+/* noekeon_omac.S */
+/*
+ This file is part of the Crypto-avr-lib/microcrypt-lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2008-08-06
+ * \license GPLv3 or later
+ *
+ *
+ *
+ */
+
+#include <avr/io.h>
+
+
+.macro push_ p1:req, p2:vararg
+ push \p1
+.ifnb \p2
+ push_ \p2
+.endif
+.endm
+
+.macro pop_ p1:req, p2:vararg
+ pop \p1
+.ifnb \p2
+ pop_ \p2
+.endif
+.endm
+
+.macro push_range from:req, to:req
+ push \from
+.if \to-\from
+ push_range "(\from+1)",\to
+.endif
+.endm
+
+.macro pop_range from:req, to:req
+ pop \to
+.if \to-\from
+ pop_range \from,"(\to-1)"
+.endif
+.endm
+
+.macro stack_alloc size:req, reg1=r30, reg2=r31
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ sbiw r30, \size
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+.macro stack_free size:req, reg1=r30, reg2=r31
+ in \reg1, _SFR_IO_ADDR(SPL)
+ in \reg2, _SFR_IO_ADDR(SPH)
+ adiw r30, \size
+ out _SFR_IO_ADDR(SPH), \reg2
+ out _SFR_IO_ADDR(SPL), \reg1
+.endm
+
+push_r18_r27_func:
+ pop r31
+ pop r30
+ push_range 18, 27
+ ijmp
+
+pop_r18_r27_func:
+ pop r31
+ pop r30
+ pop_range 18, 27
+ ijmp
+
+.extern noekeon_enc
+
+/*
+ * void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b,
+ * const void* key, uint8_t t)
+ */
+
+/* param dest is passed in r24:r25
+ * param msg is passed in r22:r23
+ * param msglength_b is passed in r20:r21
+ * param key is passed in r18:r19
+ * param t is passed in r16
+ */
+.global noekeon_omac
+noekeon_omac:
+ stack_alloc 48
+ ldi r17, 48
+1:
+ st Z+, r1
+ dec r17
+ brne 1b
+ sbiw r30, 48
+ mov r26, r22
+ mov r22, r18
+ mov r18, r24
+ mov r24, r30
+ cpi r16, 0xff
+ breq 2f
+ st Z, r16
+ rcall push_r18_r27_func
+ rcall noekeon_enc
+ rcall pop_r18_r27_func
+ movw r30, r24
+2:
+ tst r21
+ brne fullblock
+ cpi r20, 128+1
+ brlo lastblock
+fullblock:
+ /* copy block to stack buffer */
+ ldi r16, 16
+1:
+ ld r0, X+
+ ld r17, Z
+ eor r0, r17
+ st Z+, r0
+ dec r16
+ brne 1b
+ rcall push_r18_r27_func
+ rcall noekeon_enc
+ rcall pop_r18_r27_func
+ movw r30, r24
+ subi r20, 128
+ sbci r21, 0
+ rjmp 2
+lastblock:
+ adiw r24, 16
+ rcall push_r18_r27_func
+ rcall noekeon_enc
+ rcall pop_r18_r27_func
+
+ bst r20, 6 /* set t bit if msglength_b%128==0*/
+2:
+ ldi r16, 16
+ clc
+ movw r30, r24 /* z points to encrypted null vector (L) */
+1:
+ ld r0, Z
+ rol r0
+ st Z+, r0
+ dec r16
+ brne 1b
+ brtc 2f
+ clt
+ rjmp 2b
+2: /* B/P has been calculated */
+ ldi r16, 16
+ sbiw r30, 32
+3:
+ ld r0, Z
+ ldd r17, Z+16
+ eor r0, r17
+ st Z+, r0
+ dec r16
+ brne 3b
+ /* B/P has been xored into stack buffer */
+ /* now we have to xor-in the remaining message */
+ mov r16, r20
+ subi r16, -7
+ lsr r16
+ lsr r16
+ lsr r16 /* r 1*/
+ sbiw r30, 16
+4:
+ ld r0, X+
+ ld r17, Z
+ eor r0, r17
+ st Z+, r0
+ dec r16
+ brne 4b
+ /* now we have only to insert the 1 at the end of message if msglength_b%128 != 0 */
+ sbiw r30, 1
+ andi r20, 0x07
+ breq 7f
+ ldi r17, 1
+5:
+ dec r20
+ breq 6f
+ lsl r17
+ rjmp 5b
+6:
+ ld r0, Z
+ eor r0, r17
+ st Z, r0
+7:
+ call noekeon_enc
+ stack_free 48
+ ret
+
+
+
+
+
+
+
+
+
+
+
+