bg
/
avr-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

some fixes, mainly at rsaes-pkcs1v15

This commit is contained in:
bg 2012-04-18 01:05:24 +00:00
parent 06d9213f13
commit cc6b183296
26 changed files with 381 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile_main.inc
View File

@ -34,8 +34,7 @@ GLOBAL_INCDIR := ./ $(TESTSRC_DIR)
#-------------------------------------------------------------------------------
# inclusion of make stubs
include mkfiles/0*.mk
include mkfiles/*.mk
include $(sort $(wildcard mkfiles/*.mk))
#-------------------------------------------------------------------------------
ALGORITHMS = $(BLOCK_CIPHERS) $(STREAM_CIPHERS) $(HASHES) $(PRNGS) $(MACS) \

2
Makefile_sys_conf.inc
View File

@ -27,7 +27,7 @@ STAT_DIR = stats/$(BOARD_NAME)/#
AUTOASM_DIR = autoasm/$(BOARD_NAME)/#
AUTOASM_OPT = -S
CC = avr-gcc
CSTD = c99
CSTD = gnu99
SIZESTAT_FILE = sizestats.txt

12
bigint/bigint.c
View File

@ -291,26 +291,34 @@ int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){
void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
uint8_t s;
int8_t d = 0;
s = GET_SIGN(a)?2:0;
s |= GET_SIGN(b)?1:0;
switch(s){
case 0: /* both positive */
d = 1;
bigint_add_u(dest, a,b);
SET_POS(dest);
break;
case 1: /* a positive, b negative */
d = bigint_cmp_u(a,b);
bigint_sub_u(dest, a, b);
break;
case 2: /* a negative, b positive */
d = bigint_cmp_u(b,a);
bigint_sub_u(dest, b, a);
break;
case 3: /* both negative */
d = -1;
bigint_add_u(dest, a, b);
SET_NEG(dest);
break;
default: /* how can this happen?*/
break;
}
if(d<0){
SET_NEG(dest);
}else{
SET_POS(dest);
}
}
/******************************************************************************/

23
blake/blake_large.c
View File

@ -146,21 +146,24 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B;
length_b -= BLAKE_LARGE_BLOCKSIZE;
}
uint8_t buffer[128];
union {
uint8_t v8[128];
uint64_t v64[ 16];
} buffer;
uint64_t v[16];
uint64_t ctr;
ctr = ctx->counter*1024+length_b;
memset(buffer, 0, 128);
memcpy(buffer, msg, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
blake_large_changeendian(buffer, buffer);
memset(buffer.v8, 0, 128);
memcpy(buffer.v8, msg, (length_b+7)/8);
buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
blake_large_changeendian(buffer.v8, buffer.v8);
blake_large_expand(v, ctx);
if(length_b>1024-128-2){
v[12] ^= ctr;
v[13] ^= ctr;
blake_large_compress(v, buffer);
blake_large_compress(v, buffer.v8);
blake_large_collapse(ctx, v);
memset(buffer, 0, 128-8);
memset(buffer.v8, 0, 128-8);
blake_large_expand(v, ctx);
} else {
if(length_b){
@ -169,9 +172,9 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
}
}
if(ctx->appendone)
buffer[128-16-8] |= 0x01;
*((uint64_t*)(&(buffer[128-8]))) = ctr;
blake_large_compress(v, buffer);
buffer.v8[128-16-8] |= 0x01;
buffer.v64[15] = ctr;
blake_large_compress(v, buffer.v8);
blake_large_collapse(ctx, v);
}

25
blake/blake_small.c
View File

@ -141,26 +141,29 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B;
length_b -= BLAKE_SMALL_BLOCKSIZE;
}
uint8_t buffer[64];
union {
uint8_t v8[64];
uint32_t v32[16];
} buffer;
uint32_t v[16];
union {
uint64_t v64;
uint32_t v32[2];
}ctr;
ctr.v64 = ctx->counter*512+length_b;
memset(buffer, 0, 64);
memcpy(buffer, msg, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
blake_small_changeendian(buffer, buffer);
memset(buffer.v8, 0, 64);
memcpy(buffer.v8, msg, (length_b+7)/8);
buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
blake_small_changeendian(buffer.v8, buffer.v8);
blake_small_expand(v, ctx);
if(length_b>512-64-2){
v[12] ^= ctr.v32[0];
v[13] ^= ctr.v32[0];
v[14] ^= ctr.v32[1];
v[15] ^= ctr.v32[1];
blake_small_compress(v, buffer);
blake_small_compress(v, buffer.v8);
blake_small_collapse(ctx, v);
memset(buffer, 0, 64-8);
memset(buffer.v8, 0, 64-8);
blake_small_expand(v, ctx);
}else{
if(length_b){
@ -171,10 +174,10 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
}
}
if(ctx->appendone)
buffer[64-8-4] |= 0x01;
*((uint32_t*)(&(buffer[64-8]))) = ctr.v32[1];
*((uint32_t*)(&(buffer[64-4]))) = ctr.v32[0];
blake_small_compress(v, buffer);
buffer.v8[64-8-4] |= 0x01;
buffer.v32[14] = ctr.v32[1];
buffer.v32[15] = ctr.v32[0];
blake_small_compress(v, buffer.v8);
blake_small_collapse(ctx, v);
}

31
bmw/bmw_large.c
View File

@ -523,33 +523,36 @@ void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block){
}
void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[128];
union {
uint8_t v8[128];
uint64_t v64[ 16];
} buffer;
while(length_b >= BMW_LARGE_BLOCKSIZE){
bmw_large_nextBlock(ctx, block);
length_b -= BMW_LARGE_BLOCKSIZE;
block = (uint8_t*)block + BMW_LARGE_BLOCKSIZE_B;
}
memset(buffer, 0, 128);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
memset(buffer.v8, 0, 128);
memcpy(buffer.v8, block, (length_b+7)/8);
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>128*8-64){
bmw_large_nextBlock(ctx, buffer);
memset(buffer, 0, 128-8);
bmw_large_nextBlock(ctx, buffer.v8);
memset(buffer.v8, 0, 128-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[128-8])) = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
bmw_large_nextBlock(ctx, buffer);
buffer.v64[15] = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
bmw_large_nextBlock(ctx, buffer.v8);
#if TWEAK
uint8_t i;
uint64_t q[32];
memset(buffer, 0xaa, 128);
memset(buffer.v8, 0xaa, 128);
for(i=0; i<16; ++i){
buffer[8*i] = i + 0xa0;
buffer.v8[8*i] = i + 0xa0;
}
bmw_large_f0(q, (uint64_t*)buffer, ctx->h);
bmw_large_f1(q, ctx->h, (uint64_t*)buffer);
bmw_large_f2((uint64_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 128);
bmw_large_f0(q, buffer.v64, ctx->h);
bmw_large_f1(q, ctx->h, buffer.v64);
bmw_large_f2(buffer.v64, q, ctx->h);
memcpy(ctx->h, buffer.v8, 128);
#endif
}

36
bmw/bmw_small.c
View File

@ -499,38 +499,42 @@ void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){
}
void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[64];
union {
uint8_t v8[64];
uint32_t v32[16];
uint64_t v64[ 8];
} buffer;
while(length_b >= BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(ctx, block);
length_b -= BMW_SMALL_BLOCKSIZE;
block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B;
}
memset(buffer, 0, 64);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
memset(buffer.v8, 0, 64);
memcpy(buffer.v8, block, (length_b+7)/8);
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>64*8-64){
bmw_small_nextBlock(ctx, buffer);
memset(buffer, 0, 64-8);
bmw_small_nextBlock(ctx, buffer.v8);
memset(buffer.v8, 0, 64-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer);
buffer.v64[7] = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer.v8);
#if TWEAK
uint8_t i;
uint32_t q[32];
memset(buffer, 0xaa, 64);
memset(buffer.v8, 0xaa, 64);
for(i=0; i<16;++i){
buffer[i*4] = i+0xa0;
buffer.v8[i*4] = i+0xa0;
}
// dump_x(buffer, 16, 'A');
// dump_x(buffer.v8, 16, 'A');
dump_x(ctx->h, 16, 'M');
bmw_small_f0(q, (uint32_t*)buffer, ctx->h);
dump_x(buffer, 16, 'a');
bmw_small_f0(q, buffer.v32, ctx->h);
dump_x(buffer.v8, 16, 'a');
dump_x(q, 16, 'Q');
bmw_small_f1(q, ctx->h, (uint32_t*)buffer);
bmw_small_f1(q, ctx->h, buffer.v32);
dump_x(q, 32, 'Q');
bmw_small_f2((uint32_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 64);
bmw_small_f2(buffer.v32, q, ctx->h);
memcpy(ctx->h, buffer.v8, 64);
#endif
}

49
host/rsa_pkcs15_check.rb → host/rsa_pkcs1v15_check.rb
View File

@ -1,5 +1,5 @@
#!/usr/bin/ruby
# rsa_pkcs15_check.rb
# rsa_pkcs1v15_check.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
@ -21,6 +21,7 @@
require 'rubygems'
require 'serialport'
require 'getopt/std'
require 'fileutils'
$buffer_size = 0 # set automatically in init_system
$conffile_check = Hash.new
@ -94,10 +95,15 @@ end
def read_block(f)
d = Array.new
begin
v = false
l = f.gets
x = l.split.collect { |e| e.to_i(16) }
# x = l.split.collect { |e| e.to_i(16) }
t = l.split
t.each { |e| v = true if e.length != 2 }
x = []
x = t.collect { |e| e.to_i(16) } if ! v
d += x
end while x.length == 16
end while x.length == 16 && ! v
return d
end
@ -300,7 +306,11 @@ def check_tv(tv)
test_enc = ''
loop do
l = read_line_from_device()
break if ! /([0-9A-Fa-f]{2}\s*)+/.match(l)
t = l.split
v = false
t.each { |e| v = true if e.length != 2 }
x = t.collect { |e| e.to_i(16) }
break if v
test_enc += l if l
end
test_enc_a = Array.new
@ -331,7 +341,7 @@ end
########################################
opts = Getopt::Std.getopts('dc:f:il:s:')
opts = Getopt::Std.getopts('dc:f:il:s:n:')
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
@ -367,14 +377,39 @@ $sp.flow_control = SerialPort::SOFT
$debug = true if opts['d']
if opts['l']
if opts['l'] && ! opts['n']
$logfile = File.open(opts['l'], 'w')
end
if opts['n']
logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_' + opts['n'] + '.txt'
if File.exists?(logfilename)
i=1
begin
logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i,'.txt')
i+=1
end while(File.exists?(logfilename))
while(i>2) do
n1 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-2,'.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',i-1,'.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
i-=1
end
n1 = sprintf('%s%s', conf['PORT']['testlogbase'],'rsa_pkcs1v15_'+opts['n']+'.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'_',1,'.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
logfilename = conf['PORT']['testlogbase']+'rsa_pkcs1v15_'+opts['n']+'.txt'
end
printf("logging to %s", logfilename)
$logfile = File.open(logfilename, 'w')
end
$logfile = STDOUT if ! $logfile
reset_system()
if opts['s'] && m = opts['s'].match(/([\d]+\.([\d]+))/)
if opts['s'] && ( m = opts['s'].match(/([\d]+)\.([\d]+)/) )
sk = m[1].to_i
sv = m[2].to_i
else

10
khazad/khazad.c
View File

@ -92,7 +92,7 @@ uint8_t khazad_sbox(uint8_t a){
return b|c;
}
static void gamma(uint8_t* a){
static void gamma_1(uint8_t* a){
uint8_t i;
for(i=0; i<8; ++i){
*a = khazad_sbox(*a);
@ -147,7 +147,7 @@ static void theta(uint8_t* a){
/******************************************************************************/
static void khazad_round(uint8_t* a, const uint8_t* k){
gamma(a);
gamma_1(a);
theta(a);
memxor(a, k, 8);
}
@ -188,7 +188,7 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
for(r=1; r<8; ++r){
khazad_round(buffer, ctx->k[r]);
}
gamma(buffer);
gamma_1(buffer);
memxor(buffer, ctx->k[8], 8);
}
@ -197,11 +197,11 @@ void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
void khazad_dec(void* buffer, const khazad_ctx_t* ctx){
uint8_t r=7;
memxor(buffer, ctx->k[8], 8);
gamma(buffer);
gamma_1(buffer);
do{
memxor(buffer, ctx->k[r--], 8);
theta(buffer);
gamma(buffer);
gamma_1(buffer);
}while(r);
memxor(buffer, ctx->k[0], 8);
}

21
md5/md5.c
View File

@ -139,32 +139,35 @@ void md5_nextBlock(md5_ctx_t *state, const void* block){
void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){
uint16_t l;
uint8_t b[64];
union {
uint8_t v8[64];
uint64_t v64[ 8];
} buffer;
while (length_b >= 512){
md5_nextBlock(state, block);
length_b -= 512;
block = ((uint8_t*)block) + 512/8;
}
memset(b, 0, 64);
memcpy(b, block, length_b/8);
memset(buffer.v8, 0, 64);
memcpy(buffer.v8, block, length_b/8);
/* insert padding one */
l=length_b/8;
if(length_b%8){
uint8_t t;
t = ((uint8_t*)block)[l];
t |= (0x80>>(length_b%8));
b[l]=t;
buffer.v8[l]=t;
}else{
b[l]=0x80;
buffer.v8[l]=0x80;
}
/* insert length value */
if(l+sizeof(uint64_t) >= 512/8){
md5_nextBlock(state, b);
md5_nextBlock(state, buffer.v8);
state->counter--;
memset(b, 0, 64-8);
memset(buffer.v8, 0, 64-8);
}
*((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b;
md5_nextBlock(state, b);
buffer.v64[7] = (state->counter * 512) + length_b;
md5_nextBlock(state, buffer.v8);
}
void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){

6
mkfiles/rsa_oaep.mk → mkfiles/rsaes_oaep.mk
View File

@ -1,13 +1,13 @@
# Makefile for RSA
ALGO_NAME := RSA_OAEP
ALGO_NAME := RSAES_OAEP
# comment out the following line for removement of RSA from the build process
PK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ hfal/ sha1/ mgf1/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
$(ALGO_NAME)_TESTBIN := main-rsa_oaep-test.o $(CLI_STD) random_dummy.o \
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
$(ALGO_NAME)_TESTBIN := main-rsaes_oaep-test.o $(CLI_STD) random_dummy.o \
noekeon.o noekeon_prng.o memxor.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

6
mkfiles/rsa_pkcs15.mk → mkfiles/rsaes_pkcs1v15.mk
View File

@ -1,13 +1,13 @@
# Makefile for RSA
ALGO_NAME := RSA_PKCS15
ALGO_NAME := RSAES_PKCS1V15
# comment out the following line for removement of RSA from the build process
SIGNATURE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_pkcs15.o
$(ALGO_NAME)_TESTBIN := main-rsa_pkcs15-test.o $(CLI_STD) random_dummy.o \
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_pkcs1v15.o
$(ALGO_NAME)_TESTBIN := main-rsaes_pkcs1v15-test.o $(CLI_STD) random_dummy.o \
noekeon.o noekeon_prng.o memxor.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

4
noekeon/noekeon.c
View File

@ -39,7 +39,7 @@
#define RC_POS 0
static
void gamma(uint32_t* a){
void gamma_1(uint32_t* a){
uint32_t tmp;
a[1] ^= ~((a[3]) | (a[2]));
@ -94,7 +94,7 @@ void noekeon_round(uint32_t* key, uint32_t* state, uint8_t const1, uint8_t const
theta(key, state);
((uint8_t*)state)[RC_POS] ^= const2;
pi1(state);
gamma(state);
gamma_1(state);
pi2(state);
}

132
rsa/rsa_basic.c
View File

@ -52,50 +52,111 @@ m = m2 + q * h
uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){
bigint_t m1, m2;
m1.wordv = malloc((key->modulus->length_B + 1) * sizeof(bigint_word_t));
m2.wordv = malloc(key->components[1]->length_B * sizeof(bigint_word_t));
m1.wordv = malloc((key->components[0]->length_B + 1) * sizeof(bigint_word_t));
m2.wordv = malloc((key->components[1]->length_B + 1) * sizeof(bigint_word_t));
if(!m1.wordv || !m2.wordv){
#if DEBUG
cli_putstr_P(PSTR("\r\nERROR: OOM! (" __FILE__ ")"));
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
#endif
free(m1.wordv);
free(m2.wordv);
return 1;
}
#if DEBUG
cli_putstr_P(PSTR("\r\nexp_mod a + b "));
cli_putstr_P(PSTR("\r\nDBG: expmod m1 ..."));
cli_putstr_P(PSTR("\r\nexpmod("));
bigint_print_hex(data);
cli_putc(',');
bigint_print_hex(key->components[2]);
cli_putc(',');
bigint_print_hex(key->components[0]);
cli_putstr_P(PSTR(") = "));
#endif
bigint_expmod_u(&m1, data, key->components[2], key->components[0]);
#if DEBUG
bigint_print_hex(&m1);
cli_putstr_P(PSTR("expmod m2 ..."));
cli_putstr_P(PSTR("\r\nexpmod("));
bigint_print_hex(data);
cli_putc(',');
bigint_print_hex(key->components[3]);
cli_putc(',');
bigint_print_hex(key->components[1]);
cli_putstr_P(PSTR(") = "));
#endif
bigint_expmod_u(&m2, data, key->components[3], key->components[1]);
#if DEBUG
cli_putstr_P(PSTR("[done] "));
bigint_print_hex(&m2);
cli_putstr_P(PSTR("\r\nDBG: sub ..."));
cli_putstr_P(PSTR("\r\nsub("));
bigint_print_hex(&m1);
cli_putc(',');
bigint_print_hex(&m2);
cli_putstr_P(PSTR(") = "));
#endif
bigint_sub_s(&m1, &m1, &m2);
#if DEBUG
cli_putstr_P(PSTR("[done2] "));
bigint_print_hex(&m1);
#endif
while(BIGINT_NEG_MASK & m1.info){
#if DEBUG
cli_putc(',');
cli_putstr_P(PSTR("\r\nDBG: adding "));
bigint_print_hex(key->components[0]);
cli_putstr_P(PSTR("\r\nDBG: to "));
bigint_print_hex(&m1);
#endif
bigint_add_s(&m1, &m1, key->components[0]);
}
#if DEBUG
cli_putstr_P(PSTR("\r\nreduce_mul "));
cli_putstr_P(PSTR("\r\nDBG: reduce-mul ..."));
cli_putstr_P(PSTR("\r\nreduce("));
bigint_print_hex(&m1);
cli_putc(',');
bigint_print_hex(key->components[0]);
cli_putstr_P(PSTR(") = "));
#endif
bigint_reduce(&m1, key->components[0]);
bigint_mul_u(&m1, &m1, key->components[4]);
#if DEBUG
cli_putstr_P(PSTR("[done]"));
bigint_print_hex(&m1);
cli_putstr_P(PSTR("\r\nmul("));
bigint_print_hex(&m1);
cli_putc(',');
bigint_print_hex(key->components[4]);
cli_putstr_P(PSTR(") = "));
#endif
bigint_reduce(&m1, key->components[0]);
bigint_mul_u(&m1, &m1, key->components[1]);
bigint_mul_u(data, &m1, key->components[4]);
#if DEBUG
cli_putstr_P(PSTR(" [done]"));
bigint_print_hex(data);
cli_putstr_P(PSTR("\r\nreduce("));
bigint_print_hex(data);
cli_putc(',');
bigint_print_hex(key->components[0]);
cli_putstr_P(PSTR(") = "));
#endif
bigint_reduce(data, key->components[0]);
#if DEBUG
bigint_print_hex(data);
cli_putstr_P(PSTR("\r\nmul("));
bigint_print_hex(data);
cli_putc(',');
bigint_print_hex(key->components[1]);
cli_putstr_P(PSTR(") = "));
#endif
bigint_mul_u(data, data, key->components[1]);
#if DEBUG
bigint_print_hex(data);
cli_putstr_P(PSTR("\r\nadd("));
bigint_print_hex(data);
cli_putc(',');
bigint_print_hex(&m2);
cli_putstr_P(PSTR(") = "));
#endif
bigint_add_u(data, data, &m2);
#if DEBUG
bigint_print_hex(data);
#endif
bigint_add_u(data, &m1, &m2);
free(m1.wordv);
free(m2.wordv);
free(m1.wordv);
return 0;
}
@ -118,8 +179,18 @@ uint8_t rsa_dec(bigint_t* data, rsa_privatekey_t* key){
}
void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
#if BIGINT_WORD_SIZE == 8
if(data){
memcpy(dest->wordv, data, length_B);
}
dest->length_B = length_B;
#else
uint8_t off;
off = length_B % sizeof(bigint_word_t);
off = (sizeof(bigint_word_t) - length_B % sizeof(bigint_word_t)) % sizeof(bigint_word_t);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: off = 0x"));
cli_hexdump_byte(off);
#endif
if(!data){
if(off){
dest->wordv = realloc(dest->wordv, length_B + sizeof(bigint_word_t) - off);
@ -127,19 +198,37 @@ void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
memset(dest->wordv, 0, off);
}
}else{
memcpy((uint8_t*)dest->wordv + off, data, length_B);
if(off){
memcpy((uint8_t*)dest->wordv + off, data, length_B);
memset(dest, 0, off);
}else{
memcpy(dest->wordv, data, length_B);
memset(dest->wordv, 0, off);
}
}
dest->length_B = (length_B + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
dest->length_B = (length_B + off) / sizeof(bigint_word_t);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: dest->length_B = 0x"));
cli_hexdump_rev(&(dest->length_B), 2);
#endif
#endif
dest->info = 0;
bigint_changeendianess(dest);
bigint_adjust(dest);
}
void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
#if BIGINT_WORD_SIZE == 8
if(dest){
uint8_t *e = src->wordv + src->length_B;
uint16_t i;
for(i=src->length_B; i>0; --i){
*((uint8_t*)dest) = *--e;
dest = (uint8_t*)dest + 1;
}
}else{
bigint_changeendianess(src);
}
*out_length_B = src->length_B;
#else
*out_length_B = bigint_get_first_set_bit(src) / 8 + 1;
if(dest){
uint16_t i;
@ -157,5 +246,6 @@ void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B){
memmove(src->wordv, (uint8_t*)src->wordv+off, *out_length_B);
}
}
#endif
}

2
rsa/rsa_oaep.c → rsa/rsaes_oaep.c
View File

@ -25,7 +25,7 @@
#include "mgf1.h"
#include "bigint.h"
#include "rsa_basic.h"
#include "rsa_oaep.h"
#include "rsaes_oaep.h"
#include "random_dummy.h"

0
rsa/rsa_oaep.h → rsa/rsaes_oaep.h
View File

17
rsa/rsa_pkcs15.c → rsa/rsaes_pkcs1v15.c
View File

@ -1,4 +1,4 @@
/* rsa_pkcs15.c */
/* rsa_pkcs1v15.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
@ -22,6 +22,7 @@
#include <string.h>
#include "bigint.h"
#include "rsa_basic.h"
#include "rsaes_pkcs1v15.h"
#define DEBUG 0
@ -32,15 +33,15 @@
#include "random_dummy.h"
uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
}
uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_publickey_t* key, const void* pad){
int16_t pad_length;
bigint_t x;
pad_length = rsa_pkcs15_compute_padlength_B(key->modulus, length_B);
pad_length = rsa_pkcs1v15_compute_padlength_B(key->modulus, length_B);
if(pad_length<8){
#if DEBUG
cli_putstr_P(PSTR("\r\nERROR: pad_length<8; pad_length: "));
@ -84,18 +85,20 @@ uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
return 0;
}
uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_privatekey_t* key, void* pad){
bigint_t x;
uint16_t m_length, pad_length=0, idx=0;
x.wordv = dest;
rsa_os2ip(&x, src, length_B);
#if DEBUG
cli_putstr_P(PSTR("\r\ncalling rsa_dec() ..."));
cli_putstr_P(PSTR("\r\ncalling rsa_dec() with bigint:"));
bigint_print_hex(&x);
#endif
rsa_dec(&x, key);
#if DEBUG
cli_putstr_P(PSTR("\r\nfinished rsa_dec() ..."));
cli_putstr_P(PSTR("\r\nfinished rsa_dec() bigint:"));
bigint_print_hex(&x);
#endif
rsa_i2osp(NULL, &x, &m_length);
#if DEBUG

14
rsa/rsa_pkcs15.h → rsa/rsaes_pkcs1v15.h
View File

@ -1,4 +1,4 @@
/* rsa_pkcs15.h */
/* rsa_pkcs1v15.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
@ -17,19 +17,19 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef RSA_PKCS15_H_
#define RSA_PKCS15_H_
#ifndef RSA_PKCS1V15_H_
#define RSA_PKCS1V15_H_
#include <stdint.h>
#include "bigint.h"
uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_publickey_t* key, const void* pad);
uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_privatekey_t* key, void* pad);
#endif /* RSA_PKCS15_H_ */
#endif /* RSA_PKCS1V15_H_ */

30
salsa20/salsa20.c
View File

@ -111,31 +111,31 @@ void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i){
void salsa20_init(void* key, uint16_t keylength_b, void* iv, salsa20_ctx_t* ctx){
if(keylength_b==256){
memcpy_P((ctx->a+ 0), sigma+ 0, 4);
memcpy_P((ctx->a+20), sigma+ 4, 4);
memcpy_P((ctx->a+40), sigma+ 8, 4);
memcpy( (ctx->a+44), (uint8_t*)key+16, 16);
memcpy_P((ctx->a+60), sigma+12, 4);
memcpy_P((ctx->a.v8+ 0), sigma+ 0, 4);
memcpy_P((ctx->a.v8+20), sigma+ 4, 4);
memcpy_P((ctx->a.v8+40), sigma+ 8, 4);
memcpy( (ctx->a.v8+44), (uint8_t*)key+16, 16);
memcpy_P((ctx->a.v8+60), sigma+12, 4);
}else{
memcpy_P((ctx->a+ 0), theta+ 0, 4);
memcpy_P((ctx->a+20), theta+ 4, 4);
memcpy_P((ctx->a+40), theta+ 8, 4);
memcpy( (ctx->a+44), (uint8_t*)key+ 0, 16);
memcpy_P((ctx->a+60), theta+12, 4);
memcpy_P((ctx->a.v8+ 0), theta+ 0, 4);
memcpy_P((ctx->a.v8+20), theta+ 4, 4);
memcpy_P((ctx->a.v8+40), theta+ 8, 4);
memcpy( (ctx->a.v8+44), (uint8_t*)key+ 0, 16);
memcpy_P((ctx->a.v8+60), theta+12, 4);
}
memcpy( (ctx->a+ 4), key, 16);
memset( (ctx->a+24), 0, 16);
memcpy( (ctx->a.v8+ 4), key, 16);
memset( (ctx->a.v8+24), 0, 16);
if(iv){
memcpy( (ctx->a+24), iv, 8);
memcpy( (ctx->a.v8+24), iv, 8);
}
ctx->buffer_idx=64;
}
uint8_t salsa20_gen(salsa20_ctx_t* ctx){
if(ctx->buffer_idx==64){
memcpy(ctx->buffer, ctx->a, 64);
memcpy(ctx->buffer, ctx->a.v8, 64);
salsa20_hash((uint32_t*)(ctx->buffer));
*((uint64_t*)(ctx->a+32)) += 1;
ctx->a.v64[4] += 1;
ctx->buffer_idx = 0;
}
return ctx->buffer[ctx->buffer_idx++];

5
salsa20/salsa20.h
View File

@ -23,7 +23,10 @@
#include <stdint.h>
typedef struct{
uint8_t a[64];
union{
uint8_t v8[64];
uint64_t v64[ 8];
} a;
uint8_t buffer[64];
uint8_t buffer_idx;
} salsa20_ctx_t;

2
test_src/config.h
View File

@ -28,7 +28,9 @@
#include "uart_defs.h"
#define UART0_I 1
#ifndef UART0_BAUD_RATE
#define UART0_BAUD_RATE 115200
#endif
#define UART0_PARATY UART_PARATY_NONE
#define UART0_STOPBITS UART_STOPBITS_1
#define UART0_DATABITS UART_DATABITS_8

7
test_src/main-rsa_oaep-test.c → test_src/main-rsaes_oaep-test.c
View File

@ -28,11 +28,11 @@
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsa_oaep.h"
#include "rsaes_oaep.h"
#include "performance_test.h"
const char* algo_name = "RSA-OAEP";
const char* algo_name = "RSAES-OAEP";
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
@ -423,6 +423,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){
}
a->wordv = (bigint_word_t*)buffer;
a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
@ -685,7 +686,7 @@ void run_seed_test(void){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg_ = malloc(bigint_length_B(pub_key.modulus));
msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t));
if(!msg_){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;

98
test_src/main-rsa_pkcs15-test.c → test_src/main-rsaes_pkcs1v15-test.c
View File

@ -28,11 +28,13 @@
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsa_pkcs15.h"
#include "rsaes_pkcs1v15.h"
#include "performance_test.h"
const char* algo_name = "RSA-PKCS15";
#define DEBUG 0
const char* algo_name = "RSAES-PKCS1V15";
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
@ -239,6 +241,7 @@ uint8_t read_bigint(bigint_t* a, char* prompt){
}
a->wordv = (bigint_word_t*)buffer;
a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
@ -249,25 +252,25 @@ uint8_t pre_alloc_key_crt(void){
pub_key.modulus = malloc(sizeof(bigint_t));
if(!pub_key.modulus){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return 2;
return 6;
}
priv_key.modulus = pub_key.modulus;
priv_key.n = 5;
priv_key.components = malloc(5 * sizeof(bigint_t*));
if(!priv_key.components){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return 2;
return 3;
}
pub_key.exponent = malloc(sizeof(bigint_t));
if(!pub_key.exponent){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return 2;
return 4;
}
for(c=0; c<5; ++c){
priv_key.components[c] = malloc(sizeof(bigint_t));
if(!priv_key.components[c]){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return 2;
return 7+c;
}
}
return 0;
@ -275,18 +278,22 @@ uint8_t pre_alloc_key_crt(void){
void free_key(void){
uint8_t c;
free(pub_key.modulus->wordv);
for(c = priv_key.n; c > 0 ; --c){
free(priv_key.components[c - 1]->wordv);
}
free(pub_key.exponent->wordv);
free(pub_key.modulus);
pub_key.modulus = priv_key.modulus = NULL;
free(pub_key.modulus->wordv);
for(c = priv_key.n; c > 0 ; --c){
free(priv_key.components[c - 1]);
}
free(pub_key.exponent);
pub_key.exponent = NULL;
for(c = 0; c < priv_key.n; ++c){
free(priv_key.components[c]->wordv);
free(priv_key.components[c]);
}
free(priv_key.components);
priv_key.components = NULL;
free(pub_key.modulus);
pub_key.modulus = priv_key.modulus = NULL;
keys_allocated = 0;
}
uint8_t read_key_crt(void){
@ -307,7 +314,8 @@ uint8_t read_key_crt(void){
r = read_bigint(priv_key.components[3],"\r\n = dq (q's exponent) =");
if(r) return r;
r = read_bigint(priv_key.components[4],"\r\n = qInv (q' coefficient) =");
/*
#if DEBUG
cli_putstr_P(PSTR("\r\nmodulus:"));
bigint_print_hex(pub_key.modulus);
cli_putstr_P(PSTR("\r\npublic exponent:"));
@ -322,7 +330,7 @@ uint8_t read_key_crt(void){
bigint_print_hex(priv_key.components[3]);
cli_putstr_P(PSTR("\r\nqInv:"));
bigint_print_hex(priv_key.components[4]);
*/
#endif
return r;
}
@ -469,9 +477,9 @@ void quick_test(void){
cli_hexdump_block(seed, sizeof(SEED), 4, 16);
cli_putstr_P(PSTR("\r\nencrypting: ..."));
rc = rsa_encrypt_pkcs15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
if(rc){
cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs15 returned: "));
cli_putstr_P(PSTR("\r\nERROR: rsa_encrypt_pkcs1v15 returned: "));
cli_hexdump_byte(rc);
return;
@ -490,9 +498,9 @@ void quick_test(void){
}
cli_putstr_P(PSTR("\r\ndecrypting: ..."));
rc = rsa_decrypt_pkcs15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
if(rc){
cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs15 returned: "));
cli_putstr_P(PSTR("\r\nERROR: rsa_decrypt_pkcs1v15 returned: "));
cli_hexdump_byte(rc);
return;
}
@ -507,7 +515,8 @@ void quick_test(void){
void run_seed_test(void){
uint8_t *msg, *ciph, *msg_;
uint16_t msg_len, ciph_len, msg_len_;
uint16_t ciph_len, msg_len;
uint16_t msg_len_;
uint16_t seed_len;
uint8_t *seed, *seed_out;
char read_int_str[18];
@ -516,28 +525,48 @@ void run_seed_test(void){
cli_putstr_P(PSTR("\r\n length: "));
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
seed_len = rsa_pkcs15_compute_padlength_B(pub_key.modulus, msg_len);
seed_len = rsa_pkcs1v15_compute_padlength_B(pub_key.modulus, msg_len);
seed = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed: 0x"));
cli_hexdump_rev(&seed, 2);
#endif
if(!seed){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
seed_out = malloc(seed_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @seed_out: 0x"));
cli_hexdump_rev(&seed_out, 2);
#endif
if(!seed_out){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg = malloc(msg_len);
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg: 0x"));
cli_hexdump_rev(&msg, 2);
#endif
if(!msg){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
ciph = malloc(bigint_length_B(pub_key.modulus));
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @ciph: 0x"));
cli_hexdump_rev(&ciph, 2);
#endif
if(!ciph){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
}
msg_ = malloc(bigint_length_B(pub_key.modulus));
msg_ = malloc(bigint_length_B(pub_key.modulus) + sizeof(bigint_word_t));
#if DEBUG
cli_putstr_P(PSTR("\r\nDBG: @msg_: 0x"));
cli_hexdump_rev(&msg_, 2);
#endif
if(!msg_){
cli_putstr_P(PSTR("\r\nERROR: OOM!"));
return;
@ -556,11 +585,21 @@ void run_seed_test(void){
cli_putstr_P(PSTR("\r\n seed:"));
cli_hexdump_block(seed, seed_len, 4, 16);
*/
rsa_encrypt_pkcs15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(priv_key.components[0]);
#endif
rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
cli_putstr_P(PSTR("\r\n ciphertext:"));
cli_hexdump_block(ciph, ciph_len, 4, 16);
#if DEBUG
cli_putstr_P(PSTR("\r\n first prime:"));
bigint_print_hex(priv_key.components[0]);
#endif
cli_putstr_P(PSTR("\r\n decrypting ... "));
rsa_decrypt_pkcs15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
cli_putstr_P(PSTR("[done]"));
if(msg_len != msg_len_){
char tstr[16];
@ -588,10 +627,11 @@ void run_seed_test(void){
cli_hexdump_block(seed, seed_len, 4, 16);
goto end;
}
cli_putstr_P(PSTR("\r\n >>OK<<"));
end:
free(ciph);
free(msg_);
free(ciph);
free(msg);
free(seed_out);
free(seed);
@ -609,11 +649,17 @@ void rsa_init(void){
}
void load_key(void){
uint8_t r;
if(keys_allocated){
cli_putstr_P(PSTR("\r\nDBG: freeing old keys"));
free_key();
}
keys_allocated = 1;
read_key_crt();
r = read_key_crt();
if(r){
cli_putstr_P(PSTR("\r\nERROR: read_key_crt returned 0x"));
cli_hexdump_byte(r);
}
}
void test_dump(void){

10
test_src/main-salsa20-test.c
View File

@ -51,10 +51,10 @@ void nessie_first(void){
cli_hexdump(key, 16);
salsa20_init(key, 128, NULL, &ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
salsa20_gen(&ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
cli_putstr_P(PSTR("\r\n data: "));
cli_hexdump_block(ctx.buffer, 64, 4, 16);
@ -63,13 +63,13 @@ void nessie_first(void){
key[15] = 0x01;
cli_putstr_P(PSTR("\r\n testing with key: "));
cli_hexdump(key, 16);
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
salsa20_init(key, 128, NULL, &ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
salsa20_gen(&ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
cli_putstr_P(PSTR("\r\n data: "));
cli_hexdump_block(ctx.buffer, 64, 4, 16);
}

6
twister/twister-large.c
View File

@ -109,7 +109,11 @@ void twister_large_nextBlock(twister_large_ctx_t* ctx, const void* msg){
/*********************************************************************/
void twister_inject_chksum(twister_large_ctx_t* ctx, uint8_t col){
*((uint64_t*)(&ctx->state.s[7][0])) ^= *((uint64_t*)(&ctx->checksum[col][0]));
uint8_t i=7;
do{
ctx->state.s[7][i] ^= ctx->checksum[col][i];
}while(i--);
twister_blank_round(&ctx->state);
}

4
whirlpool/whirlpool.c
View File

@ -111,7 +111,7 @@ static const uint8_t sbox[256] PROGMEM = {
#endif
static void gamma(uint8_t* a){
static void gamma_1(uint8_t* a){
uint8_t i;
for(i=0; i<64; ++i){
*a = whirlpool_sbox(*a);
@ -161,7 +161,7 @@ static void theta(uint8_t* a){
}
static void w_round(uint8_t* a, const uint8_t* k){
gamma(a);
gamma_1(a);
#if DEBUG
cli_putstr_P(PSTR("\r\n pre-pi:"));
cli_hexdump_block(a, 64, 4, 8);