added Khazad

das-labor · Jan 2, 2011 · 5aa5842 · 5aa5842
1 parent f85ea51
commit 5aa5842
Show file tree

Hide file tree

Showing 12 changed files with 6,926 additions and 5 deletions.
diff --git a/microcontroller-2/crypto-lib/bcal/bcal_khazad.c b/microcontroller-2/crypto-lib/bcal/bcal_khazad.c
@@ -0,0 +1,53 @@
+/* bcal_khazad.c */
+/*
+    This file is part of the AVR-Crypto-Lib.
+    Copyright (C) 2011  Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file     bcal_khazad.c
+ * \email    daniel.otte@rub.de
+ * \author   Daniel Otte 
+ * \date     2011-01-02
+ * \license  GPLv3 or later
+ * 
+ */
+
+#include <avr/pgmspace.h>
+#include <stdlib.h>
+#include "blockcipher_descriptor.h"
+#include "khazad.h"
+#include "keysize_descriptor.h"
+
+const char khazad_str[]   PROGMEM = "Khazad";
+
+const uint8_t khazad_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
+                                                KS_TYPE_TERMINATOR    };
+
+
+const bcdesc_t khazad_desc PROGMEM = {
+	BCDESC_TYPE_BLOCKCIPHER,
+	BC_INIT_TYPE_1,
+	khazad_str,
+	sizeof(khazad_ctx_t),
+	64,
+	{(void_fpt)khazad_init},
+	{(void_fpt)khazad_enc},
+	{(void_fpt)khazad_dec},
+	(bc_free_fpt)NULL,
+	khazad_keysize_desc
+};
+
+
diff --git a/microcontroller-2/crypto-lib/bcal/bcal_khazad.h b/microcontroller-2/crypto-lib/bcal/bcal_khazad.h
@@ -0,0 +1,33 @@
+/* bcal_khazad.h */
+/*
+    This file is part of the AVR-Crypto-Lib.
+    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file     bcal_khazad.h
+ * \email    daniel.otte@rub.de
+ * \author   Daniel Otte 
+ * \date     2011-01-02
+ * \license  GPLv3 or later
+ * 
+ */
+
+#include <avr/pgmspace.h>
+#include "blockcipher_descriptor.h"
+#include "khazad.h"
+#include "keysize_descriptor.h"
+
+extern const bcdesc_t khazad_desc;
diff --git a/microcontroller-2/crypto-lib/bigint/bigint.c b/microcontroller-2/crypto-lib/bigint/bigint.c
@@ -85,7 +85,6 @@ void bigint_copy(bigint_t* dest, const bigint_t* src){
 /******************************************************************************/
 
 /* this should be implemented in assembly */
-/*
 void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
 	uint16_t t=0, i;
 	if(a->length_B < b->length_B){
@@ -105,7 +104,7 @@ void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
 	dest->length_B = i;
 	bigint_adjust(dest);
 }
-*/
+
 /******************************************************************************/
 
 /* this should be implemented in assembly */

diff --git a/microcontroller-2/crypto-lib/blockcipher_descriptor.h b/microcontroller-2/crypto-lib/blockcipher_descriptor.h
@@ -63,8 +63,8 @@ typedef union{
 } bc_dec_fpt;
 
 #define BC_INIT_TYPE   0x01
-#define BC_INIT_TYPE_1 0x00
-#define BC_INIT_TYPE_2 0x01
+#define BC_INIT_TYPE_1 0x00 /* for fix keylength */
+#define BC_INIT_TYPE_2 0x01 /* keylength is passed as second parameter */
 
 #define BC_ENC_TYPE    0x02
 #define BC_ENC_TYPE_1  0x00

diff --git a/microcontroller-2/crypto-lib/host/bigint_test.rb b/microcontroller-2/crypto-lib/host/bigint_test.rb
@@ -246,6 +246,66 @@ def mul_test(a,b)
   return false
 end
 
+################################################################################
+# add_scale_test                                                               #
+################################################################################
+
+def add_scale_test(a, b, scale)
+  begin
+    line = $sp.gets()
+    line = "" if line==nil
+    puts("DBG got: "+line) if $debug
+    if /^Error:.*/.match(line)
+      puts line
+      return false
+    end
+  end while not /[\s]*enter a:[\s]*/.match(line)
+  $sp.print(a.to_s(16)+" ")
+  begin
+    line = $sp.gets()
+    line = "" if line==nil
+    puts("DBG got: "+line) if $debug
+    if /^Error:.*/.match(line)
+      puts line
+      return false
+    end
+  end while not /[\s]*enter b:[\s]*/.match(line)
+  $sp.print(b.to_s(16)+" ")
+  begin
+    line = $sp.gets()
+    line = "" if line==nil
+    puts("DBG got: "+line) if $debug
+    if /^Error:.*/.match(line)
+      puts line
+      return false
+    end
+  end while not /[\s]*enter scale:[\s]*/.match(line)
+  $sp.print(scale.to_s(16)+"\n")
+  begin
+    line = $sp.gets()
+    line = "" if line==nil
+    puts("DBG got: "+line) if $debug
+    if /^Error:.*/.match(line)
+      puts line
+      return false
+    end
+  end while not m=/[\s]*([-]?[0-9a-fA-F]*)[\s]+\+[\s]+([+-]?[0-9a-fA-F]*)[\s]*<<8\*[\s]*([+-]?[0-9a-fA-F]*)[\s]*=[\s]*([+-]?[0-9a-fA-F]*)/.match(line)
+  a_ = m[1].to_i(16)
+  b_ = m[2].to_i(16)
+  s_ = m[3].to_i(16)
+  c_ = m[4].to_i(16)
+  line.chomp!
+  if(a_== a && b_ == b && c_ == (a+b))
+    $logfile.printf("[pass]: %s\n", line)
+    return true
+  else
+    $logfile.printf("[fail (%s%s%s)]: %s", (a==a_)?"":"a", (b==b_)?"":"b", (c_==a+b)?"":"c",line)
+    $logfile.printf(" ; should %s + %s = %s\n", a.to_s(16), b.to_s(16), (a+b).to_s(16))
+    return false
+  end
+  return false
+end
+
 ################################################################################
 # square_test                                                                  #
 ################################################################################

diff --git a/microcontroller-2/crypto-lib/khazad/khazad.c b/microcontroller-2/crypto-lib/khazad/khazad.c
@@ -0,0 +1,211 @@
+/* khazad.c */
+/*
+    This file is part of the AVR-Crypto-Lib.
+    Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <avr/pgmspace.h>
+#include <string.h>
+#include "gf256mul.h"
+#include "memxor.h"
+#include "khazad.h"
+
+/*
+  | | | |     | | | |
+  V V V V     V V V V
+ +-------+   +-------+
+ |   P   |   |   Q   |
+ +-------+   +-------+
+  | | \ \     / / | |
+  | |  \ \   / /  | |
+  | |   \ \ / /   | |
+  | |    \ X /    | |
+  | |     X X     | |
+  | |    / X \    | |
+  | |   / / \ \   | |
+  | |  / /   \ \  | |
+  | | / /     \ \ | |
+  | | | |     | | | |
+  V V V V     V V V V
+ +-------+   +-------+
+ |   Q   |   |   P   |
+ +-------+   +-------+
+  | | \ \     / / | |
+  | |  \ \   / /  | |
+  | |   \ \ / /   | |
+  | |    \ X /    | |
+  | |     X X     | |
+  | |    / X \    | |
+  | |   / / \ \   | |
+  | |  / /   \ \  | |
+  | | / /     \ \ | |
+  | | | |     | | | |
+  V V V V     V V V V
+ +-------+   +-------+
+ |   P   |   |   Q   |
+ +-------+   +-------+
+  | | | |    | | | |
+  V V V V    V V V V
+
+
+P:
+3x Fx Ex 0x 5x 4x Bx Cx Dx Ax 9x 6x 7x 8x 2x 1x
+Q:
+9x Ex 5x 6x Ax 2x 3x Cx Fx 0x 4x Dx 7x Bx 1x 8x
+*/
+
+static uint8_t pq_lut[16] PROGMEM = {
+	0x39, 0xFE, 0xE5, 0x06, 0x5A, 0x42, 0xB3, 0xCC,
+	0xDF, 0xA0, 0x94, 0x6D, 0x77, 0x8B, 0x21, 0x18
+};
+
+uint8_t khazad_sbox(uint8_t a){
+	uint8_t b,c,d,e;
+	b = pgm_read_byte(pq_lut+(a>>4))&0xf0;
+	c = pgm_read_byte(pq_lut+(a&0xf))&0x0f;
+	d = (b>>2)&0x0c;
+	e = (c<<2)&0x30;
+	b = (b&0xc0)|e;
+	c = (c&0x03)|d;
+	b = pgm_read_byte(pq_lut+(b>>4))<<4;
+	c = pgm_read_byte(pq_lut+(c&0xf))>>4;
+	d = (b>>2)&0x0c;
+	e = (c<<2)&0x30;
+	b = (b&0xc0)|e;
+	c = (c&0x03)|d;
+	b = pgm_read_byte(pq_lut+(b>>4))&0xf0;
+	c = pgm_read_byte(pq_lut+(c&0xf))&0x0f;
+	return b|c;
+}
+
+static void gamma(uint8_t* a){
+	uint8_t i;
+	for(i=0; i<8; ++i){
+		*a = khazad_sbox(*a);
+		a++;
+	}
+}
+
+/******************************************************************************/
+/* p8 (x) = x^8 + x^4 + x^3 + x^2 + 1 */
+#define POLYNOM 0x1D
+
+/*
+ * 01x 03x 04x 05x 06x 08x 0Bx 07x
+ * 03x 01x 05x 04x 08x 06x 07x 0Bx
+ * 04x 05x 01x 03x 0Bx 07x 06x 08x
+ * 05x 04x 03x 01x 07x 0Bx 08x 06x
+ * 06x 08x 0Bx 07x 01x 03x 04x 05x
+ * 08x 06x 07x 0Bx 03x 01x 05x 04x
+ * 0Bx 07x 06x 08x 04x 05x 01x 03x
+ * 07x 0Bx 08x 06x 05x 04x 03x 01x
+ */
+
+static uint8_t h[8][4] PROGMEM = {
+	{ 0x13, 0x45, 0x68, 0xB7 },
+	{ 0x31, 0x54, 0x86, 0x7B },
+	{ 0x45, 0x13, 0xB7, 0x68 },
+	{ 0x54, 0x31, 0x7B, 0x86 },
+	{ 0x68, 0xB7, 0x13, 0x45 },
+	{ 0x86, 0x7B, 0x31, 0x54 },
+	{ 0xB7, 0x68, 0x45, 0x13 },
+	{ 0x7B, 0x86, 0x54, 0x31 }
+};
+
+static void theta(uint8_t* a){
+	uint8_t i,j,x,accu;
+	uint8_t c[8];
+	uint8_t *hp;
+	hp = (uint8_t*)h;
+	for(i=0; i<8; ++i){
+		accu = 0;
+		for(j=0; j<4; ++j){
+			x = pgm_read_byte(hp++);
+			accu ^= gf256mul(*a++, x>>4, POLYNOM);
+			accu ^= gf256mul(*a++, x&0xf, POLYNOM);
+		}
+		a -= 8;
+		c[i] = accu;
+	}
+	memcpy(a, c, 8);
+}
+
+/******************************************************************************/
+
+static void khazad_round(uint8_t* a, const uint8_t* k){
+	gamma(a);
+	theta(a);
+	memxor(a, k, 8);
+}
+
+/******************************************************************************/
+
+void khazad_init(const void* key, khazad_ctx_t* ctx){
+	uint8_t c[8];
+	uint8_t i,r=0;
+	for(i=0; i<8; ++i){
+		c[i] = khazad_sbox(r*8+i);
+	}
+	memcpy(ctx->k[r], (uint8_t*)key+8, 8);
+	khazad_round(ctx->k[r], c);
+	memxor(ctx->k[r], (uint8_t*)key, 8);
+	r=1;
+	for(i=0; i<8; ++i){
+			c[i] = khazad_sbox(r*8+i);
+	}
+	memcpy(ctx->k[r], ctx->k[r-1], 8);
+	khazad_round(ctx->k[r], c);
+	memxor(ctx->k[r], (uint8_t*)key+8, 8);
+	for(r=2; r<9; ++r){
+		for(i=0; i<8; ++i){
+				c[i] = khazad_sbox(r*8+i);
+		}
+		memcpy(ctx->k[r], ctx->k[r-1], 8);
+		khazad_round(ctx->k[r], c);
+		memxor(ctx->k[r], ctx->k[r-2], 8);
+	}
+}
+
+/******************************************************************************/
+
+void khazad_enc(void* buffer, const khazad_ctx_t* ctx){
+	uint8_t r;
+	memxor(buffer, ctx->k[0], 8);
+	for(r=1; r<8; ++r){
+		khazad_round(buffer, ctx->k[r]);
+	}
+	gamma(buffer);
+	memxor(buffer, ctx->k[8], 8);
+}
+
+/******************************************************************************/
+
+void khazad_dec(void* buffer, const khazad_ctx_t* ctx){
+	uint8_t r=7;
+	memxor(buffer, ctx->k[8], 8);
+	gamma(buffer);
+	do{
+		memxor(buffer, ctx->k[r--], 8);
+		theta(buffer);
+		gamma(buffer);
+	}while(r);
+	memxor(buffer, ctx->k[0], 8);
+}
+
+
+
+