Commits

vmingo committed ad8b755

Adjusted to suit BLAKE-256 including round-3 adjustments

Comments (0)

Files changed (1)

 /*****************************************************************************/
 
 .NOLIST
-;.include "m163def.inc"
-.include "m128def.inc"
+.include "m163def.inc"
+;.include "m128def.inc"
 .include "blake256.inc"
 .def a_hi			= r0
 .def a_mh			= r1
 end: rjmp end
 
 	
-; BLAKE-256 IMPLEMENTATION
+; BLAKE-256 IMPLEMENTATION | compatible to the final (3-round) modifications, i.e. 14 instead of 10 rounds
 
 ;*----------------*
 ;| Initialization |
 	clr i
 	ldi temp,0x10
 	add v_round,temp
-	cpi v_round,0xA0
-	breq final
-	rjmp start_rnd
+	cpi v_round, 0xA0
+	brne check_end
+	set
+	clr v_round
 
-; finalize the current state
-final:
-;h'0 = h0 eor s0 eor v0 eor v8
-;h'1 = h1 eor s1 eor v1 eor v9
-;h'2 = h2 eor s2 eor v2 eor v10
-;h'3 = h3 eor s3 eor v3 eor v11
-;h'4 = h4 eor s0 eor v4 eor v12
-;h'5 = h5 eor s1 eor v5 eor v13
-;h'6 = h6 eor s2 eor v6 eor v14
-;h'7 = h7 eor s3 eor v7 eor v15
-	ldi temp,8
-	movw yl,zl
-	adiw yl,offset_salt
-
-loop_final:
-;h'0 = h0 eor s0 eor v0 eor v8
-	; load s(i)
-	ld b_hi,Y+
-	ld b_mh,Y+
-	ld b_ml,Y+
-	ld b_lo,Y+
-	; load v(i)
-	ld c_hi,X+
-	ld c_mh,X+
-	ld c_ml,X+
-	ld c_lo,X+
-	; load v(i+8)
-	adiw xl,28
-	ld d_hi,X+
-	ld d_mh,X+
-	ld d_ml,X+
-	ld d_lo,X+
-	sbiw xl,32
-	; load h(i)_hi
-	ld a_hi,Z
-	; eor everything
-	eor c_hi,d_hi
-	eor a_hi,b_hi
-	eor a_hi,c_hi
-	; store h'(i)_hi
-	st Z+,a_hi
-	; load h(i)_mh
-	ld a_mh,Z
-	eor c_mh,d_mh
-	eor a_mh,b_mh
-	eor a_mh,c_mh
-	st Z+,a_mh
-	; load h(i)_ml
-	ld a_ml,Z
-	eor c_ml,d_ml
-	eor a_ml,b_ml
-	eor a_ml,c_ml
-	st Z+,a_ml
-	; load h(i)_lo
-	ld a_lo,Z
-	eor c_lo,d_lo
-	eor a_lo,b_lo
-	eor a_lo,c_lo
-	st Z+,a_lo
-	
-	dec temp
-	breq return
-	cpi temp,4
-	brne loop_final
-sub_Y:	
-	sbiw yl,16
-	brne loop_final
-return:
-	;restore pointer
-	sbiw zl,32
-	ldd yh,Z+offset_msg_ptr
-	ldd yl,Z+offset_msg_ptr+1
-
-;check if padding needs one additional messsage block
-	ldd temp,Z+offset_padding
-	cpi temp,FULL_EXTRA_BLOCK
-	breq full_padding
-	cpi temp,NO_NEXT_BLOCK
-	breq half_padding
-; if not return
-	rjmp end_hash
-
-; override message
-; half_padding: the first '1' added by the padding was placed in the previous block 
-; the new block just consists of 000..001<64bit-counter>
-half_padding:
-	ldi temp,0x00
-	st Y+,temp	
-	rjmp zeropadding
-; full_padding: the new message block starts with a 1 because the previous block was full
-; the new block consists of 100..001<64bit-counter>
-full_padding:
-	ldi temp,0x80
-	st Y+,temp
-zeropadding:
-	ldi temp,0
-	ldi temp2,54
-loop_zeropadding:
-	st Y+,temp
-	dec temp2
-	brne loop_zeropadding
-; append second 1 and 64-bit counter 
-one_plus_counter:
-	ldi temp,1
-	st Y+,temp
-	adiw zl,offset_counter
-	ldi temp2,8
-	
-	adiw yl,4 ; for big endianess
-	ld temp,Z+
-	st Y+,temp
-	ld temp,Z+
-	st Y+,temp
-	ld temp,Z+
-	st Y+,temp
-	ld temp,Z+
-	st Y+,temp
-	sbiw yl,8
-	ld temp,Z+
-	st Y+,temp
-	ld temp,Z+
-	st Y+,temp
-	ld temp,Z+
-	st Y+,temp
-	ld temp,Z+
-	st Y+,temp
-
-	; restore pointer, set length, call hash function
-	sbiw zl,offset_counter+8
-	movw R24,zl
-	ldd R23,Z+offset_msg_ptr
-	ldd R22,Z+offset_msg_ptr+1
-; set length to last block with 512 bit message size
-	ldi R21,0x82
-	ldi R20,0x00
-	ldi temp,EXTRA_BLOCK
-	std Z+offset_padding,temp
-; reset counter to 0
-	adiw zl,offset_counter
-	ldi temp,0
-	ldi temp2,8
-loop_reset_counter:
-	st Z+,temp
-	dec temp2
-	brne loop_reset_counter
-	sbiw zl,offset_counter+8
-; jump to the beginning of the hash function once again
-	rjmp HASH
-
-real_return:
-	rjmp end_hash
+check_end:
+	brtc start_rnd
+	cpi v_round,0x40
+	brne start_rnd
+	rjmp final
 	
 ;G0(v0 , v4 , v8 , v12) G1(v1 , v5 , v9 , v13) 
 ;G2(v2 , v6 , v10, v14) G3(v3 , v7 , v11, v15)
 end_hash:
     ret
 
+; finalize the current state
+final:
+;h'0 = h0 eor s0 eor v0 eor v8
+;h'1 = h1 eor s1 eor v1 eor v9
+;h'2 = h2 eor s2 eor v2 eor v10
+;h'3 = h3 eor s3 eor v3 eor v11
+;h'4 = h4 eor s0 eor v4 eor v12
+;h'5 = h5 eor s1 eor v5 eor v13
+;h'6 = h6 eor s2 eor v6 eor v14
+;h'7 = h7 eor s3 eor v7 eor v15
+	ldi temp,8
+	movw yl,zl
+	adiw yl,offset_salt
+
+loop_final:
+;h'0 = h0 eor s0 eor v0 eor v8
+	; load s(i)
+	ld b_hi,Y+
+	ld b_mh,Y+
+	ld b_ml,Y+
+	ld b_lo,Y+
+	; load v(i)
+	ld c_hi,X+
+	ld c_mh,X+
+	ld c_ml,X+
+	ld c_lo,X+
+	; load v(i+8)
+	adiw xl,28
+	ld d_hi,X+
+	ld d_mh,X+
+	ld d_ml,X+
+	ld d_lo,X+
+	sbiw xl,32
+	; load h(i)_hi
+	ld a_hi,Z
+	; eor everything
+	eor c_hi,d_hi
+	eor a_hi,b_hi
+	eor a_hi,c_hi
+	; store h'(i)_hi
+	st Z+,a_hi
+	; load h(i)_mh
+	ld a_mh,Z
+	eor c_mh,d_mh
+	eor a_mh,b_mh
+	eor a_mh,c_mh
+	st Z+,a_mh
+	; load h(i)_ml
+	ld a_ml,Z
+	eor c_ml,d_ml
+	eor a_ml,b_ml
+	eor a_ml,c_ml
+	st Z+,a_ml
+	; load h(i)_lo
+	ld a_lo,Z
+	eor c_lo,d_lo
+	eor a_lo,b_lo
+	eor a_lo,c_lo
+	st Z+,a_lo
+	
+	dec temp
+	breq return
+	cpi temp,4
+	brne loop_final
+sub_Y:	
+	sbiw yl,16
+	brne loop_final
+return:
+	;restore pointer
+	sbiw zl,32
+	ldd yh,Z+offset_msg_ptr
+	ldd yl,Z+offset_msg_ptr+1
+
+;check if padding needs one additional messsage block
+	ldd temp,Z+offset_padding
+	cpi temp,FULL_EXTRA_BLOCK
+	breq full_padding
+	cpi temp,NO_NEXT_BLOCK
+	breq half_padding
+; if not return
+	rjmp end_hash
+
+; override message
+; half_padding: the first '1' added by the padding was placed in the previous block 
+; the new block just consists of 000..001<64bit-counter>
+half_padding:
+	ldi temp,0x00
+	st Y+,temp	
+	rjmp zeropadding
+; full_padding: the new message block starts with a 1 because the previous block was full
+; the new block consists of 100..001<64bit-counter>
+full_padding:
+	ldi temp,0x80
+	st Y+,temp
+zeropadding:
+	ldi temp,0
+	ldi temp2,54
+loop_zeropadding:
+	st Y+,temp
+	dec temp2
+	brne loop_zeropadding
+; append second 1 and 64-bit counter 
+one_plus_counter:
+	ldi temp,1
+	st Y+,temp
+	adiw zl,offset_counter
+	ldi temp2,8
+	
+	adiw yl,4 ; for big endianess
+	ld temp,Z+
+	st Y+,temp
+	ld temp,Z+
+	st Y+,temp
+	ld temp,Z+
+	st Y+,temp
+	ld temp,Z+
+	st Y+,temp
+	sbiw yl,8
+	ld temp,Z+
+	st Y+,temp
+	ld temp,Z+
+	st Y+,temp
+	ld temp,Z+
+	st Y+,temp
+	ld temp,Z+
+	st Y+,temp
+
+	; restore pointer, set length, call hash function
+	sbiw zl,offset_counter+8
+	movw R24,zl
+	ldd R23,Z+offset_msg_ptr
+	ldd R22,Z+offset_msg_ptr+1
+; set length to last block with 512 bit message size
+	ldi R21,0x82
+	ldi R20,0x00
+	ldi temp,EXTRA_BLOCK
+	std Z+offset_padding,temp
+; reset counter to 0
+	adiw zl,offset_counter
+	ldi temp,0
+	ldi temp2,8
+loop_reset_counter:
+	st Z+,temp
+	dec temp2
+	brne loop_reset_counter
+	sbiw zl,offset_counter+8
+; jump to the beginning of the hash function once again
+	rjmp HASH
+
+real_return:
+	rjmp end_hash
+	
 ; CONSTANTS stored in FLASH-ROM
 
 ; IV's needed for initialization require 8x32Bit = 256Bit = 8x4Byte = 32 Byte