218 lines
3.7 KiB
ArmAsm
218 lines
3.7 KiB
ArmAsm
/* noekeon_omac.S */
|
|
/*
|
|
This file is part of the Crypto-avr-lib/microcrypt-lib.
|
|
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
/*
|
|
* \author Daniel Otte
|
|
* \email daniel.otte@rub.de
|
|
* \date 2008-08-06
|
|
* \license GPLv3 or later
|
|
*
|
|
*
|
|
*
|
|
*/
|
|
|
|
#include <avr/io.h>
|
|
|
|
|
|
.macro push_ p1:req, p2:vararg
|
|
push \p1
|
|
.ifnb \p2
|
|
push_ \p2
|
|
.endif
|
|
.endm
|
|
|
|
.macro pop_ p1:req, p2:vararg
|
|
pop \p1
|
|
.ifnb \p2
|
|
pop_ \p2
|
|
.endif
|
|
.endm
|
|
|
|
.macro push_range from:req, to:req
|
|
push \from
|
|
.if \to-\from
|
|
push_range "(\from+1)",\to
|
|
.endif
|
|
.endm
|
|
|
|
.macro pop_range from:req, to:req
|
|
pop \to
|
|
.if \to-\from
|
|
pop_range \from,"(\to-1)"
|
|
.endif
|
|
.endm
|
|
|
|
.macro stack_alloc size:req, reg1=r30, reg2=r31
|
|
in \reg1, _SFR_IO_ADDR(SPL)
|
|
in \reg2, _SFR_IO_ADDR(SPH)
|
|
sbiw r30, \size
|
|
out _SFR_IO_ADDR(SPH), \reg2
|
|
out _SFR_IO_ADDR(SPL), \reg1
|
|
.endm
|
|
|
|
.macro stack_free size:req, reg1=r30, reg2=r31
|
|
in \reg1, _SFR_IO_ADDR(SPL)
|
|
in \reg2, _SFR_IO_ADDR(SPH)
|
|
adiw r30, \size
|
|
out _SFR_IO_ADDR(SPH), \reg2
|
|
out _SFR_IO_ADDR(SPL), \reg1
|
|
.endm
|
|
|
|
push_r18_r27_func:
|
|
pop r31
|
|
pop r30
|
|
push_range 18, 27
|
|
ijmp
|
|
|
|
pop_r18_r27_func:
|
|
pop r31
|
|
pop r30
|
|
pop_range 18, 27
|
|
ijmp
|
|
|
|
.extern noekeon_enc
|
|
|
|
/*
|
|
* void noekeon_omac(void* dest, const void* msg, uint16_t msglength_b,
|
|
* const void* key, uint8_t t)
|
|
*/
|
|
|
|
/* param dest is passed in r24:r25
|
|
* param msg is passed in r22:r23
|
|
* param msglength_b is passed in r20:r21
|
|
* param key is passed in r18:r19
|
|
* param t is passed in r16
|
|
*/
|
|
.global noekeon_omac
|
|
noekeon_omac:
|
|
stack_alloc 48
|
|
ldi r17, 48
|
|
1:
|
|
st Z+, r1
|
|
dec r17
|
|
brne 1b
|
|
sbiw r30, 48
|
|
mov r26, r22
|
|
mov r22, r18
|
|
mov r18, r24
|
|
mov r24, r30
|
|
cpi r16, 0xff
|
|
breq 2f
|
|
st Z, r16
|
|
rcall push_r18_r27_func
|
|
rcall noekeon_enc
|
|
rcall pop_r18_r27_func
|
|
movw r30, r24
|
|
2:
|
|
tst r21
|
|
brne fullblock
|
|
cpi r20, 128+1
|
|
brlo lastblock
|
|
fullblock:
|
|
/* copy block to stack buffer */
|
|
ldi r16, 16
|
|
1:
|
|
ld r0, X+
|
|
ld r17, Z
|
|
eor r0, r17
|
|
st Z+, r0
|
|
dec r16
|
|
brne 1b
|
|
rcall push_r18_r27_func
|
|
rcall noekeon_enc
|
|
rcall pop_r18_r27_func
|
|
movw r30, r24
|
|
subi r20, 128
|
|
sbci r21, 0
|
|
rjmp 2
|
|
lastblock:
|
|
adiw r24, 16
|
|
rcall push_r18_r27_func
|
|
rcall noekeon_enc
|
|
rcall pop_r18_r27_func
|
|
|
|
bst r20, 6 /* set t bit if msglength_b%128==0*/
|
|
2:
|
|
ldi r16, 16
|
|
clc
|
|
movw r30, r24 /* z points to encrypted null vector (L) */
|
|
1:
|
|
ld r0, Z
|
|
rol r0
|
|
st Z+, r0
|
|
dec r16
|
|
brne 1b
|
|
brtc 2f
|
|
clt
|
|
rjmp 2b
|
|
2: /* B/P has been calculated */
|
|
ldi r16, 16
|
|
sbiw r30, 32
|
|
3:
|
|
ld r0, Z
|
|
ldd r17, Z+16
|
|
eor r0, r17
|
|
st Z+, r0
|
|
dec r16
|
|
brne 3b
|
|
/* B/P has been xored into stack buffer */
|
|
/* now we have to xor-in the remaining message */
|
|
mov r16, r20
|
|
subi r16, -7
|
|
lsr r16
|
|
lsr r16
|
|
lsr r16 /* r 1*/
|
|
sbiw r30, 16
|
|
4:
|
|
ld r0, X+
|
|
ld r17, Z
|
|
eor r0, r17
|
|
st Z+, r0
|
|
dec r16
|
|
brne 4b
|
|
/* now we have only to insert the 1 at the end of message if msglength_b%128 != 0 */
|
|
sbiw r30, 1
|
|
andi r20, 0x07
|
|
breq 7f
|
|
ldi r17, 1
|
|
5:
|
|
dec r20
|
|
breq 6f
|
|
lsl r17
|
|
rjmp 5b
|
|
6:
|
|
ld r0, Z
|
|
eor r0, r17
|
|
st Z, r0
|
|
7:
|
|
call noekeon_enc
|
|
stack_free 48
|
|
ret
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|