/* noekeon.c */
/*
    This file is part of the Crypto-avr-lib/microcrypt-lib.
    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
/*
 * author: Daniel Otte
 * email:  daniel.otte@rub.de
 * license: GPLv3 or later
 * 
 * 
 * 
 */

#include <stdint.h>
#include <string.h>

#ifdef __AVR__
	#include <avr/pgmspace.h>
#endif
#include "noekeon.h"
// #include "uart.h"

#define ROUND_NR 16

#define RC_POS 0

static
void gamma(uint32_t* a){
	uint32_t tmp;
	
	a[1] ^= ~((a[3]) | (a[2]));
	a[0] ^=   a[2] & a[1];	
	
	tmp=a[3]; a[3]=a[0]; a[0]=tmp;
	a[2] ^= a[0] ^ a[1] ^ a[3];
	
	a[1] ^= ~((a[3]) | (a[2]));
	a[0] ^=   a[2] & a[1];	
}	

#define ROTL32(a,n) (((a)<<n)|((a)>>(32-n)))
#define ROTR32(a,n) (((a)>>n)|((a)<<(32-n)))

static
void pi1(uint32_t* a){
	a[1] = ROTL32(a[1], 1);
	a[2] = ROTL32(a[2], 5);
	a[3] = ROTL32(a[3], 2);
}

static
void pi2(uint32_t* a){
	a[1] = ROTR32(a[1], 1);
	a[2] = ROTR32(a[2], 5);
	a[3] = ROTR32(a[3], 2);
}

static
void theta(const uint32_t* k, uint32_t* a){
	uint32_t temp;

	temp = a[0] ^ a[2]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
	a[1] ^= temp;
	a[3] ^= temp;
	
	a[0] ^= k[0];
	a[1] ^= k[1];
	a[2] ^= k[2];
	a[3] ^= k[3];

	temp = a[1] ^ a[3]; temp ^= ROTR32(temp, 8) ^ ROTL32(temp, 8);
	a[0] ^= temp;
	a[2] ^= temp;	

}

static 
void noekeon_round(uint32_t* key, uint32_t* state, uint8_t const1, uint8_t const2){
	((uint8_t*)state)[RC_POS] ^= const1;
	theta(key, state);
	((uint8_t*)state)[RC_POS] ^= const2;
	pi1(state);
	gamma(state);
	pi2(state);
}

uint8_t rc_tab[]
#ifdef __AVR__
 PROGMEM 
#endif
  = {
/*	0x80, */
	      0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A,
	0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A,
	0xD4
};
/* for more rounds
 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39,
 0x72, 0xE4, 0xD3, 0xBD, 0x61, 0xC2, 0x9F, 0x25,
*/

static
void changendian32(void* a){
	((uint8_t*)a)[0] ^= ((uint8_t*)a)[3];
	((uint8_t*)a)[3] ^= ((uint8_t*)a)[0];
	((uint8_t*)a)[0] ^= ((uint8_t*)a)[3];
	
	((uint8_t*)a)[1] ^= ((uint8_t*)a)[2];
	((uint8_t*)a)[2] ^= ((uint8_t*)a)[1];
	((uint8_t*)a)[1] ^= ((uint8_t*)a)[2];
}

static
void changendian(void* a){
	changendian32((uint32_t*)(&(((uint32_t*)a)[0])));
	changendian32((uint32_t*)(&(((uint32_t*)a)[1])));
	changendian32((uint32_t*)(&(((uint32_t*)a)[2])));
	changendian32((uint32_t*)(&(((uint32_t*)a)[3])));
}

/******************************************************************************/

void noekeon_enc(void* buffer, const void* key){
	uint8_t rc=0x80;
	uint8_t keyb[16];
	int8_t i;
	
	memcpy(keyb, key, 16);
	changendian(buffer);
	changendian(keyb);

	for(i=0; i<ROUND_NR; ++i){
		noekeon_round((uint32_t*)keyb, (uint32_t*)buffer, rc, 0);
#ifdef __AVR__
		rc = pgm_read_byte(rc_tab+i);
#else
		rc = rc_tab[i];
#endif
	}
	((uint8_t*)buffer)[RC_POS] ^= rc;
	theta((uint32_t*)keyb, (uint32_t*)buffer);

	changendian(buffer);
}


void noekeon_dec(void* buffer, const void* key){
	uint8_t rc;
	int8_t i;
	uint8_t nullv[16];
	uint8_t dkey[16];
	

	changendian(buffer);
	
	memset(nullv, 0, 16);
	memcpy(dkey, key, 16);
	changendian(dkey);
	
	theta((uint32_t*)nullv, (uint32_t*)dkey);
//	uart_putstr_P(PSTR("\r\nTheta: "));
//	uart_hexdump(dkey, 16);
	
	for(i=ROUND_NR-1; i>=0; --i){
#ifdef __AVR__
		rc = pgm_read_byte(rc_tab+i);
#else
		rc = rc_tab[i];
#endif
		noekeon_round((uint32_t*)dkey, (uint32_t*)buffer, 0, rc);
	}
	theta((uint32_t*)dkey, (uint32_t*)buffer);
	((uint8_t*)buffer)[RC_POS] ^= 0x80;

	changendian(buffer);
}

void noekeon_init(const void* key, noekeon_ctx_t* ctx){
	uint8_t nullv[16];
	
	memset(nullv, 0, 16);
	memcpy(ctx, key, 16);
	noekeon_enc(ctx, nullv);
}