bg
/
avr-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
avr-crypto-lib/seed-asm.S

679 lines
14 KiB
ArmAsm
Raw Normal View History

insereated GPLv3 stub
2008-05-26 19:13:21 +00:00
/* seed-asm.S */
/*
This file is part of the Crypto-avr-lib/microcrypt-lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
/**
* \file seed-asm.S
* \author Daniel Otte
* \date 2007-06-1
* \brief SEED parts in assembler for AVR
* \par License
modyfied copyright
2008-07-03 04:11:34 +00:00
* GPLv3 or later
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
*
*/
further working on seed (openssl supports it :-); plain C version is working and assembler enhanced version was enhanced
2008-12-10 23:59:43 +00:00
#include "avr-asm-macros.S"
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
.global bigendian_sum32
; === bigendian_sum32 ===
; function that adds two 32-bit words in the bigendian way and returns the result
; param1: the first 32-bit word
; given in r25,r24,r23,22 (r25 is most significant for little endian)
; param2: the second 32-bit word
; given in r21,r20,r19,18 (r21 is most significant for little endian)
; modifys:
bigendian_sum32:
add r25, r21
adc r24, r20
adc r23, r19
adc r22, r18
ret
.global bigendian_sub32
; === bigendian_sub32 ===
; function that subtracts a 32-bit words from another in the bigendian way and returns the result
; param1: the minuend 32-bit word
; given in r25,r24,r23,22 (r25 is most significant for little endian)
; param2: the subtrahend 32-bit word
; given in r21,r20,r19,18 (r21 is most significant for little endian)
; modifys:
bigendian_sub32:
sub r25, r21
sbc r24, r20
sbc r23, r19
sbc r22, r18
ret
further working on seed (openssl supports it :-); plain C version is working and assembler enhanced version was enhanced
2008-12-10 23:59:43 +00:00
/******************************************************************************/
/*
#define M0 0xfc
#define M1 0xf3
#define M2 0xcf
#define M3 0x3f
#define X3 (((uint8_t*)(&x))[0])
#define X2 (((uint8_t*)(&x))[1])
#define X1 (((uint8_t*)(&x))[2])
#define X0 (((uint8_t*)(&x))[3])
#define Z3 (((uint8_t*)(&z))[0])
#define Z2 (((uint8_t*)(&z))[1])
#define Z1 (((uint8_t*)(&z))[2])
#define Z0 (((uint8_t*)(&z))[3])
uint32_t g_function(uint32_t x){
uint32_t z;
/ * sbox substitution * /
X3 = pgm_read_byte(&(seed_sbox2[X3]));
X2 = pgm_read_byte(&(seed_sbox1[X2]));
X1 = pgm_read_byte(&(seed_sbox2[X1]));
X0 = pgm_read_byte(&(seed_sbox1[X0]));
/ * now the permutation * /
Z0 = (X0 & M0) ^ (X1 & M1) ^ (X2 & M2) ^ (X3 & M3);
Z1 = (X0 & M1) ^ (X1 & M2) ^ (X2 & M3) ^ (X3 & M0);
Z2 = (X0 & M2) ^ (X1 & M3) ^ (X2 & M0) ^ (X3 & M1);
Z3 = (X0 & M3) ^ (X1 & M0) ^ (X2 & M1) ^ (X3 & M2);
return z;
}
*/
M0 = 0xfc
M1 = 0xf3
M2 = 0xcf
M3 = 0x3f
X0 = 18
X1 = 19
X2 = 20
X3 = 21
Z0 = 25
Z1 = 24
Z2 = 23
Z3 = 22
T0 = X0
T1 = 26
T2 = 27
T3 = X1
/*
* param x: r22:r25
* X0 = R25
* X1 = R24
* X2 = R23
* X3 = R22
*/
more ASM-fun for SEED
2008-12-11 15:12:16 +00:00
.global seed_g_function
seed_g_function:
further working on seed (openssl supports it :-); plain C version is working and assembler enhanced version was enhanced
2008-12-10 23:59:43 +00:00
ldi r30, lo8(seed_sbox1)
ldi r31, hi8(seed_sbox1)
movw r26, r30
add r30, Z2
adc r31, r1
lpm X2, Z
movw r30, r26
add r30, Z0
adc r31, r1
lpm X0, Z
inc r27 /* switch X to point to sbox2 */
movw r30, r26
add r30, Z3
adc r31, r1
lpm X3, Z
movw r30, r26
add r30, Z1
adc r31, r1
lpm X1, Z
/* now the secound part */
mov Z0, X0
mov Z1, X0
mov Z2, X0
mov Z3, X0
andi Z0, M0
andi Z1, M1
andi Z2, M2
andi Z3, M3
mov T0, X1
mov T1, X1
mov T2, X1
; mov T3, X1 /* T3 = X1 */
andi T0, M1
andi T1, M2
andi T2, M3
andi T3, M0
eor Z0, T0
eor Z1, T1
eor Z2, T2
eor Z3, T3
mov T0, X2
mov T1, X2
mov T2, X2
mov T3, X2
andi T0, M2
andi T1, M3
andi T2, M0
andi T3, M1
eor Z0, T0
eor Z1, T1
eor Z2, T2
eor Z3, T3
mov T0, X3
mov T1, X3
mov T2, X3
mov T3, X3
andi T0, M3
andi T1, M0
andi T2, M1
andi T3, M2
eor Z0, T0
eor Z1, T1
eor Z2, T2
eor Z3, T3
ret
seed_sbox1:
.byte 169, 133, 214, 211, 84, 29, 172, 37
.byte 93, 67, 24, 30, 81, 252, 202, 99
.byte 40, 68, 32, 157, 224, 226, 200, 23
.byte 165, 143, 3, 123, 187, 19, 210, 238
.byte 112, 140, 63, 168, 50, 221, 246, 116
.byte 236, 149, 11, 87, 92, 91, 189, 1
.byte 36, 28, 115, 152, 16, 204, 242, 217
.byte 44, 231, 114, 131, 155, 209, 134, 201
.byte 96, 80, 163, 235, 13, 182, 158, 79
.byte 183, 90, 198, 120, 166, 18, 175, 213
.byte 97, 195, 180, 65, 82, 125, 141, 8
.byte 31, 153, 0, 25, 4, 83, 247, 225
.byte 253, 118, 47, 39, 176, 139, 14, 171
.byte 162, 110, 147, 77, 105, 124, 9, 10
.byte 191, 239, 243, 197, 135, 20, 254, 100
.byte 222, 46, 75, 26, 6, 33, 107, 102
.byte 2, 245, 146, 138, 12, 179, 126, 208
.byte 122, 71, 150, 229, 38, 128, 173, 223
.byte 161, 48, 55, 174, 54, 21, 34, 56
.byte 244, 167, 69, 76, 129, 233, 132, 151
.byte 53, 203, 206, 60, 113, 17, 199, 137
.byte 117, 251, 218, 248, 148, 89, 130, 196
.byte 255, 73, 57, 103, 192, 207, 215, 184
.byte 15, 142, 66, 35, 145, 108, 219, 164
.byte 52, 241, 72, 194, 111, 61, 45, 64
.byte 190, 62, 188, 193, 170, 186, 78, 85
.byte 59, 220, 104, 127, 156, 216, 74, 86
.byte 119, 160, 237, 70, 181, 43, 101, 250
.byte 227, 185, 177, 159, 94, 249, 230, 178
.byte 49, 234, 109, 95, 228, 240, 205, 136
.byte 22, 58, 88, 212, 98, 41, 7, 51
.byte 232, 27, 5, 121, 144, 106, 42, 154
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
further working on seed (openssl supports it :-); plain C version is working and assembler enhanced version was enhanced
2008-12-10 23:59:43 +00:00
seed_sbox2:
.byte 56, 232, 45, 166, 207, 222, 179, 184
.byte 175, 96, 85, 199, 68, 111, 107, 91
.byte 195, 98, 51, 181, 41, 160, 226, 167
.byte 211, 145, 17, 6, 28, 188, 54, 75
.byte 239, 136, 108, 168, 23, 196, 22, 244
.byte 194, 69, 225, 214, 63, 61, 142, 152
.byte 40, 78, 246, 62, 165, 249, 13, 223
.byte 216, 43, 102, 122, 39, 47, 241, 114
.byte 66, 212, 65, 192, 115, 103, 172, 139
.byte 247, 173, 128, 31, 202, 44, 170, 52
.byte 210, 11, 238, 233, 93, 148, 24, 248
.byte 87, 174, 8, 197, 19, 205, 134, 185
.byte 255, 125, 193, 49, 245, 138, 106, 177
.byte 209, 32, 215, 2, 34, 4, 104, 113
.byte 7, 219, 157, 153, 97, 190, 230, 89
.byte 221, 81, 144, 220, 154, 163, 171, 208
.byte 129, 15, 71, 26, 227, 236, 141, 191
.byte 150, 123, 92, 162, 161, 99, 35, 77
.byte 200, 158, 156, 58, 12, 46, 186, 110
.byte 159, 90, 242, 146, 243, 73, 120, 204
.byte 21, 251, 112, 117, 127, 53, 16, 3
.byte 100, 109, 198, 116, 213, 180, 234, 9
.byte 118, 25, 254, 64, 18, 224, 189, 5
.byte 250, 1, 240, 42, 94, 169, 86, 67
.byte 133, 20, 137, 155, 176, 229, 72, 121
.byte 151, 252, 30, 130, 33, 140, 27, 95
.byte 119, 84, 178, 29, 37, 79, 0, 70
.byte 237, 88, 82, 235, 126, 218, 201, 253
.byte 48, 149, 101, 60, 182, 228, 187, 124
.byte 14, 80, 57, 38, 50, 132, 105, 147
.byte 55, 231, 36, 164, 203, 83, 10, 135
.byte 217, 76, 131, 143, 206, 59, 74, 183
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
more ASM-fun for SEED
2008-12-11 15:12:16 +00:00
/******************************************************************************/
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
more ASM-fun for SEED
2008-12-11 15:12:16 +00:00
/*
static
uint64_t f_function(const uint64_t* a, uint32_t k0, uint32_t k1){
uint32_t c,d;
c = *a & 0x00000000FFFFFFFFLL;
d = (*a>>32) & 0x00000000FFFFFFFFLL;
c ^= k0; d ^= k1;
d ^= c;
d = g_function(d);
c = bigendian_sum32(c,d);
c = g_function(c);
d = bigendian_sum32(c,d);
d = g_function(d);
c = bigendian_sum32(c,d);
return ((uint64_t)d << 32) | c;
}
*/
/*
* param a r24:r25
* param k0 r20:r23
* param k1 r16:r19
*/
D0 = 10
D1 = 11
C0 = 12
C1 = 13
C2 = 14
C3 = 15
D2 = 16
D3 = 17
.global seed_f_function
seed_f_function:
push_range 10, 17
movw r30, r24
ld C0, Z+
ld C1, Z+
ld C2, Z+
ld C3, Z+
eor C0, r20
eor C1, r21
eor C2, r22
eor C3, r23
ld r22, Z+
ld r23, Z+
ld r24, Z+
ld r25, Z+
eor r22, r16
eor r23, r17
eor r24, r18
eor r25, r19
eor r22, C0
eor r23, C1
eor r24, C2
eor r25, C3
rcall seed_g_function
mov D0, r22
mov D1, r23
mov D2, r24
mov D3, r25
add r25, C3
adc r24, C2
adc r23, C1
adc r22, C0
rcall seed_g_function
mov C0, r22
mov C1, r23
mov C2, r24
mov C3, r25
add r25, D3
adc r24, D2
adc r23, D1
adc r22, D0
rcall seed_g_function
mov D0, r22
mov D1, r23
mov D2, r24
mov D3, r25
add C3, r25
adc C2, r24
adc C1, r23
adc C0, r22
mov r18, C0
mov r19, C1
mov r20, C2
mov r21, C3
pop_range 10, 17
ret
/******************************************************************************/
/*
void seed_init(uint8_t * key, seed_ctx_t * ctx){
memcpy(ctx->k, key, 128/8);
}
*/
.global seed_init
seed_init:
movw r26, r24
movw r30, r22
ldi r22, 16
1:
ld r0, X+
st Z+, r0
dec r22
brne 1b
ret
/******************************************************************************/
/*
typedef struct {
uint32_t k0, k1;
} keypair_t;
keypair_t getnextkeys(uint32_t *keystate, uint8_t curround){
keypair_t ret;
if (curround>15){
/ * ERROR * /
ret.k0 = ret.k1 = 0;
} else {
/ * ret.k0 = seed_g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
ret.k1 = seed_g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); * /
ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
ret.k0 = seed_g_function(ret.k0);
ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
ret.k1 = seed_g_function(ret.k1);
if (curround & 1){
/ * odd round (1,3,5, ...) * /
((uint64_t*)keystate)[1] = bigendian_rotl8_64( ((uint64_t*)keystate)[1] );
} else {
/ * even round (0,2,4, ...) * /
((uint64_t*)keystate)[0] = bigendian_rotr8_64(((uint64_t*)keystate)[0]);
}
}
return ret;
}
*/
/*
* param keystate: r24:r25
* param curround: r22
*/
XRC0 = 10
XRC1 = 11
XRC2 = 12
XRC3 = 13
D0 = 14
D1 = 15
D2 = 16
D3 = 17
compute_keys:
ldi r30, lo8(seed_kc)
ldi r31, hi8(seed_kc)
lsl r22
lsl r22
add r30, r22
adc r31, r1
lpm XRC0, Z+
lpm XRC1, Z+
lpm XRC2, Z+
lpm XRC3, Z+
movw r28, r24
ldd r25, Y+0*4+3
ldd r24, Y+0*4+2
ldd r23, Y+0*4+1
ldd r22, Y+0*4+0
ldd r0, Y+2*4+3
add r25, r0
ldd r0, Y+2*4+2
adc r24, r0
ldd r0, Y+2*4+1
adc r23, r0
ldd r0, Y+2*4+0
adc r22, r0
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
more ASM-fun for SEED
2008-12-11 15:12:16 +00:00
sub r25, XRC3
sbc r24, XRC2
sbc r23, XRC1
sbc r22, XRC0
rcall seed_g_function
mov D0, r22
mov D1, r23
mov D2, r24
mov D3, r25
ldd r25, Y+1*4+3
ldd r24, Y+1*4+2
ldd r23, Y+1*4+1
ldd r22, Y+1*4+0
ldd r0, Y+3*4+3
sub r25, r0
ldd r0, Y+3*4+2
sbc r24, r0
ldd r0, Y+3*4+1
sbc r23, r0
ldd r0, Y+3*4+0
sbc r22, r0
add r25, XRC3
adc r24, XRC2
adc r23, XRC1
adc r22, XRC0
rcall seed_g_function
mov r21, D3
mov r20, D2
mov r19, D1
mov r18, D0
ret
.global seed_getnextkeys
seed_getnextkeys:
push_range 10, 17
push r28
push r29
andi r22, 0x0F
bst r22,0
rcall compute_keys
brtc even_round
odd_round:
adiw r28, 8
ld r26, Y
ldd r0, Y+1
std Y+0, r0
ldd r0, Y+2
std Y+1, r0
ldd r0, Y+3
std Y+2, r0
ldd r0, Y+4
std Y+3, r0
ldd r0, Y+5
std Y+4, r0
ldd r0, Y+6
std Y+5, r0
ldd r0, Y+7
std Y+6, r0
std Y+7, r26
/*
movw r30, r28
ld r26, Z+
ldi r27, 7
1:
ld r0, Z+
st Y+, r0
dec r27
brne 1b
st Y, r26
*/
rjmp 4f
even_round:
ldd r26, Y+7
ldd r0, Y+6
std Y+7, r0
ldd r0, Y+5
std Y+6, r0
ldd r0, Y+4
std Y+5, r0
ldd r0, Y+3
std Y+4, r0
ldd r0, Y+2
std Y+3, r0
ldd r0, Y+1
std Y+2, r0
ldd r0, Y+0
std Y+1, r0
std Y+0, r26
/*
adiw r28, 7
ld r26, Y
ldi r27, 7
1:
ld r0, -Y
std Y+1, r0
dec r27
brne 1b
st Y, r26
*/
4:
pop r29
pop r28
pop_range 10, 17
ret
/******************************************************************************/
/*
keypair_t getprevkeys(uint32_t *keystate, uint8_t curround){
keypair_t ret;
if (curround>15){
/ * ERROR * /
ret.k0 = ret.k1 = 0;
} else {
if (curround & 1){
/ * odd round (1,3,5, ..., 15) * /
((uint64_t*)keystate)[1] = bigendian_rotr8_64( ((uint64_t*)keystate)[1] );
} else {
/ * even round (0,2,4, ..., 14) * /
((uint64_t*)keystate)[0] = bigendian_rotl8_64(((uint64_t*)keystate)[0]);
}
/ * ret.k0 = seed_g_function(keystate[0] + keystate[2] - pgm_read_dword(&(seed_kc[curround])));
ret.k1 = seed_g_function(keystate[1] - keystate[3] + pgm_read_dword(&(seed_kc[curround]))); * /
ret.k0 = bigendian_sum32(keystate[0], keystate[2]);
ret.k0 = bigendian_sub32(ret.k0, pgm_read_dword(&(seed_kc[curround])));
ret.k0 = seed_g_function(ret.k0);
ret.k1 = bigendian_sub32(keystate[1], keystate[3]);
ret.k1 = bigendian_sum32(ret.k1, pgm_read_dword(&(seed_kc[curround])));
ret.k1 = seed_g_function(ret.k1);
}
return ret;
}
*/
/*
* param keystate: r24:r25
* param curround: r22
*/
.global seed_getprevkeys
seed_getprevkeys:
push_range 10, 17
push r28
push r29
movw r28, r24
andi r22, 0x0F
bst r22, 0
brts r_odd_round
r_even_round:
ldd r26, Y+0
ldd r0, Y+1
std Y+0, r0
ldd r0, Y+2
std Y+1, r0
ldd r0, Y+3
std Y+2, r0
ldd r0, Y+4
std Y+3, r0
ldd r0, Y+5
std Y+4, r0
ldd r0, Y+6
std Y+5, r0
ldd r0, Y+7
std Y+6, r0
std Y+7, r26
/*
movw r30, r28
ld r26, Z+
ldi r27, 7
1:
ld r0, Z+
st Y+, r0
dec r27
brne 1b
st Y, r26
*/
rjmp 4f
r_odd_round:
ldd r26, Y+8+7
ldd r0, Y+8+6
std Y+8+7, r0
ldd r0, Y+8+5
std Y+8+6, r0
ldd r0, Y+8+4
std Y+8+5, r0
ldd r0, Y+8+3
std Y+8+4, r0
ldd r0, Y+8+2
std Y+8+3, r0
ldd r0, Y+8+1
std Y+8+2, r0
ldd r0, Y+8+0
std Y+8+1, r0
std Y+8+0, r26
/*
adiw r28, 7
ld r26, Y
ldi r27, 7
1:
ld r0, -Y
std Y+1, r0
dec r27
brne 1b
st Y, r26
*/
4:
rcall compute_keys
pop r29
pop r28
pop_range 10, 17
ret
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
more ASM-fun for SEED
2008-12-11 15:12:16 +00:00
/******************************************************************************/
+DES/3DES +SEED +SHABEA
2007-06-18 04:50:39 +00:00
more ASM-fun for SEED
2008-12-11 15:12:16 +00:00
.global seed_kc
seed_kc:
.long 0xb979379e
.long 0x73f36e3c
.long 0xe6e6dd78
.long 0xcccdbbf1
.long 0x999b77e3
.long 0x3337efc6
.long 0x676ede8d
.long 0xcfdcbc1b
.long 0x9eb97937
.long 0x3c73f36e
.long 0x78e6e6dd
.long 0xf1cccdbb
.long 0xe3999b77
.long 0xc63337ef
.long 0x8d676ede
.long 0x1bcfdcbc
make process changed and modularised
2008-04-05 17:57:46 +00:00