#include <stdint.h>
#include <string.h>
-#include "gf256mul.h"
+#include "gf256mul/gf256mul.h"
#include "aes.h"
#include "aes_invsbox.h"
#include "aes_dec.h"
#include <stdint.h>
#include <string.h>
#include "aes.h"
-#include "gf256mul.h"
+#include "gf256mul/gf256mul.h"
#include "aes_sbox.h"
#include "aes_enc.h"
#include <avr/pgmspace.h>
+++ /dev/null
-/* gf256mul.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: gf256mul.S
- * Author: Daniel Otte
- * Date: 2008-12-19
- * License: GPLv3 or later
- * Description: peasant's algorithm for multiplication in GF(2^8)
- *
- */
-
-#include <avr/io.h>
-#define OPTIMIZE_SMALL_A
-
-/*
- * param a: r24
- * param b: r22
- * param reducer: r20
- */
-A = 23
-B = 22
-P = 24
-.global gf256mul
-
-#ifdef OPTIMIZE_SMALL_A
-gf256mul:
- mov A, r24
- clr r24
-1:
- lsr A
- breq 4f
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- rjmp 1b
-4:
- brcc 2f
- eor P, B
-2:
- ret
-
-#else
-
-gf256mul:
- mov r21, r24
- clr r24
- ldi r25, 8
-1:
- lsr A
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- dec r25
- brne 1b
- ret
-
-#endif
+++ /dev/null
-/* gf256mul.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef GF256MUL_H_
-#define GF256MUL_H_
-
-/**
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-12-19
- * \license GPLv3
- * \brief
- *
- *
- */
-
-#include <stdint.h>
-
-uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
-
-#endif /* GF256MUL_H_ */
-
DEP_DIR = deps/
TEST_DIR = test/
BIN_DIR = bin/
-TESTBIN_DIR = test_bin/
TESTSRC_DIR = test_src/
#uisp -dprog=bsd -dlpt=/dev/parport1 --upload if=$(PRG).hex
ERASECMD =
+++ /dev/null
-/* bcal-basic.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "keysize_descriptor.h"
-
-uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor,
- const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx){
- if(!is_valid_keysize_P((PGM_VOID_P)pgm_read_word(&(cipher_descriptor->valid_keysize_desc)),
- keysize_b)){
- return 1;
- }
- uint8_t flags;
- bc_init_fpt init_fpt;
- ctx->desc_ptr = (bcdesc_t*)cipher_descriptor;
- ctx->keysize = keysize_b;
- flags = pgm_read_byte(cipher_descriptor->flags);
- init_fpt.initvoid = (void_fpt)(pgm_read_word(&(cipher_descriptor->init.initvoid)));
- if(init_fpt.initvoid == NULL){
- if(!(ctx->ctx = malloc((keysize_b+7)/8)))
- return 2;
- memcpy(ctx->ctx, key, (keysize_b+7)/8);
- return 0;
- }
- if(!(ctx->ctx = malloc(pgm_read_word(&(cipher_descriptor->ctxsize_B)))))
- return 3;
- if((flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){
- init_fpt.init1((void*)key, (ctx->ctx));
- }else{
- init_fpt.init2((void*)key, keysize_b, (ctx->ctx));
- }
- return 0;
-}
-
-void bcal_cipher_free(bcgen_ctx_t* ctx){
- if(!ctx)
- return;
- bc_free_fpt free_fpt;
- free_fpt = (bc_free_fpt)(pgm_read_word(&(ctx->desc_ptr->free)));
- if(free_fpt)
- free_fpt((ctx->ctx));
- free(ctx->ctx);
-}
-
-void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx){
- bc_enc_fpt enc_fpt;
- enc_fpt.encvoid = (void_fpt)pgm_read_word(&(ctx->desc_ptr->enc.encvoid));
- if(!enc_fpt.encvoid){
- /* very bad error, no enciphering function specified */
- return;
- }
- enc_fpt.enc1(block, (ctx->ctx));
-
-}
-
-void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx){
- bc_dec_fpt dec_fpt;
- dec_fpt.decvoid = (void_fpt)pgm_read_word(&(ctx->desc_ptr->dec.decvoid));
- if(!dec_fpt.decvoid){
- /* very bad error, no deciphering function specified */
- return;
- }
- dec_fpt.dec1(block, (ctx->ctx));
-}
-
-uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc){
- return pgm_read_word(&(desc->blocksize_b));
-}
-
-PGM_VOID_P bcal_cipher_getKeysizeDesc(const bcdesc_t* desc){
- return (PGM_VOID_P)pgm_read_word(&(desc->valid_keysize_desc));
-}
-
-
+++ /dev/null
-/* bcal-basic.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef BCAL_BASIC_H_
-#define BCAL_BASIC_H_
-
-#include <stdlib.h>
-#include <stdint.h>
-#include "blockcipher_descriptor.h"
-#include "keysize_descriptor.h"
-#include <avr/pgmspace.h>
-
-uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor,
- const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx);
-void bcal_cipher_free(bcgen_ctx_t* ctx);
-void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx);
-void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx);
-uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc);
-PGM_VOID_P bcal_cipher_getKeysizeDesc(const bcdesc_t* desc);
-#endif /* BCAL_BASIC_H_ */
+++ /dev/null
-/* bcal-cbc.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <stdint.h>
-#include <string.h>
-#include "bcal-cbc.h"
-#include "bcal-basic.h"
-#include "memxor.h"
-
-uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx){
- ctx->desc = (bcdesc_t*)desc;
- ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
- ctx->prev_block = malloc(ctx->blocksize_B);
-
- if(ctx->prev_block==NULL){
- return 0x11;
- }
- return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
-}
-
-void bcal_cbc_free(bcal_cbc_ctx_t* ctx){
- bcal_cipher_free(&(ctx->cctx));
- free(ctx->prev_block);
-}
-
-
-void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx){
- if(iv){
- memcpy(ctx->prev_block, iv, ctx->blocksize_B);
- }
-}
-
-void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx){
- memxor(block, ctx->prev_block, ctx->blocksize_B);
- bcal_cipher_enc(block, &(ctx->cctx));
- memcpy(ctx->prev_block, block, ctx->blocksize_B);
-}
-
-void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx){
- uint8_t tmp[ctx->blocksize_B];
- memcpy(tmp, block, ctx->blocksize_B);
- bcal_cipher_dec(block, &(ctx->cctx));
- memxor(block, ctx->prev_block, ctx->blocksize_B);
- memcpy(ctx->prev_block, tmp, ctx->blocksize_B);
-}
-void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx){
- bcal_cipher_dec(block, &(ctx->cctx));
- memxor(block, prev_block, ctx->blocksize_B);
-}
-
-void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){
- bcal_cbc_loadIV(iv, ctx);
- while(msg_blocks--){
- bcal_cbc_encNext(msg, ctx);
- msg = (uint8_t*)msg + ctx->blocksize_B;
- }
-}
-
-void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){
- msg=(uint8_t*)msg + (msg_blocks-1)*ctx->blocksize_B;
- while(msg_blocks > 1){
- bcal_cbc_decRand(msg, (uint8_t*)msg-ctx->blocksize_B, ctx);
- msg_blocks -= 1;
- msg=(uint8_t*)msg-ctx->blocksize_B;
- }
- bcal_cbc_decRand(msg, iv, ctx);
-}
-
+++ /dev/null
-/* bcal-cbc.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef BCALCBC_H_
-#define BCALCBC_H_
-
-#include <stdint.h>
-#include "blockcipher_descriptor.h"
-#include "bcal-basic.h"
-
-typedef struct{
- bcdesc_t* desc;
- bcgen_ctx_t cctx;
- uint8_t* prev_block;
- uint8_t blocksize_B;
-} bcal_cbc_ctx_t;
-
-uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx);
-void bcal_cbc_free(bcal_cbc_ctx_t* ctx);
-void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx);
-void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx);
-void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx);
-void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx);
-void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx);
-void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx);
-
-
-#endif /* BCALCBC_H_ */
+++ /dev/null
-/* bcal-cfb_bit.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include <stdint.h>
-#include <string.h>
-#include "bcal-cfb_bit.h"
-#include "bcal-basic.h"
-
-static uint8_t read_bit(void* block, uint32_t index){
- uint8_t r;
- r=((uint8_t*)block)[index/8];
- r=(r&(0x80>>(index&7)))?0xff:0x00;
- return r;
-}
-
-static void write_bit(void* block, uint32_t index, uint8_t value){
- if(value){
- /* set bit */
- ((uint8_t*)block)[index/8] |= 0x80>>(index&7);
- }else{
- /* clear bit */
- ((uint8_t*)block)[index/8] &= ~(0x80>>(index&7));
- }
-}
-
-uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx){
- ctx->desc = (bcdesc_t*)desc;
- ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
- ctx->in_block=malloc(ctx->blocksize_B);
- if(ctx->in_block==NULL){
- return 0x11;
- }
- if(size_b>bcal_cipher_getBlocksize_b(desc)){
- return 0x12;
- }
- ctx->size_b = size_b;
- return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
-}
-
-void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx){
- free(ctx->in_block);
- bcal_cipher_free(&(ctx->cctx));
-}
-
-void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx){
- if(iv){
- memcpy(ctx->in_block, iv, ctx->blocksize_B);
- }
-}
-
-void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){
- uint8_t tmp[ctx->blocksize_B];
- offset &= 7;
- memcpy(tmp, ctx->in_block, ctx->blocksize_B);
- bcal_cipher_enc(tmp, &(ctx->cctx));
- uint16_t i,j;
- uint8_t a;
- for(i=0; i<ctx->blocksize_B*8-ctx->size_b; ++i){
- a = read_bit(ctx->in_block, i+ctx->size_b);
- write_bit(ctx->in_block, i, a);
- }
- for(j=offset,i=0; i<ctx->size_b; ++i, ++j){
- a = read_bit(tmp, i) ^ read_bit(block, j);
- write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, a);
- write_bit(block, j, a);
- }
-}
-
-void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){
- uint8_t tmp[ctx->blocksize_B];
- offset &= 7;
- memcpy(tmp, ctx->in_block, ctx->blocksize_B);
- bcal_cipher_enc(tmp, &(ctx->cctx));
- uint16_t i,j;
- uint8_t a,b;
- for(i=0; i<ctx->blocksize_B*8-ctx->size_b; ++i){
- a = read_bit(ctx->in_block, i+ctx->size_b);
- write_bit(ctx->in_block, i, a);
- }
- for(j=offset,i=0; i<ctx->size_b; ++i, ++j){
- a = read_bit(tmp, i);
- b = read_bit(block, j);
- a ^= b;
- write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, b);
- write_bit(block, j, a);
- }
-}
-
-void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){
- bcal_cfb_b_loadIV(iv, ctx);
- uint32_t addr;
- addr = ((uint16_t)msg)*8+offset;
- while(msg_blocks--){
- msg = (void*)((uint16_t)(addr/8));
- offset = addr&7;
- bcal_cfb_b_encNext(msg, offset, ctx);
- addr += ctx->size_b;
- }
-}
-
-void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){
- bcal_cfb_b_loadIV(iv, ctx);
- uint32_t addr;
- addr = ((uint16_t)msg)*8+offset;
- while(msg_blocks--){
- msg = (void*)((uint16_t)(addr/8));
- offset = addr&7;
- bcal_cfb_b_decNext(msg, offset, ctx);
- addr += ctx->size_b;
- }
-}
+++ /dev/null
-/* bcal-cfb_bit.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#ifndef BCALCFB_BIT_H_
-#define BCALCFB_BIT_H_
-
-#include <stdint.h>
-#include "bcal-basic.h"
-#include "blockcipher_descriptor.h"
-
-
-typedef struct{
- bcdesc_t* desc;
- bcgen_ctx_t cctx;
- uint8_t* in_block;
- uint8_t blocksize_B;
- uint16_t size_b;
-} bcal_cfb_b_ctx_t;
-
-
-uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx);
-void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx);
-void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx);
-void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx);
-void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx);
-void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx);
-void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx);
-
-
-#endif /* BCALCFB_BIT_H_ */
+++ /dev/null
-/* bcal-cfb_byte.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include <stdint.h>
-#include <string.h>
-#include "bcal-cfb_byte.h"
-#include "bcal-basic.h"
-#include "memxor.h"
-
-
-uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx){
- ctx->desc = (bcdesc_t*)desc;
- ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
- ctx->in_block=malloc(ctx->blocksize_B);
- if(ctx->in_block==NULL){
- return 0x11;
- }
- if(size_b&7){
- return 0x12;
- }
- ctx->size_B = size_b/8;
- return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
-}
-
-void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx){
- free(ctx->in_block);
- bcal_cipher_free(&(ctx->cctx));
-}
-
-void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx){
- if(iv){
- memcpy(ctx->in_block, iv, ctx->blocksize_B);
- }
-}
-
-void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx){
- uint8_t tmp[ctx->blocksize_B];
- memcpy(tmp, ctx->in_block, ctx->blocksize_B);
- bcal_cipher_enc(tmp, &(ctx->cctx));
- memxor(block, tmp, ctx->size_B);
- memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B);
- memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, block, ctx->size_B);
-}
-
-void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx){
- uint8_t tmp[ctx->blocksize_B];
- uint8_t xblock[ctx->size_B];
- memcpy(xblock, block, ctx->size_B);
- memcpy(tmp, ctx->in_block, ctx->blocksize_B);
- bcal_cipher_enc(tmp, &(ctx->cctx));
- memxor(block, tmp, ctx->size_B);
- memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B);
- memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, xblock, ctx->size_B);
-}
-
-void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){
- bcal_cfb_B_loadIV(iv, ctx);
- while(msg_blocks--){
- bcal_cfb_B_encNext(msg, ctx);
- msg = (uint8_t*)msg+ctx->size_B;
- }
-}
-
-void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){
- bcal_cfb_B_loadIV(iv, ctx);
- while(msg_blocks--){
- bcal_cfb_B_decNext(msg, ctx);
- msg = (uint8_t*)msg+ctx->size_B;
- }
-}
-
+++ /dev/null
-/* bcal-cbc.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef BCALCFB_BYTE_H_
-#define BCALCFB_BYTE_H_
-
-#include <stdint.h>
-#include "bcal-basic.h"
-#include "blockcipher_descriptor.h"
-
-
-typedef struct{
- bcdesc_t* desc;
- bcgen_ctx_t cctx;
- uint8_t* in_block;
- uint8_t blocksize_B;
- uint8_t size_B;
-} bcal_cfb_B_ctx_t;
-
-
-uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx);
-void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx);
-void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx);
-void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx);
-void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx);
-void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx);
-void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx);
-
-
-#endif /* BCALCFB_BYTE_H_ */
+++ /dev/null
-/* bcal-omac.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include <stdint.h>
-#include <string.h>
-#include "bcal-basic.h"
-#include "bcal-cmac.h"
-#include "memxor.h"
-
-
-static uint8_t left_shift_be_block(void* block, uint8_t blocksize_B){
- uint8_t c1=0, c2;
- do{
- --blocksize_B;
- c2 = (((uint8_t*)block)[blocksize_B])>>7;
- (((uint8_t*)block)[blocksize_B]) <<= 1;
- (((uint8_t*)block)[blocksize_B]) |= c1;
- c1 = c2;
- }while(blocksize_B);
- return c1;
-}
-
-static const uint8_t const_128 = 0x87;
-static const uint8_t const_64 = 0x1b;
-
-uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx){
- uint8_t r;
- ctx->desc = (bcdesc_t*)desc;
- ctx->blocksize_B = bcal_cipher_getBlocksize_b(desc)/8;
- if (ctx->blocksize_B!=128/8 && ctx->blocksize_B!=64/8){
- return 0x13;
- }
- ctx->accu = malloc(ctx->blocksize_B);
- if(ctx->accu==NULL){
- return 0x14;
- }
- ctx->k1 = malloc(ctx->blocksize_B);
- if(ctx->k1==NULL){
- return 0x15;
- }
- ctx->k2 = malloc(ctx->blocksize_B);
- if(ctx->k2==NULL){
- return 0x16;
- }
- ctx->lastblock = malloc(ctx->blocksize_B);
- if(ctx->lastblock==NULL){
- return 0x17;
- }
- r = bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
- if(r){
- return r;
- }
- if(ctx->blocksize_B==128/8){
- r = const_128;
- }else{
- r = const_64;
- }
- /* subkey computation */
- memset(ctx->accu, 0x00, ctx->blocksize_B);
- memset(ctx->k1, 0x00, ctx->blocksize_B);
- bcal_cipher_enc(ctx->k1, &(ctx->cctx));
- if(left_shift_be_block(ctx->k1, ctx->blocksize_B)){
- ctx->k1[ctx->blocksize_B-1] ^= r;
- }
- memcpy(ctx->k2, ctx->k1, ctx->blocksize_B);
- if(left_shift_be_block(ctx->k2, ctx->blocksize_B)){
- ctx->k2[ctx->blocksize_B-1] ^= r;
- }
- ctx->last_set=0;
- return 0;
-}
-
-void bcal_cmac_free(bcal_cmac_ctx_t* ctx){
- free(ctx->accu);
- free(ctx->k1);
- free(ctx->k2);
- bcal_cipher_free(&(ctx->cctx));
-}
-
-void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){
- if(ctx->last_set){
- memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
- bcal_cipher_enc(ctx->accu, &(ctx->cctx));
- }
- memcpy(ctx->lastblock, block, ctx->blocksize_B);
- ctx->last_set=1;
-}
-
-
-void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){
- uint16_t blocksize_b;
- blocksize_b = ctx->blocksize_B*8;
- while(length_b>=blocksize_b){
- bcal_cmac_nextBlock(ctx, block);
- block = (uint8_t*)block + ctx->blocksize_B;
- length_b -= blocksize_b;
- }
- if(ctx->last_set==0){
- memxor(ctx->accu, block, (length_b+7)/8);
- memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
- ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
- }else{
- if(length_b==0){
- memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
- memxor(ctx->accu, ctx->k1, ctx->blocksize_B);
- }else{
- memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
- bcal_cipher_enc(ctx->accu, &(ctx->cctx));
- memxor(ctx->accu, block, (length_b+7)/8);
- memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
- ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
- }
- }
- bcal_cipher_enc(ctx->accu, &(ctx->cctx));
-}
-
-void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx){
- memcpy(dest, ctx->accu, length_b/8);
- if(length_b&7){
- ((uint8_t*)dest)[length_b/8] &= 0xff>>(length_b&7);
- ((uint8_t*)dest)[length_b/8] |= (0xff00>>(length_b&7))&(ctx->accu[length_b/8]);
- }
-}
-
-void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx){
- uint16_t blocksize_b;
- blocksize_b = ctx->blocksize_B*8;
- while(length_b>blocksize_b){
- bcal_cmac_nextBlock(ctx, block);
- block = (uint8_t*)block + ctx->blocksize_B;
- length_b -= blocksize_b;
- }
- bcal_cmac_lastBlock(ctx, block, length_b);
- bcal_cmac_ctx2mac(dest, out_length_b, ctx);
-}
+++ /dev/null
-/* bcal-cmac.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef BCALCMAC_H_
-#define BCALCMAC_H_
-
-#include <stdint.h>
-#include "bcal-basic.h"
-#include "blockcipher_descriptor.h"
-
-typedef struct{
- bcdesc_t* desc;
- bcgen_ctx_t cctx;
- uint8_t* accu;
- uint8_t* k1;
- uint8_t* k2;
- uint8_t* lastblock;
- uint8_t last_set;
- uint8_t blocksize_B;
-} bcal_cmac_ctx_t;
-
-uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx);
-void bcal_cmac_free(bcal_cmac_ctx_t* ctx);
-void bcal_cmac_nextBlock(bcal_cmac_ctx_t* ctx, const void* block);
-void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b);
-void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx);
-void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx);
-
-#endif /* BCALCMAC_H_ */
+++ /dev/null
-/* bcal-ctr.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include <stdint.h>
-#include <string.h>
-#include "bcal-basic.h"
-#include "bcal-ctr.h"
-#include "memxor.h"
-
-static void increment_be(void* block, uint8_t size_B){
- uint16_t c=1;
- do{
- --size_B;
- c += ((uint8_t*)block)[size_B];
- ((uint8_t*)block)[size_B] = (uint8_t)c;
- c>>=8;
- }while(size_B);
-}
-
-uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx){
- ctx->desc = (bcdesc_t*)desc;
- if(inc_func){
- ctx->inc_func = inc_func;
- }else{
- ctx->inc_func = increment_be;
- }
- ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
- ctx->in_block=malloc(ctx->blocksize_B);
- if(ctx->in_block==NULL){
- return 0x11;
- }
- return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
-}
-
-void bcal_ctr_free(bcal_ctr_ctx_t* ctx){
- free(ctx->in_block);
- bcal_cipher_free(&(ctx->cctx));
-}
-
-void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx){
- if(iv){
- memcpy(ctx->in_block, iv, ctx->blocksize_B);
- }
-}
-
-void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx){
- uint8_t tmp[ctx->blocksize_B];
- memcpy(tmp, ctx->in_block, ctx->blocksize_B);
- bcal_cipher_enc(tmp, &(ctx->cctx));
- memxor(block, tmp, ctx->blocksize_B);
- ctx->inc_func(ctx->in_block, ctx->blocksize_B);
-}
-
-void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx){
- bcal_ctr_encNext(block, ctx);
-}
-
-void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){
- bcal_ctr_loadIV(iv, ctx);
- uint16_t blocksize_b;
- blocksize_b = ctx->blocksize_B*8;
- while(msg_len_b>blocksize_b){
- bcal_ctr_encNext(msg, ctx);
- msg_len_b -= blocksize_b;
- msg = (uint8_t*)msg + ctx->blocksize_B;
- }
- uint8_t tmp[ctx->blocksize_B];
- memcpy(tmp, ctx->in_block, ctx->blocksize_B);
- bcal_cipher_enc(tmp, &(ctx->cctx));
- ctx->inc_func(ctx->in_block, ctx->blocksize_B);
- tmp[msg_len_b/8] = 0xff00>>(msg_len_b&7);
- memxor(msg, tmp, (msg_len_b+7)/8);
-}
-
-void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){
- bcal_ctr_encMsg(iv, msg, msg_len_b, ctx);
-}
-
+++ /dev/null
-/* bcal-ctr.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef BCALCTR_H_
-#define BCALCTR_H_
-
-#include <stdint.h>
-#include "bcal-basic.h"
-#include "blockcipher_descriptor.h"
-
-typedef void(*inc_fp_t)(void* block, uint8_t size_B);
-
-typedef struct{
- bcdesc_t* desc;
- bcgen_ctx_t cctx;
- uint8_t* in_block;
- inc_fp_t inc_func;
- uint8_t blocksize_B;
-} bcal_ctr_ctx_t;
-
-uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx);
-void bcal_ctr_free(bcal_ctr_ctx_t* ctx);
-void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx);
-void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx);
-void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx);
-void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx);
-void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx);
-
-#endif /* BCALCTR_H_ */
+++ /dev/null
-/* bca-eax.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include <stdint.h>
-#include "bcal-basic.h"
-#include "blockcipher_descriptor.h"
-#include "bcal-cmac.h"
-#include "bcal-ctr.h"
-#include "bcal-eax.h"
-#include "memxor.h"
-
-uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx){
- uint8_t r;
- ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
- ctx->nonce = malloc(ctx->blocksize_B);
- if(ctx->nonce==NULL){
- return 0x81;
- }
- r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ctag));
- if(r){
- return r;
- }
- r = bcal_cmac_init(desc, key, keysize_b, &(ctx->htag));
- if(r){
- return (r|0x10);
- }
- r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ntag));
- if(r){
- return (r|0x20);
- }
- r = bcal_ctr_init(desc, key, keysize_b, NULL, &(ctx->cipher));
- if(r){
- return (r|0x30);
- }
- ctx->header_set=0;
- uint8_t tmp[ctx->blocksize_B];
- memset(tmp, 0, ctx->blocksize_B);
- bcal_cmac_nextBlock(&(ctx->ntag), tmp);
- tmp[ctx->blocksize_B-1]=1;
- bcal_cmac_nextBlock(&(ctx->htag), tmp);
- tmp[ctx->blocksize_B-1]=2;
- bcal_cmac_nextBlock(&(ctx->ctag), tmp);
- return 0;
-}
-
-void bcal_eax_free(bcal_eax_ctx_t* ctx){
- bcal_ctr_free(&(ctx->cipher));
- bcal_cmac_free(&(ctx->ctag));
- bcal_cmac_free(&(ctx->htag));
- bcal_cmac_free(&(ctx->ntag));
- free(ctx->nonce);
-}
-
-void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx){
- bcal_cmac_lastBlock(&(ctx->ntag), nonce, length_b);
- bcal_cmac_ctx2mac(ctx->nonce, ctx->blocksize_B*8, &(ctx->ntag));
- bcal_ctr_loadIV(ctx->nonce, &(ctx->cipher));
-}
-
-void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx){
- bcal_cmac_nextBlock(&(ctx->htag), header);
-}
-
-void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx){
- bcal_cmac_lastBlock(&(ctx->htag), header, length_b);
- ctx->header_set = 1;
-}
-
-void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx){
- bcal_ctr_encNext(block, &(ctx->cipher));
- bcal_cmac_nextBlock(&(ctx->ctag), block);
-}
-
-void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){
- bcal_ctr_encMsg(NULL, block, length_b, &(ctx->cipher));
- bcal_cmac_lastBlock(&(ctx->ctag), block, length_b);
-}
-
-void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx){
- bcal_cmac_nextBlock(&(ctx->ctag), block);
- bcal_ctr_decNext(block, &(ctx->cipher));
-}
-
-void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){
- bcal_cmac_lastBlock(&(ctx->ctag), block, length_b);
- bcal_ctr_decMsg(NULL, block, length_b, &(ctx->cipher));
-}
-
-void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx){
- uint8_t tmp[ctx->blocksize_B];
- if(ctx->header_set==0){
- bcal_cmac_lastBlock(&(ctx->htag), NULL, 0);
- }
-
- bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->htag));
- memxor(ctx->nonce, tmp, ctx->blocksize_B);
-
- bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->ctag));
- memxor(ctx->nonce, tmp, ctx->blocksize_B);
- memcpy(dest, ctx->nonce, (length_b+7)/8);
-}
-
+++ /dev/null
-/* bcal-eax.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef BCALEAX_H_
-#define BCALEAX_H_
-
-#include <stdint.h>
-#include <string.h>
-#include "bcal-basic.h"
-#include "blockcipher_descriptor.h"
-#include "bcal-cmac.h"
-#include "bcal-ctr.h"
-
-typedef struct{
- uint8_t* nonce;
- bcal_cmac_ctx_t ntag;
- bcal_cmac_ctx_t ctag;
- bcal_cmac_ctx_t htag;
- bcal_ctr_ctx_t cipher;
- uint8_t blocksize_B;
- uint8_t header_set;
-} bcal_eax_ctx_t;
-
-uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx);
-void bcal_eax_free(bcal_eax_ctx_t* ctx);
-void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx);
-void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx);
-void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx);
-void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx);
-void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx);
-void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx);
-void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx);
-void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx);
-//void bcal_eax(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_eax_ctx_t* ctx);
-
-#endif /* BCALEAX_H_ */
-
+++ /dev/null
-/* bcal-ofb.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <stdint.h>
-#include <string.h>
-#include "bcal-ofb.h"
-#include "bcal-basic.h"
-#include "memxor.h"
-
-
-uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx){
- ctx->desc = (bcdesc_t*)desc;
- ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
- ctx->in_block=malloc(ctx->blocksize_B);
- if(ctx->in_block==NULL){
- return 0x11;
- }
- return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
-}
-
-void bcal_ofb_free(bcal_ofb_ctx_t* ctx){
- free(ctx->in_block);
- bcal_cipher_free(&(ctx->cctx));
-}
-
-void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx){
- if(iv){
- memcpy(ctx->in_block, iv, ctx->blocksize_B);
- }
-}
-
-void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx){
- bcal_cipher_enc(ctx->in_block , &(ctx->cctx));
- memxor(block, ctx->in_block, ctx->blocksize_B);
-}
-
-void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx){
- bcal_cipher_enc(ctx->in_block , &(ctx->cctx));
- memxor(block, ctx->in_block, ctx->blocksize_B);
-}
-
-
-void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){
- uint16_t block_len_b;
- block_len_b = ctx->blocksize_B*8;
- bcal_ofb_loadIV(iv, ctx);
- while(msg_len_b>block_len_b){
- bcal_ofb_encNext(msg, ctx);
- msg_len_b -= block_len_b;
- msg = (uint8_t*)msg + ctx->blocksize_B;
- }
- bcal_cipher_enc(ctx->in_block, &(ctx->cctx));
- ctx->in_block[msg_len_b/8] = 0xff00>>(msg_len_b&7);
- memxor(msg, ctx->in_block, (msg_len_b+7)/8);
-}
-
-void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){
- bcal_ofb_encMsg(iv, msg, msg_len_b, ctx);
-}
-
+++ /dev/null
-/* bcal-ofb.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#ifndef BCALOFB_H_
-#define BCALOFB_H_
-
-#include <stdint.h>
-#include "bcal-basic.h"
-#include "blockcipher_descriptor.h"
-
-
-typedef struct{
- bcdesc_t* desc;
- bcgen_ctx_t cctx;
- uint8_t* in_block;
- uint8_t blocksize_B;
-} bcal_ofb_ctx_t;
-
-
-uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx);
-void bcal_ofb_free(bcal_ofb_ctx_t* ctx);
-void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx);
-void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx);
-void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx);
-void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx);
-void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx);
-
-
-#endif /* BCALOFB_H_ */
+++ /dev/null
-/* bcal-performance.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * \file bcal-performance.c
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2010-02-16
- * \license GPLv3 or later
- *
- */
-
-#include "bcal-performance.h"
-#include "keysize_descriptor.h"
-#include "blockcipher_descriptor.h"
-#include "performance_test.h"
-#include "stack_measuring.h"
-#include "cli.h"
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <avr/pgmspace.h>
-
-#define PATTERN_A 0xAA
-#define PATTERN_B 0x55
-
-
-static
-void printvalue(unsigned long v){
- char str[20];
- int i;
- ultoa(v, str, 10);
- for(i=0; i<10-strlen(str); ++i){
- cli_putc(' ');
- }
- cli_putstr(str);
-}
-
-void bcal_performance(const bcdesc_t* bcd){
- bcdesc_t bc;
- memcpy_P(&bc, bcd, sizeof(bcdesc_t));
- uint8_t ctx[bc.ctxsize_B];
- uint8_t data[(bc.blocksize_b+7)/8];
- uint16_t keysize = get_keysize(bc.valid_keysize_desc);
- uint8_t key[(keysize+7)/8];
- uint64_t t;
- uint8_t i;
-
- if(bc.type!=BCDESC_TYPE_BLOCKCIPHER)
- return;
- calibrateTimer();
- print_overhead();
- cli_putstr_P(PSTR("\r\n\r\n === "));
- cli_putstr_P(bc.name);
- cli_putstr_P(PSTR(" performance === "
- "\r\n type: blockcipher"
- "\r\n keysize (bits): "));
- printvalue(keysize);
-
- cli_putstr_P(PSTR("\r\n ctxsize (bytes): "));
- printvalue(bc.ctxsize_B);
-
- cli_putstr_P(PSTR("\r\n blocksize (bits): "));
- printvalue(bc.blocksize_b);
-
-
-
- t=0;
- if(bc.init.init1){
- if((bc.flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- (bc.init.init1)(key, &ctx);
- STOP_TIMER;
- t += stopTimer();
- if(i!=31 && bc.free){
- bc.free(&ctx);
- }
- }
- } else {
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- (bc.init.init2)(key, keysize, &ctx);
- STOP_TIMER;
- t += stopTimer();
- if(i!=31 && bc.free){
- bc.free(&ctx);
- }
- }
- }
- t>>=5;
- cli_putstr_P(PSTR("\r\n init (cycles): "));
- printvalue(t);
- }
- t=0;
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- bc.enc.enc1(data, &ctx);
- STOP_TIMER;
- t += stopTimer();
- }
- t>>=5;
- cli_putstr_P(PSTR("\r\n encrypt (cycles): "));
- printvalue(t);
-
- t=0;
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- bc.dec.dec1(data, &ctx);
- STOP_TIMER;
- t += stopTimer();
- }
- t>>=5;
- cli_putstr_P(PSTR("\r\n decrypt (cycles): "));
- printvalue(t);
-
- if(bc.free){
- bc.free(&ctx);
- }
-}
-
-void bcal_stacksize(const bcdesc_t* bcd){
- bcdesc_t bc;
- stack_measuring_ctx_t smctx;
- memcpy_P(&bc, bcd, sizeof(bcdesc_t));
- uint8_t ctx[bc.ctxsize_B];
- uint8_t data[(bc.blocksize_b+7)/8];
- uint16_t keysize = get_keysize(bc.valid_keysize_desc);
- uint8_t key[(keysize+7)/8];
- uint16_t t1, t2;
-
- if(bc.type!=BCDESC_TYPE_BLOCKCIPHER)
- return;
- cli_putstr_P(PSTR("\r\n\r\n === "));
- cli_putstr_P(bc.name);
- cli_putstr_P(PSTR(" stack-usage === "));
-
- if(bc.init.init1){
- if((bc.flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- bc.init.init1(&ctx, key);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- bc.init.init1(&ctx, key);
- t2 = stack_measure_final(&smctx);
- sei();
- } else {
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- bc.init.init2(&ctx, keysize, key);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- bc.init.init2(&ctx, keysize, key);
- t2 = stack_measure_final(&smctx);
- sei();
- }
- t1 = (t1>t2)?t1:t2;
- cli_putstr_P(PSTR("\r\n init (bytes): "));
- printvalue((unsigned long)t1);
- }
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- bc.enc.enc1(data, &ctx);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- bc.enc.enc1(data, &ctx);
- t2 = stack_measure_final(&smctx);
- sei();
-
- t1 = (t1>t2)?t1:t2;
- cli_putstr_P(PSTR("\r\n encBlock (bytes): "));
- printvalue((unsigned long)t1);
-
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- bc.dec.dec1(data, &ctx);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- bc.dec.dec1(data, &ctx);
- t2 = stack_measure_final(&smctx);
- sei();
-
- t1 = (t1>t2)?t1:t2;
- cli_putstr_P(PSTR("\r\n decBlock (bytes): "));
- printvalue((unsigned long)t1);
-
- if(bc.free){
- bc.free(&ctx);
- }
-}
-
-void bcal_performance_multiple(const bcdesc_t** bcd_list){
- const bcdesc_t* bcd;
- for(;;){
- bcd = (void*)pgm_read_word(bcd_list);
- if(!bcd){
- cli_putstr_P(PSTR("\r\n\r\n End of performance figures\r\n"));
- return;
- }
- bcal_performance(bcd);
- bcal_stacksize(bcd);
- bcd_list = (void*)((uint8_t*)bcd_list + 2);
- }
-}
+++ /dev/null
-/* bcal-performance.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * \file bcal-performance.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2010-02-16
- * \license GPLv3 or later
- *
- */
-
-#ifndef BCAL_PERFORMANCE_H_
-#define BCAL_PERFORMANCE_H_
-
-#include "blockcipher_descriptor.h"
-
-void bcal_performance(const bcdesc_t* hd);
-void bcal_performance_multiple(const bcdesc_t** hd_list);
-
-
-#endif /* BCAL_PERFORMANCE_H_ */
+++ /dev/null
-/* bcal_aes128.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_aes128.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-08
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "aes.h"
-#include "aes128_enc.h"
-#include "aes128_dec.h"
-#include "aes_keyschedule.h"
-#include "keysize_descriptor.h"
-
-const char aes128_str[] PROGMEM = "AES-128";
-
-const uint8_t aes128_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t aes128_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- aes128_str,
- sizeof(aes128_ctx_t),
- 128,
- {(void_fpt)aes128_init},
- {(void_fpt)aes128_enc},
- {(void_fpt)aes128_dec},
- (bc_free_fpt)NULL,
- aes128_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_aes128.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_aes128.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-08
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "aes.h"
-#include "aes128_enc.h"
-#include "aes128_dec.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t aes128_desc;
+++ /dev/null
-/* bcal_aes192.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_aes192.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-08
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "aes.h"
-#include "aes192_enc.h"
-#include "aes192_dec.h"
-#include "aes_keyschedule.h"
-#include "keysize_descriptor.h"
-
-const char aes192_str[] PROGMEM = "AES-192";
-
-const uint8_t aes192_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(192),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t aes192_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- aes192_str,
- sizeof(aes192_ctx_t),
- 128,
- {(void_fpt)aes192_init},
- {(void_fpt)aes192_enc},
- {(void_fpt)aes192_dec},
- (bc_free_fpt)NULL,
- aes192_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_aes192.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_aes192.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-08
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "aes.h"
-#include "aes192_enc.h"
-#include "aes192_dec.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t aes192_desc;
+++ /dev/null
-/* bcal_aes256.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_aes256.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-08
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "aes.h"
-#include "aes256_enc.h"
-#include "aes256_dec.h"
-#include "aes_keyschedule.h"
-#include "keysize_descriptor.h"
-
-const char aes256_str[] PROGMEM = "AES-256";
-
-const uint8_t aes256_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(256),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t aes256_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- aes256_str,
- sizeof(aes256_ctx_t),
- 128,
- {(void_fpt)aes256_init},
- {(void_fpt)aes256_enc},
- {(void_fpt)aes256_dec},
- (bc_free_fpt)NULL,
- aes256_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_aes256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_aes256.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-08
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "aes.h"
-#include "aes256_enc.h"
-#include "aes256_dec.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t aes256_desc;
+++ /dev/null
-/* bcal_camellia128.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_camellia128.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "camellia.h"
-#include "keysize_descriptor.h"
-
-const char camellia128_str[] PROGMEM = "Camellia-128";
-
-const uint8_t camellia128_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t camellia128_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- camellia128_str,
- sizeof(camellia128_ctx_t),
- 128,
- {(void_fpt)camellia128_init},
- {(void_fpt)camellia128_enc},
- {(void_fpt)camellia128_dec},
- (bc_free_fpt)NULL,
- camellia128_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_camellia128.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_camellia128.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "camellia.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t camellia128_desc;
+++ /dev/null
-/* bcal_cast5.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_cast5.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "cast5.h"
-#include "keysize_descriptor.h"
-
-const char cast5_str[] PROGMEM = "CAST5";
-
-const uint8_t cast5_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(0), KS_INT(128),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t cast5_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- cast5_str,
- sizeof(cast5_ctx_t),
- 128,
- {(void_fpt)cast5_init},
- {(void_fpt)cast5_enc},
- {(void_fpt)cast5_dec},
- (bc_free_fpt)NULL,
- cast5_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_cast5.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_cast5.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "cast5.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t cast5_desc;
+++ /dev/null
-/* bcal_cast6.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_cast6.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-03
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "cast6.h"
-#include "keysize_descriptor.h"
-
-const char cast6_str[] PROGMEM = "CAST-256";
-
-const uint8_t cast6_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(0), KS_INT(256),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t cast6_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- cast6_str,
- sizeof(cast6_ctx_t),
- 128,
- {(void_fpt)cast6_init},
- {(void_fpt)cast6_enc},
- {(void_fpt)cast6_dec},
- (bc_free_fpt)NULL,
- cast6_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_cast6.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_cast6.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-03
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "cast6.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t cast6_desc;
+++ /dev/null
-/* bcal_des.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_des.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "des.h"
-#include "keysize_descriptor.h"
-
-const char des_str[] PROGMEM = "DES";
-
-const uint8_t des_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(64),
- KS_TYPE_TERMINATOR };
-static
-void des_dummy_enc(void* block, void* key){
- des_enc(block, block, key);
-}
-
-static
-void des_dummy_dec(void* block, void* key){
- des_dec(block, block, key);
-}
-
-const bcdesc_t des_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- des_str,
- 8,
- 128,
- {(void_fpt)NULL},
- {(void_fpt)des_dummy_enc},
- {(void_fpt)des_dummy_dec},
- (bc_free_fpt)NULL,
- des_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_des.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_des.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "des.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t des_desc;
+++ /dev/null
-/* bcal_noekeon.c */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "noekeon.h"
-#include "keysize_descriptor.h"
-
-const char noekeon_direct_str[] PROGMEM = "Noekeon-Direct";
-const char noekeon_indirect_str[] PROGMEM = "Noekeon-Indirect";
-
-const uint8_t noekeon_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t noekeon_direct_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_ENC_TYPE_1,
- noekeon_direct_str,
- 16,
- 128,
- {(void_fpt)NULL},
- {(void_fpt)noekeon_enc},
- {(void_fpt)noekeon_dec},
- (bc_free_fpt)NULL,
- noekeon_keysize_desc
-};
-
-const bcdesc_t noekeon_indirect_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1 | BC_ENC_TYPE_1,
- noekeon_indirect_str,
- 16,
- 128,
- {(void_fpt)noekeon_init},
- {(void_fpt)noekeon_enc},
- {(void_fpt)noekeon_dec},
- (bc_free_fpt)NULL,
- noekeon_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_noekeon.h */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "noekeon.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t noekeon_direct_desc;
-extern const bcdesc_t noekeon_indirect_desc;
-
+++ /dev/null
-/* bcal_present.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_present.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "present.h"
-#include "keysize_descriptor.h"
-
-const char present_str[] PROGMEM = "Present";
-
-const uint8_t present_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(80),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t present_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- present_str,
- sizeof(present_ctx_t),
- 64,
- {(void_fpt)present_init},
- {(void_fpt)present_enc},
- {(void_fpt)present_dec},
- (bc_free_fpt)NULL,
- present_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_present.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_present.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "present.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t present_desc;
+++ /dev/null
-/* bcal_rc5.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_rc5.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "rc5.h"
-#include "keysize_descriptor.h"
-
-#define RC5_ROUNDS 12
-
-const char rc5_str[] PROGMEM = "RC5";
-
-const uint8_t rc5_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(1), KS_INT(2040),
- KS_TYPE_TERMINATOR };
-
-static
-void rc5_dummy_init(void* key, uint16_t keysize_b, void* ctx){
- rc5_init(key, keysize_b, RC5_ROUNDS, ctx);
-}
-
-const bcdesc_t rc5_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- rc5_str,
- sizeof(rc5_ctx_t),
- 128,
- {(void_fpt)rc5_dummy_init},
- {(void_fpt)rc5_enc},
- {(void_fpt)rc5_dec},
- (bc_free_fpt)rc5_free,
- rc5_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_rc5.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_rc5.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "rc5.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t rc5_desc;
+++ /dev/null
-/* bcal_rc6.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_rc6.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "rc6.h"
-#include "keysize_descriptor.h"
-
-const char rc6_str[] PROGMEM = "RC6";
-
-const uint8_t rc6_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(1), KS_INT(2040),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t rc6_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- rc6_str,
- sizeof(rc6_ctx_t),
- 128,
- {(void_fpt)rc6_init},
- {(void_fpt)rc6_enc},
- {(void_fpt)rc6_dec},
- (bc_free_fpt)rc6_free,
- rc6_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_rc6.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_rc6.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "rc6.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t rc6_desc;
+++ /dev/null
-/* bcal_seed.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_seed.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "seed.h"
-#include "keysize_descriptor.h"
-
-const char seed_str[] PROGMEM = "SEED";
-
-const uint8_t seed_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t seed_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- seed_str,
- sizeof(seed_ctx_t),
- 128,
- {(void_fpt)seed_init},
- {(void_fpt)seed_enc},
- {(void_fpt)seed_dec},
- (bc_free_fpt)NULL,
- seed_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_seed.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_seed.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "seed.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t seed_desc;
+++ /dev/null
-/* bcal_serpent.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_serpent.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "serpent.h"
-#include "keysize_descriptor.h"
-
-const char serpent_str[] PROGMEM = "serpent";
-
-const uint8_t serpent_keysize_desc[] PROGMEM = { KS_TYPE_RANGE, KS_INT(1), KS_INT(256),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t serpent_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- serpent_str,
- sizeof(serpent_ctx_t),
- 128,
- {(void_fpt)serpent_init},
- {(void_fpt)serpent_enc},
- {(void_fpt)serpent_dec},
- (bc_free_fpt)NULL,
- serpent_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_serpent.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_serpent.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "serpent.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t serpent_desc;
+++ /dev/null
-/* bcal_skipjack.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_skipjack.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "skipjack.h"
-#include "keysize_descriptor.h"
-
-const char skipjack_str[] PROGMEM = "Skipjack";
-
-const uint8_t skipjack_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(80),
- KS_TYPE_TERMINATOR };
-
-const bcdesc_t skipjack_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- skipjack_str,
- 10,
- 64,
- {(void_fpt)NULL},
- {(void_fpt)skipjack_enc},
- {(void_fpt)skipjack_dec},
- (bc_free_fpt)NULL,
- skipjack_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_skipjack.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_skipjack.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "skipjack.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t skipjack_desc;
+++ /dev/null
-/* bcal_tdes.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_tdes.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "des.h"
-#include "keysize_descriptor.h"
-
-const char tdes_str[] PROGMEM = "TDES";
-
-const uint8_t tdes_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(192),
- KS_TYPE_TERMINATOR };
-
-static
-void tdes_dummy_enc(void* block, void* key){
- tdes_enc(block, block, key);
-}
-
-static
-void tdes_dummy_dec(void* block, void* key){
- tdes_dec(block, block, key);
-}
-
-const bcdesc_t tdes_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- tdes_str,
- 24,
- 64,
- {(void_fpt)NULL},
- {(void_fpt)tdes_dummy_enc},
- {(void_fpt)tdes_dummy_dec},
- (bc_free_fpt)NULL,
- tdes_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_tdes.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_tdes.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "des.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t tdes_desc;
+++ /dev/null
-/* bcal_tdes2.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_tdes.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-02
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "des.h"
-#include "keysize_descriptor.h"
-
-const char tdes2_str[] PROGMEM = "TDES-2";
-
-const uint8_t tdes2_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
- KS_TYPE_TERMINATOR };
-
-static
-void tdes_dummy_enc(void* block, void* key){
- tdes_enc(block, block, key);
-}
-
-static
-void tdes_dummy_dec(void* block, void* key){
- tdes_dec(block, block, key);
-}
-
-static
-void tdes2_init(void* key, void* ctx){
- memcpy(ctx, key, 16);
- memcpy((uint8_t*)ctx+16, key, 8);
-}
-
-
-
-const bcdesc_t tdes2_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- tdes2_str,
- 24,
- 64,
- {(void_fpt)tdes2_init},
- {(void_fpt)tdes_dummy_enc},
- {(void_fpt)tdes_dummy_dec},
- (bc_free_fpt)NULL,
- tdes2_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_tdes2.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_tdes.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#ifndef BCAL_TDES2_H_
-#define BCAL_TDES2_H_
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "des.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t tdes2_desc;
-
-#endif /* BCAL_TDES2_H_ */
+++ /dev/null
-/* bcal_threefish1024.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_threefish1024.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-20
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "threefish.h"
-#include "keysize_descriptor.h"
-
-const char threefish1024_str[] PROGMEM = "Threefish-1024";
-
-const uint8_t threefish1024_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(1024),
- KS_TYPE_TERMINATOR };
-
-static void threefish1024_dummy_init(void* key, void* ctx){
- threefish1024_init(key, NULL, ctx);
-}
-
-const bcdesc_t threefish1024_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- threefish1024_str,
- sizeof(threefish1024_ctx_t),
- 1024,
- {(void_fpt)threefish1024_dummy_init},
- {(void_fpt)threefish1024_enc},
- {(void_fpt)threefish1024_dec},
- (bc_free_fpt)NULL,
- threefish1024_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_threefis1024.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_threefish1024.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-20
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "threefish.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t threefish1024_desc;
+++ /dev/null
-/* bcal_threefish256.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_threefish256.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-20
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "threefish.h"
-#include "keysize_descriptor.h"
-
-const char threefish256_str[] PROGMEM = "Threefish-256";
-
-const uint8_t threefish256_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(256),
- KS_TYPE_TERMINATOR };
-
-static void threefish256_dummy_init(void* key, void* ctx){
- threefish256_init(key, NULL, ctx);
-}
-
-const bcdesc_t threefish256_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- threefish256_str,
- sizeof(threefish256_ctx_t),
- 256,
- {(void_fpt)threefish256_dummy_init},
- {(void_fpt)threefish256_enc},
- {(void_fpt)threefish256_dec},
- (bc_free_fpt)NULL,
- threefish256_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_threefis256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_threefish256.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-20
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "threefish.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t threefish256_desc;
+++ /dev/null
-/* bcal_threefish512.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_threefish512.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-20
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "threefish.h"
-#include "keysize_descriptor.h"
-
-const char threefish512_str[] PROGMEM = "Threefish-512";
-
-const uint8_t threefish512_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(512),
- KS_TYPE_TERMINATOR };
-
-static void threefish512_dummy_init(void* key, void* ctx){
- threefish512_init(key, NULL, ctx);
-}
-
-const bcdesc_t threefish512_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_1,
- threefish512_str,
- sizeof(threefish512_ctx_t),
- 512,
- {(void_fpt)threefish512_dummy_init},
- {(void_fpt)threefish512_enc},
- {(void_fpt)threefish512_dec},
- (bc_free_fpt)NULL,
- threefish512_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_threefis512.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_threefish512.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-20
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "threefish.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t threefish512_desc;
+++ /dev/null
-/* bcal_xtea.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_xtea.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "blockcipher_descriptor.h"
-#include "xtea.h"
-#include "keysize_descriptor.h"
-
-const char xtea_str[] PROGMEM = "XTEA";
-
-const uint8_t xtea_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
- KS_TYPE_TERMINATOR };
-
-static
-void xtea_dummy_enc(void* block, void* key){
- xtea_enc(block, block, key);
-}
-
-static
-void xtea_dummy_dec(void* block, void* key){
- xtea_dec(block, block, key);
-}
-
-const bcdesc_t xtea_desc PROGMEM = {
- BCDESC_TYPE_BLOCKCIPHER,
- BC_INIT_TYPE_2,
- xtea_str,
- 16,
- 64,
- {(void_fpt)NULL},
- {(void_fpt)xtea_dummy_enc},
- {(void_fpt)xtea_dummy_dec},
- (bc_free_fpt)NULL,
- xtea_keysize_desc
-};
-
-
+++ /dev/null
-/* bcal_xtea.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bcal_xtea.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include "blockcipher_descriptor.h"
-#include "xtea.h"
-#include "keysize_descriptor.h"
-
-extern const bcdesc_t xtea_desc;
#include <stdint.h>
#include <string.h>
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "blake_large.h"
#include "blake_common.h"
#include <stdint.h>
#include <string.h>
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "blake_small.h"
#include "blake_common.h"
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
#include <stdint.h>
#include <string.h>
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "bmw_small.h"
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
*/
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "cubehash.h"
#include "cubehash_rotates.h"
#include "xchg.h"
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
+++ /dev/null
-/* base64_dec.c */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-/**
- * base64 decoder (RFC3548)
- * Author: Daniel Otte
- * License: GPLv3
- *
- *
- */
-
-#include <stdint.h>
-#include "base64_dec.h"
-
-#include "test_src/cli.h"
-
-/*
- #define USE_GCC_EXTENSION
-*/
-#if 1
-
-#ifdef USE_GCC_EXTENSION
-
-static
-int ascii2bit6(char a){
- switch(a){
- case 'A'...'Z':
- return a-'A';
- case 'a'...'z':
- return a-'a'+26;
- case '0'...'9':
- return a-'0'+52;
- case '+':
- case '-':
- return 62;
- case '/':
- case '_':
- return 63;
- default:
- return -1;
- }
-}
-
-#else
-
-static
-uint8_t ascii2bit6(char a){
- int r;
- switch(a>>4){
- case 0x5:
- case 0x4:
- r=a-'A';
- if(r<0 || r>25){
- return -1;
- } else {
- return r;
- }
- case 0x7:
- case 0x6:
- r=a-'a';
- if(r<0 || r>25){
- return -1;
- } else {
- return r+26;
- }
- break;
- case 0x3:
- if(a>'9')
- return -1;
- return a-'0'+52;
- default:
- break;
- }
- switch (a){
- case '+':
- case '-':
- return 62;
- case '/':
- case '_':
- return 63;
- default:
- return 0xff;
- }
-}
-
-#endif
-
-#else
-
-static
-uint8_t ascii2bit6(uint8_t a){
- if(a>='A' && a<='Z'){
- return a-'A';
- } else {
- if(a>='a' && a<= 'z'){
- return a-'a'+26;
- } else {
- if(a>='0' && a<='9'){
- return a-'0'+52;
- } else {
- if(a=='+' || a=='-'){
- return 62;
- } else {
- if(a=='/' || a=='_'){
- return 63;
- } else {
- return 0xff;
- }
- }
- }
- }
- }
-}
-
-#endif
-
-int base64_binlength(char* str, uint8_t strict){
- int l=0;
- uint8_t term=0;
- for(;;){
- if(*str=='\0')
- break;
- if(*str=='\n' || *str=='\r'){
- str++;
- continue;
- }
- if(*str=='='){
- term++;
- str++;
- if(term==2){
- break;
- }
- continue;
- }
- if(term)
- return -1;
- if(ascii2bit6(*str)==-1){
- if(strict)
- return -1;
- } else {
- l++;
- }
- str++;
- }
- switch(term){
- case 0:
- if(l%4!=0)
- return -1;
- return l/4*3;
- case 1:
- if(l%4!=3)
- return -1;
- return (l+1)/4*3-1;
- case 2:
- if(l%4!=2)
- return -1;
- return (l+2)/4*3-2;
- default:
- return -1;
- }
-}
-
-/*
- |543210543210543210543210|
- |765432107654321076543210|
-
- . . . .
- |54321054|32105432|10543210|
- |76543210|76543210|76543210|
-
-*/
-
-int base64dec(void* dest, const char* b64str, uint8_t strict){
- uint8_t buffer[4];
- uint8_t idx=0;
- uint8_t term=0;
- for(;;){
-// cli_putstr_P(PSTR("\r\n DBG: got 0x"));
-// cli_hexdump(b64str, 1);
- buffer[idx]= ascii2bit6(*b64str);
-// cli_putstr_P(PSTR(" --> 0x"));
-// cli_hexdump(buffer+idx, 1);
-
- if(buffer[idx]==0xFF){
- if(*b64str=='='){
- term++;
- b64str++;
- if(term==2)
- goto finalize; /* definitly the end */
- }else{
- if(*b64str == '\0'){
- goto finalize; /* definitly the end */
- }else{
- if(*b64str == '\r' || *b64str == '\n' || !(strict)){
- b64str++; /* charcters that we simply ignore */
- }else{
- return -1;
- }
- }
- }
- }else{
- if(term)
- return -1; /* this happens if we get a '=' in the stream */
- idx++;
- b64str++;
- }
- if(idx==4){
- ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4;
- ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2;
- ((uint8_t*)dest)[2] = buffer[2]<<6 | buffer[3];
- dest = (uint8_t*)dest +3;
- idx=0;
- }
- }
- finalize:
- /* the final touch */
- if(idx==0)
- return 0;
- if(term==1){
- ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4;
- ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2;
- return 0;
- }
- if(term==2){
- ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4;
- return 0;
- }
- return -1;
-}
+++ /dev/null
-/* base64_dec.h */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#ifndef BASE64_DEC_H_
-#define BASE64_DEC_H_
-
-#include <stdint.h>
-
-int base64_binlength(char* str, uint8_t strict);
-int base64dec(void* dest, const char* b64str, uint8_t strict);
-
-#endif /*BASE64_DEC_H_*/
+++ /dev/null
-/* base64_enc.c */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-/**
- * base64 encoder (RFC3548)
- * Author: Daniel Otte
- * License: GPLv3
- *
- *
- */
-
-#include <stdint.h>
-#include "base64_enc.h"
-
-#if 1
-#include <avr/pgmspace.h>
-
-char base64_alphabet[64] PROGMEM = {
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
- 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
- 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
- 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
- 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
- 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
- 'w', 'x', 'y', 'z', '0', '1', '2', '3',
- '4', '5', '6', '7', '8', '9', '+', '/' };
-
-static
-char bit6toAscii(uint8_t a){
- a &= (uint8_t)0x3F;
- return pgm_read_byte(base64_alphabet+a);
-}
-
-#else
-
-static
-char bit6toAscii(uint8_t a){
- a &= (uint8_t)0x3F;
-
- if(a<=25){
- return a+'A';
- } else {
- if(a<=51){
- return a-26+'a';
- } else {
- if(a<=61){
- return a-52+'0';
- } else {
- if(a==62){
- return '+';
- } else {
- return '/'; /* a == 63 */
- }
- }
- }
- }
-}
-
-#endif
-
-void base64enc(char* dest,const void* src, uint16_t length){
- uint16_t i,j;
- uint8_t a[4];
- for(i=0; i<length/3; ++i){
- a[0]= (((uint8_t*)src)[i*3+0])>>2;
- a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F;
- a[2]= (((((uint8_t*)src)[i*3+1])<<2) | ((((uint8_t*)src)[i*3+2])>>6)) & 0x3F;
- a[3]= (((uint8_t*)src)[i*3+2]) & 0x3F;
- for(j=0; j<4; ++j){
- *dest++=bit6toAscii(a[j]);
- }
- }
- /* now we do the rest */
- switch(length%3){
- case 0:
- break;
- case 1:
- a[0]=(((uint8_t*)src)[i*3+0])>>2;
- a[1]=((((uint8_t*)src)[i*3+0])<<4)&0x3F;
- *dest++ = bit6toAscii(a[0]);
- *dest++ = bit6toAscii(a[1]);
- *dest++ = '=';
- *dest++ = '=';
- break;
- case 2:
- a[0]= (((uint8_t*)src)[i*3+0])>>2;
- a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F;
- a[2]= ((((uint8_t*)src)[i*3+1])<<2) & 0x3F;
- *dest++ = bit6toAscii(a[0]);
- *dest++ = bit6toAscii(a[1]);
- *dest++ = bit6toAscii(a[2]);
- *dest++ = '=';
- break;
- default: /* this will not happen! */
- break;
- }
-/* finalize: */
- *dest='\0';
-}
-
+++ /dev/null
-/* base64_enc.h */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#ifndef BASE64_ENC_H_
-#define BASE64_ENC_H_
-
-#include <stdint.h>
-
-void base64enc(char* dest, const void* src, uint16_t length);
-
-#endif /*BASE64_ENC_H_*/
+++ /dev/null
-/* bigint.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bigint.c
- * \author Daniel Otte
- * \date 2010-02-22
- *
- * \license GPLv3 or later
- *
- */
-
-
-#define STRING2(x) #x
-#define STRING(x) STRING2(x)
-#define STR_LINE STRING(__LINE__)
-
-#include "bigint.h"
-#include <string.h>
-/*
-#include "cli.h"
-#include "bigint_io.h"
-*/
-#ifndef MAX
- #define MAX(a,b) (((a)>(b))?(a):(b))
-#endif
-
-#ifndef MIN
- #define MIN(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#define SET_FBS(a, v) do{(a)->info &=0xF8; (a)->info |= (v);}while(0)
-#define GET_FBS(a) ((a)->info&BIGINT_FBS_MASK)
-#define SET_NEG(a) (a)->info |= BIGINT_NEG_MASK
-#define SET_POS(a) (a)->info &= ~BIGINT_NEG_MASK
-#define XCHG(a,b) do{(a)^=(b); (b)^=(a); (a)^=(b);}while(0)
-#define XCHG_PTR(a,b) do{ a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \
- b = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \
- a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b)));}while(0)
-
-#define GET_SIGN(a) ((a)->info&BIGINT_NEG_MASK)
-
-/******************************************************************************/
-void bigint_adjust(bigint_t* a){
- while(a->length_B!=0 && a->wordv[a->length_B-1]==0){
- a->length_B--;
- }
- if(a->length_B==0){
- a->info=0;
- return;
- }
- uint8_t t;
- uint8_t i = 0x07;
- t = a->wordv[a->length_B-1];
- while((t&0x80)==0 && i){
- t<<=1;
- i--;
- }
- SET_FBS(a, i);
-}
-
-/******************************************************************************/
-
-void bigint_copy(bigint_t* dest, const bigint_t* src){
- memcpy(dest->wordv, src->wordv, src->length_B);
- dest->length_B = src->length_B;
- dest->info = src->info;
-}
-
-/******************************************************************************/
-
-/* this should be implemented in assembly */
-/*
-void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
- uint16_t t=0, i;
- if(a->length_B < b->length_B){
- XCHG_PTR(a,b);
- }
- for(i=0; i<b->length_B; ++i){
- t = a->wordv[i] + b->wordv[i] + t;
- dest->wordv[i] = (uint8_t)t;
- t>>=8;
- }
- for(; i<a->length_B; ++i){
- t = a->wordv[i] + t;
- dest->wordv[i] = (uint8_t)t;
- t>>=8;
- }
- dest->wordv[i++] = t;
- dest->length_B = i;
- bigint_adjust(dest);
-}
-*/
-/******************************************************************************/
-
-/* this should be implemented in assembly */
-void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale){
- uint16_t i,j=0;
- uint16_t t=0;
- if(scale>dest->length_B)
- memset(dest->wordv+dest->length_B, 0, scale-dest->length_B);
- for(i=scale; i<a->length_B+scale; ++i,++j){
- t = a->wordv[j] + t;
- if(dest->length_B>i){
- t += dest->wordv[i];
- }
- dest->wordv[i] = (uint8_t)t;
- t>>=8;
- }
- while(t){
- if(dest->length_B>i){
- t = dest->wordv[i] + t;
- }
- dest->wordv[i] = (uint8_t)t;
- t>>=8;
- ++i;
- }
- if(dest->length_B < i){
- dest->length_B = i;
- }
- bigint_adjust(dest);
-}
-
-/******************************************************************************/
-
-/* this should be implemented in assembly */
-void bigint_sub_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
- int8_t borrow=0;
- int8_t r;
- int16_t t;
- uint16_t i, min, max;
- min = MIN(a->length_B, b->length_B);
- max = MAX(a->length_B, b->length_B);
- r = bigint_cmp_u(a,b);
- if(r==0){
- dest->length_B = 0;
- dest->wordv[0] = 0;
- bigint_adjust(dest);
- return;
- }
- if(b->length_B==0){
- dest->length_B = a->length_B;
- memcpy(dest->wordv, a->wordv, a->length_B);
- dest->info = a->info;
- SET_POS(dest);
- return;
- }
- if(a->length_B==0){
- dest->length_B = b->length_B;
- memcpy(dest->wordv, b->wordv, b->length_B);
- dest->info = b->info;
- SET_NEG(dest);
- return;
- }
- if(r<0){
- bigint_sub_u(dest, b, a);
- SET_NEG(dest);
- }else{
- for(i=0; i<min; ++i){
- t = a->wordv[i] - b->wordv[i] - borrow;
- if(t<0){
- borrow = 1;
- dest->wordv[i]=(uint8_t)t;
- }else{
- borrow = 0;
- dest->wordv[i]=(uint8_t)t;
- }
- }
- for(;i<max; ++i){
- t = a->wordv[i] - borrow;
- if(t<0){
- borrow = 1;
- dest->wordv[i]=(uint8_t)t;
- }else{
- borrow = 0;
- dest->wordv[i]=(uint8_t)t;
- }
-
- }
- SET_POS(dest);
- dest->length_B = i;
- bigint_adjust(dest);
- }
-}
-
-/******************************************************************************/
-
-int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){
- if(a->length_B > b->length_B){
- return 1;
- }
- if(a->length_B < b->length_B){
- return -1;
- }
- if(a->length_B==0){
- return 0;
- }
- uint16_t i;
- i = a->length_B-1;
- do{
- if(a->wordv[i]!=b->wordv[i]){
- if(a->wordv[i]>b->wordv[i]){
- return 1;
- }else{
- return -1;
- }
- }
- }while(i--);
- return 0;
-}
-
-/******************************************************************************/
-
-void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
- uint8_t s;
- s = GET_SIGN(a)?2:0;
- s |= GET_SIGN(b)?1:0;
- switch(s){
- case 0: /* both positive */
- bigint_add_u(dest, a,b);
- SET_POS(dest);
- break;
- case 1: /* a positive, b negative */
- bigint_sub_u(dest, a, b);
- break;
- case 2: /* a negative, b positive */
- bigint_sub_u(dest, b, a);
- break;
- case 3: /* both negative */
- bigint_add_u(dest, a, b);
- SET_NEG(dest);
- break;
- default: /* how can this happen?*/
- break;
- }
-}
-
-/******************************************************************************/
-
-void bigint_sub_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
- uint8_t s;
- s = GET_SIGN(a)?2:0;
- s |= GET_SIGN(b)?1:0;
- switch(s){
- case 0: /* both positive */
- bigint_sub_u(dest, a,b);
- break;
- case 1: /* a positive, b negative */
- bigint_add_u(dest, a, b);
- SET_POS(dest);
- break;
- case 2: /* a negative, b positive */
- bigint_add_u(dest, a, b);
- SET_NEG(dest);
- break;
- case 3: /* both negative */
- bigint_sub_u(dest, b, a);
- break;
- default: /* how can this happen?*/
- break;
- }
-
-}
-
-/******************************************************************************/
-
-int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b){
- uint8_t s;
- if(a->length_B==0 && b->length_B==0){
- return 0;
- }
- s = GET_SIGN(a)?2:0;
- s |= GET_SIGN(b)?1:0;
- switch(s){
- case 0: /* both positive */
- return bigint_cmp_u(a, b);
- break;
- case 1: /* a positive, b negative */
- return 1;
- break;
- case 2: /* a negative, b positive */
- return -1;
- break;
- case 3: /* both negative */
- return bigint_cmp_u(b, a);
- break;
- default: /* how can this happen?*/
- break;
- }
- return 0; /* just to satisfy the compiler */
-}
-
-/******************************************************************************/
-
-void bigint_shiftleft(bigint_t* a, uint16_t shift){
- uint16_t byteshift;
- uint16_t i;
- uint8_t bitshift;
- uint16_t t=0;
- byteshift = (shift+3)/8;
- bitshift = shift&7;
- memmove(a->wordv+byteshift, a->wordv, a->length_B);
- memset(a->wordv, 0, byteshift);
- if(bitshift!=0){
- if(bitshift<=4){ /* shift to the left */
- for(i=byteshift; i<a->length_B+byteshift; ++i){
- t |= (a->wordv[i])<<bitshift;
- a->wordv[i] = (uint8_t)t;
- t >>= 8;
- }
- a->wordv[i] = (uint8_t)t;
- byteshift++;
- }else{ /* shift to the right */
- for(i=a->length_B+byteshift-1; i>byteshift-1; --i){
- t |= (a->wordv[i])<<(bitshift);
- a->wordv[i] = (uint8_t)(t>>8);
- t <<= 8;
- }
- t |= (a->wordv[i])<<(bitshift);
- a->wordv[i] = (uint8_t)(t>>8);
- }
- }
- a->length_B += byteshift;
- bigint_adjust(a);
-}
-
-/******************************************************************************/
-
-void bigint_shiftright(bigint_t* a, uint16_t shift){
- uint16_t byteshift;
- uint16_t i;
- uint8_t bitshift;
- uint16_t t=0;
- byteshift = shift/8;
- bitshift = shift&7;
- if(byteshift >= a->length_B){ /* we would shift out more than we have */
- bigint_set_zero(a);
- return;
- }
- if(byteshift == a->length_B-1 && bitshift>GET_FBS(a)){
- bigint_set_zero(a);
- return;
- }
- if(byteshift){
- memmove(a->wordv, a->wordv+byteshift, a->length_B-byteshift);
- memset(a->wordv+a->length_B-byteshift, 0, byteshift);
- }
- if(bitshift!=0){
- /* shift to the right */
- for(i=a->length_B-byteshift-1; i>0; --i){
- t |= (a->wordv[i])<<(8-bitshift);
- a->wordv[i] = (uint8_t)(t>>8);
- t <<= 8;
- }
- t |= (a->wordv[0])<<(8-bitshift);
- a->wordv[0] = (uint8_t)(t>>8);
- }
- a->length_B -= byteshift;
- bigint_adjust(a);
-}
-
-/******************************************************************************/
-
-void bigint_xor(bigint_t* dest, const bigint_t* a){
- uint16_t i;
- for(i=0; i<a->length_B; ++i){
- dest->wordv[i] ^= a->wordv[i];
- }
- bigint_adjust(dest);
-}
-
-/******************************************************************************/
-
-void bigint_set_zero(bigint_t* a){
- a->length_B=0;
-}
-
-/******************************************************************************/
-
-/* using the Karatsuba-Algorithm */
-/* x*y = (xh*yh)*b**2n + ((xh+xl)*(yh+yl) - xh*yh - xl*yl)*b**n + yh*yl */
-void bigint_mul_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
- if(a->length_B==0 || b->length_B==0){
- bigint_set_zero(dest);
- return;
- }
- if(dest==a || dest==b){
- bigint_t d;
- uint8_t d_b[a->length_B+b->length_B];
- d.wordv = d_b;
- bigint_mul_u(&d, a, b);
- bigint_copy(dest, &d);
- return;
- }
- if(a->length_B==1 || b->length_B==1){
- if(a->length_B!=1){
- XCHG_PTR(a,b);
- }
- uint16_t i, t=0;
- uint8_t x = a->wordv[0];
- for(i=0; i<b->length_B; ++i){
- t += b->wordv[i]*x;
- dest->wordv[i] = (uint8_t)t;
- t>>=8;
- }
- dest->wordv[i] = (uint8_t)t;
- dest->length_B=i+1;
- bigint_adjust(dest);
- return;
- }
- if(a->length_B<=4 && b->length_B<=4){
- uint32_t p=0, q=0;
- uint64_t r;
- memcpy(&p, a->wordv, a->length_B);
- memcpy(&q, b->wordv, b->length_B);
- r = (uint64_t)p*(uint64_t)q;
- memcpy(dest->wordv, &r, a->length_B+b->length_B);
- dest->length_B = a->length_B+b->length_B;
- bigint_adjust(dest);
- return;
- }
- bigint_set_zero(dest);
- /* split a in xh & xl; split b in yh & yl */
- uint16_t n;
- n=(MAX(a->length_B, b->length_B)+1)/2;
- bigint_t xl, xh, yl, yh;
- xl.wordv = a->wordv;
- yl.wordv = b->wordv;
- if(a->length_B<=n){
- xh.info=0;
- xh.length_B = 0;
- xl.length_B = a->length_B;
- xl.info = 0;
- }else{
- xl.length_B=n;
- xl.info = 0;
- bigint_adjust(&xl);
- xh.wordv = a->wordv+n;
- xh.length_B = a->length_B-n;
- xh.info = 0;
- }
- if(b->length_B<=n){
- yh.info=0;
- yh.length_B = 0;
- yl.length_B = b->length_B;
- yl.info = b->info;
- }else{
- yl.length_B=n;
- yl.info = 0;
- bigint_adjust(&yl);
- yh.wordv = b->wordv+n;
- yh.length_B = b->length_B-n;
- yh.info = 0;
- }
- /* now we have split up a and b */
- uint8_t tmp_b[2*n+2], m_b[2*(n+1)];
- bigint_t tmp, tmp2, m;
- tmp.wordv = tmp_b;
- tmp2.wordv = tmp_b+n+1;
- m.wordv = m_b;
-
- bigint_mul_u(dest, &xl, &yl); /* dest <= xl*yl */
- bigint_add_u(&tmp2, &xh, &xl); /* tmp2 <= xh+xl */
- bigint_add_u(&tmp, &yh, &yl); /* tmp <= yh+yl */
- bigint_mul_u(&m, &tmp2, &tmp); /* m <= tmp2*tmp */
- bigint_mul_u(&tmp, &xh, &yh); /* h <= xh*yh */
- bigint_sub_u(&m, &m, dest); /* m <= m-dest */
- bigint_sub_u(&m, &m, &tmp); /* m <= m-h */
- bigint_add_scale_u(dest, &m, n);
- bigint_add_scale_u(dest, &tmp, 2*n);
-}
-
-/******************************************************************************/
-
-void bigint_mul_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
- uint8_t s;
- s = GET_SIGN(a)?2:0;
- s |= GET_SIGN(b)?1:0;
- switch(s){
- case 0: /* both positive */
- bigint_mul_u(dest, a,b);
- SET_POS(dest);
- break;
- case 1: /* a positive, b negative */
- bigint_mul_u(dest, a,b);
- SET_NEG(dest);
- break;
- case 2: /* a negative, b positive */
- bigint_mul_u(dest, a,b);
- SET_NEG(dest);
- break;
- case 3: /* both negative */
- bigint_mul_u(dest, a,b);
- SET_POS(dest);
- break;
- default: /* how can this happen?*/
- break;
- }
-}
-
-/******************************************************************************/
-
-/* square */
-/* (xh*b^n+xl)^2 = xh^2*b^2n + 2*xh*xl*b^n + xl^2 */
-void bigint_square(bigint_t* dest, const bigint_t* a){
- if(a->length_B<=4){
- uint64_t r=0;
- memcpy(&r, a->wordv, a->length_B);
- r = r*r;
- memcpy(dest->wordv, &r, 2*a->length_B);
- SET_POS(dest);
- dest->length_B=2*a->length_B;
- bigint_adjust(dest);
- return;
- }
- if(dest==a){
- bigint_t d;
- uint8_t d_b[a->length_B*2];
- d.wordv = d_b;
- bigint_square(&d, a);
- bigint_copy(dest, &d);
- return;
- }
- uint16_t n;
- n=(a->length_B+1)/2;
- bigint_t xh, xl, tmp; /* x-high, x-low, temp */
- uint8_t buffer[2*n+1];
- xl.wordv = a->wordv;
- xl.length_B = n;
- xh.wordv = a->wordv+n;
- xh.length_B = a->length_B-n;
- tmp.wordv = buffer;
- bigint_square(dest, &xl);
- bigint_square(&tmp, &xh);
- bigint_add_scale_u(dest, &tmp, 2*n);
- bigint_mul_u(&tmp, &xl, &xh);
- bigint_shiftleft(&tmp, 1);
- bigint_add_scale_u(dest, &tmp, n);
-}
-
-/******************************************************************************/
-
-void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale){
- bigint_t tmp;
- uint8_t tmp_b[b->length_B+1];
- uint16_t i,j,byteshift=bitscale/8;
- uint8_t borrow=0;
- int16_t t;
-
- if(a->length_B < b->length_B+byteshift){
- bigint_set_zero(a);
- return;
- }
-
- tmp.wordv = tmp_b;
- bigint_copy(&tmp, b);
- bigint_shiftleft(&tmp, bitscale&7);
-
- for(j=0,i=byteshift; i<tmp.length_B+byteshift; ++i, ++j){
- t = a->wordv[i] - tmp.wordv[j] - borrow;
- a->wordv[i] = (uint8_t)t;
- if(t<0){
- borrow = 1;
- }else{
- borrow = 0;
- }
- }
- while(borrow){
- if(i+1 > a->length_B){
- bigint_set_zero(a);
- return;
- }
- a->wordv[i] -= borrow;
- if(a->wordv[i]!=0xff){
- borrow=0;
- }
- ++i;
- }
- bigint_adjust(a);
-}
-
-/******************************************************************************/
-
-void bigint_reduce(bigint_t* a, const bigint_t* r){
-// bigint_adjust(r);
- uint8_t rfbs = GET_FBS(r);
-
- if(r->length_B==0 || a->length_B==0){
- return;
- }
- while(a->length_B > r->length_B){
- bigint_sub_u_bitscale(a, r, (a->length_B-r->length_B)*8+GET_FBS(a)-rfbs-1);
- }
- while((GET_FBS(a) > rfbs+1) && (a->length_B == r->length_B)){
- bigint_sub_u_bitscale(a, r, GET_FBS(a)-rfbs-1);
- }
- while(bigint_cmp_u(a,r)>=0){
- bigint_sub_u(a,a,r);
- }
- bigint_adjust(a);
-}
-
-/******************************************************************************/
-
-/* calculate dest = a**exp % r */
-/* using square&multiply */
-void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, const bigint_t* r){
- if(a->length_B==0 || r->length_B==0){
- return;
- }
-
- bigint_t res, base;
- uint8_t base_b[MAX(a->length_B,r->length_B*2)], res_b[r->length_B*2];
- uint16_t i;
- uint8_t j, t;
- res.wordv = res_b;
- base.wordv = base_b;
- bigint_copy(&base, a);
- bigint_reduce(&base, r);
- res.wordv[0]=1;
- res.length_B=1;
- res.info = 0;
- bigint_adjust(&res);
- for(i=0; i+1<exp->length_B; ++i){
- t=exp->wordv[i];
- for(j=0; j<8; ++j){
- if(t&1){
- bigint_mul_u(&res, &res, &base);
- bigint_reduce(&res, r);
- }
- bigint_square(&base, &base);
- bigint_reduce(&base, r);
- t>>=1;
- }
- }
- t=exp->wordv[i];
- while(t){
- if(t&1){
- bigint_mul_u(&res, &res, &base);
- bigint_reduce(&res, r);
- }
- bigint_square(&base, &base);
- bigint_reduce(&base, r);
- t>>=1;
- }
- SET_POS(&res);
- bigint_copy(dest, &res);
-}
-
-/******************************************************************************/
-/* gcd <-- gcd(x,y) a*x+b*y=gcd */
-void bigint_gcdext(bigint_t* gcd, bigint_t* a, bigint_t* b, const bigint_t* x, const bigint_t* y){
- bigint_t g, x_, y_, u, v, a_, b_, c_, d_;
- volatile uint16_t i=0;
- if(x->length_B==0 || y->length_B==0){
- return;
- }
- while(x->wordv[i]==0 && y->wordv[i]==0){
- ++i;
- }
- uint8_t g_b[i+2], x_b[x->length_B-i], y_b[y->length_B-i];
- uint8_t u_b[x->length_B-i], v_b[y->length_B-i];
- uint8_t a_b[y->length_B+2], c_b[y->length_B+2];
- uint8_t b_b[x->length_B+2], d_b[x->length_B+2];
-
- g.wordv = g_b;
- x_.wordv = x_b;
- y_.wordv = y_b;
- memset(g_b, 0, i);
- g_b[i]=1;
- g.length_B = i+1;
- g.info=0;
- x_.info = y_.info = 0;
- x_.length_B = x->length_B-i;
- y_.length_B = y->length_B-i;
- memcpy(x_.wordv, x->wordv+i, x_.length_B);
- memcpy(y_.wordv, y->wordv+i, y_.length_B);
- for(i=0; (x_.wordv[0]&(1<<i))==0 && (y_.wordv[0]&(1<<i))==0; ++i){
- }
-
- bigint_adjust(&x_);
- bigint_adjust(&y_);
-
- if(i){
- bigint_shiftleft(&g, i);
- bigint_shiftright(&x_, i);
- bigint_shiftright(&y_, i);
- }
- u.wordv = u_b;
- v.wordv = v_b;
- a_.wordv = a_b;
- b_.wordv = b_b;
- c_.wordv = c_b;
- d_.wordv = d_b;
-
- bigint_copy(&u, &x_);
- bigint_copy(&v, &y_);
- a_.wordv[0] = 1;
- a_.length_B = 1;
- a_.info = 0;
- d_.wordv[0] = 1;
- d_.length_B = 1;
- d_.info = 0;
- bigint_set_zero(&b_);
- bigint_set_zero(&c_);
- do{
- while((u.wordv[0]&1)==0){
- bigint_shiftright(&u, 1);
- if((a_.wordv[0]&1) || (b_.wordv[0]&1)){
- bigint_add_s(&a_, &a_, &y_);
- bigint_sub_s(&b_, &b_, &x_);
- }
- bigint_shiftright(&a_, 1);
- bigint_shiftright(&b_, 1);
- }
- while((v.wordv[0]&1)==0){
- bigint_shiftright(&v, 1);
- if((c_.wordv[0]&1) || (d_.wordv[0]&1)){
- bigint_add_s(&c_, &c_, &y_);
- bigint_sub_s(&d_, &d_, &x_);
- }
- bigint_shiftright(&c_, 1);
- bigint_shiftright(&d_, 1);
-
- }
- if(bigint_cmp_u(&u, &v)>=0){
- bigint_sub_u(&u, &u, &v);
- bigint_sub_s(&a_, &a_, &c_);
- bigint_sub_s(&b_, &b_, &d_);
- }else{
- bigint_sub_u(&v, &v, &u);
- bigint_sub_s(&c_, &c_, &a_);
- bigint_sub_s(&d_, &d_, &b_);
- }
- }while(u.length_B);
- if(gcd){
- bigint_mul_s(gcd, &v, &g);
- }
- if(a){
- bigint_copy(a, &c_);
- }
- if(b){
- bigint_copy(b, &d_);
- }
-}
-
-/******************************************************************************/
-
-void bigint_inverse(bigint_t* dest, const bigint_t* a, const bigint_t* m){
- bigint_gcdext(NULL, dest, NULL, a, m);
- while(dest->info&BIGINT_NEG_MASK){
- bigint_add_s(dest, dest, m);
- }
-}
-
-/******************************************************************************/
-
-void bigint_changeendianess(bigint_t* a){
- uint8_t t, *p, *q;
- p = a->wordv;
- q = p+a->length_B-1;
- while(p<q){
- t = *p;
- *p = *q;
- *q = t;
- ++p; --q;
- }
-}
-
-/******************************************************************************/
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-/* bigint.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file bigint.h
- * \author Daniel Otte
- * \date 2010-02-22
- *
- * \license GPLv3 or later
- *
- */
-
-#ifndef BIGINT_H_
-#define BIGINT_H_
-
-#include <stdint.h>
-
-#define BIGINT_FBS_MASK 0x07 /* the last three bits indicate which is the first bit set */
-#define BIGINT_NEG_MASK 0x80 /* this bit indicates a negative value */
-typedef struct{
- uint16_t length_B;
- uint8_t info;
- uint8_t *wordv; /* word vector, pointing to the LSB */
-}bigint_t;
-
-
-/******************************************************************************/
-
-void bigint_adjust(bigint_t* a);
-void bigint_copy(bigint_t* dest, const bigint_t* src);
-void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b);
-void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale);
-void bigint_sub_u(bigint_t* dest, const bigint_t* a, const bigint_t* b);
-int8_t bigint_cmp_u(const bigint_t * a, const bigint_t * b);
-void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b);
-void bigint_sub_s(bigint_t* dest, const bigint_t* a, const bigint_t* b);
-int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b);
-void bigint_shiftleft(bigint_t* a, uint16_t shift);
-void bigint_shiftright(bigint_t* a, uint16_t shift);
-void bigint_xor(bigint_t* dest, const bigint_t* a);
-void bigint_set_zero(bigint_t* a);
-void bigint_mul_u(bigint_t* dest, const bigint_t* a, const bigint_t* b);
-void bigint_mul_s(bigint_t* dest, const bigint_t* a, const bigint_t* b);
-void bigint_square(bigint_t* dest, const bigint_t* a);
-void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale);
-void bigint_reduce(bigint_t* a, const bigint_t* r);
-void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, const bigint_t* r);
-void bigint_gcdext(bigint_t* gcd, bigint_t* a, bigint_t* b, const bigint_t* x, const bigint_t* y);
-void bigint_inverse(bigint_t* dest, const bigint_t* a, const bigint_t* m);
-void bigint_changeendianess(bigint_t* a);
-/******************************************************************************/
-
-#endif /*BIGINT_H_*/
+++ /dev/null
-/* bigint_add_u.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * \file bigint_add_u.S
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-03-01
- * \license GPLv3 or later
- *
- */
-
-#include "avr-asm-macros.S"
-
-/*
- param dest: r24:r25
- param a: r22:r23
- param b: r20:r21
-*/
-LEN_A_0 = 22
-LEN_A_1 = 23
-LEN_B_0 = 20
-LEN_B_1 = 21
-
-
-.global bigint_add_u
-bigint_add_u:
- push_range 28, 29
- push_range 24, 25
- movw r26, r24 ; X is our destination pointer
- movw r30, r22 ; Z = a
- movw r28, r20 ; Y = b
- ldd LEN_A_0, Z+0
- ldd LEN_A_1, Z+1
- ldd LEN_B_0, Y+0
- ldd LEN_B_1, Y+1
- cp LEN_A_0, LEN_B_0
- cpc LEN_A_1, LEN_B_1
- brsh 3f
- movw r18, LEN_A_0 ; swap length values
- movw LEN_A_0, LEN_B_0
- movw LEN_B_0, r18
- movw r18, r30 ; swap pointers
- movw r30, r28
- movw r28, r18
-3: ; now a is the longer integer
- movw r24, LEN_A_0
- adiw r24, 0
- brne 4f
- st X+, r1 ; store length
- st X+, r1
- st X+, r1 ; store 0 in info field
- rjmp 9f
-4:
- adiw r24, 1
- st X+, r24 ; store length
- st X+, r25
- st X+, r1 ; store 0 in info field
- ld r18, X+
- ld r19, X+
- movw r26, r18
- adiw r30, 3 ; adjust pointers to point at wordv
- ld r18, Z+
- ld r19, Z+
- movw r30, r18
- adiw r28, 3
- ld r18, Y+
- ld r19, Y+
- movw r28, r18
-
- sub LEN_A_0, LEN_B_0
- sbc LEN_A_1, LEN_B_1
- movw r24, LEN_B_0
- clr r0
- adiw r24, 0
- breq 6f
- clc
-5:
- ld r0, Z+
- ld r1, Y+
- adc r0, r1
- st X+, r0
- dec r24
- brne 5b
- rol r0 ; store carry bit
- tst r25
- breq 6f
- dec r25
- dec r24
- ror r0 ; write carry back
- rjmp 5b
-6: /* the main part is done */
- movw r24, LEN_A_0
- clr r1
- adiw r24, 0
- breq 8f
-62:
- ror r0 ; write carry back
-7:
- ld r0, Z+
- adc r0, r1
- st X+, r0
- dec r24
- brne 7b
- rol r0 ; store carry bit
- tst r25
- breq 8f
- dec r25
- dec r24
- rjmp 62b
-8:
- ror r0
- clr r0
- rol r0
- st X+, r0
-9:
- pop_range 24, 25
- pop_range 28, 29
- jmp bigint_adjust
-
-
+++ /dev/null
-/* bigint_io.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "cli.h"
-#include "hexdigit_tab.h"
-#include "bigint.h"
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include <string.h>
-
-void bigint_print_hex(const bigint_t* a){
- if(a->length_B==0){
- cli_putc('0');
- return;
- }
- if(a->info&BIGINT_NEG_MASK){
- cli_putc('-');
- }
-// cli_putc((a->info&BIGINT_NEG_MASK)?'-':'+'); /* print sign */
- if(a->wordv[a->length_B-1]<0x10){
- cli_putc(pgm_read_byte(hexdigit_tab_uc_P+a->wordv[a->length_B-1]));
- cli_hexdump_rev(a->wordv, a->length_B-1);
- } else {
- cli_hexdump_rev(a->wordv, a->length_B);
- }
-}
-
-#define BLOCKSIZE 20
-
-static uint8_t char2nibble(char c){
- if(c>='0' && c <='9'){
- return c-'0';
- }
- c |= 'A'^'a'; /* to lower case */
- if(c>='a' && c <='f'){
- return c-'a'+10;
- }
- return 0xff;
-}
-
-static uint16_t read_byte(void){
- uint8_t t1, t2;
- char c;
- c = cli_getc_cecho();
- if(c=='-'){
- return 0x0500;
- }
- t1 = char2nibble(c);
- if(t1 == 0xff){
- return 0x0100;
- }
- c = cli_getc_cecho();
- t2 = char2nibble(c);
- if(t2 == 0xff){
- return 0x0200|t1;
- }
- return (t1<<4)|t2;
-}
-
-uint8_t bigint_read_hex_echo(bigint_t* a){
- uint16_t allocated=0;
- uint8_t shift4=0;
- uint16_t t;
- a->length_B = 0;
- a->wordv = NULL;
- a->info = 0;
- for(;;){
- if(allocated-a->length_B < 1){
- uint8_t *p;
- p = realloc(a->wordv, allocated+=BLOCKSIZE);
- if(p==NULL){
- cli_putstr_P(PSTR("\r\nERROR: Out of memory!"));
- free(a->wordv);
- return 0xff;
- }
- a->wordv=p;
- }
- t = read_byte();
- if(a->length_B==0){
- if(t&0x0400){
- /* got minus */
- a->info |= BIGINT_NEG_MASK;
- continue;
- }else{
- if(t==0x0100){
- free(a->wordv);
- a->wordv=NULL;
- return 1;
- }
- }
- }
- if(t<=0x00ff){
- a->wordv[a->length_B++] = (uint8_t)t;
- }else{
- if(t&0x0200){
- shift4 = 1;
- a->wordv[a->length_B++] = (uint8_t)((t&0x0f)<<4);
- }
- break;
- }
- }
- /* we have to reverse the byte array */
- uint8_t tmp;
- uint8_t *p, *q;
- p = a->wordv;
- q = a->wordv+a->length_B-1;
- while(q>p){
- tmp = *p;
- *p = *q;
- *q = tmp;
- p++; q--;
- }
- if(shift4){
- bigint_adjust(a);
- bigint_shiftright(a, 4);
- }
- bigint_adjust(a);
- return 0;
-}
+++ /dev/null
-/* bigint_io.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef BIGINT_IO_H_
-#define BIGINT_IO_H_
-
-#include "bigint.h"
-
-void bigint_print_hex(const bigint_t* a);
-uint8_t bigint_read_hex_echo(bigint_t* a);
-
-#endif /* BIGINT_IO_H_ */
#define DSA_H_
#include <stdint.h>
-#include "hfal-basic.h"
-#include "bigint.h"
+#include "hfal/hfal-basic.h"
+#include "bigint/bigint.h"
typedef struct{
bigint_t p;
#include <avr/pgmspace.h>
#include "cli.h"
#include "dsa.h"
-#include "bigint.h"
+#include "bigint/bigint.h"
#define DSA_KEY_BLOB_SIZE 1024
#include <stdint.h>
#include "cli.h"
-#include "bigint.h"
+#include "bigint/bigint.h"
#include "dsa.h"
#include "hashfunction_descriptor.h"
-#include "hfal-basic.h"
+#include "hfal/hfal-basic.h"
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx, const bigint_t* k){
*/
#include <stdint.h>
-#include "bigint.h"
+#include "bigint/bigint.h"
#include "dsa.h"
-#include "hfal-basic.h"
+#include "hfal/hfal-basic.h"
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx){
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
+++ /dev/null
-/* noekeon.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef NOEKEON_H_
-#define NOEKEON_H_
-
-/**
- * \file noekeon.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-04-11
- * \license GPLv3 or later
- * \brief Implementation of the Noekeon block cipher
- * \ingroup Noekeon
- * This is an implementation of the Noekeon block cipher.
- * For more details on Noekeon see http://gro.noekeon.org/
- */
-
-#include <stdint.h>
-
-/** \typedef noekeon_ctx_t
- * \brief holds key data for indirect mode
- *
- * A variable of this type may hold the key data for the indirect mode.
- * For direct mode simply pass the key directly to the encryption or
- * decryption function.
- */
-typedef uint8_t noekeon_ctx_t[16];
-
-/** \fn void noekeon_enc(void* buffer, const void* key)
- * \brief noekeon encrytion funtion
- *
- * This function encrypts a block (64 bit = 8 byte) with the noekeon encrytion
- * algorithm. Due to the two modes of noekeon (direct mode and indirect mode)
- * the second parameter either points directly to the key (direct mode) or to a
- * context generated by the noekeon_init() function (indirect mode).
- * \param buffer pointer to the 64 bit (8 byte) block to encrypt
- * \param key pointer to either the key (128 bit = 16 byte; direct mode) or
- * to the context (indirect mode)
- */
-void noekeon_enc(void* buffer, const void* key);
-
-/** \fn void noekeon_dec(void* buffer, const void* key)
- * \brief noekeon encrytion funtion
- *
- * This function decrypts a block (64 bit = 8 byte) encrypted with the noekeon
- * encrytion algorithm. Due to the two modes of noekeon (direct mode and
- * indirect mode) the second parameter either points directly to the key
- * (direct mode) or to a context generated by the noekeon_init() function
- * (indirect mode).
- * \param buffer pointer to the 64 bit (8 byte) block to decrypt
- * \param key pointer to either the key (128 bit = 16 byte; direct mode) or
- * to the context (indirect mode)
- */
-void noekeon_dec(void* buffer, const void* key);
-
-
-/** \fn void noekeon_init(const void* key, noekeon_ctx_t* ctx)
- * \brief noekeon context generation function for indirect mode
- *
- * This function generates a context from the supplied key for using
- * noekeon in indirect mode. For using noekeon in direct mode supply the key
- * direct to the noekeon_enc() and noekeon_dec() functions.
- * \param key pointer to the key (128 bit = 16 byte)
- * \param ctx pointer to the context to fill with key material
- * to the context (indirect mode)
- */
-void noekeon_init(const void* key, noekeon_ctx_t* ctx);
-
-#endif /*NOEKEON_H_*/
+++ /dev/null
-/* noekeon_asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * noekeon assembler implementation for avr
- * author: Daniel Otte
- * email: daniel.otte@rub.de
- * license: GPLv3
- */
-
-#include <avr/io.h>
-
-.macro push_all
- push r2
- push r3
- push r4
- push r5
- push r6
- push r7
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
-.endm
-
-.macro pop_all
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- pop r7
- pop r6
- pop r5
- pop r4
- pop r3
- pop r2
- clr r1
-.endm
-
-push_all_func:
- pop r31
- pop r30
- push_all
- ijmp
-
-pop_all_func:
- pop r31
- pop r30
- pop_all
- ijmp
-
-.macro xchg a b
- eor \a, \b
- eor \b, \a
- eor \a, \b
-.endm
-
-.macro op32 op a b
- \op \a\()_0, \b\()_0
- \op \a\()_1, \b\()_1
- \op \a\()_2, \b\()_2
- \op \a\()_3, \b\()_3
-.endm
-
-
-.macro op32_4t op a b c d w x y z
- \op \a, \w
- \op \b, \x
- \op \c, \y
- \op \d, \z
-.endm
-
-
-.macro op32_prefix op p q a b c d w x y z
- \op \p\()\a, \q\()\w
- \op \p\()\b, \q\()\x
- \op \p\()\c, \q\()\y
- \op \p\()\d, \q\()\z
-.endm
-
-; === bigendian_rotl32 ===
-; this function rotates a 32bit bigendian word n bits to the left
-; param1: the 32-bit value
-; given in r25,r24,r23,r22 (r22 is most significant)
-; param2: the 8-bit parameter giving the number of bits to rotate
-; given in r20
-; return: the rotatet 32-bit word
-; given in r25,r24,r23,r22
-
-bigendian_rotl32:
- /* copy high bit of r22 to carry */
- mov r1, r22
-2:
- rol r1
-
- rol r25
- rol r24
- rol r23
- rol r22
-
- dec r20
- brne 2b
-bigendian_rotl32_exit:
- clr r1
- ret
-
-
-/******************************************************************************/
-
-; === bigendian_rotl32 ===
-; this function rotates a 32bit bigendian word n bits to the right
-; param1: the 32-bit value
-; given in r25,r24,r23,r22 (r22 is most significant)
-; param2: the 8-bit parameter giving the number of bits to rotate
-; given in r20
-; return: the rotatet 32-bit word
-; given in r25,r24,r23,r22
-
-bigendian_rotr32:
- /* copy high bit of r25 to carry */
-
- mov r1, r25
-2:
- ror r1
-
- ror r22
- ror r23
- ror r24
- ror r25
- dec r20
- brne 2b
-bigendian_rotr32_exit:
- clr r1
- ret
-
-/******************************************************************************/
-/*
-void theta(uint32_t* k, uint32_t* a){
- uint32_t temp;
- temp = a[0] ^ a[2]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
- a[1] ^= temp;
- a[3] ^= temp;
-
- a[0] ^= k[0];
- a[1] ^= k[1];
- a[2] ^= k[2];
- a[3] ^= k[3];
-
- temp = a[1] ^ a[3]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
- a[0] ^= temp;
- a[2] ^= temp;
-}
-*/
-
-round_const: .byte 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, \
- 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, \
- 0xD4
-
-;-- a[0]
-state0_0 = 2
-state0_1 = 3
-state0_2 = 4
-state0_3 = 5
-;-- a[1]
-state1_0 = 6
-state1_1 = 7
-state1_2 = 8
-state1_3 = 9
-;-- a[2]
-state2_0 = 10
-state2_1 = 11
-state2_2 = 12
-state2_3 = 13
-;-- a[3]
-state3_0 = 14
-state3_1 = 15
-state3_2 = 16
-state3_3 = 17
-
-; === theta ===
-;
-; param1: the state in r2-r17
-; param2: pointer to k in X (r26,r27)
-;
-temp_a = 18
-temp_b = 19
-temp_c = 20
-temp_d = 21
-
-theta:
- /* temp = a[0] ^ a[2]; temp ^= temp>>>8 ^ temp<<<8 */
- op32_prefix mov, temp_, state0_, a,b,c,d, 0,1,2,3
- op32_prefix eor, temp_, state2_, a,b,c,d, 0,1,2,3
-
- mov r1, temp_a
- eor r1, temp_b
- eor r1, temp_c
- eor r1, temp_d
-
- op32_prefix eor, temp_, r, a,b,c,d, 1,1,1,1
-
- /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */
- /* a[1] ^= temp */
- eor state1_0, temp_c
- eor state1_1, temp_d
- eor state1_2, temp_a
- eor state1_3, temp_b
- /* a[3] ^= temp */
- eor state3_0, temp_c
- eor state3_1, temp_d
- eor state3_2, temp_a
- eor state3_3, temp_b
-
- /* state ^ k (X points to K) */
- ldi r28, 2
- clr r29 /* Y points to r2 aka state0_0 */
- ldi temp_a, 16
-1:
- ld r1, X+
- ld r0, Y
- eor r1, r0
- st Y+, r1
- dec temp_a
- brne 1b
- sbiw r26, 16 /* set X back to key */
-
- mov temp_a, state1_0
- mov temp_b, state1_1
- mov temp_c, state1_2
- mov temp_d, state1_3
- eor temp_a, state3_0
- eor temp_b, state3_1
- eor temp_c, state3_2
- eor temp_d, state3_3
- mov r1, temp_a
- eor r1, temp_b
- eor r1, temp_c
- eor r1, temp_d
- eor temp_a, r1
- eor temp_b, r1
- eor temp_c, r1
- eor temp_d, r1
- /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */
- /* a[0] ^= temp */
- eor state0_0, temp_c
- eor state0_1, temp_d
- eor state0_2, temp_a
- eor state0_3, temp_b
- /* a[2] ^= temp */
- eor state2_0, temp_c
- eor state2_1, temp_d
- eor state2_2, temp_a
- eor state2_3, temp_b
-
- clr r1
- ret
-
-/******************************************************************************/
-#ifndef NOEKEON_NO_ENC
-; === noekeon_enc ===
-;
-; param1: pointer to buffer (r24,r25)
-; param2: pointer to k (r22,r23)
-;
-.global noekeon_enc
-noekeon_enc:
- rcall push_all_func
- /* load state */
- movw r26, r22
- ldi r28, 2
- clr r29 /* Y points at r2 aka state0_0 */
- movw r30, r24 /* Z points at state */
- push r30
- push r31
- ldi r22, 16
- push r22 /* 16 is also the number of rounds and gets pushed here */
-1:
- ld r0, Z+
- st Y+, r0
- dec r22
- brne 1b
- /* state loaded */
- push r1 /* push round constan2 (0x00) */
- ldi r20, 0x80
- push r20 /* push round constan2 (0x00) */
- rjmp 3f
-2:
- ldi r30, lo8(round_const+15)
- ldi r31, hi8(round_const+15)
- sub r30, r22
- sbci r31, 0
- clr r1
- push r1
- lpm r0, Z
- push r0
-3:
- rcall round /* pops rc2 & rc1 */
- pop r22
- dec r22
- push r22
- brne 2b
-
- pop r22
-
- ldi r22, 0xD4
- eor state0_3, r22
- rcall theta
-
- pop r31
- pop r30
- clr r29
- ldi r28, 2
- ldi r22, 16
-1:
- ld r0, Y+
- st Z+, r0
- dec r22
- brne 1b
-
- rcall pop_all_func
- ret
-#endif
-/******************************************************************************/
-/******************************************************************************/
-#ifndef NOEKEON_NO_DEC
-
-; === noekeon_dec ===
-;
-; param1: pointer to buffer/state (r24,r25)
-; param2: pointer to k (r22,r23)
-;
-.global noekeon_dec
-noekeon_dec:
- rcall push_all_func
- /* allocate 16 bytes on the stack */
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- sbiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
-
- adiw r30, 1
- /* push state pointer */
- push r24
- push r25
- movw r26, r22 /* move key ptr to X */
-
- /* set stackkey to zero */
- ldi r22, 16
-1: st Z+, r1
- dec r22
- brne 1b
-
- /* copy key to state */
- clr r29
- ldi r28, 2
- ldi r22, 16
-1: ld r0, X+
- st Y+, r0
- dec r22
- brne 1b
-
- movw r26, r30
- sbiw r26, 16 /* set X back to begining of stack key */
- rcall theta
-
- /* mov state to stackkey */
- clr r29
- ldi r28, 2
- ldi r22, 16
-1: ld r0, Y+
- st X+, r0
- dec r22
- brne 1b
- sbiw r26, 16 /* set X back to begining of stack key */
-
- /* move data from stateptr to state */
- pop r31
- pop r30
- push r30
- push r31
- clr r29
- ldi r28, 2
- ldi r22, 16
- push r22
-1: ld r0, Z+
- st Y+, r0
- dec r22
- brne 1b
-
-;--- snip 8< ----
-
- ldi r20, 0xD4
- push r20 /* push round constant2 (0xD4) */
- push r22 /* push round constan1 (0x00) */
- rjmp 3f
-2:
- ldi r30, lo8(round_const-1)
- ldi r31, hi8(round_const-1)
- clr r1
- add r30, r22
- adc r31, r1
- lpm r0, Z
- push r0
- push r1
-3:
- rcall round /* pops rc2 & rc1 */
- pop r22
- dec r22
- push r22
- brne 2b
-;----
- pop r22
-
- rcall theta
- ldi r22, 0x80
- eor state0_3, r22
-
-write_state_back:
- /* write state back */
- pop r31 /* pop state pointer */
- pop r30
- clr r29
- ldi r28, 2
- ldi r22, 16
-1:
- ld r0, Y+
- st Z+, r0
- dec r22
- brne 1b
-
- /* remove key from stack */
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- adiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
- rcall pop_all_func
- ret
-#endif
-/******************************************************************************/
-
-
-round:
- pop r24
- pop r25
- pop r1
- eor state0_3, r1
- rcall theta
- pop r1
- eor state0_3, r1
- push r25
- push r24
-pi_gamma_pi:
- ldi r30, pm_lo8(bigendian_rotl32)
- ldi r31, pm_hi8(bigendian_rotl32)
- rcall pi
- /* pi1 done; now gamma */
- rcall gamma_1
- /* a[0] <-> a[3] */
- xchg state0_0, state3_0
- xchg state0_1, state3_1
- xchg state0_2, state3_2
- xchg state0_3, state3_3
- /* a[2] ^= a[0] ^ a[1] ^ a[3] */
- op32 eor, state2, state0
- op32 eor, state2, state1
- op32 eor, state2, state3
-
- rcall gamma_1
- ldi r30, pm_lo8(bigendian_rotr32)
- ldi r31, pm_hi8(bigendian_rotr32)
- rcall pi
- ret
-
-gamma_1:
- /* a[1] ^= ~(a[3]|a[2])*/
- mov r1, state3_0
- or r1, state2_0
- com r1
- eor state1_0, r1
-
- mov r1, state3_1
- or r1, state2_1
- com r1
- eor state1_1, r1
-
- mov r1, state3_2
- or r1, state2_2
- com r1
- eor state1_2, r1
-
- mov r1, state3_3
- or r1, state2_3
- com r1
- eor state1_3, r1
-
- /* a[0] ^= a[2]&a[1] */
- mov r1, state2_0
- and r1, state1_0
- eor state0_0, r1
-
- mov r1, state2_1
- and r1, state1_1
- eor state0_1, r1
-
- mov r1, state2_2
- and r1, state1_2
- eor state0_2, r1
-
- mov r1, state2_3
- and r1, state1_3
- eor state0_3, r1
- ret
-
-pi:
- /* a[1] <<<= 1*/
- mov r22, state1_0
- mov r23, state1_1
- mov r24, state1_2
- mov r25, state1_3
- ldi r20, 1
- icall
- mov state1_0, r22
- mov state1_1, r23
- mov state1_2, r24
- mov state1_3, r25
- /* a[2] <<<= 5*/
- mov r22, state2_0
- mov r23, state2_1
- mov r24, state2_2
- mov r25, state2_3
- ldi r20, 5
- icall
- mov state2_0, r22
- mov state2_1, r23
- mov state2_2, r24
- mov state2_3, r25
- /* a[3] <<<= 2*/
- mov r22, state3_0
- mov r23, state3_1
- mov r24, state3_2
- mov r25, state3_3
- ldi r20, 2
- icall
- mov state3_0, r22
- mov state3_1, r23
- mov state3_2, r24
- mov state3_3, r25
- ret
-
-/******************************************************************************/
-
-/*
-void noekeon_init(void* key, noekeon_ctx_t* ctx){
- uint8_t nullv[16];
-
- memset(nullv, 0, 16);
- memcpy(ctx, key, 16);
- noekeon_enc(ctx, nullv);
-}
-*/
-
-#ifndef NOEKEON_NO_INIT
-
-.global noekeon_init
-noekeon_init:
-; === noekeon_init ===
-;
-; param1: pointer to key (r24,r25)
-; param2: pointer to context (r22,r23)
-;
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- sbiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
-
- movw r26, r22
- adiw r30, 1
- movw r22, r30
- /* set nullv(stack) to zero */
- ldi r20, 16
-1: st Z+, r1
- dec r20
- brne 1b
-
- /* copy key data to ctx */
- movw r30, r24
- ldi r20, 16
-1: ld r1, Z+
- st X+, r1
- dec r20
- brne 1b
- clr r1
-
- sbiw r26, 16
- movw r24, r26
- rcall noekeon_enc
-
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- adiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
- ret
-
-#endif
-
-
+++ /dev/null
-/* noekeon_prng.c */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * \author Daniel Otte
- * \date 2008-08-24
- * \license GPLv3 or later
- * \brief random number generator based on noekeon running in CFB-mode
- *
- */
-
-#include "noekeon.h"
-#include "memxor.h"
-#include <stdint.h>
-#include <string.h>
-
-static uint8_t random_state[16];
-static uint8_t random_key[16];
-static uint8_t i=0;
-
-uint8_t random8(void){
- static uint8_t sr[16];
-
- if(i==0){
- noekeon_enc(random_state, random_key);
- memcpy(sr, random_state, 16);
- i=15;
- return sr[15];
- }
- --i;
- return sr[i];
-}
-
-void random_block(void* dest){
- i=0;
- noekeon_enc(random_state, random_key);
- memcpy(dest, random_state, 16);
-}
-
-void srandom32(uint32_t seed){
- memcpy(random_key, &seed, 4);
- memset(random_key+4, 0, 12);
- memset(random_state, 0, 16);
- i=0;
-}
-
-void random_seed(const void* buffer){
- memcpy(random_key, buffer, 16);
- memset(random_state, 0, 16);
- i=0;
-}
-
-void random_add(const void* buffer){
- i=0;
- noekeon_enc(random_state, random_key);
- memxor(random_key, random_state, 16);
- memxor(random_key, buffer, 16);
-}
-
-
+++ /dev/null
-/* noekeon_prng.h */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * \author Daniel Otte
- * \date 2008-08-24
- * \license GPLv3 or later
- * \brief random number generator based on noekeon running in CFB-mode
- *
- */
-
-#ifndef PRNG_H_
-#define PRNG_H_
-
-#include <stdint.h>
-
-uint8_t random8(void);
-void random_block(void* dest);
-void srandom32(uint32_t seed);
-void random_seed(const void* buffer);
-void random_add(const void* buffer);
-
-#endif /* PRNG_H_*/
-
-
+++ /dev/null
-/* sha1-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; SHA1 implementation in assembler for AVR
-SHA1_BLOCK_BITS = 512
-SHA1_HASH_BITS = 160
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-.macro delay
-/*
- push r0
- push r1
- clr r0
-1: clr r1
-2: dec r1
- brne 2b
- dec r0
- brne 1b
- pop r1
- pop r0 // */
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
-/*
- precall
- hexdump \length
- postcall
- // */
-.endm
-
-
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha1_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha1_ctx2hash
-; === sha1_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha1_ctx structure
-; given in r23,r22
-sha1_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 5
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha1
-; === sha1 ===
-; this function calculates SHA-1 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha1:
-sha1_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r30, SPL
- in r31, SPH
- sbiw r30, 5*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SREG, r0
- out SPH, r31
-
- push r25
- push r24
- adiw r30, 1
- movw r16, r30
-
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha1_init
- /* if length >= 512 */
-1:
- tst r11
- brne 2f
- tst r10
- breq 4f
-2:
- movw r24, r16
- movw r22, r12
- rcall sha1_nextBlock
- ldi r19, 64
- add r12, r19
- adc r13, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha1_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha1_ctx2hash
-
-sha1_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 5*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SREG, r0
- out SPH, r31
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha1_lastBlock
-; === sha1_lastBlock ===
-; this function does padding & Co. for calculating SHA-1 hashes
-; param1: the 16-bit pointer to sha1_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha1_lastBlock_localSpace = (SHA1_BLOCK_BITS/8+1)
-
-
-sha1_lastBlock:
- cpi r21, 0x02
- brlo sha1_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha1_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 2
- ldi r19, 64
- sub r22, r19
- sbc r23, r1
- rjmp sha1_lastBlock
-sha1_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r0, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64) /* ??? */
- cli
- out SPL, r30
- out SREG, r0
- out SPH, r31
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha1_lastBlock_post_copy
- mov r1, r18
-sha1_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha1_lastBlock_copy_loop
-sha1_lastBlock_post_copy:
-sha1_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha1_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha1_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*5+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha1_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha1_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha1_lastBlock_epilog
-sha1_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 5*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha1_nextBlock
-
-sha1_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r0, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SREG, r0
- out SPH, r31
- clr r1
- ret
-
-/**/
-;###########################################################
-
-.global sha1_nextBlock
-; === sha1_nextBlock ===
-; this is the core function for calculating SHA-1 hashes
-; param1: the 16-bit pointer to sha1_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha1_nextBlock_localSpace = (16+5+1)*4 ; 16 32-bit values for w array and 5 32-bit values for a array (total 84 byte)
-
-xtmp = 0
-xNULL = 1
-W1 = 10
-W2 = 11
-T1 = 12
-T2 = 13
-T3 = 14
-T4 = 15
-LoopC = 16
-S = 17
-tmp1 = 18
-tmp2 = 19
-tmp3 = 20
-tmp4 = 21
-F1 = 22
-F2 = 23
-F3 = 24
-F4 = 25
-
-/* byteorder: high number <--> high significance */
-sha1_nextBlock:
- ; initial, let's make some space ready for local vars
- /* replace push & pop by mem ops? */
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack /* maybe removeable? */
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha1_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha1_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SREG, r0
- out SPH, r21
-
- push r18
- push r19 /* push old SP on new stack */
- push r24
- push r25 /* param1 will be needed later */
-
- /* load a[] with state */
- movw 28, r24 /* load pointer to state in Y */
- adiw r26, 1 ; X++
-
- ldi LoopC, 5*4
-1: ld tmp1, Y+
- st X+, tmp1
- dec LoopC
- brne 1b
-
- movw W1, r26 /* save pointer to w[0] */
- /* load w[] with endian fixed message */
- /* we might also use the changeendian32() function at bottom */
- movw r30, r22 /* mv param2 (ponter to msg) to Z */
- ldi LoopC, 16
-1:
- ldd tmp1, Z+3
- st X+, tmp1
- ldd tmp1, Z+2
- st X+, tmp1
- ldd tmp1, Z+1
- st X+, tmp1
- ld tmp1, Z
- st X+, tmp1
- adiw r30, 4
- dec LoopC
- brne 1b
-
- ;clr LoopC /* LoopC is named t in FIPS 180-2 */
- clr xtmp
-sha1_nextBlock_mainloop:
- mov S, LoopC
- lsl S
- lsl S
- andi S, 0x3C /* S is a bytepointer so *4 */
- /* load w[s] */
- movw r26, W1
- add r26, S /* X points at w[s] */
- adc r27, xNULL
- ld T1, X+
- ld T2, X+
- ld T3, X+
- ld T4, X+
-
-/*
- push r26
- push r27
- push T4
- push T3
- push T2
- push T1
- in r26, SPL
- in r27, SPH
- adiw r26, 1
- dbg_hexdump 4
- pop T1
- pop T2
- pop T3
- pop T4
- pop r27
- pop r26
-*/
-
- cpi LoopC, 16
- brlt sha1_nextBlock_mainloop_core
- /* update w[s] */
- ldi tmp1, 2*4
- rcall 1f
- ldi tmp1, 8*4
- rcall 1f
- ldi tmp1, 13*4
- rcall 1f
- rjmp 2f
-1: /* this might be "outsourced" to save the jump above */
- add tmp1, S
- andi tmp1, 0x3f
- movw r26, W1
- add r26, tmp1
- adc r27, xNULL
- ld tmp2, X+
- eor T1, tmp2
- ld tmp2, X+
- eor T2, tmp2
- ld tmp2, X+
- eor T3, tmp2
- ld tmp2, X+
- eor T4, tmp2
- ret
-2: /* now we just hav to do a ROTL(T) and save T back */
- mov tmp2, T4
- rol tmp2
- rol T1
- rol T2
- rol T3
- rol T4
- movw r26, W1
- add r26, S
- adc r27, xNULL
- st X+, T1
- st X+, T2
- st X+, T3
- st X+, T4
-
-sha1_nextBlock_mainloop_core: /* ther core function; T=ROTL5(a) ....*/
- /* T already contains w[s] */
- movw r26, W1
- sbiw r26, 4*1 /* X points at a[4] aka e */
- ld tmp1, X+
- add T1, tmp1
- ld tmp1, X+
- adc T2, tmp1
- ld tmp1, X+
- adc T3, tmp1
- ld tmp1, X+
- adc T4, tmp1 /* T = w[s]+e */
- sbiw r26, 4*5 /* X points at a[0] aka a */
- ld F1, X+
- ld F2, X+
- ld F3, X+
- ld F4, X+
- mov tmp1, F4 /* X points at a[1] aka b */
- ldi tmp2, 5
-1:
- rol tmp1
- rol F1
- rol F2
- rol F3
- rol F4
- dec tmp2
- brne 1b
-
- add T1, F1
- adc T2, F2
- adc T3, F3
- adc T4, F4 /* T = ROTL(a,5) + e + w[s] */
-
- /* now we have to do this fucking conditional stuff */
- ldi r30, lo8(sha1_nextBlock_xTable)
- ldi r31, hi8(sha1_nextBlock_xTable)
- add r30, xtmp
- adc r31, xNULL
- lpm tmp1, Z
- cp tmp1, LoopC
- brne 1f
- inc xtmp
-1: ldi r30, lo8(sha1_nextBlock_KTable)
- ldi r31, hi8(sha1_nextBlock_KTable)
- lsl xtmp
- lsl xtmp
- add r30, xtmp
- adc r31, xNULL
- lsr xtmp
- lsr xtmp
-
- lpm tmp1, Z+
- add T1, tmp1
- lpm tmp1, Z+
- adc T2, tmp1
- lpm tmp1, Z+
- adc T3, tmp1
- lpm tmp1, Z+
- adc T4, tmp1
- /* T = ROTL(a,5) + e + kt + w[s] */
-
- /* Z-4 is just pointing to kt ... */
- movw r28, r26 /* copy X in Y */
- adiw r30, 3*4 /* now Z points to the rigth locatin in our jump-vector-table */
- lsr r31
- ror r30
-
- icall
- mov F1, tmp1
- icall
- mov F2, tmp1
- icall
- mov F3, tmp1
- icall
-
- add T1, F1
- adc T2, F2
- adc T3, F3
- adc T4, tmp1 /* T = ROTL5(a) + f_t(b,c,d) + e + k_t + w[s] */
- /* X points still at a[1] aka b, Y points at a[2] aka c */
- /* update a[] */
-sha1_nextBlock_update_a:
- /*first we move all vars in a[] "one up" e=d, d=c, c=b, b=a*/
- //adiw r28, 3*4 /* Y should point at a[4] aka e */
- movw r28, W1
- sbiw r28, 4
-
- ldi tmp2, 4*4
-1:
- ld tmp1, -Y
- std Y+4, tmp1
- dec tmp2
- brne 1b
- /* Y points at a[0] aka a*/
-
- movw r28, W1
- sbiw r28, 5*4
- /* store T in a[0] aka a */
- st Y+, T1
- st Y+, T2
- st Y+, T3
- st Y+, T4
- /* Y points at a[1] aka b*/
-
- /* rotate c */
- ldd T1, Y+1*4
- ldd T2, Y+1*4+1
- ldd T3, Y+1*4+2
- ldd T4, Y+1*4+3
- mov tmp1, T1
- ldi tmp2, 2
-1: ror tmp1
- ror T4
- ror T3
- ror T2
- ror T1
- dec tmp2
- brne 1b
- std Y+1*4+0, T1
- std Y+1*4+1, T2
- std Y+1*4+2, T3
- std Y+1*4+3, T4
-/*
- push r27
- push r26
- movw r26, W1
- sbiw r26, 4*5
- dbg_hexdump 4*5
- pop r26
- pop r27
-*/
- inc LoopC
- cpi LoopC, 80
- brge 1f
- rjmp sha1_nextBlock_mainloop
-/**************************************/
-1:
- /* littel patch */
- sbiw r28, 4
-
-/* add a[] to state and inc length */
- pop r27
- pop r26 /* now X points to state (and Y still at a[0]) */
- ldi tmp4, 5
-1: clc
- ldi tmp3, 4
-2: ld tmp1, X
- ld tmp2, Y+
- adc tmp1, tmp2
- st X+, tmp1
- dec tmp3
- brne 2b
- dec tmp4
- brne 1b
-
- /* now length += 512 */
- adiw r26, 1 /* we skip the least significant byte */
- ld tmp1, X
- ldi tmp2, hi8(512) /* 2 */
- add tmp1, tmp2
- st X+, tmp1
- ldi tmp2, 6
-1:
- ld tmp1, X
- adc tmp1, xNULL
- st X+, tmp1
- dec tmp2
- brne 1b
-
-; EPILOG
-sha1_nextBlock_epilog:
-/* now we should clean up the stack */
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SREG, r0
- out SPH, r21
-
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- ret
-
-sha1_nextBlock_xTable:
-.byte 20,40,60,0
-sha1_nextBlock_KTable:
-.int 0x5a827999
-.int 0x6ed9eba1
-.int 0x8f1bbcdc
-.int 0xca62c1d6
-sha1_nextBlock_JumpTable:
-rjmp sha1_nextBlock_Ch
- nop
-rjmp sha1_nextBlock_Parity
- nop
-rjmp sha1_nextBlock_Maj
- nop
-rjmp sha1_nextBlock_Parity
-
- /* X and Y still point at a[1] aka b ; return value in tmp1 */
-sha1_nextBlock_Ch:
- ld tmp1, Y+
- mov tmp2, tmp1
- com tmp2
- ldd tmp3, Y+3 /* load from c */
- and tmp1, tmp3
- ldd tmp3, Y+7 /* load from d */
- and tmp2, tmp3
- eor tmp1, tmp2
- ret
-
-sha1_nextBlock_Maj:
- ld tmp1, Y+
- mov tmp2, tmp1
- ldd tmp3, Y+3 /* load from c */
- and tmp1, tmp3
- ldd tmp4, Y+7 /* load from d */
- and tmp2, tmp4
- eor tmp1, tmp2
- and tmp3, tmp4
- eor tmp1, tmp3
- ret
-
-sha1_nextBlock_Parity:
- ld tmp1, Y+
- ldd tmp2, Y+3 /* load from c */
- eor tmp1, tmp2
- ldd tmp2, Y+7 /* load from d */
- eor tmp1, tmp2
- ret
-/*
-ch_str: .asciz "\r\nCh"
-maj_str: .asciz "\r\nMaj"
-parity_str: .asciz "\r\nParity"
-*/
-;###########################################################
-
-.global sha1_init
-;void sha1_init(sha1_ctx_t *state){
-; DEBUG_S("\r\nSHA1_INIT");
-; state->h[0] = 0x67452301;
-; state->h[1] = 0xefcdab89;
-; state->h[2] = 0x98badcfe;
-; state->h[3] = 0x10325476;
-; state->h[4] = 0xc3d2e1f0;
-; state->length = 0;
-;}
-; param1: (Func3,r24) 16-bit pointer to sha1_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha1_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha1_init_vector))
- ldi r31, hi8((sha1_init_vector))
- ldi r22, 5*4 /* bytes to copy */
-sha1_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha1_init_vloop
- ldi r22, 8
-sha1_init_lloop:
- st X+, r1
- dec r22
- brne sha1_init_lloop
- ret
-
-sha1_init_vector:
-.int 0x67452301;
-.int 0xefcdab89;
-.int 0x98badcfe;
-.int 0x10325476;
-.int 0xc3d2e1f0;
-
+++ /dev/null
-/* sha1.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha1.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2006-10-08
- * \license GPLv3 or later
- * \brief SHA-1 declaration.
- * \ingroup SHA-1
- *
- */
-
-#ifndef SHA1_H_
-#define SHA1_H_
-
-#include <stdint.h>
-/** \def SHA1_HASH_BITS
- * definees the size of a SHA-1 hash in bits
- */
-
-/** \def SHA1_HASH_BYTES
- * definees the size of a SHA-1 hash in bytes
- */
-
-/** \def SHA1_BLOCK_BITS
- * definees the size of a SHA-1 input block in bits
- */
-
-/** \def SHA1_BLOCK_BYTES
- * definees the size of a SHA-1 input block in bytes
- */
-#define SHA1_HASH_BITS 160
-#define SHA1_HASH_BYTES (SHA1_HASH_BITS/8)
-#define SHA1_BLOCK_BITS 512
-#define SHA1_BLOCK_BYTES (SHA1_BLOCK_BITS/8)
-
-/** \typedef sha1_ctx_t
- * \brief SHA-1 context type
- *
- * A vatiable of this type may hold the state of a SHA-1 hashing process
- */
-typedef struct {
- uint32_t h[5];
- uint64_t length;
-} sha1_ctx_t;
-
-/** \typedef sha1_hash_t
- * \brief hash value type
- * A variable of this type may hold a SHA-1 hash value
- */
-typedef uint8_t sha1_hash_t[SHA1_HASH_BITS/8];
-
-/** \fn sha1_init(sha1_ctx_t *state)
- * \brief initializes a SHA-1 context
- * This function sets a ::sha1_ctx_t variable to the initialization vector
- * for SHA-1 hashing.
- * \param state pointer to the SHA-1 context variable
- */
-void sha1_init(sha1_ctx_t *state);
-
-/** \fn sha1_nextBlock(sha1_ctx_t *state, const void* block)
- * \brief process one input block
- * This function processes one input block and updates the hash context
- * accordingly
- * \param state pointer to the state variable to update
- * \param block pointer to the message block to process
- */
-void sha1_nextBlock (sha1_ctx_t *state, const void* block);
-
-/** \fn sha1_lastBlock(sha1_ctx_t *state, const void* block, uint16_t length_b)
- * \brief processes the given block and finalizes the context
- * This function processes the last block in a SHA-1 hashing process.
- * The block should have a maximum length of a single input block.
- * \param state pointer to the state variable to update and finalize
- * \param block pointer to themessage block to process
- * \param length_b length of the message block in bits
- */
-void sha1_lastBlock (sha1_ctx_t *state, const void* block, uint16_t length_b);
-
-/** \fn sha1_ctx2hash(sha1_hash_t *dest, sha1_ctx_t *state)
- * \brief convert a state variable into an actual hash value
- * Writes the hash value corresponding to the state to the memory pointed by dest.
- * \param dest pointer to the hash value destination
- * \param state pointer to the hash context
- */
-void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state);
-
-/** \fn sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b)
- * \brief hashing a message which in located entirely in RAM
- * This function automatically hashes a message which is entirely in RAM with
- * the SHA-1 hashing algorithm.
- * \param dest pointer to the hash value destination
- * \param msg pointer to the message which should be hashed
- * \param length_b length of the message in bits
- */
-void sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b);
-
-
-
-#endif /*SHA1_H_*/
+++ /dev/null
-/* sha256-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; sha-256 implementation in assembler
-SHA256_BLOCK_BITS = 512
-SHA256_HASH_BITS = 256
-
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
- precall
- hexdump \length
- postcall
-.endm
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha256_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][h5][h6][h7][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha256_ctx2hash
-; === sha256_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha256_ctx structure
-; given in r23,r22
-sha256_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 8
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha256
-; === sha256 ===
-; this function calculates SHA-256 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha256:
-sha256_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r30, SPL
- in r31, SPH
- sbiw r30, 8*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SREG, r0
- out SPH, r31
-
- push r25
- push r24
- adiw r30, 1
- movw r16, r30
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha256_init
- /* if length > 0xffff */
-1:
- tst r11
- brne 2f
- tst r10
- breq 4f
-2:
- movw r24, r16
- movw r22, r12
- rcall sha256_nextBlock
- ldi r19, 64
- add r12, r19
- adc r13, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha256_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha256_ctx2hash
-
-sha256_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 8*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SREG, r0
- out SPH, r31
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha256_lastBlock
-; === sha256_lastBlock ===
-; this function does padding & Co. for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1)
-
-
-sha256_lastBlock:
- cpi r21, 0x02
- brlo sha256_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 0x02
- ldi r19, 64
- add r22, r19
- adc r23, r1
- rjmp sha256_lastBlock
-sha256_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r0, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64)
- cli
- out SPL, r30
- out SREG,r0
- out SPH, r31
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha256_lastBlock_post_copy
- mov r1, r18
-sha256_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha256_lastBlock_copy_loop
-sha256_lastBlock_post_copy:
-sha256_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha256_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*8+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha256_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha256_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha256_lastBlock_epilog
-sha256_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 8*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha256_nextBlock
-
-sha256_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r0, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SREG,r0
- out SPH, r31
- clr r1
- ret
-
-/**/
-;###########################################################
-
-.global sha256_nextBlock
-; === sha256_nextBlock ===
-; this is the core function for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte)
-
-Bck1 = 12
-Bck2 = 13
-Bck3 = 14
-Bck4 = 15
-Func1 = 22
-Func2 = 23
-Func3 = 24
-Func4 = 25
-Accu1 = 16
-Accu2 = 17
-Accu3 = 18
-Accu4 = 19
-XAccu1 = 8
-XAccu2 = 9
-XAccu3 = 10
-XAccu4 = 11
-T1 = 4
-T2 = 5
-T3 = 6
-T4 = 7
-LoopC = 1
-/* byteorder: high number <--> high significance */
-sha256_nextBlock:
- ; initial, let's make some space ready for local vars
- push r4 /* replace push & pop by mem ops? */
- push r5
- push r6
- push r7
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha256_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SREG, r0
- out SPH, r21
- push r18
- push r19
- push r24
- push r25 /* param1 will be needed later */
- ; now we fill the w array with message (think about endianess)
- adiw r26, 1 ; X++
- ldi r20, 16
-sha256_nextBlock_wcpyloop:
- ld r23, Z+
- ld r22, Z+
- ld r19, Z+
- ld r18, Z+
- st X+, r18
- st X+, r19
- st X+, r22
- st X+, r23
- dec r20
- brne sha256_nextBlock_wcpyloop
-/* for (i=16; i<64; ++i){
- w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16];
- } */
- /* r25,r24,r23,r24 (r21,r20) are function values
- r19,r18,r17,r16 are the accumulator
- r15,r14,r13,rBck1 are backup1
- r11,r10,r9 ,r8 are xor accu
- r1 is round counter */
-
- ldi r20, 64-16
- mov LoopC, r20
-sha256_nextBlock_wcalcloop:
- movw r30, r26 ; cp X to Z
- sbiw r30, 63
- sbiw r30, 1 ; substract 64 = 16*4
- ld Accu1, Z+
- ld Accu2, Z+
- ld Accu3, Z+
- ld Accu4, Z+ /* w[i] = w[i-16] */
- ld Bck1, Z+
- ld Bck2, Z+
- ld Bck3, Z+
- ld Bck4, Z+ /* backup = w[i-15] */
- /* now sigma 0 */
- mov Func1, Bck2
- mov Func2, Bck3
- mov Func3, Bck4
- mov Func4, Bck1 /* prerotated by 8 */
- ldi r20, 1
- rcall bitrotl
- movw XAccu1, Func1
- movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/
-sigma0_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- ror Bck1
- dec Func2
- brne sigma0_shr
- eor XAccu1, Bck1
- eor XAccu2, Bck2
- eor XAccu3, Bck3
- eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- ldd Func1, Z+7*4 /* now accu += w[i-7] */
- ldd Func2, Z+7*4+1
- ldd Func3, Z+7*4+2
- ldd Func4, Z+7*4+3
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- ldd Bck1, Z+12*4 /* now backup = w[i-2]*/
- ldd Bck2, Z+12*4+1
- ldd Bck3, Z+12*4+2
- ldd Bck4, Z+12*4+3
- /* now sigma 1 */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 1
- rcall bitrotr
- movw XAccu3, Func3
- movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */
-; movw Func1, Bck3
-; movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/
-sigma1_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- dec Func2
- brne sigma1_shr
- eor XAccu1, Bck2
- eor XAccu2, Bck3
- eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- /* now let's store the shit */
- st X+, Accu1
- st X+, Accu2
- st X+, Accu3
- st X+, Accu4
- dec LoopC
- breq 3f ; skip if zero
- rjmp sha256_nextBlock_wcalcloop
-3:
- /* we are finished with w array X points one byte post w */
-/* init a array */
- pop r31
- pop r30
- push r30
- push r31
- ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */
-init_a_array:
- ld r1, Z+
- st X+, r1
- dec r25
- brne init_a_array
-
-/* now the real fun begins */
-/* for (i=0; i<64; ++i){
- t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i];
- t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]);
- memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0];
- a[4] += t1;
- a[0] = t1 + t2;
- } */
- /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */
- sbiw r26, 8*4 /* X still points at a[7]+1*/
- movw r28, r26
- ldi r30, lo8(sha256_kv)
- ldi r31, hi8(sha256_kv)
- dec r27 /* X - (64*4 == 256) */
- ldi r25, 64
- mov LoopC, r25
-sha256_main_loop:
- /* now calculate t1 */
- /*CH(x,y,z) = (x&y)^((~x)&z)*/
- ldd T1, Y+5*4
- ldd T2, Y+5*4+1
- ldd T3, Y+5*4+2
- ldd T4, Y+5*4+3 /* y in T */
- ldd Func1, Y+4*4
- ldd Func2, Y+4*4+1
- ldd Func3, Y+4*4+2
- ldd Func4, Y+4*4+3 /* x in Func */
- ldd Bck1, Y+6*4
- ldd Bck2, Y+6*4+1
- ldd Bck3, Y+6*4+2
- ldd Bck4, Y+6*4+3 /* z in Bck */
- and T1, Func1
- and T2, Func2
- and T3, Func3
- and T4, Func4
- com Func1
- com Func2
- com Func3
- com Func4
- and Bck1, Func1
- and Bck2, Func2
- and Bck3, Func3
- and Bck4, Func4
- eor T1, Bck1
- eor T2, Bck2
- eor T3, Bck3
- eor T4, Bck4 /* done, CH(x,y,z) is in T */
- /* now SIGMA1(a[4]) */
- ldd Bck4, Y+4*4 /* think about using it from Func reg above*/
- ldd Bck1, Y+4*4+1
- ldd Bck2, Y+4*4+2
- ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotl /* rotr(x,6) */
- movw XAccu1, Func1
- movw XAccu3, Func3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 3
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- movw Func1, Bck3 /* this prerotates furteh 16 bits*/
- movw Func3, Bck1 /* so we have now prerotated by 24 bits*/
- ldi r20, 1
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* finished with SIGMA1, add it to T */
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4
- /* now we've to add a[7], w[i] and k[i] */
- ldd XAccu1, Y+4*7
- ldd XAccu2, Y+4*7+1
- ldd XAccu3, Y+4*7+2
- ldd XAccu4, Y+4*7+3
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add a[7] */
- ld XAccu1, X+
- ld XAccu2, X+
- ld XAccu3, X+
- ld XAccu4, X+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add w[i] */
- lpm XAccu1, Z+
- lpm XAccu2, Z+
- lpm XAccu3, Z+
- lpm XAccu4, Z+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add k[i] */ /* finished with t1 */
- /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/
- /* starting with MAJ(x,y,z) */
- ldd Func1, Y+4*0+0
- ldd Func2, Y+4*0+1
- ldd Func3, Y+4*0+2
- ldd Func4, Y+4*0+3 /* load x=a[0] */
- ldd XAccu1, Y+4*1+0
- ldd XAccu2, Y+4*1+1
- ldd XAccu3, Y+4*1+2
- ldd XAccu4, Y+4*1+3 /* load y=a[1] */
- and XAccu1, Func1
- and XAccu2, Func2
- and XAccu3, Func3
- and XAccu4, Func4 /* XAccu == (x & y) */
- ldd Bck1, Y+4*2+0
- ldd Bck2, Y+4*2+1
- ldd Bck3, Y+4*2+2
- ldd Bck4, Y+4*2+3 /* load z=a[2] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */
- ldd Func1, Y+4*1+0
- ldd Func2, Y+4*1+1
- ldd Func3, Y+4*1+2
- ldd Func4, Y+4*1+3 /* load y=a[1] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */
- /* SIGMA0(a[0]) */
- ldd Bck1, Y+4*0+0 /* we should combine this with above */
- ldd Bck2, Y+4*0+1
- ldd Bck3, Y+4*0+2
- ldd Bck4, Y+4*0+3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotr
- movw Accu1, Func1
- movw Accu3, Func3 /* Accu = shr(a[0], 2) */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotate by 16 bits */
- ldi r20, 3
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */
- mov Func1, Bck4
- mov Func2, Bck1
- mov Func3, Bck2
- mov Func4, Bck3 /* prerotate by 24 bits */
- ldi r20, 2
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */
- add Accu1, XAccu1 /* add previous result (MAJ)*/
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4
- /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/
- /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */
-
- ldi r21, 7*4
- adiw r28, 7*4
-a_shift_loop:
- ld r25, -Y /* warning: this is PREdecrement */
- std Y+4, r25
- dec r21
- brne a_shift_loop
-
- ldd Bck1, Y+4*4+0
- ldd Bck2, Y+4*4+1
- ldd Bck3, Y+4*4+2
- ldd Bck4, Y+4*4+3
- add Bck1, T1
- adc Bck2, T2
- adc Bck3, T3
- adc Bck4, T4
- std Y+4*4+0, Bck1
- std Y+4*4+1, Bck2
- std Y+4*4+2, Bck3
- std Y+4*4+3, Bck4
- add Accu1, T1
- adc Accu2, T2
- adc Accu3, T3
- adc Accu4, T4
- std Y+4*0+0, Accu1
- std Y+4*0+1, Accu2
- std Y+4*0+2, Accu3
- std Y+4*0+3, Accu4 /* a array updated */
-
-
- dec LoopC
- breq update_state
- rjmp sha256_main_loop ;brne sha256_main_loop
-update_state:
- /* update state */
- /* pointers to state should still exist on the stack ;-) */
- pop r31
- pop r30
- ldi r21, 8
-update_state_loop:
- ldd Accu1, Z+0
- ldd Accu2, Z+1
- ldd Accu3, Z+2
- ldd Accu4, Z+3
- ld Func1, Y+
- ld Func2, Y+
- ld Func3, Y+
- ld Func4, Y+
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- st Z+, Accu1
- st Z+, Accu2
- st Z+, Accu3
- st Z+, Accu4
- dec r21
- brne update_state_loop
- /* now we just have to update the length */
- adiw r30, 1 /* since we add 512, we can simply skip the LSB */
- ldi r21, 2
- ldi r22, 6
- ld r20, Z
- add r20, r21
- st Z+, r20
- clr r21
-sha256_nextBlock_fix_length:
- brcc sha256_nextBlock_epilog
- ld r20, Z
- adc r20, r21
- st Z+, r20
- dec r22
- brne sha256_nextBlock_fix_length
-
-; EPILOG
-sha256_nextBlock_epilog:
-/* now we should clean up the stack */
-
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SREG, r0
- out SPH, r21
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- pop r7
- pop r6
- pop r5
- pop r4
- ret
-
-sha256_kv: ; round-key-vector stored in ProgMem
-.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c
-.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b
-.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9
-.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429
-.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272
-.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a
-.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e
-.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671
-
-
-;###########################################################
-
-.global sha256_init
-;uint32_t sha256_init_vector[]={
-; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
-; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 };
-;
-;void sha256_init(sha256_ctx_t *state){
-; state->length=0;
-; memcpy(state->h, sha256_init_vector, 8*4);
-;}
-; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha256_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha256_init_vector))
- ldi r31, hi8((sha256_init_vector))
- ldi r22, 32+8
-sha256_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha256_init_vloop
- ret
-
-sha256_init_vector:
-.word 0xE667, 0x6A09
-.word 0xAE85, 0xBB67
-.word 0xF372, 0x3C6E
-.word 0xF53A, 0xA54F
-.word 0x527F, 0x510E
-.word 0x688C, 0x9B05
-.word 0xD9AB, 0x1F83
-.word 0xCD19, 0x5BE0
-.word 0x0000, 0x0000
-.word 0x0000, 0x0000
-
-;###########################################################
-
-.global rotl32
-; === ROTL32 ===
-; function that rotates a 32 bit word to the left
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,r22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotl32:
- cpi r20, 8
- brlo bitrotl
- mov r21, r25
- mov r25, r24
- mov r24, r23
- mov r23, r22
- mov r22, r21
- subi r20, 8
- rjmp rotl32
-bitrotl:
- clr r21
- clc
-bitrotl_loop:
- tst r20
- breq fixrotl
-2:
- rol r22
- rol r23
- rol r24
- rol r25
- rol r21
- dec r20
- brne 2b
-fixrotl:
- or r22, r21
- ret
-
-
-;###########################################################
-
-.global rotr32
-; === ROTR32 ===
-; function that rotates a 32 bit word to the right
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotr32:
- cpi r20, 8
- brlo bitrotr
- mov r21, r22
- mov r22, r23
- mov r23, r24
- mov r24, r25
- mov r25, r21
- subi r20, 8
- rjmp rotr32
-bitrotr:
- clr r21
- clc
-bitrotr_loop:
- tst r20
- breq fixrotr
-2:
- ror r25
- ror r24
- ror r23
- ror r22
- ror r21
- dec r20
- brne 2b
-fixrotr:
- or r25, r21
- ret
-
-
-;###########################################################
-
-.global change_endian32
-; === change_endian32 ===
-; function that changes the endianess of a 32-bit word
-; param1: the 32-bit word
-; given in r25,r24,r23,22 (r25 is most significant)
-; modifys: r21, r22
-change_endian32:
- movw r20, r22 ; (r22,r23) --> (r20,r21)
- mov r22, r25
- mov r23, r24
- mov r24, r21
- mov r25, r20
- ret
-
+++ /dev/null
-/* sha256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha256.h
- * \author Daniel Otte
- * \date 2006-05-16
- * \license GPLv3 or later
- *
- */
-
-#ifndef SHA256_H_
-#define SHA256_H_
-
-#define __LITTLE_ENDIAN__
-
-
-#include <stdint.h>
-
-/** \def SHA256_HASH_BITS
- * defines the size of a SHA-256 hash value in bits
- */
-
-/** \def SHA256_HASH_BYTES
- * defines the size of a SHA-256 hash value in bytes
- */
-
-/** \def SHA256_BLOCK_BITS
- * defines the size of a SHA-256 input block in bits
- */
-
-/** \def SHA256_BLOCK_BYTES
- * defines the size of a SHA-256 input block in bytes
- */
-
-#define SHA256_HASH_BITS 256
-#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8)
-#define SHA256_BLOCK_BITS 512
-#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8)
-
-/** \typedef sha256_ctx_t
- * \brief SHA-256 context type
- *
- * A variable of this type may hold the state of a SHA-256 hashing process
- */
-typedef struct {
- uint32_t h[8];
- uint64_t length;
-} sha256_ctx_t;
-
-/** \typedef sha256_hash_t
- * \brief SHA-256 hash value type
- *
- * A variable of this type may hold the hash value produced by the
- * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function.
- */
-typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES];
-
-/** \fn void sha256_init(sha256_ctx_t *state)
- * \brief initialise a SHA-256 context
- *
- * This function sets a ::sha256_ctx_t to the initial values for hashing.
- * \param state pointer to the SHA-256 hashing context
- */
-void sha256_init(sha256_ctx_t *state);
-
-/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block)
- * \brief update the context with a given block
- *
- * This function updates the SHA-256 hash context by processing the given block
- * of fixed length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- */
-void sha256_nextBlock (sha256_ctx_t* state, const void* block);
-
-/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b)
- * \brief finalize the context with the given block
- *
- * This function finalizes the SHA-256 hash context by processing the given block
- * of variable length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- * \param length_b the length of the block in bits
- */
-void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b);
-
-/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state)
- * \brief convert the hash state into the hash value
- * This function reads the context and writes the hash value to the destination
- * \param dest pointer to the location where the hash value should be written
- * \param state pointer to the SHA-256 hash context
- */
-void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state);
-
-/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b)
- * \brief simple SHA-256 hashing function for direct hashing
- *
- * This function automaticaly hashes a given message of arbitary length with
- * the SHA-256 hashing algorithm.
- * \param dest pointer to the location where the hash value is going to be written to
- * \param msg pointer to the message thats going to be hashed
- * \param length_b length of the message in bits
- */
-void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b);
-
-#endif /*SHA256_H_*/
+++ /dev/null
-/* aes_sbox-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file aes_dec-asm.S
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-10
- * \license GPLv3 or later
- *
- */
-
-.balign 256
-.global aes_sbox
-aes_sbox:
-.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-
#include "echo.h"
-#include "gf256mul.h"
-#include "memxor.h"
+#include "gf256mul/gf256mul.h"
+#include "memxor/memxor.h"
#include <stdint.h>
#include <string.h>
+++ /dev/null
-/* gf256mul.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: gf256mul.S
- * Author: Daniel Otte
- * Date: 2008-12-19
- * License: GPLv3 or later
- * Description: peasant's algorithm for multiplication in GF(2^8)
- *
- */
-
-#include <avr/io.h>
-#define OPTIMIZE_SMALL_A
-
-/*
- * param a: r24
- * param b: r22
- * param reducer: r20
- */
-A = 23
-B = 22
-P = 24
-.global gf256mul
-
-#ifdef OPTIMIZE_SMALL_A
-gf256mul:
- mov A, r24
- clr r24
-1:
- lsr A
- breq 4f
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- rjmp 1b
-4:
- brcc 2f
- eor P, B
-2:
- ret
-
-#else
-
-gf256mul:
- mov r21, r24
- clr r24
- ldi r25, 8
-1:
- lsr A
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- dec r25
- brne 1b
- ret
-
-#endif
+++ /dev/null
-/* gf256mul.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef GF256MUL_H_
-#define GF256MUL_H_
-
-/**
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-12-19
- * \license GPLv3
- * \brief
- *
- *
- */
-
-#include <stdint.h>
-
-uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
-
-#endif /* GF256MUL_H_ */
-
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
#include <stdint.h>
#include <string.h>
-#include "sha256.h"
+#include "sha256/sha256.h"
#include "entropium.h"
/**
+++ /dev/null
-/* sha256-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; sha-256 implementation in assembler
-SHA256_BLOCK_BITS = 512
-SHA256_HASH_BITS = 256
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
- precall
- hexdump \length
- postcall
-.endm
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha256_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][h5][h6][h7][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha256_ctx2hash
-; === sha256_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha256_ctx structure
-; given in r23,r22
-sha256_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 8
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha256
-; === sha256 ===
-; this function calculates SHA-256 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha256:
-sha256_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r16, SPL
- in r17, SPH
- subi r16, 8*4+8
- sbci r17, 0
- in r0, SREG
- cli
- out SPL, r16
- out SPH, r17
- out SREG, r0
-
- push r25
- push r24
- inc r16
- adc r17, r1
-
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha256_init
- /* if length >= 512 */
-1:
- tst r11
- brne 4f
- tst r10
- brne 4f
- mov r19, r9
- cpi r19, 0x02
- brlo 4f
-
- movw r24, r16
- movw r22, r12
- rcall sha256_nextBlock
- ldi r19, 0x64
- add r22, r19
- adc r23, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha256_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha256_ctx2hash
-
-sha256_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 8*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SPH, r31
- out SREG, r0
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha256_lastBlock
-; === sha256_lastBlock ===
-; this function does padding & Co. for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1)
-
-
-sha256_lastBlock:
- cpi r21, 0x02
- brlo sha256_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 0x02
- subi r23, -2
- rjmp sha256_lastBlock
-sha256_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r1, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha256_lastBlock_post_copy
- mov r1, r18
-sha256_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha256_lastBlock_copy_loop
-sha256_lastBlock_post_copy:
-sha256_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha256_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*8+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha256_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha256_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha256_lastBlock_epilog
-sha256_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 8*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha256_nextBlock
-
-sha256_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r1, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
- clr r1
- clr r0
- ret
-
-/**/
-;###########################################################
-
-.global sha256_nextBlock
-; === sha256_nextBlock ===
-; this is the core function for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte)
-
-Bck1 = 12
-Bck2 = 13
-Bck3 = 14
-Bck4 = 15
-Func1 = 22
-Func2 = 23
-Func3 = 24
-Func4 = 25
-Accu1 = 16
-Accu2 = 17
-Accu3 = 18
-Accu4 = 19
-XAccu1 = 8
-XAccu2 = 9
-XAccu3 = 10
-XAccu4 = 11
-T1 = 4
-T2 = 5
-T3 = 6
-T4 = 7
-LoopC = 1
-/* byteorder: high number <--> high significance */
-sha256_nextBlock:
- ; initial, let's make some space ready for local vars
- push r4 /* replace push & pop by mem ops? */
- push r5
- push r6
- push r7
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha256_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
- push r18
- push r19
- push r24
- push r25 /* param1 will be needed later */
- ; now we fill the w array with message (think about endianess)
- adiw r26, 1 ; X++
- ldi r20, 16
-sha256_nextBlock_wcpyloop:
- ld r23, Z+
- ld r22, Z+
- ld r19, Z+
- ld r18, Z+
- st X+, r18
- st X+, r19
- st X+, r22
- st X+, r23
- dec r20
- brne sha256_nextBlock_wcpyloop
-/* for (i=16; i<64; ++i){
- w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16];
- } */
- /* r25,r24,r23,r24 (r21,r20) are function values
- r19,r18,r17,r16 are the accumulator
- r15,r14,r13,rBck1 are backup1
- r11,r10,r9 ,r8 are xor accu
- r1 is round counter */
-
- ldi r20, 64-16
- mov LoopC, r20
-sha256_nextBlock_wcalcloop:
- movw r30, r26 ; cp X to Z
- sbiw r30, 63
- sbiw r30, 1 ; substract 64 = 16*4
- ld Accu1, Z+
- ld Accu2, Z+
- ld Accu3, Z+
- ld Accu4, Z+ /* w[i] = w[i-16] */
- ld Bck1, Z+
- ld Bck2, Z+
- ld Bck3, Z+
- ld Bck4, Z+ /* backup = w[i-15] */
- /* now sigma 0 */
- mov Func1, Bck2
- mov Func2, Bck3
- mov Func3, Bck4
- mov Func4, Bck1 /* prerotated by 8 */
- ldi r20, 1
- rcall bitrotl
- movw XAccu1, Func1
- movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/
-sigma0_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- ror Bck1
- dec Func2
- brne sigma0_shr
- eor XAccu1, Bck1
- eor XAccu2, Bck2
- eor XAccu3, Bck3
- eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- ldd Func1, Z+7*4 /* now accu += w[i-7] */
- ldd Func2, Z+7*4+1
- ldd Func3, Z+7*4+2
- ldd Func4, Z+7*4+3
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- ldd Bck1, Z+12*4 /* now backup = w[i-2]*/
- ldd Bck2, Z+12*4+1
- ldd Bck3, Z+12*4+2
- ldd Bck4, Z+12*4+3
- /* now sigma 1 */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 1
- rcall bitrotr
- movw XAccu3, Func3
- movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */
-; movw Func1, Bck3
-; movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/
-sigma1_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- dec Func2
- brne sigma1_shr
- eor XAccu1, Bck2
- eor XAccu2, Bck3
- eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- /* now let's store the shit */
- st X+, Accu1
- st X+, Accu2
- st X+, Accu3
- st X+, Accu4
- dec LoopC
- breq 3f ; skip if zero
- rjmp sha256_nextBlock_wcalcloop
-3:
- /* we are finished with w array X points one byte post w */
-/* init a array */
- pop r31
- pop r30
- push r30
- push r31
- ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */
-init_a_array:
- ld r1, Z+
- st X+, r1
- dec r25
- brne init_a_array
-
-/* now the real fun begins */
-/* for (i=0; i<64; ++i){
- t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i];
- t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]);
- memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0];
- a[4] += t1;
- a[0] = t1 + t2;
- } */
- /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */
- sbiw r26, 8*4 /* X still points at a[7]+1*/
- movw r28, r26
- ldi r30, lo8(sha256_kv)
- ldi r31, hi8(sha256_kv)
- dec r27 /* X - (64*4 == 256) */
- ldi r25, 64
- mov LoopC, r25
-sha256_main_loop:
- /* now calculate t1 */
- /*CH(x,y,z) = (x&y)^((~x)&z)*/
- ldd T1, Y+5*4
- ldd T2, Y+5*4+1
- ldd T3, Y+5*4+2
- ldd T4, Y+5*4+3 /* y in T */
- ldd Func1, Y+4*4
- ldd Func2, Y+4*4+1
- ldd Func3, Y+4*4+2
- ldd Func4, Y+4*4+3 /* x in Func */
- ldd Bck1, Y+6*4
- ldd Bck2, Y+6*4+1
- ldd Bck3, Y+6*4+2
- ldd Bck4, Y+6*4+3 /* z in Bck */
- and T1, Func1
- and T2, Func2
- and T3, Func3
- and T4, Func4
- com Func1
- com Func2
- com Func3
- com Func4
- and Bck1, Func1
- and Bck2, Func2
- and Bck3, Func3
- and Bck4, Func4
- eor T1, Bck1
- eor T2, Bck2
- eor T3, Bck3
- eor T4, Bck4 /* done, CH(x,y,z) is in T */
- /* now SIGMA1(a[4]) */
- ldd Bck4, Y+4*4 /* think about using it from Func reg above*/
- ldd Bck1, Y+4*4+1
- ldd Bck2, Y+4*4+2
- ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotl /* rotr(x,6) */
- movw XAccu1, Func1
- movw XAccu3, Func3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 3
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- movw Func1, Bck3 /* this prerotates furteh 16 bits*/
- movw Func3, Bck1 /* so we have now prerotated by 24 bits*/
- ldi r20, 1
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* finished with SIGMA1, add it to T */
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4
- /* now we've to add a[7], w[i] and k[i] */
- ldd XAccu1, Y+4*7
- ldd XAccu2, Y+4*7+1
- ldd XAccu3, Y+4*7+2
- ldd XAccu4, Y+4*7+3
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add a[7] */
- ld XAccu1, X+
- ld XAccu2, X+
- ld XAccu3, X+
- ld XAccu4, X+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add w[i] */
- lpm XAccu1, Z+
- lpm XAccu2, Z+
- lpm XAccu3, Z+
- lpm XAccu4, Z+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add k[i] */ /* finished with t1 */
- /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/
- /* starting with MAJ(x,y,z) */
- ldd Func1, Y+4*0+0
- ldd Func2, Y+4*0+1
- ldd Func3, Y+4*0+2
- ldd Func4, Y+4*0+3 /* load x=a[0] */
- ldd XAccu1, Y+4*1+0
- ldd XAccu2, Y+4*1+1
- ldd XAccu3, Y+4*1+2
- ldd XAccu4, Y+4*1+3 /* load y=a[1] */
- and XAccu1, Func1
- and XAccu2, Func2
- and XAccu3, Func3
- and XAccu4, Func4 /* XAccu == (x & y) */
- ldd Bck1, Y+4*2+0
- ldd Bck2, Y+4*2+1
- ldd Bck3, Y+4*2+2
- ldd Bck4, Y+4*2+3 /* load z=a[2] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */
- ldd Func1, Y+4*1+0
- ldd Func2, Y+4*1+1
- ldd Func3, Y+4*1+2
- ldd Func4, Y+4*1+3 /* load y=a[1] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */
- /* SIGMA0(a[0]) */
- ldd Bck1, Y+4*0+0 /* we should combine this with above */
- ldd Bck2, Y+4*0+1
- ldd Bck3, Y+4*0+2
- ldd Bck4, Y+4*0+3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotr
- movw Accu1, Func1
- movw Accu3, Func3 /* Accu = shr(a[0], 2) */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotate by 16 bits */
- ldi r20, 3
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */
- mov Func1, Bck4
- mov Func2, Bck1
- mov Func3, Bck2
- mov Func4, Bck3 /* prerotate by 24 bits */
- ldi r20, 2
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */
- add Accu1, XAccu1 /* add previous result (MAJ)*/
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4
- /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/
- /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */
-
- ldi r21, 7*4
- adiw r28, 7*4
-a_shift_loop:
- ld r25, -Y /* warning: this is PREdecrement */
- std Y+4, r25
- dec r21
- brne a_shift_loop
-
- ldd Bck1, Y+4*4+0
- ldd Bck2, Y+4*4+1
- ldd Bck3, Y+4*4+2
- ldd Bck4, Y+4*4+3
- add Bck1, T1
- adc Bck2, T2
- adc Bck3, T3
- adc Bck4, T4
- std Y+4*4+0, Bck1
- std Y+4*4+1, Bck2
- std Y+4*4+2, Bck3
- std Y+4*4+3, Bck4
- add Accu1, T1
- adc Accu2, T2
- adc Accu3, T3
- adc Accu4, T4
- std Y+4*0+0, Accu1
- std Y+4*0+1, Accu2
- std Y+4*0+2, Accu3
- std Y+4*0+3, Accu4 /* a array updated */
-
-
- dec LoopC
- breq update_state
- rjmp sha256_main_loop ;brne sha256_main_loop
-update_state:
- /* update state */
- /* pointers to state should still exist on the stack ;-) */
- pop r31
- pop r30
- ldi r21, 8
-update_state_loop:
- ldd Accu1, Z+0
- ldd Accu2, Z+1
- ldd Accu3, Z+2
- ldd Accu4, Z+3
- ld Func1, Y+
- ld Func2, Y+
- ld Func3, Y+
- ld Func4, Y+
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- st Z+, Accu1
- st Z+, Accu2
- st Z+, Accu3
- st Z+, Accu4
- dec r21
- brne update_state_loop
- /* now we just have to update the length */
- adiw r30, 1 /* since we add 512, we can simply skip the LSB */
- ldi r21, 2
- ldi r22, 6
- ld r20, Z
- add r20, r21
- st Z+, r20
- clr r21
-sha256_nextBlock_fix_length:
- brcc sha256_nextBlock_epilog
- ld r20, Z
- adc r20, r21
- st Z+, r20
- dec r22
- brne sha256_nextBlock_fix_length
-
-; EPILOG
-sha256_nextBlock_epilog:
-/* now we should clean up the stack */
-
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- pop r7
- pop r6
- pop r5
- pop r4
- ret
-
-sha256_kv: ; round-key-vector stored in ProgMem
-.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c
-.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b
-.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9
-.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429
-.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272
-.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a
-.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e
-.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671
-
-
-;###########################################################
-
-.global sha256_init
-;uint32_t sha256_init_vector[]={
-; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
-; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 };
-;
-;void sha256_init(sha256_ctx_t *state){
-; state->length=0;
-; memcpy(state->h, sha256_init_vector, 8*4);
-;}
-; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha256_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha256_init_vector))
- ldi r31, hi8((sha256_init_vector))
- ldi r22, 32+8
-sha256_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha256_init_vloop
- ret
-
-sha256_init_vector:
-.word 0xE667, 0x6A09
-.word 0xAE85, 0xBB67
-.word 0xF372, 0x3C6E
-.word 0xF53A, 0xA54F
-.word 0x527F, 0x510E
-.word 0x688C, 0x9B05
-.word 0xD9AB, 0x1F83
-.word 0xCD19, 0x5BE0
-.word 0x0000, 0x0000
-.word 0x0000, 0x0000
-
-;###########################################################
-
-.global rotl32
-; === ROTL32 ===
-; function that rotates a 32 bit word to the left
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,r22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotl32:
- cpi r20, 8
- brlo bitrotl
- mov r21, r25
- mov r25, r24
- mov r24, r23
- mov r23, r22
- mov r22, r21
- subi r20, 8
- rjmp rotl32
-bitrotl:
- clr r21
- clc
-bitrotl_loop:
- tst r20
- breq fixrotl
- rol r22
- rol r23
- rol r24
- rol r25
- rol r21
- dec r20
- rjmp bitrotl_loop
-fixrotl:
- or r22, r21
- ret
-
-
-;###########################################################
-
-.global rotr32
-; === ROTR32 ===
-; function that rotates a 32 bit word to the right
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotr32:
- cpi r20, 8
- brlo bitrotr
- mov r21, r22
- mov r22, r23
- mov r23, r24
- mov r24, r25
- mov r25, r21
- subi r20, 8
- rjmp rotr32
-bitrotr:
- clr r21
- clc
-bitrotr_loop:
- tst r20
- breq fixrotr
- ror r25
- ror r24
- ror r23
- ror r22
- ror r21
- dec r20
- rjmp bitrotr_loop
-fixrotr:
- or r25, r21
- ret
-
-
-;###########################################################
-
-.global change_endian32
-; === change_endian32 ===
-; function that changes the endianess of a 32-bit word
-; param1: the 32-bit word
-; given in r25,r24,r23,22 (r25 is most significant)
-; modifys: r21, r22
-change_endian32:
- movw r20, r22 ; (r22,r23) --> (r20,r21)
- mov r22, r25
- mov r23, r24
- mov r24, r21
- mov r25, r20
- ret
-
+++ /dev/null
-/* sha256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha256.h
- * \author Daniel Otte
- * \date 2006-05-16
- * \license GPLv3 or later
- *
- */
-
-#ifndef SHA256_H_
-#define SHA256_H_
-
-#define __LITTLE_ENDIAN__
-
-
-#include <stdint.h>
-
-/** \def SHA256_HASH_BITS
- * defines the size of a SHA-256 hash value in bits
- */
-
-/** \def SHA256_HASH_BYTES
- * defines the size of a SHA-256 hash value in bytes
- */
-
-/** \def SHA256_BLOCK_BITS
- * defines the size of a SHA-256 input block in bits
- */
-
-/** \def SHA256_BLOCK_BYTES
- * defines the size of a SHA-256 input block in bytes
- */
-
-#define SHA256_HASH_BITS 256
-#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8)
-#define SHA256_BLOCK_BITS 512
-#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8)
-
-/** \typedef sha256_ctx_t
- * \brief SHA-256 context type
- *
- * A variable of this type may hold the state of a SHA-256 hashing process
- */
-typedef struct {
- uint32_t h[8];
- uint64_t length;
-} sha256_ctx_t;
-
-/** \typedef sha256_hash_t
- * \brief SHA-256 hash value type
- *
- * A variable of this type may hold the hash value produced by the
- * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function.
- */
-typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES];
-
-/** \fn void sha256_init(sha256_ctx_t *state)
- * \brief initialise a SHA-256 context
- *
- * This function sets a ::sha256_ctx_t to the initial values for hashing.
- * \param state pointer to the SHA-256 hashing context
- */
-void sha256_init(sha256_ctx_t *state);
-
-/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block)
- * \brief update the context with a given block
- *
- * This function updates the SHA-256 hash context by processing the given block
- * of fixed length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- */
-void sha256_nextBlock (sha256_ctx_t* state, const void* block);
-
-/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b)
- * \brief finalize the context with the given block
- *
- * This function finalizes the SHA-256 hash context by processing the given block
- * of variable length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- * \param length_b the length of the block in bits
- */
-void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b);
-
-/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state)
- * \brief convert the hash state into the hash value
- * This function reads the context and writes the hash value to the destination
- * \param dest pointer to the location where the hash value should be written
- * \param state pointer to the SHA-256 hash context
- */
-void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state);
-
-/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b)
- * \brief simple SHA-256 hashing function for direct hashing
- *
- * This function automaticaly hashes a given message of arbitary length with
- * the SHA-256 hashing algorithm.
- * \param dest pointer to the location where the hash value is going to be written to
- * \param msg pointer to the message thats going to be hashed
- * \param length_b length of the message in bits
- */
-void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b);
-
-#endif /*SHA256_H_*/
+++ /dev/null
-/* gf256mul.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: gf256mul.S
- * Author: Daniel Otte
- * Date: 2008-12-19
- * License: GPLv3 or later
- * Description: peasant's algorithm for multiplication in GF(2^8)
- *
- */
-
-#include <avr/io.h>
-#define OPTIMIZE_SMALL_A
-
-/*
- * param a: r24
- * param b: r22
- * param reducer: r20
- */
-A = 23
-B = 22
-P = 24
-.global gf256mul
-
-#ifdef OPTIMIZE_SMALL_A
-gf256mul:
- mov A, r24
- clr r24
-1:
- lsr A
- breq 4f
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- rjmp 1b
-4:
- brcc 2f
- eor P, B
-2:
- ret
-
-#else
-
-gf256mul:
- mov r21, r24
- clr r24
- ldi r25, 8
-1:
- lsr A
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- dec r25
- brne 1b
- ret
-
-#endif
+++ /dev/null
-/* gf256mul.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef GF256MUL_H_
-#define GF256MUL_H_
-
-/**
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-12-19
- * \license GPLv3
- * \brief
- *
- *
- */
-
-#include <stdint.h>
-
-uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
-
-#endif /* GF256MUL_H_ */
-
+++ /dev/null
-/* aes sbox */
-
-#include <stdint.h>
-#include <avr/pgmspace.h>
-uint8_t aes_sbox[256] PROGMEM = {
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-};
-
+++ /dev/null
-/* aes_sbox.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file aes_sbox.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2008-12-30
- * \license GPLv3 or later
- *
- */
-#ifndef AES_SBOX_H_
-#define AES_SBOX_H_
-#include <stdint.h>
-
-extern uint8_t aes_sbox[];
-
-#endif
+++ /dev/null
-/* gf256mul.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: gf256mul.S
- * Author: Daniel Otte
- * Date: 2008-12-19
- * License: GPLv3 or later
- * Description: peasant's algorithm for multiplication in GF(2^8)
- *
- */
-
-#include <avr/io.h>
-#define OPTIMIZE_SMALL_A
-
-/*
- * param a: r24
- * param b: r22
- * param reducer: r20
- */
-A = 23
-B = 22
-P = 24
-.global gf256mul
-
-#ifdef OPTIMIZE_SMALL_A
-gf256mul:
- mov A, r24
- clr r24
-1:
- lsr A
- breq 4f
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- rjmp 1b
-4:
- brcc 2f
- eor P, B
-2:
- ret
-
-#else
-
-gf256mul:
- mov r21, r24
- clr r24
- ldi r25, 8
-1:
- lsr A
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- dec r25
- brne 1b
- ret
-
-#endif
+++ /dev/null
-/* gf256mul.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef GF256MUL_H_
-#define GF256MUL_H_
-
-/**
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-12-19
- * \license GPLv3
- * \brief
- *
- *
- */
-
-#include <stdint.h>
-
-uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
-
-#endif /* GF256MUL_H_ */
-
*/
#include "groestl_large.h"
-#include "aes_sbox.h"
-#include "gf256mul.h"
-#include "memxor.h"
+#include "aes/aes_sbox.h"
+#include "gf256mul/gf256mul.h"
+#include "memxor/memxor.h"
#include <stdint.h>
#include <avr/pgmspace.h>
#include <string.h>
*/
#include "groestl_small.h"
-#include "aes_sbox.h"
-#include "gf256mul.h"
-#include "memxor.h"
+#include "aes/aes_sbox.h"
+#include "gf256mul/gf256mul.h"
+#include "memxor/memxor.h"
#include <stdint.h>
#include <avr/pgmspace.h>
#include <string.h>
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
+++ /dev/null
-/* hfal-basic.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-#include "hfal-basic.h"
-#include <stdlib.h>
-
-uint8_t hfal_hash_init(const hfdesc_t* hash_descriptor, hfgen_ctx_t* ctx){
- hf_init_fpt f;
- uint16_t tmp;
- ctx->desc_ptr = (hfdesc_t*)hash_descriptor;
- tmp = pgm_read_word(&(hash_descriptor->ctxsize_B));
- if(!(ctx->ctx=malloc(tmp)))
- return 3;
- f= (hf_init_fpt)pgm_read_word(&(hash_descriptor->init));
- f(ctx->ctx);
- return 0;
-}
-
-void hfal_hash_nextBlock(hfgen_ctx_t* ctx, const void* block){
- hf_nextBlock_fpt f;
- hfdesc_t* x=(ctx->desc_ptr);
- f =(hf_nextBlock_fpt)pgm_read_word(&(x->nextBlock));
- f(ctx->ctx, block);
-}
-
-void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b){
- hf_lastBlock_fpt f;
- hfdesc_t* x=ctx->desc_ptr;
- f =(hf_lastBlock_fpt)pgm_read_word(&(x->lastBlock));
- f(ctx->ctx, block, length_b);
-}
-
-void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx){
- hf_ctx2hash_fpt f;
- hfdesc_t* x=ctx->desc_ptr;
- f =(hf_ctx2hash_fpt)pgm_read_word(&(x->ctx2hash));
- f(dest, ctx->ctx);
-}
-
-void hfal_hash_free(hfgen_ctx_t* ctx){
- hf_free_fpt f;
- hfdesc_t* x=ctx->desc_ptr;
- f =(hf_free_fpt)pgm_read_word(&(x->free));
- if(f)
- f(ctx->ctx);
- free(ctx->ctx);
-}
-
-void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b){
- void_fpt f;
- f = (void_fpt)pgm_read_word(&(hash_descriptor->mem));
- if(f){
- ((hf_mem_fpt)f)(dest, msg, length_b);
- }else{
- uint16_t bs,bsb;
- uint8_t ctx[pgm_read_word(&(hash_descriptor->ctxsize_B))];
- f=(void_fpt)(pgm_read_word(&(hash_descriptor->init)));
- ((hf_init_fpt)f)(ctx);
- bs=pgm_read_word(&(hash_descriptor->blocksize_b));
- bsb=bs/8;
- f=(void_fpt)(pgm_read_word(&(hash_descriptor->nextBlock)));
- while(length_b>bs){
- ((hf_nextBlock_fpt)f)(ctx, msg);
- length_b -= bs;
- msg = (uint8_t*)msg + bsb;
- }
- f=(void_fpt)(pgm_read_word(&(hash_descriptor->lastBlock)));
- ((hf_lastBlock_fpt)f)(ctx, msg, length_b);
- f=(void_fpt)(pgm_read_word(&(hash_descriptor->ctx2hash)));
- ((hf_ctx2hash_fpt)f)(dest, ctx);
- }
-}
-
-uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor){
- uint16_t ret;
- ret = pgm_read_word(&(hash_descriptor->blocksize_b));
- return ret;
-}
-
-uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor){
- uint16_t ret;
- ret = pgm_read_word(&(hash_descriptor->hashsize_b));
- return ret;
-}
+++ /dev/null
-/* hfal-basic.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef HFAL_BASIC_H_
-#define HFAL_BASIC_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-uint8_t hfal_hash_init(const hfdesc_t* hash_descriptor, hfgen_ctx_t* ctx);
-void hfal_hash_nextBlock(hfgen_ctx_t* ctx, const void* block);
-void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b);
-void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx);
-void hfal_hash_free(hfgen_ctx_t* ctx);
-void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b);
-uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor);
-uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor);
-
-#endif /* HFAL_BASIC_H_ */
+++ /dev/null
-/* hfal-nessie.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \file hfal-nessie.c
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2009-05-10
- * \license GPLv3 or later
- *
- */
-
-#include "nessie_hash_test.h"
-#include "hashfunction_descriptor.h"
-#include <stdint.h>
-#include <avr/pgmspace.h>
-
-void hfal_nessie(const hfdesc_t* hd){
- if(pgm_read_byte(&(hd->type))!=HFDESC_TYPE_HASHFUNCTION)
- return;
- char name[1+strlen_P((void*)pgm_read_word(&(hd->name)))];
- strcpy_P(name, (void*)pgm_read_word(&(hd->name)));
-
- nessie_hash_ctx.hashsize_b = pgm_read_word(&(hd->hashsize_b));
- nessie_hash_ctx.name = name;
- nessie_hash_ctx.blocksize_B = pgm_read_word(&(hd->blocksize_b))/8;
- nessie_hash_ctx.ctx_size_B = pgm_read_word(&(hd->ctxsize_B));
- nessie_hash_ctx.hash_init = (nessie_hash_init_fpt)pgm_read_word(&(hd->init));
- nessie_hash_ctx.hash_next = (nessie_hash_next_fpt)pgm_read_word(&(hd->nextBlock));
- nessie_hash_ctx.hash_last = (nessie_hash_last_fpt)pgm_read_word(&(hd->lastBlock));
- nessie_hash_ctx.hash_conv = (nessie_hash_conv_fpt)pgm_read_word(&(hd->ctx2hash));
-
- nessie_hash_run();
-}
-
-void hfal_nessie_multiple(const hfdesc_t** hd_list){
- const hfdesc_t* hd;
- for(;;){
- hd = (void*)pgm_read_word(hd_list);
- if(!hd)
- return;
- hfal_nessie(hd);
- hd_list = (void*)((uint8_t*)hd_list + 2);
- }
-}
-
+++ /dev/null
-/* hfal-nessie.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \file hfal-nessie.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2009-05-10
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_NESSIE_H_
-#define HFAL_NESSIE_H_
-
-#include "hashfunction_descriptor.h"
-
-void hfal_nessie(const hfdesc_t* hd);
-void hfal_nessie_multiple(const hfdesc_t** hd_list);
-
-#endif /* HFAL_NESSIE_H_ */
+++ /dev/null
-/* hfal-performance.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \file hfal-performance.c
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2009-05-10
- * \license GPLv3 or later
- *
- */
-
-#include "hfal-performance.h"
-#include "hashfunction_descriptor.h"
-#include "stack_measuring.h"
-#include "cli.h"
-#include "performance_test.h"
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <avr/pgmspace.h>
-
-#define PATTERN_A 0xAA
-#define PATTERN_B 0x55
-
-static
-void printvalue(unsigned long v){
- char str[20];
- int i;
- ultoa(v, str, 10);
- for(i=0; i<10-strlen(str); ++i){
- cli_putc(' ');
- }
- cli_putstr(str);
-}
-
-void hfal_performance(const hfdesc_t* hd){
- hfdesc_t hf;
- memcpy_P(&hf, hd, sizeof(hfdesc_t));
- uint8_t ctx[hf.ctxsize_B];
- uint8_t data[(hf.blocksize_b+7)/8];
- uint8_t digest[(hf.hashsize_b+7)/8];
- uint64_t t;
- uint8_t i;
-
- if(hf.type!=HFDESC_TYPE_HASHFUNCTION)
- return;
- calibrateTimer();
- print_overhead();
- cli_putstr_P(PSTR("\r\n\r\n === "));
- cli_putstr_P(hf.name);
- cli_putstr_P(PSTR(" performance === "
- "\r\n type: hashfunction"
- "\r\n hashsize (bits): "));
- printvalue(hf.hashsize_b);
-
- cli_putstr_P(PSTR("\r\n ctxsize (bytes): "));
- printvalue(hf.ctxsize_B);
-
- cli_putstr_P(PSTR("\r\n blocksize (bits): "));
- printvalue(hf.blocksize_b);
-
- t=0;
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- hf.init(&ctx);
- STOP_TIMER;
- t += stopTimer();
- if(i!=31 && hf.free){
- hf.free(&ctx);
- }
- }
- t>>=5;
- cli_putstr_P(PSTR("\r\n init (cycles): "));
- printvalue(t);
-
- t=0;
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- hf.nextBlock(&ctx, data);
- STOP_TIMER;
- t += stopTimer();
- }
- t>>=5;
- cli_putstr_P(PSTR("\r\n nextBlock (cycles): "));
- printvalue(t);
-
- t=0;
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- hf.lastBlock(&ctx, data, 0);
- STOP_TIMER;
- t += stopTimer();
- }
- t>>=5;
- cli_putstr_P(PSTR("\r\n lastBlock (cycles): "));
- printvalue(t);
-
- t=0;
- for(i=0; i<32; ++i){
- startTimer(0);
- START_TIMER;
- hf.ctx2hash(digest, &ctx);
- STOP_TIMER;
- t += stopTimer();
- }
- t>>=5;
- cli_putstr_P(PSTR("\r\n ctx2hash (cycles): "));
- printvalue(t);
-
- if(hf.free){
- hf.free(&ctx);
- }
-}
-
-void hfal_stacksize(const hfdesc_t* hd){
- hfdesc_t hf;
- stack_measuring_ctx_t smctx;
- memcpy_P(&hf, hd, sizeof(hfdesc_t));
- uint8_t ctx[hf.ctxsize_B];
- uint8_t data[(hf.blocksize_b+7)/8];
- uint8_t digest[(hf.hashsize_b+7)/8];
- uint16_t t1, t2;
-
- if(hf.type!=HFDESC_TYPE_HASHFUNCTION)
- return;
- cli_putstr_P(PSTR("\r\n\r\n === "));
- cli_putstr_P(hf.name);
- cli_putstr_P(PSTR(" stack-usage === "));
-
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- hf.init(&ctx);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- hf.init(&ctx);
- t2 = stack_measure_final(&smctx);
- sei();
-
- t1 = (t1>t2)?t1:t2;
- cli_putstr_P(PSTR("\r\n init (bytes): "));
- printvalue((unsigned long)t1);
-
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- hf.nextBlock(&ctx, data);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- hf.nextBlock(&ctx, data);
- t2 = stack_measure_final(&smctx);
- sei();
-
- t1 = (t1>t2)?t1:t2;
- cli_putstr_P(PSTR("\r\n nextBlock (bytes): "));
- printvalue((unsigned long)t1);
-
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- hf.lastBlock(&ctx, data, 0);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- hf.lastBlock(&ctx, data, 0);
- t2 = stack_measure_final(&smctx);
- sei();
-
- t1 = (t1>t2)?t1:t2;
- cli_putstr_P(PSTR("\r\n lastBlock (bytes): "));
- printvalue((unsigned long)t1);
-
- cli();
- stack_measure_init(&smctx, PATTERN_A);
- hf.ctx2hash(digest, &ctx);
- t1 = stack_measure_final(&smctx);
- stack_measure_init(&smctx, PATTERN_B);
- hf.ctx2hash(digest, &ctx);
- t2 = stack_measure_final(&smctx);
- sei();
-
- t1 = (t1>t2)?t1:t2;
- cli_putstr_P(PSTR("\r\n ctx2hash (bytes): "));
- printvalue((unsigned long)t1);
-
- if(hf.free){
- hf.free(&ctx);
- }
-}
-
-void hfal_performance_multiple(const hfdesc_t** hd_list){
- const hfdesc_t* hd;
- for(;;){
- hd = (void*)pgm_read_word(hd_list);
- if(!hd){
- cli_putstr_P(PSTR("\r\n\r\n End of performance figures\r\n"));
- return;
- }
- hfal_performance(hd);
- hfal_stacksize(hd);
- hd_list = (void*)((uint8_t*)hd_list + 2);
- }
-}
-
+++ /dev/null
-/* hfal-performance.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \file hfal-performance.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2009-05-10
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_PERFORMANCE_H_
-#define HFAL_PERFORMANCE_H_
-
-#include "hashfunction_descriptor.h"
-
-void hfal_performance(const hfdesc_t* hd);
-void hfal_performance_multiple(const hfdesc_t** hd_list);
-#endif /* HFAL_PERFORMANCE_H_ */
+++ /dev/null
-/* hfal-test.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \file hfal-test.c
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2009-05-10
- * \license GPLv3 or later
- *
- */
-
-#include "hfal-basic.h"
-#include "hashfunction_descriptor.h"
-#include "cli.h"
-#include <stdint.h>
-#include <avr/pgmspace.h>
-
-void hfal_test(const hfdesc_t* hd, void* msg, uint32_t length_b){
- if(pgm_read_byte(&(hd->type))!=HFDESC_TYPE_HASHFUNCTION)
- return;
- uint16_t dlen = (pgm_read_word(&(hd->hashsize_b))+7)/8;
- uint8_t digest[dlen];
- cli_putstr_P(PSTR("\r\n=== "));
- cli_putstr_P((void*)pgm_read_word(&(hd->name)));
- cli_putstr_P(PSTR(" ===\r\n message:"));
- cli_hexdump_block(msg, (length_b+7)/8, 4, 16);
- hfal_hash_mem(hd, digest, msg, length_b);
- cli_putstr_P(PSTR(" \r\n digest:"));
- cli_hexdump_block(digest, dlen, 4, 16);
- cli_putstr_P(PSTR("\r\n"));
-}
-
-
+++ /dev/null
-/* hfal-test.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \file hfal-test.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2009-05-10
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_TEST_H_
-#define HFAL_TEST_H_
-
-#include "hashfunction_descriptor.h"
-#include <stdint.h>
-
-void hfal_test(const hfdesc_t* hd, void* msg, uint32_t length_b);
-
-#endif /* HFAL_TEST_H_ */
+++ /dev/null
-/* hfal_blake_large.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_blake_large.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-05-08
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "blake_large.h"
-
-
-static const char blake48_str[] PROGMEM = "Blake-48";
-static const char blake64_str[] PROGMEM = "Blake-64";
-
-const hfdesc_t blake48_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- blake48_str,
- sizeof(blake48_ctx_t),
- BLAKE48_BLOCKSIZE,
- 384,
- (hf_init_fpt)blake48_init,
- (hf_nextBlock_fpt)blake_large_nextBlock,
- (hf_lastBlock_fpt)blake_large_lastBlock,
- (hf_ctx2hash_fpt)blake48_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)blake48
-};
-
-const hfdesc_t blake64_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- blake64_str,
- sizeof(blake64_ctx_t),
- BLAKE64_BLOCKSIZE,
- 512,
- (hf_init_fpt)blake64_init,
- (hf_nextBlock_fpt)blake_large_nextBlock,
- (hf_lastBlock_fpt)blake_large_lastBlock,
- (hf_ctx2hash_fpt)blake64_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)blake64
-};
-
-
+++ /dev/null
-/* hfal_blake_large.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_blake_large.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-05-08
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_BLAKE_LARGE_H_
-#define HFAL_BLAKE_LARGE_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t blake48_desc;
-extern const hfdesc_t blake64_desc;
-
-#endif /* HFAL_BLAKE_LARGE_H_ */
+++ /dev/null
-/* hfal_blake_small.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_blake_small.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-05-05
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "blake_small.h"
-
-
-static const char blake28_str[] PROGMEM = "Blake-28";
-static const char blake32_str[] PROGMEM = "Blake-32";
-
-const hfdesc_t blake28_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- blake28_str,
- sizeof(blake28_ctx_t),
- BLAKE28_BLOCKSIZE,
- 224,
- (hf_init_fpt)blake28_init,
- (hf_nextBlock_fpt)blake_small_nextBlock,
- (hf_lastBlock_fpt)blake_small_lastBlock,
- (hf_ctx2hash_fpt)blake28_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)blake28
-};
-
-const hfdesc_t blake32_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- blake32_str,
- sizeof(blake32_ctx_t),
- BLAKE32_BLOCKSIZE,
- 256,
- (hf_init_fpt)blake32_init,
- (hf_nextBlock_fpt)blake_small_nextBlock,
- (hf_lastBlock_fpt)blake_small_lastBlock,
- (hf_ctx2hash_fpt)blake32_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)blake32
-};
-
-
+++ /dev/null
-/* hfal_blake_small.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_blake_small.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-05-05
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_BLAKE_SMALL_H_
-#define HFAL_BLAKE_SMALL_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t blake28_desc;
-extern const hfdesc_t blake32_desc;
-
-#endif /* HFAL_BLAKE_SMALL_H_ */
+++ /dev/null
-/* hfal_bmw_large.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_bmw_large.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-28
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "bmw_large.h"
-
-
-static const char bmw384_str[] PROGMEM = "BlueMidnightWish-384";
-static const char bmw512_str[] PROGMEM = "BlueMidnightWish-512";
-
-const hfdesc_t bmw384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- bmw384_str,
- sizeof(bmw384_ctx_t),
- BMW384_BLOCKSIZE,
- 384,
- (hf_init_fpt)bmw384_init,
- (hf_nextBlock_fpt)bmw384_nextBlock,
- (hf_lastBlock_fpt)bmw384_lastBlock,
- (hf_ctx2hash_fpt)bmw384_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)bmw384
-};
-
-const hfdesc_t bmw512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- bmw512_str,
- sizeof(bmw512_ctx_t),
- BMW512_BLOCKSIZE,
- 512,
- (hf_init_fpt)bmw512_init,
- (hf_nextBlock_fpt)bmw512_nextBlock,
- (hf_lastBlock_fpt)bmw512_lastBlock,
- (hf_ctx2hash_fpt)bmw512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)bmw512
-};
-
-
+++ /dev/null
-/* hfal_bmw_large.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_bmw_large.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-28
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_BMW_LARGE_H_
-#define HFAL_BMW_LARGE_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t bmw384_desc;
-extern const hfdesc_t bmw512_desc;
-
-#endif /* HFAL_BMW_LARGE_H_ */
+++ /dev/null
-/* hfal_bmw_small.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_bmw_small.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-28
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "bmw_small.h"
-
-
-static const char bmw224_str[] PROGMEM = "BlueMidnightWish-224";
-static const char bmw256_str[] PROGMEM = "BlueMidnightWish-256";
-
-const hfdesc_t bmw224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- bmw224_str,
- sizeof(bmw224_ctx_t),
- BMW224_BLOCKSIZE,
- 224,
- (hf_init_fpt)bmw224_init,
- (hf_nextBlock_fpt)bmw224_nextBlock,
- (hf_lastBlock_fpt)bmw224_lastBlock,
- (hf_ctx2hash_fpt)bmw224_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)bmw224
-};
-
-const hfdesc_t bmw256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- bmw256_str,
- sizeof(bmw256_ctx_t),
- BMW256_BLOCKSIZE,
- 256,
- (hf_init_fpt)bmw256_init,
- (hf_nextBlock_fpt)bmw256_nextBlock,
- (hf_lastBlock_fpt)bmw256_lastBlock,
- (hf_ctx2hash_fpt)bmw256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)bmw256
-};
-
-
+++ /dev/null
-/* hfal_bmw_small.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_bmw_small.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-28
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_BMW_SMALL_H_
-#define HFAL_BMW_SMALL_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t bmw224_desc;
-extern const hfdesc_t bmw256_desc;
-
-#endif /* HFAL_BMW_SMALL_H_ */
+++ /dev/null
-/* hfal_cubehash.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_cubehash.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "cubehash.h"
-
-
-static const char cubehash224_str[] PROGMEM = "CubeHash-224";
-static const char cubehash256_str[] PROGMEM = "CubeHash-256";
-static const char cubehash384_str[] PROGMEM = "CubeHash-384";
-static const char cubehash512_str[] PROGMEM = "CubeHash-512";
-
-const hfdesc_t cubehash224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- cubehash224_str,
- sizeof(cubehash_ctx_t),
- CUBEHASH224_BLOCKSIZE,
- 224,
- (hf_init_fpt)cubehash224_init,
- (hf_nextBlock_fpt)cubehash_nextBlock,
- (hf_lastBlock_fpt)cubehash_lastBlock,
- (hf_ctx2hash_fpt)cubehash224_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t cubehash256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- cubehash256_str,
- sizeof(cubehash_ctx_t),
- CUBEHASH256_BLOCKSIZE,
- 256,
- (hf_init_fpt)cubehash256_init,
- (hf_nextBlock_fpt)cubehash_nextBlock,
- (hf_lastBlock_fpt)cubehash_lastBlock,
- (hf_ctx2hash_fpt)cubehash256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t cubehash384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- cubehash384_str,
- sizeof(cubehash_ctx_t),
- CUBEHASH384_BLOCKSIZE,
- 384,
- (hf_init_fpt)cubehash384_init,
- (hf_nextBlock_fpt)cubehash_nextBlock,
- (hf_lastBlock_fpt)cubehash_lastBlock,
- (hf_ctx2hash_fpt)cubehash384_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t cubehash512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- cubehash512_str,
- sizeof(cubehash_ctx_t),
- CUBEHASH512_BLOCKSIZE,
- 512,
- (hf_init_fpt)cubehash512_init,
- (hf_nextBlock_fpt)cubehash_nextBlock,
- (hf_lastBlock_fpt)cubehash_lastBlock,
- (hf_ctx2hash_fpt)cubehash512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-
+++ /dev/null
-/* hfal_cubehash.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef HFAL_CUBEHASH_H_
-#define HFAL_CUBEHASH_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t cubehash224_desc;
-extern const hfdesc_t cubehash256_desc;
-extern const hfdesc_t cubehash384_desc;
-extern const hfdesc_t cubehash512_desc;
-
-
-#endif /* HFAL_CUBEHASH_H_ */
+++ /dev/null
-/* hfal_echo.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_echo.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-21
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "echo.h"
-
-
-static const char echo224_str[] PROGMEM = "ECHO-224";
-static const char echo256_str[] PROGMEM = "ECHO-256";
-static const char echo384_str[] PROGMEM = "ECHO-384";
-static const char echo512_str[] PROGMEM = "ECHO-512";
-
-const hfdesc_t echo224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- echo224_str,
- sizeof(echo_small_ctx_t),
- ECHO224_BLOCKSIZE,
- 224,
- (hf_init_fpt)echo224_init,
- (hf_nextBlock_fpt)echo_small_nextBlock,
- (hf_lastBlock_fpt)echo_small_lastBlock,
- (hf_ctx2hash_fpt)echo224_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t echo256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- echo256_str,
- sizeof(echo_small_ctx_t),
- ECHO256_BLOCKSIZE,
- 256,
- (hf_init_fpt)echo256_init,
- (hf_nextBlock_fpt)echo_small_nextBlock,
- (hf_lastBlock_fpt)echo_small_lastBlock,
- (hf_ctx2hash_fpt)echo256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t echo384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- echo384_str,
- sizeof(echo_large_ctx_t),
- ECHO384_BLOCKSIZE,
- 384,
- (hf_init_fpt)echo384_init,
- (hf_nextBlock_fpt)echo_large_nextBlock,
- (hf_lastBlock_fpt)echo_large_lastBlock,
- (hf_ctx2hash_fpt)echo384_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t echo512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- echo512_str,
- sizeof(echo_large_ctx_t),
- ECHO512_BLOCKSIZE,
- 512,
- (hf_init_fpt)echo512_init,
- (hf_nextBlock_fpt)echo_large_nextBlock,
- (hf_lastBlock_fpt)echo_large_lastBlock,
- (hf_ctx2hash_fpt)echo512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-
+++ /dev/null
-/* hfal_echo.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef HFAL_ECHO_H_
-#define HFAL_ECHO_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t echo224_desc;
-extern const hfdesc_t echo256_desc;
-extern const hfdesc_t echo384_desc;
-extern const hfdesc_t echo512_desc;
-
-#endif /* HFAL_ECHO_H_ */
+++ /dev/null
-/* hfal_groestl_large.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_groestl_large.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-05-05
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "groestl_large.h"
-#include "groestl_small.h"
-
-
-static const char groestl384_str[] PROGMEM = "Groestl-384";
-static const char groestl512_str[] PROGMEM = "Groestl-512";
-
-const hfdesc_t groestl384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- groestl384_str,
- sizeof(groestl384_ctx_t),
- GROESTL384_BLOCKSIZE,
- 384,
- (hf_init_fpt)groestl384_init,
- (hf_nextBlock_fpt)groestl_large_nextBlock,
- (hf_lastBlock_fpt)groestl_large_lastBlock,
- (hf_ctx2hash_fpt)groestl384_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)groestl384
-};
-
-const hfdesc_t groestl512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- groestl512_str,
- sizeof(groestl512_ctx_t),
- GROESTL512_BLOCKSIZE,
- 512,
- (hf_init_fpt)groestl512_init,
- (hf_nextBlock_fpt)groestl_large_nextBlock,
- (hf_lastBlock_fpt)groestl_large_lastBlock,
- (hf_ctx2hash_fpt)groestl512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)groestl512
-};
-
+++ /dev/null
-/* hfal_groestl_large.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_groestl_large.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-06-11
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_GROESTL_LARGE_H_
-#define HFAL_GROESTL_LARGE_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t groestl384_desc;
-extern const hfdesc_t groestl512_desc;
-
-#endif /* HFAL_GROESTL_LARGE_H_ */
+++ /dev/null
-/* hfal_groestl_small.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_groestl_small.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-05-05
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "groestl_small.h"
-
-
-static const char groestl224_str[] PROGMEM = "Groestl-224";
-static const char groestl256_str[] PROGMEM = "Groestl-256";
-
-const hfdesc_t groestl224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- groestl224_str,
- sizeof(groestl224_ctx_t),
- GROESTL224_BLOCKSIZE,
- 224,
- (hf_init_fpt)groestl224_init,
- (hf_nextBlock_fpt)groestl_small_nextBlock,
- (hf_lastBlock_fpt)groestl_small_lastBlock,
- (hf_ctx2hash_fpt)groestl224_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)groestl224
-};
-
-const hfdesc_t groestl256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- groestl256_str,
- sizeof(groestl256_ctx_t),
- GROESTL256_BLOCKSIZE,
- 256,
- (hf_init_fpt)groestl256_init,
- (hf_nextBlock_fpt)groestl_small_nextBlock,
- (hf_lastBlock_fpt)groestl_small_lastBlock,
- (hf_ctx2hash_fpt)groestl256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)groestl256
-};
-
-
+++ /dev/null
-/* hfal_groestl_small.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_groestl_small.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-05-05
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_GROESTL_SMALL_H_
-#define HFAL_GROESTL_SMALL_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t groestl224_desc;
-extern const hfdesc_t groestl256_desc;
-
-#endif /* HFAL_GROESTL_SMALL_H_ */
+++ /dev/null
-/* hfal_keccak.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_keccak.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "keccak.h"
-
-
-static const char keccak224_str[] PROGMEM = "Keccak-224";
-static const char keccak256_str[] PROGMEM = "Keccak-256";
-static const char keccak384_str[] PROGMEM = "Keccak-384";
-static const char keccak512_str[] PROGMEM = "Keccak-512";
-
-const hfdesc_t keccak224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- keccak224_str,
- sizeof(keccak_ctx_t),
- KECCAK224_BLOCKSIZE,
- 224,
- (hf_init_fpt)keccak224_init,
- (hf_nextBlock_fpt)keccak_nextBlock,
- (hf_lastBlock_fpt)keccak_lastBlock,
- (hf_ctx2hash_fpt)keccak224_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t keccak256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- keccak256_str,
- sizeof(keccak_ctx_t),
- KECCAK256_BLOCKSIZE,
- 256,
- (hf_init_fpt)keccak256_init,
- (hf_nextBlock_fpt)keccak_nextBlock,
- (hf_lastBlock_fpt)keccak_lastBlock,
- (hf_ctx2hash_fpt)keccak256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t keccak384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- keccak384_str,
- sizeof(keccak_ctx_t),
- KECCAK384_BLOCKSIZE,
- 384,
- (hf_init_fpt)keccak384_init,
- (hf_nextBlock_fpt)keccak_nextBlock,
- (hf_lastBlock_fpt)keccak_lastBlock,
- (hf_ctx2hash_fpt)keccak384_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-const hfdesc_t keccak512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- keccak512_str,
- sizeof(keccak_ctx_t),
- KECCAK512_BLOCKSIZE,
- 512,
- (hf_init_fpt)keccak512_init,
- (hf_nextBlock_fpt)keccak_nextBlock,
- (hf_lastBlock_fpt)keccak_lastBlock,
- (hf_ctx2hash_fpt)keccak512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
-
+++ /dev/null
-/* hfal_keccak.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_keccak.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2010-02-09
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_KECCAK_H_
-#define HFAL_KECCAK_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t keccak224_desc;
-extern const hfdesc_t keccak256_desc;
-extern const hfdesc_t keccak384_desc;
-extern const hfdesc_t keccak512_desc;
-
-#endif /* HFAL_KECCAK_H_ */
+++ /dev/null
-/* hfal_md5.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_md5.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "md5.h"
-
-static const char md5_str[] PROGMEM = "MD5";
-
-const hfdesc_t md5_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- md5_str,
- sizeof(md5_ctx_t),
- 512,
- 128,
- (hf_init_fpt)md5_init,
- (hf_nextBlock_fpt)md5_nextBlock,
- (hf_lastBlock_fpt)md5_lastBlock,
- (hf_ctx2hash_fpt)md5_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)md5
-};
-
+++ /dev/null
-/* hfal_md5.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_md5.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_MD5_H_
-#define HFAL_MD5_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t md5_desc;
-
-#endif /* HFAL_MD5_H_ */
+++ /dev/null
-/* hfal_sha1.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_sha1.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-04
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "sha1.h"
-
-static const char sha1_str[] PROGMEM = "SHA-1";
-
-const hfdesc_t sha1_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- sha1_str,
- sizeof(sha1_ctx_t),
- 512,
- 160,
- (hf_init_fpt)sha1_init,
- (hf_nextBlock_fpt)sha1_nextBlock,
- (hf_lastBlock_fpt)sha1_lastBlock,
- (hf_ctx2hash_fpt)sha1_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)sha1
-};
-
+++ /dev/null
-/* hfal_sha1.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_sha1.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-04
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_SHA1_H_
-#define HFAL_SHA1_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t sha1_desc;
-
-#endif /* HFAL_SHA1_H_ */
+++ /dev/null
-/* hfal_sha256.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_sha256.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-04
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "sha256.h"
-
-static const char sha256_str[] PROGMEM = "SHA-256";
-
-const hfdesc_t sha256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- sha256_str,
- sizeof(sha256_ctx_t),
- 512,
- 256,
- (hf_init_fpt)sha256_init,
- (hf_nextBlock_fpt)sha256_nextBlock,
- (hf_lastBlock_fpt)sha256_lastBlock,
- (hf_ctx2hash_fpt)sha256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)sha256
-};
-
+++ /dev/null
-/* hfal_sha256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_sha256.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-04
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_SHA256_H_
-#define HFAL_SHA256_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t sha256_desc;
-
-#endif /* HFAL_SHA256_H_ */
+++ /dev/null
-/* hfal_shabal.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_shabal.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-20
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "shabal.h"
-
-
-static const char shabal192_str[] PROGMEM = "Shabal-192";
-static const char shabal224_str[] PROGMEM = "Shabal-224";
-static const char shabal256_str[] PROGMEM = "Shabal-256";
-static const char shabal384_str[] PROGMEM = "Shabal-384";
-static const char shabal512_str[] PROGMEM = "Shabal-512";
-
-const hfdesc_t shabal192_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- shabal192_str,
- sizeof(shabal_ctx_t),
- SHABAL_BLOCKSIZE,
- 192,
- (hf_init_fpt)shabal192_init,
- (hf_nextBlock_fpt)shabal_nextBlock,
- (hf_lastBlock_fpt)shabal_lastBlock,
- (hf_ctx2hash_fpt)shabal192_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)shabal192
-};
-
-const hfdesc_t shabal224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- shabal224_str,
- sizeof(shabal_ctx_t),
- SHABAL_BLOCKSIZE,
- 224,
- (hf_init_fpt)shabal224_init,
- (hf_nextBlock_fpt)shabal_nextBlock,
- (hf_lastBlock_fpt)shabal_lastBlock,
- (hf_ctx2hash_fpt)shabal224_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)shabal224
-};
-
-const hfdesc_t shabal256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- shabal256_str,
- sizeof(shabal_ctx_t),
- SHABAL_BLOCKSIZE,
- 256,
- (hf_init_fpt)shabal256_init,
- (hf_nextBlock_fpt)shabal_nextBlock,
- (hf_lastBlock_fpt)shabal_lastBlock,
- (hf_ctx2hash_fpt)shabal256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)shabal256
-};
-
-const hfdesc_t shabal384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- shabal384_str,
- sizeof(shabal_ctx_t),
- SHABAL_BLOCKSIZE,
- 384,
- (hf_init_fpt)shabal384_init,
- (hf_nextBlock_fpt)shabal_nextBlock,
- (hf_lastBlock_fpt)shabal_lastBlock,
- (hf_ctx2hash_fpt)shabal384_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)shabal384
-};
-
-const hfdesc_t shabal512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- shabal512_str,
- sizeof(shabal_ctx_t),
- SHABAL_BLOCKSIZE,
- 512,
- (hf_init_fpt)shabal512_init,
- (hf_nextBlock_fpt)shabal_nextBlock,
- (hf_lastBlock_fpt)shabal_lastBlock,
- (hf_ctx2hash_fpt)shabal512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)shabal512
-};
+++ /dev/null
-/* hfal_shabal.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_shabal.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-04-20
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_SHABAL_H_
-#define HFAL_SHABAL_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t shabal192_desc;
-extern const hfdesc_t shabal224_desc;
-extern const hfdesc_t shabal256_desc;
-extern const hfdesc_t shabal384_desc;
-extern const hfdesc_t shabal512_desc;
-
-#endif /* HFAL_SHABAL_H_ */
+++ /dev/null
-/* hfal_skein1024.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_skein1024.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-03-13
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "skein.h"
-
-
-static const char skein1024_128_str[] PROGMEM = "Skein-1024-128";
-static const char skein1024_160_str[] PROGMEM = "Skein-1024-160";
-static const char skein1024_224_str[] PROGMEM = "Skein-1024-224";
-static const char skein1024_256_str[] PROGMEM = "Skein-1024-256";
-static const char skein1024_384_str[] PROGMEM = "Skein-1024-384";
-static const char skein1024_512_str[] PROGMEM = "Skein-1024-512";
-static const char skein1024_1024_str[] PROGMEM = "Skein-1024-1024";
-
-void skein1024_128_init(skein1024_ctx_t* ctx){
- skein1024_init(ctx, 128);
-}
-void skein1024_160_init(skein1024_ctx_t* ctx){
- skein1024_init(ctx, 160);
-}
-void skein1024_224_init(skein1024_ctx_t* ctx){
- skein1024_init(ctx, 224);
-}
-void skein1024_256_init(skein1024_ctx_t* ctx){
- skein1024_init(ctx, 256);
-}
-void skein1024_384_init(skein1024_ctx_t* ctx){
- skein1024_init(ctx, 384);
-}
-void skein1024_512_init(skein1024_ctx_t* ctx){
- skein1024_init(ctx, 512);
-}
-void skein1024_1024_init(skein1024_ctx_t* ctx){
- skein1024_init(ctx, 1024);
-}
-
-const hfdesc_t skein1024_128_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein1024_128_str,
- sizeof(skein1024_ctx_t),
- SKEIN1024_BLOCKSIZE,
- 128,
- (hf_init_fpt)skein1024_128_init,
- (hf_nextBlock_fpt)skein1024_nextBlock,
- (hf_lastBlock_fpt)skein1024_lastBlock,
- (hf_ctx2hash_fpt)skein1024_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein1024_160_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein1024_160_str,
- sizeof(skein1024_ctx_t),
- SKEIN1024_BLOCKSIZE,
- 160,
- (hf_init_fpt)skein1024_160_init,
- (hf_nextBlock_fpt)skein1024_nextBlock,
- (hf_lastBlock_fpt)skein1024_lastBlock,
- (hf_ctx2hash_fpt)skein1024_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein1024_224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein1024_224_str,
- sizeof(skein1024_ctx_t),
- SKEIN1024_BLOCKSIZE,
- 224,
- (hf_init_fpt)skein1024_224_init,
- (hf_nextBlock_fpt)skein1024_nextBlock,
- (hf_lastBlock_fpt)skein1024_lastBlock,
- (hf_ctx2hash_fpt)skein1024_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein1024_256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein1024_256_str,
- sizeof(skein1024_ctx_t),
- SKEIN1024_BLOCKSIZE,
- 256,
- (hf_init_fpt)skein1024_256_init,
- (hf_nextBlock_fpt)skein1024_nextBlock,
- (hf_lastBlock_fpt)skein1024_lastBlock,
- (hf_ctx2hash_fpt)skein1024_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein1024_384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein1024_384_str,
- sizeof(skein1024_ctx_t),
- SKEIN1024_BLOCKSIZE,
- 384,
- (hf_init_fpt)skein1024_384_init,
- (hf_nextBlock_fpt)skein1024_nextBlock,
- (hf_lastBlock_fpt)skein1024_lastBlock,
- (hf_ctx2hash_fpt)skein1024_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein1024_512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein1024_512_str,
- sizeof(skein1024_ctx_t),
- SKEIN1024_BLOCKSIZE,
- 512,
- (hf_init_fpt)skein1024_512_init,
- (hf_nextBlock_fpt)skein1024_nextBlock,
- (hf_lastBlock_fpt)skein1024_lastBlock,
- (hf_ctx2hash_fpt)skein1024_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein1024_1024_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein1024_1024_str,
- sizeof(skein1024_ctx_t),
- SKEIN1024_BLOCKSIZE,
- 1024,
- (hf_init_fpt)skein1024_1024_init,
- (hf_nextBlock_fpt)skein1024_nextBlock,
- (hf_lastBlock_fpt)skein1024_lastBlock,
- (hf_ctx2hash_fpt)skein1024_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
+++ /dev/null
-/* hfal_skein1024.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_skein1024.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-03-13
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_SKEIN1024_H_
-#define HFAL_SKEIN1024_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t skein1024_128_desc;
-extern const hfdesc_t skein1024_160_desc;
-extern const hfdesc_t skein1024_224_desc;
-extern const hfdesc_t skein1024_256_desc;
-extern const hfdesc_t skein1024_384_desc;
-extern const hfdesc_t skein1024_512_desc;
-extern const hfdesc_t skein1024_1024_desc;
-
-#endif /* HFAL_SHA1024_H_ */
+++ /dev/null
-/* hfal_skein256.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_skein256.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-03-13
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "skein.h"
-
-
-static const char skein256_128_str[] PROGMEM = "Skein-256-128";
-static const char skein256_160_str[] PROGMEM = "Skein-256-160";
-static const char skein256_224_str[] PROGMEM = "Skein-256-224";
-static const char skein256_256_str[] PROGMEM = "Skein-256-256";
-static const char skein256_384_str[] PROGMEM = "Skein-256-384";
-static const char skein256_512_str[] PROGMEM = "Skein-256-512";
-
-void skein256_128_init(skein256_ctx_t* ctx){
- skein256_init(ctx, 128);
-}
-void skein256_160_init(skein256_ctx_t* ctx){
- skein256_init(ctx, 160);
-}
-void skein256_224_init(skein256_ctx_t* ctx){
- skein256_init(ctx, 224);
-}
-void skein256_256_init(skein256_ctx_t* ctx){
- skein256_init(ctx, 256);
-}
-void skein256_384_init(skein256_ctx_t* ctx){
- skein256_init(ctx, 384);
-}
-void skein256_512_init(skein256_ctx_t* ctx){
- skein256_init(ctx, 512);
-}
-
-const hfdesc_t skein256_128_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein256_128_str,
- sizeof(skein256_ctx_t),
- SKEIN256_BLOCKSIZE,
- 128,
- (hf_init_fpt)skein256_128_init,
- (hf_nextBlock_fpt)skein256_nextBlock,
- (hf_lastBlock_fpt)skein256_lastBlock,
- (hf_ctx2hash_fpt)skein256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein256_160_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein256_160_str,
- sizeof(skein256_ctx_t),
- SKEIN256_BLOCKSIZE,
- 160,
- (hf_init_fpt)skein256_160_init,
- (hf_nextBlock_fpt)skein256_nextBlock,
- (hf_lastBlock_fpt)skein256_lastBlock,
- (hf_ctx2hash_fpt)skein256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein256_224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein256_224_str,
- sizeof(skein256_ctx_t),
- SKEIN256_BLOCKSIZE,
- 224,
- (hf_init_fpt)skein256_224_init,
- (hf_nextBlock_fpt)skein256_nextBlock,
- (hf_lastBlock_fpt)skein256_lastBlock,
- (hf_ctx2hash_fpt)skein256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein256_256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein256_256_str,
- sizeof(skein256_ctx_t),
- SKEIN256_BLOCKSIZE,
- 256,
- (hf_init_fpt)skein256_256_init,
- (hf_nextBlock_fpt)skein256_nextBlock,
- (hf_lastBlock_fpt)skein256_lastBlock,
- (hf_ctx2hash_fpt)skein256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein256_384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein256_384_str,
- sizeof(skein256_ctx_t),
- SKEIN256_BLOCKSIZE,
- 384,
- (hf_init_fpt)skein256_384_init,
- (hf_nextBlock_fpt)skein256_nextBlock,
- (hf_lastBlock_fpt)skein256_lastBlock,
- (hf_ctx2hash_fpt)skein256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein256_512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein256_512_str,
- sizeof(skein256_ctx_t),
- SKEIN256_BLOCKSIZE,
- 512,
- (hf_init_fpt)skein256_512_init,
- (hf_nextBlock_fpt)skein256_nextBlock,
- (hf_lastBlock_fpt)skein256_lastBlock,
- (hf_ctx2hash_fpt)skein256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
+++ /dev/null
-/* hfal_skein256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_skein256.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-03-13
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_SKEIN256_H_
-#define HFAL_SKEIN256_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t skein256_128_desc;
-extern const hfdesc_t skein256_160_desc;
-extern const hfdesc_t skein256_224_desc;
-extern const hfdesc_t skein256_256_desc;
-extern const hfdesc_t skein256_384_desc;
-extern const hfdesc_t skein256_512_desc;
-
-#endif /* HFAL_SKEIN256_H_ */
+++ /dev/null
-/* hfal_skein512.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_skein512.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-03-13
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "skein.h"
-
-
-static const char skein512_128_str[] PROGMEM = "Skein-512-128";
-static const char skein512_160_str[] PROGMEM = "Skein-512-160";
-static const char skein512_224_str[] PROGMEM = "Skein-512-224";
-static const char skein512_256_str[] PROGMEM = "Skein-512-256";
-static const char skein512_384_str[] PROGMEM = "Skein-512-384";
-static const char skein512_512_str[] PROGMEM = "Skein-512-512";
-static const char skein512_1024_str[] PROGMEM = "Skein-512-1024";
-
-void skein512_128_init(skein512_ctx_t* ctx){
- skein512_init(ctx, 128);
-}
-void skein512_160_init(skein512_ctx_t* ctx){
- skein512_init(ctx, 160);
-}
-void skein512_224_init(skein512_ctx_t* ctx){
- skein512_init(ctx, 224);
-}
-void skein512_256_init(skein512_ctx_t* ctx){
- skein512_init(ctx, 256);
-}
-void skein512_384_init(skein512_ctx_t* ctx){
- skein512_init(ctx, 384);
-}
-void skein512_512_init(skein512_ctx_t* ctx){
- skein512_init(ctx, 512);
-}
-void skein512_1024_init(skein512_ctx_t* ctx){
- skein512_init(ctx, 1024);
-}
-
-const hfdesc_t skein512_128_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein512_128_str,
- sizeof(skein512_ctx_t),
- SKEIN512_BLOCKSIZE,
- 128,
- (hf_init_fpt)skein512_128_init,
- (hf_nextBlock_fpt)skein512_nextBlock,
- (hf_lastBlock_fpt)skein512_lastBlock,
- (hf_ctx2hash_fpt)skein512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein512_160_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein512_160_str,
- sizeof(skein512_ctx_t),
- SKEIN512_BLOCKSIZE,
- 160,
- (hf_init_fpt)skein512_160_init,
- (hf_nextBlock_fpt)skein512_nextBlock,
- (hf_lastBlock_fpt)skein512_lastBlock,
- (hf_ctx2hash_fpt)skein512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein512_224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein512_224_str,
- sizeof(skein512_ctx_t),
- SKEIN512_BLOCKSIZE,
- 224,
- (hf_init_fpt)skein512_224_init,
- (hf_nextBlock_fpt)skein512_nextBlock,
- (hf_lastBlock_fpt)skein512_lastBlock,
- (hf_ctx2hash_fpt)skein512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein512_256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein512_256_str,
- sizeof(skein512_ctx_t),
- SKEIN512_BLOCKSIZE,
- 256,
- (hf_init_fpt)skein512_256_init,
- (hf_nextBlock_fpt)skein512_nextBlock,
- (hf_lastBlock_fpt)skein512_lastBlock,
- (hf_ctx2hash_fpt)skein512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein512_384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein512_384_str,
- sizeof(skein512_ctx_t),
- SKEIN512_BLOCKSIZE,
- 384,
- (hf_init_fpt)skein512_384_init,
- (hf_nextBlock_fpt)skein512_nextBlock,
- (hf_lastBlock_fpt)skein512_lastBlock,
- (hf_ctx2hash_fpt)skein512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein512_512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein512_512_str,
- sizeof(skein512_ctx_t),
- SKEIN512_BLOCKSIZE,
- 512,
- (hf_init_fpt)skein512_512_init,
- (hf_nextBlock_fpt)skein512_nextBlock,
- (hf_lastBlock_fpt)skein512_lastBlock,
- (hf_ctx2hash_fpt)skein512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-const hfdesc_t skein512_1024_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- skein512_1024_str,
- sizeof(skein512_ctx_t),
- SKEIN512_BLOCKSIZE,
- 1024,
- (hf_init_fpt)skein512_1024_init,
- (hf_nextBlock_fpt)skein512_nextBlock,
- (hf_lastBlock_fpt)skein512_lastBlock,
- (hf_ctx2hash_fpt)skein512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)NULL
-};
-
+++ /dev/null
-/* hfal_skein512.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_skein512.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-03-13
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_SKEIN512_H_
-#define HFAL_SKEIN512_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t skein512_128_desc;
-extern const hfdesc_t skein512_160_desc;
-extern const hfdesc_t skein512_224_desc;
-extern const hfdesc_t skein512_256_desc;
-extern const hfdesc_t skein512_384_desc;
-extern const hfdesc_t skein512_512_desc;
-extern const hfdesc_t skein512_1024_desc;
-
-#endif /* HFAL_SHA512_H_ */
+++ /dev/null
-/* hfal_twister224.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister224.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-04
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "twister-small.h"
-
-static const char twister224_str[] PROGMEM = "Twister-224";
-
-const hfdesc_t twister224_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- twister224_str,
- sizeof(twister224_ctx_t),
- 512,
- 224,
- (hf_init_fpt)twister224_init,
- (hf_nextBlock_fpt)twister224_nextBlock,
- (hf_lastBlock_fpt)twister224_lastBlock,
- (hf_ctx2hash_fpt)twister224_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)twister224
-};
-
+++ /dev/null
-/* hfal_twister224.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister224.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_TWISTER224_H_
-#define HFAL_TWISTER224_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t twister224_desc;
-
-#endif /* HFAL_TWISTER224_H_ */
+++ /dev/null
-/* hfal_twister256.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister256.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "twister-small.h"
-
-static const char twister256_str[] PROGMEM = "Twister-256";
-
-const hfdesc_t twister256_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- twister256_str,
- sizeof(twister256_ctx_t),
- 512,
- 256,
- (hf_init_fpt)twister256_init,
- (hf_nextBlock_fpt)twister256_nextBlock,
- (hf_lastBlock_fpt)twister256_lastBlock,
- (hf_ctx2hash_fpt)twister256_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)twister256
-};
-
+++ /dev/null
-/* hfal_twister256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister256.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_TWISTER256_H_
-#define HFAL_TWISTER256_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t twister256_desc;
-
-#endif /* HFAL_TWISTER256_H_ */
+++ /dev/null
-/* hfal_twister384.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister384.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "twister-large.h"
-
-static const char twister384_str[] PROGMEM = "Twister-384";
-
-const hfdesc_t twister384_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- twister384_str,
- sizeof(twister384_ctx_t),
- 512,
- 384,
- (hf_init_fpt)twister384_init,
- (hf_nextBlock_fpt)twister384_nextBlock,
- (hf_lastBlock_fpt)twister384_lastBlock,
- (hf_ctx2hash_fpt)twister384_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)twister384
-};
-
+++ /dev/null
-/* hfal_twister384.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister384.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_TWISTER384_H_
-#define HFAL_TWISTER384_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t twister384_desc;
-
-#endif /* HFAL_TWISTER384_H_ */
+++ /dev/null
-/* hfal_twister512.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister512.c
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#include <avr/pgmspace.h>
-#include <stdlib.h>
-#include "hashfunction_descriptor.h"
-#include "twister-large.h"
-
-static const char twister512_str[] PROGMEM = "Twister-512";
-
-const hfdesc_t twister512_desc PROGMEM = {
- HFDESC_TYPE_HASHFUNCTION,
- 0,
- twister512_str,
- sizeof(twister512_ctx_t),
- 512,
- 512,
- (hf_init_fpt)twister512_init,
- (hf_nextBlock_fpt)twister512_nextBlock,
- (hf_lastBlock_fpt)twister512_lastBlock,
- (hf_ctx2hash_fpt)twister512_ctx2hash,
- (hf_free_fpt)NULL,
- (hf_mem_fpt)twister512
-};
-
+++ /dev/null
-/* hfal_twister512.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file hfal_twister512.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-02-09
- * \license GPLv3 or later
- *
- */
-
-#ifndef HFAL_TWISTER512_H_
-#define HFAL_TWISTER512_H_
-
-#include <avr/pgmspace.h>
-#include "hashfunction_descriptor.h"
-
-extern const hfdesc_t twister512_desc;
-
-#endif /* HFAL_TWISTER512_H_ */
+++ /dev/null
-/* base64_dec.c */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-/**
- * base64 decoder (RFC3548)
- * Author: Daniel Otte
- * License: GPLv3
- *
- *
- */
-
-#include <stdint.h>
-#include "base64_dec.h"
-
-#include "test_src/cli.h"
-
-/*
- #define USE_GCC_EXTENSION
-*/
-#if 1
-
-#ifdef USE_GCC_EXTENSION
-
-static
-int ascii2bit6(char a){
- switch(a){
- case 'A'...'Z':
- return a-'A';
- case 'a'...'z':
- return a-'a'+26;
- case '0'...'9':
- return a-'0'+52;
- case '+':
- case '-':
- return 62;
- case '/':
- case '_':
- return 63;
- default:
- return -1;
- }
-}
-
-#else
-
-static
-uint8_t ascii2bit6(char a){
- int r;
- switch(a>>4){
- case 0x5:
- case 0x4:
- r=a-'A';
- if(r<0 || r>25){
- return -1;
- } else {
- return r;
- }
- case 0x7:
- case 0x6:
- r=a-'a';
- if(r<0 || r>25){
- return -1;
- } else {
- return r+26;
- }
- break;
- case 0x3:
- if(a>'9')
- return -1;
- return a-'0'+52;
- default:
- break;
- }
- switch (a){
- case '+':
- case '-':
- return 62;
- case '/':
- case '_':
- return 63;
- default:
- return 0xff;
- }
-}
-
-#endif
-
-#else
-
-static
-uint8_t ascii2bit6(uint8_t a){
- if(a>='A' && a<='Z'){
- return a-'A';
- } else {
- if(a>='a' && a<= 'z'){
- return a-'a'+26;
- } else {
- if(a>='0' && a<='9'){
- return a-'0'+52;
- } else {
- if(a=='+' || a=='-'){
- return 62;
- } else {
- if(a=='/' || a=='_'){
- return 63;
- } else {
- return 0xff;
- }
- }
- }
- }
- }
-}
-
-#endif
-
-int base64_binlength(char* str, uint8_t strict){
- int l=0;
- uint8_t term=0;
- for(;;){
- if(*str=='\0')
- break;
- if(*str=='\n' || *str=='\r'){
- str++;
- continue;
- }
- if(*str=='='){
- term++;
- str++;
- if(term==2){
- break;
- }
- continue;
- }
- if(term)
- return -1;
- if(ascii2bit6(*str)==-1){
- if(strict)
- return -1;
- } else {
- l++;
- }
- str++;
- }
- switch(term){
- case 0:
- if(l%4!=0)
- return -1;
- return l/4*3;
- case 1:
- if(l%4!=3)
- return -1;
- return (l+1)/4*3-1;
- case 2:
- if(l%4!=2)
- return -1;
- return (l+2)/4*3-2;
- default:
- return -1;
- }
-}
-
-/*
- |543210543210543210543210|
- |765432107654321076543210|
-
- . . . .
- |54321054|32105432|10543210|
- |76543210|76543210|76543210|
-
-*/
-
-int base64dec(void* dest, char* b64str, uint8_t strict){
- uint8_t buffer[4];
- uint8_t idx=0;
- uint8_t term=0;
- for(;;){
-// cli_putstr_P(PSTR("\r\n DBG: got 0x"));
-// cli_hexdump(b64str, 1);
- buffer[idx]= ascii2bit6(*b64str);
-// cli_putstr_P(PSTR(" --> 0x"));
-// cli_hexdump(buffer+idx, 1);
-
- if(buffer[idx]==0xFF){
- if(*b64str=='='){
- term++;
- b64str++;
- if(term==2)
- goto finalize; /* definitly the end */
- }else{
- if(*b64str == '\0'){
- goto finalize; /* definitly the end */
- }else{
- if(*b64str == '\r' || *b64str == '\n' || !(strict)){
- b64str++; /* charcters that we simply ignore */
- }else{
- return -1;
- }
- }
- }
- }else{
- if(term)
- return -1; /* this happens if we get a '=' in the stream */
- idx++;
- b64str++;
- }
- if(idx==4){
- ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4;
- ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2;
- ((uint8_t*)dest)[2] = buffer[2]<<6 | buffer[3];
- dest = (uint8_t*)dest +3;
- idx=0;
- }
- }
- finalize:
- /* the final touch */
- if(idx==0)
- return 0;
- if(term==1){
- ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4;
- ((uint8_t*)dest)[1] = buffer[1]<<4 | buffer[2]>>2;
- return 0;
- }
- if(term==2){
- ((uint8_t*)dest)[0] = buffer[0]<<2 | buffer[1]>>4;
- return 0;
- }
- return -1;
-}
+++ /dev/null
-/* base64_dec.h */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#ifndef BASE64_DEC_H_
-#define BASE64_DEC_H_
-
-#include <stdint.h>
-
-int base64_binlength(char* str, uint8_t strict);
-int base64dec(void* dest, char* b64str, uint8_t strict);
-
-#endif /*BASE64_DEC_H_*/
+++ /dev/null
-/* base64_enc.c */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-/**
- * base64 encoder (RFC3548)
- * Author: Daniel Otte
- * License: GPLv3
- *
- *
- */
-
-#include <stdint.h>
-#include "base64_enc.h"
-
-#if 1
-#include <avr/pgmspace.h>
-
-char base64_alphabet[64] PROGMEM = {
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
- 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
- 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
- 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
- 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
- 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
- 'w', 'x', 'y', 'z', '0', '1', '2', '3',
- '4', '5', '6', '7', '8', '9', '+', '/' };
-
-static
-char bit6toAscii(uint8_t a){
- a &= (uint8_t)0x3F;
- return pgm_read_byte(base64_alphabet+a);
-}
-
-#else
-
-static
-char bit6toAscii(uint8_t a){
- a &= (uint8_t)0x3F;
-
- if(a<=25){
- return a+'A';
- } else {
- if(a<=51){
- return a-26+'a';
- } else {
- if(a<=61){
- return a-52+'0';
- } else {
- if(a==62){
- return '+';
- } else {
- return '/'; /* a == 63 */
- }
- }
- }
- }
-}
-
-#endif
-
-void base64enc(char* dest, void* src, uint16_t length){
- uint16_t i,j;
- uint8_t a[4];
- for(i=0; i<length/3; ++i){
- a[0]= (((uint8_t*)src)[i*3+0])>>2;
- a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F;
- a[2]= (((((uint8_t*)src)[i*3+1])<<2) | ((((uint8_t*)src)[i*3+2])>>6)) & 0x3F;
- a[3]= (((uint8_t*)src)[i*3+2]) & 0x3F;
- for(j=0; j<4; ++j){
- *dest++=bit6toAscii(a[j]);
- }
- }
- /* now we do the rest */
- switch(length%3){
- case 0:
- break;
- case 1:
- a[0]=(((uint8_t*)src)[i*3+0])>>2;
- a[1]=((((uint8_t*)src)[i*3+0])<<4)&0x3F;
- *dest++ = bit6toAscii(a[0]);
- *dest++ = bit6toAscii(a[1]);
- *dest++ = '=';
- *dest++ = '=';
- break;
- case 2:
- a[0]= (((uint8_t*)src)[i*3+0])>>2;
- a[1]= (((((uint8_t*)src)[i*3+0])<<4) | ((((uint8_t*)src)[i*3+1])>>4)) & 0x3F;
- a[2]= ((((uint8_t*)src)[i*3+1])<<2) & 0x3F;
- *dest++ = bit6toAscii(a[0]);
- *dest++ = bit6toAscii(a[1]);
- *dest++ = bit6toAscii(a[2]);
- *dest++ = '=';
- break;
- default: /* this will not happen! */
- break;
- }
-/* finalize: */
- *dest='\0';
-}
-
+++ /dev/null
-/* base64_enc.h */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#ifndef BASE64_ENC_H_
-#define BASE64_ENC_H_
-
-#include <stdint.h>
-
-void base64enc(char* dest, void* src, uint16_t length);
-
-#endif /*BASE64_ENC_H_*/
#include <stdint.h>
#include <string.h>
#include "config.h"
-#include "md5.h"
+#include "md5/md5.h"
#include "hmac-md5.h"
#define IPAD 0x36
#ifndef HMACMD5_H_
#define HMACMD5_H_
-#include "md5.h"
+#include "md5/md5.h"
#define HMAC_MD5_BITS MD5_HASH_BITS
#define HMAC_MD5_BYTES MD5_HASH_BYTES
+++ /dev/null
-/* md5-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- * License: GPLv3 or later
- * Date: 2008-11-15
-*/
-
-
-#include "avr-asm-macros.S"
-
-;###########################################################
-; S-BOX
-
-T_table:
-.hword 0xa478, 0xd76a, 0xb756, 0xe8c7, 0x70db, 0x2420, 0xceee, 0xc1bd, 0x0faf, 0xf57c
-.hword 0xc62a, 0x4787, 0x4613, 0xa830, 0x9501, 0xfd46, 0x98d8, 0x6980, 0xf7af, 0x8b44
-.hword 0x5bb1, 0xffff, 0xd7be, 0x895c, 0x1122, 0x6b90, 0x7193, 0xfd98, 0x438e, 0xa679
-.hword 0x0821, 0x49b4, 0x2562, 0xf61e, 0xb340, 0xc040, 0x5a51, 0x265e, 0xc7aa, 0xe9b6
-.hword 0x105d, 0xd62f, 0x1453, 0x0244, 0xe681, 0xd8a1, 0xfbc8, 0xe7d3, 0xcde6, 0x21e1
-.hword 0x07d6, 0xc337, 0x0d87, 0xf4d5, 0x14ed, 0x455a, 0xe905, 0xa9e3, 0xa3f8, 0xfcef
-.hword 0x02d9, 0x676f, 0x4c8a, 0x8d2a, 0x3942, 0xfffa, 0xf681, 0x8771, 0x6122, 0x6d9d
-.hword 0x380c, 0xfde5, 0xea44, 0xa4be, 0xcfa9, 0x4bde, 0x4b60, 0xf6bb, 0xbc70, 0xbebf
-.hword 0x7ec6, 0x289b, 0x27fa, 0xeaa1, 0x3085, 0xd4ef, 0x1d05, 0x0488, 0xd039, 0xd9d4
-.hword 0x99e5, 0xe6db, 0x7cf8, 0x1fa2, 0x5665, 0xc4ac, 0x2244, 0xf429, 0xff97, 0x432a
-.hword 0x23a7, 0xab94, 0xa039, 0xfc93, 0x59c3, 0x655b, 0xcc92, 0x8f0c, 0xf47d, 0xffef
-.hword 0x5dd1, 0x8584, 0x7e4f, 0x6fa8, 0xe6e0, 0xfe2c, 0x4314, 0xa301, 0x11a1, 0x4e08
-.hword 0x7e82, 0xf753, 0xf235, 0xbd3a, 0xd2bb, 0x2ad7, 0xd391, 0xeb86
-
-
-#define MD5_init_fast
-
-.global md5_init
-#ifndef MD5_init_fast
-;###########################################################
-;void md5_init(md5_ctx_t *state)
-; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram
-; modifys: Z(r30,r31), X(r25,r26)
-; size = 9+5*4 WORDS = 29 WORDS = 58 Bytes
-md5_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8(md5_init_vector)
- ldi r31, hi8(md5_init_vector)
- ldi r24, 16+4
-md5_init_vloop:
- lpm r0, Z+
- st X+, r0
- dec r24
- brne md5_init_vloop
- ret
-
-md5_init_vector:
-.hword 0x2301, 0x6745
-.hword 0xAB89, 0xEFCD
-.hword 0xDCFE, 0x98BA
-.hword 0x5476, 0x1032
-.hword 0x0000, 0x0000
-
-#else
-;###########################################################
-.global md5_init_fast
-;void md5_init(md5_ctx_t *state)
-; param1: (r24,r25) 16-bit pointer to sha256_ctx_t struct in ram
-; modifys: r23, r22
-; cycles = 1+16*3+4*2+4 = 1+48+12 = 61
-; size = 1+16*2+4+1 WORDS = 38 WORDS = 76 Bytes
-md5_init:
-md5_init_fast:
- movw r26, r24
- ldi r24, 0x01
- st X+, r24
- ldi r24, 0x23
- st X+, r24
- ldi r24, 0x45
- st X+, r24
- ldi r24, 0x67
- st X+, r24
- ldi r24, 0x89
- st X+, r24
- ldi r24, 0xAB
- st X+, r24
- ldi r24, 0xCD
- st X+, r24
- ldi r24, 0xEF
- st X+, r24
- ldi r24, 0xFE
- st X+, r24
- ldi r24, 0xDC
- st X+, r24
- ldi r24, 0xBA
- st X+, r24
- ldi r24, 0x98
- st X+, r24
- ldi r24, 0x76
- st X+, r24
- ldi r24, 0x54
- st X+, r24
- ldi r24, 0x32
- st X+, r24
- ldi r24, 0x10
- st X+, r24
- st X+, r1
- st X+, r1
- st X+, r1
- st X+, r1
- ret
-#endif
-;###########################################################
-
-/*
-static
-uint32_t md5_F(uint32_t x, uint32_t y, uint32_t z){
- return ((x&y)|((~x)&z));
-}
-*/
-; x: r22-r25
-; y: r18-r21
-; z: r14-r17
-md5_F:
- and r18, r22
- and r19, r23
- and r20, r24
- and r21, r25
- com r22
- com r23
- com r24
- com r25
- and r22, r14
- and r23, r15
- and r24, r16
- and r25, r17
- or r22, r18
- or r23, r19
- or r24, r20
- or r25, r21
- rjmp md5_core_F_exit
-
-/*
-static
-uint32_t md5_G(uint32_t x, uint32_t y, uint32_t z){
- return ((x&z)|((~z)&y));
-}
-*/
-
-; x: r22-r25
-; y: r18-r21
-; z: r14-r17
-md5_G:
- and r22, r14
- and r23, r15
- and r24, r16
- and r25, r17
- com r14
- com r15
- com r16
- com r17
- and r18, r14
- and r19, r15
- and r20, r16
- and r21, r17
- or r22, r18
- or r23, r19
- or r24, r20
- or r25, r21
- rjmp md5_core_F_exit
-/*
-static
-uint32_t md5_H(uint32_t x, uint32_t y, uint32_t z){
- return (x^y^z);
-}
-*/
-; x: r22-r25
-; y: r18-r21
-; z: r14-r17
-md5_H:
- eor r22, r18
- eor r22, r14
- eor r23, r19
- eor r23, r15
- eor r24, r20
- eor r24, r16
- eor r25, r21
- eor r25, r17
- rjmp md5_core_F_exit
-/*
-static
-uint32_t md5_I(uint32_t x, uint32_t y, uint32_t z){
- return (y ^ (x | (~z)));
-}
-*/
-
-jump_table:
- rjmp md5_F
- rjmp md5_G
- rjmp md5_H
-; rjmp md5_I
-
-; x: r22-r25
-; y: r18-r21
-; z: r14-r17
-md5_I:
- com r14
- com r15
- com r16
- com r17
- or r22, r14
- or r23, r15
- or r24, r16
- or r25, r17
- eor r22, r18
- eor r23, r19
- eor r24, r20
- eor r25, r21
- rjmp md5_core_F_exit
-
-as_table:
-; (as+0)&3 (as+3)&3 (as+1)&3 (as+2)&3
-; Z X Y
-; AS_SAVE0 AS_SAVE1 AS_SAVE2 AS_SAVE3
-.byte 1*4, 0*4, 2*4, 3*4 ;as=1
-.byte 2*4, 1*4, 3*4, 0*4 ;as=2
-.byte 3*4, 2*4, 0*4, 1*4 ;as=3
-.byte 0*4, 3*4, 1*4, 2*4 ;as=4
-
-;###########################################################
-.global md5_core
-md5_core:
- mov r21, r20
- mov r20, r18
- mov r19, r16
- mov r18, r14
-; rjmp md5_core_asm
-/*
-void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_t fi){
- uint32_t t;
- md5_func_t* funcs[]={md5_F, md5_G, md5_H, md5_I};
- as &= 0x3;
- / * a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). * /
- t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3]) + *((uint32_t*)block) + md5_T[i] ;
- a[as]=a[(as+1)&3] + ROTL32(t, s);
-}
-*/
-; a: r24-r25
-; block: r22-r23
-; as: r21
-; s: r20
-; i: r19
-; fi: r18
-P_A0 = 24
-P_A1 = 25
-P_B0 = 22
-P_B1 = 23
-P_AS = 21
-P_S = 20
-P_I = 19
-P_FI = 18
-
-; x: r22-r25
-; y: r18-r21
-; z: r14-r17
-
-
-AS_SAVE0 = 4
-AS_SAVE1 = 5
-AS_SAVE2 = 6
-AS_SAVE3 = 7
-FI_SAVE = 8
-S_SAVE = 9
-ACCU0 = 10
-ACCU1 = 11
-ACCU2 = 12
-ACCU3 = 13
-ARG_X0 = 22
-ARG_X1 = 23
-ARG_X2 = 24
-ARG_X3 = 25
-ARG_Y0 = 18
-ARG_Y1 = 19
-ARG_Y2 = 20
-ARG_Y3 = 21
-ARG_Z0 = 14
-ARG_Z1 = 15
-ARG_Z2 = 16
-ARG_Z3 = 17
-
-
-md5_core_asm:
- push r16
- push r17
- push_range 4, 8
- ldi r30, lo8(T_table)
- ldi r31, hi8(T_table)
- lsl P_I
- rol r1
- lsl P_I
- rol r1
- add r30, P_I
- adc r31, r1
- clr r1
- mov FI_SAVE, r18
- /* loading T[i] into ACCU */
- lpm ACCU0, Z+
- lpm ACCU1, Z+
- lpm ACCU2, Z+
- lpm ACCU3, Z
- /* add *block to ACCU */
- movw r30, P_B0
- ld r0, Z+
- add ACCU0, r0
- ld r0, Z+
- adc ACCU1, r0
- ld r0, Z+
- adc ACCU2, r0
- ld r0, Z+
- adc ACCU3, r0
- /* add a[as+0&3] to ACCU */
- ldi r30, lo8(as_table)
- ldi r31, hi8(as_table)
- dec P_AS
- andi P_AS, 0x03
- lsl P_AS
- lsl P_AS
- add r30, r21
- adc r31, r1 ; Z points to the correct row in as_table
- lpm AS_SAVE0, Z+
- lpm AS_SAVE1, Z+
- lpm AS_SAVE2, Z+
- lpm AS_SAVE3, Z
- movw r26, r24 ; X points to a[0]
- add r26, AS_SAVE0
- adc r27, r1 ; X points at a[as&3]
- ld r0, X+
- add ACCU0, r0
- ld r0, X+
- adc ACCU1, r0
- ld r0, X+
- adc ACCU2, r0
- ld r0, X+
- adc ACCU3, r0
- mov S_SAVE, r20
-
- movw r28, r24
- /* loading z value */
- movw r26, r28
- add r26, AS_SAVE1
- adc r27, r1
- ld ARG_Z0, X+
- ld ARG_Z1, X+
- ld ARG_Z2, X+
- ld ARG_Z3, X
-
- /* loading x value */
- movw r26, r28
- add r26, AS_SAVE2
- adc r27, r1
- ld ARG_X0, X+
- ld ARG_X1, X+
- ld ARG_X2, X+
- ld ARG_X3, X
-
- /* loading y value */
- movw r26, r28
- add r26, AS_SAVE3
- adc r27, r1
- ldi r30, pm_lo8(jump_table)
- ldi r31, pm_hi8(jump_table)
- add r30, FI_SAVE
- adc r31, r1 ; Z points to the correct entry in our jump table
- ld ARG_Y0, X+
- ld ARG_Y1, X+
- ld ARG_Y2, X+
- ld ARG_Y3, X
-
- ijmp /* calls the function pointed by Z */
-md5_core_F_exit:
-
- /* add ACCU to result of f() */
- add r22, ACCU0
- adc r23, ACCU1
- adc r24, ACCU2
- adc r25, ACCU3
-
- /* rotate */
- mov r20, S_SAVE
-rotl32:
- cpi r20, 8
- brlo bitrotl
- mov r21, r25
- mov r25, r24
- mov r24, r23
- mov r23, r22
- mov r22, r21
- subi r20, 8
- rjmp rotl32
-bitrotl:
- mov r21, r25
-bitrotl_loop:
- tst r20
- breq fixrotl
-bitrotl_loop2:
- lsl r21
- rol r22
- rol r23
- rol r24
- rol r25
- dec r20
- brne bitrotl_loop2
-fixrotl:
-
- /* add a[(as+1)&3] */
- movw r26, r28
- add r26, AS_SAVE2
- adc r27, r1
- ld r0, X+
- add r22, r0
- ld r0, X+
- adc r23, r0
- ld r0, X+
- adc r24, r0
- ld r0, X
- adc r25, r0
-
- /* store result */
- movw r26, r28
- add r26, AS_SAVE0
- adc r27, r1
- st X+, r22
- st X+, r23
- st X+, r24
- st X , r25
-md5_core_exit:
- pop_range 4, 8
- pop r17
- pop r16
- ret
-
-;###################################################################
-/*
-void md5_nextBlock(md5_ctx_t *state, void* block){
- uint32_t a[4];
- uint8_t m,n,i=0;
-
- a[0]=state->a[0];
- a[1]=state->a[1];
- a[2]=state->a[2];
- a[3]=state->a[3];
-
- / * round 1 * /
- uint8_t s1t[]={7,12,17,22}; // 1,-1 1,4 2,-1 3,-2
- for(m=0;m<4;++m){
- for(n=0;n<4;++n){
- md5_core(a, &(((uint32_t*)block)[m*4+n]), 4-n, s1t[n],i++,0);
- }
- }
- / * round 2 * /
- uint8_t s2t[]={5,9,14,20}; // 1,-3 1,1 2,-2 2,4
- for(m=0;m<4;++m){
- for(n=0;n<4;++n){
- md5_core(a, &(((uint32_t*)block)[(1+m*4+n*5)&0xf]), 4-n, s2t[n],i++,1);
- }
- }
- / * round 3 * /
- uint8_t s3t[]={4,11,16,23}; // 0,4 1,3 2,0 3,-1
- for(m=0;m<4;++m){
- for(n=0;n<4;++n){
- md5_core(a, &(((uint32_t*)block)[(5-m*4+n*3)&0xf]), 4-n, s3t[n],i++,2);
- }
- }
- / * round 4 * /
- uint8_t s4t[]={6,10,15,21}; // 1,-2 1,2 2,-1 3,-3
- for(m=0;m<4;++m){
- for(n=0;n<4;++n){
- md5_core(a, &(((uint32_t*)block)[(0-m*4+n*7)&0xf]), 4-n, s4t[n],i++,3);
- }
- }
- state->a[0] += a[0];
- state->a[1] += a[1];
- state->a[2] += a[2];
- state->a[3] += a[3];
- state->counter++;
-}
-*/
-
-shift_table_1: .byte 7,12,17,22
-shift_table_2: .byte 5, 9,14,20
-shift_table_3: .byte 4,11,16,23
-shift_table_4: .byte 6,10,15,21
-
-index_table_r2:
-;(1+m*4+n*5)&0xf:
- .byte 0x04, 0x18, 0x2c, 0x00
- .byte 0x14, 0x28, 0x3c, 0x10
- .byte 0x24, 0x38, 0x0c, 0x20
- .byte 0x34, 0x08, 0x1c, 0x30
-
-index_table_r3:
-;(5-m*4+n*3)&0xf:
- .byte 0x14, 0x20, 0x2c, 0x38
- .byte 0x04, 0x10, 0x1c, 0x28
- .byte 0x34, 0x00, 0x0c, 0x18
- .byte 0x24, 0x30, 0x3c, 0x08
-
-index_table_r4:
-;(0-m*4+n*7)&0xf:
- .byte 0x00, 0x1c, 0x38, 0x14
- .byte 0x30, 0x0c, 0x28, 0x04
- .byte 0x20, 0x3c, 0x18, 0x34
- .byte 0x10, 0x2c, 0x08, 0x24
-
-APTR_REG = 2
-BPTR_REG = 4
-N_REG = 6
-M_REG = 7
-I_REG = 8
-.global md5_nextBlock
-md5_nextBlock:
- stack_alloc 16
- push_range 2, 17
- push r28
- push r29
- push r24
- push r25
- adiw r30, 1 /* Z now points to the beginning of the allocated memory */
- movw r2, r30
- movw r4, r22
- movw r26, r24
- ldi r20, 16
-1:
- ld r0, X+
- st Z+, r0
- dec r20
- brne 1b
- /* state now copied to stack memory */
- clr I_REG
- /* Round 1 */
- clr M_REG
- ldi r17, 4
-1:
- clr N_REG
- ldi r16, 4
-2:
- movw r24, APTR_REG
- movw r22, BPTR_REG
- mov r0, M_REG
- lsl r0
- lsl r0
- add r0, N_REG
- lsl r0
- lsl r0
- add r22, r0
- adc r23, r1
- mov r21, r16
- ldi r30, lo8(shift_table_1)
- ldi r31, hi8(shift_table_1)
- add r30, N_REG
- adc r31, r1
- lpm r20, Z
- mov r19, I_REG
- ldi r18, 0
- rcall md5_core_asm
- inc I_REG
- inc N_REG
- dec r16
- brne 2b
- inc M_REG
- dec r17
- brne 1b
-
- /* Round 2 */
- clr M_REG
- ldi r17, 4
-1:
- clr N_REG
- ldi r16, 4
-2:
- movw r24, APTR_REG
- movw r22, BPTR_REG
- ldi r30, lo8(index_table_r2)
- ldi r31, hi8(index_table_r2)
- mov r0, M_REG
- lsl r0
- lsl r0
- add r0, N_REG
- add r30, r0
- adc r31, r1
- lpm r0, Z
- add r22, r0
- adc r23, r1
- mov r21, r16
- ldi r30, lo8(shift_table_2)
- ldi r31, hi8(shift_table_2)
- add r30, N_REG
- adc r31, r1
- lpm r20, Z
- mov r19, I_REG
- ldi r18, 1
- rcall md5_core_asm
- inc I_REG
- inc N_REG
- dec r16
- brne 2b
- inc M_REG
- dec r17
- brne 1b
-
- /* Round 3 */
- clr M_REG
- ldi r17, 4
-1:
- clr N_REG
- ldi r16, 4
-2:
- movw r24, APTR_REG
- movw r22, BPTR_REG
- ldi r30, lo8(index_table_r3)
- ldi r31, hi8(index_table_r3)
- mov r0, M_REG
- lsl r0
- lsl r0
- add r0, N_REG
- add r30, r0
- adc r31, r1
- lpm r0, Z
- add r22, r0
- adc r23, r1
- mov r21, r16
- ldi r30, lo8(shift_table_3)
- ldi r31, hi8(shift_table_3)
- add r30, N_REG
- adc r31, r1
- lpm r20, Z
- mov r19, I_REG
- ldi r18, 2
- rcall md5_core_asm
- inc I_REG
- inc N_REG
- dec r16
- brne 2b
- inc M_REG
- dec r17
- brne 1b
-
- /* Round 4 */
- clr M_REG
- ldi r17, 4
-1:
- clr N_REG
- ldi r16, 4
-2:
- movw r24, APTR_REG
- movw r22, BPTR_REG
- ldi r30, lo8(index_table_r4)
- ldi r31, hi8(index_table_r4)
- mov r0, M_REG
- lsl r0
- lsl r0
- add r0, N_REG
- add r30, r0
- adc r31, r1
- lpm r0, Z
- add r22, r0
- adc r23, r1
- mov r21, r16
- ldi r30, lo8(shift_table_4)
- ldi r31, hi8(shift_table_4)
- add r30, N_REG
- adc r31, r1
- lpm r20, Z
- mov r19, I_REG
- ldi r18, 3
- rcall md5_core_asm
- inc I_REG
- inc N_REG
- dec r16
- brne 2b
- inc M_REG
- dec r17
- brne 1b
-
-
- pop r27
- pop r26 /* X now points to the context */
- movw r30, APTR_REG
- ldi r16, 4
-1:
- ld r0, X
- ld r2, Z+
- add r0, r2
- st X+, r0
- ld r0, X
- ld r2, Z+
- adc r0, r2
- st X+, r0
- ld r0, X
- ld r2, Z+
- adc r0, r2
- st X+, r0
- ld r0, X
- ld r2, Z+
- adc r0, r2
- st X+, r0
- dec r16
- brne 1b
-
- ld r0, X
- inc r0
- st X+, r0
- brne 2f
- ld r0, X
- inc r0
- st X+, r0
- brne 2f
- ld r0, X
- inc r0
- st X+, r0
- brne 2f
- ld r0, X
- inc r0
- st X+, r0
-2:
-
- pop r29
- pop r28
- pop_range 2, 17
- stack_free 16
- ret
-
-;###############################################################################
-/*
-void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){
- uint16_t l;
- uint8_t b[64];
- while (length_b >= 512){
- md5_nextBlock(state, block);
- length_b -= 512;
- block = ((uint8_t*)block) + 512/8;
- }
- memset(b, 0, 64);
- memcpy(b, block, length_b/8);
- / * insert padding one * /
- l=length_b/8;
- if(length_b%8){
- uint8_t t;
- t = ((uint8_t*)block)[l];
- t |= (0x80>>(length_b%8));
- b[l]=t;
- }else{
- b[l]=0x80;
- }
- / * insert length value * /
- if(l+sizeof(uint64_t) >= 512/8){
- md5_nextBlock(state, b);
- state->counter--;
- memset(b, 0, 64-8);
- }
- *((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b;
- md5_nextBlock(state, b);
-}
-*/
-; state_ptr : r24,r25
-; block_ptr : r22,r23
-; length_b : r20,r21
-.global md5_lastBlock
-md5_lastBlock:
- stack_alloc_large 64
- push_range 12, 17
- push r30
- push r31
- movw r16, r20 /* length_b */
- movw r14, r22 /* block_ptr */
- movw r12, r24 /* state_ptr */
- ldi r18, 64
-2:
- cpi r17, 2 /* hi8(512) */
- brlo 2f
-1:
- movw r24, r12
- movw r22, r14
- rcall md5_nextBlock
- add r14, r18
- adc r15, r1
- subi r17, 2
- rjmp 2b
-2:
- pop r31
- pop r30
-
- adiw r30, 1 /* adjust Z to point to buffer */
- movw r26, r14
- movw r24, r16
- adiw r24, 7
-
- lsr r25
- ror r24
- lsr r25
- ror r24
- lsr r24 /* r24 now holds how many bytes are to copy */
- ldi r18, 64
- sub r18, r24 /* r18 will hold the amount of used bytes in buffer */
- tst r24
-4:
- breq 5f
- ld r0, X+
- st Z+, r0
- dec r24
- rjmp 4b /* Z points to the byte after msg in buffer */
-5: /* append 1-bit */
- mov r20, r16
- ldi r19, 0x80
- andi r20, 0x07
- brne bit_fucking
- st Z+, r19
- dec r18 /* 'allocate' another byte in buffer */
- rjmp after_bit_fucking
-bit_fucking:
-1:
- lsr r19
- dec r20
- brne 1b
- or r0, r19
- st -Z, r0
- adiw r30, 1
-after_bit_fucking:
- clt
- cpi r18, 8
- brmi 2f
- set /* store in t if the counter will also fit in this block (1 if fit)*/
-2:
- tst r18
- breq 2f
-1: /* fill remaning buffer with zeros */
- st Z+, r1
- dec r18
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r14, r30 /* r14:r15 now points to buffer */
- brts load_counter
- /* counter does not fit, finalize this block */
- movw r24, r12
- movw r22, r14
- rcall md5_nextBlock
- movw r30, r14
- ldi r20, 64-8
-3:
- st Z+, r1
- dec r20
- brne 3b
-
-load_counter:
- movw r26, r12 /* X points to state */
- adiw r26, 16
- ld r19, X+
- ld r20, X+
- ld r21, X+
- ld r22, X+
- brts post_counter_decrement /* do not decremen because counter fits */
-counter_decrement:
- subi r19, 1
- sbci r20, 0
- sbci r21, 0
- sbci r22, 0
-post_counter_decrement:
- clr r18
- clr r23
- lsl r19
- rol r20
- rol r21
- rol r22
- rol r23
- mov r18, r16 /* r16:r17 length_b */
- add r19, r17
- adc r20, r1
- adc r21, r1
- adc r22, r1
- adc r23, r1
- movw r30, r14
- adiw r30, 64-8
- st Z+, r18
- st Z+, r19
- st Z+, r20
- st Z+, r21
- st Z+, r22
- st Z+, r23
- st Z+, r1
- st Z, r1
-
- sbiw r30, 63
-; sbiw r30, 1
- movw r24, r12
- movw r22, r30
- rcall md5_nextBlock
-md5_lastBlock_exit:
- pop_range 12, 17
- stack_free_large 64
- ret
-
-
-;###############################################################################
-
-
-.global md5_ctx2hash
-md5_ctx2hash:
- movw r26, r24
- movw r30, r22
- ldi r22, 16
-1:
- ld r0, Z+
- st X+, r0
- dec r22
- brne 1b
- ret
-
-
-;###############################################################################
-
-
-.global md5
-md5:
- stack_alloc 20
- push_range 8, 17
- adiw r30, 1
- movw r8, r30 /* ctx */
- movw r10, r24 /* dest */
- movw r12, r22 /* msg */
- movw r14, r18 /* length (low) */
- movw r16, r20 /* length (high) */
- movw r24, r30
- rcall md5_init
-1:
- tst r16
- brne next_round
- tst r17
- breq last_round
-next_round:
- movw r24, r8
- movw r22, r12
- rcall md5_nextBlock
- ldi r22, 64
- add r12, r22
- adc r13, r1
- ldi r22, 2
- sub r15, r22
- sbci r16, 0
- sbci r17, 0
- rjmp 1b
-last_round:
- movw r24, r8
- movw r22, r12
- movw r20, r14
- rcall md5_lastBlock
- movw r24, r10
- movw r22, r8
- rcall md5_ctx2hash
- pop_range 8, 17
- stack_free 20
- ret
-
-
-
+++ /dev/null
-/* md5.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * File: md5.h
- * Author: Daniel Otte
- * Date: 31.07.2006
- * License: GPL
- * Description: Implementation of the MD5 hash algorithm as described in RFC 1321
- *
- */
-
-
-#ifndef MD5_H_
-#define MD5_H_
-
-#include <stdint.h>
-
-
-#define MD5_HASH_BITS 128
-#define MD5_HASH_BYTES (MD5_HASH_BITS/8)
-#define MD5_BLOCK_BITS 512
-#define MD5_BLOCK_BYTES (MD5_BLOCK_BITS/8)
-
-
-typedef struct md5_ctx_st {
- uint32_t a[4];
- uint32_t counter;
-} md5_ctx_t;
-
-typedef uint8_t md5_hash_t[MD5_HASH_BYTES];
-
-
-void md5_init(md5_ctx_t *s);
-void md5_nextBlock(md5_ctx_t *state, const void* block);
-void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length);
-void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state);
-void md5(md5_hash_t* dest, const void* msg, uint32_t length_b);
-
-#endif /*MD5_H_*/
#include <stdint.h>
#include <string.h>
#include "config.h"
-#include "sha1.h"
+#include "sha1/sha1.h"
#include "hmac-sha1.h"
#define IPAD 0x36
#ifndef HMACSHA1_H_
#define HMACSHA1_H_
-#include "sha1.h"
+#include "sha1/sha1.h"
#define HMAC_SHA1_BITS SHA1_HASH_BITS
#define HMAC_SHA1_BYTES SHA1_HASH_BYTES
+++ /dev/null
-/* sha1-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; SHA1 implementation in assembler for AVR
-SHA1_BLOCK_BITS = 512
-SHA1_HASH_BITS = 160
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-.macro delay
-/*
- push r0
- push r1
- clr r0
-1: clr r1
-2: dec r1
- brne 2b
- dec r0
- brne 1b
- pop r1
- pop r0 // */
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
-/*
- precall
- hexdump \length
- postcall
- // */
-.endm
-
-
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha1_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha1_ctx2hash
-; === sha1_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha1_ctx structure
-; given in r23,r22
-sha1_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 5
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha1
-; === sha1 ===
-; this function calculates SHA-1 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha1:
-sha1_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r16, SPL
- in r17, SPH
- subi r16, 5*4+8
- sbci r17, 0
- in r0, SREG
- cli
- out SPL, r16
- out SPH, r17
- out SREG, r0
-
- push r25
- push r24
- inc r16
- adc r17, r1
-
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha1_init
- /* if length >= 512 */
-1:
- tst r11
- brne 4f
- tst r10
- brne 4f
- mov r19, r9
- cpi r19, 0x02
- brlo 4f
-
- movw r24, r16
- movw r22, r12
- rcall sha1_nextBlock
- ldi r19, 0x64
- add r22, r19
- adc r23, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha1_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha1_ctx2hash
-
-sha1_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 5*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SPH, r31
- out SREG, r0
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha1_lastBlock
-; === sha1_lastBlock ===
-; this function does padding & Co. for calculating SHA-1 hashes
-; param1: the 16-bit pointer to sha1_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha1_lastBlock_localSpace = (SHA1_BLOCK_BITS/8+1)
-
-
-sha1_lastBlock:
- cpi r21, 0x02
- brlo sha1_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha1_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 2
- subi r23, -2
- rjmp sha1_lastBlock
-sha1_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r1, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64) /* ??? */
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha1_lastBlock_post_copy
- mov r1, r18
-sha1_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha1_lastBlock_copy_loop
-sha1_lastBlock_post_copy:
-sha1_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha1_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha1_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*5+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha1_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha1_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha1_lastBlock_epilog
-sha1_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 5*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha1_nextBlock
-
-sha1_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r1, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
- clr r1
- clr r0
- ret
-
-/**/
-;###########################################################
-
-.global sha1_nextBlock
-; === sha1_nextBlock ===
-; this is the core function for calculating SHA-1 hashes
-; param1: the 16-bit pointer to sha1_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha1_nextBlock_localSpace = (16+5+1)*4 ; 16 32-bit values for w array and 5 32-bit values for a array (total 84 byte)
-
-xtmp = 0
-xNULL = 1
-W1 = 10
-W2 = 11
-T1 = 12
-T2 = 13
-T3 = 14
-T4 = 15
-LoopC = 16
-S = 17
-tmp1 = 18
-tmp2 = 19
-tmp3 = 20
-tmp4 = 21
-F1 = 22
-F2 = 23
-F3 = 24
-F4 = 25
-
-/* byteorder: high number <--> high significance */
-sha1_nextBlock:
- ; initial, let's make some space ready for local vars
- /* replace push & pop by mem ops? */
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack /* maybe removeable? */
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha1_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha1_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- push r18
- push r19 /* push old SP on new stack */
- push r24
- push r25 /* param1 will be needed later */
-
- /* load a[] with state */
- movw 28, r24 /* load pointer to state in Y */
- adiw r26, 1 ; X++
-
- ldi LoopC, 5*4
-1: ld tmp1, Y+
- st X+, tmp1
- dec LoopC
- brne 1b
-
- movw W1, r26 /* save pointer to w[0] */
- /* load w[] with endian fixed message */
- /* we might also use the changeendian32() function at bottom */
- movw r30, r22 /* mv param2 (ponter to msg) to Z */
- ldi LoopC, 16
-1:
- ldd tmp1, Z+3
- st X+, tmp1
- ldd tmp1, Z+2
- st X+, tmp1
- ldd tmp1, Z+1
- st X+, tmp1
- ld tmp1, Z
- st X+, tmp1
- adiw r30, 4
- dec LoopC
- brne 1b
-
- ;clr LoopC /* LoopC is named t in FIPS 180-2 */
- clr xtmp
-sha1_nextBlock_mainloop:
- mov S, LoopC
- lsl S
- lsl S
- andi S, 0x3C /* S is a bytepointer so *4 */
- /* load w[s] */
- movw r26, W1
- add r26, S /* X points at w[s] */
- adc r27, xNULL
- ld T1, X+
- ld T2, X+
- ld T3, X+
- ld T4, X+
-
- /**/
- push r26
- push r27
- push T4
- push T3
- push T2
- push T1
- in r26, SPL
- in r27, SPH
- adiw r26, 1
- dbg_hexdump 4
- pop T1
- pop T2
- pop T3
- pop T4
- pop r27
- pop r26
- /**/
-
- cpi LoopC, 16
- brlt sha1_nextBlock_mainloop_core
- /* update w[s] */
- ldi tmp1, 2*4
- rcall 1f
- ldi tmp1, 8*4
- rcall 1f
- ldi tmp1, 13*4
- rcall 1f
- rjmp 2f
-1: /* this might be "outsourced" to save the jump above */
- add tmp1, S
- andi tmp1, 0x3f
- movw r26, W1
- add r26, tmp1
- adc r27, xNULL
- ld tmp2, X+
- eor T1, tmp2
- ld tmp2, X+
- eor T2, tmp2
- ld tmp2, X+
- eor T3, tmp2
- ld tmp2, X+
- eor T4, tmp2
- ret
-2: /* now we just hav to do a ROTL(T) and save T back */
- mov tmp2, T4
- rol tmp2
- rol T1
- rol T2
- rol T3
- rol T4
- movw r26, W1
- add r26, S
- adc r27, xNULL
- st X+, T1
- st X+, T2
- st X+, T3
- st X+, T4
-
-sha1_nextBlock_mainloop_core: /* ther core function; T=ROTL5(a) ....*/
- /* T already contains w[s] */
- movw r26, W1
- sbiw r26, 4*1 /* X points at a[4] aka e */
- ld tmp1, X+
- add T1, tmp1
- ld tmp1, X+
- adc T2, tmp1
- ld tmp1, X+
- adc T3, tmp1
- ld tmp1, X+
- adc T4, tmp1 /* T = w[s]+e */
- sbiw r26, 4*5 /* X points at a[0] aka a */
- ld F1, X+
- ld F2, X+
- ld F3, X+
- ld F4, X+
- mov tmp1, F4 /* X points at a[1] aka b */
- ldi tmp2, 5
-1:
- rol tmp1
- rol F1
- rol F2
- rol F3
- rol F4
- dec tmp2
- brne 1b
-
- add T1, F1
- adc T2, F2
- adc T3, F3
- adc T4, F4 /* T = ROTL(a,5) + e + w[s] */
-
- /* now we have to do this fucking conditional stuff */
- ldi r30, lo8(sha1_nextBlock_xTable)
- ldi r31, hi8(sha1_nextBlock_xTable)
- add r30, xtmp
- adc r31, xNULL
- lpm tmp1, Z
- cp tmp1, LoopC
- brne 1f
- inc xtmp
-1: ldi r30, lo8(sha1_nextBlock_KTable)
- ldi r31, hi8(sha1_nextBlock_KTable)
- lsl xtmp
- lsl xtmp
- add r30, xtmp
- adc r31, xNULL
- lsr xtmp
- lsr xtmp
-
- lpm tmp1, Z+
- add T1, tmp1
- lpm tmp1, Z+
- adc T2, tmp1
- lpm tmp1, Z+
- adc T3, tmp1
- lpm tmp1, Z+
- adc T4, tmp1
- /* T = ROTL(a,5) + e + kt + w[s] */
-
- /* Z-4 is just pointing to kt ... */
- movw r28, r26 /* copy X in Y */
- adiw r30, 3*4 /* now Z points to the rigth locatin in our jump-vector-table */
- lsr r31
- ror r30
-
- icall
- mov F1, tmp1
- icall
- mov F2, tmp1
- icall
- mov F3, tmp1
- icall
-
- add T1, F1
- adc T2, F2
- adc T3, F3
- adc T4, tmp1 /* T = ROTL5(a) + f_t(b,c,d) + e + k_t + w[s] */
- /* X points still at a[1] aka b, Y points at a[2] aka c */
- /* update a[] */
-sha1_nextBlock_update_a:
- /*first we move all vars in a[] "one up" e=d, d=c, c=b, b=a*/
- //adiw r28, 3*4 /* Y should point at a[4] aka e */
- movw r28, W1
- sbiw r28, 4
-
- ldi tmp2, 4*4
-1:
- ld tmp1, -Y
- std Y+4, tmp1
- dec tmp2
- brne 1b
- /* Y points at a[0] aka a*/
-
- movw r28, W1
- sbiw r28, 5*4
- /* store T in a[0] aka a */
- st Y+, T1
- st Y+, T2
- st Y+, T3
- st Y+, T4
- /* Y points at a[1] aka b*/
-
- /* rotate c */
- ldd T1, Y+1*4
- ldd T2, Y+1*4+1
- ldd T3, Y+1*4+2
- ldd T4, Y+1*4+3
- mov tmp1, T1
- ldi tmp2, 2
-1: ror tmp1
- ror T4
- ror T3
- ror T2
- ror T1
- dec tmp2
- brne 1b
- std Y+1*4+0, T1
- std Y+1*4+1, T2
- std Y+1*4+2, T3
- std Y+1*4+3, T4
-
- push r27
- push r26
- movw r26, W1
- sbiw r26, 4*5
- dbg_hexdump 4*5
- pop r26
- pop r27
-
- inc LoopC
- cpi LoopC, 80
- brge 1f
- rjmp sha1_nextBlock_mainloop
-/**************************************/
-1:
- /* littel patch */
- sbiw r28, 4
-
-/* add a[] to state and inc length */
- pop r27
- pop r26 /* now X points to state (and Y still at a[0]) */
- ldi tmp4, 5
-1: clc
- ldi tmp3, 4
-2: ld tmp1, X
- ld tmp2, Y+
- adc tmp1, tmp2
- st X+, tmp1
- dec tmp3
- brne 2b
- dec tmp4
- brne 1b
-
- /* now length += 512 */
- adiw r26, 1 /* we skip the least significant byte */
- ld tmp1, X
- ldi tmp2, hi8(512) /* 2 */
- add tmp1, tmp2
- st X+, tmp1
- ldi tmp2, 6
-1:
- ld tmp1, X
- adc tmp1, xNULL
- st X+, tmp1
- dec tmp2
- brne 1b
-
-; EPILOG
-sha1_nextBlock_epilog:
-/* now we should clean up the stack */
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- ret
-
-sha1_nextBlock_xTable:
-.byte 20,40,60,0
-sha1_nextBlock_KTable:
-.int 0x5a827999
-.int 0x6ed9eba1
-.int 0x8f1bbcdc
-.int 0xca62c1d6
-sha1_nextBlock_JumpTable:
-rjmp sha1_nextBlock_Ch
- nop
-rjmp sha1_nextBlock_Parity
- nop
-rjmp sha1_nextBlock_Maj
- nop
-rjmp sha1_nextBlock_Parity
-
- /* X and Y still point at a[1] aka b ; return value in tmp1 */
-sha1_nextBlock_Ch:
- ld tmp1, Y+
- mov tmp2, tmp1
- com tmp2
- ldd tmp3, Y+3 /* load from c */
- and tmp1, tmp3
- ldd tmp3, Y+7 /* load from d */
- and tmp2, tmp3
- eor tmp1, tmp2
- ret
-
-sha1_nextBlock_Maj:
- ld tmp1, Y+
- mov tmp2, tmp1
- ldd tmp3, Y+3 /* load from c */
- and tmp1, tmp3
- ldd tmp4, Y+7 /* load from d */
- and tmp2, tmp4
- eor tmp1, tmp2
- and tmp3, tmp4
- eor tmp1, tmp3
- ret
-
-sha1_nextBlock_Parity:
- ld tmp1, Y+
- ldd tmp2, Y+3 /* load from c */
- eor tmp1, tmp2
- ldd tmp2, Y+7 /* load from d */
- eor tmp1, tmp2
- ret
-/*
-ch_str: .asciz "\r\nCh"
-maj_str: .asciz "\r\nMaj"
-parity_str: .asciz "\r\nParity"
-*/
-;###########################################################
-
-.global sha1_init
-;void sha1_init(sha1_ctx_t *state){
-; DEBUG_S("\r\nSHA1_INIT");
-; state->h[0] = 0x67452301;
-; state->h[1] = 0xefcdab89;
-; state->h[2] = 0x98badcfe;
-; state->h[3] = 0x10325476;
-; state->h[4] = 0xc3d2e1f0;
-; state->length = 0;
-;}
-; param1: (Func3,r24) 16-bit pointer to sha1_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha1_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha1_init_vector))
- ldi r31, hi8((sha1_init_vector))
- ldi r22, 5*4 /* bytes to copy */
-sha1_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha1_init_vloop
- ldi r22, 8
-sha1_init_lloop:
- st X+, r1
- dec r22
- brne sha1_init_lloop
- ret
-
-sha1_init_vector:
-.int 0x67452301;
-.int 0xefcdab89;
-.int 0x98badcfe;
-.int 0x10325476;
-.int 0xc3d2e1f0;
-
+++ /dev/null
-/* sha1.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha1.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2006-10-08
- * \license GPLv3 or later
- * \brief SHA-1 declaration.
- * \ingroup SHA-1
- *
- */
-
-#ifndef SHA1_H_
-#define SHA1_H_
-
-#include <stdint.h>
-/** \def SHA1_HASH_BITS
- * definees the size of a SHA-1 hash in bits
- */
-
-/** \def SHA1_HASH_BYTES
- * definees the size of a SHA-1 hash in bytes
- */
-
-/** \def SHA1_BLOCK_BITS
- * definees the size of a SHA-1 input block in bits
- */
-
-/** \def SHA1_BLOCK_BYTES
- * definees the size of a SHA-1 input block in bytes
- */
-#define SHA1_HASH_BITS 160
-#define SHA1_HASH_BYTES (SHA1_HASH_BITS/8)
-#define SHA1_BLOCK_BITS 512
-#define SHA1_BLOCK_BYTES (SHA1_BLOCK_BITS/8)
-
-/** \typedef sha1_ctx_t
- * \brief SHA-1 context type
- *
- * A vatiable of this type may hold the state of a SHA-1 hashing process
- */
-typedef struct {
- uint32_t h[5];
- uint64_t length;
-} sha1_ctx_t;
-
-/** \typedef sha1_hash_t
- * \brief hash value type
- * A variable of this type may hold a SHA-1 hash value
- */
-typedef uint8_t sha1_hash_t[SHA1_HASH_BITS/8];
-
-/** \fn sha1_init(sha1_ctx_t *state)
- * \brief initializes a SHA-1 context
- * This function sets a ::sha1_ctx_t variable to the initialization vector
- * for SHA-1 hashing.
- * \param state pointer to the SHA-1 context variable
- */
-void sha1_init(sha1_ctx_t *state);
-
-/** \fn sha1_nextBlock(sha1_ctx_t *state, const void* block)
- * \brief process one input block
- * This function processes one input block and updates the hash context
- * accordingly
- * \param state pointer to the state variable to update
- * \param block pointer to the message block to process
- */
-void sha1_nextBlock (sha1_ctx_t *state, const void* block);
-
-/** \fn sha1_lastBlock(sha1_ctx_t *state, const void* block, uint16_t length_b)
- * \brief processes the given block and finalizes the context
- * This function processes the last block in a SHA-1 hashing process.
- * The block should have a maximum length of a single input block.
- * \param state pointer to the state variable to update and finalize
- * \param block pointer to themessage block to process
- * \param length_b length of the message block in bits
- */
-void sha1_lastBlock (sha1_ctx_t *state, const void* block, uint16_t length_b);
-
-/** \fn sha1_ctx2hash(sha1_hash_t *dest, sha1_ctx_t *state)
- * \brief convert a state variable into an actual hash value
- * Writes the hash value corresponding to the state to the memory pointed by dest.
- * \param dest pointer to the hash value destination
- * \param state pointer to the hash context
- */
-void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state);
-
-/** \fn sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b)
- * \brief hashing a message which in located entirely in RAM
- * This function automatically hashes a message which is entirely in RAM with
- * the SHA-1 hashing algorithm.
- * \param dest pointer to the hash value destination
- * \param msg pointer to the message which should be hashed
- * \param length_b length of the message in bits
- */
-void sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b);
-
-
-
-#endif /*SHA1_H_*/
#include <stdint.h>
#include <string.h>
#include "config.h"
-#include "sha256.h"
+#include "sha256/sha256.h"
#include "hmac-sha256.h"
#define IPAD 0x36
#ifndef HMACSHA256_H_
#define HMACSHA256_H_
-#include "sha256.h"
+#include "sha256/sha256.h"
#define HMAC_SHA256_BITS SHA256_HASH_BITS
#define HMAC_SHA256_BYTES SHA256_HASH_BYTES
+++ /dev/null
-/* sha256-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; sha-256 implementation in assembler
-SHA256_BLOCK_BITS = 512
-SHA256_HASH_BITS = 256
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
- precall
- hexdump \length
- postcall
-.endm
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha256_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][h5][h6][h7][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha256_ctx2hash
-; === sha256_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha256_ctx structure
-; given in r23,r22
-sha256_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 8
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha256
-; === sha256 ===
-; this function calculates SHA-256 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha256:
-sha256_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r16, SPL
- in r17, SPH
- subi r16, 8*4+8
- sbci r17, 0
- in r0, SREG
- cli
- out SPL, r16
- out SPH, r17
- out SREG, r0
-
- push r25
- push r24
- inc r16
- adc r17, r1
-
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha256_init
- /* if length >= 512 */
-1:
- tst r11
- brne 4f
- tst r10
- brne 4f
- mov r19, r9
- cpi r19, 0x02
- brlo 4f
-
- movw r24, r16
- movw r22, r12
- rcall sha256_nextBlock
- ldi r19, 0x64
- add r22, r19
- adc r23, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha256_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha256_ctx2hash
-
-sha256_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 8*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SPH, r31
- out SREG, r0
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha256_lastBlock
-; === sha256_lastBlock ===
-; this function does padding & Co. for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1)
-
-
-sha256_lastBlock:
- cpi r21, 0x02
- brlo sha256_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 0x02
- subi r23, -2
- rjmp sha256_lastBlock
-sha256_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r1, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha256_lastBlock_post_copy
- mov r1, r18
-sha256_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha256_lastBlock_copy_loop
-sha256_lastBlock_post_copy:
-sha256_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha256_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*8+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha256_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha256_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha256_lastBlock_epilog
-sha256_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 8*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha256_nextBlock
-
-sha256_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r1, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
- clr r1
- clr r0
- ret
-
-/**/
-;###########################################################
-
-.global sha256_nextBlock
-; === sha256_nextBlock ===
-; this is the core function for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte)
-
-Bck1 = 12
-Bck2 = 13
-Bck3 = 14
-Bck4 = 15
-Func1 = 22
-Func2 = 23
-Func3 = 24
-Func4 = 25
-Accu1 = 16
-Accu2 = 17
-Accu3 = 18
-Accu4 = 19
-XAccu1 = 8
-XAccu2 = 9
-XAccu3 = 10
-XAccu4 = 11
-T1 = 4
-T2 = 5
-T3 = 6
-T4 = 7
-LoopC = 1
-/* byteorder: high number <--> high significance */
-sha256_nextBlock:
- ; initial, let's make some space ready for local vars
- push r4 /* replace push & pop by mem ops? */
- push r5
- push r6
- push r7
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha256_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
- push r18
- push r19
- push r24
- push r25 /* param1 will be needed later */
- ; now we fill the w array with message (think about endianess)
- adiw r26, 1 ; X++
- ldi r20, 16
-sha256_nextBlock_wcpyloop:
- ld r23, Z+
- ld r22, Z+
- ld r19, Z+
- ld r18, Z+
- st X+, r18
- st X+, r19
- st X+, r22
- st X+, r23
- dec r20
- brne sha256_nextBlock_wcpyloop
-/* for (i=16; i<64; ++i){
- w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16];
- } */
- /* r25,r24,r23,r24 (r21,r20) are function values
- r19,r18,r17,r16 are the accumulator
- r15,r14,r13,rBck1 are backup1
- r11,r10,r9 ,r8 are xor accu
- r1 is round counter */
-
- ldi r20, 64-16
- mov LoopC, r20
-sha256_nextBlock_wcalcloop:
- movw r30, r26 ; cp X to Z
- sbiw r30, 63
- sbiw r30, 1 ; substract 64 = 16*4
- ld Accu1, Z+
- ld Accu2, Z+
- ld Accu3, Z+
- ld Accu4, Z+ /* w[i] = w[i-16] */
- ld Bck1, Z+
- ld Bck2, Z+
- ld Bck3, Z+
- ld Bck4, Z+ /* backup = w[i-15] */
- /* now sigma 0 */
- mov Func1, Bck2
- mov Func2, Bck3
- mov Func3, Bck4
- mov Func4, Bck1 /* prerotated by 8 */
- ldi r20, 1
- rcall bitrotl
- movw XAccu1, Func1
- movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/
-sigma0_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- ror Bck1
- dec Func2
- brne sigma0_shr
- eor XAccu1, Bck1
- eor XAccu2, Bck2
- eor XAccu3, Bck3
- eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- ldd Func1, Z+7*4 /* now accu += w[i-7] */
- ldd Func2, Z+7*4+1
- ldd Func3, Z+7*4+2
- ldd Func4, Z+7*4+3
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- ldd Bck1, Z+12*4 /* now backup = w[i-2]*/
- ldd Bck2, Z+12*4+1
- ldd Bck3, Z+12*4+2
- ldd Bck4, Z+12*4+3
- /* now sigma 1 */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 1
- rcall bitrotr
- movw XAccu3, Func3
- movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */
-; movw Func1, Bck3
-; movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/
-sigma1_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- dec Func2
- brne sigma1_shr
- eor XAccu1, Bck2
- eor XAccu2, Bck3
- eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- /* now let's store the shit */
- st X+, Accu1
- st X+, Accu2
- st X+, Accu3
- st X+, Accu4
- dec LoopC
- breq 3f ; skip if zero
- rjmp sha256_nextBlock_wcalcloop
-3:
- /* we are finished with w array X points one byte post w */
-/* init a array */
- pop r31
- pop r30
- push r30
- push r31
- ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */
-init_a_array:
- ld r1, Z+
- st X+, r1
- dec r25
- brne init_a_array
-
-/* now the real fun begins */
-/* for (i=0; i<64; ++i){
- t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i];
- t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]);
- memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0];
- a[4] += t1;
- a[0] = t1 + t2;
- } */
- /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */
- sbiw r26, 8*4 /* X still points at a[7]+1*/
- movw r28, r26
- ldi r30, lo8(sha256_kv)
- ldi r31, hi8(sha256_kv)
- dec r27 /* X - (64*4 == 256) */
- ldi r25, 64
- mov LoopC, r25
-sha256_main_loop:
- /* now calculate t1 */
- /*CH(x,y,z) = (x&y)^((~x)&z)*/
- ldd T1, Y+5*4
- ldd T2, Y+5*4+1
- ldd T3, Y+5*4+2
- ldd T4, Y+5*4+3 /* y in T */
- ldd Func1, Y+4*4
- ldd Func2, Y+4*4+1
- ldd Func3, Y+4*4+2
- ldd Func4, Y+4*4+3 /* x in Func */
- ldd Bck1, Y+6*4
- ldd Bck2, Y+6*4+1
- ldd Bck3, Y+6*4+2
- ldd Bck4, Y+6*4+3 /* z in Bck */
- and T1, Func1
- and T2, Func2
- and T3, Func3
- and T4, Func4
- com Func1
- com Func2
- com Func3
- com Func4
- and Bck1, Func1
- and Bck2, Func2
- and Bck3, Func3
- and Bck4, Func4
- eor T1, Bck1
- eor T2, Bck2
- eor T3, Bck3
- eor T4, Bck4 /* done, CH(x,y,z) is in T */
- /* now SIGMA1(a[4]) */
- ldd Bck4, Y+4*4 /* think about using it from Func reg above*/
- ldd Bck1, Y+4*4+1
- ldd Bck2, Y+4*4+2
- ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotl /* rotr(x,6) */
- movw XAccu1, Func1
- movw XAccu3, Func3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 3
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- movw Func1, Bck3 /* this prerotates furteh 16 bits*/
- movw Func3, Bck1 /* so we have now prerotated by 24 bits*/
- ldi r20, 1
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* finished with SIGMA1, add it to T */
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4
- /* now we've to add a[7], w[i] and k[i] */
- ldd XAccu1, Y+4*7
- ldd XAccu2, Y+4*7+1
- ldd XAccu3, Y+4*7+2
- ldd XAccu4, Y+4*7+3
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add a[7] */
- ld XAccu1, X+
- ld XAccu2, X+
- ld XAccu3, X+
- ld XAccu4, X+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add w[i] */
- lpm XAccu1, Z+
- lpm XAccu2, Z+
- lpm XAccu3, Z+
- lpm XAccu4, Z+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add k[i] */ /* finished with t1 */
- /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/
- /* starting with MAJ(x,y,z) */
- ldd Func1, Y+4*0+0
- ldd Func2, Y+4*0+1
- ldd Func3, Y+4*0+2
- ldd Func4, Y+4*0+3 /* load x=a[0] */
- ldd XAccu1, Y+4*1+0
- ldd XAccu2, Y+4*1+1
- ldd XAccu3, Y+4*1+2
- ldd XAccu4, Y+4*1+3 /* load y=a[1] */
- and XAccu1, Func1
- and XAccu2, Func2
- and XAccu3, Func3
- and XAccu4, Func4 /* XAccu == (x & y) */
- ldd Bck1, Y+4*2+0
- ldd Bck2, Y+4*2+1
- ldd Bck3, Y+4*2+2
- ldd Bck4, Y+4*2+3 /* load z=a[2] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */
- ldd Func1, Y+4*1+0
- ldd Func2, Y+4*1+1
- ldd Func3, Y+4*1+2
- ldd Func4, Y+4*1+3 /* load y=a[1] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */
- /* SIGMA0(a[0]) */
- ldd Bck1, Y+4*0+0 /* we should combine this with above */
- ldd Bck2, Y+4*0+1
- ldd Bck3, Y+4*0+2
- ldd Bck4, Y+4*0+3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotr
- movw Accu1, Func1
- movw Accu3, Func3 /* Accu = shr(a[0], 2) */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotate by 16 bits */
- ldi r20, 3
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */
- mov Func1, Bck4
- mov Func2, Bck1
- mov Func3, Bck2
- mov Func4, Bck3 /* prerotate by 24 bits */
- ldi r20, 2
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */
- add Accu1, XAccu1 /* add previous result (MAJ)*/
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4
- /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/
- /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */
-
- ldi r21, 7*4
- adiw r28, 7*4
-a_shift_loop:
- ld r25, -Y /* warning: this is PREdecrement */
- std Y+4, r25
- dec r21
- brne a_shift_loop
-
- ldd Bck1, Y+4*4+0
- ldd Bck2, Y+4*4+1
- ldd Bck3, Y+4*4+2
- ldd Bck4, Y+4*4+3
- add Bck1, T1
- adc Bck2, T2
- adc Bck3, T3
- adc Bck4, T4
- std Y+4*4+0, Bck1
- std Y+4*4+1, Bck2
- std Y+4*4+2, Bck3
- std Y+4*4+3, Bck4
- add Accu1, T1
- adc Accu2, T2
- adc Accu3, T3
- adc Accu4, T4
- std Y+4*0+0, Accu1
- std Y+4*0+1, Accu2
- std Y+4*0+2, Accu3
- std Y+4*0+3, Accu4 /* a array updated */
-
-
- dec LoopC
- breq update_state
- rjmp sha256_main_loop ;brne sha256_main_loop
-update_state:
- /* update state */
- /* pointers to state should still exist on the stack ;-) */
- pop r31
- pop r30
- ldi r21, 8
-update_state_loop:
- ldd Accu1, Z+0
- ldd Accu2, Z+1
- ldd Accu3, Z+2
- ldd Accu4, Z+3
- ld Func1, Y+
- ld Func2, Y+
- ld Func3, Y+
- ld Func4, Y+
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- st Z+, Accu1
- st Z+, Accu2
- st Z+, Accu3
- st Z+, Accu4
- dec r21
- brne update_state_loop
- /* now we just have to update the length */
- adiw r30, 1 /* since we add 512, we can simply skip the LSB */
- ldi r21, 2
- ldi r22, 6
- ld r20, Z
- add r20, r21
- st Z+, r20
- clr r21
-sha256_nextBlock_fix_length:
- brcc sha256_nextBlock_epilog
- ld r20, Z
- adc r20, r21
- st Z+, r20
- dec r22
- brne sha256_nextBlock_fix_length
-
-; EPILOG
-sha256_nextBlock_epilog:
-/* now we should clean up the stack */
-
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- pop r7
- pop r6
- pop r5
- pop r4
- ret
-
-sha256_kv: ; round-key-vector stored in ProgMem
-.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c
-.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b
-.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9
-.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429
-.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272
-.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a
-.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e
-.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671
-
-
-;###########################################################
-
-.global sha256_init
-;uint32_t sha256_init_vector[]={
-; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
-; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 };
-;
-;void sha256_init(sha256_ctx_t *state){
-; state->length=0;
-; memcpy(state->h, sha256_init_vector, 8*4);
-;}
-; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha256_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha256_init_vector))
- ldi r31, hi8((sha256_init_vector))
- ldi r22, 32+8
-sha256_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha256_init_vloop
- ret
-
-sha256_init_vector:
-.word 0xE667, 0x6A09
-.word 0xAE85, 0xBB67
-.word 0xF372, 0x3C6E
-.word 0xF53A, 0xA54F
-.word 0x527F, 0x510E
-.word 0x688C, 0x9B05
-.word 0xD9AB, 0x1F83
-.word 0xCD19, 0x5BE0
-.word 0x0000, 0x0000
-.word 0x0000, 0x0000
-
-;###########################################################
-
-.global rotl32
-; === ROTL32 ===
-; function that rotates a 32 bit word to the left
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,r22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotl32:
- cpi r20, 8
- brlo bitrotl
- mov r21, r25
- mov r25, r24
- mov r24, r23
- mov r23, r22
- mov r22, r21
- subi r20, 8
- rjmp rotl32
-bitrotl:
- clr r21
- clc
-bitrotl_loop:
- tst r20
- breq fixrotl
- rol r22
- rol r23
- rol r24
- rol r25
- rol r21
- dec r20
- rjmp bitrotl_loop
-fixrotl:
- or r22, r21
- ret
-
-
-;###########################################################
-
-.global rotr32
-; === ROTR32 ===
-; function that rotates a 32 bit word to the right
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotr32:
- cpi r20, 8
- brlo bitrotr
- mov r21, r22
- mov r22, r23
- mov r23, r24
- mov r24, r25
- mov r25, r21
- subi r20, 8
- rjmp rotr32
-bitrotr:
- clr r21
- clc
-bitrotr_loop:
- tst r20
- breq fixrotr
- ror r25
- ror r24
- ror r23
- ror r22
- ror r21
- dec r20
- rjmp bitrotr_loop
-fixrotr:
- or r25, r21
- ret
-
-
-;###########################################################
-
-.global change_endian32
-; === change_endian32 ===
-; function that changes the endianess of a 32-bit word
-; param1: the 32-bit word
-; given in r25,r24,r23,22 (r25 is most significant)
-; modifys: r21, r22
-change_endian32:
- movw r20, r22 ; (r22,r23) --> (r20,r21)
- mov r22, r25
- mov r23, r24
- mov r24, r21
- mov r25, r20
- ret
-
+++ /dev/null
-/* sha256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha256.h
- * \author Daniel Otte
- * \date 2006-05-16
- * \license GPLv3 or later
- *
- */
-
-#ifndef SHA256_H_
-#define SHA256_H_
-
-#define __LITTLE_ENDIAN__
-
-
-#include <stdint.h>
-
-/** \def SHA256_HASH_BITS
- * defines the size of a SHA-256 hash value in bits
- */
-
-/** \def SHA256_HASH_BYTES
- * defines the size of a SHA-256 hash value in bytes
- */
-
-/** \def SHA256_BLOCK_BITS
- * defines the size of a SHA-256 input block in bits
- */
-
-/** \def SHA256_BLOCK_BYTES
- * defines the size of a SHA-256 input block in bytes
- */
-
-#define SHA256_HASH_BITS 256
-#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8)
-#define SHA256_BLOCK_BITS 512
-#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8)
-
-/** \typedef sha256_ctx_t
- * \brief SHA-256 context type
- *
- * A variable of this type may hold the state of a SHA-256 hashing process
- */
-typedef struct {
- uint32_t h[8];
- uint64_t length;
-} sha256_ctx_t;
-
-/** \typedef sha256_hash_t
- * \brief SHA-256 hash value type
- *
- * A variable of this type may hold the hash value produced by the
- * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function.
- */
-typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES];
-
-/** \fn void sha256_init(sha256_ctx_t *state)
- * \brief initialise a SHA-256 context
- *
- * This function sets a ::sha256_ctx_t to the initial values for hashing.
- * \param state pointer to the SHA-256 hashing context
- */
-void sha256_init(sha256_ctx_t *state);
-
-/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block)
- * \brief update the context with a given block
- *
- * This function updates the SHA-256 hash context by processing the given block
- * of fixed length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- */
-void sha256_nextBlock (sha256_ctx_t* state, const void* block);
-
-/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b)
- * \brief finalize the context with the given block
- *
- * This function finalizes the SHA-256 hash context by processing the given block
- * of variable length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- * \param length_b the length of the block in bits
- */
-void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b);
-
-/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state)
- * \brief convert the hash state into the hash value
- * This function reads the context and writes the hash value to the destination
- * \param dest pointer to the location where the hash value should be written
- * \param state pointer to the SHA-256 hash context
- */
-void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state);
-
-/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b)
- * \brief simple SHA-256 hashing function for direct hashing
- *
- * This function automaticaly hashes a given message of arbitary length with
- * the SHA-256 hashing algorithm.
- * \param dest pointer to the location where the hash value is going to be written to
- * \param msg pointer to the message thats going to be hashed
- * \param length_b length of the message in bits
- */
-void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b);
-
-#endif /*SHA256_H_*/
#include <stdio.h>
#include <stdlib.h>
#include <getopt.h>
-#include "gf256mul.h"
+#include "gf256mul/gf256mul.h"
int print_header = 1,
print_braces = 1,
*
*/
#include <stdint.h>
-#include "gf256mul.h"
+#include "gf256mul/gf256mul.h"
uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer){
uint8_t i;
+++ /dev/null
-/* gf256mul.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file gf256mul.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2009-01-13
- * \license GPLv3 or later
- *
- */
-#include <stdint.h>
-
-uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
+++ /dev/null
-#!/usr/bin/ruby
-# performnce to wiki
-
-=begin
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-=end
-
-=begin
- === Twister-256 performance ===
- type: hash
- hashsize (bits): 256
- ctxsize (bytes): 80
- blocksize (bits): 512
- init (cycles): 425
- nextBlock (cycles): 36535
- lastBlock (cycles): 8071
- ctx2hash (cycles): 19431
-=end
-
-def process_hashfunction(fin, name)
- lb = fin.readline()
- m = lb.match(/hashsize \(bits\):[\s]*([\d]*)/)
- if(!m)
- printf("unexpected string %s\n", lb)
- end
- hashsize = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/ctxsize \(bytes\):[\s]*([\d]*)/)
- ctxsize = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/blocksize \(bits\):[\s]*([\d]*)/)
- blocksize = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/init \(cycles\):[\s]*([\d]*)/)
- inittime = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/nextBlock \(cycles\):[\s]*([\d]*)/)
- nextblocktime = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/lastBlock \(cycles\):[\s]*([\d]*)/)
- lastblocktime = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/ctx2hash \(cycles\):[\s]*([\d]*)/)
- convtime = m[1].to_i()
- begin
- lb = fin.readline()
- end until m = lb.match(/init \(bytes\):[\s]*([\d]*)/)
- initstack = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/nextBlock \(bytes\):[\s]*([\d]*)/)
- nextblockstack = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/lastBlock \(bytes\):[\s]*([\d]*)/)
- lastblockstack = m[1].to_i()
- lb = fin.readline()
- m = lb.match(/ctx2hash \(bytes\):[\s]*([\d]*)/)
- convstack = m[1].to_i()
- s1 = (initstack>nextblockstack)?initstack:nextblockstack
- s2 = (lastblockstack>convstack)?lastblockstack:convstack
- stack = (s1>s2)?s1:s2
-
- printf("| %20s || %3s || %3s || || %4d || %4d || %4d || %4d ||" +
- " %6d || %6d || %7.2f || %6d || || || \n|-\n" ,
- name, $lang, $lang ,ctxsize, stack, hashsize, blocksize,
- inittime, nextblocktime, nextblocktime.to_f/(blocksize/8),
- lastblocktime+convtime)
-end
-
-
-$handlers = Hash.new
-$handlers.default = 0
-$handlers["hashfunction"] = 1 #process_hashfunction
-
-def process_file(fname)
- fin = File.open(fname, "r")
- $lang = "asm"
- $lang = "C" if fname.match(/_c.txt$/)
- begin
- begin
- if fin.eof()
- return
- end
- lb = fin.readline()
- end while !m=lb.match(/=== (.*) performance ===/)
- name = m[1];
- lb = fin.readline()
- m = lb.match(/type:[\s]*([\w]*)/)
- type = m[1]
- if $handlers[type] != 0
- # handlers[type](fin, name)
- process_hashfunction(fin, name)
- else
- printf("ERROR: unsupported type: %s !\n", type)
- end
- end while(true)
- fin.close()
-end
-
-for i in (0..ARGV.size-1)
- process_file(ARGV[i])
-end
-
-
-
-
-
-
-
+++ /dev/null
-#!/usr/bin/ruby
-# shavs_test.rb
-=begin
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-=end
-
-$debug = true;
-$debug = false;
-require 'rubygems'
-require 'serialport'
-
-def init_system
-# sleep 1
- $sp.print("exit\r")
- sleep 0.5
- $sp.print("exit\r")
- sleep 0.5
- $sp.print("echo off \r")
- print("DBG i: " + "echo off \r"+"\n") if $debug
-# line = $sp.readlines()
-# print("DBG 0.0: ")
-# print(line)
- sleep 1
- $sp.print("shavs_set #{$algo_select}\r")
- print("DBG i: " + "shavs_set #{$algo_select} \r"+"\n") # if $debug
-# line = $sp.readlines()
-# print("DBG 0.1: ")
-# print(line)
- sleep 1
- $sp.print("shavs_test1 \r")
- print("DBG i: " + "shavs_test1 \r"+"\n") if $debug
-# line = $sp.readlines()
-# print("DBG 0.2: ")
-# print(line)
-end
-
-def get_md
- begin
- line = $sp.gets()
- line = "" if line==nil
- puts("DBG got: "+line) if $debug && line!=""
- end while not /[\s]*MD[\s]*=.*/.match(line)
- return line
-end
-
-def send_md(md_string)
- sleep(0.15)
- for i in 0..md_string.length-1
- $sp.print(md_string[i].chr)
-# print("DBG s: "+ md_string[i].chr) if $debug
- if(i%5==4)
- sleep(0.15)
- end
- end
-end
-
-def run_test(filename)
- nerrors = 0
- line=1
- if not File.exist?(filename)
- puts("ERROR file "+filename+" does not exist!")
- end
- pos = 0
- file = File.new(filename, "r");
- until file.eof
- sleep(0.5)
- begin
- lb=file.gets()
- end while not (file.eof or (/[\s]*Len[\s]*=.*/.match(lb)))
- puts("DBG sending: "+lb) if $debug
- return if file.eof
- $sp.print(lb.strip)
- $sp.print("\r")
- begin
- lb=file.gets()
- end while not (file.eof or (/[\s]*Msg[\s]*=.*/.match(lb)))
- return if file.eof
- puts("DBG sending: "+lb) if $debug
- send_md(lb.strip)
- avr_md = get_md()
- begin
- lb=file.gets()
- end while not /[\s]*MD[\s]*=.*/.match(lb)
- a = (/[\s]*MD[\s]*=[\s]*([0-9a-fA-F]*).*/.match(lb))[1];
- b = (/[\s]*MD[\s]*=[\s]*([0-9a-fA-F]*).*/.match(avr_md))[1];
- a.upcase!
- b.upcase!
- printf("\n%4d (%4d): ", line, (line-1)*$linewidth) if (pos%$linewidth==0 and $linewidth!=0)
- line += 1 if (pos%$linewidth==0 and $linewidth!=0)
- sleep(1)
- #putc((a==b)?'*':'!')
- if(a==b)
- putc('*')
- else
- putc('!')
-# printf("\nshould: %s\ngot: %s\n",lb,avr_md)
- nerrors += 1
- end
- pos += 1
- end
- return nerrors.to_i
-end
-
-if ARGV.size < 6
- STDERR.print <<EOF
- Usage: ruby #{$0} port bps nbits stopb algo_select testfile ...
-EOF
- exit(1)
-end
-
-puts("\nPort: "+ARGV[0]+ "@"+ARGV[1]+" "+ARGV[2]+"N"+ARGV[3]+"\n");
-puts("serial port interface version: " + SerialPort::VERSION);
-$linewidth = 64
-$params = { "baud" => ARGV[1].to_i,
- "data_bits" => ARGV[2].to_i,
- "stop_bits" => ARGV[3].to_i,
- "parity" => SerialPort::NONE }
-$sp = SerialPort.new(ARGV[0], $params)
-#$sp = SerialPort.new(ARGV[0], ARGV[1].to_i, ARGV[2].to_i, ARGV[3].to_i, SerialPort::NONE);
-
-$sp.read_timeout=1000; # 5 minutes
-$sp.flow_control = SerialPort::SOFT
-$algo_select = ARGV[4]
-#irb
-
-init_system()
-
-nerrors = 0
-for i in (5..(ARGV.size-1))
- nerrors = run_test(ARGV[i])
- if nerrors == 0
- puts("\n[ok]")
- else
- puts("\n[errors: "+ nerrors.to_s() +"]")
- end
-end
- $sp.print("EXIT\r");
-
-#exit(0);
-
-
#include <stdlib.h>
#include <string.h>
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "rotate64.h"
#include "keccak.h"
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
+++ /dev/null
-#include <stdint.h>
-
-#include "memxor.h"
-
-void memxor(void* dest, const void* src, uint16_t n){
- while(n--){
- *((uint8_t*)dest) ^= *((uint8_t*)src);
- dest = (uint8_t*)dest +1;
- src = (uint8_t*)src +1;
- }
-}
-
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := aes/
+$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ bcal/
$(ALGO_NAME)_OBJ := aes_enc-asm.o aes_dec-asm.o aes_sbox-asm.o aes_invsbox-asm.o \
aes_keyschedule-asm.o
$(ALGO_NAME)_TEST_BIN := main-aes-test.o $(CLI_STD) $(BCAL_STD) \
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := aes/
+$(ALGO_NAME)_INCDIR := gf256mul/ bcal/
$(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \
aes_keyschedule.o gf256mul.o aes128_enc.o aes128_dec.o
$(ALGO_NAME)_TEST_BIN := main-aes128-test.o $(CLI_STD) $(BCAL_STD) \
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := aes/
+$(ALGO_NAME)_INCDIR := gf256mul/ bcal/
$(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \
aes_keyschedule.o gf256mul.o aes192_enc.o aes192_dec.o
$(ALGO_NAME)_TEST_BIN := main-aes192-test.o $(CLI_STD) $(BCAL_STD) \
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := aes/
+$(ALGO_NAME)_INCDIR := gf256mul/ bcal/
$(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \
aes_keyschedule.o gf256mul.o aes256_enc.o aes256_dec.o
$(ALGO_NAME)_TEST_BIN := main-aes256-test.o $(CLI_STD) $(BCAL_STD) \
$(ALGO_NAME)_DIR := aes/
+$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ bcal/
$(ALGO_NAME)_OBJ := aes_enc-asm.o aes_dec-asm_faster.o aes_sbox-asm.o aes_invsbox-asm.o \
aes_keyschedule-asm.o
$(ALGO_NAME)_TEST_BIN := main-aes-test.o $(CLI_STD) $(BCAL_STD) \
$(ALGO_NAME)_DIR := aes/
+$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ bcal/
$(ALGO_NAME)_OBJ := aes_enc.o aes_dec.o aes_sbox.o aes_invsbox.o \
aes_keyschedule.o gf256mul.o \
aes128_enc.o aes128_dec.o aes192_enc.o aes192_dec.o \
ENCODINGS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := base64/
+$(ALGO_NAME)_INCDIR := memxor/ noekeon/
$(ALGO_NAME)_OBJ := base64_enc.o base64_dec.o
$(ALGO_NAME)_TEST_BIN := main-base64-test.o $(CLI_STD) \
performance_test.o noekeon_asm.o noekeon_prng.o memxor.o
AUX += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bigint/
+$(ALGO_NAME)_INCDIR := memxor/ noekeon/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o bigint_add_u.o
$(ALGO_NAME)_TEST_BIN := main-bigint-test.o $(CLI_STD) \
performance_test.o noekeon_asm.o noekeon_prng.o memxor.o
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := blake/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := blake_small.o blake_large.o blake_common.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-blake-test.o hfal_blake_small.o hfal_blake_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bmw/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := bmw_small-asm.o bmw_large.o
$(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bmw/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := bmw_small.o bmw_large.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bmw/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := bmw_small-tinyasm.o bmw_large.o
$(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bmw/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := bmw_256-tinyasm.o bmw_224-tinyasm.o bmw_large.o
$(ALGO_NAME)_TEST_BIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := camellia/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := camellia128-stub.o camellia-asm.o
$(ALGO_NAME)_TEST_BIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \
bcal_camellia128.o
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := camellia/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := camellia_C.o
$(ALGO_NAME)_TEST_BIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \
bcal_camellia128.o
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := cast5/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := cast5.o
$(ALGO_NAME)_TEST_BIN := main-cast5-test.o bcal_cast5.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := cast6/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := cast6.o
$(ALGO_NAME)_TEST_BIN := main-cast6-test.o bcal_cast6.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := cubehash/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := cubehash.o cubehash_rotates.o memxor.o xchg.o
$(ALGO_NAME)_TEST_BIN := main-cubehash-test.o hfal_cubehash.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := des/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := des.o
$(ALGO_NAME)_TEST_BIN := main-des-test.o bcal_des.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
SIGNATURE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := dsa/
+$(ALGO_NAME)_INCDIR := memxor/ bigint/ sha1/ noekeon/ base64/ hfal/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o bigint_add_u.o sha1-asm.o dsa_sign.o dsa_verify.o dsa_key_blob.o base64_enc.o
$(ALGO_NAME)_TEST_BIN := main-dsa-test.o $(CLI_STD) hfal_sha1.o $(HFAL_STD) \
noekeon_asm.o noekeon_prng.o memxor.o
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := echo/
+$(ALGO_NAME)_INCDIR := aes/ memxor/ gf256mul/ hfal/
$(ALGO_NAME)_OBJ := echo.o memxor.o aes_enc_round-asm.o aes_sbox-asm.o gf256mul.o
$(ALGO_NAME)_TEST_BIN := main-echo-test.o hfal_echo.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
PRNGS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := entropium/
+$(ALGO_NAME)_INCDIR := sha256/
$(ALGO_NAME)_OBJ := entropium.o sha256-asm.o
$(ALGO_NAME)_TEST_BIN := main-entropium-test.o $(CLI_STD) performance_test.o
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := groestl/
+$(ALGO_NAME)_INCDIR := aes/ memxor/ gf256mul/ hfal/
$(ALGO_NAME)_OBJ := groestl_small.o groestl_large.o memxor.o aes_sbox.o gf256mul.o
$(ALGO_NAME)_TEST_BIN := hfal_groestl_large.o hfal_groestl_small.o main-groestl-test.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
MACS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := hmac-md5/
+$(ALGO_NAME)_INCDIR := md5/ mfal/
$(ALGO_NAME)_OBJ := hmac-md5.o md5-asm.o
$(ALGO_NAME)_TEST_BIN := main-hmac-md5-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o
MACS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := hmac-sha1/
+$(ALGO_NAME)_INCDIR := sha1/
$(ALGO_NAME)_OBJ := hmac-sha1.o sha1-asm.o
$(ALGO_NAME)_TEST_BIN := main-hmac-sha1-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o
MACS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := hmac-sha256/
+$(ALGO_NAME)_INCDIR := sha256/
$(ALGO_NAME)_OBJ := hmac-sha256.o sha256-asm.o
$(ALGO_NAME)_TEST_BIN := main-hmac-sha256-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := keccak/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := keccak.o memxor.o rotate64.o
$(ALGO_NAME)_TEST_BIN := main-keccak-test.o hfal_keccak.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := md5/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := md5-asm.o
$(ALGO_NAME)_TEST_BIN := main-md5-test.o hfal_md5.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := md5/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := md5.o
$(ALGO_NAME)_TEST_BIN := main-md5-test.o hfal_md5.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
SIGNATURE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := mqq-sign/
+$(ALGO_NAME)_INCDIR := memxor/
$(ALGO_NAME)_OBJ := mqq160-sign.o mqq160-sign_P.o mqq160-sign_testkey.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-mqq160-sign-test.o performance_test.o stack_measuring.o $(CLI_STD)
$(ALGO_NAME)_NESSIE_TEST := test
STREAM_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := mugi/
+$(ALGO_NAME)_INCDIR := aes/ gf256mul/
$(ALGO_NAME)_OBJ := mugi.o gf256mul.o aes_sbox.o
$(ALGO_NAME)_TEST_BIN := main-mugi-test.o $(CLI_STD) \
nessie_stream_test.o nessie_common.o \
# comment out the following line for removement of noekeon from the build process
BLOCK_CIPHERS += $(ALGO_NAME)
-
+$(ALGO_NAME)_DIR := noekeon/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := noekeon_asm.o
$(ALGO_NAME)_TEST_BIN := main-noekeon-test.o bcal_noekeon.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
# comment out the following line for removement of noekeon from the build process
BLOCK_CIPHERS += $(ALGO_NAME)
-
+$(ALGO_NAME)_DIR := noekeon/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := noekeon.o
$(ALGO_NAME)_TEST_BIN := main-noekeon-test.o bcal_noekeon.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
# comment out the following line for removement of noekeon from the build process
MACS += $(ALGO_NAME)
-
+$(ALGO_NAME)_DIR := noekeon/
+$(ALGO_NAME)_INCDIR := memxor/ mfal/
$(ALGO_NAME)_OBJ := noekeon_asm.o omac_noekeon.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-omac-noekeon-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o performance_test.o
# comment out the following line for removement of noekeon from the build process
MACS += $(ALGO_NAME)
-
+$(ALGO_NAME)_DIR := noekeon/
+$(ALGO_NAME)_INCDIR := memxor/ mfal/
$(ALGO_NAME)_OBJ := noekeon_asm.o omac_noekeon_C.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-omac-noekeon-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o performance_test.o
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := present/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := present.o
$(ALGO_NAME)_TEST_BIN := main-present-test.o bcal_present.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rc5/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := rc5.o
$(ALGO_NAME)_TEST_BIN := main-rc5-test.o bcal_rc5.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rc6/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := rc6.o
$(ALGO_NAME)_TEST_BIN := main-rc6-test.o bcal_rc6.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := seed/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := seed-asm.o
$(ALGO_NAME)_TEST_BIN := main-seed-test.o bcal_seed.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := seed/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := seed_C.o
$(ALGO_NAME)_TEST_BIN := main-seed-test.o bcal_seed.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := serpent/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-bitslice-asm.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := serpent/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := serpent-sboxes-bitslice-asm.o serpent-asm.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := serpent/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-fast.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := serpent/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := serpent-asm.o serpent-sboxes-small.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := serpent/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := serpent.o serpent-sboxes_c.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-serpent-test.o bcal_serpent.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := sha1/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := sha1-asm.o
$(ALGO_NAME)_TEST_BIN := main-sha1-test.o hfal_sha1.o $(CLI_STD) $(HFAL_STD) dump-decl.o dump-asm.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := sha1/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := sha1.o
$(ALGO_NAME)_TEST_BIN := main-sha1-test.o hfal_sha1.o dump-asm.o dump-decl.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := sha256/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := sha256-asm.o
$(ALGO_NAME)_TEST_BIN := main-sha256-test.o dump-asm.o dump-decl.o hfal_sha256.o $(CLI_STD) $(HFAL_STD)
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := sha256/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := sha256.o
$(ALGO_NAME)_TEST_BIN := main-sha256-test.o $(CLI_STD) $(HFAL_STD) hfal_sha256.o dump-asm.o dump-decl.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := shabal/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := shabal-asm.o shabal192-asm.o shabal224-asm.o \
shabal256-asm.o shabal384-asm.o shabal512-asm.o
$(ALGO_NAME)_TEST_BIN := main-shabal-test.o hfal_shabal.o $(CLI_STD) $(HFAL_STD)
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := shabal/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := shabal.o shabal192.o shabal224.o shabal256.o shabal384.o shabal512.o
$(ALGO_NAME)_TEST_BIN := main-shabal-test.o hfal_shabal.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
BLOCK_CIPHERS_DONTUSE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := shabea/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := shabea.o sha256-asm.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-shabea-test.o $(CLI_STD) \
nessie_bc_test.o nessie_common.o performance_test.o
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := shacal1/
+$(ALGO_NAME)_INCDIR := sha1/ bcal/
$(ALGO_NAME)_OBJ := shacal1_enc.o sha1-asm.o
$(ALGO_NAME)_TEST_BIN := main-shacal1_enc-test.o $(CLI_STD) \
nessie_bc_test.o nessie_common.o performance_test.o
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := shacal2/
+$(ALGO_NAME)_INCDIR := sha256/ bcal/
$(ALGO_NAME)_OBJ := shacal2_enc.o sha256-asm.o
$(ALGO_NAME)_TEST_BIN := main-shacal2_enc-test.o $(CLI_STD) \
nessie_bc_test.o nessie_common.o performance_test.o
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skein/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := threefish_mix.o \
threefish256_enc_asm.o ubi256_asm.o skein256_asm.o \
threefish512_enc_asm.o ubi512_asm.o skein512_asm.o \
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skein/
+$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := threefish256_enc.o threefish512_enc.o threefish1024_enc.o threefish_mix_c.o\
ubi256.o ubi512.o ubi1024.o memxor.o skein256.o skein512.o skein1024.o
$(ALGO_NAME)_TEST_BIN := main-skein-test.o hfal_skein256.o hfal_skein512.o hfal_skein1024.o $(CLI_STD) $(HFAL_STD)
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skipjack/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := skipjack.o
$(ALGO_NAME)_TEST_BIN := main-skipjack-test.o bcal_skipjack.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := des/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := des.o
$(ALGO_NAME)_TEST_BIN := main-tdes-test.o bcal_tdes.o bcal_tdes2.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skein/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := threefish256_enc_asm.o threefish512_enc_asm.o threefish1024_enc_asm.o\
threefish_mix.o threefish_invmix.o \
threefish256_dec_asm.o threefish512_dec_asm.o threefish1024_dec_asm.o
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skein/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := threefish256_enc.o threefish512_enc.o threefish1024_enc.o threefish_mix_c.o \
threefish_invmix_c.o threefish256_dec.o threefish512_dec.o threefish1024_dec.o
$(ALGO_NAME)_TEST_BIN := main-threefish-test.o bcal_threefish256.o bcal_threefish512.o bcal_threefish1024.o $(CLI_STD) $(BCAL_STD)
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skein/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := threefish256_enc_small.o threefish512_enc.o threefish1024_enc.o\
threefish_mix.o threefish_mix_4c.o threefish_invmix_c.o \
threefish256_dec.o threefish512_dec.o threefish1024_dec.o
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := twister/
+$(ALGO_NAME)_INCDIR := hfal/
$(ALGO_NAME)_OBJ := twister-small-asm.o twister-large-asm.o twister-asm.o \
twister224.o twister256.o twister384.o twister512.o
$(ALGO_NAME)_TEST_BIN := main-twister-test.o hfal_twister224.o hfal_twister256.o \
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := twister/
+$(ALGO_NAME)_INCDIR := memxor/ gf256mul/ hfal/
$(ALGO_NAME)_OBJ := twister.o twister-small.o twister-large.o memxor.o gf256mul.o
$(ALGO_NAME)_TEST_BIN := main-twister-test.o hfal_twister224.o hfal_twister256.o \
hfal_twister384.o hfal_twister512.o $(CLI_STD) $(HFAL_STD)
AUX += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skein/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := threefish_mix.o threefish256_enc_asm.o ubi256_asm.o \
threefish512_enc_asm.o ubi512_asm.o threefish1024_enc_asm.o \
ubi1024_asm.o memxor.o
AUX += $(ALGO_NAME)
$(ALGO_NAME)_DIR := skein/
+$(ALGO_NAME)_INCDIR := memxor/ bcal/
$(ALGO_NAME)_OBJ := threefish256_enc.o threefish512_enc.o threefish1024_enc.o threefish_mix_c.o\
ubi256.o ubi512.o ubi1024.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-ubi-test.o $(CLI_STD) \
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := xtea/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := xtea-asm.o
$(ALGO_NAME)_TEST_BIN := main-xtea-test.o bcal_xtea.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := xtea/
+$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := xtea.o
$(ALGO_NAME)_TEST_BIN := main-xtea-test.o bcal_xtea.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
#include <string.h>
#include <stdint.h>
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "mqq160-sign.h"
#include "cli.h"
#include <string.h>
#include <stdint.h>
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "mqq160-sign.h"
/*
#include <string.h>
#include <stdint.h>
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "mqq160-sign.h"
static uint8_t mod20_table[32] PROGMEM = {
+++ /dev/null
-/* aes sbox */
-
-#include <stdint.h>
-#include <avr/pgmspace.h>
-uint8_t aes_sbox[256] PROGMEM = {
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-};
-
+++ /dev/null
-/* aes_sbox.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file aes_sbox.h
- * \email daniel.otte@rub.de
- * \author Daniel Otte
- * \date 2008-12-30
- * \license GPLv3 or later
- *
- */
-#ifndef AES_SBOX_H_
-#define AES_SBOX_H_
-#include <stdint.h>
-
-extern uint8_t aes_sbox[];
-
-#endif
+++ /dev/null
-/* gf256mul.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: gf256mul.S
- * Author: Daniel Otte
- * Date: 2008-12-19
- * License: GPLv3 or later
- * Description: peasant's algorithm for multiplication in GF(2^8)
- *
- */
-
-#include <avr/io.h>
-#define OPTIMIZE_SMALL_A
-
-/*
- * param a: r24
- * param b: r22
- * param reducer: r20
- */
-A = 23
-B = 22
-P = 24
-.global gf256mul
-
-#ifdef OPTIMIZE_SMALL_A
-gf256mul:
- mov A, r24
- clr r24
-1:
- lsr A
- breq 4f
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- rjmp 1b
-4:
- brcc 2f
- eor P, B
-2:
- ret
-
-#else
-
-gf256mul:
- mov r21, r24
- clr r24
- ldi r25, 8
-1:
- lsr A
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- dec r25
- brne 1b
- ret
-
-#endif
+++ /dev/null
-/* gf256mul.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef GF256MUL_H_
-#define GF256MUL_H_
-
-/**
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-12-19
- * \license GPLv3
- * \brief
- *
- *
- */
-
-#include <stdint.h>
-
-uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
-
-#endif /* GF256MUL_H_ */
-
#include <stdlib.h>
#include <string.h>
#include <avr/pgmspace.h>
-#include "aes_sbox.h"
+#include "aes/aes_sbox.h"
#include "mugi.h"
-#include "gf256mul.h"
+#include "gf256mul/gf256mul.h"
/*
#include "test_src/cli.h" / * only for debugging * /
+++ /dev/null
-/* noekeon.c */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * author: Daniel Otte
- * email: daniel.otte@rub.de
- * license: GPLv3 or later
- *
- *
- *
- */
-
-#include <stdint.h>
-#include <string.h>
-
-#ifdef __AVR__
- #include <avr/pgmspace.h>
-#endif
-#include "noekeon.h"
-// #include "cli.h"
-
-#define ROUND_NR 16
-
-#define RC_POS 0
-
-static
-void gamma(uint32_t* a){
- uint32_t tmp;
-
- a[1] ^= ~((a[3]) | (a[2]));
- a[0] ^= a[2] & a[1];
-
- tmp=a[3]; a[3]=a[0]; a[0]=tmp;
- a[2] ^= a[0] ^ a[1] ^ a[3];
-
- a[1] ^= ~((a[3]) | (a[2]));
- a[0] ^= a[2] & a[1];
-}
-
-#define ROTL32(a,n) (((a)<<n)|((a)>>(32-n)))
-#define ROTR32(a,n) (((a)>>n)|((a)<<(32-n)))
-
-static
-void pi1(uint32_t* a){
- a[1] = ROTL32(a[1], 1);
- a[2] = ROTL32(a[2], 5);
- a[3] = ROTL32(a[3], 2);
-}
-
-static
-void pi2(uint32_t* a){
- a[1] = ROTR32(a[1], 1);
- a[2] = ROTR32(a[2], 5);
- a[3] = ROTR32(a[3], 2);
-}
-
-static
-void theta(const uint32_t* k, uint32_t* a){
- uint32_t temp;
-
- temp = a[0] ^ a[2]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
- a[1] ^= temp;
- a[3] ^= temp;
-
- a[0] ^= k[0];
- a[1] ^= k[1];
- a[2] ^= k[2];
- a[3] ^= k[3];
-
- temp = a[1] ^ a[3]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
- a[0] ^= temp;
- a[2] ^= temp;
-
-}
-
-static
-void noekeon_round(uint32_t* key, uint32_t* state, uint8_t const1, uint8_t const2){
- ((uint8_t*)state)[RC_POS] ^= const1;
- theta(key, state);
- ((uint8_t*)state)[RC_POS] ^= const2;
- pi1(state);
- gamma(state);
- pi2(state);
-}
-
-uint8_t rc_tab[]
-#ifdef __AVR__
- PROGMEM
-#endif
- = {
-/* 0x80, */
- 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A,
- 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A,
- 0xD4
-};
-/* for more rounds
- 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39,
- 0x72, 0xE4, 0xD3, 0xBD, 0x61, 0xC2, 0x9F, 0x25,
-*/
-
-static
-void changendian32(void* a){
- ((uint8_t*)a)[0] ^= ((uint8_t*)a)[3];
- ((uint8_t*)a)[3] ^= ((uint8_t*)a)[0];
- ((uint8_t*)a)[0] ^= ((uint8_t*)a)[3];
-
- ((uint8_t*)a)[1] ^= ((uint8_t*)a)[2];
- ((uint8_t*)a)[2] ^= ((uint8_t*)a)[1];
- ((uint8_t*)a)[1] ^= ((uint8_t*)a)[2];
-}
-
-static
-void changendian(void* a){
- changendian32((uint32_t*)(&(((uint32_t*)a)[0])));
- changendian32((uint32_t*)(&(((uint32_t*)a)[1])));
- changendian32((uint32_t*)(&(((uint32_t*)a)[2])));
- changendian32((uint32_t*)(&(((uint32_t*)a)[3])));
-}
-
-/******************************************************************************/
-
-void noekeon_enc(void* buffer, const void* key){
- uint8_t rc=0x80;
- uint8_t keyb[16];
- int8_t i;
-
- memcpy(keyb, key, 16);
- changendian(buffer);
- changendian(keyb);
-
- for(i=0; i<ROUND_NR; ++i){
- noekeon_round((uint32_t*)keyb, (uint32_t*)buffer, rc, 0);
-#ifdef __AVR__
- rc = pgm_read_byte(rc_tab+i);
-#else
- rc = rc_tab[i];
-#endif
- }
- ((uint8_t*)buffer)[RC_POS] ^= rc;
- theta((uint32_t*)keyb, (uint32_t*)buffer);
-
- changendian(buffer);
-}
-
-
-void noekeon_dec(void* buffer, const void* key){
- uint8_t rc;
- int8_t i;
- uint8_t nullv[16];
- uint8_t dkey[16];
-
-
- changendian(buffer);
-
- memset(nullv, 0, 16);
- memcpy(dkey, key, 16);
- changendian(dkey);
-
- theta((uint32_t*)nullv, (uint32_t*)dkey);
-// cli_putstr_P(PSTR("\r\nTheta: "));
-// cli_hexdump(dkey, 16);
-
- for(i=ROUND_NR-1; i>=0; --i){
-#ifdef __AVR__
- rc = pgm_read_byte(rc_tab+i);
-#else
- rc = rc_tab[i];
-#endif
- noekeon_round((uint32_t*)dkey, (uint32_t*)buffer, 0, rc);
- }
- theta((uint32_t*)dkey, (uint32_t*)buffer);
- ((uint8_t*)buffer)[RC_POS] ^= 0x80;
-
- changendian(buffer);
-}
-
-void noekeon_init(const void* key, noekeon_ctx_t* ctx){
- uint8_t nullv[16];
-
- memset(nullv, 0, 16);
- memcpy(ctx, key, 16);
- noekeon_enc(ctx, nullv);
-}
-
+++ /dev/null
-/* noekeon.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef NOEKEON_H_
-#define NOEKEON_H_
-
-/**
- * \file noekeon.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-04-11
- * \license GPLv3 or later
- * \brief Implementation of the Noekeon block cipher
- * \ingroup Noekeon
- * This is an implementation of the Noekeon block cipher.
- * For more details on Noekeon see http://gro.noekeon.org/
- */
-
-#include <stdint.h>
-
-/** \typedef noekeon_ctx_t
- * \brief holds key data for indirect mode
- *
- * A variable of this type may hold the key data for the indirect mode.
- * For direct mode simply pass the key directly to the encryption or
- * decryption function.
- */
-typedef uint8_t noekeon_ctx_t[16];
-
-/** \fn void noekeon_enc(void* buffer, const void* key)
- * \brief noekeon encrytion funtion
- *
- * This function encrypts a block (64 bit = 8 byte) with the noekeon encrytion
- * algorithm. Due to the two modes of noekeon (direct mode and indirect mode)
- * the second parameter either points directly to the key (direct mode) or to a
- * context generated by the noekeon_init() function (indirect mode).
- * \param buffer pointer to the 64 bit (8 byte) block to encrypt
- * \param key pointer to either the key (128 bit = 16 byte; direct mode) or
- * to the context (indirect mode)
- */
-void noekeon_enc(void* buffer, const void* key);
-
-/** \fn void noekeon_dec(void* buffer, const void* key)
- * \brief noekeon encrytion funtion
- *
- * This function decrypts a block (64 bit = 8 byte) encrypted with the noekeon
- * encrytion algorithm. Due to the two modes of noekeon (direct mode and
- * indirect mode) the second parameter either points directly to the key
- * (direct mode) or to a context generated by the noekeon_init() function
- * (indirect mode).
- * \param buffer pointer to the 64 bit (8 byte) block to decrypt
- * \param key pointer to either the key (128 bit = 16 byte; direct mode) or
- * to the context (indirect mode)
- */
-void noekeon_dec(void* buffer, const void* key);
-
-
-/** \fn void noekeon_init(const void* key, noekeon_ctx_t* ctx)
- * \brief noekeon context generation function for indirect mode
- *
- * This function generates a context from the supplied key for using
- * noekeon in indirect mode. For using noekeon in direct mode supply the key
- * direct to the noekeon_enc() and noekeon_dec() functions.
- * \param key pointer to the key (128 bit = 16 byte)
- * \param ctx pointer to the context to fill with key material
- * to the context (indirect mode)
- */
-void noekeon_init(const void* key, noekeon_ctx_t* ctx);
-
-#endif /*NOEKEON_H_*/
+++ /dev/null
-/* noekeon_asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * noekeon assembler implementation for avr
- * author: Daniel Otte
- * email: daniel.otte@rub.de
- * license: GPLv3
- */
-
-#include <avr/io.h>
-
-.macro push_all
- push r2
- push r3
- push r4
- push r5
- push r6
- push r7
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
-.endm
-
-.macro pop_all
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- pop r7
- pop r6
- pop r5
- pop r4
- pop r3
- pop r2
- clr r1
-.endm
-
-push_all_func:
- pop r31
- pop r30
- push_all
- ijmp
-
-pop_all_func:
- pop r31
- pop r30
- pop_all
- ijmp
-
-.macro xchg a b
- eor \a, \b
- eor \b, \a
- eor \a, \b
-.endm
-
-.macro op32 op a b
- \op \a\()_0, \b\()_0
- \op \a\()_1, \b\()_1
- \op \a\()_2, \b\()_2
- \op \a\()_3, \b\()_3
-.endm
-
-
-.macro op32_4t op a b c d w x y z
- \op \a, \w
- \op \b, \x
- \op \c, \y
- \op \d, \z
-.endm
-
-
-.macro op32_prefix op p q a b c d w x y z
- \op \p\()\a, \q\()\w
- \op \p\()\b, \q\()\x
- \op \p\()\c, \q\()\y
- \op \p\()\d, \q\()\z
-.endm
-
-; === bigendian_rotl32 ===
-; this function rotates a 32bit bigendian word n bits to the left
-; param1: the 32-bit value
-; given in r25,r24,r23,r22 (r22 is most significant)
-; param2: the 8-bit parameter giving the number of bits to rotate
-; given in r20
-; return: the rotatet 32-bit word
-; given in r25,r24,r23,r22
-
-bigendian_rotl32:
- /* copy high bit of r22 to carry */
- mov r1, r22
-2:
- rol r1
-
- rol r25
- rol r24
- rol r23
- rol r22
-
- dec r20
- brne 2b
-bigendian_rotl32_exit:
- clr r1
- ret
-
-
-/******************************************************************************/
-
-; === bigendian_rotl32 ===
-; this function rotates a 32bit bigendian word n bits to the right
-; param1: the 32-bit value
-; given in r25,r24,r23,r22 (r22 is most significant)
-; param2: the 8-bit parameter giving the number of bits to rotate
-; given in r20
-; return: the rotatet 32-bit word
-; given in r25,r24,r23,r22
-
-bigendian_rotr32:
- /* copy high bit of r25 to carry */
-
- mov r1, r25
-2:
- ror r1
-
- ror r22
- ror r23
- ror r24
- ror r25
- dec r20
- brne 2b
-bigendian_rotr32_exit:
- clr r1
- ret
-
-/******************************************************************************/
-/*
-void theta(uint32_t* k, uint32_t* a){
- uint32_t temp;
- temp = a[0] ^ a[2]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
- a[1] ^= temp;
- a[3] ^= temp;
-
- a[0] ^= k[0];
- a[1] ^= k[1];
- a[2] ^= k[2];
- a[3] ^= k[3];
-
- temp = a[1] ^ a[3]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
- a[0] ^= temp;
- a[2] ^= temp;
-}
-*/
-
-round_const: .byte 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, \
- 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, \
- 0xD4
-
-;-- a[0]
-state0_0 = 2
-state0_1 = 3
-state0_2 = 4
-state0_3 = 5
-;-- a[1]
-state1_0 = 6
-state1_1 = 7
-state1_2 = 8
-state1_3 = 9
-;-- a[2]
-state2_0 = 10
-state2_1 = 11
-state2_2 = 12
-state2_3 = 13
-;-- a[3]
-state3_0 = 14
-state3_1 = 15
-state3_2 = 16
-state3_3 = 17
-
-; === theta ===
-;
-; param1: the state in r2-r17
-; param2: pointer to k in X (r26,r27)
-;
-temp_a = 18
-temp_b = 19
-temp_c = 20
-temp_d = 21
-
-theta:
- /* temp = a[0] ^ a[2]; temp ^= temp>>>8 ^ temp<<<8 */
- op32_prefix mov, temp_, state0_, a,b,c,d, 0,1,2,3
- op32_prefix eor, temp_, state2_, a,b,c,d, 0,1,2,3
-
- mov r1, temp_a
- eor r1, temp_b
- eor r1, temp_c
- eor r1, temp_d
-
- op32_prefix eor, temp_, r, a,b,c,d, 1,1,1,1
-
- /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */
- /* a[1] ^= temp */
- eor state1_0, temp_c
- eor state1_1, temp_d
- eor state1_2, temp_a
- eor state1_3, temp_b
- /* a[3] ^= temp */
- eor state3_0, temp_c
- eor state3_1, temp_d
- eor state3_2, temp_a
- eor state3_3, temp_b
-
- /* state ^ k (X points to K) */
- ldi r28, 2
- clr r29 /* Y points to r2 aka state0_0 */
- ldi temp_a, 16
-1:
- ld r1, X+
- ld r0, Y
- eor r1, r0
- st Y+, r1
- dec temp_a
- brne 1b
- sbiw r26, 16 /* set X back to key */
-
- mov temp_a, state1_0
- mov temp_b, state1_1
- mov temp_c, state1_2
- mov temp_d, state1_3
- eor temp_a, state3_0
- eor temp_b, state3_1
- eor temp_c, state3_2
- eor temp_d, state3_3
- mov r1, temp_a
- eor r1, temp_b
- eor r1, temp_c
- eor r1, temp_d
- eor temp_a, r1
- eor temp_b, r1
- eor temp_c, r1
- eor temp_d, r1
- /* temp is know a little bit mixed c,d,a,b (if abcd is normal order) */
- /* a[0] ^= temp */
- eor state0_0, temp_c
- eor state0_1, temp_d
- eor state0_2, temp_a
- eor state0_3, temp_b
- /* a[2] ^= temp */
- eor state2_0, temp_c
- eor state2_1, temp_d
- eor state2_2, temp_a
- eor state2_3, temp_b
-
- clr r1
- ret
-
-/******************************************************************************/
-#ifndef NOEKEON_NO_ENC
-; === noekeon_enc ===
-;
-; param1: pointer to buffer (r24,r25)
-; param2: pointer to k (r22,r23)
-;
-.global noekeon_enc
-noekeon_enc:
- rcall push_all_func
- /* load state */
- movw r26, r22
- ldi r28, 2
- clr r29 /* Y points at r2 aka state0_0 */
- movw r30, r24 /* Z points at state */
- push r30
- push r31
- ldi r22, 16
- push r22 /* 16 is also the number of rounds and gets pushed here */
-1:
- ld r0, Z+
- st Y+, r0
- dec r22
- brne 1b
- /* state loaded */
- push r1 /* push round constan2 (0x00) */
- ldi r20, 0x80
- push r20 /* push round constan2 (0x00) */
- rjmp 3f
-2:
- ldi r30, lo8(round_const+15)
- ldi r31, hi8(round_const+15)
- sub r30, r22
- sbci r31, 0
- clr r1
- push r1
- lpm r0, Z
- push r0
-3:
- rcall round /* pops rc2 & rc1 */
- pop r22
- dec r22
- push r22
- brne 2b
-
- pop r22
-
- ldi r22, 0xD4
- eor state0_3, r22
- rcall theta
-
- pop r31
- pop r30
- clr r29
- ldi r28, 2
- ldi r22, 16
-1:
- ld r0, Y+
- st Z+, r0
- dec r22
- brne 1b
-
- rcall pop_all_func
- ret
-#endif
-/******************************************************************************/
-/******************************************************************************/
-#ifndef NOEKEON_NO_DEC
-
-; === noekeon_dec ===
-;
-; param1: pointer to buffer/state (r24,r25)
-; param2: pointer to k (r22,r23)
-;
-.global noekeon_dec
-noekeon_dec:
- rcall push_all_func
- /* allocate 16 bytes on the stack */
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- sbiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
-
- adiw r30, 1
- /* push state pointer */
- push r24
- push r25
- movw r26, r22 /* move key ptr to X */
-
- /* set stackkey to zero */
- ldi r22, 16
-1: st Z+, r1
- dec r22
- brne 1b
-
- /* copy key to state */
- clr r29
- ldi r28, 2
- ldi r22, 16
-1: ld r0, X+
- st Y+, r0
- dec r22
- brne 1b
-
- movw r26, r30
- sbiw r26, 16 /* set X back to begining of stack key */
- rcall theta
-
- /* mov state to stackkey */
- clr r29
- ldi r28, 2
- ldi r22, 16
-1: ld r0, Y+
- st X+, r0
- dec r22
- brne 1b
- sbiw r26, 16 /* set X back to begining of stack key */
-
- /* move data from stateptr to state */
- pop r31
- pop r30
- push r30
- push r31
- clr r29
- ldi r28, 2
- ldi r22, 16
- push r22
-1: ld r0, Z+
- st Y+, r0
- dec r22
- brne 1b
-
-;--- snip 8< ----
-
- ldi r20, 0xD4
- push r20 /* push round constant2 (0xD4) */
- push r22 /* push round constan1 (0x00) */
- rjmp 3f
-2:
- ldi r30, lo8(round_const-1)
- ldi r31, hi8(round_const-1)
- clr r1
- add r30, r22
- adc r31, r1
- lpm r0, Z
- push r0
- push r1
-3:
- rcall round /* pops rc2 & rc1 */
- pop r22
- dec r22
- push r22
- brne 2b
-;----
- pop r22
-
- rcall theta
- ldi r22, 0x80
- eor state0_3, r22
-
-write_state_back:
- /* write state back */
- pop r31 /* pop state pointer */
- pop r30
- clr r29
- ldi r28, 2
- ldi r22, 16
-1:
- ld r0, Y+
- st Z+, r0
- dec r22
- brne 1b
-
- /* remove key from stack */
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- adiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
- rcall pop_all_func
- ret
-#endif
-/******************************************************************************/
-
-
-round:
- pop r24
- pop r25
- pop r1
- eor state0_3, r1
- rcall theta
- pop r1
- eor state0_3, r1
- push r25
- push r24
-pi_gamma_pi:
- ldi r30, pm_lo8(bigendian_rotl32)
- ldi r31, pm_hi8(bigendian_rotl32)
- rcall pi
- /* pi1 done; now gamma */
- rcall gamma_1
- /* a[0] <-> a[3] */
- xchg state0_0, state3_0
- xchg state0_1, state3_1
- xchg state0_2, state3_2
- xchg state0_3, state3_3
- /* a[2] ^= a[0] ^ a[1] ^ a[3] */
- op32 eor, state2, state0
- op32 eor, state2, state1
- op32 eor, state2, state3
-
- rcall gamma_1
- ldi r30, pm_lo8(bigendian_rotr32)
- ldi r31, pm_hi8(bigendian_rotr32)
- rcall pi
- ret
-
-gamma_1:
- /* a[1] ^= ~(a[3]|a[2])*/
- mov r1, state3_0
- or r1, state2_0
- com r1
- eor state1_0, r1
-
- mov r1, state3_1
- or r1, state2_1
- com r1
- eor state1_1, r1
-
- mov r1, state3_2
- or r1, state2_2
- com r1
- eor state1_2, r1
-
- mov r1, state3_3
- or r1, state2_3
- com r1
- eor state1_3, r1
-
- /* a[0] ^= a[2]&a[1] */
- mov r1, state2_0
- and r1, state1_0
- eor state0_0, r1
-
- mov r1, state2_1
- and r1, state1_1
- eor state0_1, r1
-
- mov r1, state2_2
- and r1, state1_2
- eor state0_2, r1
-
- mov r1, state2_3
- and r1, state1_3
- eor state0_3, r1
- ret
-
-pi:
- /* a[1] <<<= 1*/
- mov r22, state1_0
- mov r23, state1_1
- mov r24, state1_2
- mov r25, state1_3
- ldi r20, 1
- icall
- mov state1_0, r22
- mov state1_1, r23
- mov state1_2, r24
- mov state1_3, r25
- /* a[2] <<<= 5*/
- mov r22, state2_0
- mov r23, state2_1
- mov r24, state2_2
- mov r25, state2_3
- ldi r20, 5
- icall
- mov state2_0, r22
- mov state2_1, r23
- mov state2_2, r24
- mov state2_3, r25
- /* a[3] <<<= 2*/
- mov r22, state3_0
- mov r23, state3_1
- mov r24, state3_2
- mov r25, state3_3
- ldi r20, 2
- icall
- mov state3_0, r22
- mov state3_1, r23
- mov state3_2, r24
- mov state3_3, r25
- ret
-
-/******************************************************************************/
-
-/*
-void noekeon_init(void* key, noekeon_ctx_t* ctx){
- uint8_t nullv[16];
-
- memset(nullv, 0, 16);
- memcpy(ctx, key, 16);
- noekeon_enc(ctx, nullv);
-}
-*/
-
-#ifndef NOEKEON_NO_INIT
-
-.global noekeon_init
-noekeon_init:
-; === noekeon_init ===
-;
-; param1: pointer to key (r24,r25)
-; param2: pointer to context (r22,r23)
-;
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- sbiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
-
- movw r26, r22
- adiw r30, 1
- movw r22, r30
- /* set nullv(stack) to zero */
- ldi r20, 16
-1: st Z+, r1
- dec r20
- brne 1b
-
- /* copy key data to ctx */
- movw r30, r24
- ldi r20, 16
-1: ld r1, Z+
- st X+, r1
- dec r20
- brne 1b
- clr r1
-
- sbiw r26, 16
- movw r24, r26
- rcall noekeon_enc
-
- in r30, _SFR_IO_ADDR(SPL)
- in r31, _SFR_IO_ADDR(SPH)
- adiw r30, 16
- out _SFR_IO_ADDR(SPH), r31
- out _SFR_IO_ADDR(SPL), r30
- ret
-
-#endif
-
-
+++ /dev/null
-/* noekeon_cbc_enc.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-08-06
- * \license GPLv3 or later
- *
- *
- *
- */
-
-.macro push_ p1:req p2:vararg
- push \p1
-.ifnb \p2
- push_ \p2
-.endif
-.endm
-
-.macro pop_ p1:req p2:vararg
- pop \p1
-.ifnb \p2
- pop_ \p2
-.endif
-.endm
-
-.extern noekeon_enc
-
-/*
- * void noekeon_cbc_enc(void* buffer, uint8_t block_cnt, const void* key)
- */
-
-/* param buffer is passed in r24:r25
- * param block_cnt is passed in r22 (r23 is 0)
- * param key is passed in r20:r21
- */
-.global noekeon_cbc_enc
- noekeon_cbc_enc:
- push r22
- movw r22, r20
- push_ r22, r23, r24, r25
- rcall noekeon_enc
-1:
- pop_ r27, r26, r23, r22
- pop r16 /* block counter */
- dec r16
- breq 9f
- push r16
- /* xor blocks */
- movw r30, r26
- adiw r30, 16
- ldi r16, 16
-2:
- ld r17, X+
- ld r18, Z
- eor r18, r17
- st Z+, r18
- dec r16
- brne 2b
-
- /* call encryption function; X points to our new block */
- push_ r22, r23, r26, r27
- movw r24, r26
- rcall noekeon_enc
- rjmp 1b
-9:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef NOEKEON_CBC_ENC_H_
-#define NOEKEON_CBC_ENC_H_
-
-#include <stdint.h>
-#include "noekeon.h"
-
-void noekeon_cbc_enc(void* buffer, uint8_t block_cnt, const void* key);
-
-#endif /*NOEKEON_CBC_ENC_H_*/
+++ /dev/null
-/* noekeon_ctr.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-08-06
- * \license GPLv3 or later
- *
- *
- *
- */
-
-.extern noekeon_enc
-
-/*
- * void noekeon_ctr_next(void* buffer, const noekeon_ctr_ctx_t* ctx);
- */
-.global noekeon_ctr_next
-/*
- * param buffer passed in r24:r25
- * param ctx passed in r22:r23
- */
-noekeon_ctr_next:
- /* copy counter to buffer */
- movw r26, r24 /* copy buffer pointer to X */
- movw r30, r22 /* copy counter pointer to Z */
- ldi r16, 16
-1:
- ld r0, Z+
- st X+, r0
- dec r16
- brne 1b
- /* increment counter */
- movw r30, r22 /* copy counter pointer to Z */
- ldi r17, 1
- ldi r16, 15
- ld r0, Z
- add r0, r17
- st Z+, r0
-1:
- ld r0, Z
- adc r0, r1
- st Z+, r0
- dec r16
- brne 1b
- /* call encryption routine */
- /* we can leave the first param as is, but have to adjust the second to point to the key */
- //adiw r22, 16
- ldi r16, 16
- add r22, r16
- adc r23, r0
-// rcall noekeon_enc
-// ret
- rjmp noekeon_enc /* noekeon_enc will return for us */
+++ /dev/null
-/* noekeon_ctr.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-08-06
- * \license GPLv3 or later
- *
- *
- *
- */
-
-#ifndef NOEKEON_CTR_H_
-#define NOEKEON_CTR_H_
-
-#include <stdint.h>
-#include "noekeon.h"
-
-typedef struct{
- uint8_t counter[16];
- uint8_t key[16];
-}noekeon_ctr_ctx_t;
-
-void noekeon_ctr_next(void* buffer, const noekeon_ctr_ctx_t* ctx);
-
-#endif /*NOEKEON_CTR_H_*/
+++ /dev/null
-/* noekeon_prng.c */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * \author Daniel Otte
- * \date 2008-08-24
- * \license GPLv3 or later
- * \brief random number generator based on noekeon running in CFB-mode
- *
- */
-
-#include "noekeon.h"
-#include "memxor.h"
-#include <stdint.h>
-#include <string.h>
-
-static uint8_t random_state[16];
-static uint8_t random_key[16];
-static uint8_t i=0;
-
-uint8_t random8(void){
- static uint8_t sr[16];
-
- if(i==0){
- noekeon_enc(random_state, random_key);
- memcpy(sr, random_state, 16);
- i=15;
- return sr[15];
- }
- --i;
- return sr[i];
-}
-
-void random_block(void* dest){
- i=0;
- noekeon_enc(random_state, random_key);
- memcpy(dest, random_state, 16);
-}
-
-void srandom32(uint32_t seed){
- memcpy(random_key, &seed, 4);
-}
-
-void random_seed(const void* buffer){
- memcpy(random_key, buffer, 16);
-}
-
-void random_add(const void* buffer){
- memxor(random_key, buffer, 16);
-}
-
-
+++ /dev/null
-/* noekeon_prng.h */
-/*
- * This file is part of the AVR-Crypto-Lib.
- * Copyright (C) 2006, 2007, 2008 Daniel Otte (daniel.otte@rub.de)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * \author Daniel Otte
- * \date 2008-08-24
- * \license GPLv3 or later
- * \brief random number generator based on noekeon running in CFB-mode
- *
- */
-
-#ifndef PRNG_H_
-#define PRNG_H_
-
-#include <stdint.h>
-
-uint8_t random8(void);
-void random_block(void* dest);
-void srandom32(uint32_t seed);
-void random_seed(const void* buffer);
-void random_add(const void* buffer);
-
-#endif /* PRNG_H_*/
-
-
+++ /dev/null
-/* noekeon_omac.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-08-24
- * \license GPLv3 or later
- *
- *
- *
- */
-
-#include <avr/io.h>
-#include "avr-asm-macros.S"
-
-.extern noekeon_enc
-
-
-/******************************************************************************/
-
-/*
- * void noekeon_omac_init(noekeon_omac_ctx_t* ctx){
- * memset(ctx, 0, 16);
- * }
- */
-/*
- * param ctx in r24:r25
- */
-
-.global omac_noekeon_init
-omac_noekeon_init:
- movw r30, r24
- ldi r24, 16
-1:
- st Z+, r1
- dec r24
- brne 1b
- ret
-
-/******************************************************************************/
-
-/*
- * void omac_noekeon_tweak(uint8_t t, const void* key, noekeon_omac_ctx_t* ctx){
- * *ctx[15] = t;
- * noekeon_enc(ctx, key);
- * }
- */
-/*
- * param t in r24
- * param key in r22:r23
- * param ctx in r20:r21
- */
-.global omac_noekeon_tweak
-omac_noekeon_tweak:
- movw r30, r20
- std Z+15, r24
- movw r24, r20
- rjmp noekeon_enc
-
-/******************************************************************************/
-
-/*
- * void noekeon_omac_next(const void* buffer, const void* key, noekeon_omac_ctx_t* ctx){
- * memxor(ctx, buffer, 16);
- * noekeon_enc(ctx, key);
- * }
- */
-/*
- * param buffer in r24:r25
- * param key in r22:r23
- * param ctx in r20:r21
- */
-.global omac_noekeon_next
-omac_noekeon_next:
- movw r26, r20
- movw r30, r24
- ldi r24, 16
-1:
- ld r0, X
- ld r25, Z+
- eor r0, r25
- st X+, r0
- dec r24
- brne 1b
- movw r24, r20
- rjmp noekeon_enc
-
-/******************************************************************************/
-
-/*
- * void omac_noekeon_comppad(uint8_t* pad, const void* key, uint8_t length_b){
- * uint8_t c1,c2,r,j;
- * memset(pad, 0, 16);
- * noekeon_enc(pad, key);
- * r=(length_b==128)?1:2;
- * for(;r!=0;--r){
- * c1=0;
- * for(j=0;j<16;++j){
- * c2 = c1;
- * c1 = (pad[15-j])>>7;
- * pad[15-j] = ((pad[15-j])<<1) | c2;
- * }
- * if(c1){
- * pad[15] ^= 0x87;
- * }
- * }
- * if(length_b<128){
- * pad[(length_b)/8] ^= 0x80 >> (length_b%8);
- * }
- *}
- */
-/*
- * param pad in r24:r25
- * param key in r22:r23
- * param length_b in r20
- */
-.global omac_noekeon_comppad
-omac_noekeon_comppad:
- push_ r20, r24, r25
- ldi r20, 16
- movw r30, r24
-1:
- st Z+, r1
- dec r20
- brne 1b
- rcall noekeon_enc
- pop_ r31, r30, r20 /* now Z points at pad, and r20 contains length_b */
- ldi r21, 1
- clt
- cpi r20, 128
- breq 2f
- set
- inc r21
-2:
- adiw r30, 16
- ldi r24, 16
- clc
-3:
- ld r0, -Z
- rol r0
- st Z, r0
- dec r24
- brne 3b
-
- brcc 4f
- ldi r24, 0x87
- ldd r0, Z+15
- eor r0, r24
- std Z+15, r0
-4:
- dec r21
- brne 2b
- /* the B/P calculation is done, now we have only to insert the one for
- messages of a length != n*128 */
- brts 5f
- ret
-5:
- /* r20 contains the length in bits where a one must be appended via xor */
- mov r21, r20
- lsr r21
- lsr r21
- lsr r21
- add r30, r21
- adc r31, r1
- andi r20, 0x07
- ldi r21, 0x80
-6: tst r20
- breq 8f
-7: lsr r21
- dec r20
- brne 7b
-8:
- ld r24, Z
- eor r24, r21
- st Z, r24
- ret
-
-/******************************************************************************/
-
-/*
- * void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, noekeon_omac_ctx_t* ctx){
- * while(length_b>128){
- * omac_noekeon_next(buffer, key, ctx);
- * buffer = (uint8_t*)buffer +16;
- * length_b -= 128;
- * }
- * uint8_t pad[16];
- * omac_noekeon_comppad(pad, key, length_b);
- * memxor(pad, buffer, (length_b+7)/8);
- * omac_noekeon_next(pad, key, ctx);
- *}
- */
-/*
- * param buffer in r24:r25
- * param length_b in r22
- * param key in r20:r21
- * param ctx in r18:r19
- */
-.global omac_noekeon_last
-omac_noekeon_last:
- push_range 10, 16
- push_ r28, r29
- movw r28, r24 /* buffer */
- movw r12, r20 /* key */
- movw r14, r18 /* ctx */
- mov r16, r22 /* length_b */
-1:
- cpi r16, 129
- brlo 2f
- movw r22, r20
- movw r20, r18
- rcall omac_noekeon_next
- adiw r28, 16
- subi r16, 128
-2:
- stack_alloc 16
- adiw r30, 1
- movw r10, r30
- movw r24, r30
- movw r22, r12
- mov r20, r16
- rcall omac_noekeon_comppad
- movw r30, r10
- subi r16, -7
- lsr r16
- lsr r16
- lsr r16
- breq 4f
-3:
- ld r0, Z
- ld r24, Y+
- eor r0, r24
- st Z+, r0
- dec r16
- brne 3b
-4:
- movw r24, r10
- movw r22, r12
- movw r20, r14
- rcall omac_noekeon_next
- stack_free 16
-
- pop_ r29, r28
- pop_range 10, 16
- ret
-
-/******************************************************************************/
-
-/*
- *void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b,
- * const void* key, uint8_t t){
- * omac_noekeon_init(dest);
- * if(t!=0xff)
- * omac_noekeon_tweak(t,key,dest);
- * while(msglength_b>128){
- * omac_noekeon_next(msg, key, dest);
- * msg = (uint8_t*)msg +16;
- * msglength_b -= 128;
- * }
- * omac_noekeon_last(msg, msglength_b, key, dest);
- *}
- */
-/*
- * param dest in r24:r25
- * param msg in r22:r23
- * param msglength_b in r20:r21
- * param key in r18:r19
- * param t in r16
- */
-MSG0 = 28
-MSG1 = 29
-KEY0 = 10
-KEY1 = 11
-LEN0 = 12
-LEN1 = 13
-DST0 = 14
-DST1 = 15
-
-.global omac_noekeon
-omac_noekeon:
- push_ r28, r29
- push_range 10, 17
- movw MSG0, r22 /* msg */
- movw KEY0, r18 /* key */
- movw LEN0, r20 /* msglength_b */
- movw DST0, r24 /* dest */
- /* omac_noekeon_init(dest); */
- rcall omac_noekeon_init
- cpi r16, 0xff
- breq 1f
- mov r24, r16
- movw r22, KEY0
- movw r20, DST0
- /* omac_noekeon_tweak(t,key,dest); */
- rcall omac_noekeon_tweak
-1:
- movw r16, LEN0
- tst r17
- breq 4f
-3:
- movw r24, MSG0
- movw r22, KEY0
- movw r20, DST0
- /* omac_noekeon_next(msg, key, dest); */
- rcall omac_noekeon_next
- adiw MSG0, 16
- subi r16, 128
- sez
- sbci r17, 0 /* wont change Z if result is zero */
- brne 3b
-4:
- movw r24, MSG0
- mov r22, r16
- movw r20, KEY0
- movw r18, DST0
- /* omac_noekeon_last(msg, msglength_b, key, dest); */
- call omac_noekeon_last
-
- pop_range 10, 17
- pop_ r29, r28
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \license GPLv3 or later
- *
- *
- *
- */
-
-#ifndef NOEKEON_OMAC_H_
-#define NOEKEON_OMAC_H_
-
-#include "noekeon.h"
-#include <stdint.h>
-
-typedef uint8_t omac_noekeon_ctx_t[16];
-
-void omac_noekeon_init(omac_noekeon_ctx_t* ctx);
-void omac_noekeon_tweak(uint8_t t, const void* key, omac_noekeon_ctx_t* ctx);
-void omac_noekeon_next(const void* buffer, const void* key,
- omac_noekeon_ctx_t* ctx);
-void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key,
- omac_noekeon_ctx_t* ctx);
-void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b,
- const void* key, uint8_t t);
-
-#endif /*NOEKEON_OMAC_H_*/
+++ /dev/null
-#include "noekeon.h"
-#include "omac_noekeon.h"
-#include "memxor.h"
-#include <string.h>
-#include <stdint.h>
-
-
-void omac_noekeon_init(omac_noekeon_ctx_t* ctx){
- memset(ctx, 0, 16);
-}
-
-
-void omac_noekeon_tweak(uint8_t t, const void* key, omac_noekeon_ctx_t* ctx){
- *ctx[15] = t;
- noekeon_enc(ctx, key);
-}
-
-void omac_noekeon_next(const void* buffer, const void* key, omac_noekeon_ctx_t* ctx){
- memxor(ctx, buffer, 16);
- noekeon_enc(ctx, key);
-}
-
-static
-void omac_noekeon_comppad(uint8_t* pad, const void* key, uint8_t length_b){
- uint8_t c1,c2,r,j;
- memset(pad, 0, 16);
- noekeon_enc(pad, key);
- r=(length_b==128)?1:2;
- for(;r!=0;--r){
- c1=0;
- for(j=0;j<16;++j){
- c2 = c1;
- c1 = (pad[15-j])>>7;
- pad[15-j] = ((pad[15-j])<<1) | c2;
- }
- if(c1){
- pad[15] ^= 0x87;
- }
- }
- if(length_b<128){
- pad[(length_b)/8] ^= 0x80 >> (length_b%8);
- }
-}
-
-void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, omac_noekeon_ctx_t* ctx){
- while(length_b>128){
- omac_noekeon_next(buffer, key, ctx);
- buffer = (uint8_t*)buffer +16;
- length_b -= 128;
- }
- uint8_t pad[16];
- omac_noekeon_comppad(pad, key, length_b);
- memxor(pad, buffer, (length_b+7)/8);
- omac_noekeon_next(pad, key, ctx);
-}
-
-
-void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b,
- const void* key, uint8_t t){
- omac_noekeon_init(dest);
- if(t!=0xff)
- omac_noekeon_tweak(t,key,dest);
- while(msglength_b>128){
- omac_noekeon_next(msg, key, dest);
- msg = (uint8_t*)msg +16;
- msglength_b -= 128;
- }
- omac_noekeon_last(msg, msglength_b, key, dest);
-}
-
-
-
-
-
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
#include <stdint.h>
#include <string.h> /* memset() */
#include <avr/pgmspace.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "serpent.h"
#include "serpent-sboxes.h"
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
+++ /dev/null
-/* sha256-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; sha-256 implementation in assembler
-SHA256_BLOCK_BITS = 512
-SHA256_HASH_BITS = 256
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
- precall
- hexdump \length
- postcall
-.endm
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha256_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][h5][h6][h7][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha256_ctx2hash
-; === sha256_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha256_ctx structure
-; given in r23,r22
-sha256_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 8
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha256
-; === sha256 ===
-; this function calculates SHA-256 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha256:
-sha256_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r16, SPL
- in r17, SPH
- subi r16, 8*4+8
- sbci r17, 0
- in r0, SREG
- cli
- out SPL, r16
- out SPH, r17
- out SREG, r0
-
- push r25
- push r24
- inc r16
- adc r17, r1
-
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha256_init
- /* if length >= 512 */
-1:
- tst r11
- brne 4f
- tst r10
- brne 4f
- mov r19, r9
- cpi r19, 0x02
- brlo 4f
-
- movw r24, r16
- movw r22, r12
- rcall sha256_nextBlock
- ldi r19, 0x64
- add r22, r19
- adc r23, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha256_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha256_ctx2hash
-
-sha256_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 8*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SPH, r31
- out SREG, r0
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha256_lastBlock
-; === sha256_lastBlock ===
-; this function does padding & Co. for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1)
-
-
-sha256_lastBlock:
- cpi r21, 0x02
- brlo sha256_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 0x02
- subi r23, -2
- rjmp sha256_lastBlock
-sha256_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r1, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha256_lastBlock_post_copy
- mov r1, r18
-sha256_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha256_lastBlock_copy_loop
-sha256_lastBlock_post_copy:
-sha256_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha256_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*8+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha256_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha256_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha256_lastBlock_epilog
-sha256_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 8*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha256_nextBlock
-
-sha256_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r1, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
- clr r1
- clr r0
- ret
-
-/**/
-;###########################################################
-
-.global sha256_nextBlock
-; === sha256_nextBlock ===
-; this is the core function for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte)
-
-Bck1 = 12
-Bck2 = 13
-Bck3 = 14
-Bck4 = 15
-Func1 = 22
-Func2 = 23
-Func3 = 24
-Func4 = 25
-Accu1 = 16
-Accu2 = 17
-Accu3 = 18
-Accu4 = 19
-XAccu1 = 8
-XAccu2 = 9
-XAccu3 = 10
-XAccu4 = 11
-T1 = 4
-T2 = 5
-T3 = 6
-T4 = 7
-LoopC = 1
-/* byteorder: high number <--> high significance */
-sha256_nextBlock:
- ; initial, let's make some space ready for local vars
- push r4 /* replace push & pop by mem ops? */
- push r5
- push r6
- push r7
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha256_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
- push r18
- push r19
- push r24
- push r25 /* param1 will be needed later */
- ; now we fill the w array with message (think about endianess)
- adiw r26, 1 ; X++
- ldi r20, 16
-sha256_nextBlock_wcpyloop:
- ld r23, Z+
- ld r22, Z+
- ld r19, Z+
- ld r18, Z+
- st X+, r18
- st X+, r19
- st X+, r22
- st X+, r23
- dec r20
- brne sha256_nextBlock_wcpyloop
-/* for (i=16; i<64; ++i){
- w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16];
- } */
- /* r25,r24,r23,r24 (r21,r20) are function values
- r19,r18,r17,r16 are the accumulator
- r15,r14,r13,rBck1 are backup1
- r11,r10,r9 ,r8 are xor accu
- r1 is round counter */
-
- ldi r20, 64-16
- mov LoopC, r20
-sha256_nextBlock_wcalcloop:
- movw r30, r26 ; cp X to Z
- sbiw r30, 63
- sbiw r30, 1 ; substract 64 = 16*4
- ld Accu1, Z+
- ld Accu2, Z+
- ld Accu3, Z+
- ld Accu4, Z+ /* w[i] = w[i-16] */
- ld Bck1, Z+
- ld Bck2, Z+
- ld Bck3, Z+
- ld Bck4, Z+ /* backup = w[i-15] */
- /* now sigma 0 */
- mov Func1, Bck2
- mov Func2, Bck3
- mov Func3, Bck4
- mov Func4, Bck1 /* prerotated by 8 */
- ldi r20, 1
- rcall bitrotl
- movw XAccu1, Func1
- movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/
-sigma0_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- ror Bck1
- dec Func2
- brne sigma0_shr
- eor XAccu1, Bck1
- eor XAccu2, Bck2
- eor XAccu3, Bck3
- eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- ldd Func1, Z+7*4 /* now accu += w[i-7] */
- ldd Func2, Z+7*4+1
- ldd Func3, Z+7*4+2
- ldd Func4, Z+7*4+3
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- ldd Bck1, Z+12*4 /* now backup = w[i-2]*/
- ldd Bck2, Z+12*4+1
- ldd Bck3, Z+12*4+2
- ldd Bck4, Z+12*4+3
- /* now sigma 1 */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 1
- rcall bitrotr
- movw XAccu3, Func3
- movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */
-; movw Func1, Bck3
-; movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/
-sigma1_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- dec Func2
- brne sigma1_shr
- eor XAccu1, Bck2
- eor XAccu2, Bck3
- eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- /* now let's store the shit */
- st X+, Accu1
- st X+, Accu2
- st X+, Accu3
- st X+, Accu4
- dec LoopC
- breq 3f ; skip if zero
- rjmp sha256_nextBlock_wcalcloop
-3:
- /* we are finished with w array X points one byte post w */
-/* init a array */
- pop r31
- pop r30
- push r30
- push r31
- ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */
-init_a_array:
- ld r1, Z+
- st X+, r1
- dec r25
- brne init_a_array
-
-/* now the real fun begins */
-/* for (i=0; i<64; ++i){
- t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i];
- t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]);
- memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0];
- a[4] += t1;
- a[0] = t1 + t2;
- } */
- /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */
- sbiw r26, 8*4 /* X still points at a[7]+1*/
- movw r28, r26
- ldi r30, lo8(sha256_kv)
- ldi r31, hi8(sha256_kv)
- dec r27 /* X - (64*4 == 256) */
- ldi r25, 64
- mov LoopC, r25
-sha256_main_loop:
- /* now calculate t1 */
- /*CH(x,y,z) = (x&y)^((~x)&z)*/
- ldd T1, Y+5*4
- ldd T2, Y+5*4+1
- ldd T3, Y+5*4+2
- ldd T4, Y+5*4+3 /* y in T */
- ldd Func1, Y+4*4
- ldd Func2, Y+4*4+1
- ldd Func3, Y+4*4+2
- ldd Func4, Y+4*4+3 /* x in Func */
- ldd Bck1, Y+6*4
- ldd Bck2, Y+6*4+1
- ldd Bck3, Y+6*4+2
- ldd Bck4, Y+6*4+3 /* z in Bck */
- and T1, Func1
- and T2, Func2
- and T3, Func3
- and T4, Func4
- com Func1
- com Func2
- com Func3
- com Func4
- and Bck1, Func1
- and Bck2, Func2
- and Bck3, Func3
- and Bck4, Func4
- eor T1, Bck1
- eor T2, Bck2
- eor T3, Bck3
- eor T4, Bck4 /* done, CH(x,y,z) is in T */
- /* now SIGMA1(a[4]) */
- ldd Bck4, Y+4*4 /* think about using it from Func reg above*/
- ldd Bck1, Y+4*4+1
- ldd Bck2, Y+4*4+2
- ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotl /* rotr(x,6) */
- movw XAccu1, Func1
- movw XAccu3, Func3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 3
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- movw Func1, Bck3 /* this prerotates furteh 16 bits*/
- movw Func3, Bck1 /* so we have now prerotated by 24 bits*/
- ldi r20, 1
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* finished with SIGMA1, add it to T */
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4
- /* now we've to add a[7], w[i] and k[i] */
- ldd XAccu1, Y+4*7
- ldd XAccu2, Y+4*7+1
- ldd XAccu3, Y+4*7+2
- ldd XAccu4, Y+4*7+3
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add a[7] */
- ld XAccu1, X+
- ld XAccu2, X+
- ld XAccu3, X+
- ld XAccu4, X+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add w[i] */
- lpm XAccu1, Z+
- lpm XAccu2, Z+
- lpm XAccu3, Z+
- lpm XAccu4, Z+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add k[i] */ /* finished with t1 */
- /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/
- /* starting with MAJ(x,y,z) */
- ldd Func1, Y+4*0+0
- ldd Func2, Y+4*0+1
- ldd Func3, Y+4*0+2
- ldd Func4, Y+4*0+3 /* load x=a[0] */
- ldd XAccu1, Y+4*1+0
- ldd XAccu2, Y+4*1+1
- ldd XAccu3, Y+4*1+2
- ldd XAccu4, Y+4*1+3 /* load y=a[1] */
- and XAccu1, Func1
- and XAccu2, Func2
- and XAccu3, Func3
- and XAccu4, Func4 /* XAccu == (x & y) */
- ldd Bck1, Y+4*2+0
- ldd Bck2, Y+4*2+1
- ldd Bck3, Y+4*2+2
- ldd Bck4, Y+4*2+3 /* load z=a[2] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */
- ldd Func1, Y+4*1+0
- ldd Func2, Y+4*1+1
- ldd Func3, Y+4*1+2
- ldd Func4, Y+4*1+3 /* load y=a[1] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */
- /* SIGMA0(a[0]) */
- ldd Bck1, Y+4*0+0 /* we should combine this with above */
- ldd Bck2, Y+4*0+1
- ldd Bck3, Y+4*0+2
- ldd Bck4, Y+4*0+3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotr
- movw Accu1, Func1
- movw Accu3, Func3 /* Accu = shr(a[0], 2) */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotate by 16 bits */
- ldi r20, 3
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */
- mov Func1, Bck4
- mov Func2, Bck1
- mov Func3, Bck2
- mov Func4, Bck3 /* prerotate by 24 bits */
- ldi r20, 2
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */
- add Accu1, XAccu1 /* add previous result (MAJ)*/
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4
- /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/
- /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */
-
- ldi r21, 7*4
- adiw r28, 7*4
-a_shift_loop:
- ld r25, -Y /* warning: this is PREdecrement */
- std Y+4, r25
- dec r21
- brne a_shift_loop
-
- ldd Bck1, Y+4*4+0
- ldd Bck2, Y+4*4+1
- ldd Bck3, Y+4*4+2
- ldd Bck4, Y+4*4+3
- add Bck1, T1
- adc Bck2, T2
- adc Bck3, T3
- adc Bck4, T4
- std Y+4*4+0, Bck1
- std Y+4*4+1, Bck2
- std Y+4*4+2, Bck3
- std Y+4*4+3, Bck4
- add Accu1, T1
- adc Accu2, T2
- adc Accu3, T3
- adc Accu4, T4
- std Y+4*0+0, Accu1
- std Y+4*0+1, Accu2
- std Y+4*0+2, Accu3
- std Y+4*0+3, Accu4 /* a array updated */
-
-
- dec LoopC
- breq update_state
- rjmp sha256_main_loop ;brne sha256_main_loop
-update_state:
- /* update state */
- /* pointers to state should still exist on the stack ;-) */
- pop r31
- pop r30
- ldi r21, 8
-update_state_loop:
- ldd Accu1, Z+0
- ldd Accu2, Z+1
- ldd Accu3, Z+2
- ldd Accu4, Z+3
- ld Func1, Y+
- ld Func2, Y+
- ld Func3, Y+
- ld Func4, Y+
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- st Z+, Accu1
- st Z+, Accu2
- st Z+, Accu3
- st Z+, Accu4
- dec r21
- brne update_state_loop
- /* now we just have to update the length */
- adiw r30, 1 /* since we add 512, we can simply skip the LSB */
- ldi r21, 2
- ldi r22, 6
- ld r20, Z
- add r20, r21
- st Z+, r20
- clr r21
-sha256_nextBlock_fix_length:
- brcc sha256_nextBlock_epilog
- ld r20, Z
- adc r20, r21
- st Z+, r20
- dec r22
- brne sha256_nextBlock_fix_length
-
-; EPILOG
-sha256_nextBlock_epilog:
-/* now we should clean up the stack */
-
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- pop r7
- pop r6
- pop r5
- pop r4
- ret
-
-sha256_kv: ; round-key-vector stored in ProgMem
-.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c
-.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b
-.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9
-.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429
-.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272
-.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a
-.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e
-.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671
-
-
-;###########################################################
-
-.global sha256_init
-;uint32_t sha256_init_vector[]={
-; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
-; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 };
-;
-;void sha256_init(sha256_ctx_t *state){
-; state->length=0;
-; memcpy(state->h, sha256_init_vector, 8*4);
-;}
-; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha256_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha256_init_vector))
- ldi r31, hi8((sha256_init_vector))
- ldi r22, 32+8
-sha256_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha256_init_vloop
- ret
-
-sha256_init_vector:
-.word 0xE667, 0x6A09
-.word 0xAE85, 0xBB67
-.word 0xF372, 0x3C6E
-.word 0xF53A, 0xA54F
-.word 0x527F, 0x510E
-.word 0x688C, 0x9B05
-.word 0xD9AB, 0x1F83
-.word 0xCD19, 0x5BE0
-.word 0x0000, 0x0000
-.word 0x0000, 0x0000
-
-;###########################################################
-
-.global rotl32
-; === ROTL32 ===
-; function that rotates a 32 bit word to the left
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,r22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotl32:
- cpi r20, 8
- brlo bitrotl
- mov r21, r25
- mov r25, r24
- mov r24, r23
- mov r23, r22
- mov r22, r21
- subi r20, 8
- rjmp rotl32
-bitrotl:
- clr r21
- clc
-bitrotl_loop:
- tst r20
- breq fixrotl
- rol r22
- rol r23
- rol r24
- rol r25
- rol r21
- dec r20
- rjmp bitrotl_loop
-fixrotl:
- or r22, r21
- ret
-
-
-;###########################################################
-
-.global rotr32
-; === ROTR32 ===
-; function that rotates a 32 bit word to the right
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotr32:
- cpi r20, 8
- brlo bitrotr
- mov r21, r22
- mov r22, r23
- mov r23, r24
- mov r24, r25
- mov r25, r21
- subi r20, 8
- rjmp rotr32
-bitrotr:
- clr r21
- clc
-bitrotr_loop:
- tst r20
- breq fixrotr
- ror r25
- ror r24
- ror r23
- ror r22
- ror r21
- dec r20
- rjmp bitrotr_loop
-fixrotr:
- or r25, r21
- ret
-
-
-;###########################################################
-
-.global change_endian32
-; === change_endian32 ===
-; function that changes the endianess of a 32-bit word
-; param1: the 32-bit word
-; given in r25,r24,r23,22 (r25 is most significant)
-; modifys: r21, r22
-change_endian32:
- movw r20, r22 ; (r22,r23) --> (r20,r21)
- mov r22, r25
- mov r23, r24
- mov r24, r21
- mov r25, r20
- ret
-
+++ /dev/null
-/* sha256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha256.h
- * \author Daniel Otte
- * \date 2006-05-16
- * \license GPLv3 or later
- *
- */
-
-#ifndef SHA256_H_
-#define SHA256_H_
-
-#define __LITTLE_ENDIAN__
-
-
-#include <stdint.h>
-
-/** \def SHA256_HASH_BITS
- * defines the size of a SHA-256 hash value in bits
- */
-
-/** \def SHA256_HASH_BYTES
- * defines the size of a SHA-256 hash value in bytes
- */
-
-/** \def SHA256_BLOCK_BITS
- * defines the size of a SHA-256 input block in bits
- */
-
-/** \def SHA256_BLOCK_BYTES
- * defines the size of a SHA-256 input block in bytes
- */
-
-#define SHA256_HASH_BITS 256
-#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8)
-#define SHA256_BLOCK_BITS 512
-#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8)
-
-/** \typedef sha256_ctx_t
- * \brief SHA-256 context type
- *
- * A variable of this type may hold the state of a SHA-256 hashing process
- */
-typedef struct {
- uint32_t h[8];
- uint64_t length;
-} sha256_ctx_t;
-
-/** \typedef sha256_hash_t
- * \brief SHA-256 hash value type
- *
- * A variable of this type may hold the hash value produced by the
- * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function.
- */
-typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES];
-
-/** \fn void sha256_init(sha256_ctx_t *state)
- * \brief initialise a SHA-256 context
- *
- * This function sets a ::sha256_ctx_t to the initial values for hashing.
- * \param state pointer to the SHA-256 hashing context
- */
-void sha256_init(sha256_ctx_t *state);
-
-/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block)
- * \brief update the context with a given block
- *
- * This function updates the SHA-256 hash context by processing the given block
- * of fixed length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- */
-void sha256_nextBlock (sha256_ctx_t* state, const void* block);
-
-/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b)
- * \brief finalize the context with the given block
- *
- * This function finalizes the SHA-256 hash context by processing the given block
- * of variable length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- * \param length_b the length of the block in bits
- */
-void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b);
-
-/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state)
- * \brief convert the hash state into the hash value
- * This function reads the context and writes the hash value to the destination
- * \param dest pointer to the location where the hash value should be written
- * \param state pointer to the SHA-256 hash context
- */
-void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state);
-
-/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b)
- * \brief simple SHA-256 hashing function for direct hashing
- *
- * This function automaticaly hashes a given message of arbitary length with
- * the SHA-256 hashing algorithm.
- * \param dest pointer to the location where the hash value is going to be written to
- * \param msg pointer to the message thats going to be hashed
- * \param length_b length of the message in bits
- */
-void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b);
-
-#endif /*SHA256_H_*/
*/
#include <stdlib.h>
#include <string.h>
-#include "sha256.h"
+#include "sha256/sha256.h"
#include "config.h"
-#include "memxor.h"
+#include "memxor/memxor.h"
/*
+++ /dev/null
-/* sha1-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; SHA1 implementation in assembler for AVR
-SHA1_BLOCK_BITS = 512
-SHA1_HASH_BITS = 160
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-.macro delay
-/*
- push r0
- push r1
- clr r0
-1: clr r1
-2: dec r1
- brne 2b
- dec r0
- brne 1b
- pop r1
- pop r0 // */
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
-/*
- precall
- hexdump \length
- postcall
- // */
-.endm
-
-
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha1_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha1_ctx2hash
-; === sha1_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha1_ctx structure
-; given in r23,r22
-sha1_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 5
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha1
-; === sha1 ===
-; this function calculates SHA-1 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha1:
-sha1_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r16, SPL
- in r17, SPH
- subi r16, 5*4+8
- sbci r17, 0
- in r0, SREG
- cli
- out SPL, r16
- out SPH, r17
- out SREG, r0
-
- push r25
- push r24
- inc r16
- adc r17, r1
-
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha1_init
- /* if length >= 512 */
-1:
- tst r11
- brne 4f
- tst r10
- brne 4f
- mov r19, r9
- cpi r19, 0x02
- brlo 4f
-
- movw r24, r16
- movw r22, r12
- rcall sha1_nextBlock
- ldi r19, 0x64
- add r22, r19
- adc r23, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha1_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha1_ctx2hash
-
-sha1_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 5*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SPH, r31
- out SREG, r0
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha1_lastBlock
-; === sha1_lastBlock ===
-; this function does padding & Co. for calculating SHA-1 hashes
-; param1: the 16-bit pointer to sha1_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha1_lastBlock_localSpace = (SHA1_BLOCK_BITS/8+1)
-
-
-sha1_lastBlock:
- cpi r21, 0x02
- brlo sha1_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha1_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 2
- subi r23, -2
- rjmp sha1_lastBlock
-sha1_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r1, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64) /* ??? */
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha1_lastBlock_post_copy
- mov r1, r18
-sha1_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha1_lastBlock_copy_loop
-sha1_lastBlock_post_copy:
-sha1_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha1_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha1_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*5+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha1_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha1_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha1_lastBlock_epilog
-sha1_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 5*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha1_nextBlock
-
-sha1_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r1, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
- clr r1
- clr r0
- ret
-
-/**/
-;###########################################################
-
-.global sha1_nextBlock
-; === sha1_nextBlock ===
-; this is the core function for calculating SHA-1 hashes
-; param1: the 16-bit pointer to sha1_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha1_nextBlock_localSpace = (16+5+1)*4 ; 16 32-bit values for w array and 5 32-bit values for a array (total 84 byte)
-
-xtmp = 0
-xNULL = 1
-W1 = 10
-W2 = 11
-T1 = 12
-T2 = 13
-T3 = 14
-T4 = 15
-LoopC = 16
-S = 17
-tmp1 = 18
-tmp2 = 19
-tmp3 = 20
-tmp4 = 21
-F1 = 22
-F2 = 23
-F3 = 24
-F4 = 25
-
-/* byteorder: high number <--> high significance */
-sha1_nextBlock:
- ; initial, let's make some space ready for local vars
- /* replace push & pop by mem ops? */
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack /* maybe removeable? */
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha1_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha1_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- push r18
- push r19 /* push old SP on new stack */
- push r24
- push r25 /* param1 will be needed later */
-
- /* load a[] with state */
- movw 28, r24 /* load pointer to state in Y */
- adiw r26, 1 ; X++
-
- ldi LoopC, 5*4
-1: ld tmp1, Y+
- st X+, tmp1
- dec LoopC
- brne 1b
-
- movw W1, r26 /* save pointer to w[0] */
- /* load w[] with endian fixed message */
- /* we might also use the changeendian32() function at bottom */
- movw r30, r22 /* mv param2 (ponter to msg) to Z */
- ldi LoopC, 16
-1:
- ldd tmp1, Z+3
- st X+, tmp1
- ldd tmp1, Z+2
- st X+, tmp1
- ldd tmp1, Z+1
- st X+, tmp1
- ld tmp1, Z
- st X+, tmp1
- adiw r30, 4
- dec LoopC
- brne 1b
-
- ;clr LoopC /* LoopC is named t in FIPS 180-2 */
- clr xtmp
-sha1_nextBlock_mainloop:
- mov S, LoopC
- lsl S
- lsl S
- andi S, 0x3C /* S is a bytepointer so *4 */
- /* load w[s] */
- movw r26, W1
- add r26, S /* X points at w[s] */
- adc r27, xNULL
- ld T1, X+
- ld T2, X+
- ld T3, X+
- ld T4, X+
-
- /**/
- push r26
- push r27
- push T4
- push T3
- push T2
- push T1
- in r26, SPL
- in r27, SPH
- adiw r26, 1
- dbg_hexdump 4
- pop T1
- pop T2
- pop T3
- pop T4
- pop r27
- pop r26
- /**/
-
- cpi LoopC, 16
- brlt sha1_nextBlock_mainloop_core
- /* update w[s] */
- ldi tmp1, 2*4
- rcall 1f
- ldi tmp1, 8*4
- rcall 1f
- ldi tmp1, 13*4
- rcall 1f
- rjmp 2f
-1: /* this might be "outsourced" to save the jump above */
- add tmp1, S
- andi tmp1, 0x3f
- movw r26, W1
- add r26, tmp1
- adc r27, xNULL
- ld tmp2, X+
- eor T1, tmp2
- ld tmp2, X+
- eor T2, tmp2
- ld tmp2, X+
- eor T3, tmp2
- ld tmp2, X+
- eor T4, tmp2
- ret
-2: /* now we just hav to do a ROTL(T) and save T back */
- mov tmp2, T4
- rol tmp2
- rol T1
- rol T2
- rol T3
- rol T4
- movw r26, W1
- add r26, S
- adc r27, xNULL
- st X+, T1
- st X+, T2
- st X+, T3
- st X+, T4
-
-sha1_nextBlock_mainloop_core: /* ther core function; T=ROTL5(a) ....*/
- /* T already contains w[s] */
- movw r26, W1
- sbiw r26, 4*1 /* X points at a[4] aka e */
- ld tmp1, X+
- add T1, tmp1
- ld tmp1, X+
- adc T2, tmp1
- ld tmp1, X+
- adc T3, tmp1
- ld tmp1, X+
- adc T4, tmp1 /* T = w[s]+e */
- sbiw r26, 4*5 /* X points at a[0] aka a */
- ld F1, X+
- ld F2, X+
- ld F3, X+
- ld F4, X+
- mov tmp1, F4 /* X points at a[1] aka b */
- ldi tmp2, 5
-1:
- rol tmp1
- rol F1
- rol F2
- rol F3
- rol F4
- dec tmp2
- brne 1b
-
- add T1, F1
- adc T2, F2
- adc T3, F3
- adc T4, F4 /* T = ROTL(a,5) + e + w[s] */
-
- /* now we have to do this fucking conditional stuff */
- ldi r30, lo8(sha1_nextBlock_xTable)
- ldi r31, hi8(sha1_nextBlock_xTable)
- add r30, xtmp
- adc r31, xNULL
- lpm tmp1, Z
- cp tmp1, LoopC
- brne 1f
- inc xtmp
-1: ldi r30, lo8(sha1_nextBlock_KTable)
- ldi r31, hi8(sha1_nextBlock_KTable)
- lsl xtmp
- lsl xtmp
- add r30, xtmp
- adc r31, xNULL
- lsr xtmp
- lsr xtmp
-
- lpm tmp1, Z+
- add T1, tmp1
- lpm tmp1, Z+
- adc T2, tmp1
- lpm tmp1, Z+
- adc T3, tmp1
- lpm tmp1, Z+
- adc T4, tmp1
- /* T = ROTL(a,5) + e + kt + w[s] */
-
- /* Z-4 is just pointing to kt ... */
- movw r28, r26 /* copy X in Y */
- adiw r30, 3*4 /* now Z points to the rigth locatin in our jump-vector-table */
- lsr r31
- ror r30
-
- icall
- mov F1, tmp1
- icall
- mov F2, tmp1
- icall
- mov F3, tmp1
- icall
-
- add T1, F1
- adc T2, F2
- adc T3, F3
- adc T4, tmp1 /* T = ROTL5(a) + f_t(b,c,d) + e + k_t + w[s] */
- /* X points still at a[1] aka b, Y points at a[2] aka c */
- /* update a[] */
-sha1_nextBlock_update_a:
- /*first we move all vars in a[] "one up" e=d, d=c, c=b, b=a*/
- //adiw r28, 3*4 /* Y should point at a[4] aka e */
- movw r28, W1
- sbiw r28, 4
-
- ldi tmp2, 4*4
-1:
- ld tmp1, -Y
- std Y+4, tmp1
- dec tmp2
- brne 1b
- /* Y points at a[0] aka a*/
-
- movw r28, W1
- sbiw r28, 5*4
- /* store T in a[0] aka a */
- st Y+, T1
- st Y+, T2
- st Y+, T3
- st Y+, T4
- /* Y points at a[1] aka b*/
-
- /* rotate c */
- ldd T1, Y+1*4
- ldd T2, Y+1*4+1
- ldd T3, Y+1*4+2
- ldd T4, Y+1*4+3
- mov tmp1, T1
- ldi tmp2, 2
-1: ror tmp1
- ror T4
- ror T3
- ror T2
- ror T1
- dec tmp2
- brne 1b
- std Y+1*4+0, T1
- std Y+1*4+1, T2
- std Y+1*4+2, T3
- std Y+1*4+3, T4
-
- push r27
- push r26
- movw r26, W1
- sbiw r26, 4*5
- dbg_hexdump 4*5
- pop r26
- pop r27
-
- inc LoopC
- cpi LoopC, 80
- brge 1f
- rjmp sha1_nextBlock_mainloop
-/**************************************/
-1:
- /* littel patch */
- sbiw r28, 4
-
-/* add a[] to state and inc length */
- pop r27
- pop r26 /* now X points to state (and Y still at a[0]) */
- ldi tmp4, 5
-1: clc
- ldi tmp3, 4
-2: ld tmp1, X
- ld tmp2, Y+
- adc tmp1, tmp2
- st X+, tmp1
- dec tmp3
- brne 2b
- dec tmp4
- brne 1b
-
- /* now length += 512 */
- adiw r26, 1 /* we skip the least significant byte */
- ld tmp1, X
- ldi tmp2, hi8(512) /* 2 */
- add tmp1, tmp2
- st X+, tmp1
- ldi tmp2, 6
-1:
- ld tmp1, X
- adc tmp1, xNULL
- st X+, tmp1
- dec tmp2
- brne 1b
-
-; EPILOG
-sha1_nextBlock_epilog:
-/* now we should clean up the stack */
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- ret
-
-sha1_nextBlock_xTable:
-.byte 20,40,60,0
-sha1_nextBlock_KTable:
-.int 0x5a827999
-.int 0x6ed9eba1
-.int 0x8f1bbcdc
-.int 0xca62c1d6
-sha1_nextBlock_JumpTable:
-rjmp sha1_nextBlock_Ch
- nop
-rjmp sha1_nextBlock_Parity
- nop
-rjmp sha1_nextBlock_Maj
- nop
-rjmp sha1_nextBlock_Parity
-
- /* X and Y still point at a[1] aka b ; return value in tmp1 */
-sha1_nextBlock_Ch:
- ld tmp1, Y+
- mov tmp2, tmp1
- com tmp2
- ldd tmp3, Y+3 /* load from c */
- and tmp1, tmp3
- ldd tmp3, Y+7 /* load from d */
- and tmp2, tmp3
- eor tmp1, tmp2
- ret
-
-sha1_nextBlock_Maj:
- ld tmp1, Y+
- mov tmp2, tmp1
- ldd tmp3, Y+3 /* load from c */
- and tmp1, tmp3
- ldd tmp4, Y+7 /* load from d */
- and tmp2, tmp4
- eor tmp1, tmp2
- and tmp3, tmp4
- eor tmp1, tmp3
- ret
-
-sha1_nextBlock_Parity:
- ld tmp1, Y+
- ldd tmp2, Y+3 /* load from c */
- eor tmp1, tmp2
- ldd tmp2, Y+7 /* load from d */
- eor tmp1, tmp2
- ret
-/*
-ch_str: .asciz "\r\nCh"
-maj_str: .asciz "\r\nMaj"
-parity_str: .asciz "\r\nParity"
-*/
-;###########################################################
-
-.global sha1_init
-;void sha1_init(sha1_ctx_t *state){
-; DEBUG_S("\r\nSHA1_INIT");
-; state->h[0] = 0x67452301;
-; state->h[1] = 0xefcdab89;
-; state->h[2] = 0x98badcfe;
-; state->h[3] = 0x10325476;
-; state->h[4] = 0xc3d2e1f0;
-; state->length = 0;
-;}
-; param1: (Func3,r24) 16-bit pointer to sha1_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha1_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha1_init_vector))
- ldi r31, hi8((sha1_init_vector))
- ldi r22, 5*4 /* bytes to copy */
-sha1_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha1_init_vloop
- ldi r22, 8
-sha1_init_lloop:
- st X+, r1
- dec r22
- brne sha1_init_lloop
- ret
-
-sha1_init_vector:
-.int 0x67452301;
-.int 0xefcdab89;
-.int 0x98badcfe;
-.int 0x10325476;
-.int 0xc3d2e1f0;
-
+++ /dev/null
-/* sha1.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha1.h
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2006-10-08
- * \license GPLv3 or later
- * \brief SHA-1 declaration.
- * \ingroup SHA-1
- *
- */
-
-#ifndef SHA1_H_
-#define SHA1_H_
-
-#include <stdint.h>
-/** \def SHA1_HASH_BITS
- * definees the size of a SHA-1 hash in bits
- */
-
-/** \def SHA1_HASH_BYTES
- * definees the size of a SHA-1 hash in bytes
- */
-
-/** \def SHA1_BLOCK_BITS
- * definees the size of a SHA-1 input block in bits
- */
-
-/** \def SHA1_BLOCK_BYTES
- * definees the size of a SHA-1 input block in bytes
- */
-#define SHA1_HASH_BITS 160
-#define SHA1_HASH_BYTES (SHA1_HASH_BITS/8)
-#define SHA1_BLOCK_BITS 512
-#define SHA1_BLOCK_BYTES (SHA1_BLOCK_BITS/8)
-
-/** \typedef sha1_ctx_t
- * \brief SHA-1 context type
- *
- * A vatiable of this type may hold the state of a SHA-1 hashing process
- */
-typedef struct {
- uint32_t h[5];
- uint64_t length;
-} sha1_ctx_t;
-
-/** \typedef sha1_hash_t
- * \brief hash value type
- * A variable of this type may hold a SHA-1 hash value
- */
-typedef uint8_t sha1_hash_t[SHA1_HASH_BITS/8];
-
-/** \fn sha1_init(sha1_ctx_t *state)
- * \brief initializes a SHA-1 context
- * This function sets a ::sha1_ctx_t variable to the initialization vector
- * for SHA-1 hashing.
- * \param state pointer to the SHA-1 context variable
- */
-void sha1_init(sha1_ctx_t *state);
-
-/** \fn sha1_nextBlock(sha1_ctx_t *state, const void* block)
- * \brief process one input block
- * This function processes one input block and updates the hash context
- * accordingly
- * \param state pointer to the state variable to update
- * \param block pointer to the message block to process
- */
-void sha1_nextBlock (sha1_ctx_t *state, const void* block);
-
-/** \fn sha1_lastBlock(sha1_ctx_t *state, const void* block, uint16_t length_b)
- * \brief processes the given block and finalizes the context
- * This function processes the last block in a SHA-1 hashing process.
- * The block should have a maximum length of a single input block.
- * \param state pointer to the state variable to update and finalize
- * \param block pointer to themessage block to process
- * \param length_b length of the message block in bits
- */
-void sha1_lastBlock (sha1_ctx_t *state, const void* block, uint16_t length_b);
-
-/** \fn sha1_ctx2hash(sha1_hash_t *dest, sha1_ctx_t *state)
- * \brief convert a state variable into an actual hash value
- * Writes the hash value corresponding to the state to the memory pointed by dest.
- * \param dest pointer to the hash value destination
- * \param state pointer to the hash context
- */
-void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state);
-
-/** \fn sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b)
- * \brief hashing a message which in located entirely in RAM
- * This function automatically hashes a message which is entirely in RAM with
- * the SHA-1 hashing algorithm.
- * \param dest pointer to the hash value destination
- * \param msg pointer to the message which should be hashed
- * \param length_b length of the message in bits
- */
-void sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b);
-
-
-
-#endif /*SHA1_H_*/
#include <stdint.h>
#include <string.h>
-#include "sha1.h"
+#include "sha1/sha1.h"
#include "shacal1_enc.h"
void shacal1_enc(void* buffer, void* key, uint16_t keysize_b){
+++ /dev/null
-/* sha256-asm.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
- * Author: Daniel Otte
- *
- * License: GPLv3 or later
-*/
-; sha-256 implementation in assembler
-SHA256_BLOCK_BITS = 512
-SHA256_HASH_BITS = 256
-
-.macro precall
- /* push r18 - r27, r30 - r31*/
- push r0
- push r1
- push r18
- push r19
- push r20
- push r21
- push r22
- push r23
- push r24
- push r25
- push r26
- push r27
- push r30
- push r31
- clr r1
-.endm
-
-.macro postcall
- pop r31
- pop r30
- pop r27
- pop r26
- pop r25
- pop r24
- pop r23
- pop r22
- pop r21
- pop r20
- pop r19
- pop r18
- pop r1
- pop r0
-.endm
-
-
-.macro hexdump length
- push r27
- push r26
- ldi r25, '\r'
- mov r24, r25
- call uart_putc
- ldi r25, '\n'
- mov r24, r25
- call uart_putc
- pop r26
- pop r27
- movw r24, r26
-.if \length > 16
- ldi r22, lo8(16)
- ldi r23, hi8(16)
- push r27
- push r26
- call uart_hexdump
- pop r26
- pop r27
- adiw r26, 16
- hexdump \length-16
-.else
- ldi r22, lo8(\length)
- ldi r23, hi8(\length)
- call uart_hexdump
-.endif
-.endm
-
-/* X points to Block */
-.macro dbg_hexdump length
- precall
- hexdump \length
- postcall
-.endm
-
-.section .text
-
-SPL = 0x3D
-SPH = 0x3E
-SREG = 0x3F
-
-
-;
-;sha256_ctx_t is:
-;
-; [h0][h1][h2][h3][h4][h5][h6][h7][length]
-; hn is 32 bit large, length is 64 bit large
-
-;###########################################################
-
-.global sha256_ctx2hash
-; === sha256_ctx2hash ===
-; this function converts a state into a normal hash (bytestring)
-; param1: the 16-bit destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to sha256_ctx structure
-; given in r23,r22
-sha256_ctx2hash:
- movw r26, r22
- movw r30, r24
- ldi r21, 8
- sbiw r26, 4
-1:
- ldi r20, 4
- adiw r26, 8
-2:
- ld r0, -X
- st Z+, r0
- dec r20
- brne 2b
-
- dec r21
- brne 1b
-
- ret
-
-;###########################################################
-
-.global sha256
-; === sha256 ===
-; this function calculates SHA-256 hashes from messages in RAM
-; param1: the 16-bit hash destination pointer
-; given in r25,r24 (r25 is most significant)
-; param2: the 16-bit pointer to message
-; given in r23,r22
-; param3: 32-bit length value (length of message in bits)
-; given in r21,r20,r19,r18
-sha256:
-sha256_prolog:
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r16
- push r17
- in r16, SPL
- in r17, SPH
- subi r16, 8*4+8
- sbci r17, 0
- in r0, SREG
- cli
- out SPL, r16
- out SPH, r17
- out SREG, r0
-
- push r25
- push r24
- inc r16
- adc r17, r1
-
- movw r8, r18 /* backup of length*/
- movw r10, r20
-
- movw r12, r22 /* backup pf msg-ptr */
-
- movw r24, r16
- rcall sha256_init
- /* if length >= 512 */
-1:
- tst r11
- brne 4f
- tst r10
- brne 4f
- mov r19, r9
- cpi r19, 0x02
- brlo 4f
-
- movw r24, r16
- movw r22, r12
- rcall sha256_nextBlock
- ldi r19, 0x64
- add r22, r19
- adc r23, r1
- /* length -= 512 */
- ldi r19, 0x02
- sub r9, r19
- sbc r10, r1
- sbc r11, r1
- rjmp 1b
-
-4:
- movw r24, r16
- movw r22, r12
- movw r20, r8
- rcall sha256_lastBlock
-
- pop r24
- pop r25
- movw r22, r16
- rcall sha256_ctx2hash
-
-sha256_epilog:
- in r30, SPL
- in r31, SPH
- adiw r30, 8*4+8
- in r0, SREG
- cli
- out SPL, r30
- out SPH, r31
- out SREG, r0
- pop r17
- pop r16
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- ret
-
-;###########################################################
-
-
-; block MUST NOT be larger than 64 bytes
-
-.global sha256_lastBlock
-; === sha256_lastBlock ===
-; this function does padding & Co. for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-; param3: an 16-bit integer specifing length of block in bits
-; given in r21,r20
-sha256_lastBlock_localSpace = (SHA256_BLOCK_BITS/8+1)
-
-
-sha256_lastBlock:
- cpi r21, 0x02
- brlo sha256_lastBlock_prolog
- push r25
- push r24
- push r23
- push r22
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r22
- pop r23
- pop r24
- pop r25
- subi r21, 0x02
- subi r23, -2
- rjmp sha256_lastBlock
-sha256_lastBlock_prolog:
- /* allocate space on stack */
- in r30, SPL
- in r31, SPH
- in r1, SREG
- subi r30, lo8(64)
- sbci r31, hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
-
- adiw r30, 1 /* SP points to next free byte on stack */
- mov r18, r20 /* r20 = LSB(length) */
- lsr r18
- lsr r18
- lsr r18
- bst r21, 0 /* may be we should explain this ... */
- bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
-
-
- movw r26, r22 /* X points to begin of msg */
- tst r18
- breq sha256_lastBlock_post_copy
- mov r1, r18
-sha256_lastBlock_copy_loop:
- ld r0, X+
- st Z+, r0
- dec r1
- brne sha256_lastBlock_copy_loop
-sha256_lastBlock_post_copy:
-sha256_lastBlock_insert_stuffing_bit:
- ldi r19, 0x80
- mov r0,r19
- ldi r19, 0x07
- and r19, r20 /* if we are in bitmode */
- breq 2f /* no bitmode */
-1:
- lsr r0
- dec r19
- brne 1b
- ld r19, X
-/* maybe we should do some ANDing here, just for safety */
- or r0, r19
-2:
- st Z+, r0
- inc r18
-
-/* checking stuff here */
- cpi r18, 64-8+1
- brsh 0f
- rjmp sha256_lastBlock_insert_zeros
-0:
- /* oh shit, we landed here */
- /* first we have to fill it up with zeros */
- ldi r19, 64
- sub r19, r18
- breq 2f
-1:
- st Z+, r1
- dec r19
- brne 1b
-2:
- sbiw r30, 63
- sbiw r30, 1
- movw r22, r30
-
- push r31
- push r30
- push r25
- push r24
- push r21
- push r20
- rcall sha256_nextBlock
- pop r20
- pop r21
- pop r24
- pop r25
- pop r30
- pop r31
-
- /* now we should subtract 512 from length */
- movw r26, r24
- adiw r26, 4*8+1 /* we can skip the lowest byte */
- ld r19, X
- subi r19, hi8(512)
- st X+, r19
- ldi r18, 6
-1:
- ld r19, X
- sbci r19, 0
- st X+, r19
- dec r18
- brne 1b
-
-; clr r18 /* not neccessary ;-) */
- /* reset Z pointer to begin of block */
-
-sha256_lastBlock_insert_zeros:
- ldi r19, 64-8
- sub r19, r18
- breq sha256_lastBlock_insert_length
- clr r1
-1:
- st Z+, r1 /* r1 is still zero */
- dec r19
- brne 1b
-
-; rjmp sha256_lastBlock_epilog
-sha256_lastBlock_insert_length:
- movw r26, r24 /* X points to state */
- adiw r26, 8*4 /* X points to (state.length) */
- adiw r30, 8 /* Z points one after the last byte of block */
- ld r0, X+
- add r0, r20
- st -Z, r0
- ld r0, X+
- adc r0, r21
- st -Z, r0
- ldi r19, 6
-1:
- ld r0, X+
- adc r0, r1
- st -Z, r0
- dec r19
- brne 1b
-
- sbiw r30, 64-8
- movw r22, r30
- rcall sha256_nextBlock
-
-sha256_lastBlock_epilog:
- in r30, SPL
- in r31, SPH
- in r1, SREG
- adiw r30, 63 ; lo8(64)
- adiw r30, 1 ; hi8(64)
- cli
- out SPL, r30
- out SPH, r31
- out SREG,r1
- clr r1
- clr r0
- ret
-
-/**/
-;###########################################################
-
-.global sha256_nextBlock
-; === sha256_nextBlock ===
-; this is the core function for calculating SHA-256 hashes
-; param1: the 16-bit pointer to sha256_ctx structure
-; given in r25,r24 (r25 is most significant)
-; param2: an 16-bit pointer to 64 byte block to hash
-; given in r23,r22
-sha256_nextBlock_localSpace = (64+8)*4 ; 64 32-bit values for w array and 8 32-bit values for a array (total 288 byte)
-
-Bck1 = 12
-Bck2 = 13
-Bck3 = 14
-Bck4 = 15
-Func1 = 22
-Func2 = 23
-Func3 = 24
-Func4 = 25
-Accu1 = 16
-Accu2 = 17
-Accu3 = 18
-Accu4 = 19
-XAccu1 = 8
-XAccu2 = 9
-XAccu3 = 10
-XAccu4 = 11
-T1 = 4
-T2 = 5
-T3 = 6
-T4 = 7
-LoopC = 1
-/* byteorder: high number <--> high significance */
-sha256_nextBlock:
- ; initial, let's make some space ready for local vars
- push r4 /* replace push & pop by mem ops? */
- push r5
- push r6
- push r7
- push r8
- push r9
- push r10
- push r11
- push r12
- push r13
- push r14
- push r15
- push r16
- push r17
- push r28
- push r29
- in r20, SPL
- in r21, SPH
- movw r18, r20 ;backup SP
-; movw r26, r20 ; X points to free space on stack
- movw r30, r22 ; Z points to message
- subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63
- sbci r21, hi8(sha256_nextBlock_localSpace)
- movw r26, r20 ; X points to free space on stack
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
- push r18
- push r19
- push r24
- push r25 /* param1 will be needed later */
- ; now we fill the w array with message (think about endianess)
- adiw r26, 1 ; X++
- ldi r20, 16
-sha256_nextBlock_wcpyloop:
- ld r23, Z+
- ld r22, Z+
- ld r19, Z+
- ld r18, Z+
- st X+, r18
- st X+, r19
- st X+, r22
- st X+, r23
- dec r20
- brne sha256_nextBlock_wcpyloop
-/* for (i=16; i<64; ++i){
- w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16];
- } */
- /* r25,r24,r23,r24 (r21,r20) are function values
- r19,r18,r17,r16 are the accumulator
- r15,r14,r13,rBck1 are backup1
- r11,r10,r9 ,r8 are xor accu
- r1 is round counter */
-
- ldi r20, 64-16
- mov LoopC, r20
-sha256_nextBlock_wcalcloop:
- movw r30, r26 ; cp X to Z
- sbiw r30, 63
- sbiw r30, 1 ; substract 64 = 16*4
- ld Accu1, Z+
- ld Accu2, Z+
- ld Accu3, Z+
- ld Accu4, Z+ /* w[i] = w[i-16] */
- ld Bck1, Z+
- ld Bck2, Z+
- ld Bck3, Z+
- ld Bck4, Z+ /* backup = w[i-15] */
- /* now sigma 0 */
- mov Func1, Bck2
- mov Func2, Bck3
- mov Func3, Bck4
- mov Func4, Bck1 /* prerotated by 8 */
- ldi r20, 1
- rcall bitrotl
- movw XAccu1, Func1
- movw XAccu3, Func3 /* store ROTR(w[i-15],7) in xor accu */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-15], 18)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 3 /* now shr3 */ /*we can destroy backup now*/
-sigma0_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- ror Bck1
- dec Func2
- brne sigma0_shr
- eor XAccu1, Bck1
- eor XAccu2, Bck2
- eor XAccu3, Bck3
- eor XAccu4, Bck4 /* xor SHR(w[i-15], 3)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- ldd Func1, Z+7*4 /* now accu += w[i-7] */
- ldd Func2, Z+7*4+1
- ldd Func3, Z+7*4+2
- ldd Func4, Z+7*4+3
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- ldd Bck1, Z+12*4 /* now backup = w[i-2]*/
- ldd Bck2, Z+12*4+1
- ldd Bck3, Z+12*4+2
- ldd Bck4, Z+12*4+3
- /* now sigma 1 */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 1
- rcall bitrotr
- movw XAccu3, Func3
- movw XAccu1, Func1 /* store in ROTR(w[i-2], 17) xor accu */
-; movw Func1, Bck3
-; movw Func3, Bck1 /* prerotated by 16 */
- ldi r20, 2
- rcall bitrotr
- eor XAccu1, Func1 /* xor ROTR(w[i-2], 19)*/
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- ldi Func2, 2 /* now shr10 (dirty trick, skipping a byte) */ /*we can destroy backup now*/
-sigma1_shr:
- lsr Bck4
- ror Bck3
- ror Bck2
- dec Func2
- brne sigma1_shr
- eor XAccu1, Bck2
- eor XAccu2, Bck3
- eor XAccu3, Bck4 /* xor SHR(w[i-2], 10)*/ /* xor accu == sigma1(w[i-15]) */
- add Accu1, XAccu1
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4 /* finished with sigma0 */
- /* now let's store the shit */
- st X+, Accu1
- st X+, Accu2
- st X+, Accu3
- st X+, Accu4
- dec LoopC
- breq 3f ; skip if zero
- rjmp sha256_nextBlock_wcalcloop
-3:
- /* we are finished with w array X points one byte post w */
-/* init a array */
- pop r31
- pop r30
- push r30
- push r31
- ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */
-init_a_array:
- ld r1, Z+
- st X+, r1
- dec r25
- brne init_a_array
-
-/* now the real fun begins */
-/* for (i=0; i<64; ++i){
- t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i];
- t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]);
- memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0];
- a[4] += t1;
- a[0] = t1 + t2;
- } */
- /* Y points to a[0], Z ('cause lpm wants it) points to k[i], X points to w[i] */
- sbiw r26, 8*4 /* X still points at a[7]+1*/
- movw r28, r26
- ldi r30, lo8(sha256_kv)
- ldi r31, hi8(sha256_kv)
- dec r27 /* X - (64*4 == 256) */
- ldi r25, 64
- mov LoopC, r25
-sha256_main_loop:
- /* now calculate t1 */
- /*CH(x,y,z) = (x&y)^((~x)&z)*/
- ldd T1, Y+5*4
- ldd T2, Y+5*4+1
- ldd T3, Y+5*4+2
- ldd T4, Y+5*4+3 /* y in T */
- ldd Func1, Y+4*4
- ldd Func2, Y+4*4+1
- ldd Func3, Y+4*4+2
- ldd Func4, Y+4*4+3 /* x in Func */
- ldd Bck1, Y+6*4
- ldd Bck2, Y+6*4+1
- ldd Bck3, Y+6*4+2
- ldd Bck4, Y+6*4+3 /* z in Bck */
- and T1, Func1
- and T2, Func2
- and T3, Func3
- and T4, Func4
- com Func1
- com Func2
- com Func3
- com Func4
- and Bck1, Func1
- and Bck2, Func2
- and Bck3, Func3
- and Bck4, Func4
- eor T1, Bck1
- eor T2, Bck2
- eor T3, Bck3
- eor T4, Bck4 /* done, CH(x,y,z) is in T */
- /* now SIGMA1(a[4]) */
- ldd Bck4, Y+4*4 /* think about using it from Func reg above*/
- ldd Bck1, Y+4*4+1
- ldd Bck2, Y+4*4+2
- ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotl /* rotr(x,6) */
- movw XAccu1, Func1
- movw XAccu3, Func3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 3
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4
- movw Func1, Bck3 /* this prerotates furteh 16 bits*/
- movw Func3, Bck1 /* so we have now prerotated by 24 bits*/
- ldi r20, 1
- rcall bitrotr /* rotr(x,11) */
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* finished with SIGMA1, add it to T */
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4
- /* now we've to add a[7], w[i] and k[i] */
- ldd XAccu1, Y+4*7
- ldd XAccu2, Y+4*7+1
- ldd XAccu3, Y+4*7+2
- ldd XAccu4, Y+4*7+3
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add a[7] */
- ld XAccu1, X+
- ld XAccu2, X+
- ld XAccu3, X+
- ld XAccu4, X+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add w[i] */
- lpm XAccu1, Z+
- lpm XAccu2, Z+
- lpm XAccu3, Z+
- lpm XAccu4, Z+
- add T1, XAccu1
- adc T2, XAccu2
- adc T3, XAccu3
- adc T4, XAccu4 /* add k[i] */ /* finished with t1 */
- /*now t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]) */ /*i did to much x86 asm, i always see 4 32bit regs*/
- /* starting with MAJ(x,y,z) */
- ldd Func1, Y+4*0+0
- ldd Func2, Y+4*0+1
- ldd Func3, Y+4*0+2
- ldd Func4, Y+4*0+3 /* load x=a[0] */
- ldd XAccu1, Y+4*1+0
- ldd XAccu2, Y+4*1+1
- ldd XAccu3, Y+4*1+2
- ldd XAccu4, Y+4*1+3 /* load y=a[1] */
- and XAccu1, Func1
- and XAccu2, Func2
- and XAccu3, Func3
- and XAccu4, Func4 /* XAccu == (x & y) */
- ldd Bck1, Y+4*2+0
- ldd Bck2, Y+4*2+1
- ldd Bck3, Y+4*2+2
- ldd Bck4, Y+4*2+3 /* load z=a[2] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == (x & y) ^ (x & z) */
- ldd Func1, Y+4*1+0
- ldd Func2, Y+4*1+1
- ldd Func3, Y+4*1+2
- ldd Func4, Y+4*1+3 /* load y=a[1] */
- and Func1, Bck1
- and Func2, Bck2
- and Func3, Bck3
- and Func4, Bck4
- eor XAccu1, Func1
- eor XAccu2, Func2
- eor XAccu3, Func3
- eor XAccu4, Func4 /* XAccu == Maj(x,y,z) == (x & y) ^ (x & z) ^ (y & z) */
- /* SIGMA0(a[0]) */
- ldd Bck1, Y+4*0+0 /* we should combine this with above */
- ldd Bck2, Y+4*0+1
- ldd Bck3, Y+4*0+2
- ldd Bck4, Y+4*0+3
- movw Func1, Bck1
- movw Func3, Bck3
- ldi r20, 2
- rcall bitrotr
- movw Accu1, Func1
- movw Accu3, Func3 /* Accu = shr(a[0], 2) */
- movw Func1, Bck3
- movw Func3, Bck1 /* prerotate by 16 bits */
- ldi r20, 3
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 13) */
- mov Func1, Bck4
- mov Func2, Bck1
- mov Func3, Bck2
- mov Func4, Bck3 /* prerotate by 24 bits */
- ldi r20, 2
- rcall bitrotl
- eor Accu1, Func1
- eor Accu2, Func2
- eor Accu3, Func3
- eor Accu4, Func4 /* Accu ^= shr(a[0], 22) */
- add Accu1, XAccu1 /* add previous result (MAJ)*/
- adc Accu2, XAccu2
- adc Accu3, XAccu3
- adc Accu4, XAccu4
- /* now we are finished with the computing stuff (t1 in T, t2 in Accu)*/
- /* a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0]; */
-
- ldi r21, 7*4
- adiw r28, 7*4
-a_shift_loop:
- ld r25, -Y /* warning: this is PREdecrement */
- std Y+4, r25
- dec r21
- brne a_shift_loop
-
- ldd Bck1, Y+4*4+0
- ldd Bck2, Y+4*4+1
- ldd Bck3, Y+4*4+2
- ldd Bck4, Y+4*4+3
- add Bck1, T1
- adc Bck2, T2
- adc Bck3, T3
- adc Bck4, T4
- std Y+4*4+0, Bck1
- std Y+4*4+1, Bck2
- std Y+4*4+2, Bck3
- std Y+4*4+3, Bck4
- add Accu1, T1
- adc Accu2, T2
- adc Accu3, T3
- adc Accu4, T4
- std Y+4*0+0, Accu1
- std Y+4*0+1, Accu2
- std Y+4*0+2, Accu3
- std Y+4*0+3, Accu4 /* a array updated */
-
-
- dec LoopC
- breq update_state
- rjmp sha256_main_loop ;brne sha256_main_loop
-update_state:
- /* update state */
- /* pointers to state should still exist on the stack ;-) */
- pop r31
- pop r30
- ldi r21, 8
-update_state_loop:
- ldd Accu1, Z+0
- ldd Accu2, Z+1
- ldd Accu3, Z+2
- ldd Accu4, Z+3
- ld Func1, Y+
- ld Func2, Y+
- ld Func3, Y+
- ld Func4, Y+
- add Accu1, Func1
- adc Accu2, Func2
- adc Accu3, Func3
- adc Accu4, Func4
- st Z+, Accu1
- st Z+, Accu2
- st Z+, Accu3
- st Z+, Accu4
- dec r21
- brne update_state_loop
- /* now we just have to update the length */
- adiw r30, 1 /* since we add 512, we can simply skip the LSB */
- ldi r21, 2
- ldi r22, 6
- ld r20, Z
- add r20, r21
- st Z+, r20
- clr r21
-sha256_nextBlock_fix_length:
- brcc sha256_nextBlock_epilog
- ld r20, Z
- adc r20, r21
- st Z+, r20
- dec r22
- brne sha256_nextBlock_fix_length
-
-; EPILOG
-sha256_nextBlock_epilog:
-/* now we should clean up the stack */
-
- pop r21
- pop r20
- in r0, SREG
- cli ; we want to be uninterrupted while updating SP
- out SPL, r20
- out SPH, r21
- out SREG, r0
-
- clr r1
- pop r29
- pop r28
- pop r17
- pop r16
- pop r15
- pop r14
- pop r13
- pop r12
- pop r11
- pop r10
- pop r9
- pop r8
- pop r7
- pop r6
- pop r5
- pop r4
- ret
-
-sha256_kv: ; round-key-vector stored in ProgMem
-.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c
-.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b
-.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9
-.word 0x5152, 0x983e, 0xc66d, 0xa831, 0x27c8, 0xb003, 0x7fc7, 0xbf59, 0x0bf3, 0xc6e0, 0x9147, 0xd5a7, 0x6351, 0x06ca, 0x2967, 0x1429
-.word 0x0a85, 0x27b7, 0x2138, 0x2e1b, 0x6dfc, 0x4d2c, 0x0d13, 0x5338, 0x7354, 0x650a, 0x0abb, 0x766a, 0xc92e, 0x81c2, 0x2c85, 0x9272
-.word 0xe8a1, 0xa2bf, 0x664b, 0xa81a, 0x8b70, 0xc24b, 0x51a3, 0xc76c, 0xe819, 0xd192, 0x0624, 0xd699, 0x3585, 0xf40e, 0xa070, 0x106a
-.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e
-.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671
-
-
-;###########################################################
-
-.global sha256_init
-;uint32_t sha256_init_vector[]={
-; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
-; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 };
-;
-;void sha256_init(sha256_ctx_t *state){
-; state->length=0;
-; memcpy(state->h, sha256_init_vector, 8*4);
-;}
-; param1: (r23,r24) 16-bit pointer to sha256_ctx_t struct in ram
-; modifys: Z(r30,r31), Func1, r22
-sha256_init:
- movw r26, r24 ; (24,25) --> (26,27) load X with param1
- ldi r30, lo8((sha256_init_vector))
- ldi r31, hi8((sha256_init_vector))
- ldi r22, 32+8
-sha256_init_vloop:
- lpm r23, Z+
- st X+, r23
- dec r22
- brne sha256_init_vloop
- ret
-
-sha256_init_vector:
-.word 0xE667, 0x6A09
-.word 0xAE85, 0xBB67
-.word 0xF372, 0x3C6E
-.word 0xF53A, 0xA54F
-.word 0x527F, 0x510E
-.word 0x688C, 0x9B05
-.word 0xD9AB, 0x1F83
-.word 0xCD19, 0x5BE0
-.word 0x0000, 0x0000
-.word 0x0000, 0x0000
-
-;###########################################################
-
-.global rotl32
-; === ROTL32 ===
-; function that rotates a 32 bit word to the left
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,r22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotl32:
- cpi r20, 8
- brlo bitrotl
- mov r21, r25
- mov r25, r24
- mov r24, r23
- mov r23, r22
- mov r22, r21
- subi r20, 8
- rjmp rotl32
-bitrotl:
- clr r21
- clc
-bitrotl_loop:
- tst r20
- breq fixrotl
- rol r22
- rol r23
- rol r24
- rol r25
- rol r21
- dec r20
- rjmp bitrotl_loop
-fixrotl:
- or r22, r21
- ret
-
-
-;###########################################################
-
-.global rotr32
-; === ROTR32 ===
-; function that rotates a 32 bit word to the right
-; param1: the 32-bit word to rotate
-; given in r25,r24,r23,22 (r25 is most significant)
-; param2: an 8-bit value telling how often to rotate
-; given in r20
-; modifys: r21, r22
-rotr32:
- cpi r20, 8
- brlo bitrotr
- mov r21, r22
- mov r22, r23
- mov r23, r24
- mov r24, r25
- mov r25, r21
- subi r20, 8
- rjmp rotr32
-bitrotr:
- clr r21
- clc
-bitrotr_loop:
- tst r20
- breq fixrotr
- ror r25
- ror r24
- ror r23
- ror r22
- ror r21
- dec r20
- rjmp bitrotr_loop
-fixrotr:
- or r25, r21
- ret
-
-
-;###########################################################
-
-.global change_endian32
-; === change_endian32 ===
-; function that changes the endianess of a 32-bit word
-; param1: the 32-bit word
-; given in r25,r24,r23,22 (r25 is most significant)
-; modifys: r21, r22
-change_endian32:
- movw r20, r22 ; (r22,r23) --> (r20,r21)
- mov r22, r25
- mov r23, r24
- mov r24, r21
- mov r25, r20
- ret
-
+++ /dev/null
-/* sha256.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-/**
- * \file sha256.h
- * \author Daniel Otte
- * \date 2006-05-16
- * \license GPLv3 or later
- *
- */
-
-#ifndef SHA256_H_
-#define SHA256_H_
-
-#define __LITTLE_ENDIAN__
-
-
-#include <stdint.h>
-
-/** \def SHA256_HASH_BITS
- * defines the size of a SHA-256 hash value in bits
- */
-
-/** \def SHA256_HASH_BYTES
- * defines the size of a SHA-256 hash value in bytes
- */
-
-/** \def SHA256_BLOCK_BITS
- * defines the size of a SHA-256 input block in bits
- */
-
-/** \def SHA256_BLOCK_BYTES
- * defines the size of a SHA-256 input block in bytes
- */
-
-#define SHA256_HASH_BITS 256
-#define SHA256_HASH_BYTES (SHA256_HASH_BITS/8)
-#define SHA256_BLOCK_BITS 512
-#define SHA256_BLOCK_BYTES (SHA256_BLOCK_BITS/8)
-
-/** \typedef sha256_ctx_t
- * \brief SHA-256 context type
- *
- * A variable of this type may hold the state of a SHA-256 hashing process
- */
-typedef struct {
- uint32_t h[8];
- uint64_t length;
-} sha256_ctx_t;
-
-/** \typedef sha256_hash_t
- * \brief SHA-256 hash value type
- *
- * A variable of this type may hold the hash value produced by the
- * sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state) function.
- */
-typedef uint8_t sha256_hash_t[SHA256_HASH_BYTES];
-
-/** \fn void sha256_init(sha256_ctx_t *state)
- * \brief initialise a SHA-256 context
- *
- * This function sets a ::sha256_ctx_t to the initial values for hashing.
- * \param state pointer to the SHA-256 hashing context
- */
-void sha256_init(sha256_ctx_t *state);
-
-/** \fn void sha256_nextBlock (sha256_ctx_t* state, const void* block)
- * \brief update the context with a given block
- *
- * This function updates the SHA-256 hash context by processing the given block
- * of fixed length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- */
-void sha256_nextBlock (sha256_ctx_t* state, const void* block);
-
-/** \fn void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b)
- * \brief finalize the context with the given block
- *
- * This function finalizes the SHA-256 hash context by processing the given block
- * of variable length.
- * \param state pointer to the SHA-256 hash context
- * \param block pointer to the block of fixed length (512 bit = 64 byte)
- * \param length_b the length of the block in bits
- */
-void sha256_lastBlock(sha256_ctx_t* state, const void* block, uint16_t length_b);
-
-/** \fn void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state)
- * \brief convert the hash state into the hash value
- * This function reads the context and writes the hash value to the destination
- * \param dest pointer to the location where the hash value should be written
- * \param state pointer to the SHA-256 hash context
- */
-void sha256_ctx2hash(sha256_hash_t* dest, const sha256_ctx_t* state);
-
-/** \fn void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b)
- * \brief simple SHA-256 hashing function for direct hashing
- *
- * This function automaticaly hashes a given message of arbitary length with
- * the SHA-256 hashing algorithm.
- * \param dest pointer to the location where the hash value is going to be written to
- * \param msg pointer to the message thats going to be hashed
- * \param length_b length of the message in bits
- */
-void sha256(sha256_hash_t* dest, const void* msg, uint32_t length_b);
-
-#endif /*SHA256_H_*/
#include <stdint.h>
#include <string.h>
-#include "sha256.h"
+#include "sha256/sha256.h"
#include "shacal2_enc.h"
#define SHACAL2_ENC_H_
#include <stdint.h>
-#include "sha256.h"
+#include "sha256/sha256.h"
#define SHACAL2_BLOCKSIZE SHA256_HASH_BITS
#define SHACAL2_BLOCKSIZE_B ((SHACAL2_BLOCKSIZE+7)/8)
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
#include <stdint.h>
#include <string.h>
#include "threefish.h"
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "ubi.h"
void ubi1024_init(ubi1024_ctx_t* ctx, const void* g, uint8_t type){
#include <stdint.h>
#include <string.h>
#include "threefish.h"
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "ubi.h"
void ubi256_init(ubi256_ctx_t* ctx, const void* g, uint8_t type){
#include <stdint.h>
#include <string.h>
#include "threefish.h"
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "ubi.h"
void ubi512_init(ubi512_ctx_t* ctx, const void* g, uint8_t type){
#include <string.h>
#include <ctype.h>
#include "blockcipher_descriptor.h"
-#include "bcal-basic.h"
-#include "bcal-cmac.h"
+#include "bcal/bcal-basic.h"
+#include "bcal/bcal-cmac.h"
#include "cmacvs.h"
#include "string-extras.h"
#include "cli.h"
#include "performance_test.h"
#include "dump.h"
-#include "bcal_aes128.h"
-#include "bcal_aes192.h"
-#include "bcal_aes256.h"
-#include "bcal-cbc.h"
-#include "bcal-cfb_byte.h"
-#include "bcal-cfb_bit.h"
-#include "bcal-ofb.h"
-#include "bcal-ctr.h"
-#include "bcal-cmac.h"
-#include "bcal-eax.h"
+#include "bcal/bcal_aes128.h"
+#include "bcal/bcal_aes192.h"
+#include "bcal/bcal_aes256.h"
+#include "bcal/bcal-cbc.h"
+#include "bcal/bcal-cfb_byte.h"
+#include "bcal/bcal-cfb_bit.h"
+#include "bcal/bcal-ofb.h"
+#include "bcal/bcal-ctr.h"
+#include "bcal/bcal-cmac.h"
+#include "bcal/bcal-eax.h"
#include "cmacvs.h"
-#include "bcal-performance.h"
+#include "bcal/bcal-performance.h"
#include <stdint.h>
#include <string.h>
#include "cli.h"
#include "performance_test.h"
#include "blockcipher_descriptor.h"
-#include "bcal-performance.h"
-#include "bcal_aes128.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_aes128.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "cli.h"
#include "performance_test.h"
#include "blockcipher_descriptor.h"
-#include "bcal-performance.h"
-#include "bcal_aes192.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_aes192.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "cli.h"
#include "performance_test.h"
#include "blockcipher_descriptor.h"
-#include "bcal-performance.h"
-#include "bcal_aes256.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_aes256.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "uart_i.h"
#include "debug.h"
-#include "noekeon.h"
-#include "noekeon_prng.h"
+#include "noekeon/noekeon.h"
+#include "noekeon/noekeon_prng.h"
#include "base64_enc.h"
#include "base64_dec.h"
#include "uart_i.h"
#include "debug.h"
-#include "noekeon.h"
-#include "noekeon_prng.h"
+#include "noekeon/noekeon.h"
+#include "noekeon/noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "blake_small.h"
#include "blake_large.h"
-#include "hfal_blake_small.h"
-#include "hfal_blake_large.h"
-#include "hfal-nessie.h"
-#include "hfal-test.h"
-#include "hfal-performance.h"
+#include "hfal/hfal_blake_small.h"
+#include "hfal/hfal_blake_large.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-test.h"
+#include "hfal/hfal-performance.h"
#include "shavs.h"
#include "cli.h"
#include "nessie_hash_test.h"
#include "bmw_small.h"
#include "bmw_large.h"
#include "cli.h"
-#include "hfal_bmw_small.h"
-#include "hfal_bmw_large.h"
+#include "hfal/hfal_bmw_small.h"
+#include "hfal/hfal_bmw_large.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal-nessie.h"
-#include "hfal-performance.h"
-#include "hfal-test.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-performance.h"
+#include "hfal/hfal-test.h"
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "performance_test.h"
#include "cli.h"
-#include "bcal_camellia128.h"
-#include "bcal-performance.h"
+#include "bcal/bcal_camellia128.h"
+#include "bcal/bcal-performance.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <cast5.h>
#include "nessie_bc_test.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_cast5.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_cast5.h"
#include "cli.h"
#include <stdint.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_cast6.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_cast6.h"
#include <stdint.h>
#include <string.h>
#include "cubehash.h"
#include "cli.h"
-#include "hfal_cubehash.h"
+#include "hfal/hfal_cubehash.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal-nessie.h"
-#include "hfal-performance.h"
-#include "hfal-test.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-performance.h"
+#include "hfal/hfal-test.h"
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_des.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_des.h"
#include <stdint.h>
#include <string.h>
#include "uart_i.h"
#include "debug.h"
-#include "noekeon.h"
-#include "noekeon_prng.h"
-#include "bigint.h"
-#include "bigint_io.h"
+#include "noekeon/noekeon.h"
+#include "noekeon/noekeon_prng.h"
+#include "bigint/bigint.h"
+#include "bigint/bigint_io.h"
#include "dsa.h"
#include "dsa_key_blob.h"
#include "cli.h"
#include "performance_test.h"
-#include "hfal_sha1.h"
-#include "base64_enc.h"
-#include "base64_dec.h"
+#include "hfal/hfal_sha1.h"
+#include "base64/base64_enc.h"
+#include "base64/base64_dec.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "echo.h"
#include "cli.h"
-#include "hfal_echo.h"
+#include "hfal/hfal_echo.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal-nessie.h"
-#include "hfal-performance.h"
-#include "hfal-test.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-performance.h"
+#include "hfal/hfal-test.h"
#include <stdint.h>
#include <string.h>
#include "groestl_small.h"
#include "groestl_large.h"
-#include "hfal_groestl_small.h"
-#include "hfal_groestl_large.h"
-#include "hfal-nessie.h"
-#include "hfal-test.h"
-#include "hfal-performance.h"
+#include "hfal/hfal_groestl_small.h"
+#include "hfal/hfal_groestl_large.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-test.h"
+#include "hfal/hfal-performance.h"
#include "shavs.h"
#include "cli.h"
#include "nessie_hash_test.h"
#include "uart_i.h"
#include "debug.h"
-#include "md5.h"
+#include "md5/md5.h"
#include "hmac-md5.h"
/*
#include "base64_enc.h"
#include "uart_i.h"
#include "debug.h"
-#include "sha1.h"
+#include "sha1/sha1.h"
#include "hmac-sha1.h"
#include "nessie_mac_test.h"
#include "uart_i.h"
#include "debug.h"
-#include "sha256.h"
+#include "sha256/sha256.h"
#include "hmac-sha256.h"
#include "cli.h"
#include "keccak.h"
#include "cli.h"
-#include "hfal_keccak.h"
+#include "hfal/hfal_keccak.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal-nessie.h"
-#include "hfal-performance.h"
-#include "hfal-test.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-performance.h"
+#include "hfal/hfal-test.h"
#include <stdint.h>
#include <string.h>
#include "md5.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal_md5.h"
-#include "hfal-performance.h"
+#include "hfal/hfal_md5.h"
+#include "hfal/hfal-performance.h"
#include <stdint.h>
#include <string.h>
#include "uart_i.h"
#include "debug.h"
-#include <noekeon.h>
+#include <noekeon/noekeon.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_noekeon.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_noekeon.h"
#include <stdint.h>
#include <string.h>
#include "uart_i.h"
#include "debug.h"
-#include "noekeon.h"
+#include "noekeon/noekeon.h"
#include "omac_noekeon.h"
#include "cli.h"
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_present.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_present.h"
#include <stdlib.h>
#include <stdint.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_rc5.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_rc5.h"
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_rc6.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_rc6.h"
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_seed.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_seed.h"
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_serpent.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_serpent.h"
#include <stdint.h>
#include <string.h>
#include "sha1.h"
#include "nessie_hash_test.h"
-#include "hfal_sha1.h"
-#include "hfal-performance.h"
+#include "hfal/hfal_sha1.h"
+#include "hfal/hfal-performance.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "cli.h"
#include "shavs.h"
-#include "hfal_sha1.h"
+#include "hfal/hfal_sha1.h"
#include "dump.h"
char* algo_name = "SHA-1";
#include "sha256.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal-performance.h"
-#include "hfal-nessie.h"
+#include "hfal/hfal-performance.h"
+#include "hfal/hfal-nessie.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "cli.h"
#include "shavs.h"
-#include "hfal_sha256.h"
+#include "hfal/hfal_sha256.h"
#include "dump.h"
char* algo_name = "SHA-256";
#include "shabal.h"
#include "cli.h"
-#include "hfal_shabal.h"
-#include "hfal-test.h"
-#include "hfal-nessie.h"
-#include "hfal-performance.h"
+#include "hfal/hfal_shabal.h"
+#include "hfal/hfal-test.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-performance.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
#include "debug.h"
#include "skein.h"
-#include "hfal_skein256.h"
-#include "hfal_skein512.h"
-#include "hfal_skein1024.h"
+#include "hfal/hfal_skein256.h"
+#include "hfal/hfal_skein512.h"
+#include "hfal/hfal_skein1024.h"
#include "cli.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal-performance.h"
-#include "hfal-nessie.h"
-#include "hfal-basic.h"
+#include "hfal/hfal-performance.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-basic.h"
#include <stdint.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_skipjack.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_skipjack.h"
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_tdes.h"
-#include "bcal_tdes2.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_tdes.h"
+#include "bcal/bcal_tdes2.h"
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "cli.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_threefish256.h"
-#include "bcal_threefish512.h"
-#include "bcal_threefish1024.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_threefish256.h"
+#include "bcal/bcal_threefish512.h"
+#include "bcal/bcal_threefish1024.h"
#include <stdint.h>
#include <string.h>
#include "twister-large.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
-#include "hfal_twister224.h"
-#include "hfal_twister256.h"
-#include "hfal_twister384.h"
-#include "hfal_twister512.h"
-#include "hfal-nessie.h"
-#include "hfal-performance.h"
-#include "hfal-test.h"
+#include "hfal/hfal_twister224.h"
+#include "hfal/hfal_twister256.h"
+#include "hfal/hfal_twister384.h"
+#include "hfal/hfal_twister512.h"
+#include "hfal/hfal-nessie.h"
+#include "hfal/hfal-performance.h"
+#include "hfal/hfal-test.h"
#include "shavs.h"
#include "xtea.h"
#include "nessie_bc_test.h"
#include "performance_test.h"
-#include "bcal-performance.h"
-#include "bcal_xtea.h"
+#include "bcal/bcal-performance.h"
+#include "bcal/bcal_xtea.h"
#include "cli.h"
#include <stdint.h>
#include <string.h>
#include <ctype.h>
#include "hashfunction_descriptor.h"
-#include "hfal-basic.h"
+#include "hfal/hfal-basic.h"
#include "shavs.h"
#include "string-extras.h"
#include "cli.h"
+++ /dev/null
-/* gf256mul.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: gf256mul.S
- * Author: Daniel Otte
- * Date: 2008-12-19
- * License: GPLv3 or later
- * Description: peasant's algorithm for multiplication in GF(2^8)
- *
- */
-
-#include <avr/io.h>
-#define OPTIMIZE_SMALL_A
-
-/*
- * param a: r24
- * param b: r22
- * param reducer: r20
- */
-A = 23
-B = 22
-P = 24
-.global gf256mul
-
-#ifdef OPTIMIZE_SMALL_A
-gf256mul:
- mov A, r24
- clr r24
-1:
- lsr A
- breq 4f
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- rjmp 1b
-4:
- brcc 2f
- eor P, B
-2:
- ret
-
-#else
-
-gf256mul:
- mov r21, r24
- clr r24
- ldi r25, 8
-1:
- lsr A
- brcc 2f
- eor P, B
-2:
- lsl B
- brcc 3f
- eor B, r20
-3:
- dec r25
- brne 1b
- ret
-
-#endif
+++ /dev/null
-/* gf256mul.h */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-#ifndef GF256MUL_H_
-#define GF256MUL_H_
-
-/**
- * \author Daniel Otte
- * \email daniel.otte@rub.de
- * \date 2008-12-19
- * \license GPLv3
- * \brief
- *
- *
- */
-
-#include <stdint.h>
-
-uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
-
-#endif /* GF256MUL_H_ */
-
+++ /dev/null
-/* memxor.S */
-/*
- This file is part of the AVR-Crypto-Lib.
- Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * File: memxor.S
- * Author: Daniel Otte
- * Date: 2008-08-07
- * License: GPLv3 or later
- * Description: memxor, XORing one block into another
- *
- */
-
-/*
- * void memxor(void* dest, const void* src, uint16_t n);
- */
- /*
- * param dest is passed in r24:r25
- * param src is passed in r22:r23
- * param n is passed in r20:r21
- */
-.global memxor
-memxor:
- movw r30, r24
- movw r26, r22
- movw r24, r20
- adiw r24, 0
- breq 2f
-1:
- ld r20, X+
- ld r21, Z
- eor r20, r21
- st Z+, r20
- sbiw r24, 1
- brne 1b
-2:
- ret
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+++ /dev/null
-#ifndef MEMXOR_H_
-#define MEMXOR_H_
-#include <stdint.h>
-
-void memxor(void* dest, const void* src, uint16_t n);
-
-#endif
#include <stdint.h>
#include <string.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "twister.h"
#include "twister-large.h"
#include <stdint.h>
#include <string.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "twister-small.h"
/*********************************************************************/
#include <stdint.h>
#include <string.h>
-#include "memxor.h"
+#include "memxor/memxor.h"
#include "twister-small.h"
/*********************************************************************/
#include <avr/pgmspace.h>
#include "twister.h"
#include "twister_tables.h"
-#include "memxor.h"
+#include "memxor/memxor.h"
//#ifndef TWISTER_MUL_TABLE
-# include "gf256mul.h"
+# include "gf256mul/gf256mul.h"
//#endif
#define MDS(a,b) pgm_read_byte(&(twister_mds[(a)][(b)]))
projects / avr-crypto-lib.git / commitdiff