Adding Khazad
This commit is contained in:
parent
6131049b56
commit
61b5214b9a
|
@ -0,0 +1,78 @@
|
||||||
|
/* bcal-nessie.c */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "nessie_bc_test.h"
|
||||||
|
#include "blockcipher_descriptor.h"
|
||||||
|
#include "keysize_descriptor.h"
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
|
||||||
|
void(*bcal_nessie_dummy_init_fpt)(const void* key, void* ctx)=NULL;
|
||||||
|
|
||||||
|
void bcal_nessie_dummy_init(const void* key, uint16_t keysize, void* ctx){
|
||||||
|
if(bcal_nessie_dummy_init_fpt){
|
||||||
|
bcal_nessie_dummy_init_fpt(key, ctx);
|
||||||
|
}else{
|
||||||
|
memcpy(ctx, key, (keysize+7)/8);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void bcal_nessie(const bcdesc_t* bcd){
|
||||||
|
if(bcd->type!=BCDESC_TYPE_BLOCKCIPHER)
|
||||||
|
return;
|
||||||
|
nessie_bc_init();
|
||||||
|
|
||||||
|
nessie_bc_ctx.blocksize_B = (bcd->blocksize_b+7)/8;
|
||||||
|
nessie_bc_ctx.name = bcd->name;
|
||||||
|
nessie_bc_ctx.ctx_size_B = bcd->ctxsize_B;
|
||||||
|
nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)(bcd->enc.encvoid);
|
||||||
|
nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)(bcd->dec.decvoid);
|
||||||
|
nessie_bc_ctx.cipher_free = (nessie_bc_free_fpt)(bcd->free);
|
||||||
|
if(((bcd->flags)&BC_INIT_TYPE)==BC_INIT_TYPE_2){
|
||||||
|
nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)(bcd->init.initvoid);
|
||||||
|
}else{
|
||||||
|
bcal_nessie_dummy_init_fpt = (void(*)(const void*,void*))(bcd->init.initvoid);
|
||||||
|
nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)bcal_nessie_dummy_init;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint16_t *keysize_list=NULL;
|
||||||
|
uint16_t items,i;
|
||||||
|
items = get_keysizes(bcd->valid_keysize_desc, &keysize_list);
|
||||||
|
if(items){
|
||||||
|
for(i=0; i<items; ++i){
|
||||||
|
nessie_bc_ctx.keysize_b = keysize_list[i];
|
||||||
|
nessie_bc_run();
|
||||||
|
}
|
||||||
|
free(keysize_list);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
void bcal_nessie_multiple(const bcdesc_t** bcd_list){
|
||||||
|
const bcdesc_t* bcd;
|
||||||
|
for(;;){
|
||||||
|
bcd = *bcd_list++;
|
||||||
|
if(!bcd)
|
||||||
|
return;
|
||||||
|
bcal_nessie(bcd);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
/* bcal-nessie.h */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* \file bcal-nessie.h
|
||||||
|
* \author Daniel Otte
|
||||||
|
* \email daniel.otte@rub.de
|
||||||
|
* \date 2010-12-19
|
||||||
|
* \license GPLv3 or later
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef BCALNESSIE_H_
|
||||||
|
#define BCALNESSIE_H_
|
||||||
|
|
||||||
|
#include "blockcipher_descriptor.h"
|
||||||
|
|
||||||
|
void bcal_nessie(const bcdesc_t* bcd);
|
||||||
|
void bcal_nessie_multiple(const bcdesc_t** bcd_list);
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* BCALNESSIE_H_ */
|
|
@ -0,0 +1,52 @@
|
||||||
|
/* bcal_khazad.c */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* \file bcal_khazad.c
|
||||||
|
* \email daniel.otte@rub.de
|
||||||
|
* \author Daniel Otte
|
||||||
|
* \date 2011-01-02
|
||||||
|
* \license GPLv3 or later
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include "blockcipher_descriptor.h"
|
||||||
|
#include "khazad.h"
|
||||||
|
#include "keysize_descriptor.h"
|
||||||
|
|
||||||
|
const char khazad_str[] = "Khazad";
|
||||||
|
|
||||||
|
const uint8_t khazad_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(128),
|
||||||
|
KS_TYPE_TERMINATOR };
|
||||||
|
|
||||||
|
|
||||||
|
const bcdesc_t khazad_desc = {
|
||||||
|
BCDESC_TYPE_BLOCKCIPHER,
|
||||||
|
BC_INIT_TYPE_1,
|
||||||
|
khazad_str,
|
||||||
|
sizeof(khazad_ctx_t),
|
||||||
|
64,
|
||||||
|
{(void_fpt)khazad_init},
|
||||||
|
{(void_fpt)khazad_enc},
|
||||||
|
{(void_fpt)khazad_dec},
|
||||||
|
(bc_free_fpt)NULL,
|
||||||
|
khazad_keysize_desc
|
||||||
|
};
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
/* bcal_khazad.h */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* \file bcal_khazad.h
|
||||||
|
* \email daniel.otte@rub.de
|
||||||
|
* \author Daniel Otte
|
||||||
|
* \date 2011-01-02
|
||||||
|
* \license GPLv3 or later
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "blockcipher_descriptor.h"
|
||||||
|
#include "khazad.h"
|
||||||
|
#include "keysize_descriptor.h"
|
||||||
|
|
||||||
|
extern const bcdesc_t khazad_desc;
|
|
@ -1,7 +1,7 @@
|
||||||
/* keysize_descriptor.c */
|
/* keysize_descriptor.c */
|
||||||
/*
|
/*
|
||||||
This file is part of the ARM-Crypto-Lib.
|
This file is part of the AVR-Crypto-Lib.
|
||||||
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -25,6 +25,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
#include <stdlib.h>
|
||||||
#include "keysize_descriptor.h"
|
#include "keysize_descriptor.h"
|
||||||
|
|
||||||
uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize){
|
uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize){
|
||||||
|
@ -77,11 +78,84 @@ uint16_t get_keysize(const void* ks_desc){
|
||||||
uint8_t type;
|
uint8_t type;
|
||||||
uint16_t keysize;
|
uint16_t keysize;
|
||||||
type = *((uint8_t*)ks_desc);
|
type = *((uint8_t*)ks_desc);
|
||||||
if(type==KS_TYPE_LIST)
|
if(type==KS_TYPE_LIST){
|
||||||
ks_desc = (uint8_t*)ks_desc + 1;
|
ks_desc = (uint8_t*)ks_desc + 1;
|
||||||
|
}
|
||||||
ks_desc = (uint8_t*)ks_desc + 1;
|
ks_desc = (uint8_t*)ks_desc + 1;
|
||||||
keysize = *((uint16_t*)ks_desc);
|
keysize = *((uint8_t*)ks_desc);
|
||||||
return keysize;
|
return keysize;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
uint16_t get_keysizes(const void* ks_desc, uint16_t** list){
|
||||||
|
uint8_t type;
|
||||||
|
uint16_t items;
|
||||||
|
uint8_t i;
|
||||||
|
type = *((uint8_t*)ks_desc);
|
||||||
|
ks_desc = (uint8_t*)ks_desc + 1;
|
||||||
|
if(type==KS_TYPE_LIST){
|
||||||
|
items = *((uint8_t*)ks_desc);
|
||||||
|
ks_desc = (uint8_t*)ks_desc + 1;
|
||||||
|
if(!*list){
|
||||||
|
*list = malloc(items*2);
|
||||||
|
if(!*list){
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for(i=0; i<items; ++i){
|
||||||
|
((uint16_t*)(*list))[i] = *((uint16_t*)ks_desc);
|
||||||
|
ks_desc = (uint8_t*)ks_desc + 2;
|
||||||
|
}
|
||||||
|
return items;
|
||||||
|
}
|
||||||
|
if(type==KS_TYPE_ARG_RANGE){
|
||||||
|
uint16_t min, max, distance, offset;
|
||||||
|
min = *((uint16_t*)ks_desc);
|
||||||
|
ks_desc = (uint8_t*)ks_desc + 2;
|
||||||
|
max = *((uint16_t*)ks_desc);
|
||||||
|
ks_desc = (uint8_t*)ks_desc + 2;
|
||||||
|
distance = *((uint16_t*)ks_desc);
|
||||||
|
ks_desc = (uint8_t*)ks_desc + 2;
|
||||||
|
offset = *((uint16_t*)ks_desc);
|
||||||
|
items = (max-min)/distance+1;
|
||||||
|
if(min%distance!=offset){
|
||||||
|
--items;
|
||||||
|
min += (distance-(min%distance-offset))%distance;
|
||||||
|
}
|
||||||
|
if(!*list){
|
||||||
|
*list = malloc(items*2);
|
||||||
|
if(!*list){
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
i=0;
|
||||||
|
while(min<max){
|
||||||
|
((uint16_t*)*list)[i++] = min;
|
||||||
|
min += distance;
|
||||||
|
}
|
||||||
|
return i;
|
||||||
|
}
|
||||||
|
if(type==KS_TYPE_RANGE){
|
||||||
|
uint16_t min, max, distance=8, offset=0;
|
||||||
|
min = *((uint16_t*)ks_desc);
|
||||||
|
ks_desc = (uint8_t*)ks_desc + 2;
|
||||||
|
max = *((uint16_t*)ks_desc);
|
||||||
|
items = (max-min)/distance+1;
|
||||||
|
if(min%distance!=offset){
|
||||||
|
--items;
|
||||||
|
min += (distance-(min%distance-offset))%distance;
|
||||||
|
}
|
||||||
|
if(!*list){
|
||||||
|
*list = malloc(items*2);
|
||||||
|
if(!*list){
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
i=0;
|
||||||
|
while(min<max){
|
||||||
|
((uint16_t*)*list)[i++] = min;
|
||||||
|
min += distance;
|
||||||
|
}
|
||||||
|
return i;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
/* keysize_descriptor.h */
|
/* keysize_descriptor.h */
|
||||||
/*
|
/*
|
||||||
This file is part of the ARM-Crypto-Lib.
|
This file is part of the AVR-Crypto-Lib.
|
||||||
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
|
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
@ -55,4 +55,7 @@ typedef struct{ /* keysize is valid if min<=keysize<=max and if keysize mod dist
|
||||||
|
|
||||||
uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize);
|
uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize);
|
||||||
uint16_t get_keysize(const void* ks_desc);
|
uint16_t get_keysize(const void* ks_desc);
|
||||||
|
uint16_t get_keysizes(const void* ks_desc, uint16_t** list);
|
||||||
|
|
||||||
|
|
||||||
#endif /* KEYSIZE_DESCRIPTOR_H_ */
|
#endif /* KEYSIZE_DESCRIPTOR_H_ */
|
|
@ -0,0 +1,210 @@
|
||||||
|
/* khazad.c */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "gf256mul.h"
|
||||||
|
#include "memxor.h"
|
||||||
|
#include "khazad.h"
|
||||||
|
|
||||||
|
/*
|
||||||
|
| | | | | | | |
|
||||||
|
V V V V V V V V
|
||||||
|
+-------+ +-------+
|
||||||
|
| P | | Q |
|
||||||
|
+-------+ +-------+
|
||||||
|
| | \ \ / / | |
|
||||||
|
| | \ \ / / | |
|
||||||
|
| | \ \ / / | |
|
||||||
|
| | \ X / | |
|
||||||
|
| | X X | |
|
||||||
|
| | / X \ | |
|
||||||
|
| | / / \ \ | |
|
||||||
|
| | / / \ \ | |
|
||||||
|
| | / / \ \ | |
|
||||||
|
| | | | | | | |
|
||||||
|
V V V V V V V V
|
||||||
|
+-------+ +-------+
|
||||||
|
| Q | | P |
|
||||||
|
+-------+ +-------+
|
||||||
|
| | \ \ / / | |
|
||||||
|
| | \ \ / / | |
|
||||||
|
| | \ \ / / | |
|
||||||
|
| | \ X / | |
|
||||||
|
| | X X | |
|
||||||
|
| | / X \ | |
|
||||||
|
| | / / \ \ | |
|
||||||
|
| | / / \ \ | |
|
||||||
|
| | / / \ \ | |
|
||||||
|
| | | | | | | |
|
||||||
|
V V V V V V V V
|
||||||
|
+-------+ +-------+
|
||||||
|
| P | | Q |
|
||||||
|
+-------+ +-------+
|
||||||
|
| | | | | | | |
|
||||||
|
V V V V V V V V
|
||||||
|
|
||||||
|
|
||||||
|
P:
|
||||||
|
3x Fx Ex 0x 5x 4x Bx Cx Dx Ax 9x 6x 7x 8x 2x 1x
|
||||||
|
Q:
|
||||||
|
9x Ex 5x 6x Ax 2x 3x Cx Fx 0x 4x Dx 7x Bx 1x 8x
|
||||||
|
*/
|
||||||
|
|
||||||
|
static const uint8_t pq_lut[16] = {
|
||||||
|
0x39, 0xFE, 0xE5, 0x06, 0x5A, 0x42, 0xB3, 0xCC,
|
||||||
|
0xDF, 0xA0, 0x94, 0x6D, 0x77, 0x8B, 0x21, 0x18
|
||||||
|
};
|
||||||
|
|
||||||
|
uint8_t khazad_sbox(uint8_t a){
|
||||||
|
uint8_t b,c,d,e;
|
||||||
|
b = pq_lut[a>>4] & 0xf0;
|
||||||
|
c = pq_lut[a&0xf] & 0x0f;
|
||||||
|
d = (b>>2)&0x0c;
|
||||||
|
e = (c<<2)&0x30;
|
||||||
|
b = (b&0xc0)|e;
|
||||||
|
c = (c&0x03)|d;
|
||||||
|
b = pq_lut[b>>4] << 4;
|
||||||
|
c = pq_lut[c&0xf] >> 4;
|
||||||
|
d = (b>>2)&0x0c;
|
||||||
|
e = (c<<2)&0x30;
|
||||||
|
b = (b&0xc0)|e;
|
||||||
|
c = (c&0x03)|d;
|
||||||
|
b = pq_lut[b>>4] & 0xf0;
|
||||||
|
c = pq_lut[c&0xf] & 0x0f;
|
||||||
|
return b|c;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void gamma_x(uint8_t* a){
|
||||||
|
uint8_t i;
|
||||||
|
for(i=0; i<8; ++i){
|
||||||
|
*a = khazad_sbox(*a);
|
||||||
|
a++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
/* p8 (x) = x^8 + x^4 + x^3 + x^2 + 1 */
|
||||||
|
#define POLYNOM 0x1D
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 01x 03x 04x 05x 06x 08x 0Bx 07x
|
||||||
|
* 03x 01x 05x 04x 08x 06x 07x 0Bx
|
||||||
|
* 04x 05x 01x 03x 0Bx 07x 06x 08x
|
||||||
|
* 05x 04x 03x 01x 07x 0Bx 08x 06x
|
||||||
|
* 06x 08x 0Bx 07x 01x 03x 04x 05x
|
||||||
|
* 08x 06x 07x 0Bx 03x 01x 05x 04x
|
||||||
|
* 0Bx 07x 06x 08x 04x 05x 01x 03x
|
||||||
|
* 07x 0Bx 08x 06x 05x 04x 03x 01x
|
||||||
|
*/
|
||||||
|
|
||||||
|
static const uint8_t h[8][4] = {
|
||||||
|
{ 0x13, 0x45, 0x68, 0xB7 },
|
||||||
|
{ 0x31, 0x54, 0x86, 0x7B },
|
||||||
|
{ 0x45, 0x13, 0xB7, 0x68 },
|
||||||
|
{ 0x54, 0x31, 0x7B, 0x86 },
|
||||||
|
{ 0x68, 0xB7, 0x13, 0x45 },
|
||||||
|
{ 0x86, 0x7B, 0x31, 0x54 },
|
||||||
|
{ 0xB7, 0x68, 0x45, 0x13 },
|
||||||
|
{ 0x7B, 0x86, 0x54, 0x31 }
|
||||||
|
};
|
||||||
|
|
||||||
|
static void theta(uint8_t* a){
|
||||||
|
uint8_t i,j,x,accu;
|
||||||
|
uint8_t c[8];
|
||||||
|
uint8_t *hp;
|
||||||
|
hp = (uint8_t*)h;
|
||||||
|
for(i=0; i<8; ++i){
|
||||||
|
accu = 0;
|
||||||
|
for(j=0; j<4; ++j){
|
||||||
|
x = *hp++;
|
||||||
|
accu ^= gf256mul(*a++, x>>4, POLYNOM);
|
||||||
|
accu ^= gf256mul(*a++, x&0xf, POLYNOM);
|
||||||
|
}
|
||||||
|
a -= 8;
|
||||||
|
c[i] = accu;
|
||||||
|
}
|
||||||
|
memcpy(a, c, 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
static void khazad_round(uint8_t* a, const uint8_t* k){
|
||||||
|
gamma_x(a);
|
||||||
|
theta(a);
|
||||||
|
memxor(a, k, 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
void khazad_init(const void* key, khazad_ctx_t* ctx){
|
||||||
|
uint8_t c[8];
|
||||||
|
uint8_t i,r=0;
|
||||||
|
for(i=0; i<8; ++i){
|
||||||
|
c[i] = khazad_sbox(r*8+i);
|
||||||
|
}
|
||||||
|
memcpy(ctx->k[r], (uint8_t*)key+8, 8);
|
||||||
|
khazad_round(ctx->k[r], c);
|
||||||
|
memxor(ctx->k[r], (uint8_t*)key, 8);
|
||||||
|
r=1;
|
||||||
|
for(i=0; i<8; ++i){
|
||||||
|
c[i] = khazad_sbox(r*8+i);
|
||||||
|
}
|
||||||
|
memcpy(ctx->k[r], ctx->k[r-1], 8);
|
||||||
|
khazad_round(ctx->k[r], c);
|
||||||
|
memxor(ctx->k[r], (uint8_t*)key+8, 8);
|
||||||
|
for(r=2; r<9; ++r){
|
||||||
|
for(i=0; i<8; ++i){
|
||||||
|
c[i] = khazad_sbox(r*8+i);
|
||||||
|
}
|
||||||
|
memcpy(ctx->k[r], ctx->k[r-1], 8);
|
||||||
|
khazad_round(ctx->k[r], c);
|
||||||
|
memxor(ctx->k[r], ctx->k[r-2], 8);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
|
||||||
|
uint8_t r;
|
||||||
|
memxor(buffer, ctx->k[0], 8);
|
||||||
|
for(r=1; r<8; ++r){
|
||||||
|
khazad_round(buffer, ctx->k[r]);
|
||||||
|
}
|
||||||
|
gamma_x(buffer);
|
||||||
|
memxor(buffer, ctx->k[8], 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
|
||||||
|
void khazad_dec(void* buffer, const khazad_ctx_t* ctx){
|
||||||
|
uint8_t r=7;
|
||||||
|
memxor(buffer, ctx->k[8], 8);
|
||||||
|
gamma_x(buffer);
|
||||||
|
do{
|
||||||
|
memxor(buffer, ctx->k[r--], 8);
|
||||||
|
theta(buffer);
|
||||||
|
gamma_x(buffer);
|
||||||
|
}while(r);
|
||||||
|
memxor(buffer, ctx->k[0], 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
/* khazad.h */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef KHAZAD_H_
|
||||||
|
#define KHAZAD_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
uint8_t k[9][8];
|
||||||
|
}khazad_ctx_t;
|
||||||
|
|
||||||
|
void khazad_enc(void* buffer, const khazad_ctx_t* ctx);
|
||||||
|
void khazad_dec(void* buffer, const khazad_ctx_t* ctx);
|
||||||
|
void khazad_init(const void* key, khazad_ctx_t* ctx);
|
||||||
|
uint8_t khazad_sbox(uint8_t);
|
||||||
|
|
||||||
|
#endif /* KHAZAD_H_ */
|
|
@ -1,2 +1,3 @@
|
||||||
BCAL_STD = nessie_common.o nessie_bc_test.o performance_test.o \
|
BCAL_STD = nessie_common.o nessie_bc_test.o performance_test.o \
|
||||||
bcal-basic.o bcal-performance.o keysize_descriptor.o
|
bcal-basic.o bcal-performance.o keysize_descriptor.o \
|
||||||
|
bcal-nessie.o
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
# Makefile for Khazad
|
||||||
|
ALGO_NAME := KHAZAD_SMALL_C
|
||||||
|
|
||||||
|
# comment out the following line for removement of CS-Cipher from the build process
|
||||||
|
BLOCK_CIPHERS += $(ALGO_NAME)
|
||||||
|
|
||||||
|
$(ALGO_NAME)_DIR := khazad/
|
||||||
|
$(ALGO_NAME)_INCDIR := bcal/ memxor/ gf256mul/
|
||||||
|
$(ALGO_NAME)_OBJ := khazad.o memxor.o gf256mul.o
|
||||||
|
$(ALGO_NAME)_TEST_BIN := main-khazad-test.o bcal_khazad.o $(CLI_STD) $(BCAL_STD)
|
||||||
|
$(ALGO_NAME)_NESSIE_TEST := test nessie
|
||||||
|
$(ALGO_NAME)_PERFORMANCE_TEST := performance
|
||||||
|
$(ALGO_NAME)_DEF := SBOX_PROG=0
|
|
@ -62,6 +62,7 @@ void cli_hexdump(const void* data, uint32_t length);
|
||||||
void cli_hexdump_rev(const void* data, uint32_t length);
|
void cli_hexdump_rev(const void* data, uint32_t length);
|
||||||
void cli_hexdump2(const void* data, uint32_t length);
|
void cli_hexdump2(const void* data, uint32_t length);
|
||||||
void cli_hexdump_block(const void* data, uint32_t length, uint8_t indent, uint8_t width);
|
void cli_hexdump_block(const void* data, uint32_t length, uint8_t indent, uint8_t width);
|
||||||
|
void cli_hexdump_byte(uint8_t byte);
|
||||||
|
|
||||||
void echo_ctrl(char* s);
|
void echo_ctrl(char* s);
|
||||||
int8_t cmd_interface(const cmdlist_entry_t* cmd_desc);
|
int8_t cmd_interface(const cmdlist_entry_t* cmd_desc);
|
||||||
|
|
|
@ -0,0 +1,141 @@
|
||||||
|
/* main-khazad-test.c */
|
||||||
|
/*
|
||||||
|
This file is part of the AVR-Crypto-Lib.
|
||||||
|
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* khazad test-suit
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "config.h"
|
||||||
|
#include "cli.h"
|
||||||
|
#include "dump.h"
|
||||||
|
#include "uart_lowlevel.h"
|
||||||
|
#include "sysclock.h"
|
||||||
|
#include "hw_gptm.h"
|
||||||
|
|
||||||
|
#include "khazad.h"
|
||||||
|
#include "performance_test.h"
|
||||||
|
#include "bcal-performance.h"
|
||||||
|
#include "bcal-nessie.h"
|
||||||
|
#include "bcal_khazad.h"
|
||||||
|
|
||||||
|
char* algo_name = "Khazad";
|
||||||
|
|
||||||
|
void uart0_putc(char byte){
|
||||||
|
uart_putc(UART_0, byte);
|
||||||
|
}
|
||||||
|
|
||||||
|
char uart0_getc(void){
|
||||||
|
return uart_getc(UART_0);
|
||||||
|
}
|
||||||
|
|
||||||
|
const bcdesc_t* algolist[] = {
|
||||||
|
(bcdesc_t*)&khazad_desc,
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* additional validation-functions *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
void testrun_nessie_khazad(void){
|
||||||
|
bcal_nessie(&khazad_desc);
|
||||||
|
}
|
||||||
|
|
||||||
|
void testrun_performance_khazad(void){
|
||||||
|
bcal_performance_multiple(algolist);
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_khazad(void){
|
||||||
|
uint8_t key[16];
|
||||||
|
uint8_t data[8];
|
||||||
|
khazad_ctx_t ctx;
|
||||||
|
|
||||||
|
memset(key, 0, 16);
|
||||||
|
memset(data, 0, 8);
|
||||||
|
key[0] = 0x80;
|
||||||
|
cli_putstr("\r\nkey: ");
|
||||||
|
cli_hexdump(key, 16);
|
||||||
|
khazad_init(key, &ctx);
|
||||||
|
cli_putstr("\r\nround keys:");
|
||||||
|
cli_hexdump_block(&ctx, 8*8, 4, 8);
|
||||||
|
cli_putstr("\r\nplain: ");
|
||||||
|
cli_hexdump(data, 8);
|
||||||
|
khazad_enc(data, &ctx);
|
||||||
|
cli_putstr("\r\nencrypt:");
|
||||||
|
cli_hexdump(data, 8);
|
||||||
|
khazad_dec(data, &ctx);
|
||||||
|
cli_putstr("\r\ndecrypt:");
|
||||||
|
cli_hexdump(data, 8);
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_sbox(void){
|
||||||
|
uint8_t i=0,x;
|
||||||
|
cli_putstr("\r\nKhazad Sbox:\r\n\t");
|
||||||
|
do{
|
||||||
|
x = khazad_sbox(i);
|
||||||
|
cli_hexdump_byte(x);
|
||||||
|
cli_putc(' ');
|
||||||
|
if(i%16==15){
|
||||||
|
cli_putstr("\r\n\t");
|
||||||
|
}
|
||||||
|
++i;
|
||||||
|
}while(i);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************
|
||||||
|
* main *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
const char nessie_str[] = "nessie";
|
||||||
|
const char test_str[] = "test";
|
||||||
|
const char test_sbox_str[] = "test_sbox";
|
||||||
|
const char performance_str[] = "performance";
|
||||||
|
const char echo_str[] = "echo";
|
||||||
|
|
||||||
|
cmdlist_entry_t cmdlist[] = {
|
||||||
|
{ nessie_str, NULL, testrun_nessie_khazad},
|
||||||
|
{ test_str, NULL, test_khazad},
|
||||||
|
{ test_sbox_str, NULL, test_sbox},
|
||||||
|
{ performance_str, NULL, testrun_performance_khazad},
|
||||||
|
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
|
||||||
|
{ NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
int main (void){
|
||||||
|
sysclk_set_freq(SYS_FREQ);
|
||||||
|
sysclk_mosc_verify_enable();
|
||||||
|
uart_init(UART_0, 115200, 8, UART_PARATY_NONE, UART_STOPBITS_ONE);
|
||||||
|
gptm_set_timer_32periodic(TIMER0);
|
||||||
|
|
||||||
|
cli_rx = uart0_getc;
|
||||||
|
cli_tx = uart0_putc;
|
||||||
|
|
||||||
|
for(;;){
|
||||||
|
cli_putstr("\r\n\r\nARM-Crypto-Lib VS (");
|
||||||
|
cli_putstr(algo_name);
|
||||||
|
cli_putstr("; ");
|
||||||
|
cli_putstr(__DATE__);
|
||||||
|
cli_putc(' ');
|
||||||
|
cli_putstr(__TIME__);
|
||||||
|
cli_putstr(")\r\nloaded and running\r\n");
|
||||||
|
cmd_interface(cmdlist);
|
||||||
|
}
|
||||||
|
}
|
|
@ -52,7 +52,7 @@ void nessie_print_block(uint8_t* block, uint16_t blocksize_bit){
|
||||||
#define SPACES 31
|
#define SPACES 31
|
||||||
#define BYTESPERLINE 16
|
#define BYTESPERLINE 16
|
||||||
|
|
||||||
void nessie_print_item(char* name, uint8_t* buffer, uint16_t size_B){
|
void nessie_print_item(const char* name, uint8_t* buffer, uint16_t size_B){
|
||||||
uint8_t name_len;
|
uint8_t name_len;
|
||||||
uint8_t i;
|
uint8_t i;
|
||||||
name_len=strlen(name);
|
name_len=strlen(name);
|
||||||
|
@ -120,7 +120,7 @@ Key size: 256 bits
|
||||||
Block size: 128 bits
|
Block size: 128 bits
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void nessie_print_header(char* name,
|
void nessie_print_header(const char* name,
|
||||||
uint16_t keysize_b,
|
uint16_t keysize_b,
|
||||||
uint16_t blocksize_b,
|
uint16_t blocksize_b,
|
||||||
uint16_t hashsize_b,
|
uint16_t hashsize_b,
|
||||||
|
|
|
@ -56,10 +56,10 @@ void nessie_send_alive_a(uint16_t i);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void nessie_print_block(uint8_t* block, uint16_t blocksize_bit);
|
void nessie_print_block(uint8_t* block, uint16_t blocksize_bit);
|
||||||
void nessie_print_item(char* name, uint8_t* buffer, uint16_t size_B);
|
void nessie_print_item(const char* name, uint8_t* buffer, uint16_t size_B);
|
||||||
void nessie_print_set_vector(uint8_t set, uint16_t vector);
|
void nessie_print_set_vector(uint8_t set, uint16_t vector);
|
||||||
void nessie_print_setheader(uint8_t set);
|
void nessie_print_setheader(uint8_t set);
|
||||||
void nessie_print_header(char* name,
|
void nessie_print_header(const char* name,
|
||||||
uint16_t keysize_b,
|
uint16_t keysize_b,
|
||||||
uint16_t blocksize_b,
|
uint16_t blocksize_b,
|
||||||
uint16_t hashsize_b,
|
uint16_t hashsize_b,
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue