bg
/
arm-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

initial commit of a bunch of code

This commit is contained in:
bg 2010-05-08 03:17:34 +02:00
commit 5f46191d26
192 changed files with 21729 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
blake/blake_common.c Normal file
View File

@ -0,0 +1,61 @@
/* blake_common.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file blake_common.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-08
* \license GPLv3 or later
*
*/
#include <stdint.h>
const
uint8_t blake_sigma[] = {
0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF,
0xE, 0xA, 0x4, 0x8, 0x9, 0xF, 0xD, 0x6, 0x1, 0xC, 0x0, 0x2, 0xB, 0x7, 0x5, 0x3,
0xB, 0x8, 0xC, 0x0, 0x5, 0x2, 0xF, 0xD, 0xA, 0xE, 0x3, 0x6, 0x7, 0x1, 0x9, 0x4,
0x7, 0x9, 0x3, 0x1, 0xD, 0xC, 0xB, 0xE, 0x2, 0x6, 0x5, 0xA, 0x4, 0x0, 0xF, 0x8,
0x9, 0x0, 0x5, 0x7, 0x2, 0x4, 0xA, 0xF, 0xE, 0x1, 0xB, 0xC, 0x6, 0x8, 0x3, 0xD,
0x2, 0xC, 0x6, 0xA, 0x0, 0xB, 0x8, 0x3, 0x4, 0xD, 0x7, 0x5, 0xF, 0xE, 0x1, 0x9,
0xC, 0x5, 0x1, 0xF, 0xE, 0xD, 0x4, 0xA, 0x0, 0x7, 0x6, 0x3, 0x9, 0x2, 0x8, 0xB,
0xD, 0xB, 0x7, 0xE, 0xC, 0x1, 0x3, 0x9, 0x5, 0x0, 0xF, 0x4, 0x8, 0x6, 0x2, 0xA,
0x6, 0xF, 0xE, 0x9, 0xB, 0x3, 0x0, 0x8, 0xC, 0x2, 0xD, 0x7, 0x1, 0x4, 0xA, 0x5,
0xA, 0x2, 0x8, 0x4, 0x7, 0x6, 0x1, 0x5, 0xF, 0xB, 0x9, 0xE, 0x3, 0xC, 0xD, 0x0,
/* the following lines are for large blake (blake48 & blake64) */
0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF,
0xE, 0xA, 0x4, 0x8, 0x9, 0xF, 0xD, 0x6, 0x1, 0xC, 0x0, 0x2, 0xB, 0x7, 0x5, 0x3,
0xB, 0x8, 0xC, 0x0, 0x5, 0x2, 0xF, 0xD, 0xA, 0xE, 0x3, 0x6, 0x7, 0x1, 0x9, 0x4,
0x7, 0x9, 0x3, 0x1, 0xD, 0xC, 0xB, 0xE, 0x2, 0x6, 0x5, 0xA, 0x4, 0x0, 0xF, 0x8
};
const
uint8_t blake_index_lut[] = {
0x0, 0x4, 0x8, 0xC,
0x1, 0x5, 0x9, 0xD,
0x2, 0x6, 0xA, 0xE,
0x3, 0x7, 0xB, 0xF,
0x0, 0x5, 0xA, 0xF,
0x1, 0x6, 0xB, 0xC,
0x2, 0x7, 0x8, 0xD,
0x3, 0x4, 0x9, 0xE
};

37
blake/blake_common.h Normal file
View File

@ -0,0 +1,37 @@
/* blake_common.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file blake_common.h
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-08
* \license GPLv3 or later
*
*/
#ifndef BLAKE_COMMON_H_
#define BLAKE_COMMON_H_
#include <stdint.h>
extern const uint8_t blake_sigma[];
extern const uint8_t blake_index_lut[];
#endif /* BLAKE_COMMON_H_ */

258
blake/blake_large.c Normal file
View File

@ -0,0 +1,258 @@
/* blake_large.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file blake_large.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-08
* \license GPLv3 or later
*
*/
#include <stdint.h>
#include <string.h>
#include "memxor.h"
#include "blake_large.h"
#include "blake_common.h"
static const
uint64_t blake_c[] = {
0x243F6A8885A308D3LL, 0x13198A2E03707344LL,
0xA4093822299F31D0LL, 0x082EFA98EC4E6C89LL,
0x452821E638D01377LL, 0xBE5466CF34E90C6CLL,
0xC0AC29B7C97C50DDLL, 0x3F84D5B5B5470917LL,
0x9216D5D98979FB1BLL, 0xD1310BA698DFB5ACLL,
0x2FFD72DBD01ADFB7LL, 0xB8E1AFED6A267E96LL,
0xBA7C9045F12C7F99LL, 0x24A19947B3916CF7LL,
0x0801F2E2858EFC16LL, 0x636920D871574E69LL
};
#define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n))))
#define ROTR64(a, n) (((a)>>(n))|((a)<<(64-(n))))
#define CHANGE_ENDIAN32(a) (((a)<<24)| \
((0x0000ff00&(a))<<8)| \
((0x00ff0000&(a))>>8)| \
(a)>>24 )
static
void blake_large_expand(uint64_t* v, const blake_large_ctx_t* ctx){
uint8_t i;
memcpy(v, ctx->h, 8*8);
for(i=0; i<8; ++i){
v[8+i] = blake_c[i];
}
memxor((uint8_t*)v+8, ctx->s, 4*8);
}
static
void blake_large_changeendian(void* dest, const void* src){
uint8_t i;
uint32_t tmp;
for(i=0; i<32; i+=2){
tmp = CHANGE_ENDIAN32(((uint32_t*)src)[i]);
((uint32_t*)dest)[i] = CHANGE_ENDIAN32(((uint32_t*)src)[i+1]);
((uint32_t*)dest)[i+1] = tmp;
}
}
#define A (v[idx.v8[0]])
#define B (v[idx.v8[1]])
#define C (v[idx.v8[2]])
#define D (v[idx.v8[3]])
static
void blake_large_compress(uint64_t* v,const void* m){
uint8_t r,i;
uint8_t s0, s1;
union {
uint32_t v32;
uint8_t v8[4];
}idx;
for(r=0; r<14; ++r){
for(i=0; i<8; ++i){
idx.v32 = ((uint32_t*)blake_index_lut)[i];
s0 = blake_sigma[16*r+2*i+0];
s1 = blake_sigma[16*r+2*i+1];
A += B + (((uint64_t*)m)[s0] ^ blake_c[s1]);
D = ROTR64(D^A, 32);
C += D;
B = ROTR64(B^C, 25);
A += B + (((uint64_t*)m)[s1] ^ blake_c[s0]);
D = ROTR64(D^A, 16);
C += D;
B = ROTR64(B^C, 11);
}
}
}
static
void blake_large_collapse(blake_large_ctx_t* ctx, uint64_t* v){
uint8_t i;
for(i=0; i<8; ++i){
ctx->h[i] ^= ctx->s[i%4] ^ v[i] ^ v[8+i];
}
}
void blake_large_nextBlock(blake_large_ctx_t* ctx, const void* msg){
uint64_t v[16];
uint64_t m[16];
union {
uint64_t v64;
uint32_t v32[2];
}ctr;
blake_large_expand(v,ctx);
ctx->counter++;
ctr.v64 = ctx->counter*1024;
v[12] ^= ctr.v64;
v[13] ^= ctr.v64;
blake_large_changeendian(m, msg);
blake_large_compress(v, m);
blake_large_collapse(ctx, v);
}
void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t length_b){
while(length_b>=BLAKE_LARGE_BLOCKSIZE){
blake_large_nextBlock(ctx, msg);
msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B;
length_b -= BLAKE_LARGE_BLOCKSIZE;
}
uint8_t buffer[128];
uint64_t v[16];
uint64_t ctr;
ctr = ctx->counter*1024+length_b;
memset(buffer, 0, 128);
memcpy(buffer, msg, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
blake_large_changeendian(buffer, buffer);
blake_large_expand(v, ctx);
if(length_b>1024-128-2){
v[12] ^= ctr;
v[13] ^= ctr;
blake_large_compress(v, buffer);
blake_large_collapse(ctx, v);
memset(buffer, 0, 128-8);
blake_large_expand(v, ctx);
} else {
if(length_b){
v[12] ^= ctr;
v[13] ^= ctr;
}
}
if(ctx->appendone)
buffer[128-16-8] |= 0x01;
*((uint64_t*)(&(buffer[128-8]))) = ctr;
blake_large_compress(v, buffer);
blake_large_collapse(ctx, v);
}
static const
uint64_t blake64_iv[] = {
0x6A09E667F3BCC908LL, 0xBB67AE8584CAA73BLL,
0x3C6EF372FE94F82BLL, 0xA54FF53A5F1D36F1LL,
0x510E527FADE682D1LL, 0x9B05688C2B3E6C1FLL,
0x1F83D9ABFB41BD6BLL, 0x5BE0CD19137E2179LL
};
void blake64_init(blake64_ctx_t* ctx){
uint8_t i;
for(i=0; i<8; ++i){
ctx->h[i] = blake64_iv[i];
}
memset(ctx->s, 0, 4*8);
ctx->counter = 0;
ctx->appendone = 1;
}
static const
uint64_t blake48_iv[] = {
0xCBBB9D5DC1059ED8LL, 0x629A292A367CD507LL,
0x9159015A3070DD17LL, 0x152FECD8F70E5939LL,
0x67332667FFC00B31LL, 0x8EB44A8768581511LL,
0xDB0C2E0D64F98FA7LL, 0x47B5481DBEFA4FA4LL
};
void blake48_init(blake48_ctx_t* ctx){
uint8_t i;
for(i=0; i<8; ++i){
ctx->h[i] = blake48_iv[i];
}
memset(ctx->s, 0, 4*8);
ctx->counter = 0;
ctx->appendone = 0;
}
void blake64_ctx2hash(void* dest, const blake64_ctx_t* ctx){
uint8_t i;
for(i=0; i<8; ++i){
((uint32_t*)dest)[2*i+0] = CHANGE_ENDIAN32((ctx->h[i])>>32);
((uint32_t*)dest)[2*i+1] = CHANGE_ENDIAN32((uint32_t)ctx->h[i]);
}
}
void blake48_ctx2hash(void* dest, const blake48_ctx_t* ctx){
uint8_t i;
for(i=0; i<6; ++i){
((uint32_t*)dest)[2*i+0] = CHANGE_ENDIAN32((ctx->h[i])>>32);
((uint32_t*)dest)[2*i+1] = CHANGE_ENDIAN32((uint32_t)ctx->h[i]);
}
}
void blake64_nextBlock(blake64_ctx_t* ctx, const void* block){
blake_large_nextBlock(ctx, block);
}
void blake48_nextBlock(blake48_ctx_t* ctx, const void* block){
blake_large_nextBlock(ctx, block);
}
void blake64_lastBlock(blake64_ctx_t* ctx, const void* block, uint16_t length_b){
blake_large_lastBlock(ctx, block, length_b);
}
void blake48_lastBlock(blake48_ctx_t* ctx, const void* block, uint16_t length_b){
blake_large_lastBlock(ctx, block, length_b);
}
void blake64(void* dest, const void* msg, uint32_t length_b){
blake_large_ctx_t ctx;
blake64_init(&ctx);
while(length_b>=BLAKE_LARGE_BLOCKSIZE){
blake_large_nextBlock(&ctx, msg);
msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B;
length_b -= BLAKE_LARGE_BLOCKSIZE;
}
blake_large_lastBlock(&ctx, msg, length_b);
blake64_ctx2hash(dest, &ctx);
}
void blake48(void* dest, const void* msg, uint32_t length_b){
blake_large_ctx_t ctx;
blake48_init(&ctx);
while(length_b>=BLAKE_LARGE_BLOCKSIZE){
blake_large_nextBlock(&ctx, msg);
msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B;
length_b -= BLAKE_LARGE_BLOCKSIZE;
}
blake_large_lastBlock(&ctx, msg, length_b);
blake48_ctx2hash(dest, &ctx);
}

67
blake/blake_large.h Normal file
View File

@ -0,0 +1,67 @@
/* blake_large.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file blake_large.h
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-08
* \license GPLv3 or later
*
*/
#ifndef BLAKE_LARGE_H_
#define BLAKE_LARGE_H_
#include <stdint.h>
#define BLAKE_LARGE_BLOCKSIZE 1024
#define BLAKE_LARGE_BLOCKSIZE_B ((BLAKE_LARGE_BLOCKSIZE+7)/8)
#define BLAKE48_BLOCKSIZE BLAKE_LARGE_BLOCKSIZE
#define BLAKE48_BLOCKSIZE_B BLAKE_LARGE_BLOCKSIZE_B
#define BLAKE64_BLOCKSIZE BLAKE_LARGE_BLOCKSIZE
#define BLAKE64_BLOCKSIZE_B BLAKE_LARGE_BLOCKSIZE_B
typedef struct {
uint64_t h[8];
uint64_t s[4];
uint32_t counter;
uint8_t appendone;
} blake_large_ctx_t;
typedef blake_large_ctx_t blake48_ctx_t;
typedef blake_large_ctx_t blake64_ctx_t;
void blake48_init(blake48_ctx_t* ctx);
void blake64_init(blake64_ctx_t* ctx);
void blake_large_nextBlock(blake_large_ctx_t* ctx, const void* block);
void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* block, uint16_t length_b);
void blake48_nextBlock(blake48_ctx_t* ctx, const void* block);
void blake48_lastBlock(blake48_ctx_t* ctx, const void* block, uint16_t length_b);
void blake64_nextBlock(blake64_ctx_t* ctx, const void* block);
void blake64_lastBlock(blake64_ctx_t* ctx, const void* block, uint16_t length_b);
void blake48_ctx2hash(void* dest, const blake48_ctx_t* ctx);
void blake64_ctx2hash(void* dest, const blake64_ctx_t* ctx);
void blake48(void* dest, const void* msg, uint32_t length_b);
void blake64(void* dest, const void* msg, uint32_t length_b);
#endif /* BLAKE_LARGE_H_ */

260
blake/blake_small.c Normal file
View File

@ -0,0 +1,260 @@
/* blake_small.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file blake_small.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-04
* \license GPLv3 or later
*
*/
#include <stdint.h>
#include <string.h>
#include "memxor.h"
#include "blake_small.h"
#include "blake_common.h"
static const
uint32_t blake_c[] = {
0x243F6A88, 0x85A308D3,
0x13198A2E, 0x03707344,
0xA4093822, 0x299F31D0,
0x082EFA98, 0xEC4E6C89,
0x452821E6, 0x38D01377,
0xBE5466CF, 0x34E90C6C,
0xC0AC29B7, 0xC97C50DD,
0x3F84D5B5, 0xB5470917
};
#define ROTL32(a, n) (((a)<<(n))|((a)>>(32-(n))))
#define ROTR32(a, n) (((a)>>(n))|((a)<<(32-(n))))
#define CHANGE_ENDIAN32(a) (((a)<<24)| \
((0x0000ff00&(a))<<8)| \
((0x00ff0000&(a))>>8)| \
(a)>>24 )
static
void blake_small_expand(uint32_t* v, const blake_small_ctx_t* ctx){
uint8_t i;
memcpy(v, ctx->h, 8*4);
for(i=0; i<8; ++i){
v[8+i] = blake_c[i];
}
memxor((uint8_t*)v+8, ctx->s, 4*4);
}
static
void blake_small_changeendian(void* dest, const void* src){
uint8_t i;
for(i=0; i<16; ++i){
((uint32_t*)dest)[i] = CHANGE_ENDIAN32(((uint32_t*)src)[i]);
}
}
#define A (v[idx.v8[0]])
#define B (v[idx.v8[1]])
#define C (v[idx.v8[2]])
#define D (v[idx.v8[3]])
static
void blake_small_compress(uint32_t* v,const void* m){
uint8_t r,i;
uint8_t s0, s1;
union {
uint32_t v32;
uint8_t v8[4];
} idx;
for(r=0; r<10; ++r){
for(i=0; i<8; ++i){
idx.v32 = ((uint32_t*)blake_index_lut)[i];
s0 = blake_sigma[16*r+2*i+0];
s1 = blake_sigma[16*r+2*i+1];
A += B + (((uint32_t*)m)[s0] ^ blake_c[s1]);
D = ROTR32(A^D, 16);
C += D;
B = ROTR32(B^C, 12);
A += B + (((uint32_t*)m)[s1] ^ blake_c[s0]);
D = ROTR32(A^D, 8);
C += D;
B = ROTR32(B^C, 7);
}
}
}
static
void blake_small_collapse(blake_small_ctx_t* ctx, uint32_t* v){
uint8_t i;
for(i=0; i<8; ++i){
ctx->h[i] ^= ctx->s[i%4] ^ v[i] ^ v[8+i];
}
}
void blake_small_nextBlock(blake_small_ctx_t* ctx, const void* msg){
uint32_t v[16];
uint32_t m[16];
union {
uint64_t v64;
uint32_t v32[2];
}ctr;
blake_small_expand(v,ctx);
ctx->counter++;
ctr.v64 = ctx->counter*512;
v[12] ^= ctr.v32[0];
v[13] ^= ctr.v32[0];
v[14] ^= ctr.v32[1];
v[15] ^= ctr.v32[1];
blake_small_changeendian(m, msg);
blake_small_compress(v, m);
blake_small_collapse(ctx, v);
}
void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t length_b){
while(length_b>=BLAKE_SMALL_BLOCKSIZE){
blake_small_nextBlock(ctx, msg);
msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B;
length_b -= BLAKE_SMALL_BLOCKSIZE;
}
uint8_t buffer[64];
uint32_t v[16];
union {
uint64_t v64;
uint32_t v32[2];
}ctr;
ctr.v64 = ctx->counter*512+length_b;
memset(buffer, 0, 64);
memcpy(buffer, msg, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
blake_small_changeendian(buffer, buffer);
blake_small_expand(v, ctx);
if(length_b>512-64-2){
v[12] ^= ctr.v32[0];
v[13] ^= ctr.v32[0];
v[14] ^= ctr.v32[1];
v[15] ^= ctr.v32[1];
blake_small_compress(v, buffer);
blake_small_collapse(ctx, v);
memset(buffer, 0, 64-8);
blake_small_expand(v, ctx);
}else{
if(length_b){
v[12] ^= ctr.v32[0];
v[13] ^= ctr.v32[0];
v[14] ^= ctr.v32[1];
v[15] ^= ctr.v32[1];
}
}
if(ctx->appendone)
buffer[64-8-4] |= 0x01;
*((uint32_t*)(&(buffer[64-8]))) = ctr.v32[1];
*((uint32_t*)(&(buffer[64-4]))) = ctr.v32[0];
blake_small_compress(v, buffer);
blake_small_collapse(ctx, v);
}
static const
uint32_t blake32_iv[] = {
0x6A09E667L, 0xBB67AE85,
0x3C6EF372L, 0xA54FF53A,
0x510E527FL, 0x9B05688C,
0x1F83D9ABL, 0x5BE0CD19
};
void blake32_init(blake32_ctx_t* ctx){
uint8_t i;
for(i=0; i<8; ++i){
ctx->h[i] = blake32_iv[i];
}
memset(ctx->s, 0, 4*4);
ctx->counter = 0;
ctx->appendone = 1;
}
static const
uint32_t blake28_iv[] = {
0xC1059ED8, 0x367CD507,
0x3070DD17, 0xF70E5939,
0xFFC00B31, 0x68581511,
0x64F98FA7, 0xBEFA4FA4
};
void blake28_init(blake28_ctx_t* ctx){
uint8_t i;
for(i=0; i<8; ++i){
ctx->h[i] = blake28_iv[i];
}
memset(ctx->s, 0, 4*4);
ctx->counter = 0;
ctx->appendone = 0;
}
void blake32_ctx2hash(void* dest, const blake32_ctx_t* ctx){
uint8_t i;
for(i=0; i<8; ++i){
((uint32_t*)dest)[i] = CHANGE_ENDIAN32(ctx->h[i]);
}
}
void blake28_ctx2hash(void* dest, const blake28_ctx_t* ctx){
uint8_t i;
for(i=0; i<7; ++i){
((uint32_t*)dest)[i] = CHANGE_ENDIAN32(ctx->h[i]);
}
}
void blake32_nextBlock(blake32_ctx_t* ctx, const void* block){
blake_small_nextBlock(ctx, block);
}
void blake28_nextBlock(blake28_ctx_t* ctx, const void* block){
blake_small_nextBlock(ctx, block);
}
void blake32_lastBlock(blake32_ctx_t* ctx, const void* block, uint16_t length_b){
blake_small_lastBlock(ctx, block, length_b);
}
void blake28_lastBlock(blake28_ctx_t* ctx, const void* block, uint16_t length_b){
blake_small_lastBlock(ctx, block, length_b);
}
void blake32(void* dest, const void* msg, uint32_t length_b){
blake_small_ctx_t ctx;
blake32_init(&ctx);
while(length_b>=BLAKE_SMALL_BLOCKSIZE){
blake_small_nextBlock(&ctx, msg);
msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B;
length_b -= BLAKE_SMALL_BLOCKSIZE;
}
blake_small_lastBlock(&ctx, msg, length_b);
blake32_ctx2hash(dest, &ctx);
}
void blake28(void* dest, const void* msg, uint32_t length_b){
blake_small_ctx_t ctx;
blake28_init(&ctx);
while(length_b>=BLAKE_SMALL_BLOCKSIZE){
blake_small_nextBlock(&ctx, msg);
msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B;
length_b -= BLAKE_SMALL_BLOCKSIZE;
}
blake_small_lastBlock(&ctx, msg, length_b);
blake28_ctx2hash(dest, &ctx);
}

67
blake/blake_small.h Normal file
View File

@ -0,0 +1,67 @@
/* blake_small.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file blake_small.h
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-04-27
* \license GPLv3 or later
*
*/
#ifndef BLAKE_SMALL_H_
#define BLAKE_SMALL_H_
#include <stdint.h>
#define BLAKE_SMALL_BLOCKSIZE 512
#define BLAKE_SMALL_BLOCKSIZE_B ((BLAKE_SMALL_BLOCKSIZE+7)/8)
#define BLAKE28_BLOCKSIZE BLAKE_SMALL_BLOCKSIZE
#define BLAKE28_BLOCKSIZE_B BLAKE_SMALL_BLOCKSIZE_B
#define BLAKE32_BLOCKSIZE BLAKE_SMALL_BLOCKSIZE
#define BLAKE32_BLOCKSIZE_B BLAKE_SMALL_BLOCKSIZE_B
typedef struct {
uint32_t h[8];
uint32_t s[4];
uint32_t counter;
uint8_t appendone;
} blake_small_ctx_t;
typedef blake_small_ctx_t blake28_ctx_t;
typedef blake_small_ctx_t blake32_ctx_t;
void blake28_init(blake28_ctx_t* ctx);
void blake32_init(blake32_ctx_t* ctx);
void blake_small_nextBlock(blake_small_ctx_t* ctx, const void* block);
void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* block, uint16_t length_b);
void blake28_nextBlock(blake28_ctx_t* ctx, const void* block);
void blake28_lastBlock(blake28_ctx_t* ctx, const void* block, uint16_t length_b);
void blake32_nextBlock(blake32_ctx_t* ctx, const void* block);
void blake32_lastBlock(blake32_ctx_t* ctx, const void* block, uint16_t length_b);
void blake28_ctx2hash(void* dest, const blake28_ctx_t* ctx);
void blake32_ctx2hash(void* dest, const blake32_ctx_t* ctx);
void blake28(void* dest, const void* msg, uint32_t length_b);
void blake32(void* dest, const void* msg, uint32_t length_b);
#endif /* BLAKE_SMALL_H_ */

12
blake/memxor.c Normal file
View File

@ -0,0 +1,12 @@
#include <stdint.h>
#include "memxor.h"
void memxor(void* dest, const void* src, uint16_t n){
while(n--){
*((uint8_t*)dest) ^= *((uint8_t*)src);
dest = (uint8_t*)dest +1;
src = (uint8_t*)src +1;
}
}

7
blake/memxor.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef MEMXOR_H_
#define MEMXOR_H_
#include <stdint.h>
void memxor(void* dest, const void* src, uint16_t n);
#endif

623
bmw/bmw_large.c Normal file
View File

@ -0,0 +1,623 @@
/* bmw_large.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file bmw_large.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-04-27
* \license GPLv3 or later
*
*/
#include <stdint.h>
#include <string.h>
#include "bmw_large.h"
#define SHL64(a,n) shiftl64(a,n)
#define SHR64(a,n) shiftr64(a,n)
#define ROTL64(a,n) rotl64(a,n)
#define ROTR64(a,n) rotr64(a,n)
#define TWEAK 1
#define BUG24 0
#define F0_HACK 2
#define DEBUG 0
#if DEBUG
#include "cli.h"
void ctx_dump(const bmw_large_ctx_t* ctx){
uint8_t i;
cli_putstr("\r\n==== ctx dump ====");
for(i=0; i<16;++i){
cli_putstr("\r\n h[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(ctx->h[i]), 8);
}
cli_putstr("\r\n counter = ");
cli_hexdump(&(ctx->counter), 4);
}
void dump_x(const uint64_t* q, uint8_t elements, char x){
uint8_t i;
cli_putstr("\r\n==== ");
cli_putc(x);
cli_putstr(" dump ====");
for(i=0; i<elements;++i){
cli_putstr("\r\n ");
cli_putc(x);
cli_putstr("[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(q[i]), 8);
}
}
#else
#define ctx_dump(x)
#define dump_x(a,b,c)
#endif
static
uint64_t rotl64(uint64_t a, uint8_t r){
return (a<<r)|(a>>(64-r));
}
static
uint64_t rotr64(uint64_t a, uint8_t r){
return (a>>r)|(a<<(64-r));
}
static
uint64_t shiftl64(uint64_t a, uint8_t r){
return (a<<r);
}
static
uint64_t shiftr64(uint64_t a, uint8_t r){
return (a>>r);
}
static
uint64_t bmw_large_s0(uint64_t x){
uint64_t r;
r = SHR64(x, 1)
^ SHL64(x, 3)
^ ROTL64(x, 4)
^ ROTR64(x, 64-37);
return r;
}
static
uint64_t bmw_large_s1(uint64_t x){
uint64_t r;
r = SHR64(x, 1)
^ SHL64(x, 2)
^ ROTL64(x,13)
^ ROTR64(x,64-43);
return r;
}
static
uint64_t bmw_large_s2(uint64_t x){
uint64_t r;
r = SHR64(x, 2)
^ SHL64(x, 1)
^ ROTL64(x, 19)
^ ROTR64(x, 64-53);
return r;
}
static
uint64_t bmw_large_s3(uint64_t x){
uint64_t r;
r = SHR64(x, 2)
^ SHL64(x, 2)
^ ROTL64(x, 28)
^ ROTR64(x, 64-59);
return r;
}
static
uint64_t bmw_large_s4(uint64_t x){
uint64_t r;
r = SHR64(x, 1)
^ x;
return r;
}
static
uint64_t bmw_large_s5(uint64_t x){
uint64_t r;
r = SHR64(x, 2)
^ x;
return r;
}
static
uint64_t bmw_large_r1(uint64_t x){
uint64_t r;
r = ROTL64(x, 5);
return r;
}
static
uint64_t bmw_large_r2(uint64_t x){
uint64_t r;
r = ROTL64(x, 11);
return r;
}
static
uint64_t bmw_large_r3(uint64_t x){
uint64_t r;
r = ROTL64(x, 27);
return r;
}
static
uint64_t bmw_large_r4(uint64_t x){
uint64_t r;
r = ROTL64(x, 32);
return r;
}
static
uint64_t bmw_large_r5(uint64_t x){
uint64_t r;
r = ROTR64(x, 64-37);
return r;
}
static
uint64_t bmw_large_r6(uint64_t x){
uint64_t r;
r = ROTR64(x, 64-43);
return r;
}
static
uint64_t bmw_large_r7(uint64_t x){
uint64_t r;
r = ROTR64(x, 64-53);
return r;
}
/*
#define K 0x0555555555555555LL
#define MASK 0xFFFFFFFFFFFFFFFFLL
static
uint64_t k_lut[] PROGMEM = {
16LL*K, 17LL*K, 18LL*K, 19LL*K,
20LL*K, 21LL*K, 22LL*K, 23LL*K,
24LL*K, 25LL*K, 26LL*K, 27LL*K,
28LL*K, 29LL*K, 30LL*K, 31LL*K };
*/
/* the same as above but precomputed to avoid compiler warnings */
static const
uint64_t k_lut[] = {
0x5555555555555550LL, 0x5aaaaaaaaaaaaaa5LL, 0x5ffffffffffffffaLL,
0x655555555555554fLL, 0x6aaaaaaaaaaaaaa4LL, 0x6ffffffffffffff9LL,
0x755555555555554eLL, 0x7aaaaaaaaaaaaaa3LL, 0x7ffffffffffffff8LL,
0x855555555555554dLL, 0x8aaaaaaaaaaaaaa2LL, 0x8ffffffffffffff7LL,
0x955555555555554cLL, 0x9aaaaaaaaaaaaaa1LL, 0x9ffffffffffffff6LL,
0xa55555555555554bLL };
static
uint64_t bmw_large_expand1(uint8_t j, const uint64_t* q, const void* m, const void* h){
uint64_t(*s[])(uint64_t) = {bmw_large_s1, bmw_large_s2, bmw_large_s3, bmw_large_s0};
uint64_t a = 0;
union{
uint64_t v64;
uint32_t v32[2];
} r;
uint8_t i;
/* r = 0x0555555555555555LL*(j+16); */
r.v64 = k_lut[j];
for(i=0; i<16; ++i){
a += s[i%4](q[j+i]);
}
#if TWEAK
a += ( ROTL64(((uint64_t*)m)[(j)&0xf], ((j+ 0)&0xf)+1)
+ ROTL64(((uint64_t*)m)[(j+3)&0xf], ((j+ 3)&0xf)+1)
+ r.v64
- ROTL64(((uint64_t*)m)[(j+10)&0xf],((j+10)&0xf)+1)
) ^ ((uint64_t*)h)[(j+7)&0xf];
#else
a += ((uint64_t*)m)[j&0xf];
a += ((uint64_t*)m)[(j+3)&0xf];
a -= ((uint64_t*)m)[(j+10)&0xf];
a += r.v64;
#endif
return a;
}
static
uint64_t bmw_large_expand2(uint8_t j, const uint64_t* q, const void* m, const void* h){
uint64_t(*rf[])(uint64_t) = {bmw_large_r1, bmw_large_r2, bmw_large_r3,
bmw_large_r4, bmw_large_r5, bmw_large_r6,
bmw_large_r7};
uint64_t a=0;
union{
uint64_t v64;
uint32_t v32[2];
} r;
uint8_t i;
/* r = 0x0555555555555555LL*(j+16); */
r.v64 = k_lut[j];
for(i=0; i<14; i+=2){
a += q[j+i];
}
for(i=0; i<14; i+=2){
a += rf[i/2](q[j+i+1]);
}
#if TWEAK
a += bmw_large_s4(q[j+14]);
a += bmw_large_s5(q[j+15]);
#else
a += bmw_large_s5(q[j+14]);
a += bmw_large_s4(q[j+15]);
#endif
#if TWEAK
/*
if(j==(22-16)){
uint64_t t;
cli_putstr("\n+++++++++ expand_2 ++++++++++++");
dump_x(&a, 1, 'a');
dump_x(&r, 1, 'r');
t=ROTL64(((uint64_t*)m)[j], ((j+ 0)&0xf)+1);
dump_x(&t, 1, '0');
t=ROTL64(((uint64_t*)m)[j], ((j+ 3)&0xf)+1);
dump_x(&t, 1, '0');
t=ROTL64(((uint64_t*)m)[j], ((j+ 0)&0xf)+1);
dump_x(&t, 1, '0');
}
*/
a += ( ROTL64(((uint64_t*)m)[(j)&0xf], ((j+ 0)&0xf)+1)
+ ROTL64(((uint64_t*)m)[(j+3)&0xf], ((j+ 3)&0xf)+1)
+ r.v64
- ROTL64(((uint64_t*)m)[(j+10)&0xf],((j+10)&0xf)+1)
) ^ ((uint64_t*)h)[(j+7)&0xf];
#else
a += ((uint64_t*)m)[j&0xf];
a += ((uint64_t*)m)[(j+3)&0xf];
a -= ((uint64_t*)m)[(j+10)&0xf];
a += r.v64;
#endif
return a;
}
#if F0_HACK==2
/* to understand this implementation take a look at f0-opt-table.txt */
static uint16_t hack_table[5] = { 0x0311, 0xDDB3, 0x2A79, 0x07AA, 0x51C2 };
static uint8_t offset_table[5] = { 4+16, 6+16, 9+16, 12+16, 13+16 };
static
void bmw_large_f0(uint64_t* q, const uint64_t* h, const void* m){
uint16_t hack_reg;
uint8_t i,j,c;
uint64_t(*s[])(uint64_t)={ bmw_large_s0, bmw_large_s1, bmw_large_s2,
bmw_large_s3, bmw_large_s4 };
for(i=0; i<16; ++i){
((uint64_t*)h)[i] ^= ((uint64_t*)m)[i];
}
dump_x(h, 16, 'T');
memset(q, 0, 8*16);
c=4;
do{
i=15;
j = offset_table[c];
hack_reg = hack_table[c];
do{
if(hack_reg&1){
q[i]-= h[j&15];
}else{
q[i]+= h[j&15];
}
--j;
hack_reg>>= 1;
}while(i--!=0);
}while(c--!=0);
dump_x(q, 16, 'W');
for(i=0; i<16; ++i){
q[i] = s[i%5](q[i]);
}
#if TWEAK
for(i=0; i<16; ++i){
((uint64_t*)h)[i] ^= ((uint64_t*)m)[i];
}
for(i=0; i<16; ++i){
q[i] += h[(i+1)&0xf];
}
#endif /* TWEAK */
}
#endif /* F0_HACK==2 */
#if F0_HACK==1
static
uint8_t f0_lut[] PROGMEM ={
5<<1, ( 7<<1)+1, (10<<1)+0, (13<<1)+0, (14<<1)+0,
6<<1, ( 8<<1)+1, (11<<1)+0, (14<<1)+0, (15<<1)+1,
0<<1, ( 7<<1)+0, ( 9<<1)+0, (12<<1)+1, (15<<1)+0,
0<<1, ( 1<<1)+1, ( 8<<1)+0, (10<<1)+1, (13<<1)+0,
1<<1, ( 2<<1)+0, ( 9<<1)+0, (11<<1)+1, (14<<1)+1,
3<<1, ( 2<<1)+1, (10<<1)+0, (12<<1)+1, (15<<1)+0,
4<<1, ( 0<<1)+1, ( 3<<1)+1, (11<<1)+1, (13<<1)+0,
1<<1, ( 4<<1)+1, ( 5<<1)+1, (12<<1)+1, (14<<1)+1,
2<<1, ( 5<<1)+1, ( 6<<1)+1, (13<<1)+0, (15<<1)+1,
0<<1, ( 3<<1)+1, ( 6<<1)+0, ( 7<<1)+1, (14<<1)+0,
8<<1, ( 1<<1)+1, ( 4<<1)+1, ( 7<<1)+1, (15<<1)+0,
8<<1, ( 0<<1)+1, ( 2<<1)+1, ( 5<<1)+1, ( 9<<1)+0,
1<<1, ( 3<<1)+0, ( 6<<1)+1, ( 9<<1)+1, (10<<1)+0,
2<<1, ( 4<<1)+0, ( 7<<1)+0, (10<<1)+0, (11<<1)+0,
3<<1, ( 5<<1)+1, ( 8<<1)+0, (11<<1)+1, (12<<1)+1,
12<<1, ( 4<<1)+1, ( 6<<1)+1, ( 9<<1)+1, (13<<1)+0
};
static
void bmw_large_f0(uint64_t* q, const uint64_t* h, const void* m){
uint8_t i,j=-1,v,sign,l=0;
uint64_t(*s[])(uint64_t)={ bmw_large_s0, bmw_large_s1, bmw_large_s2,
bmw_large_s3, bmw_large_s4 };
for(i=0; i<16; ++i){
((uint64_t*)h)[i] ^= ((uint64_t*)m)[i];
}
dump_x(h, 16, 'T');
// memset(q, 0, 4*16);
for(i=0; i<5*16; ++i){
v = pgm_read_byte(f0_lut+i);
sign = v&1;
v >>=1;
if(i==l){
j++;
l+=5;
q[j] = h[v];
continue;
}
if(sign){
q[j] -= h[v];
}else{
q[j] += h[v];
}
}
dump_x(q, 16, 'W');
for(i=0; i<16; ++i){
q[i] = s[i%5](q[i]);
}
#if TWEAK
for(i=0; i<16; ++i){
((uint64_t*)h)[i] ^= ((uint64_t*)m)[i];
}
for(i=0; i<16; ++i){
q[i] += h[(i+1)&0xf];
}
#endif /* TWEAK */
}
#endif /* F0_HACK==1 */
#if F0_HACK==0
static
void bmw_large_f0(uint64_t* q, const uint64_t* h, const void* m){
uint8_t i;
uint64_t(*s[])(uint64_t)={ bmw_large_s0, bmw_large_s1, bmw_large_s2,
bmw_large_s3, bmw_large_s4 };
for(i=0; i<16; ++i){
((uint64_t*)h)[i] ^= ((uint64_t*)m)[i];
}
// dump_x(t, 16, 'T');
q[ 0] = (h[ 5] - h[ 7] + h[10] + h[13] + h[14]);
q[ 1] = (h[ 6] - h[ 8] + h[11] + h[14] - h[15]);
q[ 2] = (h[ 0] + h[ 7] + h[ 9] - h[12] + h[15]);
q[ 3] = (h[ 0] - h[ 1] + h[ 8] - h[10] + h[13]);
q[ 4] = (h[ 1] + h[ 2] + h[ 9] - h[11] - h[14]);
q[ 5] = (h[ 3] - h[ 2] + h[10] - h[12] + h[15]);
q[ 6] = (h[ 4] - h[ 0] - h[ 3] - h[11] + h[13]);
q[ 7] = (h[ 1] - h[ 4] - h[ 5] - h[12] - h[14]);
q[ 8] = (h[ 2] - h[ 5] - h[ 6] + h[13] - h[15]);
q[ 9] = (h[ 0] - h[ 3] + h[ 6] - h[ 7] + h[14]);
q[10] = (h[ 8] - h[ 1] - h[ 4] - h[ 7] + h[15]);
q[11] = (h[ 8] - h[ 0] - h[ 2] - h[ 5] + h[ 9]);
q[12] = (h[ 1] + h[ 3] - h[ 6] - h[ 9] + h[10]);
q[13] = (h[ 2] + h[ 4] + h[ 7] + h[10] + h[11]);
q[14] = (h[ 3] - h[ 5] + h[ 8] - h[11] - h[12]);
q[15] = (h[12] - h[ 4] - h[ 6] - h[ 9] + h[13]);
dump_x(q, 16, 'W');
for(i=0; i<16; ++i){
q[i] = s[i%5](q[i]);
}
#if TWEAK
for(i=0; i<16; ++i){
((uint64_t*)h)[i] ^= ((uint64_t*)m)[i];
}
for(i=0; i<16; ++i){
q[i] += h[(i+1)&0xf];
}
#endif /* TWEAK */
}
#endif /* F0_HACK==0 */
static
void bmw_large_f1(uint64_t* q, const void* m, const uint64_t* h){
uint8_t i;
q[16] = bmw_large_expand1(0, q, m, h);
q[17] = bmw_large_expand1(1, q, m, h);
for(i=2; i<16; ++i){
q[16+i] = bmw_large_expand2(i, q, m, h);
}
}
static
void bmw_large_f2(uint64_t* h, const uint64_t* q, const void* m){
uint64_t xl=0, xh;
uint8_t i;
for(i=16;i<24;++i){
xl ^= q[i];
}
xh = xl;
for(i=24;i<32;++i){
xh ^= q[i];
}
#if DEBUG
cli_putstr("\r\n XL = ");
cli_hexdump_rev(&xl, 4);
cli_putstr("\r\n XH = ");
cli_hexdump_rev(&xh, 4);
#endif
memcpy(h, m, 16*8);
h[0] ^= SHL64(xh, 5) ^ SHR64(q[16], 5);
h[1] ^= SHR64(xh, 7) ^ SHL64(q[17], 8);
h[2] ^= SHR64(xh, 5) ^ SHL64(q[18], 5);
h[3] ^= SHR64(xh, 1) ^ SHL64(q[19], 5);
h[4] ^= SHR64(xh, 3) ^ q[20];
h[5] ^= SHL64(xh, 6) ^ SHR64(q[21], 6);
h[6] ^= SHR64(xh, 4) ^ SHL64(q[22], 6);
h[7] ^= SHR64(xh,11) ^ SHL64(q[23], 2);
for(i=0; i<8; ++i){
h[i] += xl ^ q[24+i] ^ q[i];
}
for(i=0; i<8; ++i){
h[8+i] ^= xh ^ q[24+i];
h[8+i] += ROTL64(h[(4+i)%8],i+9);
}
h[ 8] += SHL64(xl, 8) ^ q[23] ^ q[ 8];
h[ 9] += SHR64(xl, 6) ^ q[16] ^ q[ 9];
h[10] += SHL64(xl, 6) ^ q[17] ^ q[10];
h[11] += SHL64(xl, 4) ^ q[18] ^ q[11];
h[12] += SHR64(xl, 3) ^ q[19] ^ q[12];
h[13] += SHR64(xl, 4) ^ q[20] ^ q[13];
h[14] += SHR64(xl, 7) ^ q[21] ^ q[14];
h[15] += SHR64(xl, 2) ^ q[22] ^ q[15];
}
void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block){
uint64_t q[32];
dump_x(block, 16, 'M');
bmw_large_f0(q, ctx->h, block);
dump_x(q, 16, 'Q');
bmw_large_f1(q, block, ctx->h);
dump_x(q, 32, 'Q');
bmw_large_f2(ctx->h, q, block);
ctx->counter += 1;
ctx_dump(ctx);
}
void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[128];
while(length_b >= BMW_LARGE_BLOCKSIZE){
bmw_large_nextBlock(ctx, block);
length_b -= BMW_LARGE_BLOCKSIZE;
block = (uint8_t*)block + BMW_LARGE_BLOCKSIZE_B;
}
memset(buffer, 0, 128);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>128*8-64){
bmw_large_nextBlock(ctx, buffer);
memset(buffer, 0, 128-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[128-8])) = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
bmw_large_nextBlock(ctx, buffer);
#if TWEAK
uint8_t i;
uint64_t q[32];
memset(buffer, 0xaa, 128);
for(i=0; i<16; ++i){
buffer[8*i] = i + 0xa0;
}
bmw_large_f0(q, (uint64_t*)buffer, ctx->h);
bmw_large_f1(q, ctx->h, (uint64_t*)buffer);
bmw_large_f2((uint64_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 128);
#endif
}
void bmw384_init(bmw384_ctx_t* ctx){
uint8_t i;
ctx->h[0] = 0x0001020304050607LL;
for(i=1; i<16; ++i){
ctx->h[i] = ctx->h[i-1]+ 0x0808080808080808LL;
}
#if BUG24
ctx->h[6] = 0x3031323324353637LL;
#endif
ctx->counter=0;
ctx_dump(ctx);
}
void bmw512_init(bmw512_ctx_t* ctx){
uint8_t i;
ctx->h[0] = 0x8081828384858687LL;
for(i=1; i<16; ++i){
ctx->h[i] = ctx->h[i-1]+ 0x0808080808080808LL;
}
ctx->counter=0;
ctx_dump(ctx);
}
void bmw384_nextBlock(bmw384_ctx_t* ctx, const void* block){
bmw_large_nextBlock(ctx, block);
}
void bmw512_nextBlock(bmw512_ctx_t* ctx, const void* block){
bmw_large_nextBlock(ctx, block);
}
void bmw384_lastBlock(bmw384_ctx_t* ctx, const void* block, uint16_t length_b){
bmw_large_lastBlock(ctx, block, length_b);
}
void bmw512_lastBlock(bmw512_ctx_t* ctx, const void* block, uint16_t length_b){
bmw_large_lastBlock(ctx, block, length_b);
}
void bmw384_ctx2hash(void* dest, const bmw384_ctx_t* ctx){
memcpy(dest, &(ctx->h[10]), 384/8);
}
void bmw512_ctx2hash(void* dest, const bmw512_ctx_t* ctx){
memcpy(dest, &(ctx->h[8]), 512/8);
}
void bmw384(void* dest, const void* msg, uint32_t length_b){
bmw_large_ctx_t ctx;
bmw384_init(&ctx);
while(length_b>=BMW_LARGE_BLOCKSIZE){
bmw_large_nextBlock(&ctx, msg);
length_b -= BMW_LARGE_BLOCKSIZE;
msg = (uint8_t*)msg + BMW_LARGE_BLOCKSIZE_B;
}
bmw_large_lastBlock(&ctx, msg, length_b);
bmw384_ctx2hash(dest, &ctx);
}
void bmw512(void* dest, const void* msg, uint32_t length_b){
bmw_large_ctx_t ctx;
bmw512_init(&ctx);
while(length_b>=BMW_LARGE_BLOCKSIZE){
bmw_large_nextBlock(&ctx, msg);
length_b -= BMW_LARGE_BLOCKSIZE;
msg = (uint8_t*)msg + BMW_LARGE_BLOCKSIZE_B;
}
bmw_large_lastBlock(&ctx, msg, length_b);
bmw512_ctx2hash(dest, &ctx);
}

65
bmw/bmw_large.h Normal file
View File

@ -0,0 +1,65 @@
/* bmw_large.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file bmw_large.h
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-04-27
* \license GPLv3 or later
*
*/
#ifndef BMW_LARGE_H_
#define BMW_LARGE_H_
#include <stdint.h>
#define BMW_LARGE_BLOCKSIZE 1024
#define BMW_LARGE_BLOCKSIZE_B ((BMW_LARGE_BLOCKSIZE+7)/8)
#define BMW384_BLOCKSIZE BMW_LARGE_BLOCKSIZE
#define BMW384_BLOCKSIZE_B BMW_LARGE_BLOCKSIZE_B
#define BMW512_BLOCKSIZE BMW_LARGE_BLOCKSIZE
#define BMW512_BLOCKSIZE_B BMW_LARGE_BLOCKSIZE_B
typedef struct {
uint64_t h[16];
uint32_t counter;
} bmw_large_ctx_t;
typedef bmw_large_ctx_t bmw384_ctx_t;
typedef bmw_large_ctx_t bmw512_ctx_t;
void bmw384_init(bmw384_ctx_t* ctx);
void bmw512_init(bmw512_ctx_t* ctx);
void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block);
void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b);
void bmw384_nextBlock(bmw384_ctx_t* ctx, const void* block);
void bmw384_lastBlock(bmw384_ctx_t* ctx, const void* block, uint16_t length_b);
void bmw512_nextBlock(bmw512_ctx_t* ctx, const void* block);
void bmw512_lastBlock(bmw512_ctx_t* ctx, const void* block, uint16_t length_b);
void bmw384_ctx2hash(void* dest, const bmw384_ctx_t* ctx);
void bmw512_ctx2hash(void* dest, const bmw512_ctx_t* ctx);
void bmw384(void* dest, const void* msg, uint32_t length_b);
void bmw512(void* dest, const void* msg, uint32_t length_b);
#endif /* BMW_LARGE_H_ */

3456
bmw/bmw_small-tinyasm.ps Normal file
View File

File diff suppressed because it is too large Load Diff

605
bmw/bmw_small.c Normal file
View File

@ -0,0 +1,605 @@
/* bmw_small.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file bmw_small.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-04-27
* \license GPLv3 or later
*
*/
#include <stdint.h>
#include <string.h>
#include "bmw_small.h"
#include "memxor.h"
#define SHL32(a,n) ((a)<<(n))
#define SHR32(a,n) ((a)>>(n))
#define ROTL32(a,n) (((a)<<(n))|((a)>>(32-(n))))
#define ROTR32(a,n) (((a)>>(n))|((a)<<(32-(n))))
#define TWEAK 1
#if TWEAK
# define BUG24 0
#else
# define BUG24 1
#endif
#define F0_HACK 2
#define DEBUG 0
#ifndef F0_HACK
# define F0_HACK 0
#endif
#if DEBUG
#include "cli.h"
void ctx_dump(const bmw_small_ctx_t* ctx){
uint8_t i;
cli_putstr("\r\n==== ctx dump ====");
for(i=0; i<16;++i){
cli_putstr("\r\n h[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(ctx->h[i]), 4);
}
cli_putstr("\r\n counter = ");
cli_hexdump(&(ctx->counter), 4);
}
void dump_x(const uint32_t* q, uint8_t elements, char x){
uint8_t i;
cli_putstr("\r\n==== ");
cli_putc(x);
cli_putstr(" dump ====");
for(i=0; i<elements;++i){
cli_putstr("\r\n ");
cli_putc(x);
cli_putstr("[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(q[i]), 4);
}
}
#else
#define ctx_dump(x)
#define dump_x(a,b,c)
#endif
static
uint32_t bmw_small_s0(uint32_t x){
uint32_t r;
r = SHR32(x, 1)
^ SHL32(x, 3)
^ ROTL32(x, 4)
^ ROTR32(x, 13);
return r;
}
static
uint32_t bmw_small_s1(uint32_t x){
uint32_t r;
r = SHR32(x, 1)
^ SHL32(x, 2)
^ ROTL32(x, 8)
^ ROTR32(x, 9);
return r;
}
static
uint32_t bmw_small_s2(uint32_t x){
uint32_t r;
r = SHR32(x, 2)
^ SHL32(x, 1)
^ ROTL32(x, 12)
^ ROTR32(x, 7);
return r;
}
static
uint32_t bmw_small_s3(uint32_t x){
uint32_t r;
r = SHR32(x, 2)
^ SHL32(x, 2)
^ ROTL32(x, 15)
^ ROTR32(x, 3);
return r;
}
static
uint32_t bmw_small_s4(uint32_t x){
uint32_t r;
r = SHR32(x, 1)
^ x;
return r;
}
static
uint32_t bmw_small_s5(uint32_t x){
uint32_t r;
r = SHR32(x, 2)
^ x;
return r;
}
static
uint32_t bmw_small_r1(uint32_t x){
uint32_t r;
r = ROTL32(x, 3);
return r;
}
static
uint32_t bmw_small_r2(uint32_t x){
uint32_t r;
r = ROTL32(x, 7);
return r;
}
static
uint32_t bmw_small_r3(uint32_t x){
uint32_t r;
r = ROTL32(x, 13);
return r;
}
static
uint32_t bmw_small_r4(uint32_t x){
uint32_t r;
r = ROTL32(x, 16);
return r;
}
static
uint32_t bmw_small_r5(uint32_t x){
uint32_t r;
r = ROTR32(x, 13);
return r;
}
static
uint32_t bmw_small_r6(uint32_t x){
uint32_t r;
r = ROTR32(x, 9);
return r;
}
static
uint32_t bmw_small_r7(uint32_t x){
uint32_t r;
r = ROTR32(x, 5);
return r;
}
/*
#define K 0x05555555L
static
uint32_t k_lut[] PROGMEM = {
16L*K, 17L*K, 18L*K, 19L*K, 20L*K, 21L*K, 22L*K, 23L*K,
24L*K, 25L*K, 26L*K, 27L*K, 28L*K, 29L*K, 30L*K, 31L*K
};
*/
/* same as above but precomputed to avoid compiler warnings */
static
uint32_t k_lut[] = {
0x55555550L, 0x5aaaaaa5L, 0x5ffffffaL,
0x6555554fL, 0x6aaaaaa4L, 0x6ffffff9L,
0x7555554eL, 0x7aaaaaa3L, 0x7ffffff8L,
0x8555554dL, 0x8aaaaaa2L, 0x8ffffff7L,
0x9555554cL, 0x9aaaaaa1L, 0x9ffffff6L,
0xa555554bL };
static
uint32_t bmw_small_expand1(uint8_t j, const uint32_t* q, const void* m, const void* h){
uint32_t(*s[])(uint32_t) = {bmw_small_s1, bmw_small_s2, bmw_small_s3, bmw_small_s0};
uint32_t r;
uint8_t i;
/* r = 0x05555555*(j+16); */
#if TWEAK
r = ( ROTL32(((uint32_t*)m)[j&0xf], ((j+0)&0xf)+1 )
+ ROTL32(((uint32_t*)m)[(j+3)&0xf], ((j+3)&0xf)+1 )
- ROTL32(((uint32_t*)m)[(j+10)&0xf], ((j+10)&0xf)+1 )
+ k_lut[j]
) ^ ((uint32_t*)h)[(j+7)&0xf];
#else
r = k_lut[j];
r += ((uint32_t*)m)[j&0xf];
r += ((uint32_t*)m)[(j+3)&0xf];
r -= ((uint32_t*)m)[(j+10)&0xf];
#endif
for(i=0; i<16; ++i){
r += s[i%4](q[j+i]);
}
return r;
}
static
uint32_t bmw_small_expand2(uint8_t j, const uint32_t* q, const void* m, const void* h){
uint32_t(*rf[])(uint32_t) = {bmw_small_r1, bmw_small_r2, bmw_small_r3,
bmw_small_r4, bmw_small_r5, bmw_small_r6,
bmw_small_r7};
uint32_t r=0;
uint8_t i;
for(i=0; i<14; i+=2){
r += q[j+i];
}
for(i=0; i<14; i+=2){
r += rf[i/2](q[j+i+1]);
}
#if TWEAK
r += bmw_small_s4(q[j+14]);
r += bmw_small_s5(q[j+15]);
#else
r += bmw_small_s5(q[j+14]);
r += bmw_small_s4(q[j+15]);
#endif
#if TWEAK
r += ( ROTL32(((uint32_t*)m)[j&0xf], ((j+0)&0xf)+1 )
+ ROTL32(((uint32_t*)m)[(j+3)&0xf], ((j+3)&0xf)+1 )
- ROTL32(((uint32_t*)m)[(j+10)&0xf], ((j+10)&0xf)+1 )
+ k_lut[j]
) ^ ((uint32_t*)h)[(j+7)&0xf];
#else
r += k_lut[j];
r += ((uint32_t*)m)[j&0xf];
r += ((uint32_t*)m)[(j+3)&0xf];
r -= ((uint32_t*)m)[(j+10)&0xf];
#endif
return r;
}
#if F0_HACK==2
/* to understand this implementation take a look at f0-opt-table.txt */
static uint16_t hack_table[5] = { 0x0311, 0xDDB3, 0x2A79, 0x07AA, 0x51C2 };
static uint8_t offset_table[5] = { 4+16, 6+16, 9+16, 12+16, 13+16 };
static
void bmw_small_f0(uint32_t* q, uint32_t* h, const void* m){
uint16_t hack_reg;
uint8_t c,i,j;
uint32_t(*s[])(uint32_t)={ bmw_small_s0, bmw_small_s1, bmw_small_s2,
bmw_small_s3, bmw_small_s4 };
for(i=0; i<16; ++i){
((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}
dump_x(h, 16, 'T');
memset(q, 0, 4*16);
c=4;
do{
i=15;
j=offset_table[c];
hack_reg=hack_table[c];
do{
if(hack_reg&1){
q[i]-= h[j&15];
}else{
q[i]+= h[j&15];
}
--j;
hack_reg>>= 1;
}while(i--!=0);
}while(c--!=0);
dump_x(q, 16, 'W');
for(i=0; i<16; ++i){
q[i] = s[i%5](q[i]);
}
#if TWEAK
for(i=0; i<16; ++i){
((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}
for(i=0; i<16; ++i){
q[i] += h[(i+1)&0xf];
}
#endif
}
#endif /* F0_HACK==2*/
#if F0_HACK==1
static
uint8_t f0_lut[] PROGMEM = {
5<<1, ( 7<<1)+1, (10<<1)+0, (13<<1)+0, (14<<1)+0,
6<<1, ( 8<<1)+1, (11<<1)+0, (14<<1)+0, (15<<1)+1,
0<<1, ( 7<<1)+0, ( 9<<1)+0, (12<<1)+1, (15<<1)+0,
0<<1, ( 1<<1)+1, ( 8<<1)+0, (10<<1)+1, (13<<1)+0,
1<<1, ( 2<<1)+0, ( 9<<1)+0, (11<<1)+1, (14<<1)+1,
3<<1, ( 2<<1)+1, (10<<1)+0, (12<<1)+1, (15<<1)+0,
4<<1, ( 0<<1)+1, ( 3<<1)+1, (11<<1)+1, (13<<1)+0,
1<<1, ( 4<<1)+1, ( 5<<1)+1, (12<<1)+1, (14<<1)+1,
2<<1, ( 5<<1)+1, ( 6<<1)+1, (13<<1)+0, (15<<1)+1,
0<<1, ( 3<<1)+1, ( 6<<1)+0, ( 7<<1)+1, (14<<1)+0,
8<<1, ( 1<<1)+1, ( 4<<1)+1, ( 7<<1)+1, (15<<1)+0,
8<<1, ( 0<<1)+1, ( 2<<1)+1, ( 5<<1)+1, ( 9<<1)+0,
1<<1, ( 3<<1)+0, ( 6<<1)+1, ( 9<<1)+1, (10<<1)+0,
2<<1, ( 4<<1)+0, ( 7<<1)+0, (10<<1)+0, (11<<1)+0,
3<<1, ( 5<<1)+1, ( 8<<1)+0, (11<<1)+1, (12<<1)+1,
12<<1, ( 4<<1)+1, ( 6<<1)+1, ( 9<<1)+1, (13<<1)+0
};
static
void bmw_small_f0(uint32_t* q, uint32_t* h, const void* m){
uint8_t i,j=-1,v,sign,l=0;
uint32_t(*s[])(uint32_t)={ bmw_small_s0, bmw_small_s1, bmw_small_s2,
bmw_small_s3, bmw_small_s4 };
for(i=0; i<16; ++i){
((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}
dump_x(h, 16, 'T');
// memset(q, 0, 4*16);
for(i=0; i<5*16; ++i){
v = pgm_read_byte(f0_lut+i);
sign = v&1;
v >>=1;
if(i==l){
j++;
l+=5;
q[j] = h[v];
continue;
}
if(sign){
q[j] -= h[v];
}else{
q[j] += h[v];
}
}
dump_x(q, 16, 'W');
for(i=0; i<16; ++i){
q[i] = s[i%5](q[i]);
}
#if TWEAK
for(i=0; i<16; ++i){
((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}
for(i=0; i<16; ++i){
q[i] += h[(i+1)&0xf];
}
#endif /* TWEAK */
}
#endif /* F0_HACK==1 */
#if F0_HACK==0
static
void bmw_small_f0(uint32_t* q, uint32_t* h, const void* m){
uint8_t i;
uint32_t(*s[])(uint32_t)={ bmw_small_s0, bmw_small_s1, bmw_small_s2,
bmw_small_s3, bmw_small_s4 };
for(i=0; i<16; ++i){
((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}
dump_x(h, 16, 'T');
q[ 0] = (h[ 5] - h[ 7] + h[10] + h[13] + h[14]);
q[ 1] = (h[ 6] - h[ 8] + h[11] + h[14] - h[15]);
q[ 2] = (h[ 0] + h[ 7] + h[ 9] - h[12] + h[15]);
q[ 3] = (h[ 0] - h[ 1] + h[ 8] - h[10] + h[13]);
q[ 4] = (h[ 1] + h[ 2] + h[ 9] - h[11] - h[14]);
q[ 5] = (h[ 3] - h[ 2] + h[10] - h[12] + h[15]);
q[ 6] = (h[ 4] - h[ 0] - h[ 3] - h[11] + h[13]);
q[ 7] = (h[ 1] - h[ 4] - h[ 5] - h[12] - h[14]);
q[ 8] = (h[ 2] - h[ 5] - h[ 6] + h[13] - h[15]);
q[ 9] = (h[ 0] - h[ 3] + h[ 6] - h[ 7] + h[14]);
q[10] = (h[ 8] - h[ 1] - h[ 4] - h[ 7] + h[15]);
q[11] = (h[ 8] - h[ 0] - h[ 2] - h[ 5] + h[ 9]);
q[12] = (h[ 1] + h[ 3] - h[ 6] - h[ 9] + h[10]);
q[13] = (h[ 2] + h[ 4] + h[ 7] + h[10] + h[11]);
q[14] = (h[ 3] - h[ 5] + h[ 8] - h[11] - h[12]);
q[15] = (h[12] - h[ 4] - h[ 6] - h[ 9] + h[13]);
dump_x(q, 16, 'W');
for(i=0; i<16; ++i){
q[i] = s[i%5](q[i]);
}
#if TWEAK
for(i=0; i<16; ++i){
((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}
for(i=0; i<16; ++i){
q[i] += h[(i+1)&0xf];
}
#endif /* TWEAK */
}
#endif /* F0_HACK==0 */
static
void bmw_small_f1(uint32_t* q, const void* m, const void* h){
uint8_t i;
q[16] = bmw_small_expand1(0, q, m, h);
q[17] = bmw_small_expand1(1, q, m, h);
for(i=2; i<16; ++i){
q[16+i] = bmw_small_expand2(i, q, m, h);
}
}
static
void bmw_small_f2(uint32_t* h, uint32_t* q, const void* m){
uint32_t xl=0, xh;
uint8_t i;
for(i=16;i<24;++i){
xl ^= q[i];
}
xh = xl;
for(i=24;i<32;++i){
xh ^= q[i];
}
#if DEBUG
cli_putstr("\r\n XL = ");
cli_hexdump_rev(&xl, 4);
cli_putstr("\r\n XH = ");
cli_hexdump_rev(&xh, 4);
#endif
memcpy(h, m, 16*4);
h[0] ^= SHL32(xh, 5) ^ SHR32(q[16], 5);
h[1] ^= SHR32(xh, 7) ^ SHL32(q[17], 8);
h[2] ^= SHR32(xh, 5) ^ SHL32(q[18], 5);
h[3] ^= SHR32(xh, 1) ^ SHL32(q[19], 5);
h[4] ^= SHR32(xh, 3) ^ q[20];
h[5] ^= SHL32(xh, 6) ^ SHR32(q[21], 6);
h[6] ^= SHR32(xh, 4) ^ SHL32(q[22], 6);
h[7] ^= SHR32(xh,11) ^ SHL32(q[23], 2);
for(i=0; i<8; ++i){
h[i] += xl ^ q[24+i] ^ q[i];
}
for(i=0; i<8; ++i){
h[8+i] ^= xh ^ q[24+i];
h[8+i] += ROTL32(h[(4+i)%8],i+9);
}
/*
h[ 8] += SHL32(xl, 8) ^ q[23] ^ q[ 8];
h[ 9] += SHR32(xl, 6) ^ q[16] ^ q[ 9];
h[10] += SHL32(xl, 6) ^ q[17] ^ q[10];
h[11] += SHL32(xl, 4) ^ q[18] ^ q[11];
h[12] += SHR32(xl, 3) ^ q[19] ^ q[12];
h[13] += SHR32(xl, 4) ^ q[20] ^ q[13];
h[14] += SHR32(xl, 7) ^ q[21] ^ q[14];
h[15] += SHR32(xl, 2) ^ q[22] ^ q[15];
*/
memxor(q+9, q+16, 7*4);
q[8] ^= q[23];
h[ 8] += SHL32(xl, 8) ^ q[ 8];
h[ 9] += SHR32(xl, 6) ^ q[ 9];
h[10] += SHL32(xl, 6) ^ q[10];
h[11] += SHL32(xl, 4) ^ q[11];
h[12] += SHR32(xl, 3) ^ q[12];
h[13] += SHR32(xl, 4) ^ q[13];
h[14] += SHR32(xl, 7) ^ q[14];
h[15] += SHR32(xl, 2) ^ q[15];
}
void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){
uint32_t q[32];
dump_x(block, 16, 'M');
bmw_small_f0(q, ctx->h, block);
dump_x(q, 16, 'Q');
bmw_small_f1(q, block, ctx->h);
dump_x(q, 32, 'Q');
bmw_small_f2(ctx->h, q, block);
ctx->counter += 1;
ctx_dump(ctx);
}
void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[64];
while(length_b >= BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(ctx, block);
length_b -= BMW_SMALL_BLOCKSIZE;
block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B;
}
memset(buffer, 0, 64);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>64*8-64){
bmw_small_nextBlock(ctx, buffer);
memset(buffer, 0, 64-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer);
#if TWEAK
uint8_t i;
uint32_t q[32];
memset(buffer, 0xaa, 64);
for(i=0; i<16;++i){
buffer[i*4] = i+0xa0;
}
// dump_x(buffer, 16, 'A');
dump_x(ctx->h, 16, 'M');
bmw_small_f0(q, (uint32_t*)buffer, ctx->h);
dump_x(buffer, 16, 'a');
dump_x(q, 16, 'Q');
bmw_small_f1(q, ctx->h, (uint32_t*)buffer);
dump_x(q, 32, 'Q');
bmw_small_f2((uint32_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 64);
#endif
}
void bmw224_init(bmw224_ctx_t* ctx){
uint8_t i;
ctx->h[0] = 0x00010203;
for(i=1; i<16; ++i){
ctx->h[i] = ctx->h[i-1]+ 0x04040404;
}
#if BUG24
ctx->h[13] = 0x24353637;
#endif
ctx->counter=0;
ctx_dump(ctx);
}
void bmw256_init(bmw256_ctx_t* ctx){
uint8_t i;
ctx->h[0] = 0x40414243;
for(i=1; i<16; ++i){
ctx->h[i] = ctx->h[i-1]+ 0x04040404;
}
ctx->counter=0;
ctx_dump(ctx);
}
void bmw224_nextBlock(bmw224_ctx_t* ctx, const void* block){
bmw_small_nextBlock(ctx, block);
}
void bmw256_nextBlock(bmw256_ctx_t* ctx, const void* block){
bmw_small_nextBlock(ctx, block);
}
void bmw224_lastBlock(bmw224_ctx_t* ctx, const void* block, uint16_t length_b){
bmw_small_lastBlock(ctx, block, length_b);
}
void bmw256_lastBlock(bmw256_ctx_t* ctx, const void* block, uint16_t length_b){
bmw_small_lastBlock(ctx, block, length_b);
}
void bmw224_ctx2hash(void* dest, const bmw224_ctx_t* ctx){
memcpy(dest, &(ctx->h[9]), 224/8);
}
void bmw256_ctx2hash(void* dest, const bmw256_ctx_t* ctx){
memcpy(dest, &(ctx->h[8]), 256/8);
}
void bmw224(void* dest, const void* msg, uint32_t length_b){
bmw_small_ctx_t ctx;
bmw224_init(&ctx);
while(length_b>=BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(&ctx, msg);
length_b -= BMW_SMALL_BLOCKSIZE;
msg = (uint8_t*)msg + BMW_SMALL_BLOCKSIZE_B;
}
bmw_small_lastBlock(&ctx, msg, length_b);
bmw224_ctx2hash(dest, &ctx);
}
void bmw256(void* dest, const void* msg, uint32_t length_b){
bmw_small_ctx_t ctx;
bmw256_init(&ctx);
while(length_b>=BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(&ctx, msg);
length_b -= BMW_SMALL_BLOCKSIZE;
msg = (uint8_t*)msg + BMW_SMALL_BLOCKSIZE_B;
}
bmw_small_lastBlock(&ctx, msg, length_b);
bmw256_ctx2hash(dest, &ctx);
}

65
bmw/bmw_small.h Normal file
View File

@ -0,0 +1,65 @@
/* bmw_small.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file bmw_small.h
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-04-27
* \license GPLv3 or later
*
*/
#ifndef BMW_SMALL_H_
#define BMW_SMALL_H_
#include <stdint.h>
#define BMW_SMALL_BLOCKSIZE 512
#define BMW_SMALL_BLOCKSIZE_B ((BMW_SMALL_BLOCKSIZE+7)/8)
#define BMW224_BLOCKSIZE BMW_SMALL_BLOCKSIZE
#define BMW224_BLOCKSIZE_B BMW_SMALL_BLOCKSIZE_B
#define BMW256_BLOCKSIZE BMW_SMALL_BLOCKSIZE
#define BMW256_BLOCKSIZE_B BMW_SMALL_BLOCKSIZE_B
typedef struct {
uint32_t h[16];
uint32_t counter;
} bmw_small_ctx_t;
typedef bmw_small_ctx_t bmw224_ctx_t;
typedef bmw_small_ctx_t bmw256_ctx_t;
void bmw224_init(bmw224_ctx_t* ctx);
void bmw256_init(bmw256_ctx_t* ctx);
void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block);
void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b);
void bmw224_nextBlock(bmw224_ctx_t* ctx, const void* block);
void bmw224_lastBlock(bmw224_ctx_t* ctx, const void* block, uint16_t length_b);
void bmw256_nextBlock(bmw256_ctx_t* ctx, const void* block);
void bmw256_lastBlock(bmw256_ctx_t* ctx, const void* block, uint16_t length_b);
void bmw224_ctx2hash(void* dest, const bmw224_ctx_t* ctx);
void bmw256_ctx2hash(void* dest, const bmw256_ctx_t* ctx);
void bmw224(void* dest, const void* msg, uint32_t length_b);
void bmw256(void* dest, const void* msg, uint32_t length_b);
#endif /* BMW_SMALL_H_ */

376
bmw/bmw_small_speed.c Normal file
View File

@ -0,0 +1,376 @@
/* bmw_small.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file bmw_small.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-04-27
* \license GPLv3 or later
*
*/
#include <stdint.h>
#include <string.h>
#include "bmw_small.h"
#include "memxor.h"
#define SHL32(a,n) ((a)<<(n))
#define SHR32(a,n) ((a)>>(n))
#define ROTL32(a,n) (((a)<<(n))|((a)>>(32-(n))))
#define ROTR32(a,n) (((a)>>(n))|((a)<<(32-(n))))
#define DEBUG 0
#if DEBUG
#include "cli.h"
void ctx_dump(const bmw_small_ctx_t* ctx){
uint8_t i;
cli_putstr("\r\n==== ctx dump ====");
for(i=0; i<16;++i){
cli_putstr("\r\n h[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(ctx->h[i]), 4);
}
cli_putstr("\r\n counter = ");
cli_hexdump(&(ctx->counter), 4);
}
void dump_x(const uint32_t* q, uint8_t elements, char x){
uint8_t i;
cli_putstr("\r\n==== ");
cli_putc(x);
cli_putstr(" dump ====");
for(i=0; i<elements;++i){
cli_putstr("\r\n ");
cli_putc(x);
cli_putstr("[");
cli_hexdump(&i, 1);
cli_putstr("] = ");
cli_hexdump_rev(&(q[i]), 4);
}
}
#else
#define ctx_dump(x)
#define dump_x(a,b,c)
#endif
#define S32_0(x) ( (SHR32((x), 1)) ^ \
(SHL32((x), 3)) ^ \
(ROTL32((x), 4)) ^ \
(ROTR32((x), 13)) )
#define S32_1(x) ( (SHR32((x), 1)) ^ \
(SHL32((x), 2)) ^ \
(ROTL32((x), 8)) ^ \
(ROTR32((x), 9)) )
#define S32_2(x) ( (SHR32((x), 2)) ^ \
(SHL32((x), 1)) ^ \
(ROTL32((x), 12)) ^ \
(ROTR32((x), 7)) )
#define S32_3(x) ( (SHR32((x), 2)) ^ \
(SHL32((x), 2)) ^ \
(ROTL32((x), 15)) ^ \
(ROTR32((x), 3)) )
#define S32_4(x) ( (SHR32((x), 1)) ^ (x))
#define S32_5(x) ( (SHR32((x), 2)) ^ (x))
#define R32_1(x) (ROTL32((x), 3))
#define R32_2(x) (ROTL32((x), 7))
#define R32_3(x) (ROTL32((x), 13))
#define R32_4(x) (ROTL32((x), 16))
#define R32_5(x) (ROTR32((x), 13))
#define R32_6(x) (ROTR32((x), 9))
#define R32_7(x) (ROTR32((x), 5))
/*
#define K 0x05555555L
static
uint32_t k_lut[] PROGMEM = {
16L*K, 17L*K, 18L*K, 19L*K, 20L*K, 21L*K, 22L*K, 23L*K,
24L*K, 25L*K, 26L*K, 27L*K, 28L*K, 29L*K, 30L*K, 31L*K
};
*/
/* same as above but precomputed to avoid compiler warnings */
static
uint32_t k_lut[] = {
0x55555550L, 0x5aaaaaa5L, 0x5ffffffaL,
0x6555554fL, 0x6aaaaaa4L, 0x6ffffff9L,
0x7555554eL, 0x7aaaaaa3L, 0x7ffffff8L,
0x8555554dL, 0x8aaaaaa2L, 0x8ffffff7L,
0x9555554cL, 0x9aaaaaa1L, 0x9ffffff6L,
0xa555554bL };
static
uint32_t bmw_small_expand1(uint8_t j, const uint32_t* q, const void* m, const void* h){
uint32_t r;
/* r = 0x05555555*(j+16); */
r = ( ROTL32(((uint32_t*)m)[j&0xf], ((j+0)&0xf)+1 )
+ ROTL32(((uint32_t*)m)[(j+3)&0xf], ((j+3)&0xf)+1 )
- ROTL32(((uint32_t*)m)[(j+10)&0xf], ((j+10)&0xf)+1 )
+ k_lut[j]
) ^ ((uint32_t*)h)[(j+7)&0xf];
r += S32_1(q[j+ 0]) + S32_2(q[j+ 1]) + S32_3(q[j+ 2]) + S32_0(q[j+ 3]) +
S32_1(q[j+ 4]) + S32_2(q[j+ 5]) + S32_3(q[j+ 6]) + S32_0(q[j+ 7]) +
S32_1(q[j+ 8]) + S32_2(q[j+ 9]) + S32_3(q[j+10]) + S32_0(q[j+11]) +
S32_1(q[j+12]) + S32_2(q[j+13]) + S32_3(q[j+14]) + S32_0(q[j+15]);
return r;
}
static
uint32_t bmw_small_expand2(uint8_t j, const uint32_t* q, const void* m, const void* h){
uint32_t r;
r = ( ROTL32(((uint32_t*)m)[j&0xf], ((j+0)&0xf)+1 )
+ ROTL32(((uint32_t*)m)[(j+3)&0xf], ((j+3)&0xf)+1 )
- ROTL32(((uint32_t*)m)[(j+10)&0xf], ((j+10)&0xf)+1 )
+ k_lut[j]
) ^ ((uint32_t*)h)[(j+7)&0xf];
r += (q[j+ 0]) + R32_1(q[j+ 1]) + (q[j+ 2]) + R32_2(q[j+ 3]) +
(q[j+ 4]) + R32_3(q[j+ 5]) + (q[j+ 6]) + R32_4(q[j+ 7]) +
(q[j+ 8]) + R32_5(q[j+ 9]) + (q[j+10]) + R32_6(q[j+11]) +
(q[j+12]) + R32_7(q[j+13]) + S32_4(q[j+14]) + S32_5(q[j+15]);
return r;
}
static
void bmw_small_f0(uint32_t* q, uint32_t* h, const void* m){
uint8_t i;
i=15;
do{
((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}while(i--);
dump_x(h, 16, 'T');
q[ 0] = (h[ 5] - h[ 7] + h[10] + h[13] + h[14]);
q[ 1] = (h[ 6] - h[ 8] + h[11] + h[14] - h[15]);
q[ 2] = (h[ 0] + h[ 7] + h[ 9] - h[12] + h[15]);
q[ 3] = (h[ 0] - h[ 1] + h[ 8] - h[10] + h[13]);
q[ 4] = (h[ 1] + h[ 2] + h[ 9] - h[11] - h[14]);
q[ 5] = (h[ 3] - h[ 2] + h[10] - h[12] + h[15]);
q[ 6] = (h[ 4] - h[ 0] - h[ 3] - h[11] + h[13]);
q[ 7] = (h[ 1] - h[ 4] - h[ 5] - h[12] - h[14]);
q[ 8] = (h[ 2] - h[ 5] - h[ 6] + h[13] - h[15]);
q[ 9] = (h[ 0] - h[ 3] + h[ 6] - h[ 7] + h[14]);
q[10] = (h[ 8] - h[ 1] - h[ 4] - h[ 7] + h[15]);
q[11] = (h[ 8] - h[ 0] - h[ 2] - h[ 5] + h[ 9]);
q[12] = (h[ 1] + h[ 3] - h[ 6] - h[ 9] + h[10]);
q[13] = (h[ 2] + h[ 4] + h[ 7] + h[10] + h[11]);
q[14] = (h[ 3] - h[ 5] + h[ 8] - h[11] - h[12]);
q[15] = (h[12] - h[ 4] - h[ 6] - h[ 9] + h[13]);
dump_x(q, 16, 'W');
q[ 0] = S32_0(q[ 0]); q[ 1] = S32_1(q[ 1]); q[ 2] = S32_2(q[ 2]); q[ 3] = S32_3(q[ 3]); q[ 4] = S32_4(q[ 4]);
q[ 5] = S32_0(q[ 5]); q[ 6] = S32_1(q[ 6]); q[ 7] = S32_2(q[ 7]); q[ 8] = S32_3(q[ 8]); q[ 9] = S32_4(q[ 9]);
q[10] = S32_0(q[10]); q[11] = S32_1(q[11]); q[12] = S32_2(q[12]); q[13] = S32_3(q[13]); q[14] = S32_4(q[14]);
q[15] = S32_0(q[15]);
i=15;
do{
q[(i+15)&15] += ((uint32_t*)h)[i] ^= ((uint32_t*)m)[i];
}while(i--);
}
static
void bmw_small_f1(uint32_t* q, const void* m, const void* h){
uint8_t i;
q[16] = bmw_small_expand1(0, q, m, h);
q[17] = bmw_small_expand1(1, q, m, h);
for(i=2; i<16; ++i){
q[16+i] = bmw_small_expand2(i, q, m, h);
}
}
static
void bmw_small_f2(uint32_t* h, uint32_t* q, const void* m){
uint32_t xl=0, xh;
uint8_t i;
for(i=16;i<24;++i){
xl ^= q[i];
}
xh = xl;
for(i=24;i<32;++i){
xh ^= q[i];
}
#if DEBUG
cli_putstr("\r\n XL = ");
cli_hexdump_rev(&xl, 4);
cli_putstr("\r\n XH = ");
cli_hexdump_rev(&xh, 4);
#endif
memcpy(h, m, 16*4);
h[0] ^= SHL32(xh, 5) ^ SHR32(q[16], 5);
h[1] ^= SHR32(xh, 7) ^ SHL32(q[17], 8);
h[2] ^= SHR32(xh, 5) ^ SHL32(q[18], 5);
h[3] ^= SHR32(xh, 1) ^ SHL32(q[19], 5);
h[4] ^= SHR32(xh, 3) ^ q[20];
h[5] ^= SHL32(xh, 6) ^ SHR32(q[21], 6);
h[6] ^= SHR32(xh, 4) ^ SHL32(q[22], 6);
h[7] ^= SHR32(xh,11) ^ SHL32(q[23], 2);
for(i=0; i<8; ++i){
h[i] += xl ^ q[24+i] ^ q[i];
}
for(i=0; i<8; ++i){
h[8+i] ^= xh ^ q[24+i];
h[8+i] += ROTL32(h[(4+i)%8],i+9);
}
/*
h[ 8] += SHL32(xl, 8) ^ q[23] ^ q[ 8];
h[ 9] += SHR32(xl, 6) ^ q[16] ^ q[ 9];
h[10] += SHL32(xl, 6) ^ q[17] ^ q[10];
h[11] += SHL32(xl, 4) ^ q[18] ^ q[11];
h[12] += SHR32(xl, 3) ^ q[19] ^ q[12];
h[13] += SHR32(xl, 4) ^ q[20] ^ q[13];
h[14] += SHR32(xl, 7) ^ q[21] ^ q[14];
h[15] += SHR32(xl, 2) ^ q[22] ^ q[15];
*/
i=6;
do{
q[9+i] ^= q[16+i];
}while(i--);
q[8] ^= q[23];
h[ 8] += SHL32(xl, 8) ^ q[ 8];
h[ 9] += SHR32(xl, 6) ^ q[ 9];
h[10] += SHL32(xl, 6) ^ q[10];
h[11] += SHL32(xl, 4) ^ q[11];
h[12] += SHR32(xl, 3) ^ q[12];
h[13] += SHR32(xl, 4) ^ q[13];
h[14] += SHR32(xl, 7) ^ q[14];
h[15] += SHR32(xl, 2) ^ q[15];
}
void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){
uint32_t q[32];
dump_x(block, 16, 'M');
bmw_small_f0(q, ctx->h, block);
dump_x(q, 16, 'Q');
bmw_small_f1(q, block, ctx->h);
dump_x(q, 32, 'Q');
bmw_small_f2(ctx->h, q, block);
ctx->counter += 1;
ctx_dump(ctx);
}
void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[64];
while(length_b >= BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(ctx, block);
length_b -= BMW_SMALL_BLOCKSIZE;
block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B;
}
memset(buffer, 0, 64);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>64*8-64){
bmw_small_nextBlock(ctx, buffer);
memset(buffer, 0, 64-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer);
uint8_t i;
uint32_t q[32];
memset(buffer, 0xaa, 64);
for(i=0; i<16;++i){
buffer[i*4] = i+0xa0;
}
// dump_x(buffer, 16, 'A');
dump_x(ctx->h, 16, 'M');
bmw_small_f0(q, (uint32_t*)buffer, ctx->h);
dump_x(buffer, 16, 'a');
dump_x(q, 16, 'Q');
bmw_small_f1(q, ctx->h, (uint32_t*)buffer);
dump_x(q, 32, 'Q');
bmw_small_f2((uint32_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 64);
}
void bmw224_init(bmw224_ctx_t* ctx){
uint8_t i;
ctx->h[0] = 0x00010203;
for(i=1; i<16; ++i){
ctx->h[i] = ctx->h[i-1]+ 0x04040404;
}
ctx->counter=0;
ctx_dump(ctx);
}
void bmw256_init(bmw256_ctx_t* ctx){
uint8_t i;
ctx->h[0] = 0x40414243;
for(i=1; i<16; ++i){
ctx->h[i] = ctx->h[i-1]+ 0x04040404;
}
ctx->counter=0;
ctx_dump(ctx);
}
void bmw224_nextBlock(bmw224_ctx_t* ctx, const void* block){
bmw_small_nextBlock(ctx, block);
}
void bmw256_nextBlock(bmw256_ctx_t* ctx, const void* block){
bmw_small_nextBlock(ctx, block);
}
void bmw224_lastBlock(bmw224_ctx_t* ctx, const void* block, uint16_t length_b){
bmw_small_lastBlock(ctx, block, length_b);
}
void bmw256_lastBlock(bmw256_ctx_t* ctx, const void* block, uint16_t length_b){
bmw_small_lastBlock(ctx, block, length_b);
}
void bmw224_ctx2hash(void* dest, const bmw224_ctx_t* ctx){
memcpy(dest, &(ctx->h[9]), 224/8);
}
void bmw256_ctx2hash(void* dest, const bmw256_ctx_t* ctx){
memcpy(dest, &(ctx->h[8]), 256/8);
}
void bmw224(void* dest, const void* msg, uint32_t length_b){
bmw_small_ctx_t ctx;
bmw224_init(&ctx);
while(length_b>=BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(&ctx, msg);
length_b -= BMW_SMALL_BLOCKSIZE;
msg = (uint8_t*)msg + BMW_SMALL_BLOCKSIZE_B;
}
bmw_small_lastBlock(&ctx, msg, length_b);
bmw224_ctx2hash(dest, &ctx);
}
void bmw256(void* dest, const void* msg, uint32_t length_b){
bmw_small_ctx_t ctx;
bmw256_init(&ctx);
while(length_b>=BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(&ctx, msg);
length_b -= BMW_SMALL_BLOCKSIZE;
msg = (uint8_t*)msg + BMW_SMALL_BLOCKSIZE_B;
}
bmw_small_lastBlock(&ctx, msg, length_b);
bmw256_ctx2hash(dest, &ctx);
}

77
bmw/f0-opt-table.txt Normal file
View File

@ -0,0 +1,77 @@
q[ 0] = (+ h[ 5] - h[ 7] + h[10] + h[13] + h[14]);
q[ 1] = (+ h[ 6] - h[ 8] + h[11] + h[14] - h[15]);
q[ 2] = (+ h[ 7] + h[ 9] - h[12] + h[15] + h[ 0]);
q[ 3] = (+ h[ 8] - h[10] + h[13] + h[ 0] - h[ 1]);
q[ 4] = (+ h[ 9] - h[11] - h[14] + h[ 1] + h[ 2]);
q[ 5] = (+ h[10] - h[12] + h[15] - h[ 2] + h[ 3]);
q[ 6] = (- h[11] + h[13] - h[ 0] - h[ 3] + h[ 4]);
q[ 7] = (- h[12] - h[14] + h[ 1] - h[ 4] - h[ 5]);
q[ 8] = (+ h[13] - h[15] + h[ 2] - h[ 5] - h[ 6]);
q[ 9] = (+ h[14] + h[ 0] - h[ 3] + h[ 6] - h[ 7]);
q[10] = (+ h[15] - h[ 1] - h[ 4] - h[ 7] + h[ 8]);
q[11] = (- h[ 0] - h[ 2] - h[ 5] + h[ 8] + h[ 9]);
q[12] = (+ h[ 1] + h[ 3] - h[ 6] - h[ 9] + h[10]);
q[13] = (+ h[ 2] + h[ 4] + h[ 7] + h[10] + h[11]);
q[14] = (+ h[ 3] - h[ 5] + h[ 8] - h[11] - h[12]);
q[15] = (- h[ 4] - h[ 6] - h[ 9] + h[12] + h[13]);
##########################################################
1 := -
0 := +
+---------- 0x0311
| +-------- 0xDDB3
| | +------ 0x2A79
| | | +---- 0x07AA
| | | | +-- 0x51C2
| | | | |
---------------
0: 0 1 0 0 0 + - + + +
1: 0 1 0 0 1 + - + + -
2: 0 0 1 0 0 + + - + +
3: 0 1 0 0 1 + - + + -
---------------
4: 0 1 1 0 0 + - - + +
5: 0 1 0 1 0 + - + - +
6: 1 0 1 1 0 - + - - +
7: 1 1 0 1 1 - - + - -
---------------
8: 0 1 0 1 1 + - + - -
9: 0 0 1 0 1 + + - + -
10: 0 1 1 1 0 + - - - +
11: 1 1 1 0 0 - - - + +
---------------
12: 0 0 1 1 0 + + - - +
13: 0 0 0 0 0 + + + + +
14: 0 1 0 1 1 + - + - -
15: 1 1 1 0 0 - - - + +
---------------
| | | | |
| | | | +-- 0x438A
| | | +---- 0x55E0
| | +------ 0x9E54
| +-------- 0xCDBB
+---------- 0x88C0
####################################################

129
bmw/f0-opt-table2.txt Normal file
View File

@ -0,0 +1,129 @@
/-------------- 3 --------------\
| |
+-- 2 --v-- 3 --v-- 3 --v-- 1 --+
| | | | |
q[ 0] = (+ h[ 5] - h[ 7] + h[10] + h[13] + h[14]);
q[ 1] = (+ h[ 6] - h[ 8] + h[11] + h[14] - h[15]);
q[ 2] = (+ h[ 7] + h[ 9] - h[12] + h[15] + h[ 0]);
q[ 3] = (+ h[ 8] - h[10] + h[13] + h[ 0] - h[ 1]);
q[ 4] = (+ h[ 9] - h[11] - h[14] + h[ 1] + h[ 2]);
q[ 5] = (+ h[10] - h[12] + h[15] - h[ 2] + h[ 3]);
q[ 6] = (- h[11] + h[13] - h[ 0] - h[ 3] + h[ 4]);
q[ 7] = (- h[12] - h[14] + h[ 1] - h[ 4] - h[ 5]);
q[ 8] = (+ h[13] - h[15] + h[ 2] - h[ 5] - h[ 6]);
q[ 9] = (+ h[14] + h[ 0] - h[ 3] + h[ 6] - h[ 7]);
q[10] = (+ h[15] - h[ 1] - h[ 4] - h[ 7] + h[ 8]);
q[11] = (- h[ 0] - h[ 2] - h[ 5] + h[ 8] + h[ 9]);
q[12] = (+ h[ 1] + h[ 3] - h[ 6] - h[ 9] + h[10]);
q[13] = (+ h[ 2] + h[ 4] + h[ 7] + h[10] + h[11]);
q[14] = (+ h[ 3] - h[ 5] + h[ 8] - h[11] - h[12]);
q[15] = (- h[ 4] - h[ 6] - h[ 9] + h[12] + h[13]);
A B C D E F G
q[ 0] = (+ h[ 5] - h[ 7] + h[10] + h[13] + h[14]);
q[ 3] = (+ h[ 8] - h[10] + h[13] + h[ 0] - h[ 1]);
q[ 6] = (- h[11] + h[13] - h[ 0] - h[ 3] + h[ 4]);
q[ 9] = (+ h[14] + h[ 0] - h[ 3] + h[ 6] - h[ 7]);
q[12] = (+ h[ 1] + h[ 3] - h[ 6] - h[ 9] + h[10]);
q[15] = (- h[ 4] - h[ 6] - h[ 9] + h[12] + h[13]);
q[ 2] = (+ h[ 7] + h[ 9] - h[12] + h[15] + h[ 0]);
q[ 5] = (+ h[10] - h[12] + h[15] - h[ 2] + h[ 3]);
q[ 8] = (+ h[13] - h[15] + h[ 2] - h[ 5] - h[ 6]);
q[11] = (- h[ 0] - h[ 2] - h[ 5] + h[ 8] + h[ 9]);
q[14] = (+ h[ 3] - h[ 5] + h[ 8] - h[11] - h[12]);
q[ 1] = (+ h[ 6] - h[ 8] + h[11] + h[14] - h[15]);
q[ 4] = (+ h[ 9] - h[11] - h[14] + h[ 1] + h[ 2]);
q[ 7] = (- h[12] - h[14] + h[ 1] - h[ 4] - h[ 5]);
q[10] = (+ h[15] - h[ 1] - h[ 4] - h[ 7] + h[ 8]);
q[13] = (+ h[ 2] + h[ 4] + h[ 7] + h[10] + h[11]);
;-- (1)
Q = 0; A=5; B=7; C=10; D=13; E=14; F=11; G=8;
Q = * A * B * C * D * E
Q+=3; A=G; G=F; F=E; E+=3; B=C; C=D; D+=3;
;-- (2)
G=5; F=8; E=11; C=7; D=10;
/* signs */
+-+++
+-++-
-+--+
++-+-
++--+
---++
++-++
+-+-+
+-+--
---++
+-+--
+-++-
+--++
--+--
+---+
+++++
+---------- 0x4222 / 0x2224
| +-------- 0x3AF7 / 0x7FA3
| | +------ 0xC725 / 0x527C
| | | +---- 0x4956 / 0x6594
| | | | +-- 0x50D2 / 0x2D05
| | | | |
;----------
0 1 0 0 0 -- 0x08
0 1 0 0 1 -- 0x09
1 0 1 1 0 -- 0x16
0 0 1 0 1 -- 0x05
;----------
0 0 1 1 0 -- 0x06
1 1 1 0 0 -- 0x1C
0 0 1 0 0 -- 0x04
0 1 0 1 0 -- 0x0A
;----------
0 1 0 1 1 -- 0x0B
1 1 1 0 0 -- 0x1C
0 1 0 1 1 -- 0x0B
0 1 0 0 1 -- 0x09
;----------
0 1 1 0 0 -- 0x0C
1 1 0 1 1 -- 0x1B
0 1 1 1 0 -- 0x0E
0 0 0 0 0 -- 0x00
;---------
/* signs (in order 0..15) */
+-+++
+-++-
++-++
+-++-
+--++
+-+-+
-+--+
--+--
+-+--
++-+-
+---+
---++
++--+
+++++
+-+--
---++
0 1 0 0 0 -- 0x08
0 1 0 0 1 -- 0x09
0 0 1 0 0 -- 0x04
0 1 0 0 1 -- 0x05
0 1 1 0 0 -- 0x0C
0 1 0 1 0 -- 0x0A
1 0 1 1 0 -- 0x16
1 1 0 1 1 -- 0x1D
0 1 0 1 1 -- 0x0D
0 0 1 0 1 -- 0x05
0 1 1 1 0 -- 0x0E
1 1 1 0 0 -- 0x1C
0 0 1 1 0 -- 0x06
0 0 0 0 0 -- 0x00
0 1 0 1 1 -- 0x0D
1 1 1 0 0 -- 0x1C

12
bmw/memxor.c Normal file
View File

@ -0,0 +1,12 @@
#include <stdint.h>
#include "memxor.h"
void memxor(void* dest, const void* src, uint16_t n){
while(n--){
*((uint8_t*)dest) ^= *((uint8_t*)src);
dest = (uint8_t*)dest +1;
src = (uint8_t*)src +1;
}
}

7
bmw/memxor.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef MEMXOR_H_
#define MEMXOR_H_
#include <stdint.h>
void memxor(void* dest, const void* src, uint16_t n);
#endif

181
cubehash/cubehash.c Normal file
View File

@ -0,0 +1,181 @@
/* cubehash.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file cubehash.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2010-02-20
* \license GPLv3 or later
*
*/
#include "memxor.h"
#include "cubehash.h"
#include <string.h>
#include <stdint.h>
static uint32_t rol32(uint32_t a, uint8_t r){
return (a<<r)|(a>>(32-r));
}
/*
Add x_0jklm into x_1jklm modulo 232 , for each (j, k, l, m).
Rotate x_0jklm upwards by 7 bits, for each (j, k, l, m).
Swap x_00klm with x_01klm , for each (k, l, m).
Xor x_1jklm into x_0jklm , for each (j, k, l, m).
Swap x_1jk0m with x_1jk1m , for each (j, k, m).
Add x_0jklm into x_1jklm modulo 232 , for each (j, k, l, m).
Rotate x_0jklm upwards by 11 bits, for each (j, k, l, m).
Swap x_0j0lm with x_0j1lm , for each (j, l, m).
Xor x_1jklm into x_0jklm , for each (j, k, l, m).
Swap x_1jkl0 with x_1jkl1 , for each (j, k, l).
*/
static void cubehash_round(cubehash_ctx_t* ctx){
uint8_t i;
uint32_t t;
for(i=0; i<16; ++i){
ctx->a[i+16] += ctx->a[i];
}
for(i=0; i<16; ++i){
ctx->a[i] = rol32(ctx->a[i], 7);
}
for(i=0; i<8; ++i){
t = ctx->a[i];
ctx->a[i] = ctx->a[i+8];
ctx->a[i+8] = t;
}
for(i=0; i<16; ++i){
ctx->a[i] ^= ctx->a[i+16];
}
for(i=16; i<4*4+16; i+=4){
t = ctx->a[i];
ctx->a[i] = ctx->a[i+2];
ctx->a[i+2] = t;
t = ctx->a[i+1];
ctx->a[i+1] = ctx->a[i+3];
ctx->a[i+3] = t;
}
for(i=0; i<16; ++i){
ctx->a[i+16] += ctx->a[i];
}
for(i=0; i<16; ++i){
ctx->a[i] = rol32(ctx->a[i], 11);
}
for(i=0; i<4; ++i){
t = ctx->a[i];
ctx->a[i] = ctx->a[i+4];
ctx->a[i+4] = t;
}
for(i=8; i<4+8; ++i){
t = ctx->a[i];
ctx->a[i] = ctx->a[i+4];
ctx->a[i+4] = t;
}
for(i=0; i<16; ++i){
ctx->a[i] ^= ctx->a[i+16];
}
for(i=16; i<16+16; i+=2){
t = ctx->a[i];
ctx->a[i] = ctx->a[i+1];
ctx->a[i+1] = t;
}
}
void cubehash_init(uint8_t r, uint8_t b, uint16_t h, cubehash_ctx_t* ctx){
memset(ctx->a, 0, 32*4);
ctx->a[0] = h/8;
ctx->a[1] = b;
ctx->a[2] = r;
ctx->rounds = r;
ctx->blocksize_B = b;
for(b=0; b<10*r; ++b){
cubehash_round(ctx);
}
}
void cubehash_nextBlock(cubehash_ctx_t* ctx, void* block){
uint8_t i;
memxor(ctx->a, block, ctx->blocksize_B);
for(i=0; i<ctx->rounds; ++i){
cubehash_round(ctx);
}
}
void cubehash_lastBlock(cubehash_ctx_t* ctx, void* block, uint16_t length_b){
while(length_b>=ctx->blocksize_B*8){
cubehash_nextBlock(ctx, block);
block = (uint8_t*)block + ctx->blocksize_B;
length_b -= ctx->blocksize_B*8;
}
uint8_t buffer[ctx->blocksize_B];
uint8_t i;
memset(buffer, 0, ctx->blocksize_B);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&7);
cubehash_nextBlock(ctx, buffer);
ctx->a[31] ^= 1;
for(i=0; i<10*(ctx->rounds); ++i){
cubehash_round(ctx);
}
}
void cubehash_ctx2hash(void* dest, uint16_t length_b, cubehash_ctx_t* ctx){
memcpy(dest, ctx->a, (length_b+7)/8);
}
/******************************************************************************/
void cubehash224_init(cubehash_ctx_t* ctx){
cubehash_init(16, 32, 224, ctx);
}
void cubehash224_ctx2hash(void* dest, cubehash_ctx_t* ctx){
cubehash_ctx2hash(dest, 224, ctx);
}
/******************************************************************************/
void cubehash256_init(cubehash_ctx_t* ctx){
cubehash_init(16, 32, 256, ctx);
}
void cubehash256_ctx2hash(void* dest, cubehash_ctx_t* ctx){
cubehash_ctx2hash(dest, 256, ctx);
}
/******************************************************************************/
void cubehash384_init(cubehash_ctx_t* ctx){
cubehash_init(16, 32, 384, ctx);
}
void cubehash384_ctx2hash(void* dest, cubehash_ctx_t* ctx){
cubehash_ctx2hash(dest, 384, ctx);
}
/******************************************************************************/
void cubehash512_init(cubehash_ctx_t* ctx){
cubehash_init(16, 32, 512, ctx);
}
void cubehash512_ctx2hash(void* dest, cubehash_ctx_t* ctx){
cubehash_ctx2hash(dest, 512, ctx);
}

57
cubehash/cubehash.h Normal file
View File

@ -0,0 +1,57 @@
/* cubehash.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef CUBEHASH_H_
#define CUBEHASH_H_
#include <stdint.h>
#define CUBEHASH224_BLOCKSIZE 256
#define CUBEHASH224_BLOCKSIZE_B ((CUBEHASH224_BLOCKSIZE+7)/8)
#define CUBEHASH256_BLOCKSIZE 256
#define CUBEHASH256_BLOCKSIZE_B ((CUBEHASH256_BLOCKSIZE+7)/8)
#define CUBEHASH384_BLOCKSIZE 256
#define CUBEHASH384_BLOCKSIZE_B ((CUBEHASH284_BLOCKSIZE+7)/8)
#define CUBEHASH512_BLOCKSIZE 256
#define CUBEHASH512_BLOCKSIZE_B ((CUBEHASH512_BLOCKSIZE+7)/8)
typedef struct {
uint32_t a[32];
uint8_t rounds;
uint8_t blocksize_B;
} cubehash_ctx_t;
void cubehash_init(uint8_t r, uint8_t b, uint16_t h, cubehash_ctx_t* ctx);
void cubehash_nextBlock(cubehash_ctx_t* ctx, void* block);
void cubehash_lastBlock(cubehash_ctx_t* ctx, void* block, uint16_t length_b);
void cubehash_ctx2hash(void* dest, uint16_t length_b, cubehash_ctx_t* ctx);
void cubehash224_init(cubehash_ctx_t* ctx);
void cubehash224_ctx2hash(void* dest, cubehash_ctx_t* ctx);
void cubehash256_init(cubehash_ctx_t* ctx);
void cubehash256_ctx2hash(void* dest, cubehash_ctx_t* ctx);
void cubehash384_init(cubehash_ctx_t* ctx);
void cubehash384_ctx2hash(void* dest, cubehash_ctx_t* ctx);
void cubehash512_init(cubehash_ctx_t* ctx);
void cubehash512_ctx2hash(void* dest, cubehash_ctx_t* ctx);
#endif /* CUBEHASH_H_ */

12
cubehash/memxor.c Normal file
View File

@ -0,0 +1,12 @@
#include <stdint.h>
#include "memxor.h"
void memxor(void* dest, const void* src, uint16_t n){
while(n--){
*((uint8_t*)dest) ^= *((uint8_t*)src);
dest = (uint8_t*)dest +1;
src = (uint8_t*)src +1;
}
}

7
cubehash/memxor.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef MEMXOR_H_
#define MEMXOR_H_
#include <stdint.h>
void memxor(void* dest, const void* src, uint16_t n);
#endif

78
echo/aes_enc_round.c Normal file
View File

@ -0,0 +1,78 @@
/* aes-round.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include "aes_enc_round.h"
#include "gf256mul.h"
#include "aes_sbox.h"
static
void aes_shiftcol(void* data, uint8_t shift){
uint8_t tmp[4];
tmp[0] = ((uint8_t*)data)[ 0];
tmp[1] = ((uint8_t*)data)[ 4];
tmp[2] = ((uint8_t*)data)[ 8];
tmp[3] = ((uint8_t*)data)[12];
((uint8_t*)data)[ 0] = tmp[(shift+0)&3];
((uint8_t*)data)[ 4] = tmp[(shift+1)&3];
((uint8_t*)data)[ 8] = tmp[(shift+2)&3];
((uint8_t*)data)[12] = tmp[(shift+3)&3];
}
#define GF256MUL_1(a) (a)
#define GF256MUL_2(a) (gf256mul(2, (a), 0x1b))
#define GF256MUL_3(a) (gf256mul(3, (a), 0x1b))
void aes_enc_round(aes_cipher_state_t* state, const aes_roundkey_t* k){
uint8_t tmp[16], t;
uint8_t i;
/* subBytes */
for(i=0; i<16; ++i){
tmp[i] = aes_sbox[state->s[i]];
}
/* shiftRows */
aes_shiftcol(tmp+1, 1);
aes_shiftcol(tmp+2, 2);
aes_shiftcol(tmp+3, 3);
/* mixColums */
for(i=0; i<4; ++i){
t = tmp[4*i+0] ^ tmp[4*i+1] ^ tmp[4*i+2] ^ tmp[4*i+3];
state->s[4*i+0] =
GF256MUL_2(tmp[4*i+0]^tmp[4*i+1])
^ tmp[4*i+0]
^ t;
state->s[4*i+1] =
GF256MUL_2(tmp[4*i+1]^tmp[4*i+2])
^ tmp[4*i+1]
^ t;
state->s[4*i+2] =
GF256MUL_2(tmp[4*i+2]^tmp[4*i+3])
^ tmp[4*i+2]
^ t;
state->s[4*i+3] =
GF256MUL_2(tmp[4*i+3]^tmp[4*i+0])
^ tmp[4*i+3]
^ t;
}
/* addKey */
for(i=0; i<16; ++i){
state->s[i] ^= k->ks[i];
}
}

34
echo/aes_enc_round.h Normal file
View File

@ -0,0 +1,34 @@
/* aes_enc_round.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef AES_ENC_ROUND_H_
#define AES_ENC_ROUND_H_
typedef struct{
uint8_t s[16];
} aes_cipher_state_t;
typedef struct{
uint8_t ks[16];
} aes_roundkey_t;
void aes_enc_round(aes_cipher_state_t* state, const aes_roundkey_t* k);
#endif /* AES_ENC_ROUND_H_ */

39
echo/aes_sbox.c Normal file
View File

@ -0,0 +1,39 @@
/* aes sbox */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
const uint8_t aes_sbox[256] = {
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
};

33
echo/aes_sbox.h Normal file
View File

@ -0,0 +1,33 @@
/* aes_sbox.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file aes_sbox.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2008-12-30
* \license GPLv3 or later
*
*/
#ifndef AES_SBOX_H_
#define AES_SBOX_H_
#include <stdint.h>
extern const uint8_t aes_sbox[];
#endif

335
echo/echo.c Normal file
View File

@ -0,0 +1,335 @@
/* echo.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "echo.h"
#include "gf256mul.h"
#include "memxor.h"
#include "aes_enc_round.h"
#include <stdint.h>
#include <string.h>
#ifdef DEBUG
#undef DEBUG
#endif
#define DEBUG 0
#if DEBUG
#define DEBUG_DEPTH 2
#include "cli.h"
#endif
#define INDEX(c,r) ((c)*16*4+(r)*16)
#define GF256MUL_1(a) (a)
#define GF256MUL_2(a) (gf256mul(2, (a), 0x1b))
#define GF256MUL_3(a) (gf256mul(3, (a), 0x1b))
static void mixcol(uint8_t* s){
uint8_t t, tmp[4];
tmp[0] = *(s+16*0);
tmp[1] = *(s+16*1);
tmp[2] = *(s+16*2);
tmp[3] = *(s+16*3);
t = tmp[0] ^ tmp[1] ^ tmp[2] ^ tmp[3];
*(s+16*0) =
GF256MUL_2(tmp[0]^tmp[1])
^ tmp[0]
^ t;
*(s+16*1) =
GF256MUL_2(tmp[1]^tmp[2])
^ tmp[1]
^ t;
*(s+16*2) =
GF256MUL_2(tmp[2]^tmp[3])
^ tmp[2]
^ t;
*(s+16*3) =
GF256MUL_2(tmp[3]^tmp[0])
^ tmp[3]
^ t;
}
#if DEBUG
static void dump_state(void* s){
uint8_t row, col;
for(col=0; col<4; col++){
for(row=0; row<4; row++){
cli_putstr("\r\nrow ");
cli_putc('0'+row);
cli_putstr(", col ");
cli_putc('0'+col);
cli_putstr(": ");
cli_hexdump((uint8_t*)s+col*16*4+row*16, 4);
cli_putc(' ');
cli_hexdump((uint8_t*)s+col*16*4+row*16+ 4, 4);
cli_putc(' ');
cli_hexdump((uint8_t*)s+col*16*4+row*16+ 8, 4);
cli_putc(' ');
cli_hexdump((uint8_t*)s+col*16*4+row*16+12, 4);
}
}
}
#endif
static void echo_compress(uint8_t* s, uint8_t iterations, uint64_t* c, void* salt){
uint8_t i, j;
uint8_t k[16];
#if DEBUG
uint8_t round=0;
#endif
memcpy(k, c, 8);
memset(k+8, 0, 8);
do{
/* BIG.SubWords */
#if DEBUG
cli_putstr("\r\n === ROUND ");
cli_putc('0'+round);
cli_putstr(" ===");
if(round<DEBUG_DEPTH){
dump_state(s);
}
#endif
for(i=0; i<16; ++i){
aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)k);
aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)salt);
*((uint64_t*)(k)) += 1;
}
#if DEBUG
if(round<DEBUG_DEPTH){
cli_putstr("\r\nAfter SubWords");
dump_state(s);
}
#endif
/* BIG.ShiftRows */
uint8_t t[16];
/* "Row" 1 */
memcpy(t, s+INDEX(0, 1), 16);
memcpy(s+INDEX(0, 1), s+INDEX(1, 1), 16);
memcpy(s+INDEX(1, 1), s+INDEX(2, 1), 16);
memcpy(s+INDEX(2, 1), s+INDEX(3, 1), 16);
memcpy(s+INDEX(3, 1), t, 16);
/* "Row" 2 */
memcpy(t, s+INDEX(0, 2), 16);
memcpy(s+INDEX(0, 2), s+INDEX(2, 2), 16);
memcpy(s+INDEX(2, 2), t, 16);
memcpy(t, s+INDEX(1, 2), 16);
memcpy(s+INDEX(1, 2), s+INDEX(3, 2), 16);
memcpy(s+INDEX(3, 2), t, 16);
/* "Row" 3 */
memcpy(t, s+INDEX(0, 3), 16);
memcpy(s+INDEX(0, 3), s+INDEX(3, 3), 16);
memcpy(s+INDEX(3, 3), s+INDEX(2, 3), 16);
memcpy(s+INDEX(2, 3), s+INDEX(1, 3), 16);
memcpy(s+INDEX(1, 3), t, 16);
#if DEBUG
if(round<DEBUG_DEPTH){
cli_putstr("\r\nAfter ShiftRows");
dump_state(s);
}
#endif
/* BIG.MixColumns */
for(i=0; i<4; i+=1){
for(j=0; j<16; ++j){
mixcol(s+i*64+j);
}
}
#if DEBUG
if(round<DEBUG_DEPTH){
cli_putstr("\r\nAfter MixColumns");
dump_state(s);
}
round++;
#endif
}while(--iterations);
}
/******************************************************************************/
static void compress512(void* v, void* m, uint64_t* c, void* salt){
uint8_t s[16*16];
uint8_t i;
memcpy(s, v, 16*4); /* load v into state */
memcpy(s+16*4, m, 16*12); /* load m into state */
echo_compress(s, 8, c, salt);
/* BIG.Final */
for(i=0; i<3; ++i){
memxor(v, (uint8_t*)m+4*16*i, 4*16);
}
for(i=0; i<4; ++i){
memxor(v, s+4*16*i, 4*16);
}
}
static void compress1024(void* v, void* m, uint64_t* c, void* salt){
uint8_t s[16*16];
memcpy(s, v, 16*8); /* load v into state */
memcpy(s+16*8, m, 16*8); /* load m into state */
echo_compress(s, 10, c, salt);
/* BIG.Final */
memxor(v, m, 16*8);
memxor(v, s, 16*8);
memxor(v, s+16*8, 16*8);
}
/******************************************************************************/
void echo_small_nextBlock(echo_small_ctx_t* ctx, void* block){
ctx->counter += ECHO_SMALL_BLOCKSIZE;
compress512(ctx->v, block, &(ctx->counter), ctx->salt);
}
void echo_small_lastBlock(echo_small_ctx_t* ctx, void* block, uint16_t length_b){
while(length_b>=ECHO_SMALL_BLOCKSIZE){
echo_small_nextBlock(ctx, block);
block = (uint8_t*)block + ECHO_SMALL_BLOCKSIZE_B;
length_b -= ECHO_SMALL_BLOCKSIZE;
}
uint8_t buffer[ECHO_SMALL_BLOCKSIZE_B];
uint64_t total_len;
memset(buffer, 0, ECHO_SMALL_BLOCKSIZE_B);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&7);
total_len = (ctx->counter += length_b);
if(length_b>=ECHO_SMALL_BLOCKSIZE-144){
compress512(ctx->v, buffer, &total_len, ctx->salt);
memset(buffer, 0, ECHO_SMALL_BLOCKSIZE_B);
ctx->counter = 0;
}
if(length_b==0){
ctx->counter = 0;
}
memcpy(buffer+ECHO_SMALL_BLOCKSIZE_B-18, &(ctx->id), 2);
memcpy(buffer+ECHO_SMALL_BLOCKSIZE_B-16, &total_len, 8);
compress512(ctx->v, buffer, &(ctx->counter), ctx->salt);
}
/******************************************************************************/
void echo_large_nextBlock(echo_large_ctx_t* ctx, void* block){
ctx->counter += ECHO_LARGE_BLOCKSIZE;
compress1024(ctx->v, block, &(ctx->counter), ctx->salt);
}
void echo_large_lastBlock(echo_large_ctx_t* ctx, void* block, uint16_t length_b){
while(length_b>=ECHO_LARGE_BLOCKSIZE){
echo_large_nextBlock(ctx, block);
block = (uint8_t*)block + ECHO_LARGE_BLOCKSIZE_B;
length_b -= ECHO_LARGE_BLOCKSIZE;
}
uint8_t buffer[ECHO_LARGE_BLOCKSIZE_B];
uint64_t total_len;
memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&7);
total_len = (ctx->counter += length_b);
if(length_b>=ECHO_LARGE_BLOCKSIZE-144){
compress1024(ctx->v, buffer, &total_len, ctx->salt);
memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
ctx->counter = 0;
}
if(length_b==0){
ctx->counter = 0;
}
memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-18, &(ctx->id), 2);
memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-16, &total_len, 8);
compress1024(ctx->v, buffer, &(ctx->counter), ctx->salt);
}
/******************************************************************************/
void echo_ctx2hash(void* dest, uint16_t length_b, echo_small_ctx_t* ctx){
memcpy(dest, ctx->v, (length_b+7)/8);
}
void echo224_ctx2hash(void* dest, echo_small_ctx_t* ctx){
memcpy(dest, ctx->v, 224/8);
}
void echo256_ctx2hash(void* dest, echo_small_ctx_t* ctx){
memcpy(dest, ctx->v, 256/8);
}
/******************************************************************************/
void echo384_ctx2hash(void* dest, echo_large_ctx_t* ctx){
memcpy(dest, ctx->v, 384/8);
}
void echo512_ctx2hash(void* dest, echo_large_ctx_t* ctx){
memcpy(dest, ctx->v, 512/8);
}
/******************************************************************************/
void echo224_init(echo_small_ctx_t* ctx){
memset(ctx->v, 0, 4*16);
ctx->counter = 0;
memset(ctx->salt, 0, 16);
ctx->id = 0x00E0;
ctx->v[0+16*0] = 0xE0;
ctx->v[0+16*1] = 0xE0;
ctx->v[0+16*2] = 0xE0;
ctx->v[0+16*3] = 0xE0;
}
void echo256_init(echo_small_ctx_t* ctx){
memset(ctx->v, 0, 4*16);
ctx->counter = 0;
memset(ctx->salt, 0, 16);
ctx->id = 0x0100;
ctx->v[1+16*0] = 0x01;
ctx->v[1+16*1] = 0x01;
ctx->v[1+16*2] = 0x01;
ctx->v[1+16*3] = 0x01;
}
/******************************************************************************/
void echo384_init(echo_large_ctx_t* ctx){
uint8_t i;
memset(ctx->v, 0, 8*16);
ctx->counter = 0;
memset(ctx->salt, 0, 16);
ctx->id = 0x0180;
for(i=0; i<8; ++i){
ctx->v[0+16*i] = 0x80;
ctx->v[1+16*i] = 0x01;
}
}
void echo512_init(echo_large_ctx_t* ctx){
uint8_t i;
memset(ctx->v, 0, 8*16);
ctx->counter = 0;
memset(ctx->salt, 0, 16);
ctx->id = 0x0200;
for(i=0; i<8; ++i){
ctx->v[1+16*i] = 0x02;
}
}
/******************************************************************************/

69
echo/echo.h Normal file
View File

@ -0,0 +1,69 @@
/* echo.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef ECHO_H_
#define ECHO_H_
#include <stdint.h>
#define ECHO_SMALL_BLOCKSIZE 1536
#define ECHO_SMALL_BLOCKSIZE_B ((ECHO_SMALL_BLOCKSIZE+7)/8)
#define ECHO_LARGE_BLOCKSIZE 1024
#define ECHO_LARGE_BLOCKSIZE_B ((ECHO_LARGE_BLOCKSIZE+7)/8)
#define ECHO224_BLOCKSIZE ECHO_SMALL_BLOCKSIZE
#define ECHO224_BLOCKSIZE_B ((ECHO224_BLOCKSIZE+7)/8)
#define ECHO256_BLOCKSIZE ECHO_SMALL_BLOCKSIZE
#define ECHO256_BLOCKSIZE_B ((ECHO256_BLOCKSIZE+7)/8)
#define ECHO384_BLOCKSIZE ECHO_LARGE_BLOCKSIZE
#define ECHO384_BLOCKSIZE_B ((ECHO384_BLOCKSIZE+7)/8)
#define ECHO512_BLOCKSIZE ECHO_LARGE_BLOCKSIZE
#define ECHO512_BLOCKSIZE_B ((ECHO512_BLOCKSIZE+7)/8)
typedef struct{
uint8_t v[4*16];
uint8_t salt[16];
uint64_t counter;
uint16_t id;
}echo_small_ctx_t;
typedef struct{
uint8_t v[8*16];
uint8_t salt[16];
uint64_t counter;
uint16_t id;
}echo_large_ctx_t;
void echo_small_nextBlock(echo_small_ctx_t* ctx, void* block);
void echo_small_lastBlock(echo_small_ctx_t* ctx, void* block, uint16_t length_b);
void echo_small_ctx2hash(void* dest, uint16_t length_b, echo_small_ctx_t* ctx);
void echo224_ctx2hash(void* dest, echo_small_ctx_t* ctx);
void echo256_ctx2hash(void* dest, echo_small_ctx_t* ctx);
void echo224_init(echo_small_ctx_t* ctx);
void echo256_init(echo_small_ctx_t* ctx);
void echo_large_nextBlock(echo_large_ctx_t* ctx, void* block);
void echo_large_lastBlock(echo_large_ctx_t* ctx, void* block, uint16_t length_b);
void echo_large_ctx2hash(void* dest, uint16_t length_b, echo_large_ctx_t* ctx);
void echo384_ctx2hash(void* dest, echo_large_ctx_t* ctx);
void echo512_ctx2hash(void* dest, echo_large_ctx_t* ctx);
void echo384_init(echo_large_ctx_t* ctx);
void echo512_init(echo_large_ctx_t* ctx);
#endif /* ECHO_H_ */

40
echo/gf256mul.c Normal file
View File

@ -0,0 +1,40 @@
/* gf256mul.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer){
uint8_t r=0;
while(a&0xFE){
if(a&1){
r ^= b;
}
a >>= 1;
if(b&0x80){
b <<= 1;
b ^= reducer;
}else{
b <<= 1;
}
}
if(a&1){
r ^= b;
}
return r;
}

37
echo/gf256mul.h Normal file
View File

@ -0,0 +1,37 @@
/* gf256mul.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GF256MUL_H_
#define GF256MUL_H_
/**
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2008-12-19
* \license GPLv3
* \brief
*
*
*/
#include <stdint.h>
uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
#endif /* GF256MUL_H_ */

12
echo/memxor.c Normal file
View File

@ -0,0 +1,12 @@
#include <stdint.h>
#include "memxor.h"
void memxor(void* dest, const void* src, uint16_t n){
while(n--){
*((uint8_t*)dest) ^= *((uint8_t*)src);
dest = (uint8_t*)dest +1;
src = (uint8_t*)src +1;
}
}

7
echo/memxor.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef MEMXOR_H_
#define MEMXOR_H_
#include <stdint.h>
void memxor(void* dest, const void* src, uint16_t n);
#endif

3
gdb-debug Normal file
View File

@ -0,0 +1,3 @@
target remote localhost:3333
set remote hardware-breakpoint-limit 6
set remote hardware-watchpoint-limit 4

7
gdb-flash Normal file
View File

@ -0,0 +1,7 @@
target remote localhost:3333
set remote hardware-breakpoint-limit 6
set remote hardware-watchpoint-limit 4
monitor reset halt
load
monitor reset
quit

39
groestl/aes_sbox.c Normal file
View File

@ -0,0 +1,39 @@
/* aes sbox */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
const uint8_t aes_sbox[256] = {
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
};

33
groestl/aes_sbox.h Normal file
View File

@ -0,0 +1,33 @@
/* aes_sbox.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file aes_sbox.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2008-12-30
* \license GPLv3 or later
*
*/
#ifndef AES_SBOX_H_
#define AES_SBOX_H_
#include <stdint.h>
extern uint8_t aes_sbox[];
#endif

40
groestl/gf256mul.c Normal file
View File

@ -0,0 +1,40 @@
/* gf256mul.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer){
uint8_t r=0;
while(a&0xFE){
if(a&1){
r ^= b;
}
a >>= 1;
if(b&0x80){
b <<= 1;
b ^= reducer;
}else{
b <<= 1;
}
}
if(a&1){
r ^= b;
}
return r;
}

37
groestl/gf256mul.h Normal file
View File

@ -0,0 +1,37 @@
/* gf256mul.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GF256MUL_H_
#define GF256MUL_H_
/**
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2008-12-19
* \license GPLv3
* \brief
*
*
*/
#include <stdint.h>
uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
#endif /* GF256MUL_H_ */

241
groestl/groestl_large.c Normal file
View File

@ -0,0 +1,241 @@
/* groestl_large.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file groestl_large.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-06-11
* \license GPLv3 or later
*
*/
#include "groestl_large.h"
#include "aes_sbox.h"
#include "gf256mul.h"
#include "memxor.h"
#include <stdint.h>
#include <string.h>
#define ROUNDS 14
#define POLYNOM 0x1b
#define DEBUG 0
#if DEBUG
#include "cli.h"
void dump_m(const uint8_t* m){
uint8_t i,j;
for(i=0; i<16; ++i){
cli_putstr("\r\n");
for(j=0; j<8; ++j){
cli_putc(' ');
cli_hexdump(m+8*i+j, 1);
}
}
}
#else
#define dump_m(m)
#endif
static const uint8_t matrix[] = {
2, 2, 3, 4, 5, 3, 5, 7,
7, 2, 2, 3, 4, 5, 3, 5,
5, 7, 2, 2, 3, 4, 5, 3,
3, 5, 7, 2, 2, 3, 4, 5,
5, 3, 5, 7, 2, 2, 3, 4,
4, 5, 3, 5, 7, 2, 2, 3,
3, 4, 5, 3, 5, 7, 2, 2,
2, 3, 4, 5, 3, 5, 7, 2
};
void groestl_large_rounds(uint8_t *m, uint8_t q){
uint8_t r,i,j;
uint8_t tmp[16];
for(r=0; r<ROUNDS; ++r){
if(q){
m[7] ^= 0xff ^ r;
}else{
m[0] ^= r;
}
#if DEBUG
if(r<2){
cli_putstr("\r\npost add-const");
dump_m(m);
}
#endif
for(i=0;i<16*8; ++i){
m[i] = aes_sbox[m[i]];
}
for(i=1; i<7; ++i){
for(j=0; j<16; ++j)
tmp[j] = m[i+8*j];
for(j=0; j<16; ++j){
m[i+((j-i+16)%16)*8] = tmp[j];
}
}
for(j=0; j<16; ++j)
tmp[j] = m[7+8*j];
for(j=0; j<16; ++j){
m[7+((j-11+16)%16)*8] = tmp[j];
}
#if DEBUG
if(r<2){
cli_putstr("\r\npost shift-bytes");
dump_m(m);
}
#endif
for(i=0; i<16; ++i){
memcpy(tmp, m+8*i, 8);
for(j=0; j<8; ++j){
m[j+i*8] = gf256mul(matrix[8*j+0],tmp[0], POLYNOM)
^ gf256mul(matrix[8*j+1],tmp[1], POLYNOM)
^ gf256mul(matrix[8*j+2],tmp[2], POLYNOM)
^ gf256mul(matrix[8*j+3],tmp[3], POLYNOM)
^ gf256mul(matrix[8*j+4],tmp[4], POLYNOM)
^ gf256mul(matrix[8*j+5],tmp[5], POLYNOM)
^ gf256mul(matrix[8*j+6],tmp[6], POLYNOM)
^ gf256mul(matrix[8*j+7],tmp[7], POLYNOM);
}
}
#if DEBUG
if(r<2){
cli_putstr("\r\npost mix-bytes");
dump_m(m);
}
#endif
}
}
void groestl384_init(groestl384_ctx_t* ctx){
memset(ctx->h, 0, 16*8);
ctx->h[8*16-1] = (uint8_t)384;
ctx->h[8*16-2] = (uint8_t)(384>>8);
ctx->counter = 0;
}
void groestl512_init(groestl512_ctx_t* ctx){
memset(ctx->h, 0, 16*8);
ctx->h[8*16-2] = 2;
ctx->counter = 0;
}
void groestl_large_nextBlock(groestl_large_ctx_t* ctx, const void* block){
uint8_t tmp1[128], tmp2[128];
/*
for(i=0; i<8; ++i){
for(j=0; j<8; ++j){
tmp1[j*8+i] = ((uint8_t*)block)[i*8+j];
}
}
*/
memcpy(tmp1, block, 128);
memcpy(tmp2, tmp1, 128);
memxor(tmp1, ctx->h, 128);
groestl_large_rounds(tmp1, 0);
groestl_large_rounds(tmp2, 1);
memxor(ctx->h, tmp1, 128);
memxor(ctx->h, tmp2, 128);
ctx->counter++;
}
void groestl_large_lastBlock(groestl_large_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[128];
while(length_b>=GROESTL_LARGE_BLOCKSIZE){
groestl_large_nextBlock(ctx, block);
length_b -= GROESTL_LARGE_BLOCKSIZE;
block = (uint8_t*)block + GROESTL_LARGE_BLOCKSIZE_B;
}
memset(buffer, 0, 128);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b/8] |= 0x80>>(length_b%8);
if(length_b>1024-65){
groestl_large_nextBlock(ctx, buffer);
memset(buffer, 0, 128-4);
}
ctx->counter++;
buffer[128-1] = (uint8_t)(ctx->counter);
buffer[128-2] = (uint8_t)((ctx->counter)>>8);
buffer[128-3] = (uint8_t)((ctx->counter)>>16);
buffer[128-4] = (uint8_t)((ctx->counter)>>24);
groestl_large_nextBlock(ctx, buffer);
}
void groestl_large_ctx2hash(void* dest, const groestl_large_ctx_t* ctx, uint16_t outlength_b){
uint8_t tmp[128];
memcpy(tmp, ctx->h, 128);
groestl_large_rounds(tmp, 0);
memxor(tmp, ctx->h, 128);
#if DEBUG
cli_putstr("\r\npost finalisation");
dump_m(tmp);
#endif
memcpy(dest, tmp+128-outlength_b/8, outlength_b/8);
}
void groestl384_ctx2hash(void* dest, const groestl384_ctx_t* ctx){
groestl_large_ctx2hash(dest, ctx, 384);
}
void groestl512_ctx2hash(void* dest, const groestl512_ctx_t* ctx){
groestl_large_ctx2hash(dest, ctx, 512);
}
void groestl384_nextBlock(groestl384_ctx_t* ctx, const void* block){
groestl_large_nextBlock(ctx, block);
}
void groestl512_nextBlock(groestl512_ctx_t* ctx, const void* block){
groestl_large_nextBlock(ctx, block);
}
void groestl384_lastBlock(groestl384_ctx_t* ctx, const void* block, uint16_t length_b){
groestl_large_lastBlock(ctx, block, length_b);
}
void groestl512_lastBlock(groestl512_ctx_t* ctx, const void* block, uint16_t length_b){
groestl_large_lastBlock(ctx, block, length_b);
}
void groestl384(void* dest, const void* msg, uint32_t length_b){
groestl_large_ctx_t ctx;
groestl384_init(&ctx);
while(length_b>=GROESTL_LARGE_BLOCKSIZE){
groestl_large_nextBlock(&ctx, msg);
length_b -= GROESTL_LARGE_BLOCKSIZE;
msg = (uint8_t*)msg + GROESTL_LARGE_BLOCKSIZE_B;
}
groestl_large_lastBlock(&ctx, msg, length_b);
groestl_large_ctx2hash(dest, &ctx, 384);
}
void groestl512(void* dest, const void* msg, uint32_t length_b){
groestl_large_ctx_t ctx;
groestl512_init(&ctx);
while(length_b>=GROESTL_LARGE_BLOCKSIZE){
groestl_large_nextBlock(&ctx, msg);
length_b -= GROESTL_LARGE_BLOCKSIZE;
msg = (uint8_t*)msg + GROESTL_LARGE_BLOCKSIZE_B;
}
groestl_large_lastBlock(&ctx, msg, length_b);
groestl_large_ctx2hash(dest, &ctx, 512);
}

65
groestl/groestl_large.h Normal file
View File

@ -0,0 +1,65 @@
/* groestl_large.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file groestl_large.h
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-19
* \license GPLv3 or later
*
*/
#ifndef GROESTL_LARGE_H_
#define GROESTL_LARGE_H_
#include <stdint.h>
#define GROESTL_LARGE_BLOCKSIZE 1024
#define GROESTL_LARGE_BLOCKSIZE_B ((GROESTL_LARGE_BLOCKSIZE+7)/8)
#define GROESTL384_BLOCKSIZE GROESTL_LARGE_BLOCKSIZE
#define GROESTL384_BLOCKSIZE_B GROESTL_LARGE_BLOCKSIZE_B
#define GROESTL512_BLOCKSIZE GROESTL_LARGE_BLOCKSIZE
#define GROESTL512_BLOCKSIZE_B GROESTL_LARGE_BLOCKSIZE_B
typedef struct {
uint8_t h[8*16];
uint32_t counter;
} groestl_large_ctx_t;
typedef groestl_large_ctx_t groestl384_ctx_t;
typedef groestl_large_ctx_t groestl512_ctx_t;
void groestl384_init(groestl384_ctx_t* ctx);
void groestl512_init(groestl512_ctx_t* ctx);
void groestl_large_nextBlock(groestl_large_ctx_t* ctx, const void* block);
void groestl_large_lastBlock(groestl_large_ctx_t* ctx, const void* block, uint16_t length_b);
void groestl384_nextBlock(groestl384_ctx_t* ctx, const void* block);
void groestl384_lastBlock(groestl384_ctx_t* ctx, const void* block, uint16_t length_b);
void groestl512_nextBlock(groestl512_ctx_t* ctx, const void* block);
void groestl512_lastBlock(groestl512_ctx_t* ctx, const void* block, uint16_t length_b);
void groestl384_ctx2hash(void* dest, const groestl384_ctx_t* ctx);
void groestl512_ctx2hash(void* dest, const groestl512_ctx_t* ctx);
void groestl384(void* dest, const void* msg, uint32_t length_b);
void groestl512(void* dest, const void* msg, uint32_t length_b);
#endif /* GROESTL_GROESTL_H_ */

233
groestl/groestl_small.c Normal file
View File

@ -0,0 +1,233 @@
/* groestl_small.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file groestl_small.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-19
* \license GPLv3 or later
*
*/
#include "groestl_small.h"
#include "aes_sbox.h"
#include "gf256mul.h"
#include "memxor.h"
#include <stdint.h>
#include <string.h>
#define ROUNDS 10
#define POLYNOM 0x1b
#define DEBUG 0
#if DEBUG
#include "cli.h"
void dump_m(const uint8_t* m){
uint8_t i,j;
for(i=0; i<8; ++i){
cli_putstr("\r\n");
for(j=0; j<8; ++j){
cli_putc(' ');
cli_hexdump(m+8*i+j, 1);
}
}
}
#else
#define dump_m(m)
#endif
static const uint8_t matrix[] = {
2, 2, 3, 4, 5, 3, 5, 7,
7, 2, 2, 3, 4, 5, 3, 5,
5, 7, 2, 2, 3, 4, 5, 3,
3, 5, 7, 2, 2, 3, 4, 5,
5, 3, 5, 7, 2, 2, 3, 4,
4, 5, 3, 5, 7, 2, 2, 3,
3, 4, 5, 3, 5, 7, 2, 2,
2, 3, 4, 5, 3, 5, 7, 2
};
void groestl_small_rounds(uint8_t *m, uint8_t q){
uint8_t r,i,j;
uint8_t tmp[8];
for(r=0; r<ROUNDS; ++r){
if(q){
m[7] ^= 0xff ^ r;
}else{
m[0] ^= r;
}
#if DEBUG
if(r<2){
cli_putstr("\r\npost add-const");
dump_m(m);
}
#endif
for(i=0;i<8*8; ++i){
m[i] = aes_sbox[m[i]];
}
for(i=1; i<8; ++i){
for(j=0; j<8; ++j)
tmp[j] = m[i+8*j];
for(j=0; j<8; ++j){
m[i+((j-i+8)%8)*8] = tmp[j];
}
}
#if DEBUG
if(r<2){
cli_putstr("\r\npost shift-bytes");
dump_m(m);
}
#endif
for(i=0; i<8; ++i){
memcpy(tmp, m+8*i, 8);
for(j=0; j<8; ++j){
m[j+i*8] = gf256mul(matrix[8*j+0],tmp[0], POLYNOM)
^ gf256mul(matrix[8*j+1],tmp[1], POLYNOM)
^ gf256mul(matrix[8*j+2],tmp[2], POLYNOM)
^ gf256mul(matrix[8*j+3],tmp[3], POLYNOM)
^ gf256mul(matrix[8*j+4],tmp[4], POLYNOM)
^ gf256mul(matrix[8*j+5],tmp[5], POLYNOM)
^ gf256mul(matrix[8*j+6],tmp[6], POLYNOM)
^ gf256mul(matrix[8*j+7],tmp[7], POLYNOM);
}
}
#if DEBUG
if(r<2){
cli_putstr("\r\npost mix-bytes");
dump_m(m);
}
#endif
}
}
void groestl224_init(groestl224_ctx_t* ctx){
memset(ctx->h, 0, 8*8);
ctx->h[8*8-1] = 224;
ctx->counter = 1;
}
void groestl256_init(groestl256_ctx_t* ctx){
memset(ctx->h, 0, 8*8);
ctx->h[8*8-2] = 1;
ctx->counter = 1;
}
void groestl_small_nextBlock(groestl_small_ctx_t* ctx, const void* block){
uint8_t tmp1[64], tmp2[64];
/* for(i=0; i<8; ++i){
for(j=0; j<8; ++j){
tmp1[j*8+i] = ((uint8_t*)block)[i*8+j];
}
}
*/
memcpy(tmp1, block, 64);
memcpy(tmp2, tmp1, 64);
memxor(tmp1, ctx->h, 64);
groestl_small_rounds(tmp1, 0);
groestl_small_rounds(tmp2, 1);
memxor(ctx->h, tmp1, 64);
memxor(ctx->h, tmp2, 64);
ctx->counter++;
}
void groestl_small_lastBlock(groestl_small_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[64];
while(length_b>=GROESTL_SMALL_BLOCKSIZE){
groestl_small_nextBlock(ctx, block);
length_b -= GROESTL_SMALL_BLOCKSIZE;
block = (uint8_t*)block + GROESTL_SMALL_BLOCKSIZE_B;
}
memset(buffer, 0, 64);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b/8] |= 0x80>>(length_b&0x7);
if(length_b>512-65){
groestl_small_nextBlock(ctx, buffer);
memset(buffer, 0, 64-4);
}
// ctx->counter++;
buffer[64-1] = (uint8_t)(ctx->counter);
buffer[64-2] = (uint8_t)((ctx->counter)>>8);
buffer[64-3] = (uint8_t)((ctx->counter)>>16);
buffer[64-4] = (uint8_t)((ctx->counter)>>24);
groestl_small_nextBlock(ctx, buffer);
}
void groestl_small_ctx2hash(void* dest, const groestl_small_ctx_t* ctx, uint16_t outlength_b){
uint8_t tmp[64];
memcpy(tmp, ctx->h, 64);
groestl_small_rounds(tmp, 0);
memxor(tmp, ctx->h, 64);
#if DEBUG
cli_putstr("\r\npost finalisation");
dump_m(tmp);
#endif
memcpy(dest, tmp+64-outlength_b/8, outlength_b/8);
}
void groestl224_ctx2hash(void* dest, const groestl224_ctx_t* ctx){
groestl_small_ctx2hash(dest, ctx, 224);
}
void groestl256_ctx2hash(void* dest, const groestl256_ctx_t* ctx){
groestl_small_ctx2hash(dest, ctx, 256);
}
void groestl224_nextBlock(groestl224_ctx_t* ctx, const void* block){
groestl_small_nextBlock(ctx, block);
}
void groestl256_nextBlock(groestl256_ctx_t* ctx, const void* block){
groestl_small_nextBlock(ctx, block);
}
void groestl224_lastBlock(groestl224_ctx_t* ctx, const void* block, uint16_t length_b){
groestl_small_lastBlock(ctx, block, length_b);
}
void groestl256_lastBlock(groestl256_ctx_t* ctx, const void* block, uint16_t length_b){
groestl_small_lastBlock(ctx, block, length_b);
}
void groestl224(void* dest, const void* msg, uint32_t length_b){
groestl_small_ctx_t ctx;
groestl224_init(&ctx);
while(length_b>=GROESTL_SMALL_BLOCKSIZE){
groestl_small_nextBlock(&ctx, msg);
length_b -= GROESTL_SMALL_BLOCKSIZE;
msg = (uint8_t*)msg + GROESTL_SMALL_BLOCKSIZE_B;
}
groestl_small_lastBlock(&ctx, msg, length_b);
groestl_small_ctx2hash(dest, &ctx, 224);
}
void groestl256(void* dest, const void* msg, uint32_t length_b){
groestl_small_ctx_t ctx;
groestl256_init(&ctx);
while(length_b>=GROESTL_SMALL_BLOCKSIZE){
groestl_small_nextBlock(&ctx, msg);
length_b -= GROESTL_SMALL_BLOCKSIZE;
msg = (uint8_t*)msg + GROESTL_SMALL_BLOCKSIZE_B;
}
groestl_small_lastBlock(&ctx, msg, length_b);
groestl_small_ctx2hash(dest, &ctx, 256);
}

65
groestl/groestl_small.h Normal file
View File

@ -0,0 +1,65 @@
/* groestl_small.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \file groestl_small.h
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2009-05-19
* \license GPLv3 or later
*
*/
#ifndef GROESTL_SMALL_H_
#define GROESTL_SMALL_H_
#include <stdint.h>
#define GROESTL_SMALL_BLOCKSIZE 512
#define GROESTL_SMALL_BLOCKSIZE_B ((GROESTL_SMALL_BLOCKSIZE+7)/8)
#define GROESTL224_BLOCKSIZE GROESTL_SMALL_BLOCKSIZE
#define GROESTL224_BLOCKSIZE_B GROESTL_SMALL_BLOCKSIZE_B
#define GROESTL256_BLOCKSIZE GROESTL_SMALL_BLOCKSIZE
#define GROESTL256_BLOCKSIZE_B GROESTL_SMALL_BLOCKSIZE_B
typedef struct {
uint8_t h[8*8];
uint32_t counter;
} groestl_small_ctx_t;
typedef groestl_small_ctx_t groestl224_ctx_t;
typedef groestl_small_ctx_t groestl256_ctx_t;
void groestl224_init(groestl224_ctx_t* ctx);
void groestl256_init(groestl256_ctx_t* ctx);
void groestl_small_nextBlock(groestl_small_ctx_t* ctx, const void* block);
void groestl_small_lastBlock(groestl_small_ctx_t* ctx, const void* block, uint16_t length_b);
void groestl224_nextBlock(groestl224_ctx_t* ctx, const void* block);
void groestl224_lastBlock(groestl224_ctx_t* ctx, const void* block, uint16_t length_b);
void groestl256_nextBlock(groestl256_ctx_t* ctx, const void* block);
void groestl256_lastBlock(groestl256_ctx_t* ctx, const void* block, uint16_t length_b);
void groestl224_ctx2hash(void* dest, const groestl224_ctx_t* ctx);
void groestl256_ctx2hash(void* dest, const groestl256_ctx_t* ctx);
void groestl224(void* dest, const void* msg, uint32_t length_b);
void groestl256(void* dest, const void* msg, uint32_t length_b);
#endif /* GROESTL_GROESTL_H_ */

12
groestl/memxor.c Normal file
View File

@ -0,0 +1,12 @@
#include <stdint.h>
#include "memxor.h"
void memxor(void* dest, const void* src, uint16_t n){
while(n--){
*((uint8_t*)dest) ^= *((uint8_t*)src);
dest = (uint8_t*)dest +1;
src = (uint8_t*)src +1;
}
}

7
groestl/memxor.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef MEMXOR_H_
#define MEMXOR_H_
#include <stdint.h>
void memxor(void* dest, const void* src, uint16_t n);
#endif

80
hfal-basic.c Normal file
View File

@ -0,0 +1,80 @@
/* hfal-basic.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "hashfunction_descriptor.h"
#include "hfal-basic.h"
#include <stdlib.h>
uint8_t hfal_hash_init(const hfdesc_t* hash_descriptor, hfgen_ctx_t* ctx){
ctx->desc_ptr = (hfdesc_t*)hash_descriptor;
if(!(ctx->ctx=malloc(hash_descriptor->ctxsize_B)))
return 3;
hash_descriptor->init(ctx->ctx);
return 0;
}
void hfal_hash_nextBlock(hfgen_ctx_t* ctx, const void* block){
ctx->desc_ptr->nextBlock(ctx->ctx, block);
}
void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b){
ctx->desc_ptr->lastBlock(ctx->ctx, block, length_b);
}
void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx){
ctx->desc_ptr->ctx2hash(dest, ctx->ctx);
}
void hfal_hash_free(hfgen_ctx_t* ctx){
hf_free_fpt f;
f = ctx->desc_ptr->free;
if(f)
f(ctx->ctx);
free(ctx->ctx);
}
void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b){
void_fpt f;
f = (void_fpt)(hash_descriptor->mem);
if(f){
((hf_mem_fpt)f)(dest, msg, length_b);
}else{
uint16_t bs,bsb;
uint8_t ctx[hash_descriptor->ctxsize_B];
hash_descriptor->init(ctx);
bs = hash_descriptor->blocksize_b;
bsb=bs/8;
f=(void_fpt)(hash_descriptor->nextBlock);
while(length_b>bs){
((hf_nextBlock_fpt)f)(ctx, msg);
length_b -= bs;
msg = (uint8_t*)msg + bsb;
}
hash_descriptor->lastBlock(ctx, msg, length_b);
hash_descriptor->ctx2hash(dest, ctx);
}
}
uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor){
return hash_descriptor->blocksize_b;
}
uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor){
return hash_descriptor->hashsize_b;
}

34
hfal-basic.h Normal file
View File

@ -0,0 +1,34 @@
/* hfal-basic.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef HFAL_BASIC_H_
#define HFAL_BASIC_H_
#include "hashfunction_descriptor.h"
uint8_t hfal_hash_init(const hfdesc_t* hash_descriptor, hfgen_ctx_t* ctx);
void hfal_hash_nextBlock(hfgen_ctx_t* ctx, const void* block);
void hfal_hash_lastBlock(hfgen_ctx_t* ctx, const void* block, uint16_t length_b);
void hfal_hash_ctx2hash(void* dest, hfgen_ctx_t* ctx);
void hfal_hash_free(hfgen_ctx_t* ctx);
void hfal_hash_mem(const hfdesc_t* hash_descriptor, void* dest, const void* msg, uint32_t length_b);
uint16_t hfal_hash_getBlocksize(const hfdesc_t* hash_descriptor);
uint16_t hfal_hash_getHashsize(const hfdesc_t* hash_descriptor);
#endif /* HFAL_BASIC_H_ */

66
hfal_blake_large.c Normal file
View File

@ -0,0 +1,66 @@
/* hfal_blake_large.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_blake_large.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-05-08
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "blake_large.h"
static const char blake48_str[] = "Blake-48";
static const char blake64_str[] = "Blake-64";
const hfdesc_t blake48_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
blake48_str,
sizeof(blake48_ctx_t),
BLAKE48_BLOCKSIZE,
384,
(hf_init_fpt)blake48_init,
(hf_nextBlock_fpt)blake_large_nextBlock,
(hf_lastBlock_fpt)blake_large_lastBlock,
(hf_ctx2hash_fpt)blake48_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)blake48
};
const hfdesc_t blake64_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
blake64_str,
sizeof(blake64_ctx_t),
BLAKE64_BLOCKSIZE,
512,
(hf_init_fpt)blake64_init,
(hf_nextBlock_fpt)blake_large_nextBlock,
(hf_lastBlock_fpt)blake_large_lastBlock,
(hf_ctx2hash_fpt)blake64_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)blake64
};

36
hfal_blake_large.h Normal file
View File

@ -0,0 +1,36 @@
/* hfal_blake_large.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_blake_large.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-05-08
* \license GPLv3 or later
*
*/
#ifndef HFAL_BLAKE_LARGE_H_
#define HFAL_BLAKE_LARGE_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t blake48_desc;
extern const hfdesc_t blake64_desc;
#endif /* HFAL_BLAKE_LARGE_H_ */

66
hfal_blake_small.c Normal file
View File

@ -0,0 +1,66 @@
/* hfal_blake_small.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_blake_small.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-05-05
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "blake_small.h"
static const char blake28_str[] = "Blake-28";
static const char blake32_str[] = "Blake-32";
const hfdesc_t blake28_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
blake28_str,
sizeof(blake28_ctx_t),
BLAKE28_BLOCKSIZE,
224,
(hf_init_fpt)blake28_init,
(hf_nextBlock_fpt)blake_small_nextBlock,
(hf_lastBlock_fpt)blake_small_lastBlock,
(hf_ctx2hash_fpt)blake28_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)blake28
};
const hfdesc_t blake32_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
blake32_str,
sizeof(blake32_ctx_t),
BLAKE32_BLOCKSIZE,
256,
(hf_init_fpt)blake32_init,
(hf_nextBlock_fpt)blake_small_nextBlock,
(hf_lastBlock_fpt)blake_small_lastBlock,
(hf_ctx2hash_fpt)blake32_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)blake32
};

36
hfal_blake_small.h Normal file
View File

@ -0,0 +1,36 @@
/* hfal_blake_small.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_blake_small.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-05-05
* \license GPLv3 or later
*
*/
#ifndef HFAL_BLAKE_SMALL_H_
#define HFAL_BLAKE_SMALL_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t blake28_desc;
extern const hfdesc_t blake32_desc;
#endif /* HFAL_BLAKE_SMALL_H_ */

66
hfal_bmw_large.c Normal file
View File

@ -0,0 +1,66 @@
/* hfal_bmw_large.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_bmw_large.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-04-28
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "bmw_large.h"
static const char bmw384_str[] = "BlueMidnightWish-384";
static const char bmw512_str[] = "BlueMidnightWish-512";
const hfdesc_t bmw384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
bmw384_str,
sizeof(bmw384_ctx_t),
BMW384_BLOCKSIZE,
384,
(hf_init_fpt)bmw384_init,
(hf_nextBlock_fpt)bmw384_nextBlock,
(hf_lastBlock_fpt)bmw384_lastBlock,
(hf_ctx2hash_fpt)bmw384_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)bmw384
};
const hfdesc_t bmw512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
bmw512_str,
sizeof(bmw512_ctx_t),
BMW512_BLOCKSIZE,
512,
(hf_init_fpt)bmw512_init,
(hf_nextBlock_fpt)bmw512_nextBlock,
(hf_lastBlock_fpt)bmw512_lastBlock,
(hf_ctx2hash_fpt)bmw512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)bmw512
};

36
hfal_bmw_large.h Normal file
View File

@ -0,0 +1,36 @@
/* hfal_bmw_large.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_bmw_large.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-04-28
* \license GPLv3 or later
*
*/
#ifndef HFAL_BMW_LARGE_H_
#define HFAL_BMW_LARGE_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t bmw384_desc;
extern const hfdesc_t bmw512_desc;
#endif /* HFAL_BMW_LARGE_H_ */

66
hfal_bmw_small.c Normal file
View File

@ -0,0 +1,66 @@
/* hfal_bmw_small.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_bmw_small.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-04-28
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "bmw_small.h"
static const char bmw224_str[] = "BlueMidnightWish-224";
static const char bmw256_str[] = "BlueMidnightWish-256";
const hfdesc_t bmw224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
bmw224_str,
sizeof(bmw224_ctx_t),
BMW224_BLOCKSIZE,
224,
(hf_init_fpt)bmw224_init,
(hf_nextBlock_fpt)bmw224_nextBlock,
(hf_lastBlock_fpt)bmw224_lastBlock,
(hf_ctx2hash_fpt)bmw224_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)bmw224
};
const hfdesc_t bmw256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
bmw256_str,
sizeof(bmw256_ctx_t),
BMW256_BLOCKSIZE,
256,
(hf_init_fpt)bmw256_init,
(hf_nextBlock_fpt)bmw256_nextBlock,
(hf_lastBlock_fpt)bmw256_lastBlock,
(hf_ctx2hash_fpt)bmw256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)bmw256
};

36
hfal_bmw_small.h Normal file
View File

@ -0,0 +1,36 @@
/* hfal_bmw_small.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_bmw_small.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-04-28
* \license GPLv3 or later
*
*/
#ifndef HFAL_BMW_SMALL_H_
#define HFAL_BMW_SMALL_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t bmw224_desc;
extern const hfdesc_t bmw256_desc;
#endif /* HFAL_BMW_SMALL_H_ */

98
hfal_cubehash.c Normal file
View File

@ -0,0 +1,98 @@
/* hfal_cubehash.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_cubehash.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2010-02-09
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "cubehash.h"
static const char cubehash224_str[] = "CubeHash-224";
static const char cubehash256_str[] = "CubeHash-256";
static const char cubehash384_str[] = "CubeHash-384";
static const char cubehash512_str[] = "CubeHash-512";
const hfdesc_t cubehash224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
cubehash224_str,
sizeof(cubehash_ctx_t),
CUBEHASH224_BLOCKSIZE,
224,
(hf_init_fpt)cubehash224_init,
(hf_nextBlock_fpt)cubehash_nextBlock,
(hf_lastBlock_fpt)cubehash_lastBlock,
(hf_ctx2hash_fpt)cubehash224_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t cubehash256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
cubehash256_str,
sizeof(cubehash_ctx_t),
CUBEHASH256_BLOCKSIZE,
256,
(hf_init_fpt)cubehash256_init,
(hf_nextBlock_fpt)cubehash_nextBlock,
(hf_lastBlock_fpt)cubehash_lastBlock,
(hf_ctx2hash_fpt)cubehash256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t cubehash384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
cubehash384_str,
sizeof(cubehash_ctx_t),
CUBEHASH384_BLOCKSIZE,
384,
(hf_init_fpt)cubehash384_init,
(hf_nextBlock_fpt)cubehash_nextBlock,
(hf_lastBlock_fpt)cubehash_lastBlock,
(hf_ctx2hash_fpt)cubehash384_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t cubehash512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
cubehash512_str,
sizeof(cubehash_ctx_t),
CUBEHASH512_BLOCKSIZE,
512,
(hf_init_fpt)cubehash512_init,
(hf_nextBlock_fpt)cubehash_nextBlock,
(hf_lastBlock_fpt)cubehash_lastBlock,
(hf_ctx2hash_fpt)cubehash512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};

31
hfal_cubehash.h Normal file
View File

@ -0,0 +1,31 @@
/* hfal_cubehash.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef HFAL_CUBEHASH_H_
#define HFAL_CUBEHASH_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t cubehash224_desc;
extern const hfdesc_t cubehash256_desc;
extern const hfdesc_t cubehash384_desc;
extern const hfdesc_t cubehash512_desc;
#endif /* HFAL_CUBEHASH_H_ */

98
hfal_echo.c Normal file
View File

@ -0,0 +1,98 @@
/* hfal_echo.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_echo.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2010-02-21
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "echo.h"
static const char echo224_str[] = "ECHO-224";
static const char echo256_str[] = "ECHO-256";
static const char echo384_str[] = "ECHO-384";
static const char echo512_str[] = "ECHO-512";
const hfdesc_t echo224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
echo224_str,
sizeof(echo_small_ctx_t),
ECHO224_BLOCKSIZE,
224,
(hf_init_fpt)echo224_init,
(hf_nextBlock_fpt)echo_small_nextBlock,
(hf_lastBlock_fpt)echo_small_lastBlock,
(hf_ctx2hash_fpt)echo224_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t echo256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
echo256_str,
sizeof(echo_small_ctx_t),
ECHO256_BLOCKSIZE,
256,
(hf_init_fpt)echo256_init,
(hf_nextBlock_fpt)echo_small_nextBlock,
(hf_lastBlock_fpt)echo_small_lastBlock,
(hf_ctx2hash_fpt)echo256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t echo384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
echo384_str,
sizeof(echo_large_ctx_t),
ECHO384_BLOCKSIZE,
384,
(hf_init_fpt)echo384_init,
(hf_nextBlock_fpt)echo_large_nextBlock,
(hf_lastBlock_fpt)echo_large_lastBlock,
(hf_ctx2hash_fpt)echo384_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t echo512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
echo512_str,
sizeof(echo_large_ctx_t),
ECHO512_BLOCKSIZE,
512,
(hf_init_fpt)echo512_init,
(hf_nextBlock_fpt)echo_large_nextBlock,
(hf_lastBlock_fpt)echo_large_lastBlock,
(hf_ctx2hash_fpt)echo512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};

30
hfal_echo.h Normal file
View File

@ -0,0 +1,30 @@
/* hfal_echo.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef HFAL_ECHO_H_
#define HFAL_ECHO_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t echo224_desc;
extern const hfdesc_t echo256_desc;
extern const hfdesc_t echo384_desc;
extern const hfdesc_t echo512_desc;
#endif /* HFAL_ECHO_H_ */

67
hfal_groestl_large.c Normal file
View File

@ -0,0 +1,67 @@
/* hfal_groestl_large.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_groestl_large.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-05-05
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "groestl_large.h"
#include "groestl_small.h"
static const char groestl384_str[] = "Groestl-384";
static const char groestl512_str[] = "Groestl-512";
const hfdesc_t groestl384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
groestl384_str,
sizeof(groestl384_ctx_t),
GROESTL384_BLOCKSIZE,
384,
(hf_init_fpt)groestl384_init,
(hf_nextBlock_fpt)groestl_large_nextBlock,
(hf_lastBlock_fpt)groestl_large_lastBlock,
(hf_ctx2hash_fpt)groestl384_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)groestl384
};
const hfdesc_t groestl512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
groestl512_str,
sizeof(groestl512_ctx_t),
GROESTL512_BLOCKSIZE,
512,
(hf_init_fpt)groestl512_init,
(hf_nextBlock_fpt)groestl_large_nextBlock,
(hf_lastBlock_fpt)groestl_large_lastBlock,
(hf_ctx2hash_fpt)groestl512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)groestl512
};

37
hfal_groestl_large.h Normal file
View File

@ -0,0 +1,37 @@
/* hfal_groestl_large.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_groestl_large.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-06-11
* \license GPLv3 or later
*
*/
#ifndef HFAL_GROESTL_LARGE_H_
#define HFAL_GROESTL_LARGE_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t groestl384_desc;
extern const hfdesc_t groestl512_desc;
#endif /* HFAL_GROESTL_LARGE_H_ */

67
hfal_groestl_small.c Normal file
View File

@ -0,0 +1,67 @@
/* hfal_groestl_small.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_groestl_small.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-05-05
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "groestl_small.h"
static const char groestl224_str[] = "Groestl-224";
static const char groestl256_str[] = "Groestl-256";
const hfdesc_t groestl224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
groestl224_str,
sizeof(groestl224_ctx_t),
GROESTL224_BLOCKSIZE,
224,
(hf_init_fpt)groestl224_init,
(hf_nextBlock_fpt)groestl_small_nextBlock,
(hf_lastBlock_fpt)groestl_small_lastBlock,
(hf_ctx2hash_fpt)groestl224_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)groestl224
};
const hfdesc_t groestl256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
groestl256_str,
sizeof(groestl256_ctx_t),
GROESTL256_BLOCKSIZE,
256,
(hf_init_fpt)groestl256_init,
(hf_nextBlock_fpt)groestl_small_nextBlock,
(hf_lastBlock_fpt)groestl_small_lastBlock,
(hf_ctx2hash_fpt)groestl256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)groestl256
};

37
hfal_groestl_small.h Normal file
View File

@ -0,0 +1,37 @@
/* hfal_groestl_small.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_groestl_small.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-05-05
* \license GPLv3 or later
*
*/
#ifndef HFAL_GROESTL_SMALL_H_
#define HFAL_GROESTL_SMALL_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t groestl224_desc;
extern const hfdesc_t groestl256_desc;
#endif /* HFAL_GROESTL_SMALL_H_ */

99
hfal_keccak.c Normal file
View File

@ -0,0 +1,99 @@
/* hfal_keccak.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_keccak.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2010-02-09
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "keccak.h"
static const char keccak224_str[] = "Keccak-224";
static const char keccak256_str[] = "Keccak-256";
static const char keccak384_str[] = "Keccak-384";
static const char keccak512_str[] = "Keccak-512";
const hfdesc_t keccak224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak224_str,
sizeof(keccak_ctx_t),
KECCAK224_BLOCKSIZE,
224,
(hf_init_fpt)keccak224_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak224_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t keccak256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak256_str,
sizeof(keccak_ctx_t),
KECCAK256_BLOCKSIZE,
256,
(hf_init_fpt)keccak256_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t keccak384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak384_str,
sizeof(keccak_ctx_t),
KECCAK384_BLOCKSIZE,
384,
(hf_init_fpt)keccak384_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak384_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t keccak512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak512_str,
sizeof(keccak_ctx_t),
KECCAK512_BLOCKSIZE,
512,
(hf_init_fpt)keccak512_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};

39
hfal_keccak.h Normal file
View File

@ -0,0 +1,39 @@
/* hfal_keccak.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_keccak.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2010-02-09
* \license GPLv3 or later
*
*/
#ifndef HFAL_KECCAK_H_
#define HFAL_KECCAK_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t keccak224_desc;
extern const hfdesc_t keccak256_desc;
extern const hfdesc_t keccak384_desc;
extern const hfdesc_t keccak512_desc;
#endif /* HFAL_KECCAK_H_ */

49
hfal_md5.c Normal file
View File

@ -0,0 +1,49 @@
/* hfal_md5.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_md5.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-02-09
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "md5.h"
static const char md5_str[] = "MD5";
const hfdesc_t md5_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
md5_str,
sizeof(md5_ctx_t),
512,
128,
(hf_init_fpt)md5_init,
(hf_nextBlock_fpt)md5_nextBlock,
(hf_lastBlock_fpt)md5_lastBlock,
(hf_ctx2hash_fpt)md5_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)md5
};

36
hfal_md5.h Normal file
View File

@ -0,0 +1,36 @@
/* hfal_md5.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_md5.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-02-09
* \license GPLv3 or later
*
*/
#ifndef HFAL_MD5_H_
#define HFAL_MD5_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t md5_desc;
#endif /* HFAL_MD5_H_ */

49
hfal_sha1.c Normal file
View File

@ -0,0 +1,49 @@
/* hfal_sha1.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_sha1.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-02-04
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "sha1.h"
static const char sha1_str[] = "SHA-1";
const hfdesc_t sha1_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
sha1_str,
sizeof(sha1_ctx_t),
512,
160,
(hf_init_fpt)sha1_init,
(hf_nextBlock_fpt)sha1_nextBlock,
(hf_lastBlock_fpt)sha1_lastBlock,
(hf_ctx2hash_fpt)sha1_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)sha1
};

36
hfal_sha1.h Normal file
View File

@ -0,0 +1,36 @@
/* hfal_sha1.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_sha1.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-02-04
* \license GPLv3 or later
*
*/
#ifndef HFAL_SHA1_H_
#define HFAL_SHA1_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t sha1_desc;
#endif /* HFAL_SHA1_H_ */

49
hfal_sha256.c Normal file
View File

@ -0,0 +1,49 @@
/* hfal_sha256.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_sha256.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-02-04
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "sha256.h"
static const char sha256_str[] = "SHA-256";
const hfdesc_t sha256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
sha256_str,
sizeof(sha256_ctx_t),
512,
256,
(hf_init_fpt)sha256_init,
(hf_nextBlock_fpt)sha256_nextBlock,
(hf_lastBlock_fpt)sha256_lastBlock,
(hf_ctx2hash_fpt)sha256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)sha256
};

36
hfal_sha256.h Normal file
View File

@ -0,0 +1,36 @@
/* hfal_sha256.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_sha256.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-02-04
* \license GPLv3 or later
*
*/
#ifndef HFAL_SHA256_H_
#define HFAL_SHA256_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t sha256_desc;
#endif /* HFAL_SHA256_H_ */

113
hfal_shabal.c Normal file
View File

@ -0,0 +1,113 @@
/* hfal_shabal.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_shabal.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-04-20
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "shabal.h"
static const char shabal192_str[] = "Shabal-192";
static const char shabal224_str[] = "Shabal-224";
static const char shabal256_str[] = "Shabal-256";
static const char shabal384_str[] = "Shabal-384";
static const char shabal512_str[] = "Shabal-512";
const hfdesc_t shabal192_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
shabal192_str,
sizeof(shabal_ctx_t),
SHABAL_BLOCKSIZE,
192,
(hf_init_fpt)shabal192_init,
(hf_nextBlock_fpt)shabal_nextBlock,
(hf_lastBlock_fpt)shabal_lastBlock,
(hf_ctx2hash_fpt)shabal192_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)shabal192
};
const hfdesc_t shabal224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
shabal224_str,
sizeof(shabal_ctx_t),
SHABAL_BLOCKSIZE,
224,
(hf_init_fpt)shabal224_init,
(hf_nextBlock_fpt)shabal_nextBlock,
(hf_lastBlock_fpt)shabal_lastBlock,
(hf_ctx2hash_fpt)shabal224_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)shabal224
};
const hfdesc_t shabal256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
shabal256_str,
sizeof(shabal_ctx_t),
SHABAL_BLOCKSIZE,
256,
(hf_init_fpt)shabal256_init,
(hf_nextBlock_fpt)shabal_nextBlock,
(hf_lastBlock_fpt)shabal_lastBlock,
(hf_ctx2hash_fpt)shabal256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)shabal256
};
const hfdesc_t shabal384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
shabal384_str,
sizeof(shabal_ctx_t),
SHABAL_BLOCKSIZE,
384,
(hf_init_fpt)shabal384_init,
(hf_nextBlock_fpt)shabal_nextBlock,
(hf_lastBlock_fpt)shabal_lastBlock,
(hf_ctx2hash_fpt)shabal384_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)shabal384
};
const hfdesc_t shabal512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
shabal512_str,
sizeof(shabal_ctx_t),
SHABAL_BLOCKSIZE,
512,
(hf_init_fpt)shabal512_init,
(hf_nextBlock_fpt)shabal_nextBlock,
(hf_lastBlock_fpt)shabal_lastBlock,
(hf_ctx2hash_fpt)shabal512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)shabal512
};

40
hfal_shabal.h Normal file
View File

@ -0,0 +1,40 @@
/* hfal_shabal.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_shabal.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-04-20
* \license GPLv3 or later
*
*/
#ifndef HFAL_SHABAL_H_
#define HFAL_SHABAL_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t shabal192_desc;
extern const hfdesc_t shabal224_desc;
extern const hfdesc_t shabal256_desc;
extern const hfdesc_t shabal384_desc;
extern const hfdesc_t shabal512_desc;
#endif /* HFAL_SHABAL_H_ */

162
hfal_skein1024.c Normal file
View File

@ -0,0 +1,162 @@
/* hfal_skein1024.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_skein1024.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-03-13
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "skein.h"
static const char skein1024_128_str[] = "Skein-1024-128";
static const char skein1024_160_str[] = "Skein-1024-160";
static const char skein1024_224_str[] = "Skein-1024-224";
static const char skein1024_256_str[] = "Skein-1024-256";
static const char skein1024_384_str[] = "Skein-1024-384";
static const char skein1024_512_str[] = "Skein-1024-512";
static const char skein1024_1024_str[] = "Skein-1024-1024";
void skein1024_128_init(skein1024_ctx_t* ctx){
skein1024_init(ctx, 128);
}
void skein1024_160_init(skein1024_ctx_t* ctx){
skein1024_init(ctx, 160);
}
void skein1024_224_init(skein1024_ctx_t* ctx){
skein1024_init(ctx, 224);
}
void skein1024_256_init(skein1024_ctx_t* ctx){
skein1024_init(ctx, 256);
}
void skein1024_384_init(skein1024_ctx_t* ctx){
skein1024_init(ctx, 384);
}
void skein1024_512_init(skein1024_ctx_t* ctx){
skein1024_init(ctx, 512);
}
void skein1024_1024_init(skein1024_ctx_t* ctx){
skein1024_init(ctx, 1024);
}
const hfdesc_t skein1024_128_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein1024_128_str,
sizeof(skein1024_ctx_t),
SKEIN1024_BLOCKSIZE,
128,
(hf_init_fpt)skein1024_128_init,
(hf_nextBlock_fpt)skein1024_nextBlock,
(hf_lastBlock_fpt)skein1024_lastBlock,
(hf_ctx2hash_fpt)skein1024_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein1024_160_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein1024_160_str,
sizeof(skein1024_ctx_t),
SKEIN1024_BLOCKSIZE,
160,
(hf_init_fpt)skein1024_160_init,
(hf_nextBlock_fpt)skein1024_nextBlock,
(hf_lastBlock_fpt)skein1024_lastBlock,
(hf_ctx2hash_fpt)skein1024_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein1024_224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein1024_224_str,
sizeof(skein1024_ctx_t),
SKEIN1024_BLOCKSIZE,
224,
(hf_init_fpt)skein1024_224_init,
(hf_nextBlock_fpt)skein1024_nextBlock,
(hf_lastBlock_fpt)skein1024_lastBlock,
(hf_ctx2hash_fpt)skein1024_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein1024_256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein1024_256_str,
sizeof(skein1024_ctx_t),
SKEIN1024_BLOCKSIZE,
256,
(hf_init_fpt)skein1024_256_init,
(hf_nextBlock_fpt)skein1024_nextBlock,
(hf_lastBlock_fpt)skein1024_lastBlock,
(hf_ctx2hash_fpt)skein1024_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein1024_384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein1024_384_str,
sizeof(skein1024_ctx_t),
SKEIN1024_BLOCKSIZE,
384,
(hf_init_fpt)skein1024_384_init,
(hf_nextBlock_fpt)skein1024_nextBlock,
(hf_lastBlock_fpt)skein1024_lastBlock,
(hf_ctx2hash_fpt)skein1024_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein1024_512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein1024_512_str,
sizeof(skein1024_ctx_t),
SKEIN1024_BLOCKSIZE,
512,
(hf_init_fpt)skein1024_512_init,
(hf_nextBlock_fpt)skein1024_nextBlock,
(hf_lastBlock_fpt)skein1024_lastBlock,
(hf_ctx2hash_fpt)skein1024_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein1024_1024_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein1024_1024_str,
sizeof(skein1024_ctx_t),
SKEIN1024_BLOCKSIZE,
1024,
(hf_init_fpt)skein1024_1024_init,
(hf_nextBlock_fpt)skein1024_nextBlock,
(hf_lastBlock_fpt)skein1024_lastBlock,
(hf_ctx2hash_fpt)skein1024_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};

42
hfal_skein1024.h Normal file
View File

@ -0,0 +1,42 @@
/* hfal_skein1024.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_skein1024.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-03-13
* \license GPLv3 or later
*
*/
#ifndef HFAL_SKEIN1024_H_
#define HFAL_SKEIN1024_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t skein1024_128_desc;
extern const hfdesc_t skein1024_160_desc;
extern const hfdesc_t skein1024_224_desc;
extern const hfdesc_t skein1024_256_desc;
extern const hfdesc_t skein1024_384_desc;
extern const hfdesc_t skein1024_512_desc;
extern const hfdesc_t skein1024_1024_desc;
#endif /* HFAL_SHA1024_H_ */

143
hfal_skein256.c Normal file
View File

@ -0,0 +1,143 @@
/* hfal_skein256.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_skein256.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-03-13
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "skein.h"
static const char skein256_128_str[] = "Skein-256-128";
static const char skein256_160_str[] = "Skein-256-160";
static const char skein256_224_str[] = "Skein-256-224";
static const char skein256_256_str[] = "Skein-256-256";
static const char skein256_384_str[] = "Skein-256-384";
static const char skein256_512_str[] = "Skein-256-512";
void skein256_128_init(skein256_ctx_t* ctx){
skein256_init(ctx, 128);
}
void skein256_160_init(skein256_ctx_t* ctx){
skein256_init(ctx, 160);
}
void skein256_224_init(skein256_ctx_t* ctx){
skein256_init(ctx, 224);
}
void skein256_256_init(skein256_ctx_t* ctx){
skein256_init(ctx, 256);
}
void skein256_384_init(skein256_ctx_t* ctx){
skein256_init(ctx, 384);
}
void skein256_512_init(skein256_ctx_t* ctx){
skein256_init(ctx, 512);
}
const hfdesc_t skein256_128_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein256_128_str,
sizeof(skein256_ctx_t),
SKEIN256_BLOCKSIZE,
128,
(hf_init_fpt)skein256_128_init,
(hf_nextBlock_fpt)skein256_nextBlock,
(hf_lastBlock_fpt)skein256_lastBlock,
(hf_ctx2hash_fpt)skein256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein256_160_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein256_160_str,
sizeof(skein256_ctx_t),
SKEIN256_BLOCKSIZE,
160,
(hf_init_fpt)skein256_160_init,
(hf_nextBlock_fpt)skein256_nextBlock,
(hf_lastBlock_fpt)skein256_lastBlock,
(hf_ctx2hash_fpt)skein256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein256_224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein256_224_str,
sizeof(skein256_ctx_t),
SKEIN256_BLOCKSIZE,
224,
(hf_init_fpt)skein256_224_init,
(hf_nextBlock_fpt)skein256_nextBlock,
(hf_lastBlock_fpt)skein256_lastBlock,
(hf_ctx2hash_fpt)skein256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein256_256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein256_256_str,
sizeof(skein256_ctx_t),
SKEIN256_BLOCKSIZE,
256,
(hf_init_fpt)skein256_256_init,
(hf_nextBlock_fpt)skein256_nextBlock,
(hf_lastBlock_fpt)skein256_lastBlock,
(hf_ctx2hash_fpt)skein256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein256_384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein256_384_str,
sizeof(skein256_ctx_t),
SKEIN256_BLOCKSIZE,
384,
(hf_init_fpt)skein256_384_init,
(hf_nextBlock_fpt)skein256_nextBlock,
(hf_lastBlock_fpt)skein256_lastBlock,
(hf_ctx2hash_fpt)skein256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein256_512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein256_512_str,
sizeof(skein256_ctx_t),
SKEIN256_BLOCKSIZE,
512,
(hf_init_fpt)skein256_512_init,
(hf_nextBlock_fpt)skein256_nextBlock,
(hf_lastBlock_fpt)skein256_lastBlock,
(hf_ctx2hash_fpt)skein256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};

41
hfal_skein256.h Normal file
View File

@ -0,0 +1,41 @@
/* hfal_skein256.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_skein256.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-03-13
* \license GPLv3 or later
*
*/
#ifndef HFAL_SKEIN256_H_
#define HFAL_SKEIN256_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t skein256_128_desc;
extern const hfdesc_t skein256_160_desc;
extern const hfdesc_t skein256_224_desc;
extern const hfdesc_t skein256_256_desc;
extern const hfdesc_t skein256_384_desc;
extern const hfdesc_t skein256_512_desc;
#endif /* HFAL_SKEIN256_H_ */

162
hfal_skein512.c Normal file
View File

@ -0,0 +1,162 @@
/* hfal_skein512.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_skein512.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-03-13
* \license GPLv3 or later
*
*/
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "skein.h"
static const char skein512_128_str[] = "Skein-512-128";
static const char skein512_160_str[] = "Skein-512-160";
static const char skein512_224_str[] = "Skein-512-224";
static const char skein512_256_str[] = "Skein-512-256";
static const char skein512_384_str[] = "Skein-512-384";
static const char skein512_512_str[] = "Skein-512-512";
static const char skein512_1024_str[] = "Skein-512-1024";
void skein512_128_init(skein512_ctx_t* ctx){
skein512_init(ctx, 128);
}
void skein512_160_init(skein512_ctx_t* ctx){
skein512_init(ctx, 160);
}
void skein512_224_init(skein512_ctx_t* ctx){
skein512_init(ctx, 224);
}
void skein512_256_init(skein512_ctx_t* ctx){
skein512_init(ctx, 256);
}
void skein512_384_init(skein512_ctx_t* ctx){
skein512_init(ctx, 384);
}
void skein512_512_init(skein512_ctx_t* ctx){
skein512_init(ctx, 512);
}
void skein512_1024_init(skein512_ctx_t* ctx){
skein512_init(ctx, 1024);
}
const hfdesc_t skein512_128_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein512_128_str,
sizeof(skein512_ctx_t),
SKEIN512_BLOCKSIZE,
128,
(hf_init_fpt)skein512_128_init,
(hf_nextBlock_fpt)skein512_nextBlock,
(hf_lastBlock_fpt)skein512_lastBlock,
(hf_ctx2hash_fpt)skein512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein512_160_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein512_160_str,
sizeof(skein512_ctx_t),
SKEIN512_BLOCKSIZE,
160,
(hf_init_fpt)skein512_160_init,
(hf_nextBlock_fpt)skein512_nextBlock,
(hf_lastBlock_fpt)skein512_lastBlock,
(hf_ctx2hash_fpt)skein512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein512_224_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein512_224_str,
sizeof(skein512_ctx_t),
SKEIN512_BLOCKSIZE,
224,
(hf_init_fpt)skein512_224_init,
(hf_nextBlock_fpt)skein512_nextBlock,
(hf_lastBlock_fpt)skein512_lastBlock,
(hf_ctx2hash_fpt)skein512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein512_256_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein512_256_str,
sizeof(skein512_ctx_t),
SKEIN512_BLOCKSIZE,
256,
(hf_init_fpt)skein512_256_init,
(hf_nextBlock_fpt)skein512_nextBlock,
(hf_lastBlock_fpt)skein512_lastBlock,
(hf_ctx2hash_fpt)skein512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein512_384_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein512_384_str,
sizeof(skein512_ctx_t),
SKEIN512_BLOCKSIZE,
384,
(hf_init_fpt)skein512_384_init,
(hf_nextBlock_fpt)skein512_nextBlock,
(hf_lastBlock_fpt)skein512_lastBlock,
(hf_ctx2hash_fpt)skein512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein512_512_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein512_512_str,
sizeof(skein512_ctx_t),
SKEIN512_BLOCKSIZE,
512,
(hf_init_fpt)skein512_512_init,
(hf_nextBlock_fpt)skein512_nextBlock,
(hf_lastBlock_fpt)skein512_lastBlock,
(hf_ctx2hash_fpt)skein512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t skein512_1024_desc = {
HFDESC_TYPE_HASHFUNCTION,
0,
skein512_1024_str,
sizeof(skein512_ctx_t),
SKEIN512_BLOCKSIZE,
1024,
(hf_init_fpt)skein512_1024_init,
(hf_nextBlock_fpt)skein512_nextBlock,
(hf_lastBlock_fpt)skein512_lastBlock,
(hf_ctx2hash_fpt)skein512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};

42
hfal_skein512.h Normal file
View File

@ -0,0 +1,42 @@
/* hfal_skein512.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_skein512.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2009-03-13
* \license GPLv3 or later
*
*/
#ifndef HFAL_SKEIN512_H_
#define HFAL_SKEIN512_H_
#include "hashfunction_descriptor.h"
extern const hfdesc_t skein512_128_desc;
extern const hfdesc_t skein512_160_desc;
extern const hfdesc_t skein512_224_desc;
extern const hfdesc_t skein512_256_desc;
extern const hfdesc_t skein512_384_desc;
extern const hfdesc_t skein512_512_desc;
extern const hfdesc_t skein512_1024_desc;
#endif /* HFAL_SHA512_H_ */

742
host/bigint_test.rb Normal file
View File

@ -0,0 +1,742 @@
#!/usr/bin/ruby
# bigint_test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
$debug = true
$debug = false
require 'rubygems'
require 'serialport'
require 'getopt/std'
require 'ftools'
require 'date'
$buffer_size = 0
$conffile_check = Hash.new
$conffile_check.default = 0
################################################################################
# readconfigfile #
################################################################################
def readconfigfile(fname, conf)
return conf if $conffile_check[fname]==1
$conffile_check[fname]=1
section = "default"
if not File.exists?(fname)
return conf
end
file = File.open(fname, "r")
until file.eof
line = file.gets()
next if /[\s]*#/.match(line)
if m=/\[[\s]*([^\s]*)[\s]*\]/.match(line)
section=m[1]
conf[m[1]] = Hash.new
next
end
next if not /=/.match(line)
m=/[\s]*([^\s]*)[\s]*=[\s]*([^\s]*)/.match(line)
if m[1]=="include"
Dir.glob(m[2]){ |fn| conf = readconfigfile(fn, conf) }
else
conf[section][m[1]] = m[2]
end
end
file.close()
return conf
end
################################################################################
# expmod #
################################################################################
def expmod(base, power, mod)
result = 1
while power > 0
result = (result * base) % mod if power & 1 == 1
base = (base * base) % mod
power >>= 1;
end
return result
end
################################################################################
# gcdext #
################################################################################
def gcdext(x,y)
g=1
while(x&1==0 && y&1==0) do
x>>=1
y>>=1
g<<=1
end
u=x; v=y; a=1; b=0; c=0; d=1
begin
while(u&1==0) do
if(a%2==1 || b%2==1)
a += y
b -= x
end
u>>=1; a>>=1; b>>=1
end
while(v&1==0) do
if(c%2==1 || d%2==1)
c += y
d -= x
end
v>>=1; c>>=1; d>>=1;
end
if(u>=v)
u -= v; a-=c; b-=d
else
v -= u; c-=a; d-=b
end
end while(u!=0)
return[g*v, c, d]
end
################################################################################
# reset_system #
################################################################################
def reset_system
$sp.print("exit\r")
sleep 0.1
$sp.print("exit\r")
sleep 0.1
end
################################################################################
# init_system #
################################################################################
def init_system(test_prog)
$sp.print("echo off \r")
print("DBG i: " + "echo off \r"+"\n") if $debug
sleep 0.1
$sp.print("#{test_prog}\r")
print("DBG i: " + "#{test_prog} \r"+"\n") if $debug
sleep 1
end
################################################################################
# screen_progress #
################################################################################
def screen_progress(v)
if $linepos==0
printf("\n%5d [%04d]: ", $testno, $size)
end
putc((v)?('*'):('!'))
$testno += 1
$linepos = ($linepos+1)%$linewidth
end
################################################################################
# add_test #
################################################################################
def add_test(a,b)
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter a:[\s]*/.match(line)
$sp.print(a.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter b:[\s]*/.match(line)
$sp.print(b.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not m=/[\s]*([-]?[0-9a-fA-F]*)[\s]+\+[\s]+([+-]?[0-9a-fA-F]*)[\s]*=[\s]*([+-]?[0-9a-fA-F]*)/.match(line)
a_ = m[1].to_i(16)
b_ = m[2].to_i(16)
c_ = m[3].to_i(16)
line.chomp!
if(a_== a && b_ == b && c_ == (a+b))
$logfile.printf("[pass]: %s\n", line)
return true
else
$logfile.printf("[fail (%s%s%s)]: %s", (a==a_)?"":"a", (b==b_)?"":"b", (c_==a+b)?"":"c",line)
$logfile.printf(" ; should %s + %s = %s\n", a.to_s(16), b.to_s(16), (a+b).to_s(16))
return false
end
return false
end
################################################################################
# mul_test #
################################################################################
def mul_test(a,b)
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter a:[\s]*/.match(line)
$sp.print(a.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter b:[\s]*/.match(line)
$sp.print(b.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not m=/[\s]*([+-]?[0-9a-fA-F]*)[\s]+\*[\s]+([+-]?[0-9a-fA-F]*)[\s]*=[\s]*([+-]?[0-9a-fA-F]*)/.match(line)
a_ = m[1].to_i(16)
b_ = m[2].to_i(16)
c_ = m[3].to_i(16)
line.chomp!
if(a_== a && b_ == b && c_ == (a*b))
$logfile.printf("[pass]: %s\n", line)
return true
else
$logfile.printf("[fail (%s%s%s)]: %s", (a==a_)?"":"a", (b==b_)?"":"b", (c_==a*b)?"":"c",line)
$logfile.printf(" ; should %s * %s = %s\n", a.to_s(16), b.to_s(16), (a*b).to_s(16))
return false
end
return false
end
################################################################################
# square_test #
################################################################################
def square_test(a)
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter a:[\s]*/.match(line)
$sp.print(a.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not m=/[\s]*([+-]?[0-9a-fA-F]*)[\s]*\*\*2[\s]*=[\s]*([+-]?[0-9a-fA-F]*)/.match(line)
a_ = m[1].to_i(16)
c_ = m[2].to_i(16)
line.chomp!
if(a_== a && c_ == (a**2))
$logfile.printf("[pass]: %s\n", line)
return true
else
$logfile.printf("[fail (%s%s)]: %s", (a==a_)?"":"a", (c_==a**2)?"":"c",line)
$logfile.printf(" ; should %s **2 = %s\n", a.to_s(16), (a**2).to_s(16))
return false
end
return false
end
################################################################################
# reduce_test #
################################################################################
def reduce_test(a,b)
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter a:[\s]*/.match(line)
$sp.print(a.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter b:[\s]*/.match(line)
$sp.print(b.to_s(16)+" ")
line=''
begin
line_tmp = $sp.gets()
line_tmp = '' if line_tmp==nil
line += line_tmp
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not m=/[\s]*([+-]?[0-9a-fA-F]*)[\s]+%[\s]+([+-]?[0-9a-fA-F]*)[\s]*=[\s]*([+-]?[0-9a-fA-F]+)/.match(line)
a_ = m[1].to_i(16)
b_ = m[2].to_i(16)
c_ = m[3].to_i(16)
line.chomp!
if(a_== a && b_ == b && c_ == (a%b))
$logfile.printf("[pass]: %s\n", line)
return true
else
$logfile.printf("[fail (%s%s%s)]: %s", (a==a_)?"":"a", (b==b_)?"":"b", (c_==a%b)?"":"c",line)
$logfile.printf(" ; should %s %% %s = %s\n", a.to_s(16), b.to_s(16), (a%b).to_s(16))
return false
end
return false
end
################################################################################
# expmod_test #
################################################################################
def expmod_test(a,b,c)
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter a:[\s]*/.match(line)
$sp.print(a.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter b:[\s]*/.match(line)
$sp.print(b.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter c:[\s]*/.match(line)
$sp.print(c.to_s(16)+" ")
line=''
begin
line_tmp = $sp.gets()
line_tmp = '' if line_tmp==nil
line += line_tmp
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not m=/[\s]*([+-]?[0-9a-fA-F]*)\*\*([+-]?[0-9a-fA-F]*)[\s]+%[\s]+([+-]?[0-9a-fA-F]*)[\s]*=[\s]*([+-]?[0-9a-fA-F]+)/.match(line)
a_ = m[1].to_i(16)
b_ = m[2].to_i(16)
c_ = m[3].to_i(16)
d_ = m[4].to_i(16)
line.chomp!
if(a_== a && b_ == b && c_ == c && d_ ==expmod(a,b,c) )
$logfile.printf("[pass]: %s\n", line)
return true
else
$logfile.printf("[fail (%s%s%s%s)]: %s", (a==a_)?'':'a', (b==b_)?'':'b', (c_==c)?'':'c', (d_==expmod(a,b,c))?'':'d',line)
$logfile.printf(" ; should %s**%s %% %s = %s\n", a.to_s(16), b.to_s(16), c.to_s(16), expmod(a,b,c).to_s(16))
return false
end
return false
end
################################################################################
# gcdext_test #
################################################################################
def gcdext_test(a,b)
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter a:[\s]*/.match(line)
$sp.print(a.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter b:[\s]*/.match(line)
$sp.print(b.to_s(16)+" ")
line=''
begin
line_tmp = $sp.gets()
line_tmp = '' if line_tmp==nil
line = '' if line.end_with?('\n')
line += line_tmp
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not m=/gcdext\([\s]*([+-]?[0-9a-fA-F]*)[\s]*,[\s]*([+-]?[0-9a-fA-F]*)[\s]*\)[\s]*=> a = ([+-]?[0-9a-fA-F]+); b = ([+-]?[0-9a-fA-F]+); gcd = ([+-]?[0-9a-fA-F]+)/.match(line)
a_ = m[1].to_i(16)
b_ = m[2].to_i(16)
c_ = m[3].to_i(16)
d_ = m[4].to_i(16)
e_ = m[5].to_i(16)
line.chomp!
line.gsub!("\r",'')
line.gsub!("\n",'')
ref = gcdext(a,b)
if(a_== a && b_ == b && c_ == ref[1] && d_ == ref[2] && e_== ref[0])
$logfile.printf("[pass]: %s\n", line)
return true
else
$logfile.printf("[fail (%s%s%s%s%s)]: %s", (a==a_)?'':'a', (b==b_)?'':'b',
(c_==ref[1])?'':'c', (d_==ref[2])?'':'d', (e_==ref[0])?'':'e', line)
$logfile.printf(" ; should gcdext( %s, %s) => a = %s; b = %s; gcd = %s\n",
a.to_s(16), b.to_s(16), ref[1].to_s(16), ref[2].to_s(16), ref[0].to_s(16))
return false
end
return false
end
################################################################################
# run_test_add #
################################################################################
def run_test_add(skip=0)
length_a_B = skip+1
length_b_B = skip+1
begin
$size = length_a_B
(0..16).each do |i|
s_a = rand(2)*2-1
s_b = rand(2)*2-1
a = rand(256**length_a_B) * s_a
b = rand(256**length_a_B) * s_b
v = add_test(a, b)
screen_progress(v)
v = add_test(b, a)
screen_progress(v)
end
(0..16).each do |i|
s_a = rand(2)-1
s_b = rand(2)-1
b_size = rand(length_b_B+1)
a = rand(256**length_a_B) * s_a
b = rand(256**b_size) * s_b
v = add_test(a, b)
screen_progress(v)
v = add_test(b, a)
screen_progress(v)
end
length_a_B += 1
length_b_B += 1
end while length_a_B<4096/8
end
################################################################################
# run_test_mul #
################################################################################
def run_test_mul(skip=0)
length_a_B = skip+1
length_b_B = skip+1
begin
$size = length_a_B
(0..16).each do |i|
s_a = rand(2)*2-1
s_b = rand(2)*2-1
a = rand(256**length_a_B) * s_a
b = rand(256**length_a_B) * s_b
v = mul_test(a, b)
screen_progress(v)
v = mul_test(b, a)
screen_progress(v)
end
(0..16).each do |i|
s_a = rand(2)-1
s_b = rand(2)-1
b_size = rand(length_b_B+1)
a = rand(256**length_a_B) * s_a
b = rand(256**b_size) * s_b
v = mul_test(a, b)
screen_progress(v)
v = mul_test(b, a)
screen_progress(v)
end
length_a_B += 1
length_b_B += 1
end while length_a_B<4096/8
end
################################################################################
# run_test_square #
################################################################################
def run_test_square(skip=0)
length_a_B = skip+1
begin
$size = length_a_B
(0..16).each do |i|
a = rand(256**length_a_B)
v = square_test(a)
screen_progress(v)
end
length_a_B += 1
end while length_a_B<4096/8
end
################################################################################
# run_test_reduce #
################################################################################
def run_test_reduce(skip=0)
length_a_B = skip+1
length_b_B = skip+1
begin
$size = length_a_B
(0..16).each do |i|
a = rand(256**length_a_B)
b = rand(256**length_a_B)+1
v = reduce_test(a, b)
screen_progress(v)
end
(0..16).each do |i|
b_size = rand(length_b_B+1)
a = rand(256**length_a_B)
b = rand(256**b_size)+1
v = reduce_test(a, b)
screen_progress(v)
end
length_a_B += 1
length_b_B += 1
end while length_a_B<4096/8
end
################################################################################
# run_test_expmod #
################################################################################
def run_test_expmod(skip=0)
length_a_B = skip+1
length_b_B = skip+1
length_c_B = skip+1
begin
$size = length_a_B
(0..16).each do |i|
a = rand(256**length_a_B)
b = rand(256**length_b_B)+1
c = rand(256**length_c_B)+1
v = expmod_test(a, b, c)
screen_progress(v)
end
(0..16).each do |i|
b_size = rand(length_b_B+1)
a = rand(256**length_a_B)
b = rand(256**b_size)+1
c = rand(256**b_size)+1
v = expmod_test(a, b, c)
screen_progress(v)
end
length_a_B += 1
length_b_B += 1
end while length_a_B<4096/8
end
################################################################################
# run_test_gcdext #
################################################################################
def run_test_gcdext(skip=0)
length_a_B = skip+1
length_b_B = skip+1
begin
$size = length_a_B
(0..16).each do |i|
a = rand(256**length_a_B)
b = rand(256**length_a_B)+1
v = gcdext_test(a, b)
$logfile.flush()
screen_progress(v)
end
(0..16).each do |i|
b_size = rand(length_b_B+1)
a = rand(256**length_a_B)
b = rand(256**b_size)+1
v = gcdext_test(a, b)
$logfile.flush()
screen_progress(v)
end
length_a_B += 1
length_b_B += 1
end while length_a_B<4096/8
end
################################################################################
# MAIN #
################################################################################
opts = Getopt::Std.getopts("s:f:i:a:hd")
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
conf = readconfigfile("~/.testport.conf", conf)
conf = readconfigfile("testport.conf", conf)
conf = readconfigfile(opts["f"], conf) if opts["f"]
#puts conf.inspect
puts("serial port interface version: " + SerialPort::VERSION);
$linewidth = 64
$linepos = 0
$testno = 0
params = { "baud" => conf["PORT"]["baud"].to_i,
"data_bits" => conf["PORT"]["databits"].to_i,
"stop_bits" => conf["PORT"]["stopbits"].to_i,
"parity" => SerialPort::NONE }
params["paraty"] = SerialPort::ODD if conf["PORT"]["paraty"].downcase == "odd"
params["paraty"] = SerialPort::EVEN if conf["PORT"]["paraty"].downcase == "even"
params["paraty"] = SerialPort::MARK if conf["PORT"]["paraty"].downcase == "mark"
params["paraty"] = SerialPort::SPACE if conf["PORT"]["paraty"].downcase == "space"
puts("\nPort: "+conf["PORT"]["port"]+"@" +
params["baud"].to_s +
" " +
params["data_bits"].to_s +
conf["PORT"]["paraty"][0,1].upcase +
params["stop_bits"].to_s +
"\n")
$sp = SerialPort.new(conf["PORT"]["port"], params)
$sp.read_timeout=1000; # 5 minutes
$sp.flow_control = SerialPort::SOFT
reset_system()
if opts['d']
$debug = true
end
logfilename = conf['PORT']['testlogbase']+'bigint.txt'
if File.exists?(logfilename)
i=1
begin
logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'bigint_',i,'.txt')
i+=1
end while(File.exists?(logfilename))
while(i>2) do
File.move(sprintf('%s%04d%s', conf['PORT']['testlogbase']+'bigint_',i-2,'.txt'),
sprintf('%s%04d%s', conf['PORT']['testlogbase']+'bigint_',i-1,'.txt'), true)
i-=1
end
File.move(sprintf('%s%s', conf['PORT']['testlogbase'],'bigint.txt'),
sprintf('%s%04d%s', conf['PORT']['testlogbase']+'bigint_',1,'.txt'), true)
logfilename = conf['PORT']['testlogbase']+'bigint.txt'
end
$logfile = File.open(logfilename, 'w')
printf("logfile: %s\n", logfilename)
$logfile.printf("bigint test from: %s\n", Time.now.to_s)
$logfile.printf("skip = %s\n", opts['s']) if opts['s']
$logfile.printf("seed = 0x%X\n", 0xdeadbeef)
tests = Hash.new
tests['a'] = proc {|x| run_test_add(x) }
tests['m'] = proc {|x| run_test_mul(x) }
tests['s'] = proc {|x| run_test_square(x) }
tests['r'] = proc {|x| run_test_reduce(x) }
tests['e'] = proc {|x| run_test_expmod(x) }
tests['g'] = proc {|x| run_test_gcdext(x) }
init_str = Hash.new
init_str['a'] = 'add-test'
init_str['m'] = 'mul-test'
init_str['s'] = 'square-test'
init_str['r'] = 'reduce-test'
init_str['e'] = 'expmod-test'
init_str['g'] = 'gcdext-test'
srand(0xdeadbeef)
if opts['a']
opts['a'].each_char do |x|
if tests[x]
puts init_str[x]
init_system(init_str[x])
tests[x].call(opts['s']?opts['s'].to_i():0)
else
puts "no test defiened for '#{x}'"
end
end
else
'amsre'.each_char do |x|
if tests[x]
puts init_str[x]
init_system(init_str[x])
tests[x].call(opts['s']?opts['s'].to_i():0)
else
puts "no test defiened for '#{x}'"
end
end
end
$logile.close()

26
host/bitslice2asm.rb Normal file
View File

@ -0,0 +1,26 @@
#!/usr/bin/ruby
#
#
while(!$stdin.eof) do
line = $stdin.readline
if match = /[\s]*((T|IN|OUT)[0-9]{1,2})[\s]*=[\s]*((T|IN|OUT)[0-9]{1,2})[\s]*([|^&])[\s]*((T|IN|OUT)[0-9]{1,2})[\s]*;/.match(line)
puts(" mov "+match[1]+", "+match[3])
case match[5]
when '|'
conductor = "or "
when '^'
conductor = "eor "
when '&'
conductor = "and "
else
fprintf($stderr,"ERROR")
end
puts(" "+conductor+match[1]+", "+match[6])
else
puts(line)
end
end

359
host/cmacvs_test.rb Normal file
View File

@ -0,0 +1,359 @@
#!/usr/bin/ruby
# cmacvs_test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
$debug = true
$debug = false
require 'rubygems'
require 'serialport'
require 'getopt/std'
$buffer_size = 0
$conffile_check = Hash.new
$conffile_check.default = 0
################################################################################
# readconfigfile #
################################################################################
def readconfigfile(fname, conf)
return conf if $conffile_check[fname]==1
$conffile_check[fname]=1
section = "default"
if not File.exists?(fname)
return conf
end
file = File.open(fname, "r")
until file.eof
line = file.gets()
next if /[\s]*#/.match(line)
if m=/\[[\s]*([^\s]*)[\s]*\]/.match(line)
section=m[1]
conf[m[1]] = Hash.new
next
end
next if not /=/.match(line)
m=/[\s]*([^\s]*)[\s]*=[\s]*([^\s]*)/.match(line)
if m[1]=="include"
Dir.glob(m[2]){ |fn| conf = readconfigfile(fn, conf) }
else
conf[section][m[1]] = m[2]
end
end
file.close()
return conf
end
################################################################################
# reset_system #
################################################################################
def reset_system
$sp.print("exit\r")
sleep 0.1
$sp.print("exit\r")
sleep 0.1
end
################################################################################
# scan_system #
################################################################################
def scan_system
algos = Hash.new
$sp.print("cmacvs_list\r")
while true
line=$sp.gets()
return algos if /^>$/.match(line)
if m = /[\*\ ]([a-z]):[\s]*([a-zA-Z0-9+_-]+)/.match(line)
algos[m[2]]=m[1]
end
end
end
################################################################################
# init_system #
################################################################################
def init_system(algo_select, algo_id)
$sp.print("echo off \r")
print("DBG i: " + "echo off \r"+"\n") if $debug
sleep 1
$sp.print("cmacvs_set #{algo_select}\r")
print("DBG i: " + "cmacvs_set #{$algo_select} \r"+"\n") if $debug
sleep 1
$sp.print("cmacvs_test#{algo_id} \r")
print("DBG i: " + "cmacvs_test#{algo_id} \r"+"\n") if $debug
begin
line=$sp.gets()
end while not m=/buffer_size[\s]*=[\s]*0x([0-9A-Fa-f]*)/.match(line)
$buffer_size = m[1].to_i(16)
end
################################################################################
# get_md #
################################################################################
def get_mac
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
end while not /[\s]*Mac[\s]*=.*/.match(line)
return line
end
################################################################################
# get_result #
################################################################################
def get_result
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
end while not /[\s]*Result[\s]*=.*/.match(line)
puts "DBG i: got result: "+line if $debug
return line
end
################################################################################
# send_md #
################################################################################
def send_test(klen, mlen, tlen, key, msg, mac=nil)
$sp.printf("Klen = %s\n\r", klen)
$sp.printf("Mlen = %s\n\r", mlen)
$sp.printf("Tlen = %s\n\r", tlen)
$sp.printf("Key = %s\n\r", key)
$sp.print("Msg = ")
for i in 0..msg.length-1
$sp.print(msg[i].chr)
# print("DBG s: "+ md_string[i].chr) if $debug
# sleep(0.001)
if((i%($buffer_size*2)==0)&&(i!=0))
begin
line=$sp.gets()
end while not /\./.match(line)
end
end
$sp.printf("Mac = %s\n\r", mac) if mac
end
################################################################################
# get_next_kv_pair #
################################################################################
def get_next_kv_pair(file)
loop do
return nil if file.eof
lb = file.gets()
m=lb.match(/[\s]*([\w\d_-]*)[\s]*=[\s]*([\w\d_-]*)/)
puts "DBG i: found #{m[1]} with value #{m[2]}" if m && $debug
return [m[1],m[2]] if m
end
end
################################################################################
# run_test_gen #
################################################################################
def run_test_gen(filename, skip=0)
nerrors = 0
line=1
if not File.exist?(filename)
puts("ERROR file "+filename+" does not exist!")
return nerrors
end
pos = 0
file = File.new(filename, "r");
until file.eof
params = Hash.new
begin
m = get_next_kv_pair(file)
return nerrors if m==nil
params[m[0]] = m[1]
end until m[0]=='Mac'
if(skip>0)
skip -= 1
redo
end
puts("DBG sending: ") if $debug
send_test(params['Klen'], params['Mlen'], params['Tlen'], params['Key'], params['Msg'])
avr_md = get_mac()
a = params['Mac'];
b = (/[\s]*Mac[\s]*=[\s]*([0-9a-fA-F]*).*/.match(avr_md))[1];
a.upcase!
b.upcase!
printf("\n%4d (%4d) [%5d]: ", line, (line-1)*$linewidth, params['Count']) if (pos%$linewidth==0 and $linewidth!=0)
line += 1 if (pos%$linewidth==0 and $linewidth!=0)
#sleep(1)
#putc((a==b)?'*':'!')
if(a==b)
putc('*')
else
putc('!')
# printf("<%d>",len)
printf("\nError @%05d: %s [should]\n != %s [is]- ", params['Count'].to_i , a, b)
nerrors += 1
end
pos += 1
end
file.close()
return nerrors
end
################################################################################
# run_test_ver #
################################################################################
def run_test_ver(filename, skip=0)
nerrors = 0
line=1
if not File.exist?(filename)
puts("ERROR file "+filename+" does not exist!")
return nerrors
end
pos = 0
file = File.new(filename, "r");
until file.eof
params = Hash.new
begin
m = get_next_kv_pair(file)
return nerrors if m==nil
params[m[0]] = m[1]
end until m[0]=='Result'
if(skip>0)
skip -= 1
redo
end
puts("DBG sending: ") if $debug
send_test(params['Klen'], params['Mlen'], params['Tlen'], params['Key'], params['Msg'], params['Mac'])
avr_res = get_result()
a = params['Result'].match(/[\s]*([PF])/)[1];
b = /[\s]*Result[\s]*=[\s]*([PF])/.match(avr_res)[1];
a.upcase!
b.upcase!
printf("\n%4d (%4d) [%5d]: ", line, (line-1)*$linewidth, params['Count']) if (pos%$linewidth==0 and $linewidth!=0)
line += 1 if (pos%$linewidth==0 and $linewidth!=0)
#sleep(1)
#putc((a==b)?'*':'!')
if(a==b)
putc('*')
else
putc('!')
# printf("<%d>",len)
printf("\nError @%05d: %s [should]\n != %s [is]- ", params['Count'].to_i , a, b)
nerrors += 1
end
pos += 1
end
file.close()
return nerrors
end
################################################################################
# MAIN #
################################################################################
opts = Getopt::Std.getopts("s:f:i:j:hdca")
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
conf = readconfigfile("~/.testport.conf", conf)
conf = readconfigfile("testport.conf", conf)
conf = readconfigfile(opts["f"], conf) if opts["f"]
#puts conf.inspect
puts("serial port interface version: " + SerialPort::VERSION);
$linewidth = 64
params = { "baud" => conf["PORT"]["baud"].to_i,
"data_bits" => conf["PORT"]["databits"].to_i,
"stop_bits" => conf["PORT"]["stopbits"].to_i,
"parity" => SerialPort::NONE }
params["paraty"] = SerialPort::ODD if conf["PORT"]["paraty"].downcase == "odd"
params["paraty"] = SerialPort::EVEN if conf["PORT"]["paraty"].downcase == "even"
params["paraty"] = SerialPort::MARK if conf["PORT"]["paraty"].downcase == "mark"
params["paraty"] = SerialPort::SPACE if conf["PORT"]["paraty"].downcase == "space"
puts("\nPort: "+conf["PORT"]["port"]+"@" +
params["baud"].to_s +
" " +
params["data_bits"].to_s +
conf["PORT"]["paraty"][0,1].upcase +
params["stop_bits"].to_s +
"\n")
$sp = SerialPort.new(conf["PORT"]["port"], params)
$sp.read_timeout=1000; # 5 minutes
$sp.flow_control = SerialPort::SOFT
reset_system()
algos=scan_system()
#puts algos.inspect
if opts["d"]
$debug = true
end
if opts["s"]
algos_rev = algos.invert
algo_tasks = Array.new
opts["s"].each_byte{ |x|
if algos_rev[x.chr]
algo_tasks << [algos_rev[x.chr],x.chr]
end
}
else
algo_tasks=algos.sort
end
algo_tasks.each do |algoa|
algo = algoa[0]
if conf[algo]==nil
puts("No test-set defined for #{algo} \r\n")
next
else
i=0
i = opts["j"] if opts["j"]
logfile=File.open(conf["PORT"]["testlogbase"]+algo+".txt", "a")
while conf[algo]["file_#{i}"] != nil
puts("Testing #{algo} with #{conf[algo]["file_#{i}"]}")
reset_system()
init_system(algoa[1], (conf[algo]["file_#{i}_test"]=='gen')?'1':'2')
skip=0
skip=opts["i"].to_i if opts["i"]
nerrors=run_test_gen(conf[algo]["file_#{i}"], skip) if conf[algo]["file_#{i}_test"]=='gen'
nerrors=run_test_ver(conf[algo]["file_#{i}"], skip) if conf[algo]["file_#{i}_test"]=='ver'
if nerrors == 0
puts("\n[ok]")
logfile.puts("[ok] "+conf[algo]["file_#{i}"]+ " ("+Time.now.to_s()+")")
else
puts("\n[errors: "+ nerrors.to_s() +"]")
logfile.puts("[error] "+nerrors.to_s+" "+conf[algo]["file_#{i}"]+ " ("+Time.now.to_s()+")")
end
i += 1
end
logfile.close()
end
end

93
host/create-algo-impl-relation.rb Normal file
View File

@ -0,0 +1,93 @@
#!/usr/bin/ruby
# create-algo-impl-relation.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
SPEED_DIR = 'speed_log/'
SIZE_DIR = 'size_log/'
OUT_DIR = 'algo_implementation/'
$debug = false
require 'rubygems'
require 'getopt/std'
require 'ftools'
def get_module_names(finname)
ret = Array.new
f = File.open(finname, 'r')
f.gets # first line is ignored
while(l=f.gets())
if m=l.match(/[\s]([^\s]*)$/)
ret << m[1]
end
end
f.close()
return ret
end
def mkalgoimplrelation_file(foutname, finname, algos)
if algos==nil
puts "ERROR: algos==nil! fout=#{foutname} fin=#{finname}"
return
end
if File.exists?(foutname)
puts "File #{foutname} already exists!"
return
end
modules = get_module_names(finname).join(' ')
f = File.open(foutname, 'w')
algos.each do |algo|
f.puts(algo+': '+modules)
end
f.close()
end
if not File.directory?(SPEED_DIR)
puts "ERROR: #{SPEED_DIR} is no directory!"
return -1
end
if not File.directory?(SIZE_DIR)
puts "ERROR: #{SIZE_DIR} is no directory!"
return -1
end
if not File.directory?(OUT_DIR)
puts "ERROR: #{OUT_DIR} is no directory!"
return -1
end
list = Dir.entries(SPEED_DIR)
algo_list = Hash.new
list.each do |entry|
if m=entry.match(/([^.]*)\.([^.]*)\.txt/)
algo_list[m[2]] = Array.new if algo_list[m[2]]==nil
algo_list[m[2]] << m[1]
end
end
list = Dir.entries(SIZE_DIR)
list.each do |entry|
if m=entry.match(/([^.]*)\.size/)
mkalgoimplrelation_file(OUT_DIR+m[1]+'.algos', SIZE_DIR+entry, algo_list[m[1]])
end
end

162
host/data2wiki.rb Normal file
View File

@ -0,0 +1,162 @@
#!/usr/bin/ruby
# performnce to wiki
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
=begin
=== Twister-256 performance ===
type: hash
hashsize (bits): 256
ctxsize (bytes): 80
blocksize (bits): 512
init (cycles): 425
nextBlock (cycles): 36535
lastBlock (cycles): 8071
ctx2hash (cycles): 19431
text data bss dec hex filename
6801 32 0 6833 1ab1 bin/bmw_c/bmw_small.o
=end
def get_size_string(impl, algo)
fmap = File.open('algo_implementation/'+impl+'.algos', 'r')
fsize = File.open('size_log/'+impl+'.size', 'r')
modules = nil
while l=fmap.gets
if m=l.match(/^([^:]*):(.*)$/)
if m[1] == algo
modules = m[2].split(/[\s]+/)
end
end
end
if modules==nil
puts("ERROR: no module list found for #{impl}/#{algo} !")
return nil
end
fmap.close()
str = ''
sum = 0
lb = fsize.gets()
while lb = fsize.gets()
m = lb.match(/[\s]*([\w]*)[\s]*([\w]*)[\s]*([\w]*)[\s]*([\w]*)[\s]*([\w]*)[\s]*([\w_\/-]*)/)
name = m[6]+'.o'
if modules.include?(name)
str += "<br> \n" + name+': '+m[4]
sum += m[4].to_i
end
end
fsize.close()
return sum
end
def process_hashfunction(fin, name, impl)
lb = fin.readline()
m = lb.match(/hashsize \(bits\):[\s]*([\d]*)/)
if(!m)
printf("unexpected string %s\n", lb)
end
hashsize = m[1].to_i()
lb = fin.readline()
m = lb.match(/ctxsize \(bytes\):[\s]*([\d]+)/)
ctxsize = m[1].to_i()
lb = fin.readline()
m = lb.match(/blocksize \(bits\):[\s]*([\d]+)/)
blocksize = m[1].to_i()
lb = fin.readline()
m = lb.match(/init \(cycles\):[\s]*([\d]+)/)
inittime = m[1].to_i()
lb = fin.readline()
m = lb.match(/nextBlock \(cycles\):[\s]*([\d]+)/)
nextblocktime = m[1].to_i()
lb = fin.readline()
m = lb.match(/lastBlock \(cycles\):[\s]*([\d]+)/)
lastblocktime = m[1].to_i()
lb = fin.readline()
m = lb.match(/ctx2hash \(cycles\):[\s]*([\d]+)/)
convtime = m[1].to_i()
begin
lb = fin.gets()
end until lb==nil || m = lb.match(/init \(bytes\):[\s]*([\d]*)/)
if lb
initstack = m[1].to_i()
lb = fin.readline()
m = lb.match(/nextBlock \(bytes\):[\s]*([\d]*)/)
nextblockstack = m[1].to_i()
lb = fin.readline()
m = lb.match(/lastBlock \(bytes\):[\s]*([\d]*)/)
lastblockstack = m[1].to_i()
lb = fin.readline()
m = lb.match(/ctx2hash \(bytes\):[\s]*([\d]*)/)
convstack = m[1].to_i()
s1 = (initstack>nextblockstack)?initstack:nextblockstack
s2 = (lastblockstack>convstack)?lastblockstack:convstack
stack = (s1>s2)?s1:s2
else
stack = 0
end
size = get_size_string(impl, name)
printf("| %20s || %3s || %3s || %6d || %7d || %7d || %7d || %7d ||" +
" %7d || %7d || %9.2f || %7d || || || \n|-\n" ,
name, $lang, $lang, size, ctxsize, stack, hashsize, blocksize,
inittime, nextblocktime, nextblocktime.to_f/(blocksize/8),
lastblocktime+convtime)
end
$handlers = Hash.new
$handlers.default = 0
$handlers["hashfunction"] = 1 #process_hashfunction
def process_file(fname)
fin = File.open(fname, "r")
$lang = "asm"
$lang = "C" if fname.match(/_c.txt$/)
impl = fname.match(/([^.]*).txt$/)[1]
begin
begin
if fin.eof()
return
end
lb = fin.readline()
end while !m=lb.match(/=== (.*) performance ===/)
name = m[1];
lb = fin.readline()
m = lb.match(/type:[\s]*([\w]*)/)
type = m[1]
if $handlers[type] != 0
# handlers[type](fin, name)
# puts "DBG: process "+'-'+name+'-'+impl
process_hashfunction(fin, name, impl)
else
printf("ERROR: unsupported type: %s !\n", type)
end
end while(true)
fin.close()
end
for i in (0..ARGV.size-1)
process_file(ARGV[i])
end

117
host/find_tv.rb Normal file
View File

@ -0,0 +1,117 @@
#!/usr/bin/ruby
# shavs_test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
require 'find'
def read_record(file)
record = Hash.new
lb = file.gets() until /[\s]*Set[\s]*[\d]+[\s]*,[\s]*vector#[\s]*[\d]+[\s]*:[\s]*/.match(lb)
term=false
lastkey=nil
begin
term = true
lb=file.gets();
if m=/[\s]*([^=]+)[\s]*=[\s]*(.*)/.match(lb)
lastkey=m[1]
record[m[1]] = m[2]
term = false
else
if m=/[\s]*([0-9a-fA-F]+)[\s]*/.match(lb) and lastkey!=nil
record[lastkey] += m[1]
term = false
end
end
end until term
record
end
def check_match(fname1, fname2)
r1 = Hash.new
r2 = Hash.new
if File.directory?(fname1)
return false
end
if File.directory?(fname2)
return false
end
file1 = File.new(fname1, "r");
file2 = File.new(fname2, "r");
r1 = read_record(file1)
r2 = read_record(file2)
return r1==r2
end
def get_params_from_fn(fname)
params = Array.new
if not p = /[^\.]*\.(([\d]+)\.*).*/.match(fname)
return params
end
params = p[1].split(/\./)
return params
end
def get_params_from_fn2(fname)
params = Array.new
if not p = /[^\.]*\.((-([\d]+))*\.).*/.match(fname)
return params
end
params = p[1].split(/\./)
return params
end
def find_files(fname1, afnames)
files = Array.new
params = Array.new
params = get_params_from_fn(fname1)
afnames.each{ |fn|
p = get_params_from_fn2(fn)
puts("#{params} ?= #{p}")
if params.eql?(p)
files << fn
end
}
return files
end
if ARGV.size<2 or File.directory?(ARGV[0]) or (File.directory?(ARGV[1])==false)
STDERR.print <<EOF
Usage: ruby #{$0} file directory [formatstring]
EOF
exit(1)
end
fmt=String.new
if ARGV.size>=3
fmt=ARGV[2]
else
fmt = "%s --> %s\n"
end
files = Array.new
files = Dir.entries(ARGV[1])
files.each{ |fn|
if check_match(ARGV[0], ARGV[1]+fn)
printf(fmt, ARGV[0].to_s, ARGV[1]+fn.to_s)
puts ""
# puts("#{ARGV[0]} --> #{ARGV[1]+fn}")
end
}

82
host/fix-wiki-size.rb Normal file
View File

@ -0,0 +1,82 @@
#!/usr/bin/ruby
# performnce to wiki
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
require 'rubygems'
require 'getopt/std'
=begin
| Blake-28 || C || C
| 10916<br>
blake_small: 3494<br>
blake_large: 7142<br>
blake_common: 256<br>
memxor: 24
| 53 || || 224 || 512 || 386 || 71362 || 1115.03 || 71893 || || ||
|-
=end
def fix_file(fin, fout, supress)
loop do
return if fin.eof()
comp = Array.new
i = 0
lb1 = fin.readline()
lb2 = fin.readline()
begin
comp[i] = fin.readline()
i += 1
end until comp[i-1].match(/^\|/)
sum = 0
(i-1).times{ |j| sum += comp[j].match(/[^:]*:[\s]*([\d]*)/)[1].to_i}
fout.print(lb1.chomp)
if supress
fout.printf(" || %d |%s", sum, comp.last)
else
fout.printf("\n| %d <br>\n", sum)
comp.each{ |s| fout.puts(s)}
end
begin
lb1 = fin.readline()
fout.puts(lb1)
end until lb1.match(/^\|\-/)
end
end
################################################################################
# MAIN #
################################################################################
fin = STDIN
fout = STDOUT
opts = Getopt::Std.getopts("s")
fin = File.open(ARGV[0], "r") if ARGV.size > 0
fout = File.open(ARGV[1], "w") if ARGV.size > 1
fix_file(fin, fout, opts["s"])
fin.close if ARGV.size > 0
fout.close if ARGV.size > 1

97
host/gcdext-test.rb Normal file
View File

@ -0,0 +1,97 @@
#!/usr/bin/ruby
# gcdext-test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
$debug = true
$debug = false
require 'rubygems'
require 'serialport'
require 'getopt/std'
require 'ftools'
require 'date'
def gcdext(x,y)
g=1
i=0
while(x&1==0 && y&1==0) do
x>>=1
y>>=1
g<<=1
i+=1
end
printf("DBG: initshift = %04X\n", i)
u=x; v=y; a=1; b=0; c=0; d=1
begin
printf(" while u%%2==0; u = %X\n", u)
printf("DBG: (10) a = %s\n", a.to_s(16).upcase)
printf("DBG: (10) b = %s\n", b.to_s(16).upcase)
printf("DBG: (10) c = %s\n", c.to_s(16).upcase)
printf("DBG: (10) d = %s\n", d.to_s(16).upcase)
while(u&1==0) do
if(a%2==1 || b%2==1)
a += y
b -= x
end
u>>=1; a>>=1; b>>=1
end
printf(" while v%%2==0; v = %X\n", v)
printf("DBG: (20) a = %s\n", a.to_s(16).upcase)
printf("DBG: (20) b = %s\n", b.to_s(16).upcase)
printf("DBG: (20) c = %s\n", c.to_s(16).upcase)
printf("DBG: (20) d = %s\n", d.to_s(16).upcase)
while(v&1==0) do
if(c%2==1 || d%2==1)
c += y
# printf("DBG: (qq) b = %s\n", b.to_s(16).upcase)
d -= x
end
printf("DBG: (xx) d = %s\n", d.to_s(16).upcase)
v>>=1; c>>=1; d>>=1;
end
printf(" if u>=v ...\n")
printf("DBG: (30) a = %s\n", a.to_s(16).upcase)
printf("DBG: (30) b = %s\n", b.to_s(16).upcase)
printf("DBG: (30) c = %s\n", c.to_s(16).upcase)
printf("DBG: (30) d = %s\n", d.to_s(16).upcase)
if(u>=v)
u -= v; a-=c; b-=d
else
v -= u; c-=a; d-=b
end
end while(u!=0)
return[g*v, c, d]
end
if ARGV.length==2
a = ARGV[0].to_i
b = ARGV[1].to_i
else
# CD319349, 9EFD76CC
# 1609000771, 6fac577d72
a = 0x1609000771
b = 0x6fac577d72
end
r = gcdext(a, b)
printf("gcdext( %s, %s) => a = %s; b = %s; gcd = %s\n",
a.to_s(16),b.to_s(16),r[1].to_s(16),r[2].to_s(16),r[0].to_s(16))

165
host/get_performance.rb Normal file
View File

@ -0,0 +1,165 @@
#!/usr/bin/ruby
# get_performance.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
$debug = false
require 'rubygems'
require 'serialport'
require 'getopt/std'
$conffile_check = Hash.new
$conffile_check.default = 0
################################################################################
# readconfigfile #
################################################################################
def readconfigfile(fname, conf)
return conf if $conffile_check[fname]==1
$conffile_check[fname]=1
section = "default"
if not File.exists?(fname)
return conf
end
file = File.open(fname, "r")
until file.eof
line = file.gets()
next if /[\s]*#/.match(line)
if m=/\[[\s]*([^\s]*)[\s]*\]/.match(line)
section=m[1]
conf[m[1]] = Hash.new
next
end
next if not /=/.match(line)
m=/[\s]*([^\s]*)[\s]*=[\s]*([^\s]*)/.match(line)
if m[1]=="include"
Dir.glob(m[2]){ |fn| conf = readconfigfile(fn, conf) }
else
conf[section][m[1]] = m[2]
end
end
file.close()
return conf
end
################################################################################
# read_line #
################################################################################
def read_line(error_msg=true)
i=$extended_wait
begin
s = $sp.gets()
end until s or i==0
if s==nil
puts("ERROR: read timeout!\n") if error_msg
return nil
end
s.gsub(/\006/, '');
end
################################################################################
# readPerformanceVector #
################################################################################
def readPerformanceVector(param)
lb=""
fname=""
fout=0
begin
lb = read_line()
if lb.match(/End of performance figures/)
return false
end
if m=lb.match(/=== (.*) performance ===/)
fout.close if fout!=0
fname=$dir+m[1]
fname+="."+param if param != ""
fname+=".txt"
fout = File.open(fname, "w+")
printf("> %s \n", fname)
fout.write(lb)
else
if fout!=0 && lb!=""
fout.write(lb)
end
end
end while true
end
################################################################################
# MAIN #
################################################################################
opts = Getopt::Std.getopts("f:c:t:a:d")
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
conf = readconfigfile("~/.testport.conf", conf)
conf = readconfigfile("testport.conf", conf)
conf = readconfigfile(opts["f"], conf) if opts["f"]
#puts conf.inspect
puts("serial port interface version: " + SerialPort::VERSION);
$linewidth = 64
params = { "baud" => conf["PORT"]["baud"].to_i,
"data_bits" => conf["PORT"]["databits"].to_i,
"stop_bits" => conf["PORT"]["stopbits"].to_i,
"parity" => SerialPort::NONE }
params["paraty"] = SerialPort::ODD if conf["PORT"]["paraty"].downcase == "odd"
params["paraty"] = SerialPort::EVEN if conf["PORT"]["paraty"].downcase == "even"
params["paraty"] = SerialPort::MARK if conf["PORT"]["paraty"].downcase == "mark"
params["paraty"] = SerialPort::SPACE if conf["PORT"]["paraty"].downcase == "space"
puts("\nPort: "+conf["PORT"]["port"]+"@" +
params["baud"].to_s +
" " +
params["data_bits"].to_s +
conf["PORT"]["paraty"][0,1].upcase +
params["stop_bits"].to_s +
"\n")
$sp = SerialPort.new(conf["PORT"]["port"], params)
$sp.read_timeout=1000; # 5 minutes
$sp.flow_control = SerialPort::SOFT
=begin
if ARGV.size < 1
STDERR.print <<EOF
Usage: ruby #{$0} -c command [-t target_dir] [-a additional specifier]
EOF
exit(1)
end
=end
command=opts['c']+"\r";
$dir=(opts['t'])?opts['t']:"";
param=(opts['a'])?opts['a']:"";
$linewidth = 16
$extended_wait=100;
$sp.write(command);
while(readPerformanceVector(param))
end
exit(0);

52
host/get_primes.rb Normal file
View File

@ -0,0 +1,52 @@
#!/usr/bin/ruby
# get_primes.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
$primes = [2,3,5]
def check_prime(a)
q = Math.sqrt(a)
$primes.each{ |p|
return true if p>q
return false if a%p==0
}
return true
end
def find_primes(n)
a = $primes.last+2
while $primes.size < n
if check_prime(a)
$primes << a
end
a += 2
end
end
if ARGV.size!=1
STDERR.print <<EOF
Usage: ruby #{$0} n
EOF
exit(1)
end
find_primes(ARGV[0].to_i);
print($primes.join(', '))
puts("")

128
host/get_test.rb Normal file
View File

@ -0,0 +1,128 @@
#!/usr/bin/ruby
# get_test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
require 'serialport'
def read_line(error_msg=true)
s = $sp.gets()
if s==nil
puts("ERROR: read timeout!\n") if error_msg
return nil
end
s.gsub(/\006/, '');
end
def readTestVector(param)
fname=$dir;
lb="";
buffer="";
set=0;
vector=0;
begin
lb = read_line(false)
if (m=/unknown command/.match(lb) || m=/[Ee][Rr]{2}[Oo][Rr]/.match(lb))
puts("ERROR: "+lb);
exit(2);
end
if(lb==nil)
return false;
end
end while(m=/\*+/.match(lb));
buffer += lb;
begin
lb = read_line()
if(lb==nil)
return false;
end
buffer+=lb;
end while(m=/\*.*/.match(lb));
while(!(m=/Test vectors/.match(lb)))
m=/[^:]*:[\s]([A-Za-z0-9_-]*)/.match(lb);
if(m)
fname+=m[1]+".";
end
return false if lb==nil
buffer+=lb;
lb = read_line();
end
if(param!="")
fname+=param+".";
end
puts("-> "+fname+"txt");
file=File.new(fname+"txt", "w");
buffer+=lb;
file.write(buffer);
begin
if (m=/Test\ vectors\ \-\-\ set[\s]+([0-9]+)/.match(lb))
set=m[1].to_i;
print("\nSet "+m[1]+":");
end
if (m=/Set [0-9]*, vector#[\s]*([0-9]+):/.match(lb))
vector=m[1].to_i;
#print(" "+m[1]);
if(vector!=0 && vector % $linewidth==0)
print("\n ")
end
printf(" %4u", vector);
end
lb=read_line();
if(lb==nil)
file.close();
return false;
end
file.write(lb);
end while(!m=/End of test vectors/.match(lb));
puts("\n");
file.close();
return true
end
if ARGV.size < 5
STDERR.print <<EOF
Usage: ruby #{$0} port bps nbits stopb command [target_dir] [additional specifier]
EOF
exit(1)
end
command=ARGV[4]+"\r";
$dir=(ARGV.size>=6)?ARGV[5]:"";
param=(ARGV.size>=7)?ARGV[6]:"";
puts("\nPort: "+ARGV[0]+ "@"+ARGV[1]+" "+ARGV[2]+"N"+ARGV[3]+"\n");
$linewidth = 16
$sp = SerialPort.new(ARGV[0], ARGV[1].to_i, ARGV[2].to_i, ARGV[3].to_i, SerialPort::NONE);
$sp.read_timeout=1000; # 1 secound
$extended_wait=100;
$sp.write(command);
if(readTestVector(param)==false)
puts("ERROR: test seems not to be implemented");
exit(3);
end
while(readTestVector(param))
end
exit(0);

39
host/karatsuba.rb Normal file
View File

@ -0,0 +1,39 @@
#!/usr/bin/ruby
# bigint_test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
$debug = true
$debug = false
require 'rubygems'
require 'serialport'
require 'getopt/std'
require 'ftools'
require 'date'
$buffer_size = 0
$conffile_check = Hash.new
$conffile_check.default = 0
def karatsuba_verbose(a,b)
a_s = a.to_s(16)
b_s = b.to_s(16)
len_a = floor((a_s.length+1)/2)
len_b = floor((b_s.length+1)/2)
n=floor((((len_a>len_b)?len_a:len_b)+1)/2)
end

124
host/nessie_check.rb Normal file
View File

@ -0,0 +1,124 @@
#!/usr/bin/ruby
# nessie_check.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
def skip_header(file)
begin
l = file.gets().strip
end until /[*]{10,}.*/.match(l)
begin
l = file.gets().strip
end until /[*]{10,}.*/.match(l)
begin
l = file.gets().strip
end until /[=]{5,}.*/.match(l)
begin
l = file.gets().strip
end until /[=]{5,}.*/.match(l)
end
def get_next_assign(file, i)
key = String.new
value = String.new
if($last_assign[i]==nil)
begin
return nil if file.eof
l = file.gets().strip()
end until m=/[\s]*([\w]*)[\s]*=[\s]*([0-9a-fA-F]*).*/.match(l)
value = m[2]
key = m[1]
begin
return nil if file.eof
l = file.gets().strip()
if not /[^=]+=[^=]+/.match(l)
value += l if /^[0-9A-Fa-f]{5}/.match(l)
end
end until /[^=]+=[^=]+/.match(l)
$last_assign[i] = l
else
m=/[\s]*([\w]*)[\s]*=[\s]*([0-9a-fA-F]*).*/.match($last_assign[i])
value = m[2]
key = m[1]
begin
return nil if file.eof
l = file.gets().strip()
if not /[^=]+=[^=]+/.match(l)
value += l if /^[0-9A-Fa-f]{5}/.match(l)
end
end until /[^=]+=[^=]+/.match(l)
$last_assign[i] = l
end
return [key, value]
end
def compare(fname1, fname2)
file1 = File.new(fname1, "r")
file2 = File.new(fname2, "r")
skip_header(file1)
skip_header(file2)
pos=0
begin
# puts("checking set")
a = get_next_assign(file1, 0)
b = get_next_assign(file2, 1)
return if(a==nil or b==nil)
if not $quiet
puts("") if pos%$linewidth==0 and pos!=0
putc((a==b)?'*':'!')
pos +=1
end
if(a!=b and a!=nil and b!=nil)
$error += 1
# puts("a key: "+a[0]+" value: "+a[1])
# puts("b key: "+b[0]+" value: "+b[1])
end
end until a==nil or b==nil
end
$error = 0
$linewidth=64
$last_assign=[nil, nil]
if ARGV.size<2 or ARGV.size>3
STDERR.print <<EOF
Usage: ruby #{$0} [-q|-v] file1 file2
EOF
exit(1)
end
$quiet = false
if ARGV.size==3
f1 = ARGV[1]
f2 = ARGV[2]
if ARGV[0]=="-q"
$quiet=true
end
else
f1 = ARGV[0]
f2 = ARGV[1]
end
puts("compare("+f1+", "+f2+")")
compare(f1, f2)
if $error!=0
puts("[failed] ("+$error.to_s()+")")
else
puts("[ok]")
end
exit($error)

100
host/optimize_shift.rb Normal file
View File

@ -0,0 +1,100 @@
#!/usr/bin/ruby
# shavs_test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
shift_values = [ 5, 36, 13, 58, 26, 53, 11, 59,
56, 28, 46, 44, 20, 35, 42, 50,
38, 48, 34, 26, 33, 39, 29, 33,
30, 20, 14, 12, 49, 27, 26, 51,
50, 43, 15, 58, 8, 41, 11, 39,
53, 31, 27, 7, 42, 14, 9, 35,
55, 25, 33, 34, 28, 17, 58, 47,
43, 25, 8, 43, 7, 6, 7, 49,
37, 46, 18, 25, 47, 18, 32, 27,
40, 13, 57, 60, 48, 25, 45, 58,
16, 14, 21, 44, 51, 43, 19, 37,
22, 13, 12, 9, 9, 42, 18, 48,
38, 52, 32, 59, 35, 40, 2, 53,
12, 57, 54, 34, 41, 15, 56, 56 ]
def transform_shift(value)
byteshift = (value+3)/8
singleshift = value%8
if singleshift>4
# byteshift += 1
singleshift -= 8
end
return [singleshift, byteshift]
end
def transform_singleshift(value)
if(value>=0)
return value
end
return 0x08+(value*-1)
end
bs_hist = Hash.new
bs_hist.default = 0
ss_hist = Hash.new
ss_hist.default = 0
shift_values.each{|v|
a = transform_shift(v)
printf("%2d = %2d * 8 %+2d\n", v, a[1], a[0])
bs_hist[a[1]] += 1
ss_hist[a[0]] += 1
}
puts("byteshift histogram:")
for i in 0..7
printf("%d: %4d\n", i, bs_hist[i])
end
puts("singleshift histogram:")
for i in -3..4
printf("%+d: %4d\n", i, ss_hist[i])
end
puts "\ntransformed:"
(0..shift_values.length-1).each{|i|
puts " for 256 bit:" if i==0
puts " for 512 bit:" if i==16
puts " for 1024 bit:" if i==16+32
a = transform_shift(shift_values[i])
a[0] = transform_singleshift(a[0])
printf("0x%01x%01x, ", a[1], a[0])
puts("") if (i%8==7)
}
puts "\ntransformed (decryption):"
(0..shift_values.length-1).each{|i|
puts " for 256 bit:" if i==0
puts " for 512 bit:" if i==16
puts " for 1024 bit:" if i==16+32
a = transform_shift(shift_values[(i/8)*8+7-(i%8)])
a[0] = transform_singleshift(a[0])
printf("0x%01x%01x, ", a[1], a[0])
puts("") if (i%8==7)
}

305
host/shavs_test2.rb Normal file
View File

@ -0,0 +1,305 @@
#!/usr/bin/ruby
# shavs_test.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008, 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
$debug = true
$debug = false
require 'rubygems'
require 'serialport'
require 'getopt/std'
$buffer_size = 0
$conffile_check = Hash.new
$conffile_check.default = 0
################################################################################
# readconfigfile #
################################################################################
def readconfigfile(fname, conf)
return conf if $conffile_check[fname]==1
$conffile_check[fname]=1
section = "default"
if not File.exists?(fname)
return conf
end
file = File.open(fname, "r")
until file.eof
line = file.gets()
next if /[\s]*#/.match(line)
if m=/\[[\s]*([^\s]*)[\s]*\]/.match(line)
section=m[1]
conf[m[1]] = Hash.new
next
end
next if not /=/.match(line)
m=/[\s]*([^\s]*)[\s]*=[\s]*([^\s]*)/.match(line)
if m[1]=="include"
Dir.glob(m[2]){ |fn| conf = readconfigfile(fn, conf) }
else
conf[section][m[1]] = m[2]
end
end
file.close()
return conf
end
################################################################################
# reset_system #
################################################################################
def reset_system
$sp.print("exit\r")
sleep 0.1
$sp.print("exit\r")
sleep 0.1
end
################################################################################
# scan_system #
################################################################################
def scan_system
algos = Hash.new
$sp.print("shavs_list\r")
while true
line=$sp.gets()
return algos if /^>$/.match(line)
if m = /[\*\ ]([a-z]):[\s]*([a-zA-Z0-9+_-]+)/.match(line)
algos[m[2]]=m[1]
end
end
end
################################################################################
# init_system #
################################################################################
def init_system(algo_select)
$sp.print("echo off \r")
print("DBG i: " + "echo off \r"+"\n") if $debug
sleep 0.1
$sp.print("shavs_set #{algo_select}\r")
print("DBG i: " + "shavs_set #{$algo_select} \r"+"\n") if $debug
sleep 0.1
$sp.print("shavs_test1 \r")
print("DBG i: " + "shavs_test1 \r"+"\n") if $debug
begin
line=$sp.gets()
end while not m=/buffer_size[\s]*=[\s]*0x([0-9A-Fa-f]*)/.match(line)
$buffer_size = m[1].to_i(16)
end
################################################################################
# get_md #
################################################################################
def get_md
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
end while not /[\s]*MD[\s]*=.*/.match(line)
return line
end
################################################################################
# send_md #
################################################################################
def send_md(md_string)
$sp.print("Msg = ")
for i in 0..md_string.length-1
$sp.print(md_string[i].chr)
# print("DBG s: "+ md_string[i].chr) if $debug
# sleep(0.001)
if((i%($buffer_size*2)==0)&&(i!=0))
begin
line=$sp.gets()
end while not /\./.match(line)
end
end
end
################################################################################
# run_test #
################################################################################
def run_test(filename, skip=0)
nerrors = 0
line=1
if not File.exist?(filename)
puts("ERROR file "+filename+" does not exist!")
return nerrors
end
pos = 0
file = File.new(filename, "r");
until file.eof
begin
lb=file.gets()
# printf("DBG info: file read: %s", lb)
end while not (file.eof or (/[\s]*Len[\s]*=/.match(lb)))
# puts("got ya")
if file.eof
file.close()
return nerrors
end
len = /[\s]*Len[\s]*=[\s]*([0-9]*)/.match(lb)[1].to_i
if(skip>0)
skip -= 1
redo
end
puts("DBG sending: "+lb) if $debug
$sp.print(lb.strip)
$sp.print("\r")
begin
lb=file.gets()
end while not (file.eof or (m=/[\s]*Msg[\s]*=[\s]*([0-9a-fA-F]*)/.match(lb)))
return if file.eof
puts("DBG sending: "+lb) if $debug
send_md(m[1])
avr_md = get_md()
begin
lb=file.gets()
end while not /[\s]*MD[\s]*=.*/.match(lb)
a = (/[\s]*MD[\s]*=[\s]*([0-9a-fA-F]*).*/.match(lb))[1];
b = (/[\s]*MD[\s]*=[\s]*([0-9a-fA-F]*).*/.match(avr_md))[1];
a.upcase!
b.upcase!
printf("\n%4d (%4d) [%5d]: ", line, (line-1)*$linewidth, len) if (pos%$linewidth==0 and $linewidth!=0)
line += 1 if (pos%$linewidth==0 and $linewidth!=0)
#sleep(1)
#putc((a==b)?'*':'!')
if(a==b)
putc('*')
else
putc('!')
# printf("<%d>",len)
printf("\nError @%05d: %s [should]\n != %s [is]- ",len, a, b)
nerrors += 1
end
pos += 1
end
file.close()
return nerrors
end
################################################################################
# MAIN #
################################################################################
opts = Getopt::Std.getopts("s:f:i:j:hdca")
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
conf = readconfigfile("~/.testport.conf", conf)
conf = readconfigfile("testport.conf", conf)
conf = readconfigfile(opts["f"], conf) if opts["f"]
#puts conf.inspect
puts("serial port interface version: " + SerialPort::VERSION);
$linewidth = 64
params = { "baud" => conf["PORT"]["baud"].to_i,
"data_bits" => conf["PORT"]["databits"].to_i,
"stop_bits" => conf["PORT"]["stopbits"].to_i,
"parity" => SerialPort::NONE }
params["paraty"] = SerialPort::ODD if conf["PORT"]["paraty"].downcase == "odd"
params["paraty"] = SerialPort::EVEN if conf["PORT"]["paraty"].downcase == "even"
params["paraty"] = SerialPort::MARK if conf["PORT"]["paraty"].downcase == "mark"
params["paraty"] = SerialPort::SPACE if conf["PORT"]["paraty"].downcase == "space"
puts("\nPort: "+conf["PORT"]["port"]+"@" +
params["baud"].to_s +
" " +
params["data_bits"].to_s +
conf["PORT"]["paraty"][0,1].upcase +
params["stop_bits"].to_s +
"\n")
$sp = SerialPort.new(conf["PORT"]["port"], params)
$sp.read_timeout=1000; # 5 minutes
$sp.flow_control = SerialPort::SOFT
reset_system()
algos=scan_system()
#puts algos.inspect
if opts["d"]
$debug = true
end
if opts["s"]
algos_rev = algos.invert
algo_tasks = Array.new
opts["s"].each_byte{ |x|
if algos_rev[x.chr]
algo_tasks << [algos_rev[x.chr],x.chr]
end
}
else
algo_tasks=algos.sort
end
algo_tasks.each do |algoa|
algo = algoa[0]
if conf[algo]==nil
puts("No test-set defined for #{algo} \r\n")
next
else
i=0
i = opts["j"] if opts["j"]
logfile=File.open(conf["PORT"]["testlogbase"]+algo+".txt", "a")
while conf[algo]["file_#{i}"] != nil
puts("Testing #{algo} with #{conf[algo]["file_#{i}"]}")
reset_system()
init_system(algoa[1])
skip=0
skip=opts["i"].to_i if opts["i"]
nerrors=run_test(conf[algo]["file_#{i}"], skip)
if nerrors == 0
puts("\n[ok]")
logfile.puts("[ok] "+conf[algo]["file_#{i}"]+ " ("+Time.now.to_s()+")")
else
puts("\n[errors: "+ nerrors.to_s() +"]")
logfile.puts("[error] "+nerrors.to_s+" "+conf[algo]["file_#{i}"]+ " ("+Time.now.to_s()+")")
end
i += 1
end
logfile.close()
end
end
=begin
nerrors = 0
for i in (5..(ARGV.size-1))
nerrors = run_test(ARGV[i])
if nerrors == 0
puts("\n[ok]")
else
puts("\n[errors: "+ nerrors.to_s() +"]")
end
end
$sp.print("EXIT\r");
#exit(0);
=end

14
host/test.rb Normal file
View File

@ -0,0 +1,14 @@
def a(n)
return (-n-65+512)%512
end
def b(n)
return (n+a(n)+65)%512
end
for i in (0..512)
puts("") if(i%32==0)
printf("%3d", b(i))
end
irb

28
host/threefish_helper.rb Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/ruby
#
(0..19).each { |s|
printf("0x%s%s, ", ((s+0)%5).to_s,((s+1)%5).to_s)
printf("0x%s%s, ", ((s+2)%5).to_s,((s+3)%5).to_s)
}
puts("\n or (5)\n")
(0..19+3).each { |s|
printf("0x%02x, ", ((s%5)*8))
}
puts("\n or (9)\n")
(0..19+7).each { |s|
printf("0x%02x, ", ((s%9)*8))
}
puts("\n or (17)\n")
(0..21+15).each { |s|
printf("0x%02x, ", ((s%17)*8))
}
puts("\n (3)\n")
(0..24).each { |s|
printf("0x%02x, ", ((s%3)*8))
}

233
host/threefish_helper_rc.rb Normal file
View File

@ -0,0 +1,233 @@
#!/usr/bin/ruby
# threefish_helper_rc.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
def convert(value)
byteshift = (value+3)/8
bitshift = value-byteshift*8
# printf("%d --> %d,%d\n", value,byteshift,bitshift)
if bitshift<0
bitshift *= -1
bitshift += 0x08
end
ret = byteshift*16+bitshift
return ret
end
r00 = [14, 52, 23, 5, 25, 46, 58, 32]
r01 = [16, 57, 40, 37, 33, 12, 22, 32]
r10 = [46, 33, 17, 44, 39, 13, 25, 8]
r11 = [36, 27, 49, 9, 30, 50, 29, 35]
r12 = [19, 14, 36, 54, 34, 10, 39, 56]
r13 = [37, 42, 39, 56, 24, 17, 43, 22]
r20 = [24, 38, 33, 5, 41, 16, 31, 9]
r21 = [13, 19, 4, 20, 9, 34, 44, 48]
r22 = [ 8, 10, 51, 48, 37, 56, 47, 35]
r23 = [47, 55, 13, 41, 31, 51, 46, 52]
r24 = [ 8, 49, 34, 47, 12, 4, 19, 23]
r25 = [17, 18, 41, 28, 47, 53, 42, 31]
r26 = [22, 23, 59, 16, 44, 42, 44, 37]
r27 = [37, 52, 17, 25, 30, 41, 25, 20]
#################################################
printf("threefish256_rc0: .byte ")
r00.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish256_rc1: .byte ")
r01.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("\n\n")
#################################################
printf("threefish512_rc0: .byte ")
r10.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish512_rc1: .byte ")
r11.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish512_rc2: .byte ")
r12.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish512_rc3: .byte ")
r13.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("\n\n")
#################################################
printf("threefish1024_rc0: .byte ")
r20.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish1024_rc1: .byte ")
r21.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish1024_rc2: .byte ")
r22.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish1024_rc3: .byte ")
r23.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish1024_rc4: .byte ")
r24.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish1024_rc5: .byte ")
r25.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish1024_rc6: .byte ")
r26.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("")
printf("threefish1024_rc7: .byte ")
r27.each{ |x| printf("0x%2.2x, ",convert(x))}
puts("\n\n")
#################################################
puts("REVERSE")
printf(" uint8_t rc0[8] = { ")
8.times{ |x| printf("%2.2d, ",r00[(7 - x)]) }
puts("")
printf(" uint8_t rc1[8] = { ")
8.times{ |x| printf("%2.2d, ",r01[(7 - x)]) }
puts("")
printf("threefish256_rc0: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r00[(7 - x)]) ) }
puts("")
printf("threefish256_rc1: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r01[(7 - x)]) ) }
puts("\n\n")
#################################################
printf(" uint8_t rc0[8] = { ")
8.times{ |x| printf("%2.2d, ",r10[(7 - x)]) }
puts("")
printf(" uint8_t rc1[8] = { ")
8.times{ |x| printf("%2.2d, ",r11[(7 - x)]) }
puts("")
printf(" uint8_t rc2[8] = { ")
8.times{ |x| printf("%2.2d, ",r12[(7 - x)]) }
puts("")
printf(" uint8_t rc3[8] = { ")
8.times{ |x| printf("%2.2d, ",r13[(7 - x)]) }
puts("")
printf("threefish512_rc0: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r10[(7 - x)]) ) }
puts("")
printf("threefish512_rc1: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r11[(7 - x)]) ) }
puts("")
printf("threefish512_rc2: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r12[(7 - x)]) ) }
puts("")
printf("threefish512_rc3: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r13[(7 - x)]) ) }
puts("\n\n")
#################################################
printf(" uint8_t rc0[8] = { ")
8.times{ |x| printf("%2.2d, ",r20[(7 - x)]) }
puts("")
printf(" uint8_t rc1[8] = { ")
8.times{ |x| printf("%2.2d, ",r21[(7 - x)]) }
puts("")
printf(" uint8_t rc2[8] = { ")
8.times{ |x| printf("%2.2d, ",r22[(7 - x)]) }
puts("")
printf(" uint8_t rc3[8] = { ")
8.times{ |x| printf("%2.2d, ",r23[(7 - x)]) }
puts("")
printf(" uint8_t rc4[8] = { ")
8.times{ |x| printf("%2.2d, ",r24[(7 - x)]) }
puts("")
printf(" uint8_t rc5[8] = { ")
8.times{ |x| printf("%2.2d, ",r25[(7 - x)]) }
puts("")
printf(" uint8_t rc6[8] = { ")
8.times{ |x| printf("%2.2d, ",r26[(7 - x)]) }
puts("")
printf(" uint8_t rc7[8] = { ")
8.times{ |x| printf("%2.2d, ",r27[(7 - x)]) }
puts("")
printf("threefish1024_rc0: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r20[(7 - x)]) ) }
puts("")
printf("threefish1024_rc1: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r21[(7 - x)]) ) }
puts("")
printf("threefish1024_rc2: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r22[(7 - x)]) ) }
puts("")
printf("threefish1024_rc3: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r23[(7 - x)]) ) }
puts("")
printf("threefish1024_rc4: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r24[(7 - x)]) ) }
puts("")
printf("threefish1024_rc5: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r25[(7 - x)]) ) }
puts("")
printf("threefish1024_rc6: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r26[(7 - x)]) ) }
puts("")
printf("threefish1024_rc7: .byte ")
8.times{ |x| printf("0x%2.2x, ",convert(r27[(7 - x)]) ) }
puts("\n\n")

259
keccak/keccak.c Normal file
View File

@ -0,0 +1,259 @@
/* keecak.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "memxor.h"
#include "keccak.h"
#ifdef DEBUG
# undef DEBUG
#endif
#define DEBUG 0
#if DEBUG
#include "cli.h"
void keccak_dump_state(uint64_t a[5][5]){
uint8_t i,j;
for(i=0; i<5; ++i){
cli_putstr("\r\n");
cli_putc('0'+i);
cli_putstr(": ");
for(j=0; j<5; ++j){
cli_hexdump_rev(&(a[i][j]), 8);
cli_putc(' ');
}
}
}
void keccak_dump_ctx(keccak_ctx_t* ctx){
keccak_dump_state(ctx->a);
cli_putstr("\r\nDBG: r: ");
cli_hexdump_rev(&(ctx->r), 2);
cli_putstr("\t c: ");
cli_hexdump_rev(&(ctx->c), 2);
cli_putstr("\t d: ");
cli_hexdump(&(ctx->d), 1);
cli_putstr("\t bs: ");
cli_hexdump(&(ctx->bs), 1);
}
#endif
static const uint64_t rc[] = {
0x0000000000000001LL, 0x0000000000008082LL,
0x800000000000808ALL, 0x8000000080008000LL,
0x000000000000808BLL, 0x0000000080000001LL,
0x8000000080008081LL, 0x8000000000008009LL,
0x000000000000008ALL, 0x0000000000000088LL,
0x0000000080008009LL, 0x000000008000000ALL,
0x000000008000808BLL, 0x800000000000008BLL,
0x8000000000008089LL, 0x8000000000008003LL,
0x8000000000008002LL, 0x8000000000000080LL,
0x000000000000800ALL, 0x800000008000000ALL,
0x8000000080008081LL, 0x8000000000008080LL,
0x0000000080000001LL, 0x8000000080008008LL
};
uint64_t rotl64(uint64_t a, uint8_t r){
return (a<<r)|(a>>(64-r));
}
static const uint8_t r[5][5] = {
{ 0, 36, 3, 41, 18 },
{ 1, 44, 10, 45, 2 },
{ 62, 6, 43, 15, 61 },
{ 28, 55, 25, 21, 56 },
{ 27, 20, 39, 8, 14 }
};
void keccak_round(uint64_t a[5][5], uint8_t rci){
uint64_t b[5][5];
uint8_t i,j;
/* theta */
for(i=0; i<5; ++i){
b[i][0] = a[0][i] ^ a[1][i] ^ a[2][i] ^ a[3][i] ^ a[4][i];
}
for(i=0; i<5; ++i){
b[i][1] = b[(4+i)%5][0] ^ rotl64(b[(i+1)%5][0], 1);
}
for(i=0; i<5; ++i){
for(j=0; j<5; ++j){
a[j][i] ^= b[i][1];
}
}
#if DEBUG
cli_putstr("\r\nAfter theta:");
keccak_dump_state(a);
#endif
/* rho & pi */
for(i=0; i<5; ++i){
for(j=0; j<5; ++j){
b[(2*i+3*j)%5][j] = rotl64(a[j][i], r[i][j]);
}
}
#if DEBUG
cli_putstr("\r\n--- after rho & pi ---");
keccak_dump_state(a);
#endif
/* chi */
for(i=0; i<5; ++i){
for(j=0; j<5; ++j){
a[j][i] = b[j][i] ^ ((~(b[j][(i+1)%5]))&(b[j][(i+2)%5]));
}
}
#if DEBUG
cli_putstr("\r\nAfter chi:");
keccak_dump_state(a);
#endif
/* iota */
uint64_t t;
t= rc[rci];
a[0][0] ^= t;
#if DEBUG
cli_putstr("\r\nAfter iota:");
keccak_dump_state(a);
#endif
}
void keccak_f1600(uint64_t a[5][5]){
uint8_t i=0;
do{
#if DEBUG
cli_putstr("\r\n\r\n--- Round ");
cli_hexdump(&i, 1);
cli_putstr(" ---");
#endif
keccak_round(a, i);
}while(++i<24);
}
void keccak_nextBlock(keccak_ctx_t* ctx, const void* block){
memxor(ctx->a, block, ctx->bs);
keccak_f1600(ctx->a);
}
void keccak_lastBlock(keccak_ctx_t* ctx, const void* block, uint16_t length_b){
while(length_b>=ctx->r){
keccak_nextBlock(ctx, block);
block = (uint8_t*)block + ctx->bs;
length_b -= ctx->r;
}
uint8_t tmp[ctx->bs];
uint8_t pad[3];
memset(tmp, 0x00, ctx->bs);
memcpy(tmp, block, (length_b+7)/8);
/* appand 1 */
if(length_b&7){
/* we have some single bits */
uint8_t t;
t = tmp[length_b/8]>>(8-(length_b&7));
t |= 0x01<<(length_b&7);
tmp[length_b/8] = t;
}else{
tmp[length_b/8] = 0x01;
}
pad[0] = ctx->d;
pad[1] = ctx->bs;
pad[2] = 0x01;
if(length_b/8+1+3<=ctx->bs){
memcpy(tmp+length_b/8+1, pad, 3);
}else{
if(length_b/8+1+2<=ctx->bs){
memcpy(tmp+length_b/8+1, pad, 2);
keccak_nextBlock(ctx, tmp);
memset(tmp, 0x00, ctx->bs);
tmp[0]=0x01;
}else{
if(length_b/8+1+1<=ctx->bs){
memcpy(tmp+length_b/8+1, pad, 1);
keccak_nextBlock(ctx, tmp);
memset(tmp, 0x00, ctx->bs);
tmp[0] = ctx->bs;
tmp[1] = 0x01;
}else{
keccak_nextBlock(ctx, tmp);
memset(tmp, 0x00, ctx->bs);
tmp[0] = ctx->d;
tmp[1] = ctx->bs;
tmp[2] = 0x01;
}
}
}
keccak_nextBlock(ctx, tmp);
}
void keccak_ctx2hash(void* dest, uint16_t length_b, keccak_ctx_t* ctx){
while(length_b>=ctx->r){
memcpy(dest, ctx->a, ctx->bs);
dest = (uint8_t*)dest + ctx->bs;
length_b -= ctx->r;
keccak_f1600(ctx->a);
}
memcpy(dest, ctx->a, (length_b+7)/8);
}
void keccak224_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 224, ctx);
}
void keccak256_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 256, ctx);
}
void keccak384_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 384, ctx);
}
void keccak512_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 512, ctx);
}
/*
1. SHA3-224: Keccak[r = 1152, c = 448, d = 28]224
2. SHA3-256: Keccak[r = 1088, c = 512, d = 32]256
3. SHA3-384: Keccak[r = 832, c = 768, d = 48]384
4. SHA3-512: Keccak[r = 576, c = 1024, d = 64]512
*/
void keccak_init(uint16_t r, uint16_t c, uint8_t d, keccak_ctx_t* ctx){
memset(ctx->a, 0x00, 5*5*8);
ctx->r = r;
ctx->c = c;
ctx->d = d;
ctx->bs = (uint8_t)(r/8);
}
void keccak224_init(keccak_ctx_t* ctx){
keccak_init(1152, 448, 28, ctx);
}
void keccak256_init(keccak_ctx_t* ctx){
keccak_init(1088, 512, 32, ctx);
}
void keccak384_init(keccak_ctx_t* ctx){
keccak_init( 832, 768, 48, ctx);
}
void keccak512_init(keccak_ctx_t* ctx){
keccak_init( 576, 1024, 64, ctx);
}

56
keccak/keccak.h Normal file
View File

@ -0,0 +1,56 @@
/* keccak.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef KECCAK_H_
#define KECCAK_H_
#include <stdint.h>
#define KECCAK224_BLOCKSIZE 1152
#define KECCAK224_BLOCKSIZE_B (KECCAK224_BLOCKSIZE/8)
#define KECCAK256_BLOCKSIZE 1088
#define KECCAK256_BLOCKSIZE_B (KECCAK256_BLOCKSIZE/8)
#define KECCAK384_BLOCKSIZE 832
#define KECCAK384_BLOCKSIZE_B (KECCAK384_BLOCKSIZE/8)
#define KECCAK512_BLOCKSIZE 576
#define KECCAK512_BLOCKSIZE_B (KECCAK512_BLOCKSIZE/8)
typedef struct{
uint64_t a[5][5];
uint16_t r, c;
uint8_t d, bs;
} keccak_ctx_t;
void keccak_init(uint16_t r, uint16_t c, uint8_t d, keccak_ctx_t* ctx);
void keccak224_init(keccak_ctx_t* ctx);
void keccak256_init(keccak_ctx_t* ctx);
void keccak384_init(keccak_ctx_t* ctx);
void keccak512_init(keccak_ctx_t* ctx);
void keccak_nextBlock(keccak_ctx_t* ctx, const void* block);
void keccak_lastBlock(keccak_ctx_t* ctx, const void* block, uint16_t length_b);
void keccak_ctx2hash(void* dest, uint16_t length_b, keccak_ctx_t* ctx);
void keccak224_ctx2hash(void* dest, keccak_ctx_t* ctx);
void keccak256_ctx2hash(void* dest, keccak_ctx_t* ctx);
void keccak384_ctx2hash(void* dest, keccak_ctx_t* ctx);
void keccak512_ctx2hash(void* dest, keccak_ctx_t* ctx);
#endif /* KECCAK_H_ */

12
keccak/memxor.c Normal file
View File

@ -0,0 +1,12 @@
#include <stdint.h>
#include "memxor.h"
void memxor(void* dest, const void* src, uint16_t n){
while(n--){
*((uint8_t*)dest) ^= *((uint8_t*)src);
dest = (uint8_t*)dest +1;
src = (uint8_t*)src +1;
}
}

7
keccak/memxor.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef MEMXOR_H_
#define MEMXOR_H_
#include <stdint.h>
void memxor(void* dest, const void* src, uint16_t n);
#endif

Some files were not shown because too many files have changed in this diff Show More