important fix for SHA1 (Asm) & SHA256 (Asm) and new MonteCarlo tests for hashes
This commit is contained in:
parent
3602a99dd3
commit
f26c4e0df2
|
@ -178,20 +178,19 @@ sha1_prolog:
|
|||
push r13
|
||||
push r16
|
||||
push r17
|
||||
in r16, SPL
|
||||
in r17, SPH
|
||||
subi r16, 5*4+8
|
||||
sbci r17, 0
|
||||
in r30, SPL
|
||||
in r31, SPH
|
||||
sbiw r30, 5*4+8
|
||||
in r0, SREG
|
||||
cli
|
||||
out SPL, r16
|
||||
out SPH, r17
|
||||
out SPL, r30
|
||||
out SREG, r0
|
||||
out SPH, r31
|
||||
|
||||
push r25
|
||||
push r24
|
||||
inc r16
|
||||
adc r17, r1
|
||||
adiw r30, 1
|
||||
movw r16, r30
|
||||
|
||||
movw r8, r18 /* backup of length*/
|
||||
movw r10, r20
|
||||
|
@ -203,19 +202,16 @@ sha1_prolog:
|
|||
/* if length >= 512 */
|
||||
1:
|
||||
tst r11
|
||||
brne 4f
|
||||
brne 2f
|
||||
tst r10
|
||||
brne 4f
|
||||
mov r19, r9
|
||||
cpi r19, 0x02
|
||||
brlo 4f
|
||||
|
||||
breq 4f
|
||||
2:
|
||||
movw r24, r16
|
||||
movw r22, r12
|
||||
rcall sha1_nextBlock
|
||||
ldi r19, 0x64
|
||||
add r22, r19
|
||||
adc r23, r1
|
||||
ldi r19, 64
|
||||
add r12, r19
|
||||
adc r13, r1
|
||||
/* length -= 512 */
|
||||
ldi r19, 0x02
|
||||
sub r9, r19
|
||||
|
@ -241,8 +237,8 @@ sha1_epilog:
|
|||
in r0, SREG
|
||||
cli
|
||||
out SPL, r30
|
||||
out SPH, r31
|
||||
out SREG, r0
|
||||
out SPH, r31
|
||||
pop r17
|
||||
pop r16
|
||||
pop r13
|
||||
|
@ -287,7 +283,9 @@ sha1_lastBlock:
|
|||
pop r24
|
||||
pop r25
|
||||
subi r21, 2
|
||||
subi r23, -2
|
||||
ldi r19, 64
|
||||
sub r22, r19
|
||||
sbc r23, r1
|
||||
rjmp sha1_lastBlock
|
||||
sha1_lastBlock_prolog:
|
||||
/* allocate space on stack */
|
||||
|
|
|
@ -21,10 +21,11 @@
|
|||
*
|
||||
* License: GPLv3 or later
|
||||
*/
|
||||
; sha-256 implementation in assembler
|
||||
; sha-256 implementation in assembler
|
||||
SHA256_BLOCK_BITS = 512
|
||||
SHA256_HASH_BITS = 256
|
||||
|
||||
|
||||
.macro precall
|
||||
/* push r18 - r27, r30 - r31*/
|
||||
push r0
|
||||
|
@ -111,7 +112,7 @@ SREG = 0x3F
|
|||
; [h0][h1][h2][h3][h4][h5][h6][h7][length]
|
||||
; hn is 32 bit large, length is 64 bit large
|
||||
|
||||
;###########################################################
|
||||
;###########################################################
|
||||
|
||||
.global sha256_ctx2hash
|
||||
; === sha256_ctx2hash ===
|
||||
|
@ -125,21 +126,21 @@ sha256_ctx2hash:
|
|||
movw r30, r24
|
||||
ldi r21, 8
|
||||
sbiw r26, 4
|
||||
1:
|
||||
1:
|
||||
ldi r20, 4
|
||||
adiw r26, 8
|
||||
2:
|
||||
2:
|
||||
ld r0, -X
|
||||
st Z+, r0
|
||||
st Z+, r0
|
||||
dec r20
|
||||
brne 2b
|
||||
|
||||
|
||||
dec r21
|
||||
brne 1b
|
||||
|
||||
|
||||
ret
|
||||
|
||||
;###########################################################
|
||||
;###########################################################
|
||||
|
||||
.global sha256
|
||||
; === sha256 ===
|
||||
|
@ -160,71 +161,66 @@ sha256_prolog:
|
|||
push r13
|
||||
push r16
|
||||
push r17
|
||||
in r16, SPL
|
||||
in r17, SPH
|
||||
subi r16, 8*4+8
|
||||
sbci r17, 0
|
||||
in r30, SPL
|
||||
in r31, SPH
|
||||
sbiw r30, 8*4+8
|
||||
in r0, SREG
|
||||
cli
|
||||
out SPL, r16
|
||||
out SPH, r17
|
||||
out SPL, r30
|
||||
out SREG, r0
|
||||
|
||||
out SPH, r31
|
||||
|
||||
push r25
|
||||
push r24
|
||||
inc r16
|
||||
adc r17, r1
|
||||
|
||||
adiw r30, 1
|
||||
movw r16, r30
|
||||
movw r8, r18 /* backup of length*/
|
||||
movw r10, r20
|
||||
|
||||
|
||||
movw r12, r22 /* backup pf msg-ptr */
|
||||
|
||||
|
||||
movw r24, r16
|
||||
rcall sha256_init
|
||||
/* if length >= 512 */
|
||||
/* if length > 0xffff */
|
||||
1:
|
||||
tst r11
|
||||
brne 4f
|
||||
brne 2f
|
||||
tst r10
|
||||
brne 4f
|
||||
mov r19, r9
|
||||
cpi r19, 0x02
|
||||
brlo 4f
|
||||
|
||||
breq 4f
|
||||
2:
|
||||
movw r24, r16
|
||||
movw r22, r12
|
||||
rcall sha256_nextBlock
|
||||
ldi r19, 0x64
|
||||
add r22, r19
|
||||
adc r23, r1
|
||||
ldi r19, 64
|
||||
add r12, r19
|
||||
adc r13, r1
|
||||
/* length -= 512 */
|
||||
ldi r19, 0x02
|
||||
sub r9, r19
|
||||
sbc r10, r1
|
||||
sbc r11, r1
|
||||
rjmp 1b
|
||||
|
||||
|
||||
4:
|
||||
movw r24, r16
|
||||
movw r22, r12
|
||||
movw r20, r8
|
||||
rcall sha256_lastBlock
|
||||
|
||||
|
||||
pop r24
|
||||
pop r25
|
||||
movw r22, r16
|
||||
rcall sha256_ctx2hash
|
||||
|
||||
rcall sha256_ctx2hash
|
||||
|
||||
sha256_epilog:
|
||||
in r30, SPL
|
||||
in r31, SPH
|
||||
adiw r30, 8*4+8
|
||||
adiw r30, 8*4+8
|
||||
in r0, SREG
|
||||
cli
|
||||
out SPL, r30
|
||||
out SPH, r31
|
||||
out SREG, r0
|
||||
out SPH, r31
|
||||
pop r17
|
||||
pop r16
|
||||
pop r13
|
||||
|
@ -235,7 +231,7 @@ sha256_epilog:
|
|||
pop r8
|
||||
ret
|
||||
|
||||
;###########################################################
|
||||
;###########################################################
|
||||
|
||||
|
||||
; block MUST NOT be larger than 64 bytes
|
||||
|
@ -269,8 +265,10 @@ sha256_lastBlock:
|
|||
pop r24
|
||||
pop r25
|
||||
subi r21, 0x02
|
||||
subi r23, -2
|
||||
rjmp sha256_lastBlock
|
||||
ldi r19, 64
|
||||
add r22, r19
|
||||
adc r23, r1
|
||||
rjmp sha256_lastBlock
|
||||
sha256_lastBlock_prolog:
|
||||
/* allocate space on stack */
|
||||
in r30, SPL
|
||||
|
@ -290,8 +288,8 @@ sha256_lastBlock_prolog:
|
|||
lsr r18
|
||||
bst r21, 0 /* may be we should explain this ... */
|
||||
bld r18, 5 /* now: r18 == length/8 (aka. length in bytes) */
|
||||
|
||||
|
||||
|
||||
|
||||
movw r26, r22 /* X points to begin of msg */
|
||||
tst r18
|
||||
breq sha256_lastBlock_post_copy
|
||||
|
@ -301,27 +299,27 @@ sha256_lastBlock_copy_loop:
|
|||
st Z+, r0
|
||||
dec r1
|
||||
brne sha256_lastBlock_copy_loop
|
||||
sha256_lastBlock_post_copy:
|
||||
sha256_lastBlock_insert_stuffing_bit:
|
||||
sha256_lastBlock_post_copy:
|
||||
sha256_lastBlock_insert_stuffing_bit:
|
||||
ldi r19, 0x80
|
||||
mov r0,r19
|
||||
mov r0,r19
|
||||
ldi r19, 0x07
|
||||
and r19, r20 /* if we are in bitmode */
|
||||
breq 2f /* no bitmode */
|
||||
1:
|
||||
1:
|
||||
lsr r0
|
||||
dec r19
|
||||
brne 1b
|
||||
ld r19, X
|
||||
/* maybe we should do some ANDing here, just for safety */
|
||||
or r0, r19
|
||||
2:
|
||||
2:
|
||||
st Z+, r0
|
||||
inc r18
|
||||
|
||||
/* checking stuff here */
|
||||
cpi r18, 64-8+1
|
||||
brsh 0f
|
||||
brsh 0f
|
||||
rjmp sha256_lastBlock_insert_zeros
|
||||
0:
|
||||
/* oh shit, we landed here */
|
||||
|
@ -329,15 +327,15 @@ sha256_lastBlock_insert_stuffing_bit:
|
|||
ldi r19, 64
|
||||
sub r19, r18
|
||||
breq 2f
|
||||
1:
|
||||
1:
|
||||
st Z+, r1
|
||||
dec r19
|
||||
brne 1b
|
||||
2:
|
||||
brne 1b
|
||||
2:
|
||||
sbiw r30, 63
|
||||
sbiw r30, 1
|
||||
movw r22, r30
|
||||
|
||||
|
||||
push r31
|
||||
push r30
|
||||
push r25
|
||||
|
@ -351,7 +349,7 @@ sha256_lastBlock_insert_stuffing_bit:
|
|||
pop r25
|
||||
pop r30
|
||||
pop r31
|
||||
|
||||
|
||||
/* now we should subtract 512 from length */
|
||||
movw r26, r24
|
||||
adiw r26, 4*8+1 /* we can skip the lowest byte */
|
||||
|
@ -365,11 +363,11 @@ sha256_lastBlock_insert_stuffing_bit:
|
|||
st X+, r19
|
||||
dec r18
|
||||
brne 1b
|
||||
|
||||
|
||||
; clr r18 /* not neccessary ;-) */
|
||||
/* reset Z pointer to begin of block */
|
||||
|
||||
sha256_lastBlock_insert_zeros:
|
||||
sha256_lastBlock_insert_zeros:
|
||||
ldi r19, 64-8
|
||||
sub r19, r18
|
||||
breq sha256_lastBlock_insert_length
|
||||
|
@ -417,7 +415,7 @@ sha256_lastBlock_epilog:
|
|||
ret
|
||||
|
||||
/**/
|
||||
;###########################################################
|
||||
;###########################################################
|
||||
|
||||
.global sha256_nextBlock
|
||||
; === sha256_nextBlock ===
|
||||
|
@ -471,11 +469,11 @@ sha256_nextBlock:
|
|||
in r20, SPL
|
||||
in r21, SPH
|
||||
movw r18, r20 ;backup SP
|
||||
; movw r26, r20 ; X points to free space on stack
|
||||
; movw r26, r20 ; X points to free space on stack
|
||||
movw r30, r22 ; Z points to message
|
||||
subi r20, lo8(sha256_nextBlock_localSpace) ;sbiw can do only up to 63
|
||||
sbci r21, hi8(sha256_nextBlock_localSpace)
|
||||
movw r26, r20 ; X points to free space on stack
|
||||
movw r26, r20 ; X points to free space on stack
|
||||
in r0, SREG
|
||||
cli ; we want to be uninterrupted while updating SP
|
||||
out SPL, r20
|
||||
|
@ -488,29 +486,29 @@ sha256_nextBlock:
|
|||
; now we fill the w array with message (think about endianess)
|
||||
adiw r26, 1 ; X++
|
||||
ldi r20, 16
|
||||
sha256_nextBlock_wcpyloop:
|
||||
sha256_nextBlock_wcpyloop:
|
||||
ld r23, Z+
|
||||
ld r22, Z+
|
||||
ld r19, Z+
|
||||
ld r18, Z+
|
||||
st X+, r18
|
||||
st X+, r19
|
||||
st X+, r22
|
||||
st X+, r22
|
||||
st X+, r23
|
||||
dec r20
|
||||
brne sha256_nextBlock_wcpyloop
|
||||
/* for (i=16; i<64; ++i){
|
||||
w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16];
|
||||
w[i] = SIGMA_b(w[i-2]) + w[i-7] + SIGMA_a(w[i-15]) + w[i-16];
|
||||
} */
|
||||
/* r25,r24,r23,r24 (r21,r20) are function values
|
||||
r19,r18,r17,r16 are the accumulator
|
||||
r15,r14,r13,rBck1 are backup1
|
||||
r11,r10,r9 ,r8 are xor accu
|
||||
r11,r10,r9 ,r8 are xor accu
|
||||
r1 is round counter */
|
||||
|
||||
ldi r20, 64-16
|
||||
mov LoopC, r20
|
||||
sha256_nextBlock_wcalcloop:
|
||||
sha256_nextBlock_wcalcloop:
|
||||
movw r30, r26 ; cp X to Z
|
||||
sbiw r30, 63
|
||||
sbiw r30, 1 ; substract 64 = 16*4
|
||||
|
@ -544,7 +542,7 @@ sigma0_shr:
|
|||
lsr Bck4
|
||||
ror Bck3
|
||||
ror Bck2
|
||||
ror Bck1
|
||||
ror Bck1
|
||||
dec Func2
|
||||
brne sigma0_shr
|
||||
eor XAccu1, Bck1
|
||||
|
@ -586,7 +584,7 @@ sigma0_shr:
|
|||
sigma1_shr:
|
||||
lsr Bck4
|
||||
ror Bck3
|
||||
ror Bck2
|
||||
ror Bck2
|
||||
dec Func2
|
||||
brne sigma1_shr
|
||||
eor XAccu1, Bck2
|
||||
|
@ -612,17 +610,17 @@ sigma1_shr:
|
|||
push r30
|
||||
push r31
|
||||
ldi r25, 8*4 /* 8 32-bit values to copy from ctx to a array */
|
||||
init_a_array:
|
||||
init_a_array:
|
||||
ld r1, Z+
|
||||
st X+, r1
|
||||
dec r25
|
||||
brne init_a_array
|
||||
|
||||
|
||||
/* now the real fun begins */
|
||||
/* for (i=0; i<64; ++i){
|
||||
t1 = a[7] + SIGMA1(a[4]) + CH(a[4],a[5],a[6]) + k[i] + w[i];
|
||||
t2 = SIGMA0(a[0]) + MAJ(a[0],a[1],a[2]);
|
||||
memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0];
|
||||
memmove(&(a[1]), &(a[0]), 7*4); // a[7]=a[6]; a[6]=a[5]; a[5]=a[4]; a[4]=a[3]; a[3]=a[2]; a[2]=a[1]; a[1]=a[0];
|
||||
a[4] += t1;
|
||||
a[0] = t1 + t2;
|
||||
} */
|
||||
|
@ -630,7 +628,7 @@ init_a_array:
|
|||
sbiw r26, 8*4 /* X still points at a[7]+1*/
|
||||
movw r28, r26
|
||||
ldi r30, lo8(sha256_kv)
|
||||
ldi r31, hi8(sha256_kv)
|
||||
ldi r31, hi8(sha256_kv)
|
||||
dec r27 /* X - (64*4 == 256) */
|
||||
ldi r25, 64
|
||||
mov LoopC, r25
|
||||
|
@ -667,18 +665,18 @@ sha256_main_loop:
|
|||
eor T4, Bck4 /* done, CH(x,y,z) is in T */
|
||||
/* now SIGMA1(a[4]) */
|
||||
ldd Bck4, Y+4*4 /* think about using it from Func reg above*/
|
||||
ldd Bck1, Y+4*4+1
|
||||
ldd Bck1, Y+4*4+1
|
||||
ldd Bck2, Y+4*4+2
|
||||
ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */
|
||||
ldd Bck3, Y+4*4+3 /* load prerotate by 8-bit */
|
||||
movw Func1, Bck1
|
||||
movw Func3, Bck3
|
||||
ldi r20, 2
|
||||
rcall bitrotl /* rotr(x,6) */
|
||||
ldi r20, 2
|
||||
rcall bitrotl /* rotr(x,6) */
|
||||
movw XAccu1, Func1
|
||||
movw XAccu3, Func3
|
||||
movw Func1, Bck1
|
||||
movw Func3, Bck3
|
||||
ldi r20, 3
|
||||
ldi r20, 3
|
||||
rcall bitrotr /* rotr(x,11) */
|
||||
eor XAccu1, Func1
|
||||
eor XAccu2, Func2
|
||||
|
@ -686,7 +684,7 @@ sha256_main_loop:
|
|||
eor XAccu4, Func4
|
||||
movw Func1, Bck3 /* this prerotates furteh 16 bits*/
|
||||
movw Func3, Bck1 /* so we have now prerotated by 24 bits*/
|
||||
ldi r20, 1
|
||||
ldi r20, 1
|
||||
rcall bitrotr /* rotr(x,11) */
|
||||
eor XAccu1, Func1
|
||||
eor XAccu2, Func2
|
||||
|
@ -770,7 +768,7 @@ sha256_main_loop:
|
|||
rcall bitrotr
|
||||
movw Accu1, Func1
|
||||
movw Accu3, Func3 /* Accu = shr(a[0], 2) */
|
||||
movw Func1, Bck3
|
||||
movw Func1, Bck3
|
||||
movw Func3, Bck1 /* prerotate by 16 bits */
|
||||
ldi r20, 3
|
||||
rcall bitrotl
|
||||
|
@ -823,12 +821,12 @@ a_shift_loop:
|
|||
std Y+4*0+1, Accu2
|
||||
std Y+4*0+2, Accu3
|
||||
std Y+4*0+3, Accu4 /* a array updated */
|
||||
|
||||
|
||||
|
||||
|
||||
dec LoopC
|
||||
breq update_state
|
||||
rjmp sha256_main_loop ;brne sha256_main_loop
|
||||
update_state:
|
||||
update_state:
|
||||
/* update state */
|
||||
/* pointers to state should still exist on the stack ;-) */
|
||||
pop r31
|
||||
|
@ -838,7 +836,7 @@ update_state_loop:
|
|||
ldd Accu1, Z+0
|
||||
ldd Accu2, Z+1
|
||||
ldd Accu3, Z+2
|
||||
ldd Accu4, Z+3
|
||||
ldd Accu4, Z+3
|
||||
ld Func1, Y+
|
||||
ld Func2, Y+
|
||||
ld Func3, Y+
|
||||
|
@ -854,25 +852,25 @@ update_state_loop:
|
|||
dec r21
|
||||
brne update_state_loop
|
||||
/* now we just have to update the length */
|
||||
adiw r30, 1 /* since we add 512, we can simply skip the LSB */
|
||||
adiw r30, 1 /* since we add 512, we can simply skip the LSB */
|
||||
ldi r21, 2
|
||||
ldi r22, 6
|
||||
ld r20, Z
|
||||
add r20, r21
|
||||
st Z+, r20
|
||||
st Z+, r20
|
||||
clr r21
|
||||
sha256_nextBlock_fix_length:
|
||||
sha256_nextBlock_fix_length:
|
||||
brcc sha256_nextBlock_epilog
|
||||
ld r20, Z
|
||||
adc r20, r21
|
||||
st Z+, r20
|
||||
dec r22
|
||||
brne sha256_nextBlock_fix_length
|
||||
|
||||
|
||||
; EPILOG
|
||||
sha256_nextBlock_epilog:
|
||||
/* now we should clean up the stack */
|
||||
|
||||
|
||||
pop r21
|
||||
pop r20
|
||||
in r0, SREG
|
||||
|
@ -880,7 +878,7 @@ sha256_nextBlock_epilog:
|
|||
out SPL, r20
|
||||
out SPH, r21
|
||||
out SREG, r0
|
||||
|
||||
|
||||
clr r1
|
||||
pop r29
|
||||
pop r28
|
||||
|
@ -897,10 +895,10 @@ sha256_nextBlock_epilog:
|
|||
pop r7
|
||||
pop r6
|
||||
pop r5
|
||||
pop r4
|
||||
pop r4
|
||||
ret
|
||||
|
||||
sha256_kv: ; round-key-vector stored in ProgMem
|
||||
sha256_kv: ; round-key-vector stored in ProgMem
|
||||
.word 0x2f98, 0x428a, 0x4491, 0x7137, 0xfbcf, 0xb5c0, 0xdba5, 0xe9b5, 0xc25b, 0x3956, 0x11f1, 0x59f1, 0x82a4, 0x923f, 0x5ed5, 0xab1c
|
||||
.word 0xaa98, 0xd807, 0x5b01, 0x1283, 0x85be, 0x2431, 0x7dc3, 0x550c, 0x5d74, 0x72be, 0xb1fe, 0x80de, 0x06a7, 0x9bdc, 0xf174, 0xc19b
|
||||
.word 0x69c1, 0xe49b, 0x4786, 0xefbe, 0x9dc6, 0x0fc1, 0xa1cc, 0x240c, 0x2c6f, 0x2de9, 0x84aa, 0x4a74, 0xa9dc, 0x5cb0, 0x88da, 0x76f9
|
||||
|
@ -910,10 +908,10 @@ sha256_kv: ; round-key-vector stored in ProgMem
|
|||
.word 0xc116, 0x19a4, 0x6c08, 0x1e37, 0x774c, 0x2748, 0xbcb5, 0x34b0, 0x0cb3, 0x391c, 0xaa4a, 0x4ed8, 0xca4f, 0x5b9c, 0x6ff3, 0x682e
|
||||
.word 0x82ee, 0x748f, 0x636f, 0x78a5, 0x7814, 0x84c8, 0x0208, 0x8cc7, 0xfffa, 0x90be, 0x6ceb, 0xa450, 0xa3f7, 0xbef9, 0x78f2, 0xc671
|
||||
|
||||
|
||||
;###########################################################
|
||||
|
||||
.global sha256_init
|
||||
;###########################################################
|
||||
|
||||
.global sha256_init
|
||||
;uint32_t sha256_init_vector[]={
|
||||
; 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
|
||||
; 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 };
|
||||
|
@ -929,26 +927,26 @@ sha256_init:
|
|||
ldi r30, lo8((sha256_init_vector))
|
||||
ldi r31, hi8((sha256_init_vector))
|
||||
ldi r22, 32+8
|
||||
sha256_init_vloop:
|
||||
lpm r23, Z+
|
||||
sha256_init_vloop:
|
||||
lpm r23, Z+
|
||||
st X+, r23
|
||||
dec r22
|
||||
brne sha256_init_vloop
|
||||
ret
|
||||
|
||||
|
||||
sha256_init_vector:
|
||||
.word 0xE667, 0x6A09
|
||||
.word 0xAE85, 0xBB67
|
||||
.word 0xF372, 0x3C6E
|
||||
.word 0xF53A, 0xA54F
|
||||
.word 0x527F, 0x510E
|
||||
.word 0x688C, 0x9B05
|
||||
.word 0xD9AB, 0x1F83
|
||||
.word 0xAE85, 0xBB67
|
||||
.word 0xF372, 0x3C6E
|
||||
.word 0xF53A, 0xA54F
|
||||
.word 0x527F, 0x510E
|
||||
.word 0x688C, 0x9B05
|
||||
.word 0xD9AB, 0x1F83
|
||||
.word 0xCD19, 0x5BE0
|
||||
.word 0x0000, 0x0000
|
||||
.word 0x0000, 0x0000
|
||||
|
||||
;###########################################################
|
||||
;###########################################################
|
||||
|
||||
.global rotl32
|
||||
; === ROTL32 ===
|
||||
|
@ -971,7 +969,7 @@ rotl32:
|
|||
bitrotl:
|
||||
clr r21
|
||||
clc
|
||||
bitrotl_loop:
|
||||
bitrotl_loop:
|
||||
tst r20
|
||||
breq fixrotl
|
||||
rol r22
|
||||
|
@ -984,9 +982,9 @@ bitrotl_loop:
|
|||
fixrotl:
|
||||
or r22, r21
|
||||
ret
|
||||
|
||||
|
||||
;###########################################################
|
||||
|
||||
;###########################################################
|
||||
|
||||
.global rotr32
|
||||
; === ROTR32 ===
|
||||
|
@ -1009,7 +1007,7 @@ rotr32:
|
|||
bitrotr:
|
||||
clr r21
|
||||
clc
|
||||
bitrotr_loop:
|
||||
bitrotr_loop:
|
||||
tst r20
|
||||
breq fixrotr
|
||||
ror r25
|
||||
|
@ -1022,10 +1020,10 @@ bitrotr_loop:
|
|||
fixrotr:
|
||||
or r25, r21
|
||||
ret
|
||||
|
||||
|
||||
;###########################################################
|
||||
|
||||
|
||||
|
||||
;###########################################################
|
||||
|
||||
.global change_endian32
|
||||
; === change_endian32 ===
|
||||
; function that changes the endianess of a 32-bit word
|
||||
|
@ -1037,6 +1035,6 @@ change_endian32:
|
|||
mov r22, r25
|
||||
mov r23, r24
|
||||
mov r24, r21
|
||||
mov r25, r20
|
||||
mov r25, r20
|
||||
ret
|
||||
|
||||
|
|
|
@ -190,6 +190,7 @@ const char echo_str[] PROGMEM = "echo";
|
|||
const char shavs_list_str[] PROGMEM = "shavs_list";
|
||||
const char shavs_set_str[] PROGMEM = "shavs_set";
|
||||
const char shavs_test1_str[] PROGMEM = "shavs_test1";
|
||||
const char shavs_test2_str[] PROGMEM = "shavs_test2";
|
||||
const char dump_str[] PROGMEM = "dump";
|
||||
|
||||
|
||||
|
@ -203,6 +204,7 @@ cmdlist_entry_t cmdlist[] PROGMEM = {
|
|||
{ shavs_list_str, NULL, shavs_listalgos},
|
||||
{ shavs_set_str, (void*)1, (void_fpt)shavs_setalgo},
|
||||
{ shavs_test1_str, NULL, shavs_test1},
|
||||
{ shavs_test2_str, NULL, shavs_test2},
|
||||
{ dump_str, (void*)1, (void_fpt)dump},
|
||||
{ NULL, NULL, NULL}
|
||||
};
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
*/
|
||||
/*
|
||||
* SHA-256 test-suit
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
@ -59,36 +59,77 @@ void testrun_performance_sha256(void){
|
|||
hfal_performance_multiple(algolist);
|
||||
}
|
||||
|
||||
void test_monte(void){
|
||||
uint8_t data1[] = {
|
||||
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7 };
|
||||
|
||||
uint8_t data2[] = {
|
||||
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
|
||||
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
|
||||
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
|
||||
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
|
||||
0xFD, 0xDF, 0x1B, 0x37, 0xDD, 0x34, 0xB3, 0xB2,
|
||||
0x01, 0xD4, 0x3C, 0x57, 0xBC, 0xDE, 0x11, 0x58,
|
||||
0x38, 0xF0, 0xDF, 0x70, 0x1D, 0xA9, 0x3C, 0x3B,
|
||||
0xF2, 0xC9, 0xC8, 0x68, 0x96, 0xE7, 0xE6, 0xC7 };
|
||||
uint8_t hash[SHA256_HASH_BYTES];
|
||||
sha256(hash, data1, 3*32*8);
|
||||
cli_putstr_P(PSTR("\r\n hash(data1) = "));
|
||||
cli_hexdump(hash, 32);
|
||||
sha256(hash, data2, 3*32*8);
|
||||
cli_putstr_P(PSTR("\r\n hash(data2) = "));
|
||||
cli_hexdump(hash, 32);
|
||||
}
|
||||
|
||||
/*****************************************************************************
|
||||
* main *
|
||||
*****************************************************************************/
|
||||
|
||||
const char nessie_str[] PROGMEM = "nessie";
|
||||
const char test_str[] PROGMEM = "test";
|
||||
const char monte_str[] PROGMEM = "monte";
|
||||
const char performance_str[] PROGMEM = "performance";
|
||||
const char echo_str[] PROGMEM = "echo";
|
||||
const char shavs_list_str[] PROGMEM = "shavs_list";
|
||||
const char shavs_set_str[] PROGMEM = "shavs_set";
|
||||
const char shavs_test1_str[] PROGMEM = "shavs_test1";
|
||||
const char shavs_test2_str[] PROGMEM = "shavs_test2";
|
||||
const char dump_str[] PROGMEM = "dump";
|
||||
|
||||
cmdlist_entry_t cmdlist[] PROGMEM = {
|
||||
{ nessie_str, NULL, testrun_nessie_sha256},
|
||||
{ test_str, NULL, testrun_nessie_sha256},
|
||||
{ monte_str, NULL, test_monte},
|
||||
{ performance_str, NULL, testrun_performance_sha256},
|
||||
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
|
||||
{ shavs_list_str, NULL, shavs_listalgos},
|
||||
{ shavs_set_str, (void*)1, (void_fpt)shavs_setalgo},
|
||||
{ shavs_test1_str, NULL, shavs_test1},
|
||||
{ shavs_test2_str, NULL, shavs_test2},
|
||||
{ dump_str, (void*)1, (void_fpt)dump},
|
||||
{ NULL, NULL, NULL}
|
||||
};
|
||||
|
||||
int main (void){
|
||||
DEBUG_INIT();
|
||||
|
||||
|
||||
cli_rx = (cli_rx_fpt)uart0_getc;
|
||||
cli_tx = (cli_tx_fpt)uart0_putc;
|
||||
cli_tx = (cli_tx_fpt)uart0_putc;
|
||||
shavs_algolist=(hfdesc_t**)algolist;
|
||||
shavs_algo=(hfdesc_t*)&sha256_desc;
|
||||
for(;;){
|
||||
|
|
|
@ -170,7 +170,7 @@ int32_t getLength(void){
|
|||
}
|
||||
}
|
||||
|
||||
void shavs_test1(void){
|
||||
void shavs_test1(void){ /* KAT tests */
|
||||
uint32_t length=0;
|
||||
int32_t expect_input=0;
|
||||
|
||||
|
@ -179,7 +179,7 @@ void shavs_test1(void){
|
|||
return;
|
||||
}
|
||||
char c;
|
||||
uint8_t diggest[pgm_read_word(shavs_algo->hashsize_b)/8];
|
||||
uint8_t diggest[pgm_read_word(&(shavs_algo->hashsize_b))/8];
|
||||
shavs_ctx.buffersize_B=pgm_read_word(&(shavs_algo->blocksize_b))/8;
|
||||
uint8_t buffer[shavs_ctx.buffersize_B+5];
|
||||
shavs_ctx.buffer = buffer;
|
||||
|
@ -325,3 +325,89 @@ void shavs_test1(void){
|
|||
}
|
||||
}
|
||||
|
||||
void shavs_test2(void){ /* MonteCarlo - tests */
|
||||
uint16_t expected_input;
|
||||
uint16_t count;
|
||||
uint8_t v;
|
||||
uint8_t index=0;
|
||||
char c;
|
||||
if(!shavs_algo){
|
||||
cli_putstr_P(PSTR("\r\nERROR: select algorithm first!"));
|
||||
return;
|
||||
}
|
||||
uint8_t ml=pgm_read_word(&(shavs_algo->hashsize_b))/8;
|
||||
uint8_t m[ml*4+8];
|
||||
for(;;){
|
||||
while((c=cli_getc_cecho())!='S' && c!='s'){
|
||||
if(!isblank(c)){
|
||||
cli_putstr_P(PSTR("\r\nERROR: wrong input (1) [0x"));
|
||||
cli_hexdump(&c, 1);
|
||||
cli_putstr_P(PSTR("]!\r\n"));
|
||||
return;
|
||||
}
|
||||
}
|
||||
if((c=cli_getc_cecho())!='e' && c!='e'){
|
||||
cli_putstr_P(PSTR("\r\nERROR: wrong input (2)!\r\n"));
|
||||
return;
|
||||
}
|
||||
if((c=cli_getc_cecho())!='e' && c!='e'){
|
||||
cli_putstr_P(PSTR("\r\nERROR: wrong input (3)!\r\n"));
|
||||
return;
|
||||
}
|
||||
if((c=cli_getc_cecho())!='d' && c!='D'){
|
||||
cli_putstr_P(PSTR("\r\nERROR: wrong input (4)!\r\n"));
|
||||
return;
|
||||
}
|
||||
while((c=cli_getc_cecho())!='='){
|
||||
if(!isblank(c)){
|
||||
cli_putstr_P(PSTR("\r\nERROR: wrong input (5)!\r\n"));
|
||||
return;
|
||||
}
|
||||
}
|
||||
cli_putstr_P(PSTR("\r\n reading seed ml=0x"));
|
||||
cli_hexdump_rev(&ml, 1);
|
||||
expected_input = ml*2;
|
||||
memset(m+2*ml, 0, ml);
|
||||
do{
|
||||
v=0xff;
|
||||
c=cli_getc_cecho();
|
||||
if(c>='0' && c<='9'){
|
||||
v = c - '0';
|
||||
}else{
|
||||
c |= 'A'^'a';
|
||||
if(c>='a' && c<='f'){
|
||||
v = c - 'a' +10;
|
||||
}
|
||||
}
|
||||
if(v<0x10){
|
||||
c=m[ml*2+index/2];
|
||||
if(index&1){
|
||||
c |= v;
|
||||
}else{
|
||||
c |=v<<4;
|
||||
}
|
||||
m[ml*2+index/2]=c;
|
||||
index++;
|
||||
expected_input--;
|
||||
}
|
||||
}while(expected_input);
|
||||
/* so we have the seed */
|
||||
cli_putstr_P(PSTR("\r\nstarting processing"));
|
||||
uint16_t j;
|
||||
for(count=0; count<100; ++count){
|
||||
memcpy(m, m+ml*2, ml);
|
||||
memcpy(m+ml, m+ml*2, ml);
|
||||
for(j=0; j<1000; ++j){
|
||||
hfal_hash_mem(shavs_algo, m+ml*3, m, ml*3*8);
|
||||
memmove(m, m+ml, 3*ml);
|
||||
}
|
||||
cli_putstr_P(PSTR("\r\n\r\nCOUNT = "));
|
||||
if(count>10){
|
||||
cli_putc(count/10+'0');
|
||||
}
|
||||
cli_putc(count%10+'0');
|
||||
cli_putstr_P(PSTR("\r\nMD = "));
|
||||
cli_hexdump(m+ml*2, ml);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -18,10 +18,10 @@
|
|||
*/
|
||||
/**
|
||||
* \file shavs.h
|
||||
* \author Daniel Otte
|
||||
* \author Daniel Otte
|
||||
* \date 2006-05-16
|
||||
* \license GPLv3 or later
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef SHAVS_H_
|
||||
|
@ -36,5 +36,7 @@ extern hfdesc_t** shavs_algolist;
|
|||
void shavs_listalgos(void);
|
||||
void shavs_setalgo(char* param);
|
||||
void shavs_test1(void);
|
||||
void shavs_test2(void);
|
||||
|
||||
|
||||
#endif /* SHAVS */
|
||||
|
|
Loading…
Reference in New Issue