Domů Procházet Nápověda
Registrovat se Přihlásit se
Avans-TI
/
2.3-InternetRadio
2
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: b12fac4b8e
Větve Značky
2.3-InternetRad...
/
nutos
/
nut
/
contrib
/
arm-crypto-lib
/
echo
/
echo.c

echo.c 8.5 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338 
  1. /* echo.c */
    2. 

  2. /*
    3. 

  3.     This file is part of the ARM-Crypto-Lib.
    4. 

  4.     Copyright (C) 2006-2010  Daniel Otte (daniel.otte@rub.de)
    5. 

  5. 

  6.     This program is free software: you can redistribute it and/or modify
    7. 

  7.     it under the terms of the GNU General Public License as published by
    8. 

  8.     the Free Software Foundation, either version 3 of the License, or
    9. 

  9.     (at your option) any later version.
    10. 

  10. 

  11.     This program is distributed in the hope that it will be useful,
    12. 

  12.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.     GNU General Public License for more details.
    15. 

  15. 

  16.     You should have received a copy of the GNU General Public License
    17. 

  17.     along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. */
    19. 

  19. 

  20. 

  21. #include <crypto/echo.h>
    22. 

  22. #include <crypto/gf256mul.h>
    23. 

  23. #include <crypto/memxor.h>
    24. 

  24. #include <crypto/aes_enc_round.h>
    25. 

  25. #include <stdint.h>
    26. 

  26. #include <string.h>
    27. 

  27. 

  28. #ifdef DEBUG
    29. 

  29. #undef DEBUG
    30. 

  30. #endif
    31. 

  31. 

  32. #define DEBUG 0
    33. 

  33. 

  34. #if DEBUG
    35. 

  35. #define DEBUG_DEPTH 2
    36. 

  36. #include <crypto/cli.h>
    37. 

  37. #endif
    38. 

  38. 

  39. 

  40. #define INDEX(c,r) ((c)*16*4+(r)*16)
    41. 

  41. 

  42. #define GF256MUL_1(a) (a)
    43. 

  43. #define GF256MUL_2(a) (gf256mul(2, (a), 0x1b))
    44. 

  44. #define GF256MUL_3(a) (gf256mul(3, (a), 0x1b))
    45. 

  45. 

  46. static void mixcol(uint8_t* s){
    47. 

  47. 	uint8_t t, tmp[4];
    48. 

  48. 	tmp[0] = *(s+16*0);
    49. 

  49. 	tmp[1] = *(s+16*1);
    50. 

  50. 	tmp[2] = *(s+16*2);
    51. 

  51. 	tmp[3] = *(s+16*3);
    52. 

  52. 

  53. 	t = tmp[0] ^ tmp[1] ^ tmp[2] ^ tmp[3];
    54. 

  54. 	*(s+16*0) =
    55. 

  55. 		  GF256MUL_2(tmp[0]^tmp[1])
    56. 

  56. 		^ tmp[0]
    57. 

  57. 		^ t;
    58. 

  58. 	*(s+16*1) =
    59. 

  59. 		  GF256MUL_2(tmp[1]^tmp[2])
    60. 

  60. 		^ tmp[1]
    61. 

  61. 		^ t;
    62. 

  62. 	*(s+16*2) =
    63. 

  63. 		  GF256MUL_2(tmp[2]^tmp[3])
    64. 

  64. 		^ tmp[2]
    65. 

  65. 		^ t;
    66. 

  66. 	*(s+16*3) =
    67. 

  67. 		  GF256MUL_2(tmp[3]^tmp[0])
    68. 

  68. 		^ tmp[3]
    69. 

  69. 		^ t;
    70. 

  70. }
    71. 

  71. 

  72. #if DEBUG
    73. 

  73. static void dump_state(void* s){
    74. 

  74. 	uint8_t row, col;
    75. 

  75. 	for(col=0; col<4; col++){
    76. 

  76. 		for(row=0; row<4; row++){
    77. 

  77. 			cli_putstr("\r\nrow ");
    78. 

  78. 			cli_putc('0'+row);
    79. 

  79. 			cli_putstr(", col ");
    80. 

  80. 			cli_putc('0'+col);
    81. 

  81. 			cli_putstr(": ");
    82. 

  82. 			cli_hexdump((uint8_t*)s+col*16*4+row*16, 4);
    83. 

  83. 			cli_putc(' ');
    84. 

  84. 			cli_hexdump((uint8_t*)s+col*16*4+row*16+ 4, 4);
    85. 

  85. 			cli_putc(' ');
    86. 

  86. 			cli_hexdump((uint8_t*)s+col*16*4+row*16+ 8, 4);
    87. 

  87. 			cli_putc(' ');
    88. 

  88. 			cli_hexdump((uint8_t*)s+col*16*4+row*16+12, 4);
    89. 

  89. 		}
    90. 

  90. 	}
    91. 

  91. }
    92. 

  92. #endif
    93. 

  93. 

  94. static void echo_compress(uint8_t* s, uint8_t iterations, uint64_t* c, void* salt){
    95. 

  95. 	uint8_t i, j;
    96. 

  96. 	union {
    97. 

  97. 		uint8_t v8[16];
    98. 

  98. 		uint64_t v64[2];
    99. 

  99. 	} k;
    100. 

  100. #if DEBUG
    101. 

  101. 	uint8_t round=0;
    102. 

  102. #endif
    103. 

  103. 	memcpy(k.v8, c, 8);
    104. 

  104. 	memset(k.v8+8, 0, 8);
    105. 

  105. 	do{
    106. 

  106. 		/* BIG.SubWords */
    107. 

  107. #if DEBUG
    108. 

  108. 	cli_putstr("\r\n === ROUND ");
    109. 

  109. 	cli_putc('0'+round);
    110. 

  110. 	cli_putstr(" ===");
    111. 

  111. 	if(round<DEBUG_DEPTH){
    112. 

  112. 		dump_state(s);
    113. 

  113. 	}
    114. 

  114. #endif
    115. 

  115. 		for(i=0; i<16; ++i){
    116. 

  116. 			aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)k.v8);
    117. 

  117. 			aes_enc_round((aes_cipher_state_t*)(s+16*i), (aes_roundkey_t*)salt);
    118. 

  118. 			k.v64[0] += 1;
    119. 

  119. 		}
    120. 

  120. #if DEBUG
    121. 

  121. 		if(round<DEBUG_DEPTH){
    122. 

  122. 			cli_putstr("\r\nAfter SubWords");
    123. 

  123. 			dump_state(s);
    124. 

  124. 		}
    125. 

  125. #endif
    126. 

  126. 		/* BIG.ShiftRows */
    127. 

  127. 		uint8_t t[16];
    128. 

  128. 		/* "Row" 1 */
    129. 

  129. 		memcpy(t,             s+INDEX(0, 1), 16);
    130. 

  130. 		memcpy(s+INDEX(0, 1), s+INDEX(1, 1), 16);
    131. 

  131. 		memcpy(s+INDEX(1, 1), s+INDEX(2, 1), 16);
    132. 

  132. 		memcpy(s+INDEX(2, 1), s+INDEX(3, 1), 16);
    133. 

  133. 		memcpy(s+INDEX(3, 1), t,             16);
    134. 

  134. 		/* "Row" 2 */
    135. 

  135. 		memcpy(t,             s+INDEX(0, 2), 16);
    136. 

  136. 		memcpy(s+INDEX(0, 2), s+INDEX(2, 2), 16);
    137. 

  137. 		memcpy(s+INDEX(2, 2), t,             16);
    138. 

  138. 		memcpy(t,             s+INDEX(1, 2), 16);
    139. 

  139. 		memcpy(s+INDEX(1, 2), s+INDEX(3, 2), 16);
    140. 

  140. 		memcpy(s+INDEX(3, 2), t,             16);
    141. 

  141. 		/* "Row" 3 */
    142. 

  142. 		memcpy(t,             s+INDEX(0, 3), 16);
    143. 

  143. 		memcpy(s+INDEX(0, 3), s+INDEX(3, 3), 16);
    144. 

  144. 		memcpy(s+INDEX(3, 3), s+INDEX(2, 3), 16);
    145. 

  145. 		memcpy(s+INDEX(2, 3), s+INDEX(1, 3), 16);
    146. 

  146. 		memcpy(s+INDEX(1, 3), t,             16);
    147. 

  147. #if DEBUG
    148. 

  148. 		if(round<DEBUG_DEPTH){
    149. 

  149. 			cli_putstr("\r\nAfter ShiftRows");
    150. 

  150. 			dump_state(s);
    151. 

  151. 		}
    152. 

  152. #endif
    153. 

  153. 		/* BIG.MixColumns */
    154. 

  154. 		for(i=0; i<4; i+=1){
    155. 

  155. 			for(j=0; j<16; ++j){
    156. 

  156. 				mixcol(s+i*64+j);
    157. 

  157. 			}
    158. 

  158. 		}
    159. 

  159. #if DEBUG
    160. 

  160. 		if(round<DEBUG_DEPTH){
    161. 

  161. 			cli_putstr("\r\nAfter MixColumns");
    162. 

  162. 			dump_state(s);
    163. 

  163. 		}
    164. 

  164. 		round++;
    165. 

  165. #endif
    166. 

  166. 	}while(--iterations);
    167. 

  167. 

  168. }
    169. 

  169. 

  170. /******************************************************************************/
    171. 

  171. 

  172. static void compress512(void* v, void* m, uint64_t* c, void* salt){
    173. 

  173. 	uint8_t s[16*16];
    174. 

  174. 	uint8_t i;
    175. 

  175. 	memcpy(s, v, 16*4);           /* load v into state */
    176. 

  176. 	memcpy(s+16*4, m, 16*12);     /* load m into state */
    177. 

  177. 

  178. 	echo_compress(s, 8, c, salt);
    179. 

  179. 

  180. 	/* BIG.Final */
    181. 

  181. 	for(i=0; i<3; ++i){
    182. 

  182. 		memxor(v, (uint8_t*)m+4*16*i, 4*16);
    183. 

  183. 	}
    184. 

  184. 	for(i=0; i<4; ++i){
    185. 

  185. 		memxor(v, s+4*16*i, 4*16);
    186. 

  186. 	}
    187. 

  187. }
    188. 

  188. 

  189. static void compress1024(void* v, void* m, uint64_t* c, void* salt){
    190. 

  190. 	uint8_t s[16*16];
    191. 

  191. 	memcpy(s, v, 16*8);           /* load v into state */
    192. 

  192. 	memcpy(s+16*8, m, 16*8);      /* load m into state */
    193. 

  193. 

  194. 	echo_compress(s, 10, c, salt);
    195. 

  195. 

  196. 	/* BIG.Final */
    197. 

  197. 	memxor(v, m, 16*8);
    198. 

  198. 	memxor(v, s, 16*8);
    199. 

  199. 	memxor(v, s+16*8, 16*8);
    200. 

  200. }
    201. 

  201. 

  202. /******************************************************************************/
    203. 

  203. 

  204. void echo_small_nextBlock(echo_small_ctx_t* ctx, void* block){
    205. 

  205. 	ctx->counter += ECHO_SMALL_BLOCKSIZE;
    206. 

  206. 	compress512(ctx->v, block, &(ctx->counter), ctx->salt);
    207. 

  207. }
    208. 

  208. 

  209. void echo_small_lastBlock(echo_small_ctx_t* ctx, void* block, uint16_t length_b){
    210. 

  210. 	while(length_b>=ECHO_SMALL_BLOCKSIZE){
    211. 

  211. 		echo_small_nextBlock(ctx, block);
    212. 

  212. 		block = (uint8_t*)block + ECHO_SMALL_BLOCKSIZE_B;
    213. 

  213. 		length_b -= ECHO_SMALL_BLOCKSIZE;
    214. 

  214. 	}
    215. 

  215. 	uint8_t buffer[ECHO_SMALL_BLOCKSIZE_B];
    216. 

  216. 	uint64_t total_len;
    217. 

  217. 	memset(buffer, 0, ECHO_SMALL_BLOCKSIZE_B);
    218. 

  218. 	memcpy(buffer, block, (length_b+7)/8);
    219. 

  219. 	buffer[length_b/8] |= 0x80 >> (length_b&7);
    220. 

  220. 	total_len = (ctx->counter += length_b);
    221. 

  221. 	if(length_b>=ECHO_SMALL_BLOCKSIZE-144){
    222. 

  222. 		compress512(ctx->v, buffer, &total_len, ctx->salt);
    223. 

  223. 		memset(buffer, 0, ECHO_SMALL_BLOCKSIZE_B);
    224. 

  224. 		ctx->counter = 0;
    225. 

  225. 	}
    226. 

  226. 	if(length_b==0){
    227. 

  227. 		ctx->counter = 0;
    228. 

  228. 	}
    229. 

  229. 	memcpy(buffer+ECHO_SMALL_BLOCKSIZE_B-18, &(ctx->id), 2);
    230. 

  230. 	memcpy(buffer+ECHO_SMALL_BLOCKSIZE_B-16, &total_len, 8);
    231. 

  231. 	compress512(ctx->v, buffer, &(ctx->counter), ctx->salt);
    232. 

  232. }
    233. 

  233. 

  234. /******************************************************************************/
    235. 

  235. 

  236. void echo_large_nextBlock(echo_large_ctx_t* ctx, void* block){
    237. 

  237. 	ctx->counter += ECHO_LARGE_BLOCKSIZE;
    238. 

  238. 	compress1024(ctx->v, block, &(ctx->counter), ctx->salt);
    239. 

  239. }
    240. 

  240. 

  241. void echo_large_lastBlock(echo_large_ctx_t* ctx, void* block, uint16_t length_b){
    242. 

  242. 	while(length_b>=ECHO_LARGE_BLOCKSIZE){
    243. 

  243. 		echo_large_nextBlock(ctx, block);
    244. 

  244. 		block = (uint8_t*)block + ECHO_LARGE_BLOCKSIZE_B;
    245. 

  245. 		length_b -= ECHO_LARGE_BLOCKSIZE;
    246. 

  246. 	}
    247. 

  247. 	uint8_t buffer[ECHO_LARGE_BLOCKSIZE_B];
    248. 

  248. 	uint64_t total_len;
    249. 

  249. 	memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
    250. 

  250. 	memcpy(buffer, block, (length_b+7)/8);
    251. 

  251. 	buffer[length_b/8] |= 0x80 >> (length_b&7);
    252. 

  252. 	total_len = (ctx->counter += length_b);
    253. 

  253. 	if(length_b>=ECHO_LARGE_BLOCKSIZE-144){
    254. 

  254. 		compress1024(ctx->v, buffer, &total_len, ctx->salt);
    255. 

  255. 		memset(buffer, 0, ECHO_LARGE_BLOCKSIZE_B);
    256. 

  256. 		ctx->counter = 0;
    257. 

  257. 	}
    258. 

  258. 	if(length_b==0){
    259. 

  259. 		ctx->counter = 0;
    260. 

  260. 	}
    261. 

  261. 	memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-18, &(ctx->id), 2);
    262. 

  262. 	memcpy(buffer+ECHO_LARGE_BLOCKSIZE_B-16, &total_len, 8);
    263. 

  263. 	compress1024(ctx->v, buffer, &(ctx->counter), ctx->salt);
    264. 

  264. }
    265. 

  265. /******************************************************************************/
    266. 

  266. 

  267. void echo_ctx2hash(void* dest, uint16_t length_b, echo_small_ctx_t* ctx){
    268. 

  268. 	memcpy(dest, ctx->v, (length_b+7)/8);
    269. 

  269. }
    270. 

  270. 

  271. void echo224_ctx2hash(void* dest, echo_small_ctx_t* ctx){
    272. 

  272. 	memcpy(dest, ctx->v, 224/8);
    273. 

  273. }
    274. 

  274. 

  275. void echo256_ctx2hash(void* dest, echo_small_ctx_t* ctx){
    276. 

  276. 	memcpy(dest, ctx->v, 256/8);
    277. 

  277. }
    278. 

  278. 

  279. /******************************************************************************/
    280. 

  280. 

  281. void echo384_ctx2hash(void* dest, echo_large_ctx_t* ctx){
    282. 

  282. 	memcpy(dest, ctx->v, 384/8);
    283. 

  283. }
    284. 

  284. 

  285. void echo512_ctx2hash(void* dest, echo_large_ctx_t* ctx){
    286. 

  286. 	memcpy(dest, ctx->v, 512/8);
    287. 

  287. }
    288. 

  288. 

  289. /******************************************************************************/
    290. 

  290. 

  291. void echo224_init(echo_small_ctx_t* ctx){
    292. 

  292. 	memset(ctx->v, 0, 4*16);
    293. 

  293. 	ctx->counter = 0;
    294. 

  294. 	memset(ctx->salt, 0, 16);
    295. 

  295. 	ctx->id = 0x00E0;
    296. 

  296. 	ctx->v[0+16*0] = 0xE0;
    297. 

  297. 	ctx->v[0+16*1] = 0xE0;
    298. 

  298. 	ctx->v[0+16*2] = 0xE0;
    299. 

  299. 	ctx->v[0+16*3] = 0xE0;
    300. 

  300. }
    301. 

  301. 

  302. void echo256_init(echo_small_ctx_t* ctx){
    303. 

  303. 	memset(ctx->v, 0, 4*16);
    304. 

  304. 	ctx->counter = 0;
    305. 

  305. 	memset(ctx->salt, 0, 16);
    306. 

  306. 	ctx->id = 0x0100;
    307. 

  307. 	ctx->v[1+16*0] = 0x01;
    308. 

  308. 	ctx->v[1+16*1] = 0x01;
    309. 

  309. 	ctx->v[1+16*2] = 0x01;
    310. 

  310. 	ctx->v[1+16*3] = 0x01;
    311. 

  311. }
    312. 

  312. 

  313. /******************************************************************************/
    314. 

  314. 

  315. void echo384_init(echo_large_ctx_t* ctx){
    316. 

  316. 	uint8_t i;
    317. 

  317. 	memset(ctx->v, 0, 8*16);
    318. 

  318. 	ctx->counter = 0;
    319. 

  319. 	memset(ctx->salt, 0, 16);
    320. 

  320. 	ctx->id = 0x0180;
    321. 

  321. 	for(i=0; i<8; ++i){
    322. 

  322. 		ctx->v[0+16*i] = 0x80;
    323. 

  323. 		ctx->v[1+16*i] = 0x01;
    324. 

  324. 	}
    325. 

  325. }
    326. 

  326. 

  327. void echo512_init(echo_large_ctx_t* ctx){
    328. 

  328. 	uint8_t i;
    329. 

  329. 	memset(ctx->v, 0, 8*16);
    330. 

  330. 	ctx->counter = 0;
    331. 

  331. 	memset(ctx->salt, 0, 16);
    332. 

  332. 	ctx->id = 0x0200;
    333. 

  333. 	for(i=0; i<8; ++i){
    334. 

  334. 		ctx->v[1+16*i] = 0x02;
    335. 

  335. 	}
    336. 

  336. }
    337. 

  337. 

  338. /******************************************************************************/
    339.