bg
/
avr-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added Khazad

This commit is contained in:
bg 2011-01-02 23:22:27 +00:00
parent 548902530e
commit 62d7d4d281
12 changed files with 6926 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
bcal/bcal_khazad.c Normal file
View File

@ -0,0 +1,53 @@
/* bcal_khazad.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file bcal_khazad.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2011-01-02
* \license GPLv3 or later
*
*/
#include <avr/pgmspace.h>
#include <stdlib.h>
#include "blockcipher_descriptor.h"
#include "khazad.h"
#include "keysize_descriptor.h"
const char khazad_str[] PROGMEM = "Khazad";
const uint8_t khazad_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
KS_TYPE_TERMINATOR };
const bcdesc_t khazad_desc PROGMEM = {
BCDESC_TYPE_BLOCKCIPHER,
BC_INIT_TYPE_1,
khazad_str,
sizeof(khazad_ctx_t),
64,
{(void_fpt)khazad_init},
{(void_fpt)khazad_enc},
{(void_fpt)khazad_dec},
(bc_free_fpt)NULL,
khazad_keysize_desc
};

33
bcal/bcal_khazad.h Normal file
View File

@ -0,0 +1,33 @@
/* bcal_khazad.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file bcal_khazad.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2011-01-02
* \license GPLv3 or later
*
*/
#include <avr/pgmspace.h>
#include "blockcipher_descriptor.h"
#include "khazad.h"
#include "keysize_descriptor.h"
extern const bcdesc_t khazad_desc;

3
bigint/bigint.c
View File

@ -85,7 +85,6 @@ void bigint_copy(bigint_t* dest, const bigint_t* src){
/******************************************************************************/
/* this should be implemented in assembly */
/*
void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
uint16_t t=0, i;
if(a->length_B < b->length_B){
@ -105,7 +104,7 @@ void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
dest->length_B = i;
bigint_adjust(dest);
}
*/
/******************************************************************************/
/* this should be implemented in assembly */

4
blockcipher_descriptor.h
View File

@ -63,8 +63,8 @@ typedef union{
} bc_dec_fpt;
#define BC_INIT_TYPE 0x01
#define BC_INIT_TYPE_1 0x00
#define BC_INIT_TYPE_2 0x01
#define BC_INIT_TYPE_1 0x00 /* for fix keylength */
#define BC_INIT_TYPE_2 0x01 /* keylength is passed as second parameter */
#define BC_ENC_TYPE 0x02
#define BC_ENC_TYPE_1 0x00

60
host/bigint_test.rb
View File

@ -246,6 +246,66 @@ def mul_test(a,b)
return false
end
################################################################################
# add_scale_test #
################################################################################
def add_scale_test(a, b, scale)
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter a:[\s]*/.match(line)
$sp.print(a.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter b:[\s]*/.match(line)
$sp.print(b.to_s(16)+" ")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not /[\s]*enter scale:[\s]*/.match(line)
$sp.print(scale.to_s(16)+"\n")
begin
line = $sp.gets()
line = "" if line==nil
puts("DBG got: "+line) if $debug
if /^Error:.*/.match(line)
puts line
return false
end
end while not m=/[\s]*([-]?[0-9a-fA-F]*)[\s]+\+[\s]+([+-]?[0-9a-fA-F]*)[\s]*<<8\*[\s]*([+-]?[0-9a-fA-F]*)[\s]*=[\s]*([+-]?[0-9a-fA-F]*)/.match(line)
a_ = m[1].to_i(16)
b_ = m[2].to_i(16)
s_ = m[3].to_i(16)
c_ = m[4].to_i(16)
line.chomp!
if(a_== a && b_ == b && c_ == (a+b))
$logfile.printf("[pass]: %s\n", line)
return true
else
$logfile.printf("[fail (%s%s%s)]: %s", (a==a_)?"":"a", (b==b_)?"":"b", (c_==a+b)?"":"c",line)
$logfile.printf(" ; should %s + %s = %s\n", a.to_s(16), b.to_s(16), (a+b).to_s(16))
return false
end
return false
end
################################################################################
# square_test #
################################################################################

211
khazad/khazad.c Normal file
View File

@ -0,0 +1,211 @@
/* khazad.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <avr/pgmspace.h>
#include <string.h>
#include "gf256mul.h"
#include "memxor.h"
#include "khazad.h"
/*
| | | | | | | |
V V V V V V V V
+-------+ +-------+
| P | | Q |
+-------+ +-------+
| | \ \ / / | |
| | \ \ / / | |
| | \ \ / / | |
| | \ X / | |
| | X X | |
| | / X \ | |
| | / / \ \ | |
| | / / \ \ | |
| | / / \ \ | |
| | | | | | | |
V V V V V V V V
+-------+ +-------+
| Q | | P |
+-------+ +-------+
| | \ \ / / | |
| | \ \ / / | |
| | \ \ / / | |
| | \ X / | |
| | X X | |
| | / X \ | |
| | / / \ \ | |
| | / / \ \ | |
| | / / \ \ | |
| | | | | | | |
V V V V V V V V
+-------+ +-------+
| P | | Q |
+-------+ +-------+
| | | | | | | |
V V V V V V V V
P:
3x Fx Ex 0x 5x 4x Bx Cx Dx Ax 9x 6x 7x 8x 2x 1x
Q:
9x Ex 5x 6x Ax 2x 3x Cx Fx 0x 4x Dx 7x Bx 1x 8x
*/
static uint8_t pq_lut[16] PROGMEM = {
0x39, 0xFE, 0xE5, 0x06, 0x5A, 0x42, 0xB3, 0xCC,
0xDF, 0xA0, 0x94, 0x6D, 0x77, 0x8B, 0x21, 0x18
};
uint8_t khazad_sbox(uint8_t a){
uint8_t b,c,d,e;
b = pgm_read_byte(pq_lut+(a>>4))&0xf0;
c = pgm_read_byte(pq_lut+(a&0xf))&0x0f;
d = (b>>2)&0x0c;
e = (c<<2)&0x30;
b = (b&0xc0)|e;
c = (c&0x03)|d;
b = pgm_read_byte(pq_lut+(b>>4))<<4;
c = pgm_read_byte(pq_lut+(c&0xf))>>4;
d = (b>>2)&0x0c;
e = (c<<2)&0x30;
b = (b&0xc0)|e;
c = (c&0x03)|d;
b = pgm_read_byte(pq_lut+(b>>4))&0xf0;
c = pgm_read_byte(pq_lut+(c&0xf))&0x0f;
return b|c;
}
static void gamma(uint8_t* a){
uint8_t i;
for(i=0; i<8; ++i){
*a = khazad_sbox(*a);
a++;
}
}
/******************************************************************************/
/* p8 (x) = x^8 + x^4 + x^3 + x^2 + 1 */
#define POLYNOM 0x1D
/*
* 01x 03x 04x 05x 06x 08x 0Bx 07x
* 03x 01x 05x 04x 08x 06x 07x 0Bx
* 04x 05x 01x 03x 0Bx 07x 06x 08x
* 05x 04x 03x 01x 07x 0Bx 08x 06x
* 06x 08x 0Bx 07x 01x 03x 04x 05x
* 08x 06x 07x 0Bx 03x 01x 05x 04x
* 0Bx 07x 06x 08x 04x 05x 01x 03x
* 07x 0Bx 08x 06x 05x 04x 03x 01x
*/
static uint8_t h[8][4] PROGMEM = {
{ 0x13, 0x45, 0x68, 0xB7 },
{ 0x31, 0x54, 0x86, 0x7B },
{ 0x45, 0x13, 0xB7, 0x68 },
{ 0x54, 0x31, 0x7B, 0x86 },
{ 0x68, 0xB7, 0x13, 0x45 },
{ 0x86, 0x7B, 0x31, 0x54 },
{ 0xB7, 0x68, 0x45, 0x13 },
{ 0x7B, 0x86, 0x54, 0x31 }
};
static void theta(uint8_t* a){
uint8_t i,j,x,accu;
uint8_t c[8];
uint8_t *hp;
hp = (uint8_t*)h;
for(i=0; i<8; ++i){
accu = 0;
for(j=0; j<4; ++j){
x = pgm_read_byte(hp++);
accu ^= gf256mul(*a++, x>>4, POLYNOM);
accu ^= gf256mul(*a++, x&0xf, POLYNOM);
}
a -= 8;
c[i] = accu;
}
memcpy(a, c, 8);
}
/******************************************************************************/
static void khazad_round(uint8_t* a, const uint8_t* k){
gamma(a);
theta(a);
memxor(a, k, 8);
}
/******************************************************************************/
void khazad_init(const void* key, khazad_ctx_t* ctx){
uint8_t c[8];
uint8_t i,r=0;
for(i=0; i<8; ++i){
c[i] = khazad_sbox(r*8+i);
}
memcpy(ctx->k[r], (uint8_t*)key+8, 8);
khazad_round(ctx->k[r], c);
memxor(ctx->k[r], (uint8_t*)key, 8);
r=1;
for(i=0; i<8; ++i){
c[i] = khazad_sbox(r*8+i);
}
memcpy(ctx->k[r], ctx->k[r-1], 8);
khazad_round(ctx->k[r], c);
memxor(ctx->k[r], (uint8_t*)key+8, 8);
for(r=2; r<9; ++r){
for(i=0; i<8; ++i){
c[i] = khazad_sbox(r*8+i);
}
memcpy(ctx->k[r], ctx->k[r-1], 8);
khazad_round(ctx->k[r], c);
memxor(ctx->k[r], ctx->k[r-2], 8);
}
}
/******************************************************************************/
void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
uint8_t r;
memxor(buffer, ctx->k[0], 8);
for(r=1; r<8; ++r){
khazad_round(buffer, ctx->k[r]);
}
gamma(buffer);
memxor(buffer, ctx->k[8], 8);
}
/******************************************************************************/
void khazad_dec(void* buffer, const khazad_ctx_t* ctx){
uint8_t r=7;
memxor(buffer, ctx->k[8], 8);
gamma(buffer);
do{
memxor(buffer, ctx->k[r--], 8);
theta(buffer);
gamma(buffer);
}while(r);
memxor(buffer, ctx->k[0], 8);
}

34
khazad/khazad.h Normal file
View File

@ -0,0 +1,34 @@
/* khazad.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef KHAZAD_H_
#define KHAZAD_H_
#include <stdint.h>
typedef struct {
uint8_t k[9][8];
}khazad_ctx_t;
void khazad_enc(void* buffer, const khazad_ctx_t* ctx);
void khazad_dec(void* buffer, const khazad_ctx_t* ctx);
void khazad_init(const void* key, khazad_ctx_t* ctx);
uint8_t khazad_sbox(uint8_t);
#endif /* KHAZAD_H_ */

2
mkfiles/bigint.mk
View File

@ -6,7 +6,7 @@ AUX += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bigint/
$(ALGO_NAME)_INCDIR := memxor/ noekeon/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o bigint_add_u.o
$(ALGO_NAME)_OBJ := bigint-stub.o bigint_io.o bigint_asm.o
$(ALGO_NAME)_TEST_BIN := main-bigint-test.o $(CLI_STD) \
performance_test.o noekeon_asm.o noekeon_prng.o memxor.o

13
mkfiles/khazad_small_c.mk Normal file
View File

@ -0,0 +1,13 @@
# Makefile for Khazad
ALGO_NAME := KHAZAD_SMALL_C
# comment out the following line for removement of CS-Cipher from the build process
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := khazad/
$(ALGO_NAME)_INCDIR := bcal/ memxor/ gf256mul/
$(ALGO_NAME)_OBJ := khazad.o memxor.o gf256mul.o
$(ALGO_NAME)_TEST_BIN := main-khazad-test.o bcal_khazad.o $(CLI_STD) $(BCAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
$(ALGO_NAME)_PERFORMANCE_TEST := performance
$(ALGO_NAME)_DEF := SBOX_PROG=0

56
test_src/main-bigint-test.c
View File

@ -97,6 +97,60 @@ void test_add_bigint(void){
}
}
void test_add_scale_bigint(void){
bigint_t a, b, c;
uint16_t scale;
cli_putstr_P(PSTR("\r\nadd-scale test\r\n"));
for(;;){
cli_putstr_P(PSTR("\r\nenter a:"));
if(bigint_read_hex_echo(&a)){
cli_putstr_P(PSTR("\r\n end add test"));
return;
}
cli_putstr_P(PSTR("\r\nenter b:"));
if(bigint_read_hex_echo(&b)){
cli_putstr_P(PSTR("\r\n end add test"));
return;
}
cli_putstr_P(PSTR("\r\nenter scale:"));
{
char str[8];
cli_getsn_cecho(str, 7);
scale = atoi(str);
}
/*
if(bigint_read_hex_echo(&scale)){
free(scale.wordv);
cli_putstr_P(PSTR("\r\n end add test"));
return;
}
*/
cli_putstr_P(PSTR("\r\n "));
bigint_print_hex(&a);
cli_putstr_P(PSTR(" + "));
bigint_print_hex(&b);
cli_putstr_P(PSTR("<<8*"));
bigint_print_hex(&scale);
cli_putstr_P(PSTR(" = "));
uint8_t *c_b;
c_b = malloc(((a.length_B>(b.length_B+scale))?a.length_B:(b.length_B+scale))+2);
if(c_b==NULL){
cli_putstr_P(PSTR("\n\rERROR: Out of memory!"));
free(a.wordv);
free(b.wordv);
continue;
}
bigint_copy(&c, &a);
c.wordv = c_b;
bigint_add_scale_u(&c, &b, scale);
bigint_print_hex(&c);
cli_putstr_P(PSTR("\r\n"));
free(a.wordv);
free(b.wordv);
free(c_b);
}
}
void test_mul_bigint(void){
bigint_t a, b, c;
cli_putstr_P(PSTR("\r\nmul test\r\n"));
@ -451,6 +505,7 @@ void testrun_performance_bigint(void){
const char echo_test_str[] PROGMEM = "echo-test";
const char add_test_str[] PROGMEM = "add-test";
const char add_scale_test_str[] PROGMEM = "add-scale-test";
const char mul_test_str[] PROGMEM = "mul-test";
const char square_test_str[] PROGMEM = "square-test";
const char reduce_test_str[] PROGMEM = "reduce-test";
@ -462,6 +517,7 @@ const char echo_str[] PROGMEM = "echo";
cmdlist_entry_t cmdlist[] PROGMEM = {
{ add_test_str, NULL, test_add_bigint },
{ add_scale_test_str, NULL, test_add_scale_bigint },
{ mul_test_str, NULL, test_mul_bigint },
{ square_test_str, NULL, test_square_bigint },
{ reduce_test_str, NULL, test_reduce_bigint },

126
test_src/main-khazad-test.c Normal file
View File

@ -0,0 +1,126 @@
/* main-khazad-test.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* khazad test-suit
*
*/
#include "config.h"
#include "uart_i.h"
#include "debug.h"
#include "khazad.h"
#include "cli.h"
#include "performance_test.h"
#include "bcal-performance.h"
#include "bcal-nessie.h"
#include "bcal_khazad.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
char* algo_name = "Khazad";
const bcdesc_t* algolist[] PROGMEM = {
(bcdesc_t*)&khazad_desc,
NULL
};
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void testrun_nessie_khazad(void){
bcal_nessie(&khazad_desc);
}
void testrun_performance_khazad(void){
bcal_performance_multiple(algolist);
}
void test_khazad(void){
uint8_t key[16];
uint8_t data[8];
khazad_ctx_t ctx;
memset(key, 0, 16);
memset(data, 0, 8);
key[0] = 0x80;
cli_putstr_P(PSTR("\r\nkey: "));
cli_hexdump(key, 16);
khazad_init(key, &ctx);
cli_putstr_P(PSTR("\r\nround keys:"));
cli_hexdump_block(&ctx, 8*8, 4, 8);
cli_putstr_P(PSTR("\r\nplain: "));
cli_hexdump(data, 8);
khazad_enc(data, &ctx);
cli_putstr_P(PSTR("\r\nencrypt:"));
cli_hexdump(data, 8);
khazad_dec(data, &ctx);
cli_putstr_P(PSTR("\r\ndecrypt:"));
cli_hexdump(data, 8);
}
void test_sbox(void){
uint8_t i=0,x;
cli_putstr_P(PSTR("\r\nKhazad Sbox:\r\n\t"));
do{
x = khazad_sbox(i);
cli_hexdump_byte(x);
cli_putc(' ');
if(i%16==15){
cli_putstr_P(PSTR("\r\n\t"));
}
++i;
}while(i);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] PROGMEM = "nessie";
const char test_str[] PROGMEM = "test";
const char test_sbox_str[] PROGMEM = "test_sbox";
const char performance_str[] PROGMEM = "performance";
const char echo_str[] PROGMEM = "echo";
cmdlist_entry_t cmdlist[] PROGMEM = {
{ nessie_str, NULL, testrun_nessie_khazad},
{ test_str, NULL, test_khazad},
{ test_sbox_str, NULL, test_sbox},
{ performance_str, NULL, testrun_performance_khazad},
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
{ NULL, NULL, NULL}
};
int main (void){
DEBUG_INIT();
cli_rx = (cli_rx_fpt)uart0_getc;
cli_tx = (cli_tx_fpt)uart0_putc;
for(;;){
cli_putstr_P(PSTR("\r\n\r\nCrypto-VS ("));
cli_putstr(algo_name);
cli_putstr_P(PSTR(")\r\nloaded and running\r\n"));
cmd_interface(cmdlist);
}
}

6336
testvectors/Khazad-Tweaked-128-64.verified.test-vectors Normal file
View File

File diff suppressed because it is too large Load Diff