--- /dev/null
+/* mugi.c */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file mugi.c
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-02-15
+ * \brief implementation of the MUGI key stream generator
+ * \license GPLv3 or later
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <avr/pgmspace.h>
+#include "aes_sbox.h"
+#include "mugi.h"
+#include "gf256mul.h"
+
+/*
+#include "test_src/cli.h" / * only for debugging * /
+
+void dump_mugi_ctx(mugi_ctx_t* ctx){
+ uint8_t i;
+ cli_putstr_P(PSTR("\r\n== MUGI CTX DUMP==\r\n a:"));
+ cli_hexdump(&(ctx->a[0]), 8);
+ cli_putc(' ');
+ cli_hexdump(&(ctx->a[1]), 8);
+ cli_putc(' ');
+ cli_hexdump(&(ctx->a[2]), 8);
+ cli_putstr_P(PSTR("\r\n b: "));
+ for(i=0; i<4; ++i){
+ cli_putstr_P(PSTR("\r\n "));
+ cli_hexdump(&(ctx->b[i*4+0]), 8);
+ cli_putc(' ');
+ cli_hexdump(&(ctx->b[i*4+1]), 8);
+ cli_putc(' ');
+ cli_hexdump(&(ctx->b[i*4+2]), 8);
+ cli_putc(' ');
+ cli_hexdump(&(ctx->b[i*4+3]), 8);
+ }
+}
+*/
+
+#define C0 0x08c9bcf367e6096all
+#define C1 0x3ba7ca8485ae67bbll
+#define C2 0x2bf894fe72f36e3cll
+
+#define GF256MUL_2(a) (gf256mul(2, (a), 0x1b))
+
+uint64_t changeendian64(uint64_t a){
+ uint8_t r[8];
+ r[0] = ((uint8_t*)&a)[7];
+ r[1] = ((uint8_t*)&a)[6];
+ r[2] = ((uint8_t*)&a)[5];
+ r[3] = ((uint8_t*)&a)[4];
+ r[4] = ((uint8_t*)&a)[3];
+ r[5] = ((uint8_t*)&a)[2];
+ r[6] = ((uint8_t*)&a)[1];
+ r[7] = ((uint8_t*)&a)[0];
+ return *((uint64_t*)r);
+}
+
+static
+uint64_t rotl64(uint64_t a, uint8_t i){
+ uint64_t r;
+ r=changeendian64(a);
+ r=(r<<i | r>>(64-i));
+ r=changeendian64(r);
+ return r;
+}
+
+static
+uint64_t rotr64(uint64_t a, uint8_t i){
+ uint64_t r;
+ r=changeendian64(a);
+ r=(r>>i | r<<(64-i));
+ r=changeendian64(r);
+ return r;
+}
+
+
+#define T(x) (((uint8_t*)&t)[(x)])
+#define D(y) (((uint8_t*)dest)[(y)])
+static void mugi_f(uint64_t* dest, uint64_t* a, uint64_t* b){
+ uint64_t t;
+ uint8_t i,x;
+ t = (*a);
+ if(b)
+ t ^= (*b);
+ for(i=0; i<8; ++i)
+ T(i) = pgm_read_byte(aes_sbox+T(i));
+
+ x = T(0) ^ T(1) ^ T(2) ^ T(3);
+ D(4) =
+ GF256MUL_2(T(0)^T(1))
+ ^ T(0)
+ ^ x;
+ D(5) =
+ GF256MUL_2(T(1)^T(2))
+ ^ T(1)
+ ^ x;
+ D(2) =
+ GF256MUL_2(T(2)^T(3))
+ ^ T(2)
+ ^ x;
+ D(3) =
+ GF256MUL_2(T(3)^T(0))
+ ^ T(3)
+ ^ x;
+ x = T(4) ^ T(5) ^ T(6) ^ T(7);
+ D(0) =
+ GF256MUL_2(T(4)^T(5))
+ ^ T(4)
+ ^ x;
+ D(1) =
+ GF256MUL_2(T(5)^T(6))
+ ^ T(5)
+ ^ x;
+ D(6) =
+ GF256MUL_2(T(6)^T(7))
+ ^ T(6)
+ ^ x;
+ D(7) =
+ GF256MUL_2(T(7)^T(4))
+ ^ T(7)
+ ^ x;
+}
+
+static
+void mugi_rho(mugi_ctx_t* ctx){
+ uint64_t t,bx;
+ t = ctx->a[1];
+ ctx->a[1] = ctx->a[2];
+ ctx->a[2] = ctx->a[0];
+ ctx->a[0] = t;
+ mugi_f(&t, &(ctx->a[0]), &(ctx->b[4]));
+ ctx->a[1] ^= t ^ C1;
+ bx = rotl64(ctx->b[10], 17);
+ mugi_f(&t, &(ctx->a[0]), &bx);
+ ctx->a[2] ^= t ^ C2;
+}
+
+static
+void mugi_rho_init(uint64_t* a){
+ uint64_t t;
+ t = a[1];
+ a[1] = a[2];
+ a[2] = a[0];
+ a[0] = t;
+ mugi_f(&t, &(a[0]), NULL);
+ a[1] ^= t ^ C1;
+ mugi_f(&t, &(a[0]), NULL);
+ a[2] ^= t ^ C2;
+}
+
+static
+void mugi_lambda(uint64_t* b, uint64_t *a){
+ uint8_t i;
+ uint64_t t;
+ t=b[15];
+ for(i=15; i!=0; --i){
+ b[i]=b[i-1];
+ }
+ b[0] = t ^ *a;
+ b[4] ^= b[8];
+ b[10] ^= rotl64(b[14], 32);
+}
+
+void mugi_init(const void* key, const void* iv, mugi_ctx_t* ctx){
+ uint8_t i;
+ uint64_t a0;
+ memcpy(ctx->a, key, 128/8);
+ ctx->a[2] = rotl64(ctx->a[0], 7) ^ rotr64(ctx->a[1], 7) ^ C0;
+ for(i=0; i<16;i++){
+ mugi_rho_init(ctx->a);
+ ctx->b[15-i] = ctx->a[0];
+ }
+ ctx->a[0] ^= ((uint64_t*)iv)[0];
+ ctx->a[1] ^= ((uint64_t*)iv)[1];
+ ctx->a[2] ^= rotl64(((uint64_t*)iv)[0], 7) ^ rotr64(((uint64_t*)iv)[1], 7) ^ C0;
+ for(i=0; i<16;i++){
+ mugi_rho_init(ctx->a);
+ }
+ for(i=0; i<15;i++){
+ a0 = ctx->a[0];
+ mugi_rho(ctx);
+ mugi_lambda(ctx->b, &a0);
+ }
+ a0=0x00;
+}
+
+uint64_t mugi_gen(mugi_ctx_t* ctx){
+ uint64_t r;
+ r=ctx->a[0];
+ mugi_rho(ctx);
+ mugi_lambda(ctx->b, &r);
+ r=ctx->a[2];
+ return r;
+}
projects / avr-crypto-lib.git / blobdiff