bg
/
avr-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

new OMAC (CMAC) with Noekeon; + some bug fixes for the nessie test-env

This commit is contained in:
bg 2008-08-27 02:05:47 +00:00
parent c135a8edfc
commit cf1c79ef3f
12 changed files with 402 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.h
View File

@ -26,7 +26,7 @@
/* uart.[ch] defines */
#define UART_INTERRUPT 1
#define UART_BAUD_RATE 9600
#define UART_BAUD_RATE 38400
#define UART_RXBUFSIZE 16
#define UART_TXBUFSIZE 16
#define UART_LINE_BUFFER_SIZE 40

5
md5.c
View File

@ -20,9 +20,8 @@
* \file md5.c
* \author Daniel Otte
* \date 2006-07-31
* \par License:
* GPLv3 or later
* \brief Implementation of the MD5 hash algorithm as described in RFC 1321
* \license GPLv3 or later
* \brief Implementation of the MD5 hash algorithm as described in RFC 1321
*
*/

2
mkfiles/hmac-sha256.mk
View File

@ -6,7 +6,7 @@ MACS += $(ALGO_NAME)
$(ALGO_NAME)_OBJ := hmac-sha256.o sha256-asm.o
$(ALGO_NAME)_TEST_BIN := main-hmac-sha256-test.o debug.o uart.o serial-tools.o \
nessie_mac_test.o nessie_common.o
nessie_mac_test.o nessie_common.o cli.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PEROFRMANCE_TEST := "performance"

6
noekeon.h
View File

@ -44,7 +44,7 @@ typedef uint8_t noekeon_ctx_t[16];
* \param key pointer to either the key (128 bit = 16 byte; direct mode) or
* to the context (indirect mode)
*/
void noekeon_enc(void* buffer, void* key);
void noekeon_enc(void* buffer, const void* key);
/** \fn void noekeon_enc(void* buffer, void* key)
* \brief noekeon encrytion funtion
@ -58,7 +58,7 @@ void noekeon_enc(void* buffer, void* key);
* \param key pointer to either the key (128 bit = 16 byte; direct mode) or
* to the context (indirect mode)
*/
void noekeon_dec(void* buffer, void* key);
void noekeon_dec(void* buffer, const void* key);
/** \fn void noekeon_init(void* key, noekeon_ctx_t* ctx)
@ -71,6 +71,6 @@ void noekeon_dec(void* buffer, void* key);
* \param ctx pointer to the context to fill with key material
* to the context (indirect mode)
*/
void noekeon_init(void* key, noekeon_ctx_t* ctx);
void noekeon_init(const void* key, noekeon_ctx_t* ctx);
#endif /*NOEKEON_H_*/

175
noekeon_omac.S
View File

@ -1,175 +0,0 @@
/* noekeon_omac.S */
/*
This file is part of the Crypto-avr-lib/microcrypt-lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2008-08-06
* \license GPLv3 or later
*
*
*
*/
#include <avr/io.h>
#include "avr-asm-macros.S"
push_r18_r27_func:
pop r31
pop r30
push_range 18, 27
ijmp
pop_r18_r27_func:
pop r31
pop r30
pop_range 18, 27
ijmp
.extern noekeon_enc
/*
* void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b,
* const void* key, uint8_t t)
*/
/* param dest is passed in r24:r25
* param msg is passed in r22:r23
* param msglength_b is passed in r20:r21
* param key is passed in r18:r19
* param t is passed in r16
*/
.global noekeon_omac
noekeon_omac:
stack_alloc 48
adiw r30, 1
ldi r17, 48
1:
st Z+, r1
dec r17
brne 1b
sbiw r30, 48
movw r26, r22
movw r22, r18
movw r18, r24
movw r24, r30
cpi r16, 0xff
breq 2f
st Z, r16
rcall push_r18_r27_func
rcall noekeon_enc
rcall pop_r18_r27_func
movw r30, r24
2:
tst r21
brne fullblock
cpi r20, 128+1
brlo lastblock
fullblock:
/* copy block to stack buffer */
ldi r16, 16
1:
ld r0, X+
ld r17, Z
eor r0, r17
st Z+, r0
dec r16
brne 1b
rcall push_r18_r27_func
rcall noekeon_enc
rcall pop_r18_r27_func
movw r30, r24
subi r20, 128
sbci r21, 0
rjmp 2
lastblock:
adiw r24, 16
rcall push_r18_r27_func
rcall noekeon_enc
rcall pop_r18_r27_func
bst r20, 6 /* set t bit if msglength_b%128==0*/
2:
ldi r16, 16
clc
movw r30, r24 /* z points to encrypted null vector (L) */
1:
ld r0, Z
rol r0
st Z+, r0
dec r16
brne 1b
brtc 2f
clt
rjmp 2b
2: /* B/P has been calculated */
ldi r16, 16
sbiw r30, 32
3:
ld r0, Z
ldd r17, Z+16
eor r0, r17
st Z+, r0
dec r16
brne 3b
/* B/P has been xored into stack buffer */
/* now we have to xor-in the remaining message */
mov r16, r20
subi r16, -7
lsr r16
lsr r16
lsr r16 /* r 1*/
sbiw r30, 16
4:
ld r0, X+
ld r17, Z
eor r0, r17
st Z+, r0
dec r16
brne 4b
/* now we have only to insert the 1 at the end of message if msglength_b%128 != 0 */
sbiw r30, 1
andi r20, 0x07
breq 7f
ldi r17, 1
5:
dec r20
breq 6f
lsl r17
rjmp 5b
6:
ld r0, Z
eor r0, r17
st Z, r0
7:
call noekeon_enc
stack_free 48
ret

10
noekeon_omac.h
View File

@ -1,10 +0,0 @@
#ifndef NOEKEON_OMAC_H_
#define NOEKEON_OMAC_H_
#include "noekeon.h"
#include <stdint.h>
void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b,
const void* key, uint8_t t);
#endif /*NOEKEON_OMAC_H_*/

353
omac_noekeon.S Normal file
View File

@ -0,0 +1,353 @@
/* noekeon_omac.S */
/*
This file is part of the Crypto-avr-lib/microcrypt-lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2008-08-24
* \license GPLv3 or later
*
*
*
*/
#include <avr/io.h>
#include "avr-asm-macros.S"
.extern noekeon_enc
/******************************************************************************/
/*
* void noekeon_omac_init(noekeon_omac_ctx_t* ctx){
* memset(ctx, 0, 16);
* }
*/
/*
* param ctx in r24:r25
*/
.global omac_noekeon_init
omac_noekeon_init:
movw r30, r24
ldi r24, 16
1:
st Z+, r1
dec r24
brne 1b
ret
/******************************************************************************/
/*
* void omac_noekeon_tweak(uint8_t t, const void* key, noekeon_omac_ctx_t* ctx){
* *ctx[15] = t;
* noekeon_enc(ctx, key);
* }
*/
/*
* param t in r24
* param key in r22:r23
* param ctx in r20:r21
*/
.global omac_noekeon_tweak
omac_noekeon_tweak:
movw r30, r20
std Z+15, r24
movw r24, r20
rjmp noekeon_enc
/******************************************************************************/
/*
* void noekeon_omac_next(const void* buffer, const void* key, noekeon_omac_ctx_t* ctx){
* memxor(ctx, buffer, 16);
* noekeon_enc(ctx, key);
* }
*/
/*
* param buffer in r24:r25
* param key in r22:r23
* param ctx in r20:r21
*/
.global omac_noekeon_next
omac_noekeon_next:
movw r26, r20
movw r30, r24
ldi r24, 16
1:
ld r0, X
ld r25, Z+
eor r0, r25
st X+, r0
dec r24
brne 1b
movw r24, r20
rjmp noekeon_enc
/******************************************************************************/
/*
* void omac_noekeon_comppad(uint8_t* pad, const void* key, uint8_t length_b){
* uint8_t c1,c2,r,j;
* memset(pad, 0, 16);
* noekeon_enc(pad, key);
* r=(length_b==128)?1:2;
* for(;r!=0;--r){
* c1=0;
* for(j=0;j<16;++j){
* c2 = c1;
* c1 = (pad[15-j])>>7;
* pad[15-j] = ((pad[15-j])<<1) | c2;
* }
* if(c1){
* pad[15] ^= 0x87;
* }
* }
* if(length_b<128){
* pad[(length_b)/8] ^= 0x80 >> (length_b%8);
* }
*}
*/
/*
* param pad in r24:r25
* param key in r22:r23
* param length_b in r20
*/
.global omac_noekeon_comppad
omac_noekeon_comppad:
push_ r20, r24, r25
ldi r20, 16
movw r30, r24
1:
st Z+, r1
dec r20
brne 1b
rcall noekeon_enc
pop_ r31, r30, r20 /* now Z points at pad, and r20 contains length_b */
ldi r21, 1
clt
cpi r20, 128
breq 2f
set
inc r21
2:
adiw r30, 16
ldi r24, 16
clc
3:
ld r0, -Z
rol r0
st Z, r0
dec r24
brne 3b
brcc 4f
ldi r24, 0x87
ldd r0, Z+15
eor r0, r24
std Z+15, r0
4:
dec r21
brne 2b
/* the B/P calculation is done, now we have only to insert the one for
messages of a length != n*128 */
brts 5f
ret
5:
/* r20 contains the length in bits where a one must be appended via xor */
mov r21, r20
lsr r21
lsr r21
lsr r21
add r30, r21
adc r31, r1
andi r20, 0x07
ldi r21, 0x80
6: tst r20
breq 8f
7: lsr r21
dec r20
brne 7b
8:
ld r24, Z
eor r24, r21
st Z, r24
ret
/******************************************************************************/
/*
* void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key, noekeon_omac_ctx_t* ctx){
* while(length_b>128){
* omac_noekeon_next(buffer, key, ctx);
* buffer = (uint8_t*)buffer +16;
* length_b -= 128;
* }
* uint8_t pad[16];
* omac_noekeon_comppad(pad, key, length_b);
* memxor(pad, buffer, (length_b+7)/8);
* omac_noekeon_next(pad, key, ctx);
*}
*/
/*
* param buffer in r24:r25
* param length_b in r22
* param key in r20:r21
* param ctx in r18:r19
*/
.global omac_noekeon_last
omac_noekeon_last:
push_range 10, 16
push_ r28, r29
movw r28, r24 /* buffer */
movw r12, r20 /* key */
movw r14, r18 /* ctx */
mov r16, r22 /* length_b */
1:
cpi r16, 129
brlo 2f
movw r22, r20
movw r20, r18
rcall omac_noekeon_next
adiw r28, 16
subi r16, 128
2:
stack_alloc 16
adiw r30, 1
movw r10, r30
movw r24, r30
movw r22, r12
mov r20, r16
rcall omac_noekeon_comppad
movw r30, r10
subi r16, -7
lsr r16
lsr r16
lsr r16
breq 4f
3:
ld r0, Z
ld r24, Y+
eor r0, r24
st Z+, r0
dec r16
brne 3b
4:
movw r24, r10
movw r22, r12
movw r20, r14
rcall omac_noekeon_next
stack_free 16
pop_ r29, r28
pop_range 10, 16
ret
/******************************************************************************/
/*
*void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b,
* const void* key, uint8_t t){
* omac_noekeon_init(dest);
* if(t!=0xff)
* omac_noekeon_tweak(t,key,dest);
* while(msglength_b>128){
* omac_noekeon_next(msg, key, dest);
* msg = (uint8_t*)msg +16;
* msglength_b -= 128;
* }
* omac_noekeon_last(msg, msglength_b, key, dest);
*}
*/
/*
* param dest in r24:r25
* param msg in r22:r23
* param msglength_b in r20:r21
* param key in r18:r19
* param t in r16
*/
MSG0 = 28
MSG1 = 29
KEY0 = 10
KEY1 = 11
LEN0 = 12
LEN1 = 13
DST0 = 14
DST1 = 15
.global omac_noekeon
omac_noekeon:
push_ r28, r29
push_range 10, 17
movw MSG0, r22 /* msg */
movw KEY0, r18 /* key */
movw LEN0, r20 /* msglength_b */
movw DST0, r24 /* dest */
/* omac_noekeon_init(dest); */
rcall omac_noekeon_init
cpi r16, 0xff
breq 1f
mov r24, r16
movw r22, KEY0
movw r20, DST0
/* omac_noekeon_tweak(t,key,dest); */
rcall omac_noekeon_tweak
1:
movw r16, LEN0
tst r17
breq 4f
3:
movw r24, MSG0
movw r22, KEY0
movw r20, DST0
/* omac_noekeon_next(msg, key, dest); */
rcall omac_noekeon_next
adiw MSG0, 16
subi r16, 128
sez
sbci r17, 0 /* wont change Z if result is zero */
brne 3b
4:
movw r24, MSG0
mov r22, r16
movw r20, KEY0
movw r18, DST0
/* omac_noekeon_last(msg, msglength_b, key, dest); */
call omac_noekeon_last
pop_range 10, 17
pop_ r29, r28
ret

18
omac_noekeon.h Normal file
View File

@ -0,0 +1,18 @@
#ifndef NOEKEON_OMAC_H_
#define NOEKEON_OMAC_H_
#include "noekeon.h"
#include <stdint.h>
typedef uint8_t noekeon_omac_ctx_t[16];
void omac_noekeon_init(noekeon_omac_ctx_t* ctx);
void omac_noekeont_tweak(uint8_t t, const void* key, noekeon_omac_ctx_t* ctx);
void omac_noekeon_next(const void* buffer, const void* key,
noekeon_omac_ctx_t* ctx);
void omac_noekeon_last(const void* buffer, uint8_t length_b, const void* key,
noekeon_omac_ctx_t* ctx);
void omac_noekeon(void* dest, const void* msg, uint16_t msglength_b,
const void* key, uint8_t t);
#endif /*NOEKEON_OMAC_H_*/

5
sha1.c
View File

@ -19,9 +19,8 @@
/**
* \file sha1.c
* \author Daniel Otte
* \date 08.10.2006
* \par License:
* GPLv3
* \date 2006-10-08
* \license GPLv3 or later
* \brief SHA-1 implementation.
*
*/

13
test_src/main-hmac-sha256-test.c
View File

@ -29,6 +29,7 @@
#include "sha256.h"
#include "hmac-sha256.h"
#include "cli.h"
#include "nessie_mac_test.h"
#include <stdint.h>
@ -81,12 +82,14 @@ int main (void){
uart_putstr(algo_name);
uart_putstr_P(PSTR(")\r\nloaded and running\r\n"));
restart:
PGM_P u = PSTR("nessie\0test\0");
void_fpt v[] = {testrun_nessie_hmacsha256, testrun_nessie_hmacsha256};
while(1){
if (!getnextwordn(str,20)) {DEBUG_S("DBG: W1\r\n"); goto error;}
if (strcmp(str, "nessie")) {DEBUG_S("DBG: 1b\r\n"); goto error;}
testrun_nessie_hmacsha256();
goto restart;
if (!getnextwordn(str,20)){DEBUG_S("DBG: W1\r\n"); goto error;}
if(execcommand_d0_P(str, u, v)<0){
uart_putstr_P(PSTR("\r\nunknown command\r\n"));
}
continue;
error:
uart_putstr("ERROR\r\n");

3
test_src/nessie_common.c
View File

@ -87,7 +87,8 @@ void nessie_print_set_vector(uint8_t set, uint16_t vector){
uart_putstr_P(PSTR("\r\n\r\nSet "));
uart_putc('0'+set%10);
uart_putstr_P(PSTR(", vector#"));
uart_putc((vector<100)?' ':'0'+vector/100);
uart_putc((vector<1000)?' ':'0'+vector/1000);
uart_putc((vector<100)?' ':'0'+(vector/100)%10);
uart_putc((vector<10 )?' ':'0'+(vector/10)%10);
uart_putc('0'+vector%10);
uart_putc(':');

20
test_src/nessie_mac_test.c
View File

@ -50,7 +50,7 @@ void ascii_mac(char* data, char* desc, uint8_t* key){
PRINTKEY;
nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx);
sl = strlen(data);
while(sl>=nessie_mac_ctx.blocksize_B){
while(sl>nessie_mac_ctx.blocksize_B){
nessie_mac_ctx.mac_next(data, ctx);
data += nessie_mac_ctx.blocksize_B;
sl -= nessie_mac_ctx.blocksize_B;
@ -75,7 +75,7 @@ void amillion_mac(uint8_t* key){
memset(block, 'a', nessie_mac_ctx.blocksize_B);
nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx);
while(n>=nessie_mac_ctx.blocksize_B){
while(n>nessie_mac_ctx.blocksize_B){
nessie_mac_ctx.mac_next(block, ctx);
n -= nessie_mac_ctx.blocksize_B;
}
@ -106,7 +106,7 @@ void zero_mac(uint16_t n, uint8_t* key){
memset(block, 0, nessie_mac_ctx.blocksize_B);
nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b,ctx);;
while(n>=nessie_mac_ctx.blocksize_B*8){
while(n>nessie_mac_ctx.blocksize_B*8){
nessie_mac_ctx.mac_next(block, ctx);
n -= nessie_mac_ctx.blocksize_B*8;
}
@ -148,12 +148,15 @@ void one_in512_mac(uint16_t pos, uint8_t* key){
/* now the real stuff */
memset(block, 0, 512/8);
block[pos>>3] = 0x80>>(pos&0x7);
nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx);;
while(n>=nessie_mac_ctx.blocksize_B*8){
nessie_mac_ctx.mac_next(block, ctx);
uint8_t* bp;
bp = block;
nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx);
while(n>nessie_mac_ctx.blocksize_B*8){
nessie_mac_ctx.mac_next(bp, ctx);
n -= nessie_mac_ctx.blocksize_B*8;
bp += nessie_mac_ctx.blocksize_B;
}
nessie_mac_ctx.mac_last(block, n, key, nessie_mac_ctx.keysize_b, ctx);
nessie_mac_ctx.mac_last(bp, n, key, nessie_mac_ctx.keysize_b, ctx);
nessie_mac_ctx.mac_conv(mac, ctx);
PRINTMAC;
}
@ -171,7 +174,7 @@ void tv4_mac(uint8_t* key){
memset(block, 0, 256/8);
nessie_mac_ctx.mac_init(key, nessie_mac_ctx.keysize_b, ctx);;
while(n>=nessie_mac_ctx.blocksize_B*8){
while(n>nessie_mac_ctx.blocksize_B*8){
nessie_mac_ctx.mac_next(block, ctx);
n -= nessie_mac_ctx.blocksize_B*8;
}
@ -215,6 +218,7 @@ void nessie_mac_run(void){
{"Now is the time for all ", "\"Now is the time for all \""},
{"Now is the time for it", "\"Now is the time for it\""}
};
set=1;
nessie_print_setheader(set);
for(i=0; i<KEYSIZE_B; ++i){