (Y[0] | K[0]) ^ (X[1]); /* Yl */ + yr = rol32((X[1]) & (K[1]) ,1) ^ (X[0]); /* Yr */ + yl = (yr | K[0]) ^ (X[1]); /* Yl */ /* uart_putstr("\r\nFL("); @@ -190,15 +186,18 @@ uint64_t camellia_fl(uint64_t x, uint64_t k){ #undef K #undef X #undef Y - return y[0]; + return (((uint64_t)yl)<<32 | yr); } /*****************************************************************************/ uint64_t camellia_fl_inv(uint64_t y, uint64_t k){ //volatile uint32_t xl, xr; - volatile uint64_t ly[1], lk[1], x[1]; - ly[0]=y; lk[0] = k; + uint32_t ly[2], lk[2], x[2]; + ly[0]=(uint32_t)y; + ly[1]=(uint32_t)(y>>32); + lk[0]=(uint32_t)k; + lk[1]=(uint32_t)(k>>32); #define Y ((uint32_t*)ly) #define X ((uint32_t*)x) #define K ((uint32_t*)lk) @@ -216,7 +215,7 @@ uint64_t camellia_fl_inv(uint64_t y, uint64_t k){ #undef K #undef X #undef Y - return x[0]; + return ((uint64_t)(x[1]))<<32 | x[0]; } /*****************************************************************************/ @@ -231,7 +230,7 @@ uint64_t camellia_sigma[6]={ }; /*****************************************************************************/ - +#if 0 void camellia128_ctx_dump(camellia128_ctx_t *s){ uart_putstr("\r\n==State Dump=="); uart_putstr("\n\rKAl: "); uart_hexdump(&(s->kal), 8); @@ -240,21 +239,23 @@ void camellia128_ctx_dump(camellia128_ctx_t *s){ uart_putstr("\n\rKLr: "); uart_hexdump(&(s->klr), 8); return; } - +#endif /*****************************************************************************/ -void camellia128_init(const uint8_t* key, camellia128_ctx_t* s){ +void camellia128_init(const void* key, camellia128_ctx_t* s){ uint8_t i; s->kll = 0; //((uint64_t*)key)[0]; /* load the key, endian-adjusted, to kll,klr */ for(i=0; i<8; ++i){ s->kll <<= 8; - s->kll |= *key++; + s->kll |= *((uint8_t*)key); + key = (uint8_t*)key+1; } for(i=0; i<8; ++i){ s->klr <<= 8; - s->klr |= *key++; + s->klr |= *((uint8_t*)key); + key = (uint8_t*)key+1; } s->kal = s->kll; @@ -309,31 +310,31 @@ void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){ #define SEL_KA 1 #define SEL_KL 0 -#define KEY_POSTC1 0x00 -#define KEY_POSTC2 0x01 -#define KEY_INC2 0x02 +#define KEY_POSTC1 0x00 +#define KEY_POSTC2 0x01 +#define KEY_INC2 0x02 -#define KEY_DIR 0x04 -#define KEY_DIR_NORM 0x00 -#define KEY_DIR_INV 0x04 +#define KEY_DIR 0x04 +#define KEY_DIR_NORM 0x00 +#define KEY_DIR_INV 0x04 -#define KEY_AMMOUNT 0x08 -#define KEY_ROL17 0x08 -#define KEY_ROL15 0x00 +#define KEY_AMMOUNT 0x08 +#define KEY_ROL17 0x08 +#define KEY_ROL15 0x00 void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){ uint8_t i; uint64_t* k[4]; - k[0] = &(s->kll); - k[1] = &(s->klr); - k[2] = &(s->kal); - k[3] = &(s->kar); + k[0] = &(((camellia128_ctx_t*)s)->kll); + k[1] = &(((camellia128_ctx_t*)s)->klr); + k[2] = &(((camellia128_ctx_t*)s)->kal); + k[3] = &(((camellia128_ctx_t*)s)->kar); for(i=0; i<3; ++i){ /* each cycle */ br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)])); keychoice >>= 1; if((i == 1) && (roundop&KEY_INC2)){ - ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(s,(roundop&KEY_AMMOUNT)?1:-1); + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1); } bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)])); @@ -341,7 +342,7 @@ void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, ui /* check if we should do some keyop */ if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){ - ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(s,(roundop&KEY_AMMOUNT)?1:-1); + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1); /* isn't it fuckin nice what we can do in C?! */ } } @@ -349,6 +350,16 @@ void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, ui /*****************************************************************************/ +void change_endian(void* data, uint8_t length){ + uint8_t i,a; + for(i=0; i> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ - temp64 = BR; - BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); /* Prewhitening */ BL ^= s->kll; BR ^= s->klr; /* the first 6 */ -/* - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->kar); - camellia128_keyop(s, -1); - BR ^= camellia_f(BL, s->kll); - BL ^= camellia_f(BR, s->klr); - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->kar); -*/ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33); /* FL injection */ camellia128_keyop((camellia128_ctx_t*)s, -1); @@ -394,14 +388,6 @@ void camellia128_enc(void* block, const camellia128_ctx_t* s){ BR = camellia_fl_inv(BR, s->kar); camellia128_keyop((camellia128_ctx_t*)s, -1); /* middle 6 */ -/* BR ^= camellia_f(BL, s->kll); - BL ^= camellia_f(BR, s->klr); - BR ^= camellia_f(BL, s->kal); - camellia128_keyop(s, -1); - BL ^= camellia_f(BR, s->klr); - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->kar); -/*/ camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34); /* FL injection */ camellia128_keyop((camellia128_ctx_t*)s, 1); @@ -409,15 +395,6 @@ void camellia128_enc(void* block, const camellia128_ctx_t* s){ BR = camellia_fl_inv(BR, s->klr); camellia128_keyop((camellia128_ctx_t*)s, 1); /* last 6 */ -/* BR ^= camellia_f(BL, s->kll); - BL ^= camellia_f(BR, s->klr); - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->kar); - camellia128_keyop(s, 1); - - BR ^= camellia_f(BL, s->kll); - BL ^= camellia_f(BR, s->klr); -*/ camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C); /* Postwhitening */ BR ^= s->kal; @@ -427,16 +404,10 @@ void camellia128_enc(void* block, const camellia128_ctx_t* s){ BR = BL; BL = temp64; + camellia128_keyop((camellia128_ctx_t*)s,1); - BL = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ - temp64 = BR; - BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); #undef BL #undef BR @@ -455,67 +426,28 @@ void camellia128_dec(void* block, const camellia128_ctx_t* s){ */ uint64_t temp64; - - temp64 = BL; - - BL = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ - temp64 = BR; - BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); camellia128_keyop_inv((camellia128_ctx_t*)s, 1); /* Prewhitening */ BR ^= s->kal; /* kw3 */ BL ^= s->kar; /* kw4 */ - /* the first 6 */ -/* - BL ^= camellia_f(BR, s->klr); /* k18 * / - BR ^= camellia_f(BL, s->kll); /* k17 * / - camellia128_keyop_inv(s, 1); - BL ^= camellia_f(BR, s->kar); - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->klr); - BR ^= camellia_f(BL, s->kll); -*/ camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C); - /* FL injection */ camellia128_keyop_inv((camellia128_ctx_t*)s, 1); BR = camellia_fl(BR, s->klr); BL = camellia_fl_inv(BL, s->kll); camellia128_keyop_inv((camellia128_ctx_t*)s, 1); /* middle 6 */ -/* BL ^= camellia_f(BR, s->kar); - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->klr); - camellia128_keyop_inv(s, -1); - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->klr); - BR ^= camellia_f(BL, s->kll); -*/ camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B); - /* FL injection */ - camellia128_keyop_inv(s, -1); + camellia128_keyop_inv((camellia128_ctx_t*)s, -1); BR = camellia_fl(BR, s->kar); BL = camellia_fl_inv(BL, s->kal); camellia128_keyop_inv((camellia128_ctx_t*)s, -1); /* last 6 */ -/* - BL ^= camellia_f(BR, s->kar); - BR ^= camellia_f(BL, s->kal); - BL ^= camellia_f(BR, s->klr); - BR ^= camellia_f(BL, s->kll); - camellia128_keyop_inv(s, -1); - BL ^= camellia_f(BR, s->kar); - BR ^= camellia_f(BL, s->kal); -/*/ camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33); /* Postwhitening */ @@ -525,20 +457,14 @@ void camellia128_dec(void* block, const camellia128_ctx_t* s){ temp64 = BR; BR = BL; BL = temp64; - - BL = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ - temp64 = BR; - BR = temp64 >> 56 | temp64 << 56 /* swap the most out bytes (1 & 8) */ - | (temp64 & (0xffLL<<48))>>(5*8) | (temp64 & (0xffLL<< 8))<<(5*8) /* 2 & 7 */ - | (temp64 & (0xffLL<<40))>>(3*8) | (temp64 & (0xffLL<<16))<<(3*8) /* 3 & 6 */ - | (temp64 & (0xffLL<<32))>>(1*8) | (temp64 & (0xffLL<<24))<<(1*8); /* 4 & 5 */ + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); } + + /*****************************************************************************/ /*****************************************************************************/ diff --git a/mkfiles/a5_1.mk b/mkfiles/a5_1.mk index e4264be..4305d0e 100644 --- a/mkfiles/a5_1.mk +++ b/mkfiles/a5_1.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := A5_1.o $(ALGO_NAME)_TEST_BIN := main-a5_1-test.o debug.o uart.o serial-tools.o \ nessie_stream_test.o nessie_common.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/arcfour.mk b/mkfiles/arcfour.mk index 58563f6..c1345ae 100644 --- a/mkfiles/arcfour.mk +++ b/mkfiles/arcfour.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-arcfour-test.o debug.o uart.o serial-tools.o \ nessie_stream_test.o nessie_common.o cli.o \ performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/arcfour_c.mk b/mkfiles/arcfour_c.mk index 7e3d23e..7f70977 100644 --- a/mkfiles/arcfour_c.mk +++ b/mkfiles/arcfour_c.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-arcfour-test.o debug.o uart.o serial-tools.o \ nessie_stream_test.o nessie_common.o cli.o \ performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/camellia.mk b/mkfiles/camellia.mk index 1e304a9..f6befb0 100644 --- a/mkfiles/camellia.mk +++ b/mkfiles/camellia.mk @@ -4,10 +4,10 @@ ALGO_NAME := CAMELLIA # comment out the following line for removement of Camellia from the build process BLOCK_CIPHERS += $(ALGO_NAME) -$(ALGO_NAME)_OBJ := camellia.o camellia-asm.o +$(ALGO_NAME)_OBJ := camellia128-stub.o camellia-asm.o $(ALGO_NAME)_TEST_BIN := main-camellia-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o \ nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/cast5.mk b/mkfiles/cast5.mk index 33c32ba..1b772e4 100644 --- a/mkfiles/cast5.mk +++ b/mkfiles/cast5.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := cast5.o $(ALGO_NAME)_TEST_BIN := main-cast5-test.o debug.o uart.o serial-tools.o cli.o\ nessie_bc_test.o nessie_common.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/des.mk b/mkfiles/des.mk index 15c16ec..ccfcc13 100644 --- a/mkfiles/des.mk +++ b/mkfiles/des.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := des.o $(ALGO_NAME)_TEST_BIN := main-des-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/entropium.mk b/mkfiles/entropium.mk index e5806c3..466d6ae 100644 --- a/mkfiles/entropium.mk +++ b/mkfiles/entropium.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-entropium-test.o debug.o uart.o serial-tools.o \ cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/grain.mk b/mkfiles/grain.mk index 4f026a9..4fbdfcb 100644 --- a/mkfiles/grain.mk +++ b/mkfiles/grain.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-grain-test.o debug.o uart.o serial-tools.o \ nessie_stream_test.o nessie_common.o cli.o \ performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/hmac-sha1.mk b/mkfiles/hmac-sha1.mk index b63308f..fa2053b 100644 --- a/mkfiles/hmac-sha1.mk +++ b/mkfiles/hmac-sha1.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := hmac-sha1.o sha1-asm.o $(ALGO_NAME)_TEST_BIN := main-hmac-sha1-test.o debug.o uart.o serial-tools.o cli.o \ nessie_mac_test.o nessie_common.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/hmac-sha256.mk b/mkfiles/hmac-sha256.mk index 6b66546..4bed2fa 100644 --- a/mkfiles/hmac-sha256.mk +++ b/mkfiles/hmac-sha256.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := hmac-sha256.o sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-hmac-sha256-test.o debug.o uart.o serial-tools.o \ nessie_mac_test.o nessie_common.o cli.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/md5.mk b/mkfiles/md5.mk index 3fb9d65..8c00703 100644 --- a/mkfiles/md5.mk +++ b/mkfiles/md5.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := md5.o $(ALGO_NAME)_TEST_BIN := main-md5-test.o debug.o uart.o serial-tools.o \ nessie_hash_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/noekeon.mk b/mkfiles/noekeon.mk index 359aef3..0398879 100644 --- a/mkfiles/noekeon.mk +++ b/mkfiles/noekeon.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := noekeon_asm.o $(ALGO_NAME)_TEST_BIN := main-noekeon-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := test nessie -$(ALGO_NAME)_PEROFRMANCE_TEST := performance +$(ALGO_NAME)_PERFORMANCE_TEST := performance diff --git a/mkfiles/noekeon_c.mk b/mkfiles/noekeon_c.mk index 90d378d..84696fb 100644 --- a/mkfiles/noekeon_c.mk +++ b/mkfiles/noekeon_c.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := noekeon.o $(ALGO_NAME)_TEST_BIN := main-noekeon-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := test nessie -$(ALGO_NAME)_PEROFRMANCE_TEST := performance +$(ALGO_NAME)_PERFORMANCE_TEST := performance diff --git a/mkfiles/present.mk b/mkfiles/present.mk index e30c506..b614cc9 100644 --- a/mkfiles/present.mk +++ b/mkfiles/present.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := present.o $(ALGO_NAME)_TEST_BIN := main-present-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/rc5.mk b/mkfiles/rc5.mk index ff20873..a64db3d 100644 --- a/mkfiles/rc5.mk +++ b/mkfiles/rc5.mk @@ -10,5 +10,5 @@ $(ALGO_NAME)_TEST_BIN := main-rc5-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o \ nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := test nessie -$(ALGO_NAME)_PEROFRMANCE_TEST := performance +$(ALGO_NAME)_PERFORMANCE_TEST := performance diff --git a/mkfiles/rc6.mk b/mkfiles/rc6.mk index 47e2f00..c660d29 100644 --- a/mkfiles/rc6.mk +++ b/mkfiles/rc6.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := rc6.o $(ALGO_NAME)_TEST_BIN := main-rc6-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := test nessie -$(ALGO_NAME)_PEROFRMANCE_TEST := performance +$(ALGO_NAME)_PERFORMANCE_TEST := performance diff --git a/mkfiles/seed.mk b/mkfiles/seed.mk index 35724f2..ca2afce 100644 --- a/mkfiles/seed.mk +++ b/mkfiles/seed.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-seed-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o \ cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/serpent-bitslice.mk b/mkfiles/serpent-bitslice.mk index 20bcf5e..bde2ce4 100644 --- a/mkfiles/serpent-bitslice.mk +++ b/mkfiles/serpent-bitslice.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-bitslice.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/serpent_asm_fast.mk b/mkfiles/serpent_asm_fast.mk index 3b0d3c2..58258e7 100644 --- a/mkfiles/serpent_asm_fast.mk +++ b/mkfiles/serpent_asm_fast.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-fast.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/serpent_asm_small.mk b/mkfiles/serpent_asm_small.mk index 78b8217..c696e2e 100644 --- a/mkfiles/serpent_asm_small.mk +++ b/mkfiles/serpent_asm_small.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-small.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/serpent_c.mk b/mkfiles/serpent_c.mk index 11291b9..94d05e6 100644 --- a/mkfiles/serpent_c.mk +++ b/mkfiles/serpent_c.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := serpent.o serpent-sboxes_c.o memxor.o $(ALGO_NAME)_TEST_BIN := main-serpent-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/sha1.mk b/mkfiles/sha1.mk index eb2d919..8bdcef8 100644 --- a/mkfiles/sha1.mk +++ b/mkfiles/sha1.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := sha1-asm.o $(ALGO_NAME)_TEST_BIN := main-sha1-test.o debug.o uart.o serial-tools.o \ nessie_hash_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/sha1_c.mk b/mkfiles/sha1_c.mk index 061f7a9..4dce2d9 100644 --- a/mkfiles/sha1_c.mk +++ b/mkfiles/sha1_c.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-sha1-test.o debug.o uart.o serial-tools.o \ nessie_hash_test.o nessie_common.o cli.o \ performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/sha256.mk b/mkfiles/sha256.mk index dcea21f..d1dd3f5 100644 --- a/mkfiles/sha256.mk +++ b/mkfiles/sha256.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-sha256-test.o debug.o uart.o serial-tools.o \ nessie_hash_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/sha256_c.mk b/mkfiles/sha256_c.mk index cf850fc..0a85c4f 100644 --- a/mkfiles/sha256_c.mk +++ b/mkfiles/sha256_c.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := sha256.o $(ALGO_NAME)_TEST_BIN := main-sha256-test.o debug.o uart.o serial-tools.o \ nessie_hash_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/shabea.mk b/mkfiles/shabea.mk index 4e9acaf..1b55cbd 100644 --- a/mkfiles/shabea.mk +++ b/mkfiles/shabea.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := shabea.o sha256-asm.o memxor.o $(ALGO_NAME)_TEST_BIN := main-shabea-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/shacal1enc.mk b/mkfiles/shacal1enc.mk index d329db7..56087b7 100644 --- a/mkfiles/shacal1enc.mk +++ b/mkfiles/shacal1enc.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := shacal1_enc.o sha1-asm.o $(ALGO_NAME)_TEST_BIN := main-shacal1_enc-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/shacal2enc.mk b/mkfiles/shacal2enc.mk index 739d9eb..d82b282 100644 --- a/mkfiles/shacal2enc.mk +++ b/mkfiles/shacal2enc.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_OBJ := shacal2_enc.o sha256-asm.o $(ALGO_NAME)_TEST_BIN := main-shacal2_enc-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/skipjack.mk b/mkfiles/skipjack.mk index e48d8b9..f82cd21 100644 --- a/mkfiles/skipjack.mk +++ b/mkfiles/skipjack.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-skipjack-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o \ performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/tdes.mk b/mkfiles/tdes.mk index f0b43e5..f151aa8 100644 --- a/mkfiles/tdes.mk +++ b/mkfiles/tdes.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := des.o $(ALGO_NAME)_TEST_BIN := main-tdes-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/trivium.mk b/mkfiles/trivium.mk index 45ee4f3..1c65bd8 100644 --- a/mkfiles/trivium.mk +++ b/mkfiles/trivium.mk @@ -9,5 +9,5 @@ $(ALGO_NAME)_TEST_BIN := main-trivium-test.o debug.o uart.o serial-tools.o \ nessie_stream_test.o nessie_common.o cli.o \ performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/xtea.mk b/mkfiles/xtea.mk index b4edc30..0128f86 100644 --- a/mkfiles/xtea.mk +++ b/mkfiles/xtea.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := xtea-asm.o $(ALGO_NAME)_TEST_BIN := main-xtea-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/mkfiles/xtea_c.mk b/mkfiles/xtea_c.mk index 7ebbded..6f10d76 100644 --- a/mkfiles/xtea_c.mk +++ b/mkfiles/xtea_c.mk @@ -8,5 +8,5 @@ $(ALGO_NAME)_OBJ := xtea.o $(ALGO_NAME)_TEST_BIN := main-xtea-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o cli.o performance_test.o $(ALGO_NAME)_NESSIE_TEST := "nessie" -$(ALGO_NAME)_PEROFRMANCE_TEST := "performance" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" diff --git a/test_src/main-camellia-test.c b/test_src/main-camellia-test.c index 19153b5..7e2cc35 100644 --- a/test_src/main-camellia-test.c +++ b/test_src/main-camellia-test.c @@ -115,15 +115,15 @@ void testrun_camellia(void){ 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; -/* - uint8_t data[16] = { - 0x10, 0x32, 0x54, 0x76, - 0x98, 0xba, 0xdc, 0xfe, - 0xfe, 0xcd, 0xab, 0x89 - 0x67, 0x89, 0x67, 0x01}; -*/ + + uint8_t key[16] = { 0x01, 0x23, 0x45, 0x67, + 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, + 0x76, 0x54, 0x32, 0x10 }; + + camellia128_ctx_t ctx; - camellia128_init(data, &ctx); + camellia128_init(key, &ctx); uart_putstr_P(PSTR("\r\n key: ")); uart_hexdump(data, 16); uart_putstr_P(PSTR("\r\n plaintext: ")); @@ -131,6 +131,9 @@ void testrun_camellia(void){ camellia128_enc(data, &ctx); uart_putstr_P(PSTR("\r\n ciphertext: ")); uart_hexdump(data, 16); + camellia128_dec(data, &ctx); + uart_putstr_P(PSTR("\r\n decrypted: ")); + uart_hexdump(data, 16); } -- 2.39.2 From e363148c4ed1265a963d310102ce5dd7c9e1e326 Mon Sep 17 00:00:00 2001 From: bg Date: Wed, 10 Dec 2008 23:59:43 +0000 Subject: [PATCH 08/16] further working on seed (openssl supports it :-); plain C version is working and assembler enhanced version was enhanced --- get_test.rb | 29 +++-- mkfiles/seed.mk | 2 +- seed-asm.S | 232 ++++++++++++++++++++++++++++++++------- seed-stub.c | 266 +++++++++++++++++++++++++++++++++++++++++++++ seed.c => seed_C.c | 38 ++----- seed_sbox.h | 28 +---- 6 files changed, 492 insertions(+), 103 deletions(-) create mode 100644 seed-stub.c rename seed.c => seed_C.c (91%) diff --git a/get_test.rb b/get_test.rb index a2a5163..987a5b1 100644 --- a/get_test.rb +++ b/get_test.rb @@ -1,6 +1,6 @@ #!/usr/bin/ruby -require "serialport.so" +require 'serialport' if ARGV.size < 5 STDERR.print <=7)?ARGV[6]:""; puts("\nPort: "+ARGV[0]+ "@"+ARGV[1]+" "+ARGV[2]+"N"+ARGV[3]+"\n"); $linewidth = 16 $sp = SerialPort.new(ARGV[0], ARGV[1].to_i, ARGV[2].to_i, ARGV[3].to_i, SerialPort::NONE); -$sp.read_timeout=5000; # 5 seconds +$sp.read_timeout=1*60*1000; # 5 minutes +$extended_wait=10; $sp.write(command); def readTestVector(param) @@ -26,7 +27,10 @@ def readTestVector(param) set=0; vector=0; begin - lb=$sp.gets(); + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; + end if (m=/unknown command/.match(lb) || m=/[Ee][Rr]{2}[Oo][Rr]/.match(lb)) puts("ERROR: "+lb); exit(2); @@ -38,7 +42,10 @@ def readTestVector(param) buffer += lb; begin - lb=$sp.gets(); + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; + end if(lb==nil) return false; end @@ -51,7 +58,10 @@ def readTestVector(param) fname+=m[1]+"."; end buffer+=lb; - lb = $sp.gets(); + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; + end end if(param!="") fname+=param+"."; @@ -71,9 +81,12 @@ def readTestVector(param) if(vector!=0 && vector % $linewidth==0) print("\n ") end - printf(" %3u", vector); + printf(" %4u", vector); + end + ctr=$extended_wait; + while((lb=$sp.gets())==nil && ctr>=0)do + ctr -= 1; end - lb=$sp.gets(); if(lb==nil) file.close(); return false; @@ -86,7 +99,7 @@ def readTestVector(param) end if(readTestVector(param)==false) - puts("ERROR: test seem not to be implemented"); + puts("ERROR: test seems not to be implemented"); exit(3); end diff --git a/mkfiles/seed.mk b/mkfiles/seed.mk index ca2afce..5487e70 100644 --- a/mkfiles/seed.mk +++ b/mkfiles/seed.mk @@ -4,7 +4,7 @@ ALGO_NAME := SEED # comment out the following line for removement of SEED from the build process BLOCK_CIPHERS += $(ALGO_NAME) -$(ALGO_NAME)_OBJ := seed.o seed-asm.o +$(ALGO_NAME)_OBJ := seed-stub.o seed-asm.o $(ALGO_NAME)_TEST_BIN := main-seed-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o \ cli.o performance_test.o diff --git a/seed-asm.S b/seed-asm.S index 780ac6b..bf9c840 100644 --- a/seed-asm.S +++ b/seed-asm.S @@ -25,47 +25,7 @@ * GPLv3 or later * */ -SPL = 0x3D -SPH = 0x3E -SREG = 0x3F - - -/******************************************************************************* - - void changeendian32(uint32_t * a){ - *a = (*a & 0x000000FF) << 24 | - (*a & 0x0000FF00) << 8 | - (*a & 0x00FF0000) >> 8 | - (*a & 0xFF000000) >> 24; - } - -*/ -/* -.global changeendian32 -; === change_endian32 === -; function that changes the endianess of a 32-bit word -; param1: the 32-bit word -; given in r25,r24,r23,22 (r25 is most significant) -; modifys: r21, r22 -changeendian32: - movw r20, r22 ; (r22,r23) --> (r20,r21) - mov r22, r25 - mov r23, r24 - mov r24, r21 - mov r25, r20 - ret - -*/ - -/******************************************************************************* - uint32_t bigendian_sum32(uint32_t a, uint32_t b){ - changeendian32(&a); - changeendian32(&b); - a += b; - changeendian32(&a); - return a; - } -*/ +#include "avr-asm-macros.S" .global bigendian_sum32 ; === bigendian_sum32 === @@ -96,10 +56,198 @@ bigendian_sub32: sbc r23, r19 sbc r22, r18 ret - +/******************************************************************************/ +/* +#define M0 0xfc +#define M1 0xf3 +#define M2 0xcf +#define M3 0x3f + +#define X3 (((uint8_t*)(&x))[0]) +#define X2 (((uint8_t*)(&x))[1]) +#define X1 (((uint8_t*)(&x))[2]) +#define X0 (((uint8_t*)(&x))[3]) + +#define Z3 (((uint8_t*)(&z))[0]) +#define Z2 (((uint8_t*)(&z))[1]) +#define Z1 (((uint8_t*)(&z))[2]) +#define Z0 (((uint8_t*)(&z))[3]) + +uint32_t g_function(uint32_t x){ + uint32_t z; + / * sbox substitution * / + X3 = pgm_read_byte(&(seed_sbox2[X3])); + X2 = pgm_read_byte(&(seed_sbox1[X2])); + X1 = pgm_read_byte(&(seed_sbox2[X1])); + X0 = pgm_read_byte(&(seed_sbox1[X0])); + / * now the permutation * / + Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3); + Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0); + Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1); + Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2); + return z; +} +*/ +M0 = 0xfc +M1 = 0xf3 +M2 = 0xcf +M3 = 0x3f +X0 = 18 +X1 = 19 +X2 = 20 +X3 = 21 +Z0 = 25 +Z1 = 24 +Z2 = 23 +Z3 = 22 +T0 = X0 +T1 = 26 +T2 = 27 +T3 = X1 +/* + * param x: r22:r25 + * X0 = R25 + * X1 = R24 + * X2 = R23 + * X3 = R22 + */ +.global g_function +g_function: + ldi r30, lo8(seed_sbox1) + ldi r31, hi8(seed_sbox1) + movw r26, r30 + add r30, Z2 + adc r31, r1 + lpm X2, Z + movw r30, r26 + add r30, Z0 + adc r31, r1 + lpm X0, Z + inc r27 /* switch X to point to sbox2 */ + movw r30, r26 + add r30, Z3 + adc r31, r1 + lpm X3, Z + movw r30, r26 + add r30, Z1 + adc r31, r1 + lpm X1, Z + /* now the secound part */ + mov Z0, X0 + mov Z1, X0 + mov Z2, X0 + mov Z3, X0 + andi Z0, M0 + andi Z1, M1 + andi Z2, M2 + andi Z3, M3 + mov T0, X1 + mov T1, X1 + mov T2, X1 + ; mov T3, X1 /* T3 = X1 */ + andi T0, M1 + andi T1, M2 + andi T2, M3 + andi T3, M0 + eor Z0, T0 + eor Z1, T1 + eor Z2, T2 + eor Z3, T3 + mov T0, X2 + mov T1, X2 + mov T2, X2 + mov T3, X2 + andi T0, M2 + andi T1, M3 + andi T2, M0 + andi T3, M1 + eor Z0, T0 + eor Z1, T1 + eor Z2, T2 + eor Z3, T3 + mov T0, X3 + mov T1, X3 + mov T2, X3 + mov T3, X3 + andi T0, M3 + andi T1, M0 + andi T2, M1 + andi T3, M2 + eor Z0, T0 + eor Z1, T1 + eor Z2, T2 + eor Z3, T3 + ret + +seed_sbox1: +.byte 169, 133, 214, 211, 84, 29, 172, 37 +.byte 93, 67, 24, 30, 81, 252, 202, 99 +.byte 40, 68, 32, 157, 224, 226, 200, 23 +.byte 165, 143, 3, 123, 187, 19, 210, 238 +.byte 112, 140, 63, 168, 50, 221, 246, 116 +.byte 236, 149, 11, 87, 92, 91, 189, 1 +.byte 36, 28, 115, 152, 16, 204, 242, 217 +.byte 44, 231, 114, 131, 155, 209, 134, 201 +.byte 96, 80, 163, 235, 13, 182, 158, 79 +.byte 183, 90, 198, 120, 166, 18, 175, 213 +.byte 97, 195, 180, 65, 82, 125, 141, 8 +.byte 31, 153, 0, 25, 4, 83, 247, 225 +.byte 253, 118, 47, 39, 176, 139, 14, 171 +.byte 162, 110, 147, 77, 105, 124, 9, 10 +.byte 191, 239, 243, 197, 135, 20, 254, 100 +.byte 222, 46, 75, 26, 6, 33, 107, 102 +.byte 2, 245, 146, 138, 12, 179, 126, 208 +.byte 122, 71, 150, 229, 38, 128, 173, 223 +.byte 161, 48, 55, 174, 54, 21, 34, 56 +.byte 244, 167, 69, 76, 129, 233, 132, 151 +.byte 53, 203, 206, 60, 113, 17, 199, 137 +.byte 117, 251, 218, 248, 148, 89, 130, 196 +.byte 255, 73, 57, 103, 192, 207, 215, 184 +.byte 15, 142, 66, 35, 145, 108, 219, 164 +.byte 52, 241, 72, 194, 111, 61, 45, 64 +.byte 190, 62, 188, 193, 170, 186, 78, 85 +.byte 59, 220, 104, 127, 156, 216, 74, 86 +.byte 119, 160, 237, 70, 181, 43, 101, 250 +.byte 227, 185, 177, 159, 94, 249, 230, 178 +.byte 49, 234, 109, 95, 228, 240, 205, 136 +.byte 22, 58, 88, 212, 98, 41, 7, 51 +.byte 232, 27, 5, 121, 144, 106, 42, 154 +seed_sbox2: +.byte 56, 232, 45, 166, 207, 222, 179, 184 +.byte 175, 96, 85, 199, 68, 111, 107, 91 +.byte 195, 98, 51, 181, 41, 160, 226, 167 +.byte 211, 145, 17, 6, 28, 188, 54, 75 +.byte 239, 136, 108, 168, 23, 196, 22, 244 +.byte 194, 69, 225, 214, 63, 61, 142, 152 +.byte 40, 78, 246, 62, 165, 249, 13, 223 +.byte 216, 43, 102, 122, 39, 47, 241, 114 +.byte 66, 212, 65, 192, 115, 103, 172, 139 +.byte 247, 173, 128, 31, 202, 44, 170, 52 +.byte 210, 11, 238, 233, 93, 148, 24, 248 +.byte 87, 174, 8, 197, 19, 205, 134, 185 +.byte 255, 125, 193, 49, 245, 138, 106, 177 +.byte 209, 32, 215, 2, 34, 4, 104, 113 +.byte 7, 219, 157, 153, 97, 190, 230, 89 +.byte 221, 81, 144, 220, 154, 163, 171, 208 +.byte 129, 15, 71, 26, 227, 236, 141, 191 +.byte 150, 123, 92, 162, 161, 99, 35, 77 +.byte 200, 158, 156, 58, 12, 46, 186, 110 +.byte 159, 90, 242, 146, 243, 73, 120, 204 +.byte 21, 251, 112, 117, 127, 53, 16, 3 +.byte 100, 109, 198, 116, 213, 180, 234, 9 +.byte 118, 25, 254, 64, 18, 224, 189, 5 +.byte 250, 1, 240, 42, 94, 169, 86, 67 +.byte 133, 20, 137, 155, 176, 229, 72, 121 +.byte 151, 252, 30, 130, 33, 140, 27, 95 +.byte 119, 84, 178, 29, 37, 79, 0, 70 +.byte 237, 88, 82, 235, 126, 218, 201, 253 +.byte 48, 149, 101, 60, 182, 228, 187, 124 +.byte 14, 80, 57, 38, 50, 132, 105, 147 +.byte 55, 231, 36, 164, 203, 83, 10, 135 +.byte 217, 76, 131, 143, 206, 59, 74, 183 diff --git a/seed-stub.c b/seed-stub.c new file mode 100644 index 0000000..ff64489 --- /dev/null +++ b/seed-stub.c @@ -0,0 +1,266 @@ +/* seed.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + /** + * \file seed.c + * \author Daniel Otte + * \date 2007-06-1 + * \brief SEED parts in C for AVR + * \par License + * GPL + * + */ +#include +#include +#include +#include "seed_sbox.h" +#include "uart.h" +#include "debug.h" + + +static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1); +uint32_t g_function(uint32_t x); + +uint32_t bigendian_sum32(uint32_t a, uint32_t b); +uint32_t bigendian_sub32(uint32_t a, uint32_t b); + +/******************************************************************************/ +static inline +uint64_t bigendian_rotl8_64(uint64_t a){ + /* + changeendian64(&a); + a = (a<<8) | (a>>(64-8)); + changeendian64(&a); + */ + a = (a>>8) | (a<<(64-8)); + return a; +} + +/******************************************************************************/ +static inline +uint64_t bigendian_rotr8_64(uint64_t a){ + /* + changeendian64(&a); + a = (a>>8) | (a<<(64-8)); + changeendian64(&a); + */ + a = (a<<8) | (a>>(64-8)); + return a; +} + +/******************************************************************************/ +static +uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ + uint32_t c,d; + + c = a & 0x00000000FFFFFFFFLL; + d = (a>>32) & 0x00000000FFFFFFFFLL; + + c ^= k0; d ^= k1; + d ^= c; + d = g_function(d); + c = bigendian_sum32(c,d); + c = g_function(c); + d = bigendian_sum32(c,d); + d = g_function(d); + c = bigendian_sum32(c,d); + a = ((uint64_t)d << 32) | c; + return a; +} + +/******************************************************************************/ +#if 0 +#define M0 0xfc +#define M1 0xf3 +#define M2 0xcf +#define M3 0x3f + +#define X3 (((uint8_t*)(&x))[0]) +#define X2 (((uint8_t*)(&x))[1]) +#define X1 (((uint8_t*)(&x))[2]) +#define X0 (((uint8_t*)(&x))[3]) + +#define Z3 (((uint8_t*)(&z))[0]) +#define Z2 (((uint8_t*)(&z))[1]) +#define Z1 (((uint8_t*)(&z))[2]) +#define Z0 (((uint8_t*)(&z))[3]) + +static +uint32_t g_function(uint32_t x){ + uint32_t z; + /* sbox substitution */ + X3 = pgm_read_byte(&(seed_sbox2[X3])); + X2 = pgm_read_byte(&(seed_sbox1[X2])); + X1 = pgm_read_byte(&(seed_sbox2[X1])); + X0 = pgm_read_byte(&(seed_sbox1[X0])); + /* now the permutation */ + Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3); + Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0); + Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1); + Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2); + return z; +} +#endif +/******************************************************************************/ +typedef struct { + uint32_t k0, k1; +} keypair_t; + +static +keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + /* ERROR */ + ret.k0 = ret.k1 = 0; + } else { + /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(ret.k1); + + if (curround & 1){ + /* odd round (1,3,5, ...) */ + ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] ); + } else { + /* even round (0,2,4, ...) */ + ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]); + } + } + return ret; +} + + +/******************************************************************************/ +static +keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + /* ERROR */ + ret.k0 = ret.k1 = 0; + } else { + if (curround & 1){ + /* odd round (1,3,5, ..., 15) */ + ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] ); + } else { + /* even round (0,2,4, ..., 14) */ + ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]); + } + /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = g_function(ret.k1); + } + return ret; +} + +/******************************************************************************/ + +typedef struct{ + uint32_t k[4]; +} seed_ctx_t; + +/******************************************************************************/ + +void seed_init(uint8_t * key, seed_ctx_t * ctx){ + memcpy(ctx->k, key, 128/8); +} + +/******************************************************************************/ + +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) + +void seed_enc(void * buffer, seed_ctx_t * ctx){ + uint8_t r; + keypair_t k; + for(r=0; r<8; ++r){ + k = getnextkeys(ctx->k, 2*r); +/* + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +*/ + L ^= f_function(R,k.k0,k.k1); + + k = getnextkeys(ctx->k, 2*r+1); +/* + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +*/ + R ^= f_function(L,k.k0,k.k1); + } + /* just an exchange without temp. variable */ + L ^= R; + R ^= L; + L ^= R; +} + +/******************************************************************************/ + +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) + +void seed_dec(void * buffer, seed_ctx_t * ctx){ + int8_t r; + keypair_t k; + for(r=7; r>=0; --r){ + k = getprevkeys(ctx->k, 2*r+1); +/* + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +*/ + L ^= f_function(R,k.k0,k.k1); + + k = getprevkeys(ctx->k, 2*r+0); +/* + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +*/ + R ^= f_function(L,k.k0,k.k1); + } + /* just an exchange without temp. variable */ + L ^= R; + R ^= L; + L ^= R; +} + + + + + + + + + + + diff --git a/seed.c b/seed_C.c similarity index 91% rename from seed.c rename to seed_C.c index ba26fa2..f055e7f 100644 --- a/seed.c +++ b/seed_C.c @@ -1,4 +1,4 @@ -/* seed.c */ +/* seed_C.c */ /* This file is part of the Crypto-avr-lib/microcrypt-lib. Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) @@ -17,7 +17,7 @@ along with this program. If not, see . */ /** - * \file seed.c + * \file seed_C.c * \author Daniel Otte * \date 2007-06-1 * \brief SEED parts in C for AVR @@ -32,52 +32,36 @@ #include "uart.h" #include "debug.h" - -static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1); -static uint32_t g_function(uint32_t x); - /******************************************************************************/ -/* + +static void changeendian32(uint32_t * a){ *a = (*a & 0x000000FF) << 24 | (*a & 0x0000FF00) << 8 | (*a & 0x00FF0000) >> 8 | (*a & 0xFF000000) >> 24; } -*/ -/******************************************************************************/ -/* -void changeendian64(uint64_t * a){ - *a = (*a & 0x00000000000000FFLL) << 56 | - (*a & 0x000000000000FF00LL) << 40 | - (*a & 0x0000000000FF0000LL) << 24 | - (*a & 0x00000000FF000000LL) << 8 | - (*a & 0x000000FF00000000LL) >> 8 | - (*a & 0x0000FF0000000000LL) >> 24 | - (*a & 0x00FF000000000000LL) >> 40 | - (*a & 0xFF00000000000000LL) >> 56 ; -} -*/ -/******************************************************************************/ -uint32_t bigendian_sum32(uint32_t a, uint32_t b);/*{ +/******************************************************************************/ +static +uint32_t bigendian_sum32(uint32_t a, uint32_t b){ changeendian32(&a); changeendian32(&b); a += b; changeendian32(&a); return a; } -*/ + /******************************************************************************/ -/* static */ -uint32_t bigendian_sub32(uint32_t a, uint32_t b);/*{ +static +uint32_t bigendian_sub32(uint32_t a, uint32_t b){ changeendian32(&a); changeendian32(&b); a -= b; changeendian32(&a); return a; } -*/ + /******************************************************************************/ static inline uint64_t bigendian_rotl8_64(uint64_t a){ diff --git a/seed_sbox.h b/seed_sbox.h index 6164f4a..91ce4c6 100644 --- a/seed_sbox.h +++ b/seed_sbox.h @@ -31,7 +31,7 @@ #include #include - +/* uint8_t seed_sbox1[256] PROGMEM ={ 169, 133, 214, 211, 84, 29, 172, 37, 93, 67, 24, 30, 81, 252, 202, 99, @@ -101,30 +101,8 @@ uint8_t seed_sbox2[256] PROGMEM ={ 55, 231, 36, 164, 203, 83, 10, 135, 217, 76, 131, 143, 206, 59, 74, 183 }; - +*/ /* key constants */ -/* -uint32_t seed_kc[16] PROGMEM ={ - 0x9e3779b9, - 0x3c6ef373, - 0x78dde6e6, - 0xf1bbcdcc, - 0xe3779b99, - 0xc6ef3733, - 0x8dde6e67, - 0x1bbcdccf, - 0x3779b99e, - 0x6ef3733c, - 0xdde6e678, - 0xbbcdccf1, - 0x779b99e3, - 0xef3733c6, - 0xde6e678d, - 0xbcdccf1b -}; -// */ -/* key constants (mal andersrum) */ -// /* uint32_t seed_kc[16] PROGMEM ={ 0xb979379e, 0x73f36e3c, @@ -143,5 +121,5 @@ uint32_t seed_kc[16] PROGMEM ={ 0x8d676ede, 0x1bcfdcbc }; -// */ + #endif /*SEED_SBOX_H_*/ -- 2.39.2 From 0896c282ff85cedfa7205695420c916eb08eafed Mon Sep 17 00:00:00 2001 From: bg Date: Thu, 11 Dec 2008 00:15:23 +0000 Subject: [PATCH 09/16] oops some imortant thigs were commented out --- seed-stub.c | 53 ++++++++++++++++++++--------------------------------- seed_C.c | 3 +++ seed_sbox.h | 4 ++-- 3 files changed, 25 insertions(+), 35 deletions(-) diff --git a/seed-stub.c b/seed-stub.c index ff64489..fa3b75c 100644 --- a/seed-stub.c +++ b/seed-stub.c @@ -28,10 +28,29 @@ #include #include #include -#include "seed_sbox.h" #include "uart.h" #include "debug.h" +/* key constants */ +uint32_t seed_kc[16] PROGMEM ={ + 0xb979379e, + 0x73f36e3c, + 0xe6e6dd78, + 0xcccdbbf1, + 0x999b77e3, + 0x3337efc6, + 0x676ede8d, + 0xcfdcbc1b, + 0x9eb97937, + 0x3c73f36e, + 0x78e6e6dd, + 0xf1cccdbb, + 0xe3999b77, + 0xc63337ef, + 0x8d676ede, + 0x1bcfdcbc +}; + static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1); uint32_t g_function(uint32_t x); @@ -83,39 +102,7 @@ uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ return a; } -/******************************************************************************/ -#if 0 -#define M0 0xfc -#define M1 0xf3 -#define M2 0xcf -#define M3 0x3f - -#define X3 (((uint8_t*)(&x))[0]) -#define X2 (((uint8_t*)(&x))[1]) -#define X1 (((uint8_t*)(&x))[2]) -#define X0 (((uint8_t*)(&x))[3]) - -#define Z3 (((uint8_t*)(&z))[0]) -#define Z2 (((uint8_t*)(&z))[1]) -#define Z1 (((uint8_t*)(&z))[2]) -#define Z0 (((uint8_t*)(&z))[3]) -static -uint32_t g_function(uint32_t x){ - uint32_t z; - /* sbox substitution */ - X3 = pgm_read_byte(&(seed_sbox2[X3])); - X2 = pgm_read_byte(&(seed_sbox1[X2])); - X1 = pgm_read_byte(&(seed_sbox2[X1])); - X0 = pgm_read_byte(&(seed_sbox1[X0])); - /* now the permutation */ - Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3); - Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0); - Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1); - Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2); - return z; -} -#endif /******************************************************************************/ typedef struct { uint32_t k0, k1; diff --git a/seed_C.c b/seed_C.c index f055e7f..2f9b8d0 100644 --- a/seed_C.c +++ b/seed_C.c @@ -32,6 +32,9 @@ #include "uart.h" #include "debug.h" + +static +uint32_t g_function(uint32_t x); /******************************************************************************/ static diff --git a/seed_sbox.h b/seed_sbox.h index 91ce4c6..eafecc6 100644 --- a/seed_sbox.h +++ b/seed_sbox.h @@ -31,7 +31,7 @@ #include #include -/* + uint8_t seed_sbox1[256] PROGMEM ={ 169, 133, 214, 211, 84, 29, 172, 37, 93, 67, 24, 30, 81, 252, 202, 99, @@ -101,7 +101,7 @@ uint8_t seed_sbox2[256] PROGMEM ={ 55, 231, 36, 164, 203, 83, 10, 135, 217, 76, 131, 143, 206, 59, 74, 183 }; -*/ + /* key constants */ uint32_t seed_kc[16] PROGMEM ={ 0xb979379e, -- 2.39.2 From 20f6d949b700a12d88447b186e48c2492296dd9d Mon Sep 17 00:00:00 2001 From: bg Date: Thu, 11 Dec 2008 15:12:16 +0000 Subject: [PATCH 10/16] more ASM-fun for SEED --- seed-asm.S | 426 +++++++++++++++++++++++++++++++++++++++++++++++++++- seed-stub.c | 164 ++------------------ seed_C.c | 19 ++- 3 files changed, 449 insertions(+), 160 deletions(-) diff --git a/seed-asm.S b/seed-asm.S index bf9c840..62d8420 100644 --- a/seed-asm.S +++ b/seed-asm.S @@ -112,8 +112,8 @@ T3 = X1 * X2 = R23 * X3 = R22 */ -.global g_function -g_function: +.global seed_g_function +seed_g_function: ldi r30, lo8(seed_sbox1) ldi r31, hi8(seed_sbox1) movw r26, r30 @@ -249,8 +249,430 @@ seed_sbox2: .byte 55, 231, 36, 164, 203, 83, 10, 135 .byte 217, 76, 131, 143, 206, 59, 74, 183 +/******************************************************************************/ +/* +static +uint64_t f_function(const uint64_t* a, uint32_t k0, uint32_t k1){ + uint32_t c,d; + + c = *a & 0x00000000FFFFFFFFLL; + d = (*a>>32) & 0x00000000FFFFFFFFLL; + + c ^= k0; d ^= k1; + d ^= c; + d = g_function(d); + c = bigendian_sum32(c,d); + c = g_function(c); + d = bigendian_sum32(c,d); + d = g_function(d); + c = bigendian_sum32(c,d); + return ((uint64_t)d << 32) | c; +} +*/ +/* + * param a r24:r25 + * param k0 r20:r23 + * param k1 r16:r19 + */ +D0 = 10 +D1 = 11 +C0 = 12 +C1 = 13 +C2 = 14 +C3 = 15 +D2 = 16 +D3 = 17 +.global seed_f_function +seed_f_function: + push_range 10, 17 + movw r30, r24 + ld C0, Z+ + ld C1, Z+ + ld C2, Z+ + ld C3, Z+ + eor C0, r20 + eor C1, r21 + eor C2, r22 + eor C3, r23 + ld r22, Z+ + ld r23, Z+ + ld r24, Z+ + ld r25, Z+ + eor r22, r16 + eor r23, r17 + eor r24, r18 + eor r25, r19 + eor r22, C0 + eor r23, C1 + eor r24, C2 + eor r25, C3 + rcall seed_g_function + mov D0, r22 + mov D1, r23 + mov D2, r24 + mov D3, r25 + + add r25, C3 + adc r24, C2 + adc r23, C1 + adc r22, C0 + rcall seed_g_function + mov C0, r22 + mov C1, r23 + mov C2, r24 + mov C3, r25 + + add r25, D3 + adc r24, D2 + adc r23, D1 + adc r22, D0 + rcall seed_g_function + mov D0, r22 + mov D1, r23 + mov D2, r24 + mov D3, r25 + + add C3, r25 + adc C2, r24 + adc C1, r23 + adc C0, r22 + + mov r18, C0 + mov r19, C1 + mov r20, C2 + mov r21, C3 + + pop_range 10, 17 + ret + +/******************************************************************************/ +/* +void seed_init(uint8_t * key, seed_ctx_t * ctx){ + memcpy(ctx->k, key, 128/8); +} +*/ + +.global seed_init +seed_init: + movw r26, r24 + movw r30, r22 + ldi r22, 16 +1: + ld r0, X+ + st Z+, r0 + dec r22 + brne 1b + ret +/******************************************************************************/ +/* +typedef struct { + uint32_t k0, k1; +} keypair_t; + +keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + / * ERROR * / + ret.k0 = ret.k1 = 0; + } else { + / * ret.k0 = seed_g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = seed_g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); * / + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = seed_g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = seed_g_function(ret.k1); + + if (curround & 1){ + / * odd round (1,3,5, ...) * / + ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] ); + } else { + / * even round (0,2,4, ...) * / + ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]); + } + } + return ret; +} +*/ +/* + * param keystate: r24:r25 + * param curround: r22 + */ +XRC0 = 10 +XRC1 = 11 +XRC2 = 12 +XRC3 = 13 +D0 = 14 +D1 = 15 +D2 = 16 +D3 = 17 + +compute_keys: + ldi r30, lo8(seed_kc) + ldi r31, hi8(seed_kc) + lsl r22 + lsl r22 + add r30, r22 + adc r31, r1 + lpm XRC0, Z+ + lpm XRC1, Z+ + lpm XRC2, Z+ + lpm XRC3, Z+ + movw r28, r24 + ldd r25, Y+0*4+3 + ldd r24, Y+0*4+2 + ldd r23, Y+0*4+1 + ldd r22, Y+0*4+0 + + ldd r0, Y+2*4+3 + add r25, r0 + ldd r0, Y+2*4+2 + adc r24, r0 + ldd r0, Y+2*4+1 + adc r23, r0 + ldd r0, Y+2*4+0 + adc r22, r0 + sub r25, XRC3 + sbc r24, XRC2 + sbc r23, XRC1 + sbc r22, XRC0 + rcall seed_g_function + mov D0, r22 + mov D1, r23 + mov D2, r24 + mov D3, r25 + + + ldd r25, Y+1*4+3 + ldd r24, Y+1*4+2 + ldd r23, Y+1*4+1 + ldd r22, Y+1*4+0 + + ldd r0, Y+3*4+3 + sub r25, r0 + ldd r0, Y+3*4+2 + sbc r24, r0 + ldd r0, Y+3*4+1 + sbc r23, r0 + ldd r0, Y+3*4+0 + sbc r22, r0 + + add r25, XRC3 + adc r24, XRC2 + adc r23, XRC1 + adc r22, XRC0 + rcall seed_g_function + + mov r21, D3 + mov r20, D2 + mov r19, D1 + mov r18, D0 + ret + +.global seed_getnextkeys +seed_getnextkeys: + push_range 10, 17 + push r28 + push r29 + andi r22, 0x0F + bst r22,0 + rcall compute_keys + brtc even_round +odd_round: + + adiw r28, 8 + ld r26, Y + ldd r0, Y+1 + std Y+0, r0 + ldd r0, Y+2 + std Y+1, r0 + ldd r0, Y+3 + std Y+2, r0 + ldd r0, Y+4 + std Y+3, r0 + ldd r0, Y+5 + std Y+4, r0 + ldd r0, Y+6 + std Y+5, r0 + ldd r0, Y+7 + std Y+6, r0 + std Y+7, r26 +/* + movw r30, r28 + ld r26, Z+ + ldi r27, 7 +1: + ld r0, Z+ + st Y+, r0 + dec r27 + brne 1b + st Y, r26 +*/ + rjmp 4f + +even_round: + + ldd r26, Y+7 + ldd r0, Y+6 + std Y+7, r0 + ldd r0, Y+5 + std Y+6, r0 + ldd r0, Y+4 + std Y+5, r0 + ldd r0, Y+3 + std Y+4, r0 + ldd r0, Y+2 + std Y+3, r0 + ldd r0, Y+1 + std Y+2, r0 + ldd r0, Y+0 + std Y+1, r0 + std Y+0, r26 +/* + adiw r28, 7 + ld r26, Y + ldi r27, 7 +1: + ld r0, -Y + std Y+1, r0 + dec r27 + brne 1b + st Y, r26 +*/ +4: + pop r29 + pop r28 + pop_range 10, 17 + ret + +/******************************************************************************/ +/* +keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){ + keypair_t ret; + if (curround>15){ + / * ERROR * / + ret.k0 = ret.k1 = 0; + } else { + if (curround & 1){ + / * odd round (1,3,5, ..., 15) * / + ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] ); + } else { + / * even round (0,2,4, ..., 14) * / + ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]); + } + / * ret.k0 = seed_g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = seed_g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); * / + ret.k0 = bigendian_sum32(keystate[0], keystate[2]); + ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); + ret.k0 = seed_g_function(ret.k0); + ret.k1 = bigendian_sub32(keystate[1], keystate[3]); + ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); + ret.k1 = seed_g_function(ret.k1); + } + return ret; +} +*/ +/* + * param keystate: r24:r25 + * param curround: r22 + */ + +.global seed_getprevkeys +seed_getprevkeys: + push_range 10, 17 + push r28 + push r29 + movw r28, r24 + andi r22, 0x0F + bst r22, 0 + brts r_odd_round +r_even_round: + ldd r26, Y+0 + ldd r0, Y+1 + std Y+0, r0 + ldd r0, Y+2 + std Y+1, r0 + ldd r0, Y+3 + std Y+2, r0 + ldd r0, Y+4 + std Y+3, r0 + ldd r0, Y+5 + std Y+4, r0 + ldd r0, Y+6 + std Y+5, r0 + ldd r0, Y+7 + std Y+6, r0 + std Y+7, r26 +/* + movw r30, r28 + ld r26, Z+ + ldi r27, 7 +1: + ld r0, Z+ + st Y+, r0 + dec r27 + brne 1b + st Y, r26 +*/ + + rjmp 4f +r_odd_round: + ldd r26, Y+8+7 + ldd r0, Y+8+6 + std Y+8+7, r0 + ldd r0, Y+8+5 + std Y+8+6, r0 + ldd r0, Y+8+4 + std Y+8+5, r0 + ldd r0, Y+8+3 + std Y+8+4, r0 + ldd r0, Y+8+2 + std Y+8+3, r0 + ldd r0, Y+8+1 + std Y+8+2, r0 + ldd r0, Y+8+0 + std Y+8+1, r0 + std Y+8+0, r26 +/* + adiw r28, 7 + ld r26, Y + ldi r27, 7 +1: + ld r0, -Y + std Y+1, r0 + dec r27 + brne 1b + st Y, r26 +*/ +4: + rcall compute_keys + + pop r29 + pop r28 + pop_range 10, 17 + ret +/******************************************************************************/ +.global seed_kc +seed_kc: +.long 0xb979379e +.long 0x73f36e3c +.long 0xe6e6dd78 +.long 0xcccdbbf1 +.long 0x999b77e3 +.long 0x3337efc6 +.long 0x676ede8d +.long 0xcfdcbc1b +.long 0x9eb97937 +.long 0x3c73f36e +.long 0x78e6e6dd +.long 0xf1cccdbb +.long 0xe3999b77 +.long 0xc63337ef +.long 0x8d676ede +.long 0x1bcfdcbc diff --git a/seed-stub.c b/seed-stub.c index fa3b75c..d31665c 100644 --- a/seed-stub.c +++ b/seed-stub.c @@ -28,79 +28,10 @@ #include #include #include +#include "seed.h" #include "uart.h" #include "debug.h" -/* key constants */ -uint32_t seed_kc[16] PROGMEM ={ - 0xb979379e, - 0x73f36e3c, - 0xe6e6dd78, - 0xcccdbbf1, - 0x999b77e3, - 0x3337efc6, - 0x676ede8d, - 0xcfdcbc1b, - 0x9eb97937, - 0x3c73f36e, - 0x78e6e6dd, - 0xf1cccdbb, - 0xe3999b77, - 0xc63337ef, - 0x8d676ede, - 0x1bcfdcbc -}; - - -static uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1); -uint32_t g_function(uint32_t x); - -uint32_t bigendian_sum32(uint32_t a, uint32_t b); -uint32_t bigendian_sub32(uint32_t a, uint32_t b); - -/******************************************************************************/ -static inline -uint64_t bigendian_rotl8_64(uint64_t a){ - /* - changeendian64(&a); - a = (a<<8) | (a>>(64-8)); - changeendian64(&a); - */ - a = (a>>8) | (a<<(64-8)); - return a; -} - -/******************************************************************************/ -static inline -uint64_t bigendian_rotr8_64(uint64_t a){ - /* - changeendian64(&a); - a = (a>>8) | (a<<(64-8)); - changeendian64(&a); - */ - a = (a<<8) | (a>>(64-8)); - return a; -} - -/******************************************************************************/ -static -uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ - uint32_t c,d; - - c = a & 0x00000000FFFFFFFFLL; - d = (a>>32) & 0x00000000FFFFFFFFLL; - - c ^= k0; d ^= k1; - d ^= c; - d = g_function(d); - c = bigendian_sum32(c,d); - c = g_function(c); - d = bigendian_sum32(c,d); - d = g_function(d); - c = bigendian_sum32(c,d); - a = ((uint64_t)d << 32) | c; - return a; -} /******************************************************************************/ @@ -108,72 +39,9 @@ typedef struct { uint32_t k0, k1; } keypair_t; -static -keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){ - keypair_t ret; - if (curround>15){ - /* ERROR */ - ret.k0 = ret.k1 = 0; - } else { - /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ - ret.k0 = bigendian_sum32(keystate[0], keystate[2]); - ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); - ret.k0 = g_function(ret.k0); - ret.k1 = bigendian_sub32(keystate[1], keystate[3]); - ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(ret.k1); - - if (curround & 1){ - /* odd round (1,3,5, ...) */ - ((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] ); - } else { - /* even round (0,2,4, ...) */ - ((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]); - } - } - return ret; -} - - -/******************************************************************************/ -static -keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){ - keypair_t ret; - if (curround>15){ - /* ERROR */ - ret.k0 = ret.k1 = 0; - } else { - if (curround & 1){ - /* odd round (1,3,5, ..., 15) */ - ((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] ); - } else { - /* even round (0,2,4, ..., 14) */ - ((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]); - } - /* ret.k0 = g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); */ - ret.k0 = bigendian_sum32(keystate[0], keystate[2]); - ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround]))); - ret.k0 = g_function(ret.k0); - ret.k1 = bigendian_sub32(keystate[1], keystate[3]); - ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround]))); - ret.k1 = g_function(ret.k1); - } - return ret; -} - -/******************************************************************************/ - -typedef struct{ - uint32_t k[4]; -} seed_ctx_t; - -/******************************************************************************/ - -void seed_init(uint8_t * key, seed_ctx_t * ctx){ - memcpy(ctx->k, key, 128/8); -} +uint64_t seed_f_function(const uint64_t* a, uint32_t k0, uint32_t k1); +keypair_t seed_getnextkeys(uint32_t *keystate, uint8_t curround); +keypair_t seed_getprevkeys(uint32_t *keystate, uint8_t curround); /******************************************************************************/ @@ -184,23 +52,23 @@ void seed_enc(void * buffer, seed_ctx_t * ctx){ uint8_t r; keypair_t k; for(r=0; r<8; ++r){ - k = getnextkeys(ctx->k, 2*r); + k = seed_getnextkeys(ctx->k, 2*r); /* DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); */ - L ^= f_function(R,k.k0,k.k1); + L ^= seed_f_function(&R,k.k0,k.k1); - k = getnextkeys(ctx->k, 2*r+1); + k = seed_getnextkeys(ctx->k, 2*r+1); /* DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); */ - R ^= f_function(L,k.k0,k.k1); + R ^= seed_f_function(&L,k.k0,k.k1); } /* just an exchange without temp. variable */ L ^= R; @@ -217,23 +85,23 @@ void seed_dec(void * buffer, seed_ctx_t * ctx){ int8_t r; keypair_t k; for(r=7; r>=0; --r){ - k = getprevkeys(ctx->k, 2*r+1); + k = seed_getprevkeys(ctx->k, 2*r+1); /* DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); */ - L ^= f_function(R,k.k0,k.k1); + L ^= seed_f_function(&R,k.k0,k.k1); - k = getprevkeys(ctx->k, 2*r+0); + k = seed_getprevkeys(ctx->k, 2*r+0); /* DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); */ - R ^= f_function(L,k.k0,k.k1); + R ^= seed_f_function(&L,k.k0,k.k1); } /* just an exchange without temp. variable */ L ^= R; diff --git a/seed_C.c b/seed_C.c index 2f9b8d0..e4b77f5 100644 --- a/seed_C.c +++ b/seed_C.c @@ -91,13 +91,13 @@ uint64_t bigendian_rotr8_64(uint64_t a){ /******************************************************************************/ static -uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ +uint64_t f_function(const uint64_t* a, uint32_t k0, uint32_t k1){ uint32_t c,d; - c = a & 0x00000000FFFFFFFFLL; - d = (a>>32) & 0x00000000FFFFFFFFLL; + c = *a & 0x00000000FFFFFFFFLL; + d = (*a>>32) & 0x00000000FFFFFFFFLL; - c ^= k0; d ^= k1; + c ^= k0; d ^= k1; d ^= c; d = g_function(d); c = bigendian_sum32(c,d); @@ -105,8 +105,7 @@ uint64_t f_function(uint64_t a, uint32_t k0, uint32_t k1){ d = bigendian_sum32(c,d); d = g_function(d); c = bigendian_sum32(c,d); - a = ((uint64_t)d << 32) | c; - return a; + return ((uint64_t)d << 32) | c; } /******************************************************************************/ @@ -227,7 +226,7 @@ void seed_enc(void * buffer, seed_ctx_t * ctx){ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); */ - L ^= f_function(R,k.k0,k.k1); + L ^= f_function(&R,k.k0,k.k1); k = getnextkeys(ctx->k, 2*r+1); /* @@ -236,7 +235,7 @@ void seed_enc(void * buffer, seed_ctx_t * ctx){ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); */ - R ^= f_function(L,k.k0,k.k1); + R ^= f_function(&L,k.k0,k.k1); } /* just an exchange without temp. variable */ L ^= R; @@ -260,7 +259,7 @@ void seed_dec(void * buffer, seed_ctx_t * ctx){ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); */ - L ^= f_function(R,k.k0,k.k1); + L ^= f_function(&R,k.k0,k.k1); k = getprevkeys(ctx->k, 2*r+0); /* @@ -269,7 +268,7 @@ void seed_dec(void * buffer, seed_ctx_t * ctx){ DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); */ - R ^= f_function(L,k.k0,k.k1); + R ^= f_function(&L,k.k0,k.k1); } /* just an exchange without temp. variable */ L ^= R; -- 2.39.2 From fabad4ec561c343bbeba87450a6aedbc07ab1750 Mon Sep 17 00:00:00 2001 From: bg Date: Thu, 11 Dec 2008 17:46:12 +0000 Subject: [PATCH 11/16] even more ASM-fun now only decryption needs C-Stub --- seed-asm.S | 164 +++++++++++++++++++++++++++++++++++++++++++++++++++- seed-stub.c | 5 +- 2 files changed, 164 insertions(+), 5 deletions(-) diff --git a/seed-asm.S b/seed-asm.S index 62d8420..9abad3f 100644 --- a/seed-asm.S +++ b/seed-asm.S @@ -477,7 +477,7 @@ seed_getnextkeys: push_range 10, 17 push r28 push r29 - andi r22, 0x0F +; andi r22, 0x0F bst r22,0 rcall compute_keys brtc even_round @@ -586,7 +586,7 @@ seed_getprevkeys: push r28 push r29 movw r28, r24 - andi r22, 0x0F +; andi r22, 0x0F bst r22, 0 brts r_odd_round r_even_round: @@ -676,3 +676,163 @@ seed_kc: .long 0x8d676ede .long 0x1bcfdcbc +/******************************************************************************/ +/* +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) + +void seed_enc(void * buffer, seed_ctx_t * ctx){ + uint8_t r; + keypair_t k; + for(r=0; r<8; ++r){ + k = seed_getnextkeys(ctx->k, 2*r); +/ * + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +* / + L ^= seed_f_function(&R,k.k0,k.k1); + + k = seed_getnextkeys(ctx->k, 2*r+1); +/ * + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +* / + R ^= seed_f_function(&L,k.k0,k.k1); + } + / * just an exchange without temp. variable * / + L ^= R; + R ^= L; + L ^= R; +} +*/ +/* + * param buffer: r24:r25 + * param ctx: r22:r23 + */ +CTR = 9 +xLPTR = 10 +xRPTR = 12 +CPTR = 14 + +.global seed_enc +seed_enc: + push_range 9, 17 + push r28 + push r29 + clr CTR + movw xLPTR, r24 + adiw r24, 8 + movw xRPTR, r24 + movw CPTR, r22 +1: + movw r28, xLPTR + movw r24, CPTR + mov r22, CTR + lsl r22 + rcall seed_getnextkeys + + /* use pen & paper to understand the following permutation */ + movw r16, r22 + movw r22, r18 + movw r18, r24 + movw r24, r20 + movw r20, r22 + movw r22, r24 + movw r24, xRPTR + + rcall seed_f_function + + ld r0, Y + eor r0, r18 + st Y+, r0 + ld r0, Y + eor r0, r19 + st Y+, r0 + ld r0, Y + eor r0, r20 + st Y+, r0 + ld r0, Y + eor r0, r21 + st Y+, r0 + ld r0, Y + eor r0, r22 + st Y+, r0 + ld r0, Y + eor r0, r23 + st Y+, r0 + ld r0, Y + eor r0, r24 + st Y+, r0 + ld r0, Y + eor r0, r25 + st Y+, r0 + /* secound half */ + movw r24, CPTR + mov r22, CTR + lsl r22 + inc r22 + rcall seed_getnextkeys + + movw r16, r22 + movw r22, r18 + movw r18, r24 + movw r24, r20 + movw r20, r22 + movw r22, r24 + movw r24, xLPTR + + rcall seed_f_function + + ld r0, Y + eor r0, r18 + st Y+, r0 + ld r0, Y + eor r0, r19 + st Y+, r0 + ld r0, Y + eor r0, r20 + st Y+, r0 + ld r0, Y + eor r0, r21 + st Y+, r0 + ld r0, Y + eor r0, r22 + st Y+, r0 + ld r0, Y + eor r0, r23 + st Y+, r0 + ld r0, Y + eor r0, r24 + st Y+, r0 + ld r0, Y + eor r0, r25 + st Y+, r0 + + inc CTR + bst CTR, 3 + brts 3f + rjmp 1b +3: + movw r28, xLPTR + movw r30, xRPTR + ldi r17, 8 +4: + ld r10, Y + ld r11, Z + st Z+, r10 + st Y+, r11 + dec r17 + brne 4b +5: + pop r29 + pop r28 + pop_range 9, 17 + ret + + + + diff --git a/seed-stub.c b/seed-stub.c index d31665c..d9c2289 100644 --- a/seed-stub.c +++ b/seed-stub.c @@ -44,7 +44,7 @@ keypair_t seed_getnextkeys(uint32_t *keystate, uint8_t curround); keypair_t seed_getprevkeys(uint32_t *keystate, uint8_t curround); /******************************************************************************/ - +#if 0 #define L (((uint64_t*)buffer)[0]) #define R (((uint64_t*)buffer)[1]) @@ -75,6 +75,7 @@ void seed_enc(void * buffer, seed_ctx_t * ctx){ R ^= L; L ^= R; } +#endif /******************************************************************************/ @@ -117,5 +118,3 @@ void seed_dec(void * buffer, seed_ctx_t * ctx){ - - -- 2.39.2 From a1518b457d04b4d5819e6ce4d7815eab53f937da Mon Sep 17 00:00:00 2001 From: bg Date: Thu, 11 Dec 2008 18:14:49 +0000 Subject: [PATCH 12/16] seed now in pure asm --- mkfiles/seed.mk | 2 +- seed-asm.S | 189 +++++++++++++++++++++++++++++++------- seed-stub.c | 120 ------------------------ test_src/main-seed-test.c | 40 ++++---- 4 files changed, 175 insertions(+), 176 deletions(-) delete mode 100644 seed-stub.c diff --git a/mkfiles/seed.mk b/mkfiles/seed.mk index 5487e70..ed6e878 100644 --- a/mkfiles/seed.mk +++ b/mkfiles/seed.mk @@ -4,7 +4,7 @@ ALGO_NAME := SEED # comment out the following line for removement of SEED from the build process BLOCK_CIPHERS += $(ALGO_NAME) -$(ALGO_NAME)_OBJ := seed-stub.o seed-asm.o +$(ALGO_NAME)_OBJ := seed-asm.o $(ALGO_NAME)_TEST_BIN := main-seed-test.o debug.o uart.o serial-tools.o \ nessie_bc_test.o nessie_common.o \ cli.o performance_test.o diff --git a/seed-asm.S b/seed-asm.S index 9abad3f..604fc7f 100644 --- a/seed-asm.S +++ b/seed-asm.S @@ -27,36 +27,6 @@ */ #include "avr-asm-macros.S" -.global bigendian_sum32 -; === bigendian_sum32 === -; function that adds two 32-bit words in the bigendian way and returns the result -; param1: the first 32-bit word -; given in r25,r24,r23,22 (r25 is most significant for little endian) -; param2: the second 32-bit word -; given in r21,r20,r19,18 (r21 is most significant for little endian) -; modifys: -bigendian_sum32: - add r25, r21 - adc r24, r20 - adc r23, r19 - adc r22, r18 - ret - -.global bigendian_sub32 -; === bigendian_sub32 === -; function that subtracts a 32-bit words from another in the bigendian way and returns the result -; param1: the minuend 32-bit word -; given in r25,r24,r23,22 (r25 is most significant for little endian) -; param2: the subtrahend 32-bit word -; given in r21,r20,r19,18 (r21 is most significant for little endian) -; modifys: -bigendian_sub32: - sub r25, r21 - sbc r24, r20 - sbc r23, r19 - sbc r22, r18 - ret - /******************************************************************************/ /* #define M0 0xfc @@ -112,7 +82,6 @@ T3 = X1 * X2 = R23 * X3 = R22 */ -.global seed_g_function seed_g_function: ldi r30, lo8(seed_sbox1) ldi r31, hi8(seed_sbox1) @@ -283,7 +252,6 @@ C2 = 14 C3 = 15 D2 = 16 D3 = 17 -.global seed_f_function seed_f_function: push_range 10, 17 movw r30, r24 @@ -472,7 +440,6 @@ compute_keys: mov r18, D0 ret -.global seed_getnextkeys seed_getnextkeys: push_range 10, 17 push r28 @@ -580,7 +547,6 @@ keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){ * param curround: r22 */ -.global seed_getprevkeys seed_getprevkeys: push_range 10, 17 push r28 @@ -657,7 +623,6 @@ r_odd_round: /******************************************************************************/ -.global seed_kc seed_kc: .long 0xb979379e .long 0x73f36e3c @@ -833,6 +798,160 @@ seed_enc: pop_range 9, 17 ret +/******************************************************************************/ +/* +#define L (((uint64_t*)buffer)[0]) +#define R (((uint64_t*)buffer)[1]) +void seed_dec(void * buffer, seed_ctx_t * ctx){ + int8_t r; + keypair_t k; + for(r=7; r>=0; --r){ + k = seed_getprevkeys(ctx->k, 2*r+1); +/ * + DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); +* / + L ^= seed_f_function(&R,k.k0,k.k1); + + k = seed_getprevkeys(ctx->k, 2*r+0); +/ * + DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); + DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); + DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); + DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); +* / + R ^= seed_f_function(&L,k.k0,k.k1); + } + / * just an exchange without temp. variable * / + L ^= R; + R ^= L; + L ^= R; +} +*/ +/* + * param buffer: r24:r25 + * param ctx: r22:r23 + */ +CTR = 9 +xLPTR = 10 +xRPTR = 12 +CPTR = 14 +.global seed_dec +seed_dec: + push_range 9, 17 + push r28 + push r29 + ldi r16, 7 + mov CTR, r16 + movw xLPTR, r24 + adiw r24, 8 + movw xRPTR, r24 + movw CPTR, r22 +1: + movw r28, xLPTR + movw r24, CPTR + mov r22, CTR + lsl r22 + inc r22 + rcall seed_getprevkeys + + /* use pen & paper to understand the following permutation */ + movw r16, r22 + movw r22, r18 + movw r18, r24 + movw r24, r20 + movw r20, r22 + movw r22, r24 + movw r24, xRPTR + + rcall seed_f_function + + ld r0, Y + eor r0, r18 + st Y+, r0 + ld r0, Y + eor r0, r19 + st Y+, r0 + ld r0, Y + eor r0, r20 + st Y+, r0 + ld r0, Y + eor r0, r21 + st Y+, r0 + ld r0, Y + eor r0, r22 + st Y+, r0 + ld r0, Y + eor r0, r23 + st Y+, r0 + ld r0, Y + eor r0, r24 + st Y+, r0 + ld r0, Y + eor r0, r25 + st Y+, r0 + /* secound half */ + movw r24, CPTR + mov r22, CTR + lsl r22 + rcall seed_getprevkeys + + movw r16, r22 + movw r22, r18 + movw r18, r24 + movw r24, r20 + movw r20, r22 + movw r22, r24 + movw r24, xLPTR + + rcall seed_f_function + + ld r0, Y + eor r0, r18 + st Y+, r0 + ld r0, Y + eor r0, r19 + st Y+, r0 + ld r0, Y + eor r0, r20 + st Y+, r0 + ld r0, Y + eor r0, r21 + st Y+, r0 + ld r0, Y + eor r0, r22 + st Y+, r0 + ld r0, Y + eor r0, r23 + st Y+, r0 + ld r0, Y + eor r0, r24 + st Y+, r0 + ld r0, Y + eor r0, r25 + st Y+, r0 + + dec CTR + brmi 3f + rjmp 1b +3: + movw r28, xLPTR + movw r30, xRPTR + ldi r17, 8 +4: + ld r10, Y + ld r11, Z + st Z+, r10 + st Y+, r11 + dec r17 + brne 4b +5: + pop r29 + pop r28 + pop_range 9, 17 + ret diff --git a/seed-stub.c b/seed-stub.c deleted file mode 100644 index d9c2289..0000000 --- a/seed-stub.c +++ /dev/null @@ -1,120 +0,0 @@ -/* seed.c */ -/* - This file is part of the Crypto-avr-lib/microcrypt-lib. - Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - /** - * \file seed.c - * \author Daniel Otte - * \date 2007-06-1 - * \brief SEED parts in C for AVR - * \par License - * GPL - * - */ -#include -#include -#include -#include "seed.h" -#include "uart.h" -#include "debug.h" - - - -/******************************************************************************/ -typedef struct { - uint32_t k0, k1; -} keypair_t; - -uint64_t seed_f_function(const uint64_t* a, uint32_t k0, uint32_t k1); -keypair_t seed_getnextkeys(uint32_t *keystate, uint8_t curround); -keypair_t seed_getprevkeys(uint32_t *keystate, uint8_t curround); - -/******************************************************************************/ -#if 0 -#define L (((uint64_t*)buffer)[0]) -#define R (((uint64_t*)buffer)[1]) - -void seed_enc(void * buffer, seed_ctx_t * ctx){ - uint8_t r; - keypair_t k; - for(r=0; r<8; ++r){ - k = seed_getnextkeys(ctx->k, 2*r); -/* - DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); -*/ - L ^= seed_f_function(&R,k.k0,k.k1); - - k = seed_getnextkeys(ctx->k, 2*r+1); -/* - DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); -*/ - R ^= seed_f_function(&L,k.k0,k.k1); - } - /* just an exchange without temp. variable */ - L ^= R; - R ^= L; - L ^= R; -} -#endif - -/******************************************************************************/ - -#define L (((uint64_t*)buffer)[0]) -#define R (((uint64_t*)buffer)[1]) - -void seed_dec(void * buffer, seed_ctx_t * ctx){ - int8_t r; - keypair_t k; - for(r=7; r>=0; --r){ - k = seed_getprevkeys(ctx->k, 2*r+1); -/* - DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+0, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+8, 8); -*/ - L ^= seed_f_function(&R,k.k0,k.k1); - - k = seed_getprevkeys(ctx->k, 2*r+0); -/* - DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); - DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); - DEBUG_S("\r\n\t DBG L: "); uart_hexdump((uint8_t*)buffer+8, 8); - DEBUG_S("\r\n\t DBG R: "); uart_hexdump((uint8_t*)buffer+0, 8); -*/ - R ^= seed_f_function(&L,k.k0,k.k1); - } - /* just an exchange without temp. variable */ - L ^= R; - R ^= L; - L ^= R; -} - - - - - - - - - diff --git a/test_src/main-seed-test.c b/test_src/main-seed-test.c index 678d132..5161d59 100644 --- a/test_src/main-seed-test.c +++ b/test_src/main-seed-test.c @@ -107,7 +107,7 @@ void testrun_performance_seed(void){ void testencrypt(uint8_t* block, uint8_t* key){ seed_ctx_t ctx; - uart_putstr("\r\n==testy-encrypt==\r\n key: "); + uart_putstr("\r\n==testy-encrypt==\r\n key: "); uart_hexdump(key,16); seed_init(key, &ctx); uart_putstr("\r\n plain: "); @@ -119,7 +119,7 @@ void testencrypt(uint8_t* block, uint8_t* key){ void testdecrypt(uint8_t* block, uint8_t* key){ seed_ctx_t ctx; - uart_putstr("\r\n==testy-decrypt==\r\n key: "); + uart_putstr("\r\n==testy-decrypt==\r\n key: "); uart_hexdump(key,16); seed_init(key, &ctx); uart_putstr("\r\n crypt: "); @@ -131,25 +131,25 @@ void testdecrypt(uint8_t* block, uint8_t* key){ void testrun_seed(void){ uint8_t keys[4][16]= - { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x47, 0x06, 0x48, 0x08, 0x51, 0xE6, 0x1B, 0xE8, - 0x5D, 0x74, 0xBF, 0xB3, 0xFD, 0x95, 0x61, 0x85 }, - { 0x28, 0xDB, 0xC3, 0xBC, 0x49, 0xFF, 0xD8, 0x7D, - 0xCF, 0xA5, 0x09, 0xB1, 0x1D, 0x42, 0x2B, 0xE7,} - }; + { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, + { 0x47, 0x06, 0x48, 0x08, 0x51, 0xE6, 0x1B, 0xE8, + 0x5D, 0x74, 0xBF, 0xB3, 0xFD, 0x95, 0x61, 0x85 }, + { 0x28, 0xDB, 0xC3, 0xBC, 0x49, 0xFF, 0xD8, 0x7D, + 0xCF, 0xA5, 0x09, 0xB1, 0x1D, 0x42, 0x2B, 0xE7,} + }; uint8_t datas[4][16]= - { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x83, 0xA2, 0xF8, 0xA2, 0x88, 0x64, 0x1F, 0xB9, - 0xA4, 0xE9, 0xA5, 0xCC, 0x2F, 0x13, 0x1C, 0x7D }, - { 0xB4, 0x1E, 0x6B, 0xE2, 0xEB, 0xA8, 0x4A, 0x14, - 0x8E, 0x2E, 0xED, 0x84, 0x59, 0x3C, 0x5E, 0xC7 } - }; + { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x83, 0xA2, 0xF8, 0xA2, 0x88, 0x64, 0x1F, 0xB9, + 0xA4, 0xE9, 0xA5, 0xCC, 0x2F, 0x13, 0x1C, 0x7D }, + { 0xB4, 0x1E, 0x6B, 0xE2, 0xEB, 0xA8, 0x4A, 0x14, + 0x8E, 0x2E, 0xED, 0x84, 0x59, 0x3C, 0x5E, 0xC7 } + }; uint8_t i=0; for(i=0; i<4; ++i){ testencrypt(datas[i],keys[i]); -- 2.39.2 From 86af17284402f8198778fcb63a67f0503c1e48c8 Mon Sep 17 00:00:00 2001 From: bg Date: Fri, 19 Dec 2008 22:40:58 +0000 Subject: [PATCH 13/16] small update (integrating NOEKEON_OMAC and SEED_C) --- Makefile | 38 ++++++++++++++++++-- avr-makefile.inc | 6 +++- cast5.c | 18 ++++++---- cast5.h | 4 +-- config.h | 2 +- mkfiles/omac_noekeon.mk | 13 +++++++ mkfiles/omac_noekeon_c.mk | 13 +++++++ mkfiles/seed_C.mk | 13 +++++++ omac_noekeon_C.c | 74 +++++++++++++++++++++++++++++++++++++++ seed.h | 46 +++++++++++++++++++++--- seed_C.c | 12 +++---- 11 files changed, 216 insertions(+), 23 deletions(-) create mode 100644 mkfiles/omac_noekeon.mk create mode 100644 mkfiles/omac_noekeon_c.mk create mode 100644 mkfiles/seed_C.mk create mode 100644 omac_noekeon_C.c diff --git a/Makefile b/Makefile index 359e592..75876cf 100644 --- a/Makefile +++ b/Makefile @@ -80,6 +80,26 @@ info: # @echo " $(ALGORITHMS_TEST_BIN)" # @echo " ALGORITHMS_TEST_TARGET_ELF:" # @echo " $(ALGORITHMS_TEST_TARGET_ELF)" + @echo " targets:" + @echo " all - all algorithm cores" + @echo " cores - all algorithm cores" + @echo " listings - all algorithm core listings" + @echo " tests - all algorithm test programs" + @echo " stats - all algorithm size statistics" + @echo " blockciphers - all blockcipher cores" + @echo " streamciphers - all streamcipher cores" + @echo " hashes - all hash cores" + @echo " macs - all MAC cores" + @echo " prngs - all PRNG cores" + @echo " all_testrun - testrun all algorithms" + @echo " docu - build doxygen documentation" + @echo " clean - remove a lot of builded files" + @echo " xclean - also remove dependency files" + @echo " *_TEST_BIN - build test program" + @echo " *_TESTRUN - run nessie test" + @echo " *_OBJ - build algorithm core" + @echo " *_FLASH - flash test program" + @echo " *_LIST - build assembler listing" #------------------------------------------------------------------------------- @@ -161,12 +181,12 @@ $(foreach algo, $(ALGORITHMS),$(eval $(call FLASH_TEMPLATE, $(algo), $(TESTBIN_D define TESTRUN_TEMPLATE $(1)_TESTRUN: $(1)_FLASH @echo "[test]: $(1)" - $(RUBY) get_test.rb $(TESTPORT) $(TESTPORTBAUDR) 8 1 nessie $(TESTLOG_DIR)$(TESTPREFIX) $(2) + $(RUBY) $(GET_TEST) $(TESTPORT) $(TESTPORTBAUDR) 8 1 nessie $(TESTLOG_DIR)$(TESTPREFIX) $(2) endef $(foreach algo, $(ALGORITHMS),$(eval $(call TESTRUN_TEMPLATE, $(algo), $(call lc,$(algo)) ))) -ALL_TESTRUN: $(foreach algo, $(ALGORITHMS), $(algo)_TESTRUN) +all_testrun: $(foreach algo, $(ALGORITHMS), $(algo)_TESTRUN) #------------------------------------------------------------------------------- @@ -236,6 +256,20 @@ xclean: clean docu: doxygen +make.dump: Makefile + $(MAKE) -p -B -n -f $^ > $@ + +make.dot: make.dump + $(MAKE2GRAPH) $^ > $@ + +make.png: make.dot + $(TWOPI) -Tpng -o $@ $^ + +make.svg: make.dot + $(TWOPI) -Tsvg -o $@ $^ + +.PHONY: make-info +make-info: make.png make.svg # Rules for building the .text rom images diff --git a/avr-makefile.inc b/avr-makefile.inc index 08457a3..d40f6c7 100644 --- a/avr-makefile.inc +++ b/avr-makefile.inc @@ -11,7 +11,7 @@ TESTSRC_DIR = test_src/ #uisp -dprog=bsd -dlpt=/dev/parport1 --upload if=$(PRG).hex ERASECMD = TESTPORT = /dev/ttyUSB1 -TESTPORTBAUDR = 9600 +TESTPORTBAUDR = 38400 TESTLOG_DIR = testlog/ TESTPREFIX = nessie- LIST_DIR = listings/ @@ -29,3 +29,7 @@ OBJCOPY = avr-objcopy OBJDUMP = avr-objdump SIZE = avr-size RUBY = ruby +GET_TEST = host/get_test.rb +MAKE = make +MAKE2GRAPH = ~/bin/make2graph.rb +TWOPI = twopi diff --git a/cast5.c b/cast5.c index 0ed3ddf..a7984d4 100644 --- a/cast5.c +++ b/cast5.c @@ -108,7 +108,7 @@ void cast5_init_rM(uint8_t *klo, uint8_t *khi, uint8_t offset, uint8_t *src, boo -void cast5_init(void* key, uint8_t keylength_b, cast5_ctx_t* s){ +void cast5_init(const void* key, uint8_t keylength_b, cast5_ctx_t* s){ /* we migth return if the key is valid and if setup was sucessfull */ uint32_t x[4], z[4]; #define BPX ((uint8_t*)&(x[0])) @@ -198,8 +198,10 @@ uint32_t cast5_f1(uint32_t d, uint32_t m, uint8_t r){ #else - return (((pgm_read_dword(&s1[((uint8_t*)&t)[IA]] ) ^ pgm_read_dword(&s2[((uint8_t*)&t)[IB]] )) - - pgm_read_dword(&s3[((uint8_t*)&t)[IC]] )) + pgm_read_dword(&s4[((uint8_t*)&t)[ID]])); + return ((( pgm_read_dword(&s1[((uint8_t*)&t)[IA]]) + ^ pgm_read_dword(&s2[((uint8_t*)&t)[IB]]) ) + - pgm_read_dword(&s3[((uint8_t*)&t)[IC]]) ) + + pgm_read_dword(&s4[((uint8_t*)&t)[ID]]) ); #endif } @@ -227,8 +229,8 @@ uint32_t cast5_f2(uint32_t d, uint32_t m, uint8_t r){ return (((ia - ib) + ic) ^ id); #else - return (((pgm_read_dword(&s1[((uint8_t*)&t)[IA]]) - - pgm_read_dword(&s2[((uint8_t*)&t)[IB]]) ) + return ((( pgm_read_dword(&s1[((uint8_t*)&t)[IA]]) + - pgm_read_dword(&s2[((uint8_t*)&t)[IB]]) ) + pgm_read_dword(&s3[((uint8_t*)&t)[IC]]) ) ^ pgm_read_dword(&s4[((uint8_t*)&t)[ID]]) ); @@ -257,8 +259,10 @@ uint32_t cast5_f3(uint32_t d, uint32_t m, uint8_t r){ uart_putstr("\r\n\tID="); uart_hexdump(&id, 4); return (((ia + ib) ^ ic) - id); #else - return ((pgm_read_dword(&s1[((uint8_t*)&t)[IA]] ) + pgm_read_dword(&s2[((uint8_t*)&t)[IB]] )) - ^ pgm_read_dword(&s3[((uint8_t*)&t)[IC]] )) - pgm_read_dword(&s4[((uint8_t*)&t)[ID]] ); + return (( pgm_read_dword(&s1[((uint8_t*)&t)[IA]] ) + + pgm_read_dword(&s2[((uint8_t*)&t)[IB]] )) + ^ pgm_read_dword(&s3[((uint8_t*)&t)[IC]] )) + - pgm_read_dword(&s4[((uint8_t*)&t)[ID]] ); #endif } diff --git a/cast5.h b/cast5.h index aa81ca1..2b1d317 100644 --- a/cast5.h +++ b/cast5.h @@ -55,7 +55,7 @@ * * A variable of this type may hold a keyschedule for the CAST-5 cipher. * This context is regulary generated by the - * cast5_init(uint8_t* key, uint8_t keylength_b, cast5_ctx_t* s) funtion. + * cast5_init(uint8_t* key, uint8_t keylength_b, cast5_ctx_t* s) function. */ typedef struct cast5_ctx_st{ uint32_t mask[16]; @@ -74,7 +74,7 @@ typedef struct cast5_ctx_st{ * \param keylength_b length of the key in bits (maximum 128 bits) * \param s pointer to the context */ -void cast5_init(void* key, uint8_t keylength_b, cast5_ctx_t* s); +void cast5_init(const void* key, uint8_t keylength_b, cast5_ctx_t* s); /** \fn void cast5_enc(void* block, const cast5_ctx_t *s); * \brief encrypt a block with the CAST-5 algorithm diff --git a/config.h b/config.h index 529ff51..0a0caf1 100644 --- a/config.h +++ b/config.h @@ -30,7 +30,7 @@ /* uart.[ch] defines */ #define UART_INTERRUPT 1 -#define UART_BAUD_RATE 9600 +#define UART_BAUD_RATE 38400 #define UART_RXBUFSIZE 16 #define UART_TXBUFSIZE 16 #define UART_LINE_BUFFER_SIZE 40 diff --git a/mkfiles/omac_noekeon.mk b/mkfiles/omac_noekeon.mk new file mode 100644 index 0000000..41c5dff --- /dev/null +++ b/mkfiles/omac_noekeon.mk @@ -0,0 +1,13 @@ +# Makefile for noekeon +ALGO_NAME := OMAC_NOEKEON + +# comment out the following line for removement of noekeon from the build process +MACS += $(ALGO_NAME) + + +$(ALGO_NAME)_OBJ := noekeon_asm.o omac_noekeon.o memxor.o +$(ALGO_NAME)_TEST_BIN := main-omac-noekeon-test.o debug.o uart.o serial-tools.o \ + nessie_mac_test.o nessie_common.o cli.o performance_test.o +$(ALGO_NAME)_NESSIE_TEST := test nessie +$(ALGO_NAME)_PERFORMANCE_TEST := performance + diff --git a/mkfiles/omac_noekeon_c.mk b/mkfiles/omac_noekeon_c.mk new file mode 100644 index 0000000..d142283 --- /dev/null +++ b/mkfiles/omac_noekeon_c.mk @@ -0,0 +1,13 @@ +# Makefile for noekeon +ALGO_NAME := OMAC_NOEKEON_C + +# comment out the following line for removement of noekeon from the build process +MACS += $(ALGO_NAME) + + +$(ALGO_NAME)_OBJ := noekeon_asm.o omac_noekeon_C.o memxor.o +$(ALGO_NAME)_TEST_BIN := main-omac-noekeon-test.o debug.o uart.o serial-tools.o \ + nessie_mac_test.o nessie_common.o cli.o performance_test.o +$(ALGO_NAME)_NESSIE_TEST := test nessie +$(ALGO_NAME)_PERFORMANCE_TEST := performance + diff --git a/mkfiles/seed_C.mk b/mkfiles/seed_C.mk new file mode 100644 index 0000000..3005819 --- /dev/null +++ b/mkfiles/seed_C.mk @@ -0,0 +1,13 @@ +# Makefile for SEED +ALGO_NAME := SEED_C + +# comment out the following line for removement of SEED from the build process +BLOCK_CIPHERS += $(ALGO_NAME) + +$(ALGO_NAME)_OBJ := seed_C.o +$(ALGO_NAME)_TEST_BIN := main-seed-test.o debug.o uart.o serial-tools.o \ + nessie_bc_test.o nessie_common.o \ + cli.o performance_test.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/omac_noekeon_C.c b/omac_noekeon_C.c new file mode 100644 index 0000000..3046ede --- /dev/null +++ b/omac_noekeon_C.c @@ -0,0 +1,74 @@ +#include "noekeon.h" +#include "omac_noekeon.h" +#include "memxor.h" +#include +#include + + +void omac_noekeon_init(omac_noekeon_ctx_t* ctx){ + memset(ctx, 0, 16); +} + + +void omac_noekeon_tweak(uint8_t t, const void* key, omac_noekeon_ctx_t* ctx){ + *ctx[15] = t; + noekeon_enc(ctx, key); +} + +void omac_noekeon_next(const void* buffer, const void* key, omac_noekeon_ctx_t* ctx){ + memxor(ctx, buffer, 16); + noekeon_enc(ctx, key); +} + +static +void omac_noekeon_comppad(uint8_t* pad, const void* key, uint8_t length_b){ + uint8_t c1,c2,r,j; + memset(pad, 0, 16); + noekeon_enc(pad, key); + r=(length_b==128)?1:2; + for(;r!=0;--r){ + c1=0; + for(j=0;j<16;++j){ + c2 = c1; + c1 = (pad[15-j])>>7; + pad[15-j] = ((pad[15-j])<<1) | c2; + } + if(c1){ + pad[15] ^= 0x87; + } + } + if(length_b<128){ + pad[(length_b)/8] ^= 0x80 >> (length_b%8); + } +} + +void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, omac_noekeon_ctx_t* ctx){ + while(length_b>128){ + omac_noekeon_next(buffer, key, ctx); + buffer = (uint8_t*)buffer +16; + length_b -= 128; + } + uint8_t pad[16]; + omac_noekeon_comppad(pad, key, length_b); + memxor(pad, buffer, (length_b+7)/8); + omac_noekeon_next(pad, key, ctx); +} + + +void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b, + const void* key, uint8_t t){ + omac_noekeon_init(dest); + if(t!=0xff) + omac_noekeon_tweak(t,key,dest); + while(msglength_b>128){ + omac_noekeon_next(msg, key, dest); + msg = (uint8_t*)msg +16; + msglength_b -= 128; + } + omac_noekeon_last(msg, msglength_b, key, dest); +} + + + + + diff --git a/seed.h b/seed.h index 4ee1d8b..7283191 100644 --- a/seed.h +++ b/seed.h @@ -29,15 +29,53 @@ #define SEED_H_ #include - +/** \typedef seed_ctx_t + * \brief SEED context + * + * A variable of this type may hold the key material for the SEED cipher. + * This context is regulary generated by the + * void seed_init(const void * key, seed_ctx_t * ctx) function. + */ typedef struct{ uint32_t k[4]; } seed_ctx_t; /******************************************************************************/ -void seed_init(uint8_t * key, seed_ctx_t * ctx); -void seed_enc(void * buffer, seed_ctx_t * ctx); -void seed_dec(void * buffer, seed_ctx_t * ctx); +/** \fn void seed_init(void * key, seed_ctx_t * ctx) + * \brief initializes context for SEED operation + * + * This function copys the key material into a context variable. + * + * \param key pointer to the key material (128 bit = 16 bytes) + * \param ctx pointer to the context (seed_ctx_t) + */ +void seed_init(const void * key, seed_ctx_t * ctx); + +/** \fn void seed_enc(void * buffer, seed_ctx_t * ctx) + * \brief encrypt a block with SEED + * + * This function encrypts a block of 64 bits (8 bytes) with the SEED algorithm. + * The round keys are computed on demand, so the context is modifyed while + * encrypting but the original stated is restored when the function exits. + * + * \param buffer pointer to the block (64 bit = 8 byte) which will be encrypted + * \param ctx pointer to the key material (seed_ctx_t) + */ +void seed_enc(void * buffer, const seed_ctx_t * ctx); + + +/** \fn void seed_dec(void * buffer, seed_ctx_t * ctx) + * \brief decrypt a block with SEED + * + * This function decrypts a block of 64 bits (8 bytes) with the SEED algorithm. + * The round keys are computed on demand, so the context is modifyed while + * decrypting but the original stated is restored when the function exits. + * + * \param buffer pointer to the block (64 bit = 8 byte) which will be decrypted + * \param ctx pointer to the key material (seed_ctx_t) + */ +void seed_dec(void * buffer, const seed_ctx_t * ctx); + #endif /*SEED_H_*/ diff --git a/seed_C.c b/seed_C.c index e4b77f5..5cda64d 100644 --- a/seed_C.c +++ b/seed_C.c @@ -206,7 +206,7 @@ typedef struct{ /******************************************************************************/ -void seed_init(uint8_t * key, seed_ctx_t * ctx){ +void seed_init(const void * key, seed_ctx_t * ctx){ memcpy(ctx->k, key, 128/8); } @@ -215,11 +215,11 @@ void seed_init(uint8_t * key, seed_ctx_t * ctx){ #define L (((uint64_t*)buffer)[0]) #define R (((uint64_t*)buffer)[1]) -void seed_enc(void * buffer, seed_ctx_t * ctx){ +void seed_enc(void * buffer, const seed_ctx_t * ctx){ uint8_t r; keypair_t k; for(r=0; r<8; ++r){ - k = getnextkeys(ctx->k, 2*r); + k = getnextkeys(((seed_ctx_t*)ctx)->k, 2*r); /* DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); @@ -228,7 +228,7 @@ void seed_enc(void * buffer, seed_ctx_t * ctx){ */ L ^= f_function(&R,k.k0,k.k1); - k = getnextkeys(ctx->k, 2*r+1); + k = getnextkeys(((seed_ctx_t*)ctx)->k, 2*r+1); /* DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); @@ -252,7 +252,7 @@ void seed_dec(void * buffer, seed_ctx_t * ctx){ int8_t r; keypair_t k; for(r=7; r>=0; --r){ - k = getprevkeys(ctx->k, 2*r+1); + k = getprevkeys(((seed_ctx_t*)ctx)->k, 2*r+1); /* DEBUG_S("\r\n\tDBG ka,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG ka,1: "); uart_hexdump(&k.k1, 4); @@ -261,7 +261,7 @@ void seed_dec(void * buffer, seed_ctx_t * ctx){ */ L ^= f_function(&R,k.k0,k.k1); - k = getprevkeys(ctx->k, 2*r+0); + k = getprevkeys(((seed_ctx_t*)ctx)->k, 2*r+0); /* DEBUG_S("\r\n\tDBG kb,0: "); uart_hexdump(&k.k0, 4); DEBUG_S("\r\n\tDBG kb,1: "); uart_hexdump(&k.k1, 4); -- 2.39.2 From 4469def3e210fc904cfefc5b158fc6d4dc5f6e47 Mon Sep 17 00:00:00 2001 From: bg Date: Sun, 21 Dec 2008 00:16:09 +0000 Subject: [PATCH 14/16] a first idea of twister (only 224 and 256 bit) more comming soon --- cast5.c | 202 ++++++------------------------- gf256mul.S | 55 +++++++++ gf256mul.h | 37 ++++++ mkfiles/twister224.mk | 12 ++ mkfiles/twister256.mk | 12 ++ test_src/main-twister224-test.c | 199 ++++++++++++++++++++++++++++++ test_src/main-twister256-test.c | 199 ++++++++++++++++++++++++++++++ twister-small.c | 154 ++++++++++++++++++++++++ twister-small.h | 32 +++++ twister.c | 125 +++++++++++++++++++ twister.h | 41 +++++++ twister_tables.h | 207 ++++++++++++++++++++++++++++++++ 12 files changed, 1108 insertions(+), 167 deletions(-) create mode 100644 gf256mul.S create mode 100644 gf256mul.h create mode 100644 mkfiles/twister224.mk create mode 100644 mkfiles/twister256.mk create mode 100644 test_src/main-twister224-test.c create mode 100644 test_src/main-twister256-test.c create mode 100644 twister-small.c create mode 100644 twister-small.h create mode 100644 twister.c create mode 100644 twister.h create mode 100644 twister_tables.h diff --git a/cast5.c b/cast5.c index a7984d4..59f6dbd 100644 --- a/cast5.c +++ b/cast5.c @@ -48,18 +48,39 @@ #define S7(x) pgm_read_dword(&s7[(x)]) #define S8(x) pgm_read_dword(&s8[(x)]) - +static void cast5_init_A(uint8_t *dest, uint8_t *src, bool bmode){ uint8_t mask = bmode?0x8:0; - *((uint32_t*)(&dest[0x0])) = *((uint32_t*)(&src[0x0^mask])) ^ S5(src[0xD^mask]) ^ S6(src[0xF^mask]) ^ S7(src[0xC^mask]) ^ S8(src[0xE^mask]) ^ S7(src[0x8^mask]); - *((uint32_t*)(&dest[0x4])) = *((uint32_t*)(&src[0x8^mask])) ^ S5(dest[0x0]) ^ S6(dest[0x2]) ^ S7(dest[0x1]) ^ S8(dest[0x3]) ^ S8(src[0xA^mask]); - *((uint32_t*)(&dest[0x8])) = *((uint32_t*)(&src[0xC^mask])) ^ S5(dest[0x7]) ^ S6(dest[0x6]) ^ S7(dest[0x5]) ^ S8(dest[0x4]) ^ S5(src[0x9^mask]); - *((uint32_t*)(&dest[0xC])) = *((uint32_t*)(&src[0x4^mask])) ^ S5(dest[0xA]) ^ S6(dest[0x9]) ^ S7(dest[0xB]) ^ S8(dest[0x8]) ^ S6(src[0xB^mask]); + *((uint32_t*)(&dest[0x0])) = *((uint32_t*)(&src[0x0^mask])) + ^ S5(src[0xD^mask]) ^ S6(src[0xF^mask]) + ^ S7(src[0xC^mask]) ^ S8(src[0xE^mask]) + ^ S7(src[0x8^mask]); + *((uint32_t*)(&dest[0x4])) = *((uint32_t*)(&src[0x8^mask])) + ^ S5(dest[0x0]) ^ S6(dest[0x2]) + ^ S7(dest[0x1]) ^ S8(dest[0x3]) + ^ S8(src[0xA^mask]); + *((uint32_t*)(&dest[0x8])) = *((uint32_t*)(&src[0xC^mask])) + ^ S5(dest[0x7]) ^ S6(dest[0x6]) + ^ S7(dest[0x5]) ^ S8(dest[0x4]) + ^ S5(src[0x9^mask]); + *((uint32_t*)(&dest[0xC])) = *((uint32_t*)(&src[0x4^mask])) + ^ S5(dest[0xA]) + ^ S6(dest[0x9]) + ^ S7(dest[0xB]) + ^ S8(dest[0x8]) + ^ S6(src[0xB^mask]); } +static void cast5_init_M(uint8_t *dest, uint8_t *src, bool nmode, bool xmode){ - uint8_t nmt[] = {0xB, 0xA, 0x9, 0x8, 0xF, 0xE, 0xD, 0xC, 0x3, 0x2, 0x1, 0x0, 0x7, 0x6, 0x5, 0x4}; /* nmode table */ - uint8_t xmt[4][4] = {{0x2, 0x6, 0x9, 0xC}, {0x8, 0xD, 0x3, 0x7}, {0x3, 0x7, 0x8, 0xD}, {0x9, 0xC, 0x2, 0x6}}; + uint8_t nmt[] = {0xB, 0xA, 0x9, 0x8, + 0xF, 0xE, 0xD, 0xC, + 0x3, 0x2, 0x1, 0x0, + 0x7, 0x6, 0x5, 0x4}; /* nmode table */ + uint8_t xmt[4][4] = {{0x2, 0x6, 0x9, 0xC}, + {0x8, 0xD, 0x3, 0x7}, + {0x3, 0x7, 0x8, 0xD}, + {0x9, 0xC, 0x2, 0x6}}; #define NMT(x) (src[nmode?nmt[(x)]:(x)]) #define XMT(x) (src[xmt[(xmode<<1) + nmode][(x)]]) *((uint32_t*)(&dest[0x0])) = S5(NMT(0x8)) ^ S6(NMT(0x9)) ^ S7(NMT(0x7)) ^ S8(NMT(0x6)) ^ S5(XMT(0)); @@ -73,6 +94,7 @@ void cast5_init_M(uint8_t *dest, uint8_t *src, bool nmode, bool xmode){ #define S7B(x) pgm_read_byte(3+(uint8_t*)(&s7[(x)])) #define S8B(x) pgm_read_byte(3+(uint8_t*)(&s8[(x)])) +static void cast5_init_rM(uint8_t *klo, uint8_t *khi, uint8_t offset, uint8_t *src, bool nmode, bool xmode){ uint8_t nmt[] = {0xB, 0xA, 0x9, 0x8, 0xF, 0xE, 0xD, 0xC, 0x3, 0x2, 0x1, 0x0, 0x7, 0x6, 0x5, 0x4}; /* nmode table */ uint8_t xmt[4][4] = {{0x2, 0x6, 0x9, 0xC}, {0x8, 0xD, 0x3, 0x7}, {0x3, 0x7, 0x8, 0xD}, {0x9, 0xC, 0x2, 0x6}}; @@ -176,7 +198,7 @@ typedef uint32_t cast5_f_t(uint32_t,uint32_t,uint8_t); #define IC 1 #define ID 0 - +static uint32_t cast5_f1(uint32_t d, uint32_t m, uint8_t r){ uint32_t t; t = ROTL32((d + m),r); @@ -206,7 +228,7 @@ uint32_t cast5_f1(uint32_t d, uint32_t m, uint8_t r){ #endif } - +static uint32_t cast5_f2(uint32_t d, uint32_t m, uint8_t r){ uint32_t t; t = ROTL32((d ^ m),r); @@ -237,6 +259,7 @@ uint32_t cast5_f2(uint32_t d, uint32_t m, uint8_t r){ #endif } +static uint32_t cast5_f3(uint32_t d, uint32_t m, uint8_t r){ uint32_t t; t = ROTL32((m - d),r); @@ -267,7 +290,7 @@ uint32_t cast5_f3(uint32_t d, uint32_t m, uint8_t r){ #endif } -/*************************************************************************/ +/******************************************************************************/ void cast5_enc(void* block, const cast5_ctx_t *s){ uint32_t l,r, x, y; @@ -291,7 +314,7 @@ void cast5_enc(void* block, const cast5_ctx_t *s){ ((uint32_t*)block)[1]=l; } -/*************************************************************************/ +/******************************************************************************/ void cast5_dec(void* block, const cast5_ctx_t *s){ uint32_t l,r, x, y; @@ -313,162 +336,7 @@ void cast5_dec(void* block, const cast5_ctx_t *s){ } -/*********************************************************************************************************/ -/*********************************************************************************************************/ -/*********************************************************************************************************/ - -#if 0 - -void cast5_old_init(cast5_ctx_t* s, uint8_t* key, uint8_t keylength){ - /* we migth return if the key is valid and if setup was sucessfull */ - uint32_t x[4], z[4], t; - #define BPX ((uint8_t*)&(x[0])) - #define BPZ ((uint8_t*)&(z[0])) - s->shortkey = (keylength<=80); - /* littel endian only! */ - memset(&(x[0]), 0 ,16); /* set x to zero */ - memcpy(&(x[0]), key, keylength/8); - - - /* todo: merge a and b and compress the whole stuff */ - /***** A *****/ - z[0] = x[0] ^ S_5X(0xD) ^ S_6X(0xF) ^ S_7X(0xC) ^ S_8X(0xE) ^ S_7X(0x8); - z[1] = x[2] ^ S_5Z(0x0) ^ S_6Z(0x2) ^ S_7Z(0x1) ^ S_8Z(0x3) ^ S_8X(0xA); - z[2] = x[3] ^ S_5Z(0x7) ^ S_6Z(0x6) ^ S_7Z(0x5) ^ S_8Z(0x4) ^ S_5X(0x9); - z[3] = x[1] ^ S_5Z(0xA) ^ S_6Z(0x9) ^ S_7Z(0xB) ^ S_8Z(0x8) ^ S_6X(0xB); - /***** M *****/ - s->mask[0] = S_5Z(0x8) ^ S_6Z(0x9) ^ S_7Z(0x7) ^ S_8Z(0x6) ^ S_5Z(0x2); - s->mask[1] = S_5Z(0xA) ^ S_6Z(0xB) ^ S_7Z(0x5) ^ S_8Z(0x4) ^ S_6Z(0x6); - s->mask[2] = S_5Z(0xC) ^ S_6Z(0xD) ^ S_7Z(0x3) ^ S_8Z(0x2) ^ S_7Z(0x9); - s->mask[3] = S_5Z(0xE) ^ S_6Z(0xF) ^ S_7Z(0x1) ^ S_8Z(0x0) ^ S_8Z(0xC); - /***** B *****/ - x[0] = z[2] ^ S_5Z(0x5) ^ S_6Z(0x7) ^ S_7Z(0x4) ^ S_8Z(0x6) ^ S_7Z(0x0); - x[1] = z[0] ^ S_5X(0x0) ^ S_6X(0x2) ^ S_7X(0x1) ^ S_8X(0x3) ^ S_8Z(0x2); - x[2] = z[1] ^ S_5X(0x7) ^ S_6X(0x6) ^ S_7X(0x5) ^ S_8X(0x4) ^ S_5Z(0x1); - x[3] = z[3] ^ S_5X(0xA) ^ S_6X(0x9) ^ S_7X(0xB) ^ S_8X(0x8) ^ S_6Z(0x3); - /***** N *****/ - s->mask[4] = S_5X(0x3) ^ S_6X(0x2) ^ S_7X(0xC) ^ S_8X(0xD) ^ S_5X(0x8); - s->mask[5] = S_5X(0x1) ^ S_6X(0x0) ^ S_7X(0xE) ^ S_8X(0xF) ^ S_6X(0xD); - s->mask[6] = S_5X(0x7) ^ S_6X(0x6) ^ S_7X(0x8) ^ S_8X(0x9) ^ S_7X(0x3); - s->mask[7] = S_5X(0x5) ^ S_6X(0x4) ^ S_7X(0xA) ^ S_8X(0xB) ^ S_8X(0x7); - /***** A *****/ - z[0] = x[0] ^ S_5X(0xD) ^ S_6X(0xF) ^ S_7X(0xC) ^ S_8X(0xE) ^ S_7X(0x8); - z[1] = x[2] ^ S_5Z(0x0) ^ S_6Z(0x2) ^ S_7Z(0x1) ^ S_8Z(0x3) ^ S_8X(0xA); - z[2] = x[3] ^ S_5Z(0x7) ^ S_6Z(0x6) ^ S_7Z(0x5) ^ S_8Z(0x4) ^ S_5X(0x9); - z[3] = x[1] ^ S_5Z(0xA) ^ S_6Z(0x9) ^ S_7Z(0xB) ^ S_8Z(0x8) ^ S_6X(0xB); - /***** N' *****/ - s->mask[8] = S_5Z(0x3) ^ S_6Z(0x2) ^ S_7Z(0xC) ^ S_8Z(0xD) ^ S_5Z(0x9); - s->mask[9] = S_5Z(0x1) ^ S_6Z(0x0) ^ S_7Z(0xE) ^ S_8Z(0xF) ^ S_6Z(0xC); - s->mask[10] = S_5Z(0x7) ^ S_6Z(0x6) ^ S_7Z(0x8) ^ S_8Z(0x9) ^ S_7Z(0x2); - s->mask[11] = S_5Z(0x5) ^ S_6Z(0x4) ^ S_7Z(0xA) ^ S_8Z(0xB) ^ S_8Z(0x6); - /***** B *****/ - x[0] = z[2] ^ S_5Z(0x5) ^ S_6Z(0x7) ^ S_7Z(0x4) ^ S_8Z(0x6) ^ S_7Z(0x0); - x[1] = z[0] ^ S_5X(0x0) ^ S_6X(0x2) ^ S_7X(0x1) ^ S_8X(0x3) ^ S_8Z(0x2); - x[2] = z[1] ^ S_5X(0x7) ^ S_6X(0x6) ^ S_7X(0x5) ^ S_8X(0x4) ^ S_5Z(0x1); - x[3] = z[3] ^ S_5X(0xA) ^ S_6X(0x9) ^ S_7X(0xB) ^ S_8X(0x8) ^ S_6Z(0x3); - /***** M' *****/ - s->mask[12] = S_5X(0x8) ^ S_6X(0x9) ^ S_7X(0x7) ^ S_8X(0x6) ^ S_5X(0x3); - s->mask[13] = S_5X(0xA) ^ S_6X(0xB) ^ S_7X(0x5) ^ S_8X(0x4) ^ S_6X(0x7); - s->mask[14] = S_5X(0xC) ^ S_6X(0xD) ^ S_7X(0x3) ^ S_8X(0x2) ^ S_7X(0x8); - s->mask[15] = S_5X(0xE) ^ S_6X(0xF) ^ S_7X(0x1) ^ S_8X(0x0) ^ S_8X(0xD); - - /* that were the masking keys, now the rotation keys */ - /* set the keys to zero */ - memset(&(s->rotl[0]),0,8); - s->roth[0]=s->roth[1]=0; - /***** A *****/ - z[0] = x[0] ^ S_5X(0xD) ^ S_6X(0xF) ^ S_7X(0xC) ^ S_8X(0xE) ^ S_7X(0x8); - z[1] = x[2] ^ S_5Z(0x0) ^ S_6Z(0x2) ^ S_7Z(0x1) ^ S_8Z(0x3) ^ S_8X(0xA); - z[2] = x[3] ^ S_5Z(0x7) ^ S_6Z(0x6) ^ S_7Z(0x5) ^ S_8Z(0x4) ^ S_5X(0x9); - z[3] = x[1] ^ S_5Z(0xA) ^ S_6Z(0x9) ^ S_7Z(0xB) ^ S_8Z(0x8) ^ S_6X(0xB); - /***** M *****/ - t = S_5Z(0x8) ^ S_6Z(0x9) ^ S_7Z(0x7) ^ S_8Z(0x6) ^ S_5Z(0x2); - t >>= 24; - s->rotl[0] |= t & 0x0f; - s->roth[0] |= (t >> 4) & (1<<0); - t = S_5Z(0xA) ^ S_6Z(0xB) ^ S_7Z(0x5) ^ S_8Z(0x4) ^ S_6Z(0x6); - t >>= 24; - s->rotl[0] |= (t<<4) & 0xf0; - s->roth[0] |= (t >> 3) & (1<<1); - t = S_5Z(0xC) ^ S_6Z(0xD) ^ S_7Z(0x3) ^ S_8Z(0x2) ^ S_7Z(0x9); - t >>= 24; - s->rotl[1] |= t & 0x0f; - s->roth[0] |= (t >> 2) & (1<<2); - t = S_5Z(0xE) ^ S_6Z(0xF) ^ S_7Z(0x1) ^ S_8Z(0x0) ^ S_8Z(0xC); - t >>= 24; - s->rotl[1] |= (t<<4) & 0xf0; - s->roth[0] |= (t >> 1) & (1<<3); - /***** B *****/ - x[0] = z[2] ^ S_5Z(0x5) ^ S_6Z(0x7) ^ S_7Z(0x4) ^ S_8Z(0x6) ^ S_7Z(0x0); - x[1] = z[0] ^ S_5X(0x0) ^ S_6X(0x2) ^ S_7X(0x1) ^ S_8X(0x3) ^ S_8Z(0x2); - x[2] = z[1] ^ S_5X(0x7) ^ S_6X(0x6) ^ S_7X(0x5) ^ S_8X(0x4) ^ S_5Z(0x1); - x[3] = z[3] ^ S_5X(0xA) ^ S_6X(0x9) ^ S_7X(0xB) ^ S_8X(0x8) ^ S_6Z(0x3); - /***** N *****/ - t = S_5X(0x3) ^ S_6X(0x2) ^ S_7X(0xC) ^ S_8X(0xD) ^ S_5X(0x8); - t >>= 24; - s->rotl[2] |= t & 0x0f; - s->roth[0] |= t & (1<<4); - t = S_5X(0x1) ^ S_6X(0x0) ^ S_7X(0xE) ^ S_8X(0xF) ^ S_6X(0xD); - t >>= 24; - s->rotl[2] |= (t<<4) & 0xf0; - s->roth[0] |= (t<<1) & (1<<5); - t = S_5X(0x7) ^ S_6X(0x6) ^ S_7X(0x8) ^ S_8X(0x9) ^ S_7X(0x3); - t >>= 24; - s->rotl[3] |= t & 0x0f; - s->roth[0] |= (t<<2) & (1<<6); - t = S_5X(0x5) ^ S_6X(0x4) ^ S_7X(0xA) ^ S_8X(0xB) ^ S_8X(0x7); - t >>= 24; - s->rotl[3] |= (t<<4) & 0xf0; - s->roth[0] |= (t<<3) & (1<<7); - /***** A *****/ - z[0] = x[0] ^ S_5X(0xD) ^ S_6X(0xF) ^ S_7X(0xC) ^ S_8X(0xE) ^ S_7X(0x8); - z[1] = x[2] ^ S_5Z(0x0) ^ S_6Z(0x2) ^ S_7Z(0x1) ^ S_8Z(0x3) ^ S_8X(0xA); - z[2] = x[3] ^ S_5Z(0x7) ^ S_6Z(0x6) ^ S_7Z(0x5) ^ S_8Z(0x4) ^ S_5X(0x9); - z[3] = x[1] ^ S_5Z(0xA) ^ S_6Z(0x9) ^ S_7Z(0xB) ^ S_8Z(0x8) ^ S_6X(0xB); - /***** N' *****/ - t = S_5Z(0x3) ^ S_6Z(0x2) ^ S_7Z(0xC) ^ S_8Z(0xD) ^ S_5Z(0x9); - t >>= 24; - s->rotl[4] |= t & 0x0f; - s->roth[1] |= (t>>4) & (1<<0); - t = S_5Z(0x1) ^ S_6Z(0x0) ^ S_7Z(0xE) ^ S_8Z(0xF) ^ S_6Z(0xC); - t >>= 24; - s->rotl[4] |= (t<<4) & 0xf0; - s->roth[1] |= (t>>3) & (1<<1); - t = S_5Z(0x7) ^ S_6Z(0x6) ^ S_7Z(0x8) ^ S_8Z(0x9) ^ S_7Z(0x2); - t >>= 24; - s->rotl[5] |= t & 0x0f; - s->roth[1] |= (t>>2) & (1<<2); - t = S_5Z(0x5) ^ S_6Z(0x4) ^ S_7Z(0xA) ^ S_8Z(0xB) ^ S_8Z(0x6); - t >>= 24; - s->rotl[5] |= (t<<4) & 0xf0; - s->roth[1] |= (t>>1) & (1<<3); - /***** B *****/ - x[0] = z[2] ^ S_5Z(0x5) ^ S_6Z(0x7) ^ S_7Z(0x4) ^ S_8Z(0x6) ^ S_7Z(0x0); - x[1] = z[0] ^ S_5X(0x0) ^ S_6X(0x2) ^ S_7X(0x1) ^ S_8X(0x3) ^ S_8Z(0x2); - x[2] = z[1] ^ S_5X(0x7) ^ S_6X(0x6) ^ S_7X(0x5) ^ S_8X(0x4) ^ S_5Z(0x1); - x[3] = z[3] ^ S_5X(0xA) ^ S_6X(0x9) ^ S_7X(0xB) ^ S_8X(0x8) ^ S_6Z(0x3); - /***** M' *****/ - t = S_5X(0x8) ^ S_6X(0x9) ^ S_7X(0x7) ^ S_8X(0x6) ^ S_5X(0x3); - t >>= 24; - s->rotl[6] |= t & 0x0f; - s->roth[1] |= t & (1<<4); - t = S_5X(0xA) ^ S_6X(0xB) ^ S_7X(0x5) ^ S_8X(0x4) ^ S_6X(0x7); - t >>= 24; - s->rotl[6] |= (t<<4) & 0xf0; - s->roth[1] |= (t<<1) & (1<<5); - t = S_5X(0xC) ^ S_6X(0xD) ^ S_7X(0x3) ^ S_8X(0x2) ^ S_7X(0x8); - t >>= 24; - s->rotl[7] |= t & 0x0f; - s->roth[1] |= (t<<2) & (1<<6); - t = S_5X(0xE) ^ S_6X(0xF) ^ S_7X(0x1) ^ S_8X(0x0) ^ S_8X(0xD); - t >>= 24; - s->rotl[7] |= (t<<4) & 0xf0; - s->roth[1] |= (t<<3) & (1<<7); - - /* done ;-) */ -} - -#endif +/******************************************************************************/ diff --git a/gf256mul.S b/gf256mul.S new file mode 100644 index 0000000..02e85e9 --- /dev/null +++ b/gf256mul.S @@ -0,0 +1,55 @@ +/* gf256mul.S */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * File: gf256mul.S + * Author: Daniel Otte + * Date: 2008-12-19 + * License: GPLv3 or later + * Description: peasant's algorithm for multiplication in GF(2^8) + * + */ + + +/* + * param a: r24 + * param b; r22 + * param reducer: r20 + */ +A = 21 +B = 22 +P = 24 +.global gf256mul +gf256mul: + mov r21, r24 + clr r24 + ldi r25, 8 +1: + lsr B + brcc 2f + eor P, A +2: + lsl A + brcc 3f + eor A, r20 +3: + dec r25 + brne 1b + ret + diff --git a/gf256mul.h b/gf256mul.h new file mode 100644 index 0000000..0b09b7c --- /dev/null +++ b/gf256mul.h @@ -0,0 +1,37 @@ +/* gf256mul.h */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#ifndef GF256MUL_H_ +#define GF256MUL_H_ + +/** + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2008-12-19 + * \license GPLv3 + * \brief + * + * + */ + +#include + +uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); + +#endif /* GF256MUL_H_ */ + diff --git a/mkfiles/twister224.mk b/mkfiles/twister224.mk new file mode 100644 index 0000000..b3a4e3d --- /dev/null +++ b/mkfiles/twister224.mk @@ -0,0 +1,12 @@ +# Makefile for TWISTER-224 +ALGO_NAME := TWISTER224 + +# comment out the following line for removement of TWISTER-224 from the build process +HASHES += $(ALGO_NAME) + +$(ALGO_NAME)_OBJ := twister.o twister-small.o memxor.o gf256mul.o +$(ALGO_NAME)_TEST_BIN := main-twister224-test.o debug.o uart.o serial-tools.o \ + nessie_hash_test.o nessie_common.o cli.o performance_test.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/mkfiles/twister256.mk b/mkfiles/twister256.mk new file mode 100644 index 0000000..3fc1672 --- /dev/null +++ b/mkfiles/twister256.mk @@ -0,0 +1,12 @@ +# Makefile for TWISTER-256 +ALGO_NAME := TWISTER256 + +# comment out the following line for removement of TWISTER-256 from the build process +HASHES += $(ALGO_NAME) + +$(ALGO_NAME)_OBJ := twister.o twister-small.o memxor.o gf256mul.o +$(ALGO_NAME)_TEST_BIN := main-twister256-test.o debug.o uart.o serial-tools.o \ + nessie_hash_test.o nessie_common.o cli.o performance_test.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/test_src/main-twister224-test.c b/test_src/main-twister224-test.c new file mode 100644 index 0000000..0cf3d6a --- /dev/null +++ b/test_src/main-twister224-test.c @@ -0,0 +1,199 @@ +/* main-twister224-test.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * twister test suit + * +*/ + +#include "config.h" +#include "serial-tools.h" +#include "uart.h" +#include "debug.h" + +#include "twister-small.h" +#include "nessie_hash_test.h" +#include "performance_test.h" + +#include +#include +#include +#include "cli.h" + +char* algo_name = "TWISTER-224"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ +void twister224_init_dummy(void* ctx){ + twister_small_init(ctx, 224); +} + +void twister224_next_dummy(void* buffer, void* ctx){ + twister_small_nextBlock(ctx, buffer); +} + +void twister224_last_dummy(void* buffer, uint16_t size_b, void* ctx){ + twister_small_lastBlock(ctx, buffer, size_b); +} + +void twister224_ctx2hash_dummy(void* buffer, void* ctx){ + twister_small_ctx2hash(buffer, ctx, 224); +} + + +void testrun_nessie_twister224(void){ + nessie_hash_ctx.hashsize_b = 224; + nessie_hash_ctx.blocksize_B = 512/8; + nessie_hash_ctx.ctx_size_B = sizeof(twister_state_t); + nessie_hash_ctx.name = algo_name; + nessie_hash_ctx.hash_init = (nessie_hash_init_fpt)twister224_init_dummy; + nessie_hash_ctx.hash_next = (nessie_hash_next_fpt)twister224_next_dummy; + nessie_hash_ctx.hash_last = (nessie_hash_last_fpt)twister224_last_dummy; + nessie_hash_ctx.hash_conv = (nessie_hash_conv_fpt)twister224_ctx2hash_dummy; + + nessie_hash_run(); +} + +/***************************************************************************** + * self tests * + *****************************************************************************/ + +void testrun_twister224(void){ + twister224_hash_t hash; + char* testv[]={ + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; + uint32_t i; + + uart_putstr_P(PSTR("\r\n=== TWISTER-224 test suit (MD5 test values) ===")); + for(i=0; i<7; ++i){ + uart_putstr_P(PSTR("\r\n TWISTER-224 (\"")); + uart_putstr(testv[i]); + uart_putstr_P(PSTR("\") = \r\n\t")); + twister224(&hash, testv[i], strlen(testv[i])*8); + uart_hexdump(hash, 224/8); + } + + uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-224 test suit (short test values) ===")); + uint8_t stestv[]= {0x00, 0x00, 0xC0, 0xC0, 0x80, 0x48, 0x50}; + uint8_t stestl[]= { 0, 1, 2, 3, 4, 5, 6}; + for(i=0; i<7; ++i){ + uart_putstr_P(PSTR("\r\n TWISTER-224 (\"")); + uart_hexdump(&(stestv[i]), 1); + uart_putstr_P(PSTR("\") = \r\n\t")); + twister224(&hash, &(stestv[i]), stestl[i]); + uart_hexdump(hash, 224/8); + } + + uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-224 test suit (long test) ===")); + char* ltest= "abcdefghbcdefghicdefghijdefghijk" + "efghijklfghijklmghijklmnhijklmno"; + twister224_ctx_t ctx; + twister224_init(&ctx); + uart_putstr_P(PSTR("\r\n TWISTER-224 ( 16777216 x \"")); + uart_putstr(ltest); + uart_putstr_P(PSTR("\") = \r\n\t")); + for(i=0; i<16777216; ++i){ + twister224_nextBlock(&ctx, ltest); + } + twister224_ctx2hash(hash, &ctx) + uart_hexdump(hash, 224/8); +} + + +void testrun_performance_twister224(void){ + uint64_t t; + char str[16]; + uint8_t data[64]; + twister_state_t ctx; + + calibrateTimer(); + print_overhead(); + + memset(data, 0, 64); + + startTimer(1); + twister_small_init(&ctx, 224); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tctx-gen time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + + startTimer(1); + twister_small_nextBlock(&ctx, data); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tone-block time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + + startTimer(1); + twister_small_lastBlock(&ctx, data, 0); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tlast block time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + startTimer(1); + twister_small_ctx2hash(data, &ctx, 224); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tctx2hash time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + uart_putstr_P(PSTR("\r\n")); +} + + +/***************************************************************************** + * main * + *****************************************************************************/ + +int main (void){ + char str[20]; + + + DEBUG_INIT(); + uart_putstr_P(PSTR("\r\n")); + + uart_putstr_P(PSTR("\r\n\r\nCrypto-VS (")); + uart_putstr(algo_name); + uart_putstr_P(PSTR(")\r\nloaded and running\r\n")); + PGM_P u = PSTR("nessie\0test\0performance\0"); + void_fpt v[] = { testrun_nessie_twister224, + testrun_twister224, + testrun_performance_twister224 }; + + while(1){ + if (!getnextwordn(str,20)){DEBUG_S("DBG: W1\r\n"); goto error;} + if(execcommand_d0_P(str, u, v)<0){ + uart_putstr_P(PSTR("\r\nunknown command\r\n")); + } + continue; + error: + uart_putstr("ERROR\r\n"); + } +} + diff --git a/test_src/main-twister256-test.c b/test_src/main-twister256-test.c new file mode 100644 index 0000000..e6bb300 --- /dev/null +++ b/test_src/main-twister256-test.c @@ -0,0 +1,199 @@ +/* main-twister256-test.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * twister test suit + * +*/ + +#include "config.h" +#include "serial-tools.h" +#include "uart.h" +#include "debug.h" + +#include "twister-small.h" +#include "nessie_hash_test.h" +#include "performance_test.h" + +#include +#include +#include +#include "cli.h" + +char* algo_name = "TWISTER-256"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ +void twister256_init_dummy(void* ctx){ + twister_small_init(ctx, 256); +} + +void twister256_next_dummy(void* buffer, void* ctx){ + twister_small_nextBlock(ctx, buffer); +} + +void twister256_last_dummy(void* buffer, uint16_t size_b, void* ctx){ + twister_small_lastBlock(ctx, buffer, size_b); +} + +void twister256_ctx2hash_dummy(void* buffer, void* ctx){ + twister_small_ctx2hash(buffer, ctx, 256); +} + + +void testrun_nessie_twister256(void){ + nessie_hash_ctx.hashsize_b = 256; + nessie_hash_ctx.blocksize_B = 512/8; + nessie_hash_ctx.ctx_size_B = sizeof(twister_state_t); + nessie_hash_ctx.name = algo_name; + nessie_hash_ctx.hash_init = (nessie_hash_init_fpt)twister256_init_dummy; + nessie_hash_ctx.hash_next = (nessie_hash_next_fpt)twister256_next_dummy; + nessie_hash_ctx.hash_last = (nessie_hash_last_fpt)twister256_last_dummy; + nessie_hash_ctx.hash_conv = (nessie_hash_conv_fpt)twister256_ctx2hash_dummy; + + nessie_hash_run(); +} + +/***************************************************************************** + * self tests * + *****************************************************************************/ + +void testrun_twister256(void){ + twister256_hash_t hash; + char* testv[]={ + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; + uint32_t i; + + uart_putstr_P(PSTR("\r\n=== TWISTER-256 test suit (MD5 test values) ===")); + for(i=0; i<7; ++i){ + uart_putstr_P(PSTR("\r\n TWISTER-256 (\"")); + uart_putstr(testv[i]); + uart_putstr_P(PSTR("\") = \r\n\t")); + twister256(&hash, testv[i], strlen(testv[i])*8); + uart_hexdump(hash, 256/8); + } + + uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-256 test suit (short test values) ===")); + uint8_t stestv[]= {0x00, 0x00, 0xC0, 0xC0, 0x80, 0x48, 0x50}; + uint8_t stestl[]= { 0, 1, 2, 3, 4, 5, 6}; + for(i=0; i<7; ++i){ + uart_putstr_P(PSTR("\r\n TWISTER-256 (\"")); + uart_hexdump(&(stestv[i]), 1); + uart_putstr_P(PSTR("\") = \r\n\t")); + twister256(&hash, &(stestv[i]), stestl[i]); + uart_hexdump(hash, 256/8); + } + + uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-256 test suit (long test) ===")); + char* ltest= "abcdefghbcdefghicdefghijdefghijk" + "efghijklfghijklmghijklmnhijklmno"; + twister256_ctx_t ctx; + twister256_init(&ctx); + uart_putstr_P(PSTR("\r\n TWISTER-256 ( 16777216 x \"")); + uart_putstr(ltest); + uart_putstr_P(PSTR("\") = \r\n\t")); + for(i=0; i<16777216; ++i){ + twister224_nextBlock(&ctx, ltest); + } + twister256_ctx2hash(hash, &ctx); + uart_hexdump(hash, 256/8); +} + + +void testrun_performance_twister256(void){ + uint64_t t; + char str[16]; + uint8_t data[64]; + twister_state_t ctx; + + calibrateTimer(); + print_overhead(); + + memset(data, 0, 64); + + startTimer(1); + twister_small_init(&ctx, 256); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tctx-gen time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + + startTimer(1); + twister_small_nextBlock(&ctx, data); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tone-block time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + + startTimer(1); + twister_small_lastBlock(&ctx, data, 0); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tlast block time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + startTimer(1); + twister_small_ctx2hash(data, &ctx, 256); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tctx2hash time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + uart_putstr_P(PSTR("\r\n")); +} + + +/***************************************************************************** + * main * + *****************************************************************************/ + +int main (void){ + char str[20]; + + + DEBUG_INIT(); + uart_putstr_P(PSTR("\r\n")); + + uart_putstr_P(PSTR("\r\n\r\nCrypto-VS (")); + uart_putstr(algo_name); + uart_putstr_P(PSTR(")\r\nloaded and running\r\n")); + PGM_P u = PSTR("nessie\0test\0performance\0"); + void_fpt v[] = { testrun_nessie_twister256, + testrun_twister256, + testrun_performance_twister256 }; + + while(1){ + if (!getnextwordn(str,20)){DEBUG_S("DBG: W1\r\n"); goto error;} + if(execcommand_d0_P(str, u, v)<0){ + uart_putstr_P(PSTR("\r\nunknown command\r\n")); + } + continue; + error: + uart_putstr("ERROR\r\n"); + } +} + diff --git a/twister-small.c b/twister-small.c new file mode 100644 index 0000000..0713c96 --- /dev/null +++ b/twister-small.c @@ -0,0 +1,154 @@ +/* twister-small.c */ + +#include +#include +#include "memxor.h" +#include "twister-small.h" + +static +void maxi_round3(twister_state_t* ctx, void* msg, uint8_t last_null){ + mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; + mini_round(ctx, msg); + if(last_null){ + blank_round(ctx); + } else { + msg = ((uint8_t*)msg) + 8; + mini_round(ctx, msg); + } +} + +void twister_small_nextBlock(twister_state_t* ctx, void* msg){ + uint8_t tmp[8][8]; + /* round 1 */ + memcpy(tmp, ctx->s, 64); + maxi_round3(ctx, msg, 0); + memxor(ctx->s, tmp, 64); + msg = ((uint8_t*)msg) + 3*8; + /* round 2 */ + memcpy(tmp, ctx->s, 64); + maxi_round3(ctx, msg, 0); + memxor(ctx->s, tmp, 64); + msg = ((uint8_t*)msg) + 3*8; + /* round 3 */ + memcpy(tmp, ctx->s, 64); + maxi_round3(ctx, msg, 1); + memxor(ctx->s, tmp, 64); + ctx->length_counter_b += 512; +} + +void twister_small_init(twister_state_t* ctx, uint16_t hashsize_b){ + memset(ctx->s, 0, 64); + ctx->counter=0xffffffffffffffffLL; + ctx->s[0][7] = hashsize_b>>8; + ctx->s[1][7] = hashsize_b&0xff; + ctx->length_counter_b = 0; +} + +void twister_small_lastBlock(twister_state_t* ctx, void* msg, uint16_t length_b){ + uint8_t tmp[64]; + while(length_b>512){ + twister_small_nextBlock(ctx, msg); + msg = ((uint8_t*)msg)+64; + length_b -= 512; + } + memset(tmp, 0, 64); + memcpy(tmp, msg, (length_b+7)/8); + tmp[length_b/8] |= 0x80 >> (length_b&0x07); + twister_small_nextBlock(ctx, tmp); + ctx->length_counter_b -= 512 - length_b; + mini_round(ctx, &(ctx->length_counter_b)); + blank_round(ctx); +} + +void twister_small_ctx2hash(void* dest, twister_state_t* ctx, uint16_t hashsize_b){ + uint8_t tmp[8][8]; + uint8_t j; + uint16_t i=hashsize_b; + while(i>=64){ + i-=64; + memcpy(tmp,ctx->s, 64); + blank_round(ctx); + memxor(ctx->s, tmp, 64); + blank_round(ctx); + for(j=0; j<8; ++j){ + *((uint8_t*)dest) = ctx->s[7-j][0] ^ tmp[7-j][0]; + dest = (uint8_t*)dest + 1; + } + } + if(i>=32){ + memcpy(tmp,ctx->s, 64); + blank_round(ctx); + memxor(ctx->s, tmp, 64); + blank_round(ctx); + for(j=0; j<4; ++j){ + *((uint8_t*)dest) = ctx->s[3-j][0] ^ tmp[3-j][0]; + dest = (uint8_t*)dest + 1; + } + } +} + +#ifndef NO_TWISTER_256 + +void twister256_init(twister256_ctx_t* ctx){ + twister_small_init(ctx, 256); +} + +void twister256_nextBlock(twister256_ctx_t* ctx, void* msg){ + twister_small_nextBlock(ctx, msg); +} + +void twister256_lastBlock(twister256_ctx_t* ctx, void* msg, uint16_t length_b){ + twister_small_lastBlock(ctx, msg, length_b); +} + +void twister256_ctx2hash(void* dest, twister256_ctx_t* ctx){ + twister_small_ctx2hash(dest, ctx, 256); +} + +void twister256(void* dest, void* msg, uint32_t msg_length_b){ + twister_state_t ctx; + twister_small_init(&ctx, 256); + while(msg_length_b >=512){ + twister_small_nextBlock(&ctx, msg); + msg = (uint8_t*)msg + 512/8; + msg_length_b -= 512; + } + twister_small_lastBlock(&ctx, msg, msg_length_b); + twister_small_ctx2hash(dest, &ctx, 256); +} + +#endif + +#ifndef NO_TWISTER_224 + +void twister224_init(twister224_ctx_t* ctx){ + twister_small_init(ctx, 224); +} + +void twister224_nextBlock(twister224_ctx_t* ctx, void* msg){ + twister_small_nextBlock(ctx, msg); +} + +void twister224_lastBlock(twister224_ctx_t* ctx, void* msg, uint16_t length_b){ + twister_small_lastBlock(ctx, msg, length_b); +} + +void twister224_ctx2hash(void* dest, twister224_ctx_t* ctx){ + twister_small_ctx2hash(dest, ctx, 224); +} + +void twister224(void* dest, void* msg, uint32_t msg_length_b){ + twister_state_t ctx; + twister_small_init(&ctx, 224); + while(msg_length_b >=512){ + twister_small_nextBlock(&ctx, msg); + msg = (uint8_t*)msg + 512/8; + msg_length_b -= 512; + } + twister_small_lastBlock(&ctx, msg, msg_length_b); + twister_small_ctx2hash(dest, &ctx, 224); +} + +#endif + diff --git a/twister-small.h b/twister-small.h new file mode 100644 index 0000000..ca68e35 --- /dev/null +++ b/twister-small.h @@ -0,0 +1,32 @@ +/* twister-small.h */ + +#ifndef TWISTER_SMALL_H_ +#define TWISTER_SMALL_H_ + +#include "twister.h" + +typedef uint8_t twister256_hash_t[256/8]; +typedef uint8_t twister224_hash_t[224/8]; + +typedef twister_state_t twister256_ctx_t; +typedef twister_state_t twister224_ctx_t; + +void twister_small_nextBlock(twister_state_t* ctx, void* msg); +void twister_small_init(twister_state_t* ctx, uint16_t hashsize_b); +void twister_small_lastBlock(twister_state_t* ctx, void* msg, uint16_t length_b); +void twister_small_ctx2hash(void* dest, twister256_ctx_t* ctx, uint16_t hashsize_b); + + +void twister256_init(twister256_ctx_t* ctx); +void twister256_nextBlock(twister256_ctx_t* ctx, void* msg); +void twister256_lastBlock(twister256_ctx_t* ctx, void* msg, uint16_t length_b); +void twister256_ctx2hash(void* dest, twister_state_t* ctx); +void twister256(void* dest, void* msg, uint32_t msg_length_b); + +void twister224_init(twister224_ctx_t* ctx); +void twister224_nextBlock(twister224_ctx_t* ctx, void* msg); +void twister224_lastBlock(twister224_ctx_t* ctx, void* msg, uint16_t length_b); +void twister224_ctx2hash(void* dest, twister224_ctx_t* ctx); +void twister224(void* dest, void* msg, uint32_t msg_length_b); + +#endif /* TWISTER_SMALL_H_ */ diff --git a/twister.c b/twister.c new file mode 100644 index 0000000..a3ab4b5 --- /dev/null +++ b/twister.c @@ -0,0 +1,125 @@ +/* twister.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include "twister.h" +#include "twister_tables.h" +#include "memxor.h" + +#include "gf256mul.h" + +//#define DEBUG + +#ifdef DEBUG +# include "uart.h" +#endif + +#ifdef DEBUG +# define DEBUG_PRINT(ctx, msg) debug_print((ctx), PSTR(msg)) +#else +# define DEBUG_PRINT(ctx, msg) +#endif + +#ifdef DEBUG + +void print_twister_state(twister_state_t* ctx){ + uint8_t i,j; + uart_putstr_P(PSTR("\r\nState:\r\n matrix:\r\n")); + for(i=0; i<8; ++i){ + uart_putstr_P(PSTR("\t[ ")); + uart_hexdump(&(ctx->s[i][0]), 8); + uart_putstr_P(PSTR("]\r\n")); + } + uart_putstr_P(PSTR("counter: ")); + uart_hexdump(&(ctx->counter), 8); + + uart_putstr_P(PSTR("\r\nlength_counter_b: ")); + uart_hexdump(&(ctx->length_counter_b), 8); + uart_putstr_P(PSTR("\r\n")); +} + +void debug_print(twister_state_t* ctx, PGM_P msg){ + uart_putstr_P(PSTR("\r\n")); + uart_putstr_P(msg); + print_twister_state(ctx); +} + +#endif + +static +void shiftrow(void* row, uint8_t shift){ + *((uint64_t*)row) = *((uint64_t*)row)>>(8*shift) | *((uint64_t*)row)<<(64-8*shift); +} + +#define MDS(a,b) pgm_read_byte(&(twister_mds[a][b])) +//#define MULT(a,b) pgm_read_byte(&(twister_multab[a-1][b])) +#define MULT(a,b) gf256mul(a,b, 0x4D) + +void blank_round(twister_state_t* ctx){ + uint8_t i,j; + uint8_t tmp[8][8]; + DEBUG_PRINT(ctx, "blank init"); + /* add twist counter */ + for(i=0; i<8; ++i) + ctx->s[i][1] ^= ((uint8_t*)&(ctx->counter))[7-i]; + ctx->counter--; +// DEBUG_PRINT(ctx, "counter added"); + /* sub bytes */ + for(i=0; i<8; ++i) + for(j=0;j<8;++j) + tmp[i][j] = pgm_read_byte(twister_sbox+ctx->s[i][j]); + /* shift rows */ + for(i=1;i<8; ++i){ + shiftrow(&(tmp[i][0]), i); + } + /* mix columns */ + for( i=0; i<8; i++ ){ + // multiply with mds matrix + for( j=0; j<8; j++ ){ + ctx->s[j][i] = + MULT( MDS(j,0), tmp[0][i] ) ^ + MULT( MDS(j,1), tmp[1][i] ) ^ + MULT( MDS(j,2), tmp[2][i] ) ^ + MULT( MDS(j,3), tmp[3][i] ) ^ + MULT( MDS(j,4), tmp[4][i] ) ^ + MULT( MDS(j,5), tmp[5][i] ) ^ + MULT( MDS(j,6), tmp[6][i] ) ^ + MULT( MDS(j,7), tmp[7][i] ) ; + + } + } + DEBUG_PRINT(ctx, "post MDS"); +} + +void mini_round(twister_state_t* ctx, void* msg){ + /* inject message */ + uint8_t i; + for(i=0; i<8; ++i){ + ctx->s[7][7-i] ^= *((uint8_t*)msg); + msg = (uint8_t*)msg +1; + } + blank_round(ctx); +} + + + + + diff --git a/twister.h b/twister.h new file mode 100644 index 0000000..0764dbb --- /dev/null +++ b/twister.h @@ -0,0 +1,41 @@ +/* twister.h */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file twister.h + * \author Daniel Otte + * \date 2008-12-20 + * \license GPLv3 or later + * + */ + +#ifndef TWISTER_H_ +#define TWISTER_H_ + +#include + +typedef struct { + uint8_t s[8][8]; + uint64_t counter; + uint64_t length_counter_b; +} twister_state_t; + +void blank_round(twister_state_t* ctx); +void mini_round(twister_state_t* ctx, void* msg); + +#endif /* TWISTER_H_ */ diff --git a/twister_tables.h b/twister_tables.h new file mode 100644 index 0000000..96686a1 --- /dev/null +++ b/twister_tables.h @@ -0,0 +1,207 @@ +/****************************************************************** + * S-BOX for Twister + * + * + *******************************************************************/ + +#include +#include + +static const uint8_t twister_sbox[256] PROGMEM = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +}; + + + +/* Twister MDS matrix */ +static const uint8_t twister_mds[8][8] PROGMEM = { + {2, 1, 1, 5, 7, 8, 6, 1}, + {1, 2, 1, 1, 5, 7, 8, 6}, + {6, 1, 2, 1, 1, 5, 7, 8}, + {8, 6, 1, 2, 1, 1, 5, 7}, + {7, 8, 6, 1, 2, 1, 1, 5}, + {5, 7, 8, 6, 1, 2, 1, 1}, + {1, 5, 7, 8, 6, 1, 2, 1}, + {1, 1, 5, 7, 8, 6, 1, 2} +}; + +/* +static const uint8_t twister_multab[8][256] PROGMEM = { + { + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, + 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, + 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, + 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, + 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, + 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, + 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255 + }, + { + 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, + 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, + 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, + 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, + 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, + 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, + 192, 194, 196, 198, 200, 202, 204, 206, 208, 210, 212, 214, 216, 218, 220, 222, + 224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252, 254, + 77, 79, 73, 75, 69, 71, 65, 67, 93, 95, 89, 91, 85, 87, 81, 83, + 109, 111, 105, 107, 101, 103, 97, 99, 125, 127, 121, 123, 117, 119, 113, 115, + 13, 15, 9, 11, 5, 7, 1, 3, 29, 31, 25, 27, 21, 23, 17, 19, + 45, 47, 41, 43, 37, 39, 33, 35, 61, 63, 57, 59, 53, 55, 49, 51, + 205, 207, 201, 203, 197, 199, 193, 195, 221, 223, 217, 219, 213, 215, 209, 211, + 237, 239, 233, 235, 229, 231, 225, 227, 253, 255, 249, 251, 245, 247, 241, 243, + 141, 143, 137, 139, 133, 135, 129, 131, 157, 159, 153, 155, 149, 151, 145, 147, + 173, 175, 169, 171, 165, 167, 161, 163, 189, 191, 185, 187, 181, 183, 177, 179 + }, + { + 0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, + 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34, 33, + 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, + 80, 83, 86, 85, 92, 95, 90, 89, 72, 75, 78, 77, 68, 71, 66, 65, + 192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209, + 240, 243, 246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225, + 160, 163, 166, 165, 172, 175, 170, 169, 184, 187, 190, 189, 180, 183, 178, 177, + 144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129, + 205, 206, 203, 200, 193, 194, 199, 196, 213, 214, 211, 208, 217, 218, 223, 220, + 253, 254, 251, 248, 241, 242, 247, 244, 229, 230, 227, 224, 233, 234, 239, 236, + 173, 174, 171, 168, 161, 162, 167, 164, 181, 182, 179, 176, 185, 186, 191, 188, + 157, 158, 155, 152, 145, 146, 151, 148, 133, 134, 131, 128, 137, 138, 143, 140, + 13, 14, 11, 8, 1, 2, 7, 4, 21, 22, 19, 16, 25, 26, 31, 28, + 61, 62, 59, 56, 49, 50, 55, 52, 37, 38, 35, 32, 41, 42, 47, 44, + 109, 110, 107, 104, 97, 98, 103, 100, 117, 118, 115, 112, 121, 122, 127, 124, + 93, 94, 91, 88, 81, 82, 87, 84, 69, 70, 67, 64, 73, 74, 79, 76 + }, + { + 0, 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, + 64, 68, 72, 76, 80, 84, 88, 92, 96, 100, 104, 108, 112, 116, 120, 124, + 128, 132, 136, 140, 144, 148, 152, 156, 160, 164, 168, 172, 176, 180, 184, 188, + 192, 196, 200, 204, 208, 212, 216, 220, 224, 228, 232, 236, 240, 244, 248, 252, + 77, 73, 69, 65, 93, 89, 85, 81, 109, 105, 101, 97, 125, 121, 117, 113, + 13, 9, 5, 1, 29, 25, 21, 17, 45, 41, 37, 33, 61, 57, 53, 49, + 205, 201, 197, 193, 221, 217, 213, 209, 237, 233, 229, 225, 253, 249, 245, 241, + 141, 137, 133, 129, 157, 153, 149, 145, 173, 169, 165, 161, 189, 185, 181, 177, + 154, 158, 146, 150, 138, 142, 130, 134, 186, 190, 178, 182, 170, 174, 162, 166, + 218, 222, 210, 214, 202, 206, 194, 198, 250, 254, 242, 246, 234, 238, 226, 230, + 26, 30, 18, 22, 10, 14, 2, 6, 58, 62, 50, 54, 42, 46, 34, 38, + 90, 94, 82, 86, 74, 78, 66, 70, 122, 126, 114, 118, 106, 110, 98, 102, + 215, 211, 223, 219, 199, 195, 207, 203, 247, 243, 255, 251, 231, 227, 239, 235, + 151, 147, 159, 155, 135, 131, 143, 139, 183, 179, 191, 187, 167, 163, 175, 171, + 87, 83, 95, 91, 71, 67, 79, 75, 119, 115, 127, 123, 103, 99, 111, 107, + 23, 19, 31, 27, 7, 3, 15, 11, 55, 51, 63, 59, 39, 35, 47, 43 + }, + { + 0, 5, 10, 15, 20, 17, 30, 27, 40, 45, 34, 39, 60, 57, 54, 51, + 80, 85, 90, 95, 68, 65, 78, 75, 120, 125, 114, 119, 108, 105, 102, 99, + 160, 165, 170, 175, 180, 177, 190, 187, 136, 141, 130, 135, 156, 153, 150, 147, + 240, 245, 250, 255, 228, 225, 238, 235, 216, 221, 210, 215, 204, 201, 198, 195, + 13, 8, 7, 2, 25, 28, 19, 22, 37, 32, 47, 42, 49, 52, 59, 62, + 93, 88, 87, 82, 73, 76, 67, 70, 117, 112, 127, 122, 97, 100, 107, 110, + 173, 168, 167, 162, 185, 188, 179, 182, 133, 128, 143, 138, 145, 148, 155, 158, + 253, 248, 247, 242, 233, 236, 227, 230, 213, 208, 223, 218, 193, 196, 203, 206, + 26, 31, 16, 21, 14, 11, 4, 1, 50, 55, 56, 61, 38, 35, 44, 41, + 74, 79, 64, 69, 94, 91, 84, 81, 98, 103, 104, 109, 118, 115, 124, 121, + 186, 191, 176, 181, 174, 171, 164, 161, 146, 151, 152, 157, 134, 131, 140, 137, + 234, 239, 224, 229, 254, 251, 244, 241, 194, 199, 200, 205, 214, 211, 220, 217, + 23, 18, 29, 24, 3, 6, 9, 12, 63, 58, 53, 48, 43, 46, 33, 36, + 71, 66, 77, 72, 83, 86, 89, 92, 111, 106, 101, 96, 123, 126, 113, 116, + 183, 178, 189, 184, 163, 166, 169, 172, 159, 154, 149, 144, 139, 142, 129, 132, + 231, 226, 237, 232, 243, 246, 249, 252, 207, 202, 197, 192, 219, 222, 209, 212 + }, + { + 0, 6, 12, 10, 24, 30, 20, 18, 48, 54, 60, 58, 40, 46, 36, 34, + 96, 102, 108, 106, 120, 126, 116, 114, 80, 86, 92, 90, 72, 78, 68, 66, + 192, 198, 204, 202, 216, 222, 212, 210, 240, 246, 252, 250, 232, 238, 228, 226, + 160, 166, 172, 170, 184, 190, 180, 178, 144, 150, 156, 154, 136, 142, 132, 130, + 205, 203, 193, 199, 213, 211, 217, 223, 253, 251, 241, 247, 229, 227, 233, 239, + 173, 171, 161, 167, 181, 179, 185, 191, 157, 155, 145, 151, 133, 131, 137, 143, + 13, 11, 1, 7, 21, 19, 25, 31, 61, 59, 49, 55, 37, 35, 41, 47, + 109, 107, 97, 103, 117, 115, 121, 127, 93, 91, 81, 87, 69, 67, 73, 79, + 215, 209, 219, 221, 207, 201, 195, 197, 231, 225, 235, 237, 255, 249, 243, 245, + 183, 177, 187, 189, 175, 169, 163, 165, 135, 129, 139, 141, 159, 153, 147, 149, + 23, 17, 27, 29, 15, 9, 3, 5, 39, 33, 43, 45, 63, 57, 51, 53, + 119, 113, 123, 125, 111, 105, 99, 101, 71, 65, 75, 77, 95, 89, 83, 85, + 26, 28, 22, 16, 2, 4, 14, 8, 42, 44, 38, 32, 50, 52, 62, 56, + 122, 124, 118, 112, 98, 100, 110, 104, 74, 76, 70, 64, 82, 84, 94, 88, + 218, 220, 214, 208, 194, 196, 206, 200, 234, 236, 230, 224, 242, 244, 254, 248, + 186, 188, 182, 176, 162, 164, 174, 168, 138, 140, 134, 128, 146, 148, 158, 152 + }, + { + 0, 7, 14, 9, 28, 27, 18, 21, 56, 63, 54, 49, 36, 35, 42, 45, + 112, 119, 126, 121, 108, 107, 98, 101, 72, 79, 70, 65, 84, 83, 90, 93, + 224, 231, 238, 233, 252, 251, 242, 245, 216, 223, 214, 209, 196, 195, 202, 205, + 144, 151, 158, 153, 140, 139, 130, 133, 168, 175, 166, 161, 180, 179, 186, 189, + 141, 138, 131, 132, 145, 150, 159, 152, 181, 178, 187, 188, 169, 174, 167, 160, + 253, 250, 243, 244, 225, 230, 239, 232, 197, 194, 203, 204, 217, 222, 215, 208, + 109, 106, 99, 100, 113, 118, 127, 120, 85, 82, 91, 92, 73, 78, 71, 64, + 29, 26, 19, 20, 1, 6, 15, 8, 37, 34, 43, 44, 57, 62, 55, 48, + 87, 80, 89, 94, 75, 76, 69, 66, 111, 104, 97, 102, 115, 116, 125, 122, + 39, 32, 41, 46, 59, 60, 53, 50, 31, 24, 17, 22, 3, 4, 13, 10, + 183, 176, 185, 190, 171, 172, 165, 162, 143, 136, 129, 134, 147, 148, 157, 154, + 199, 192, 201, 206, 219, 220, 213, 210, 255, 248, 241, 246, 227, 228, 237, 234, + 218, 221, 212, 211, 198, 193, 200, 207, 226, 229, 236, 235, 254, 249, 240, 247, + 170, 173, 164, 163, 182, 177, 184, 191, 146, 149, 156, 155, 142, 137, 128, 135, + 58, 61, 52, 51, 38, 33, 40, 47, 2, 5, 12, 11, 30, 25, 16, 23, + 74, 77, 68, 67, 86, 81, 88, 95, 114, 117, 124, 123, 110, 105, 96, 103 + }, + { + 0, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, + 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224, 232, 240, 248, + 77, 69, 93, 85, 109, 101, 125, 117, 13, 5, 29, 21, 45, 37, 61, 53, + 205, 197, 221, 213, 237, 229, 253, 245, 141, 133, 157, 149, 173, 165, 189, 181, + 154, 146, 138, 130, 186, 178, 170, 162, 218, 210, 202, 194, 250, 242, 234, 226, + 26, 18, 10, 2, 58, 50, 42, 34, 90, 82, 74, 66, 122, 114, 106, 98, + 215, 223, 199, 207, 247, 255, 231, 239, 151, 159, 135, 143, 183, 191, 167, 175, + 87, 95, 71, 79, 119, 127, 103, 111, 23, 31, 7, 15, 55, 63, 39, 47, + 121, 113, 105, 97, 89, 81, 73, 65, 57, 49, 41, 33, 25, 17, 9, 1, + 249, 241, 233, 225, 217, 209, 201, 193, 185, 177, 169, 161, 153, 145, 137, 129, + 52, 60, 36, 44, 20, 28, 4, 12, 116, 124, 100, 108, 84, 92, 68, 76, + 180, 188, 164, 172, 148, 156, 132, 140, 244, 252, 228, 236, 212, 220, 196, 204, + 227, 235, 243, 251, 195, 203, 211, 219, 163, 171, 179, 187, 131, 139, 147, 155, + 99, 107, 115, 123, 67, 75, 83, 91, 35, 43, 51, 59, 3, 11, 19, 27, + 174, 166, 190, 182, 142, 134, 158, 150, 238, 230, 254, 246, 206, 198, 222, 214, + 46, 38, 62, 54, 14, 6, 30, 22, 110, 102, 126, 118, 78, 70, 94, 86 + } +}; + +*/ -- 2.39.2 From cca97d0e0c937aea8b7e0ae5b931da5f80d9ff52 Mon Sep 17 00:00:00 2001 From: bg Date: Sun, 21 Dec 2008 02:06:22 +0000 Subject: [PATCH 15/16] forgot a ; --- test_src/main-twister224-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_src/main-twister224-test.c b/test_src/main-twister224-test.c index 0cf3d6a..a812e2f 100644 --- a/test_src/main-twister224-test.c +++ b/test_src/main-twister224-test.c @@ -117,7 +117,7 @@ void testrun_twister224(void){ for(i=0; i<16777216; ++i){ twister224_nextBlock(&ctx, ltest); } - twister224_ctx2hash(hash, &ctx) + twister224_ctx2hash(hash, &ctx); uart_hexdump(hash, 224/8); } -- 2.39.2 From 0076b72ccd398bf7571c5144ba36eda8a24f6c70 Mon Sep 17 00:00:00 2001 From: bg Date: Mon, 22 Dec 2008 03:19:07 +0000 Subject: [PATCH 16/16] now comes twister-512 --- config.h | 2 +- gf256mul.S | 35 +++- get_test.rb => host/get_test.rb | 0 mkfiles/twister512.mk | 12 ++ test_src/main-twister256-test.c | 13 +- test_src/main-twister512-test.c | 208 ++++++++++++++++++++++++ twister-big.c | 273 ++++++++++++++++++++++++++++++++ twister-big.h | 40 +++++ twister-small.c | 115 +++++++------- twister-small.h | 5 +- twister.c | 78 ++++++--- twister.h | 7 +- twister_tables.h | 45 ++++-- 13 files changed, 733 insertions(+), 100 deletions(-) rename get_test.rb => host/get_test.rb (100%) create mode 100644 mkfiles/twister512.mk create mode 100644 test_src/main-twister512-test.c create mode 100644 twister-big.c create mode 100644 twister-big.h diff --git a/config.h b/config.h index 0a0caf1..ac45eaa 100644 --- a/config.h +++ b/config.h @@ -44,7 +44,7 @@ #define UART_RTS_BIT 0 #define UART_CTS_BIT 1 */ - +//#define TWISTER_MUL_TABLE #define CLI_AUTO_HELP #endif diff --git a/gf256mul.S b/gf256mul.S index 02e85e9..5a47f4e 100644 --- a/gf256mul.S +++ b/gf256mul.S @@ -26,6 +26,8 @@ * */ +#include +#define OPTIMIZE_SMALL_A /* * param a: r24 @@ -36,20 +38,45 @@ A = 21 B = 22 P = 24 .global gf256mul + +#ifdef OPTIMIZE_SMALL_A +gf256mul: + mov r21, r24 + clr r24 +1: + lsr A + breq 4f + brcc 2f + eor P, B +2: + lsl B + brcc 3f + eor B, r20 +3: + rjmp 1b +4: + brcc 2f + eor P, B +2: + ret + +#else + gf256mul: mov r21, r24 clr r24 ldi r25, 8 1: - lsr B + lsr A brcc 2f - eor P, A + eor P, B 2: - lsl A + lsl B brcc 3f - eor A, r20 + eor B, r20 3: dec r25 brne 1b ret +#endif diff --git a/get_test.rb b/host/get_test.rb similarity index 100% rename from get_test.rb rename to host/get_test.rb diff --git a/mkfiles/twister512.mk b/mkfiles/twister512.mk new file mode 100644 index 0000000..a0ce47b --- /dev/null +++ b/mkfiles/twister512.mk @@ -0,0 +1,12 @@ +# Makefile for TWISTER-512 +ALGO_NAME := TWISTER512 + +# comment out the following line for removement of TWISTER-512 from the build process +HASHES += $(ALGO_NAME) + +$(ALGO_NAME)_OBJ := twister.o twister-big.o memxor.o gf256mul.o +$(ALGO_NAME)_TEST_BIN := main-twister512-test.o debug.o uart.o serial-tools.o \ + nessie_hash_test.o nessie_common.o cli.o performance_test.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/test_src/main-twister256-test.c b/test_src/main-twister256-test.c index e6bb300..9467456 100644 --- a/test_src/main-twister256-test.c +++ b/test_src/main-twister256-test.c @@ -71,9 +71,14 @@ void testrun_nessie_twister256(void){ } /***************************************************************************** - * self tests * + * selftests + * *****************************************************************************/ +void print_hash(void* hash){ + uart_hexdump(hash, 256/8); +} + void testrun_twister256(void){ twister256_hash_t hash; char* testv[]={ @@ -92,7 +97,7 @@ void testrun_twister256(void){ uart_putstr(testv[i]); uart_putstr_P(PSTR("\") = \r\n\t")); twister256(&hash, testv[i], strlen(testv[i])*8); - uart_hexdump(hash, 256/8); + print_hash(hash); } uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-256 test suit (short test values) ===")); @@ -103,7 +108,7 @@ void testrun_twister256(void){ uart_hexdump(&(stestv[i]), 1); uart_putstr_P(PSTR("\") = \r\n\t")); twister256(&hash, &(stestv[i]), stestl[i]); - uart_hexdump(hash, 256/8); + print_hash(hash); } uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-256 test suit (long test) ===")); @@ -118,7 +123,7 @@ void testrun_twister256(void){ twister224_nextBlock(&ctx, ltest); } twister256_ctx2hash(hash, &ctx); - uart_hexdump(hash, 256/8); + print_hash(hash); } diff --git a/test_src/main-twister512-test.c b/test_src/main-twister512-test.c new file mode 100644 index 0000000..22309d0 --- /dev/null +++ b/test_src/main-twister512-test.c @@ -0,0 +1,208 @@ +/* main-twister512-test.c */ +/* + This file is part of the Crypto-avr-lib/microcrypt-lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * twister test suit + * +*/ + +#include "config.h" +#include "serial-tools.h" +#include "uart.h" +#include "debug.h" + +#include "twister-big.h" +#include "nessie_hash_test.h" +#include "performance_test.h" + +#include +#include +#include +#include "cli.h" + +char* algo_name = "TWISTER-512"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ +void twister512_init_dummy(void* ctx){ + twister_big_init(ctx, 512); +} + +void twister512_next_dummy(void* buffer, void* ctx){ + twister_big_nextBlock(ctx, buffer); +} + +void twister512_last_dummy(void* buffer, uint16_t size_b, void* ctx){ + twister_big_lastBlock(ctx, buffer, size_b); +} + +void twister512_ctx2hash_dummy(void* buffer, void* ctx){ + twister_big_ctx2hash(buffer, ctx, 512); +} + + +void testrun_nessie_twister512(void){ + nessie_hash_ctx.hashsize_b = 512; + nessie_hash_ctx.blocksize_B = 512/8; + nessie_hash_ctx.ctx_size_B = sizeof(twister_big_ctx_t); + nessie_hash_ctx.name = algo_name; + nessie_hash_ctx.hash_init = (nessie_hash_init_fpt)twister512_init_dummy; + nessie_hash_ctx.hash_next = (nessie_hash_next_fpt)twister512_next_dummy; + nessie_hash_ctx.hash_last = (nessie_hash_last_fpt)twister512_last_dummy; + nessie_hash_ctx.hash_conv = (nessie_hash_conv_fpt)twister512_ctx2hash_dummy; + + nessie_hash_run(); +} + +/****************************************************************************** + * selftests + ******************************************************************************/ + +void print_hash(void* hash){ + uart_hexdump(hash, 256/8); + uart_putstr_P(PSTR("\r\n\t")); + uart_hexdump((uint8_t*)hash+256/8, 256/8); + +} + +void testrun_twister512(void){ + twister512_hash_t hash; + char* testv[]={ + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; + uint32_t i; + + uart_putstr_P(PSTR("\r\n=== TWISTER-512 test suit (MD5 test values) ===")); + for(i=0; i<7; ++i){ + uart_putstr_P(PSTR("\r\n TWISTER-512 (\"")); + uart_putstr(testv[i]); + uart_putstr_P(PSTR("\") = \r\n\t")); + twister512(&hash, testv[i], strlen(testv[i])*8); + print_hash(hash); + // return; + } + + uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-512 test suit (short test values) ===")); + uint8_t stestv[]= {0x00, 0x00, 0xC0, 0xC0, 0x80, 0x48, 0x50}; + uint8_t stestl[]= { 0, 1, 2, 3, 4, 5, 6}; + for(i=0; i<7; ++i){ + uart_putstr_P(PSTR("\r\n TWISTER-512 (\"")); + uart_hexdump(&(stestv[i]), 1); + uart_putstr_P(PSTR("\") = \r\n\t")); + twister512(hash, &(stestv[i]), stestl[i]); + print_hash(hash); + } + + uart_putstr_P(PSTR("\r\n\r\n=== TWISTER-512 test suit (long test) ===")); + char* ltest= "abcdefghbcdefghicdefghijdefghijk" + "efghijklfghijklmghijklmnhijklmno"; + twister512_ctx_t ctx; + twister512_init(&ctx); + uart_putstr_P(PSTR("\r\n TWISTER-512 ( 16777216 x \"")); + uart_putstr(ltest); + uart_putstr_P(PSTR("\") = \r\n\t")); + for(i=0; i<16777216; ++i){ + twister512_nextBlock(&ctx, ltest); + } + twister512_ctx2hash(hash, &ctx); + print_hash(hash); +} + + +void testrun_performance_twister512(void){ + uint64_t t; + char str[16]; + uint8_t data[64]; + twister_big_ctx_t ctx; + + calibrateTimer(); + print_overhead(); + + memset(data, 0, 64); + + startTimer(1); + twister_big_init(&ctx, 512); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tctx-gen time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + + startTimer(1); + twister_big_nextBlock(&ctx, data); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tone-block time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + + startTimer(1); + twister_big_lastBlock(&ctx, data, 0); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tlast block time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + startTimer(1); + twister_big_ctx2hash(data, &ctx, 512); + t = stopTimer(); + uart_putstr_P(PSTR("\r\n\tctx2hash time: ")); + ultoa((unsigned long)t, str, 10); + uart_putstr(str); + + uart_putstr_P(PSTR("\r\n")); +} + + +/***************************************************************************** + * main + * + *****************************************************************************/ + +int main (void){ + char str[20]; + + + DEBUG_INIT(); + uart_putstr_P(PSTR("\r\n")); + + uart_putstr_P(PSTR("\r\n\r\nCrypto-VS (")); + uart_putstr(algo_name); + uart_putstr_P(PSTR(")\r\nloaded and running\r\n")); + PGM_P u = PSTR("nessie\0test\0performance\0"); + void_fpt v[] = { testrun_nessie_twister512, + testrun_twister512, + testrun_performance_twister512 }; + + while(1){ + if (!getnextwordn(str,20)){DEBUG_S("DBG: W1\r\n"); goto error;} + if(execcommand_d0_P(str, u, v)<0){ + uart_putstr_P(PSTR("\r\nunknown command\r\n")); + } + continue; + error: + uart_putstr("ERROR\r\n"); + } +} + diff --git a/twister-big.c b/twister-big.c new file mode 100644 index 0000000..9c8cef7 --- /dev/null +++ b/twister-big.c @@ -0,0 +1,273 @@ +/* twister-big.c */ + +#include +#include +#include "memxor.h" +#include "twister.h" +#include "twister-big.h" + +#undef DEBUG +#define DEBUG + +#ifdef DEBUG +#include +#include "uart.h" +void print_checksum(twister_big_ctx_t* ctx, PGM_P s){ + uint8_t i; + uart_putstr_P(PSTR("\r\n")); + uart_putstr_P(s); + uart_putstr_P(PSTR("\r\n checksum:\r\n")); + for(i=0; i<8; ++i){ + uart_putstr_P(PSTR(" [ ")); + uart_hexdump(&(ctx->checksum[i][0]), 8); + uart_putstr_P(PSTR("]\r\n")); + } +} + +void print_matrix(void* m, PGM_P s){ + uint8_t i; + uart_putstr_P(PSTR("\r\n")); + uart_putstr_P(s); + uart_putstr_P(PSTR("\r\n matrix:\r\n")); + for(i=0; i<8; ++i){ + uart_putstr_P(PSTR(" [ ")); + uart_hexdump(((uint8_t*)m)+i*8, 8); + uart_putstr_P(PSTR("]\r\n")); + } +} + +#define DEBUG_CHKSUM(a,s) print_checksum((a),PSTR(s)) +#else +#define DEBUG_CHKSUM(a,s) +#endif + + +#ifdef DEBUG +# define DEBUG_PRINT(ctx, msg) debug_print((ctx), PSTR(msg)) +#else +# define DEBUG_PRINT(ctx, msg) +#endif + +#ifdef DEBUG + +void print_twister_state(twister_state_t* ctx){ + uint8_t i; + uart_putstr_P(PSTR("\r\nState:\r\n matrix:\r\n")); + for(i=0; i<8; ++i){ + uart_putstr_P(PSTR("\t[ ")); + uart_hexdump(&(ctx->s[i][0]), 8); + uart_putstr_P(PSTR("]\r\n")); + } + uart_putstr_P(PSTR("counter: ")); + uart_hexdump(&(ctx->counter), 8); + + uart_putstr_P(PSTR("\r\nlength_counter_b: ")); + uart_hexdump(&(ctx->length_counter_b), 8); + uart_putstr_P(PSTR("\r\n")); +} + +void debug_print(twister_state_t* ctx, PGM_P msg){ + uart_putstr_P(PSTR("\r\n")); + uart_putstr_P(msg); + print_twister_state(ctx); +} + +#endif + +void transp_matrix(void* dest, void* src){ + uint8_t i,j; + for(i=0; i<8; i++){ + for(j=0; j<8; ++j){ + ((uint8_t*)dest)[i*8+j] = ((uint8_t*)src)[j*8+i]; + } + } +} + +static +void checksum_update(twister_big_ctx_t* ctx, uint8_t col){ + uint8_t i, col2; + uint8_t carry = 0; + int sum = 0; + + col2 = (col+1)%8; + + for( i=0; i<8; i++ ) + { + sum = (int) ctx->checksum[col2][7-i] + + (int) ctx->state.s[7-i][0] /* col or 0 ???*/ + + carry; + ctx->checksum[col][7-i] ^= (uint8_t)sum; + carry = sum>>8; + + } +// DEBUG_CHKSUM(ctx, "post run"); +} + +void twister_big_init(twister_big_ctx_t* ctx, uint16_t hashsize_b){ + memset(ctx->state.s, 0, 64); + memset(ctx->checksum, 0, 64); + ctx->state.counter=0xffffffffffffffffLL; + ctx->state.s[0][7] = hashsize_b>>8; + ctx->state.s[1][7] = hashsize_b&0xff; + ctx->state.length_counter_b = 0; +} + +void twister_big_nextBlock(twister_big_ctx_t* ctx, void* msg){ + uint8_t tmp[8][8]; + + /* 1st maxi round */ + memcpy(tmp, ctx->state.s, 64); + checksum_update(ctx, 0); + twister_mini_round(&(ctx->state), msg); + msg = (uint8_t*)msg + 8; + + checksum_update(ctx, 1); + twister_mini_round(&(ctx->state), msg); + msg = (uint8_t*)msg + 8; + + checksum_update(ctx, 2); + twister_mini_round(&(ctx->state), msg); + msg = (uint8_t*)msg + 8; + memxor(ctx->state.s, tmp, 64); + + /* 2nd maxi round */ + memcpy(tmp, ctx->state.s, 64); + checksum_update(ctx, 3); + twister_mini_round(&(ctx->state), msg); + msg = (uint8_t*)msg + 8; + + twister_blank_round(&(ctx->state)); + + checksum_update(ctx, 4); + twister_mini_round(&(ctx->state), msg); + msg = (uint8_t*)msg + 8; + memxor(ctx->state.s, tmp, 64); + + /* 3rd maxi round */ + memcpy(tmp, ctx->state.s, 64); + checksum_update(ctx, 5); + twister_mini_round(&(ctx->state), msg); + msg = (uint8_t*)msg + 8; + + checksum_update(ctx, 6); + twister_mini_round(&(ctx->state), msg); + msg = (uint8_t*)msg + 8; + + checksum_update(ctx, 7); + twister_mini_round(&(ctx->state), msg); + + twister_blank_round(&(ctx->state)); + memxor(ctx->state.s, tmp, 64); + ctx->state.length_counter_b += 512; +} + +void twister_inject_chksum(twister_big_ctx_t* ctx, uint8_t col){ + *((uint64_t*)(&ctx->state.s[7][0])) ^= *((uint64_t*)(&ctx->checksum[col][0])); + twister_blank_round(&ctx->state); +} + +void twister_big_lastBlock(twister_big_ctx_t* ctx, void* msg, uint16_t length_b){ + uint8_t tmp[64]; + while(length_b>512){ + twister_big_nextBlock(ctx, msg); + msg = ((uint8_t*)msg)+64; + length_b -= 512; + } + memset(tmp, 0, 64); + memcpy(tmp, msg, (length_b+7)/8); + tmp[length_b/8] |= 0x80 >> (length_b&0x07); + twister_big_nextBlock(ctx, tmp); + ctx->state.length_counter_b -= 512 - length_b; + twister_mini_round(&(ctx->state), &(ctx->state.length_counter_b)); + +// DEBUG_PRINT(&(ctx->state), "pre check-round"); + + memcpy(tmp, ctx->state.s, 64); + twister_inject_chksum(ctx, 0); + twister_inject_chksum(ctx, 1); + twister_inject_chksum(ctx, 2); + memxor(ctx->state.s, tmp, 64); + + memcpy(tmp, ctx->state.s, 64); + twister_inject_chksum(ctx, 3); + twister_inject_chksum(ctx, 4); + twister_inject_chksum(ctx, 5); + memxor(ctx->state.s, tmp, 64); + + memcpy(tmp, ctx->state.s, 64); + twister_inject_chksum(ctx, 6); + twister_inject_chksum(ctx, 7); + twister_blank_round(&(ctx->state)); + memxor(ctx->state.s, tmp, 64); + + +// DEBUG_PRINT(&(ctx->state), "post check-round"); +} + +void twister_big_ctx2hash(void* dest, twister_big_ctx_t* ctx, uint16_t hashsize_b){ + twister_ctx2hash(dest, &(ctx->state), hashsize_b); +} + +/******************************************************************************/ +/******************************************************************************/ + +void twister384_init(twister384_ctx_t* ctx){ + twister_big_init(ctx, 384); +} + +void twister384_nextBlock(twister384_ctx_t* ctx, void* msg){ + twister_big_nextBlock(ctx, msg); +} + +void twister384_lastBlock(twister384_ctx_t* ctx, void* msg, uint16_t length_b){ + twister_big_lastBlock(ctx, msg, length_b); +} + +void twister384_ctx2hash(void* dest, twister384_ctx_t* ctx){ + twister_big_ctx2hash(dest, ctx, 384); +} + +void twister384(void* dest, void* msg, uint32_t msg_length_b){ + twister_big_ctx_t ctx; + twister_big_init(&ctx, 384); + while(msg_length_b >=512){ + twister_big_nextBlock(&ctx, msg); + msg = (uint8_t*)msg + 512/8; + msg_length_b -= 512; + } + twister_big_lastBlock(&ctx, msg, msg_length_b); + twister_big_ctx2hash(dest, &ctx, 384); +} + +/******************************************************************************/ + +void twister512_init(twister512_ctx_t* ctx){ + twister_big_init(ctx, 512); +} + +void twister512_nextBlock(twister512_ctx_t* ctx, void* msg){ + twister_big_nextBlock(ctx, msg); +} + +void twister512_lastBlock(twister512_ctx_t* ctx, void* msg, uint16_t length_b){ + twister_big_lastBlock(ctx, msg, length_b); +} + +void twister512_ctx2hash(void* dest, twister512_ctx_t* ctx){ + twister_big_ctx2hash(dest, ctx, 512); +} + +void twister512(void* dest, void* msg, uint32_t msg_length_b){ + twister_big_ctx_t ctx; + twister_big_init(&ctx, 512); + while(msg_length_b >=512){ + twister_big_nextBlock(&ctx, msg); + msg = (uint8_t*)msg + 512/8; + msg_length_b -= 512; + } + twister_big_lastBlock(&ctx, msg, msg_length_b); + twister_big_ctx2hash(dest, &ctx, 512); +} + + + diff --git a/twister-big.h b/twister-big.h new file mode 100644 index 0000000..69be069 --- /dev/null +++ b/twister-big.h @@ -0,0 +1,40 @@ +/* twister-big.h */ + +#ifndef TWISTER_BIG_H_ +#define TWISTER_BIG_H_ + +#include +#include "twister.h" + +typedef uint8_t twister384_hash_t[384/8]; +typedef uint8_t twister512_hash_t[512/8]; + +typedef struct { + twister_state_t state; + twister_checksum_t checksum; +} twister_big_ctx_t; + +typedef twister_big_ctx_t twister384_ctx_t; +typedef twister_big_ctx_t twister512_ctx_t; + +void twister_big_nextBlock(twister_big_ctx_t* ctx, void* msg); +void twister_big_init(twister_big_ctx_t* ctx, uint16_t hashsize_b); +void twister_big_lastBlock(twister_big_ctx_t* ctx, void* msg, uint16_t length_b); +void twister_big_ctx2hash(void* dest, twister_big_ctx_t* ctx, uint16_t hashsize_b); + + +void twister384_init(twister384_ctx_t* ctx); +void twister384_nextBlock(twister384_ctx_t* ctx, void* msg); +void twister384_lastBlock(twister384_ctx_t* ctx, void* msg, uint16_t length_b); +void twister384_ctx2hash(void* dest, twister384_ctx_t* ctx); +void twister384(void* dest, void* msg, uint32_t msg_length_b); + +void twister512_init(twister512_ctx_t* ctx); +void twister512_nextBlock(twister512_ctx_t* ctx, void* msg); +void twister512_lastBlock(twister512_ctx_t* ctx, void* msg, uint16_t length_b); +void twister512_ctx2hash(void* dest, twister512_ctx_t* ctx); +void twister512(void* dest, void* msg, uint32_t msg_length_b); + + +#endif /* TWISTER_BIG_H_ */ + diff --git a/twister-small.c b/twister-small.c index 0713c96..68e8e82 100644 --- a/twister-small.c +++ b/twister-small.c @@ -5,45 +5,51 @@ #include "memxor.h" #include "twister-small.h" -static -void maxi_round3(twister_state_t* ctx, void* msg, uint8_t last_null){ - mini_round(ctx, msg); - msg = ((uint8_t*)msg) + 8; - mini_round(ctx, msg); - if(last_null){ - blank_round(ctx); - } else { - msg = ((uint8_t*)msg) + 8; - mini_round(ctx, msg); - } +/*********************************************************************/ + +void twister_small_init(twister_state_t* ctx, uint16_t hashsize_b){ + memset(ctx->s, 0, 64); + ctx->counter=0xffffffffffffffffLL; + ctx->s[0][7] = hashsize_b>>8; + ctx->s[1][7] = hashsize_b&0xff; + ctx->length_counter_b = 0; } +/*********************************************************************/ + void twister_small_nextBlock(twister_state_t* ctx, void* msg){ uint8_t tmp[8][8]; /* round 1 */ memcpy(tmp, ctx->s, 64); - maxi_round3(ctx, msg, 0); + twister_mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; + twister_mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; + twister_mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; memxor(ctx->s, tmp, 64); - msg = ((uint8_t*)msg) + 3*8; + /* round 2 */ memcpy(tmp, ctx->s, 64); - maxi_round3(ctx, msg, 0); + twister_mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; + twister_mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; + twister_mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; memxor(ctx->s, tmp, 64); - msg = ((uint8_t*)msg) + 3*8; + /* round 3 */ memcpy(tmp, ctx->s, 64); - maxi_round3(ctx, msg, 1); + twister_mini_round(ctx, msg); + msg = ((uint8_t*)msg) + 8; + twister_mini_round(ctx, msg); + twister_blank_round(ctx); memxor(ctx->s, tmp, 64); ctx->length_counter_b += 512; } -void twister_small_init(twister_state_t* ctx, uint16_t hashsize_b){ - memset(ctx->s, 0, 64); - ctx->counter=0xffffffffffffffffLL; - ctx->s[0][7] = hashsize_b>>8; - ctx->s[1][7] = hashsize_b&0xff; - ctx->length_counter_b = 0; -} +/*********************************************************************/ void twister_small_lastBlock(twister_state_t* ctx, void* msg, uint16_t length_b){ uint8_t tmp[64]; @@ -57,55 +63,45 @@ void twister_small_lastBlock(twister_state_t* ctx, void* msg, uint16_t length_b) tmp[length_b/8] |= 0x80 >> (length_b&0x07); twister_small_nextBlock(ctx, tmp); ctx->length_counter_b -= 512 - length_b; - mini_round(ctx, &(ctx->length_counter_b)); - blank_round(ctx); + twister_mini_round(ctx, &(ctx->length_counter_b)); + twister_blank_round(ctx); } +/*********************************************************************/ + void twister_small_ctx2hash(void* dest, twister_state_t* ctx, uint16_t hashsize_b){ - uint8_t tmp[8][8]; - uint8_t j; - uint16_t i=hashsize_b; - while(i>=64){ - i-=64; - memcpy(tmp,ctx->s, 64); - blank_round(ctx); - memxor(ctx->s, tmp, 64); - blank_round(ctx); - for(j=0; j<8; ++j){ - *((uint8_t*)dest) = ctx->s[7-j][0] ^ tmp[7-j][0]; - dest = (uint8_t*)dest + 1; - } - } - if(i>=32){ - memcpy(tmp,ctx->s, 64); - blank_round(ctx); - memxor(ctx->s, tmp, 64); - blank_round(ctx); - for(j=0; j<4; ++j){ - *((uint8_t*)dest) = ctx->s[3-j][0] ^ tmp[3-j][0]; - dest = (uint8_t*)dest + 1; - } - } + twister_ctx2hash(dest, ctx, hashsize_b); } +/*********************************************************************/ +/*********************************************************************/ + #ifndef NO_TWISTER_256 void twister256_init(twister256_ctx_t* ctx){ twister_small_init(ctx, 256); } +/*********************************************************************/ + void twister256_nextBlock(twister256_ctx_t* ctx, void* msg){ twister_small_nextBlock(ctx, msg); } +/*********************************************************************/ + void twister256_lastBlock(twister256_ctx_t* ctx, void* msg, uint16_t length_b){ twister_small_lastBlock(ctx, msg, length_b); } +/*********************************************************************/ + void twister256_ctx2hash(void* dest, twister256_ctx_t* ctx){ - twister_small_ctx2hash(dest, ctx, 256); + twister_ctx2hash(dest, ctx, 256); } +/*********************************************************************/ + void twister256(void* dest, void* msg, uint32_t msg_length_b){ twister_state_t ctx; twister_small_init(&ctx, 256); @@ -115,29 +111,42 @@ void twister256(void* dest, void* msg, uint32_t msg_length_b){ msg_length_b -= 512; } twister_small_lastBlock(&ctx, msg, msg_length_b); - twister_small_ctx2hash(dest, &ctx, 256); + twister_ctx2hash(dest, &ctx, 256); } +/*********************************************************************/ + #endif +/*********************************************************************/ +/*********************************************************************/ + #ifndef NO_TWISTER_224 void twister224_init(twister224_ctx_t* ctx){ twister_small_init(ctx, 224); } +/*********************************************************************/ + void twister224_nextBlock(twister224_ctx_t* ctx, void* msg){ twister_small_nextBlock(ctx, msg); } +/*********************************************************************/ + void twister224_lastBlock(twister224_ctx_t* ctx, void* msg, uint16_t length_b){ twister_small_lastBlock(ctx, msg, length_b); } +/*********************************************************************/ + void twister224_ctx2hash(void* dest, twister224_ctx_t* ctx){ - twister_small_ctx2hash(dest, ctx, 224); + twister_ctx2hash(dest, ctx, 224); } +/*********************************************************************/ + void twister224(void* dest, void* msg, uint32_t msg_length_b){ twister_state_t ctx; twister_small_init(&ctx, 224); @@ -147,7 +156,7 @@ void twister224(void* dest, void* msg, uint32_t msg_length_b){ msg_length_b -= 512; } twister_small_lastBlock(&ctx, msg, msg_length_b); - twister_small_ctx2hash(dest, &ctx, 224); + twister_ctx2hash(dest, &ctx, 224); } #endif diff --git a/twister-small.h b/twister-small.h index ca68e35..ebc27b5 100644 --- a/twister-small.h +++ b/twister-small.h @@ -3,6 +3,7 @@ #ifndef TWISTER_SMALL_H_ #define TWISTER_SMALL_H_ +#include #include "twister.h" typedef uint8_t twister256_hash_t[256/8]; @@ -11,10 +12,10 @@ typedef uint8_t twister224_hash_t[224/8]; typedef twister_state_t twister256_ctx_t; typedef twister_state_t twister224_ctx_t; -void twister_small_nextBlock(twister_state_t* ctx, void* msg); void twister_small_init(twister_state_t* ctx, uint16_t hashsize_b); void twister_small_lastBlock(twister_state_t* ctx, void* msg, uint16_t length_b); -void twister_small_ctx2hash(void* dest, twister256_ctx_t* ctx, uint16_t hashsize_b); +void twister_small_ctx2hash(void* dest, twister_state_t* ctx, uint16_t hashsize_b); +void twister_small_nextBlock(twister_state_t* ctx, void* msg); void twister256_init(twister256_ctx_t* ctx); diff --git a/twister.c b/twister.c index a3ab4b5..f57ca32 100644 --- a/twister.c +++ b/twister.c @@ -17,6 +17,7 @@ along with this program. If not, see . */ +#include "config.h" #include #include #include @@ -24,9 +25,11 @@ #include "twister_tables.h" #include "memxor.h" -#include "gf256mul.h" +#ifndef TWISTER_MUL_TABLE +# include "gf256mul.h" +#endif -//#define DEBUG +#undef DEBUG #ifdef DEBUG # include "uart.h" @@ -41,7 +44,7 @@ #ifdef DEBUG void print_twister_state(twister_state_t* ctx){ - uint8_t i,j; + uint8_t i; uart_putstr_P(PSTR("\r\nState:\r\n matrix:\r\n")); for(i=0; i<8; ++i){ uart_putstr_P(PSTR("\t[ ")); @@ -70,10 +73,13 @@ void shiftrow(void* row, uint8_t shift){ } #define MDS(a,b) pgm_read_byte(&(twister_mds[a][b])) -//#define MULT(a,b) pgm_read_byte(&(twister_multab[a-1][b])) -#define MULT(a,b) gf256mul(a,b, 0x4D) -void blank_round(twister_state_t* ctx){ +#ifdef TWISTER_MUL_TABLE +# define MULT(a,b) pgm_read_byte(&(twister_multab[a][b])) +#else +# define MULT(a,b) gf256mul(a,b, 0x4D) +#endif +void twister_blank_round(twister_state_t* ctx){ uint8_t i,j; uint8_t tmp[8][8]; DEBUG_PRINT(ctx, "blank init"); @@ -91,35 +97,59 @@ void blank_round(twister_state_t* ctx){ shiftrow(&(tmp[i][0]), i); } /* mix columns */ - for( i=0; i<8; i++ ){ - // multiply with mds matrix - for( j=0; j<8; j++ ){ - ctx->s[j][i] = - MULT( MDS(j,0), tmp[0][i] ) ^ - MULT( MDS(j,1), tmp[1][i] ) ^ - MULT( MDS(j,2), tmp[2][i] ) ^ - MULT( MDS(j,3), tmp[3][i] ) ^ - MULT( MDS(j,4), tmp[4][i] ) ^ - MULT( MDS(j,5), tmp[5][i] ) ^ - MULT( MDS(j,6), tmp[6][i] ) ^ - MULT( MDS(j,7), tmp[7][i] ) ; - - } + for( i=0; i<8; i++ ){ + // multiply with mds matrix + for( j=0; j<8; j++ ){ + ctx->s[j][i] = + MULT( MDS(j,0), tmp[0][i] ) ^ + MULT( MDS(j,1), tmp[1][i] ) ^ + MULT( MDS(j,2), tmp[2][i] ) ^ + MULT( MDS(j,3), tmp[3][i] ) ^ + MULT( MDS(j,4), tmp[4][i] ) ^ + MULT( MDS(j,5), tmp[5][i] ) ^ + MULT( MDS(j,6), tmp[6][i] ) ^ + MULT( MDS(j,7), tmp[7][i] ) ; + + } } DEBUG_PRINT(ctx, "post MDS"); } -void mini_round(twister_state_t* ctx, void* msg){ +void twister_mini_round(twister_state_t* ctx, void* msg){ /* inject message */ uint8_t i; for(i=0; i<8; ++i){ ctx->s[7][7-i] ^= *((uint8_t*)msg); msg = (uint8_t*)msg +1; } - blank_round(ctx); + twister_blank_round(ctx); } - - +void twister_ctx2hash(void* dest, twister_state_t* ctx, uint16_t hashsize_b){ + uint8_t tmp[8][8]; + uint8_t j; + uint16_t i=hashsize_b; + while(i>=64){ + i-=64; + memcpy(tmp,ctx->s, 64); + twister_blank_round(ctx); + memxor(ctx->s, tmp, 64); + twister_blank_round(ctx); + for(j=0; j<8; ++j){ + *((uint8_t*)dest) = ctx->s[7-j][0] ^ tmp[7-j][0]; + dest = (uint8_t*)dest + 1; + } + } + if(i>=32){ + memcpy(tmp,ctx->s, 64); + twister_blank_round(ctx); + memxor(ctx->s, tmp, 64); + twister_blank_round(ctx); + for(j=0; j<4; ++j){ + *((uint8_t*)dest) = ctx->s[3-j][0] ^ tmp[3-j][0]; + dest = (uint8_t*)dest + 1; + } + } +} diff --git a/twister.h b/twister.h index 0764dbb..88850b6 100644 --- a/twister.h +++ b/twister.h @@ -35,7 +35,10 @@ typedef struct { uint64_t length_counter_b; } twister_state_t; -void blank_round(twister_state_t* ctx); -void mini_round(twister_state_t* ctx, void* msg); +typedef uint8_t twister_checksum_t[8][8]; + +void twister_blank_round(twister_state_t* ctx); +void twister_mini_round(twister_state_t* ctx, void* msg); +void twister_ctx2hash(void* dest, twister_state_t* ctx, uint16_t hashsize_b); #endif /* TWISTER_H_ */ diff --git a/twister_tables.h b/twister_tables.h index 96686a1..b0f145c 100644 --- a/twister_tables.h +++ b/twister_tables.h @@ -4,6 +4,7 @@ * *******************************************************************/ +#include "config.h" #include #include @@ -42,6 +43,7 @@ static const uint8_t twister_sbox[256] PROGMEM = { 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 }; +#ifndef TWISTER_MUL_TABLE /* Twister MDS matrix */ @@ -56,9 +58,30 @@ static const uint8_t twister_mds[8][8] PROGMEM = { {1, 1, 5, 7, 8, 6, 1, 2} }; -/* +#else + +#define S1 0 +#define S2 1 +#define S3 X +#define S4 X +#define S5 2 +#define S6 3 +#define S7 4 +#define S8 5 + +static const uint8_t twister_mds[8][8] PROGMEM = { + {S2, S1, S1, S5, S7, S8, S6, S1}, + {S1, S2, S1, S1, S5, S7, S8, S6}, + {S6, S1, S2, S1, S1, S5, S7, S8}, + {S8, S6, S1, S2, S1, S1, S5, S7}, + {S7, S8, S6, S1, S2, S1, S1, S5}, + {S5, S7, S8, S6, S1, S2, S1, S1}, + {S1, S5, S7, S8, S6, S1, S2, S1}, + {S1, S1, S5, S7, S8, S6, S1, S2} +}; + static const uint8_t twister_multab[8][256] PROGMEM = { - { + { /* 1 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -76,7 +99,7 @@ static const uint8_t twister_multab[8][256] PROGMEM = { 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255 }, - { + { /* 2 */ 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, @@ -94,7 +117,7 @@ static const uint8_t twister_multab[8][256] PROGMEM = { 141, 143, 137, 139, 133, 135, 129, 131, 157, 159, 153, 155, 149, 151, 145, 147, 173, 175, 169, 171, 165, 167, 161, 163, 189, 191, 185, 187, 181, 183, 177, 179 }, - { +/* { / * 3 * / 0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17, 48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34, 33, 96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113, @@ -112,7 +135,7 @@ static const uint8_t twister_multab[8][256] PROGMEM = { 109, 110, 107, 104, 97, 98, 103, 100, 117, 118, 115, 112, 121, 122, 127, 124, 93, 94, 91, 88, 81, 82, 87, 84, 69, 70, 67, 64, 73, 74, 79, 76 }, - { + { / * 4 * / 0, 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 148, 152, 156, 160, 164, 168, 172, 176, 180, 184, 188, @@ -130,7 +153,7 @@ static const uint8_t twister_multab[8][256] PROGMEM = { 87, 83, 95, 91, 71, 67, 79, 75, 119, 115, 127, 123, 103, 99, 111, 107, 23, 19, 31, 27, 7, 3, 15, 11, 55, 51, 63, 59, 39, 35, 47, 43 }, - { +*/ { /* 5 */ 0, 5, 10, 15, 20, 17, 30, 27, 40, 45, 34, 39, 60, 57, 54, 51, 80, 85, 90, 95, 68, 65, 78, 75, 120, 125, 114, 119, 108, 105, 102, 99, 160, 165, 170, 175, 180, 177, 190, 187, 136, 141, 130, 135, 156, 153, 150, 147, @@ -148,7 +171,7 @@ static const uint8_t twister_multab[8][256] PROGMEM = { 183, 178, 189, 184, 163, 166, 169, 172, 159, 154, 149, 144, 139, 142, 129, 132, 231, 226, 237, 232, 243, 246, 249, 252, 207, 202, 197, 192, 219, 222, 209, 212 }, - { + { /* 6 */ 0, 6, 12, 10, 24, 30, 20, 18, 48, 54, 60, 58, 40, 46, 36, 34, 96, 102, 108, 106, 120, 126, 116, 114, 80, 86, 92, 90, 72, 78, 68, 66, 192, 198, 204, 202, 216, 222, 212, 210, 240, 246, 252, 250, 232, 238, 228, 226, @@ -166,7 +189,7 @@ static const uint8_t twister_multab[8][256] PROGMEM = { 218, 220, 214, 208, 194, 196, 206, 200, 234, 236, 230, 224, 242, 244, 254, 248, 186, 188, 182, 176, 162, 164, 174, 168, 138, 140, 134, 128, 146, 148, 158, 152 }, - { + { /* 7 */ 0, 7, 14, 9, 28, 27, 18, 21, 56, 63, 54, 49, 36, 35, 42, 45, 112, 119, 126, 121, 108, 107, 98, 101, 72, 79, 70, 65, 84, 83, 90, 93, 224, 231, 238, 233, 252, 251, 242, 245, 216, 223, 214, 209, 196, 195, 202, 205, @@ -184,7 +207,7 @@ static const uint8_t twister_multab[8][256] PROGMEM = { 58, 61, 52, 51, 38, 33, 40, 47, 2, 5, 12, 11, 30, 25, 16, 23, 74, 77, 68, 67, 86, 81, 88, 95, 114, 117, 124, 123, 110, 105, 96, 103 }, - { + { /* 8 */ 0, 8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224, 232, 240, 248, 77, 69, 93, 85, 109, 101, 125, 117, 13, 5, 29, 21, 45, 37, 61, 53, @@ -204,4 +227,6 @@ static const uint8_t twister_multab[8][256] PROGMEM = { } }; -*/ +#endif + + -- 2.39.2