• State Resolved
  • Locked Locked
  • Replies 9 replies
  • Subscribers 53 subscribers
  • Views 1970 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

C28 - shift count is too large

CCS/MSP430FR5969: C28 - shift count is too large

Susan Joseph26
Prodigy 190 points
Part Number: MSP430FR5969

Tool/software: Code Composer Studio

I was trying to place a lightweight crypto code from online onto the MSP430FR5969 microcontroller but I have many instances within my code where it says "#64D - shift count is too large" . 

I am using code composer studio version 8.0.0. 

Any suggestions on fixing this? Here are some of the lines if it would help at all: 

COMPRESS_BYTE_ARRAY(k,K0_o,K0_e);
COMPRESS_BYTE_ARRAY(k+8,K1_o,K1_e);
COMPRESS_BYTE_ARRAY(npub,N0_o,N0_e);
COMPRESS_BYTE_ARRAY(npub+8,N1_o,N1_e);

 t1_e = (u32)((CRYPTO_KEYBYTES * 8) << 24 | (RATE * 8) << 16 | PA_ROUNDS << 8 | PB_ROUNDS << 0);

x0_e = t1_e << 16;
x0_o = t1_o << 16; 

COMPRESS_BYTE_ARRAY(ad,in_o,in_e)

in_o |= t0_o << 16;
in_e |= t0_e << 16;

EXPAND_U32(t1_e,x0_o,x0_e);
EXPAND_U32(t1_o,x0_o>>16,x0_e>>16)

EXPAND_U32(t1_e,x3_o>>16,x3_e>>16);
((u32*)c)[0] = U32BIG(t1_e);
EXPAND_U32(t1_e,x3_o,x3_e);
((u32*)c)[1] = U32BIG(t1_e);
EXPAND_U32(t1_e,x4_o>>16,x4_e>>16);
((u32*)c)[2] = U32BIG(t1_e);
EXPAND_U32(t1_e,x4_o,x4_e);
((u32*)c)[3] = U32BIG(t1_e);

I can just link the code if that is better as well! 

  • 0
    TI__Guru* 84285 points

    Don't forget that on C28, "int" is only 16 bits.  This code assumes "int" is 32 bits.  You'll need to change the code to insert casts to uint32_t, like so:

    t1_e = (((u32)CRYPTO_KEYBYTES * 8) << 24 | ((u32)RATE * 8) << 16 | (u32)PA_ROUNDS << 8 | PB_ROUNDS << 0);

    x0_e = (u32)t1_e << 16;

  • 0 in reply to Archaeologist
    TI__Guru* 84285 points
    Wait a minute... are you using C28x or MSP430? If the latter, I don't know what the issue is. Could you please show us the exact line where it emits the warning?
  • 0 in reply to Archaeologist
    Prodigy 190 points

    Oh I am not using C28 I did not realize I branched off the wrong question (this is my first time using this forum so my apologies!)  I am working with the MSP430FR5969 microcontroller. I am using the lightweight crypto and I attached the code I am using. There are many lines where the error appears for the code unfortunately: 197, 198, 199, 200, 204, ... 324, 328, 331 its essentially the same though 

    Fullscreen ascon.c Download 
    #include <stdio.h>
#include "api.h"
#include "crypto_aead.h"

typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
typedef unsigned long long u64;
typedef int i32;

#define LITTLE_ENDIAN
//#define BIG_ENDIAN


#define RATE (128 / 8)
#define PA_ROUNDS 12
#define PB_ROUNDS 8


#define ROTR32(x,n) (((x)>>(n))|((x)<<(32-(n))))

#ifdef BIG_ENDIAN
#define EXT_BYTE32(x,n) ((u8)((u32)(x)>>(8*(n))))
#define INS_BYTE32(x,n) ((u32)(x)<<(8*(n)))
#define U32BIG(x) (x)
#endif

#ifdef LITTLE_ENDIAN
#define EXT_BYTE32(x,n) ((u8)((u32)(x)>>(8*(3-(n)))))
#define INS_BYTE32(x,n) ((u32)(x)<<(8*(3-(n))))
#define U32BIG(x) \
    ((ROTR32(x,  8) & (0xFF00FF00)) | \
    ((ROTR32(x, 24) & (0x00FF00FF))))
#endif

#define EXPAND_SHORT(x) ({\
    x &= 0x0000ffff;\
    x = (x | (x << 8)) & 0x00ff00ff;\
    x = (x | (x << 4)) & 0x0f0f0f0f;\
    x = (x | (x << 2)) & 0x33333333;\
    x = (x | (x << 1)) & 0x55555555;\
    })

#define EXPAND_U32(var,var_o,var_e) ({\
   /*var 32-bit, and var_o/e 16-bit*/\
   t0_e = (var_e);\
   t0_o = (var_o);\
   EXPAND_SHORT(t0_e);\
   EXPAND_SHORT(t0_o);\
   var = t0_e | (t0_o << 1);\
   })


#define COMPRESS_LONG(x) ({\
    x &= 0x55555555;\
    x = (x | (x >> 1)) & 0x33333333;\
    x = (x | (x >> 2)) & 0x0f0f0f0f;\
    x = (x | (x >> 4)) & 0x00ff00ff;\
    x = (x | (x >> 8)) & 0x0000ffff;\
    })


#define COMPRESS_U32(var,var_o,var_e) ({\
  /*var 32-bit, and var_o/e 16-bit*/\
  var_e = var;\
  var_o = var_e >> 1;\
  COMPRESS_LONG(var_e);\
  COMPRESS_LONG(var_o);\
  })

#define COMPRESS_BYTE_ARRAY(a,var_o,var_e) ({\
   var_e = U32BIG(((u32*)(a))[1]);\
   var_o = var_e >> 1;\
   COMPRESS_LONG(var_e);\
   COMPRESS_LONG(var_o);\
   t1_e = U32BIG(((u32*)(a))[0]);\
   t1_o = t1_e >> 1;\
   COMPRESS_LONG(t1_e);\
   COMPRESS_LONG(t1_o);\
   var_e |= t1_e << 16;\
   var_o |= t1_o << 16;\
   })

static const int R_O[5][2] = { {9, 14}, {19, 30}, {0, 3}, {5, 8}, {3, 20} };
static const int R_E[5][2] = { {10, 14}, {20, 31}, {1, 3}, {5, 9}, {4, 21} };


#define ROUND_32(C_e,C_o) ({\
    /* round constant */\
    x2_e ^= C_e;\
    x2_o ^= C_o;\
    /* s-box layer */\
    t0_e = x0_e ^ x4_e;       t1_e = x4_e ^ x3_e;    x2_e = x2_e ^ x1_e;\
    t0_o = x0_o ^ x4_o;       t1_o = x4_o ^ x3_o;    x2_o = x2_o ^ x1_o;\
    x0_e = x2_e & (~x1_e);    x0_e = t0_e ^ x0_e; \
    x0_o = x2_o & (~x1_o);    x0_o = t0_o ^ x0_o; \
    x4_e = x2_e & (~x1_e);    x4_e = x0_e ^ x4_e;\
    x4_o = x2_o & (~x1_o);    x4_o = x0_o ^ x4_o;\
    x4_e = x1_e & (~x4_e);    x4_e = x4_e ^ t1_e;\
    x4_o = x1_o & (~x4_o);    x4_o = x4_o ^ t1_o;\
    t0_e = x2_e & (~x1_e);    t0_e = t0_e ^ x0_e;\
    t0_o = x2_o & (~x1_o);    t0_o = t0_o ^ x0_o;\
    t0_e = t0_e & (~t1_e);    t0_e = t0_e ^ x3_e;\
    t0_o = t0_o & (~t1_o);    t0_o = t0_o ^ x3_o;\
    t1_e = x2_e & (~x1_e);    t1_e = t1_e ^ x0_e;\
    t1_o = x2_o & (~x1_o);    t1_o = t1_o ^ x0_o;\
    t1_e = x1_e & (~t1_e);    t1_e = t1_e ^ x4_e;\
    t1_o = x1_o & (~t1_o);    t1_o = t1_o ^ x4_o;\
    t1_e = t1_e & (~x3_e);    t1_e = t1_e ^ x2_e;\
    t1_o = t1_o & (~x3_o);    t1_o = t1_o ^ x2_o;\
    x2_e = x3_e & (~x2_e);    x1_e = x1_e ^ x2_e;\
    x2_o = x3_o & (~x2_o);    x1_o = x1_o ^ x2_o;\
    x1_e = x1_e ^ x0_e;    x0_e = x0_e ^ x4_e;    x3_e = t0_e ^ t1_e;    x2_e =~ t1_e;\
    x1_o = x1_o ^ x0_o;    x0_o = x0_o ^ x4_o;    x3_o = t0_o ^ t1_o;    x2_o =~ t1_o;\
    /* linear layer */\
    t0_e  = x0_e;    t0_o  = x0_o; \
    t1_e  = x1_e;    t1_o  = x1_o;\
    x0_e ^= ROTR32(t0_o, R_O[0][0]);\
    x0_o ^= ROTR32(t0_e, R_E[0][0]);\
    x1_e ^= ROTR32(t1_o, R_O[1][0]);\
    x1_o ^= ROTR32(t1_e, R_E[1][0]);\
    x0_e ^= ROTR32(t0_e, R_E[0][1]);\
    x0_o ^= ROTR32(t0_o, R_O[0][1]);\
    x1_e ^= ROTR32(t1_o, R_O[1][1]);\
    x1_o ^= ROTR32(t1_e, R_E[1][1]);\
    t0_e  = x2_e;    t0_o  = x2_o;\
    t1_e  = x3_e;    t1_o  = x3_o;\
    x2_e ^= ROTR32(t0_o, R_O[2][0]);\
    x2_o ^= ROTR32(t0_e, R_E[2][0]);\
    x3_e ^= ROTR32(t1_e, R_E[3][0]);\
    x3_o ^= ROTR32(t1_o, R_O[3][0]);\
    x2_e ^= ROTR32(t0_e, R_E[2][1]);\
    x2_o ^= ROTR32(t0_o, R_O[2][1]);\
    x3_e ^= ROTR32(t1_o, R_O[3][1]);\
    x3_o ^= ROTR32(t1_e, R_E[3][1]);\
    t0_e  = x4_e;\
    t0_o  = x4_o;\
    x4_e ^= ROTR32(t0_o, R_O[4][0]);\
    x4_o ^= ROTR32(t0_e, R_E[4][0]);\
    x4_e ^= ROTR32(t0_o, R_O[4][1]);\
    x4_o ^= ROTR32(t0_e, R_E[4][1]);\
  })

#define P12_32 ({\
  ROUND_32(0xc,0xc);\
  ROUND_32(0x9,0xc);\
  ROUND_32(0xc,0x9);\
  ROUND_32(0x9,0x9);\
  ROUND_32(0x6,0xc);\
  ROUND_32(0x3,0xc);\
  ROUND_32(0x6,0x9);\
  ROUND_32(0x3,0x9);\
  ROUND_32(0xc,0x6);\
  ROUND_32(0x9,0x6);\
  ROUND_32(0xc,0x3);\
  ROUND_32(0x9,0x3);\
})

#define P8_32 ({\
  ROUND_32(0x6,0xc);\
  ROUND_32(0x3,0xc);\
  ROUND_32(0x6,0x9);\
  ROUND_32(0x3,0x9);\
  ROUND_32(0xc,0x6);\
  ROUND_32(0x9,0x6);\
  ROUND_32(0xc,0x3);\
  ROUND_32(0x9,0x3);\
})

int crypto_aead_encrypt(
    unsigned char *c, unsigned long long *clen,
    const unsigned char *m, unsigned long long mlen,
    const unsigned char *ad, unsigned long long adlen,
    const unsigned char *nsec,
    const unsigned char *npub,
    const unsigned char *k) {

  u64 rlen;
  int i;
  
  u32 K0_o;
  u32 K1_o;
  u32 N0_o;
  u32 N1_o;
  u32 x0_o, x1_o, x2_o, x3_o, x4_o;
  u32 t0_o, t1_o, t2_o;
  
  u32 K0_e;
  u32 K1_e;
  u32 N0_e;
  u32 N1_e;
  u32 x0_e, x1_e, x2_e, x3_e, x4_e;
  u32 t0_e, t1_e, t2_e;
  
  u32 in_o, in_e;
  
  COMPRESS_BYTE_ARRAY(k,K0_o,K0_e);
  COMPRESS_BYTE_ARRAY(k+8,K1_o,K1_e);
  COMPRESS_BYTE_ARRAY(npub,N0_o,N0_e);
  COMPRESS_BYTE_ARRAY(npub+8,N1_o,N1_e);

  
  // initialization
  t1_e = (u32)((CRYPTO_KEYBYTES * 8) << 24 | (RATE * 8) << 16 | PA_ROUNDS << 8 | PB_ROUNDS << 0);
  t1_o = t1_e >> 1;
  COMPRESS_LONG(t1_e);
  COMPRESS_LONG(t1_o);
  x0_e = t1_e << 16;
  x0_o = t1_o << 16;
  x1_o = K0_o;
  x1_e = K0_e;
  x2_e = K1_e;
  x2_o = K1_o;
  x3_e = N0_e;
  x3_o = N0_o;
  x4_e = N1_e;
  x4_o = N1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;
  // process associated data
  if (adlen) {
    rlen = adlen;
    while (rlen >= RATE) {
      COMPRESS_BYTE_ARRAY(ad,in_o,in_e);
      x0_e ^= in_e;
      x0_o ^= in_o;
      ad += RATE/2;
      COMPRESS_BYTE_ARRAY(ad,in_o,in_e);
      x1_e ^= in_e;
      x1_o ^= in_o;
      ad += RATE/2;
      P8_32;
      rlen -= RATE;
    }
    t1_e = t1_o = t2_e = t2_o = 0;
    for (i = 0; i < rlen; ++i, ++ad)
      if(i < 8) 
        if(i < 4)
          t1_o |= INS_BYTE32(*ad, i);
        else
          t1_e |= INS_BYTE32(*ad, (i - 4));
      else
        if(i < 12)
          t2_o |= INS_BYTE32(*ad, (i - 8));
        else
          t2_e |= INS_BYTE32(*ad, (i - 12));
    if(rlen < 8) 
      if(rlen < 4)
        t1_o |= INS_BYTE32(0x80, rlen);
      else
        t1_e |= INS_BYTE32(0x80, (rlen - 4));
    else
      if(rlen < 12)
        t2_o |= INS_BYTE32(0x80, (rlen - 8));
      else
        t2_e |= INS_BYTE32(0x80, (rlen - 12));
    COMPRESS_U32(t1_e,in_o,in_e);
    COMPRESS_U32(t1_o,t0_o,t0_e);
    in_o |= t0_o << 16;
    in_e |= t0_e << 16;
    x0_e ^= in_e;
    x0_o ^= in_o;
    COMPRESS_U32(t2_e,in_o,in_e);
    COMPRESS_U32(t2_o,t0_o,t0_e);
    in_o |= t0_o << 16;
    in_e |= t0_e << 16;
    x1_e ^= in_e;
    x1_o ^= in_o;
    P8_32;
  }
  x4_e ^= 1;

  // process plaintext
  rlen = mlen;
  while (rlen >= RATE) {
    COMPRESS_BYTE_ARRAY(m,in_o,in_e);
    x0_e ^= in_e;
    x0_o ^= in_o;
    EXPAND_U32(t1_e,x0_o>>16,x0_e>>16);
    ((u32*)c)[0] = U32BIG(t1_e);
    EXPAND_U32(t1_e,x0_o,x0_e);
    ((u32*)c)[1] = U32BIG(t1_e);
    m += RATE/2;
    COMPRESS_BYTE_ARRAY(m,in_o,in_e);
    x1_e ^= in_e;
    x1_o ^= in_o;
    EXPAND_U32(t1_e,x1_o>>16,x1_e>>16);
    ((u32*)c)[2] = U32BIG(t1_e);
    EXPAND_U32(t1_e,x1_o,x1_e);
    ((u32*)c)[3] = U32BIG(t1_e);
    m += RATE/2;
    P8_32;
    rlen -= RATE;
    c += RATE;
  }
  t1_e = t1_o = t2_e = t2_o = 0;
  for (i = 0; i < rlen; ++i, ++m) 
    if(i < 8)
      if(i < 4)
        t1_o |= INS_BYTE32(*m, i);
      else
        t1_e |= INS_BYTE32(*m, (i - 4));
    else
      if(i < 12)
        t2_o |= INS_BYTE32(*m, (i - 8));
      else
        t2_e |= INS_BYTE32(*m, (i - 12));
  if(rlen < 8) 
    if(rlen < 4)
      t1_o |= INS_BYTE32(0x80, rlen);
    else
      t1_e |= INS_BYTE32(0x80, (rlen - 4));
  else
    if(rlen < 12)
      t2_o |= INS_BYTE32(0x80, (rlen - 8));
    else
      t2_e |= INS_BYTE32(0x80, (rlen - 12));
  COMPRESS_U32(t1_e,in_o,in_e);
  COMPRESS_U32(t1_o,t0_o,t0_e);
  in_o |= t0_o << 16;
  in_e |= t0_e << 16;
  x0_e ^= in_e;
  x0_o ^= in_o;
  EXPAND_U32(t1_e,x0_o,x0_e);
  EXPAND_U32(t1_o,x0_o>>16,x0_e>>16);
  COMPRESS_U32(t2_e,in_o,in_e);
  COMPRESS_U32(t2_o,t0_o,t0_e);
  in_o |= t0_o << 16;
  in_e |= t0_e << 16;
  x1_e ^= in_e;
  x1_o ^= in_o;
  EXPAND_U32(t2_e,x1_o,x1_e);
  EXPAND_U32(t2_o,x1_o>>16,x1_e>>16);
  for (i = 0; i < rlen; ++i, ++c)
    if(i < 8)
      if(i < 4)
        *c = EXT_BYTE32(t1_o, i);
      else
        *c = EXT_BYTE32(t1_e, i - 4);
    else
      if(i < 12)
        *c = EXT_BYTE32(t2_o, i - 8);
      else
        *c = EXT_BYTE32(t2_e, i - 12);

  // finalization
  x2_e ^= K0_e;
  x2_o ^= K0_o;
  x3_e ^= K1_e;
  x3_o ^= K1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;

  // return tag
  EXPAND_U32(t1_e,x3_o>>16,x3_e>>16);
  ((u32*)c)[0] = U32BIG(t1_e);
  EXPAND_U32(t1_e,x3_o,x3_e);
  ((u32*)c)[1] = U32BIG(t1_e);
  EXPAND_U32(t1_e,x4_o>>16,x4_e>>16);
  ((u32*)c)[2] = U32BIG(t1_e);
  EXPAND_U32(t1_e,x4_o,x4_e);
  ((u32*)c)[3] = U32BIG(t1_e);
  *clen = mlen + CRYPTO_KEYBYTES;

  return 0;
}

int crypto_aead_decrypt(
    unsigned char *m, unsigned long long *mlen,
    unsigned char *nsec,
    const unsigned char *c, unsigned long long clen,
    const unsigned char *ad, unsigned long long adlen,
    const unsigned char *npub,
    const unsigned char *k) {

  *mlen = 0;
  if (clen < CRYPTO_KEYBYTES)
    return -1;

  u64 rlen;
  int i;

  u32 K0_o;
  u32 K1_o;
  u32 N0_o;
  u32 N1_o;
  u32 x0_o, x1_o, x2_o, x3_o, x4_o;
  u32 t0_o, t1_o, t2_o;

  u32 K0_e;
  u32 K1_e;
  u32 N0_e;
  u32 N1_e;
  u32 x0_e, x1_e, x2_e, x3_e, x4_e;
  u32 t0_e, t1_e, t2_e;

  u32 in_o, in_e;

  COMPRESS_BYTE_ARRAY(k,K0_o,K0_e);
  COMPRESS_BYTE_ARRAY(k+8,K1_o,K1_e);
  COMPRESS_BYTE_ARRAY(npub,N0_o,N0_e);
  COMPRESS_BYTE_ARRAY(npub+8,N1_o,N1_e);


   // initialization
  t1_e = (u32)((CRYPTO_KEYBYTES * 8) << 24 | (RATE * 8) << 16 | PA_ROUNDS << 8 | PB_ROUNDS << 0);
  t1_o = t1_e >> 1;
  COMPRESS_LONG(t1_e);
  COMPRESS_LONG(t1_o);
  x0_e = t1_e << 16;
  x0_o = t1_o << 16;
  x1_o = K0_o;
  x1_e = K0_e;
  x2_e = K1_e;
  x2_o = K1_o;
  x3_e = N0_e;
  x3_o = N0_o;
  x4_e = N1_e;
  x4_o = N1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;
  // process associated data
  if (adlen) {
    rlen = adlen;
    while (rlen >= RATE) {
      COMPRESS_BYTE_ARRAY(ad,in_o,in_e);
      x0_e ^= in_e;
      x0_o ^= in_o;
      ad += RATE/2;
      COMPRESS_BYTE_ARRAY(ad,in_o,in_e);
      x1_e ^= in_e;
      x1_o ^= in_o;
      ad += RATE/2;
      P8_32;
      rlen -= RATE;
    }
    
    t1_e = t1_o = t2_e = t2_o = 0;
    for (i = 0; i < rlen; ++i, ++ad)
      if(i < 8) 
        if(i < 4)
          t1_o |= INS_BYTE32(*ad, i);
        else
          t1_e |= INS_BYTE32(*ad, (i - 4));
      else
        if(i < 12)
          t2_o |= INS_BYTE32(*ad, (i - 8));
        else
          t2_e |= INS_BYTE32(*ad, (i - 12));
    if(rlen < 8) 
      if(rlen < 4)
        t1_o |= INS_BYTE32(0x80, rlen);
      else
        t1_e |= INS_BYTE32(0x80, (rlen - 4));
    else
      if(rlen < 12)
        t2_o |= INS_BYTE32(0x80, (rlen - 8));
      else
        t2_e |= INS_BYTE32(0x80, (rlen - 12));
    COMPRESS_U32(t1_e,in_o,in_e);
    COMPRESS_U32(t1_o,t0_o,t0_e);
    in_o |= t0_o << 16;
    in_e |= t0_e << 16;
    x0_e ^= in_e;
    x0_o ^= in_o;
    COMPRESS_U32(t2_e,in_o,in_e);
    COMPRESS_U32(t2_o,t0_o,t0_e);
    in_o |= t0_o << 16;
    in_e |= t0_e << 16;
    x1_e ^= in_e;
    x1_o ^= in_o;
    P8_32;
  }
  x4_e ^= 1;

  // process chiphertext
  rlen = clen - CRYPTO_KEYBYTES;
  while (rlen >= RATE) {
    EXPAND_U32(t1_e,x0_o,x0_e);
    EXPAND_U32(t1_o,x0_o>>16,x0_e>>16);
    ((u32*)m)[0] = U32BIG(t1_o) ^ ((u32*)c)[0];
    ((u32*)m)[1] = U32BIG(t1_e) ^ ((u32*)c)[1];
    COMPRESS_BYTE_ARRAY(c,x0_o,x0_e);
    c += RATE/2;
    EXPAND_U32(t1_e,x1_o,x1_e);
    EXPAND_U32(t1_o,x1_o>>16,x1_e>>16);
    ((u32*)m)[2] = U32BIG(t1_o) ^ ((u32*)c)[0];
    ((u32*)m)[3] = U32BIG(t1_e) ^ ((u32*)c)[1];
    COMPRESS_BYTE_ARRAY(c,x1_o,x1_e);
    c += RATE/2;
    P8_32;
    rlen -= RATE;
    m += RATE;
  }
  EXPAND_U32(t1_e,x0_o,x0_e);
  EXPAND_U32(t1_o, x0_o >> 16, x0_e >> 16);
  EXPAND_U32(t2_e,x1_o,x1_e);
  EXPAND_U32(t2_o, x1_o >> 16, x1_e >> 16);
  for (i = 0; i < rlen; ++i, ++m, ++c) {
    if(i < 8)
      if (i < 4) {
        *m = EXT_BYTE32(t1_o, i) ^ *c;
        t1_o &= ~INS_BYTE32(0xff, i);
        t1_o |= INS_BYTE32(*c, i);
      } else {
        *m = EXT_BYTE32(t1_e, i-4) ^ *c;
        t1_e &= ~INS_BYTE32(0xff, i-4);
        t1_e |= INS_BYTE32(*c, i-4);
      }
    else
      if (i < 12) {
        *m = EXT_BYTE32(t2_o, i-8) ^ *c;
        t2_o &= ~INS_BYTE32(0xff, i-8);
        t2_o |= INS_BYTE32(*c, i-8);
      } else {
        *m = EXT_BYTE32(t2_e, i-12) ^ *c;
        t2_e &= ~INS_BYTE32(0xff, i-12);
        t2_e |= INS_BYTE32(*c, i-12);
      }
  }
  if (rlen < 8)
    if (rlen < 4)
      t1_o ^= INS_BYTE32(0x80, rlen);
    else
      t1_e ^= INS_BYTE32(0x80, rlen-4);
  else
    if (rlen < 12)
      t2_o ^= INS_BYTE32(0x80, rlen-8);
    else
      t2_e ^= INS_BYTE32(0x80, rlen-12);

  COMPRESS_U32(t1_e,x0_o,x0_e);
  COMPRESS_U32(t1_o,t0_o,t0_e);
  x0_o |= t0_o << 16;
  x0_e |= t0_e << 16;
  COMPRESS_U32(t2_e,x1_o,x1_e);
  COMPRESS_U32(t2_o,t0_o,t0_e);
  x1_o |= t0_o << 16;
  x1_e |= t0_e << 16;

  // finalization
  x2_e ^= K0_e;
  x2_o ^= K0_o;
  x3_e ^= K1_e;
  x3_o ^= K1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;

  // return -1 if verification fails
  int ret_val = 0;
  EXPAND_U32(t1_e, x3_o, x3_e);
  EXPAND_U32(t1_o, x3_o >> 16, x3_e >> 16);
  if (((u32*) c)[0] != U32BIG(t1_o))
    ret_val--;
  else
    ret_val++;
  if (((u32*) c)[1] != U32BIG(t1_e))
    ret_val--;
  else
    ret_val++;
  EXPAND_U32(t1_e, x4_o, x4_e);
  EXPAND_U32(t1_o, x4_o >> 16, x4_e >> 16);
  if (((u32*) c)[2] != U32BIG(t1_o))
    ret_val--;
  else
    ret_val++;
  if (((u32*) c)[3] != U32BIG(t1_e))
    ret_val--;
  else
    ret_val++;

  if (ret_val != 4)
    return -1;

  // return plaintext
  *mlen = clen - CRYPTO_KEYBYTES;
  return 0;
}

  • 0 in reply to Archaeologist
    Prodigy 190 points

    Fullscreen 8306.ascon.c Download 
    #include <stdio.h>
#include "api.h"
#include "crypto_aead.h"

typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
typedef unsigned long long u64;
typedef int i32;

#define LITTLE_ENDIAN
//#define BIG_ENDIAN


#define RATE (64 / 8)
#define PA_ROUNDS 12
#define PB_ROUNDS 6


#define ROTR32(x,n) (((x)>>(n))|((x)<<(32-(n))))

#ifdef BIG_ENDIAN
#define EXT_BYTE32(x,n) ((u8)((u32)(x)>>(8*(n))))
#define INS_BYTE32(x,n) ((u32)(x)<<(8*(n)))
#define U32BIG(x) (x)
#endif

#ifdef LITTLE_ENDIAN
#define EXT_BYTE32(x,n) ((u8)((u32)(x)>>(8*(3-(n)))))
#define INS_BYTE32(x,n) ((u32)(x)<<(8*(3-(n))))
#define U32BIG(x) \
    ((ROTR32(x,  8) & (0xFF00FF00)) | \
    ((ROTR32(x, 24) & (0x00FF00FF))))
#endif

#define EXPAND_SHORT(x) ({\
    x &= 0x0000ffff;\
    x = (x | (x << 8)) & 0x00ff00ff;\
    x = (x | (x << 4)) & 0x0f0f0f0f;\
    x = (x | (x << 2)) & 0x33333333;\
    x = (x | (x << 1)) & 0x55555555;\
    })

#define EXPAND_U32(var,var_o,var_e) ({\
   /*var 32-bit, and var_o/e 16-bit*/\
   t0_e = (var_e);\
   t0_o = (var_o);\
   EXPAND_SHORT(t0_e);\
   EXPAND_SHORT(t0_o);\
   var = t0_e | (t0_o << 1);\
   })


#define COMPRESS_LONG(x) ({\
    x &= 0x55555555;\
    x = (x | (x >> 1)) & 0x33333333;\
    x = (x | (x >> 2)) & 0x0f0f0f0f;\
    x = (x | (x >> 4)) & 0x00ff00ff;\
    x = (x | (x >> 8)) & 0x0000ffff;\
    })


#define COMPRESS_U32(var,var_o,var_e) ({\
  /*var 32-bit, and var_o/e 16-bit*/\
  var_e = var;\
  var_o = var_e >> 1;\
  COMPRESS_LONG(var_e);\
  COMPRESS_LONG(var_o);\
  })

#define COMPRESS_BYTE_ARRAY(a,var_o,var_e) ({\
   var_e = U32BIG(((u32*)(a))[1]);\
   var_o = var_e >> 1;\
   COMPRESS_LONG(var_e);\
   COMPRESS_LONG(var_o);\
   t1_e = U32BIG(((u32*)(a))[0]);\
   t1_o = t1_e >> 1;\
   COMPRESS_LONG(t1_e);\
   COMPRESS_LONG(t1_o);\
   var_e |= t1_e << 16;\
   var_o |= t1_o << 16;\
   })

static const int R_O[5][2] = { {9, 14}, {19, 30}, {0, 3}, {5, 8}, {3, 20} };
static const int R_E[5][2] = { {10, 14}, {20, 31}, {1, 3}, {5, 9}, {4, 21} };


#define ROUND_32(C_e,C_o) ({\
    /* round constant */\
    x2_e ^= C_e;\
    x2_o ^= C_o;\
    /* s-box layer */\
    t0_e = x0_e ^ x4_e;       t1_e = x4_e ^ x3_e;    x2_e = x2_e ^ x1_e;\
    t0_o = x0_o ^ x4_o;       t1_o = x4_o ^ x3_o;    x2_o = x2_o ^ x1_o;\
    x0_e = x2_e & (~x1_e);    x0_e = t0_e ^ x0_e; \
    x0_o = x2_o & (~x1_o);    x0_o = t0_o ^ x0_o; \
    x4_e = x2_e & (~x1_e);    x4_e = x0_e ^ x4_e;\
    x4_o = x2_o & (~x1_o);    x4_o = x0_o ^ x4_o;\
    x4_e = x1_e & (~x4_e);    x4_e = x4_e ^ t1_e;\
    x4_o = x1_o & (~x4_o);    x4_o = x4_o ^ t1_o;\
    t0_e = x2_e & (~x1_e);    t0_e = t0_e ^ x0_e;\
    t0_o = x2_o & (~x1_o);    t0_o = t0_o ^ x0_o;\
    t0_e = t0_e & (~t1_e);    t0_e = t0_e ^ x3_e;\
    t0_o = t0_o & (~t1_o);    t0_o = t0_o ^ x3_o;\
    t1_e = x2_e & (~x1_e);    t1_e = t1_e ^ x0_e;\
    t1_o = x2_o & (~x1_o);    t1_o = t1_o ^ x0_o;\
    t1_e = x1_e & (~t1_e);    t1_e = t1_e ^ x4_e;\
    t1_o = x1_o & (~t1_o);    t1_o = t1_o ^ x4_o;\
    t1_e = t1_e & (~x3_e);    t1_e = t1_e ^ x2_e;\
    t1_o = t1_o & (~x3_o);    t1_o = t1_o ^ x2_o;\
    x2_e = x3_e & (~x2_e);    x1_e = x1_e ^ x2_e;\
    x2_o = x3_o & (~x2_o);    x1_o = x1_o ^ x2_o;\
    x1_e = x1_e ^ x0_e;    x0_e = x0_e ^ x4_e;    x3_e = t0_e ^ t1_e;    x2_e =~ t1_e;\
    x1_o = x1_o ^ x0_o;    x0_o = x0_o ^ x4_o;    x3_o = t0_o ^ t1_o;    x2_o =~ t1_o;\
    /* linear layer */\
    t0_e  = x0_e;    t0_o  = x0_o; \
    t1_e  = x1_e;    t1_o  = x1_o;\
    x0_e ^= ROTR32(t0_o, R_O[0][0]);\
    x0_o ^= ROTR32(t0_e, R_E[0][0]);\
    x1_e ^= ROTR32(t1_o, R_O[1][0]);\
    x1_o ^= ROTR32(t1_e, R_E[1][0]);\
    x0_e ^= ROTR32(t0_e, R_E[0][1]);\
    x0_o ^= ROTR32(t0_o, R_O[0][1]);\
    x1_e ^= ROTR32(t1_o, R_O[1][1]);\
    x1_o ^= ROTR32(t1_e, R_E[1][1]);\
    t0_e  = x2_e;    t0_o  = x2_o;\
    t1_e  = x3_e;    t1_o  = x3_o;\
    x2_e ^= ROTR32(t0_o, R_O[2][0]);\
    x2_o ^= ROTR32(t0_e, R_E[2][0]);\
    x3_e ^= ROTR32(t1_e, R_E[3][0]);\
    x3_o ^= ROTR32(t1_o, R_O[3][0]);\
    x2_e ^= ROTR32(t0_e, R_E[2][1]);\
    x2_o ^= ROTR32(t0_o, R_O[2][1]);\
    x3_e ^= ROTR32(t1_o, R_O[3][1]);\
    x3_o ^= ROTR32(t1_e, R_E[3][1]);\
    t0_e  = x4_e;\
    t0_o  = x4_o;\
    x4_e ^= ROTR32(t0_o, R_O[4][0]);\
    x4_o ^= ROTR32(t0_e, R_E[4][0]);\
    x4_e ^= ROTR32(t0_o, R_O[4][1]);\
    x4_o ^= ROTR32(t0_e, R_E[4][1]);\
  })

#define P12_32 ({\
  ROUND_32(0xc,0xc);\
  ROUND_32(0x9,0xc);\
  ROUND_32(0xc,0x9);\
  ROUND_32(0x9,0x9);\
  ROUND_32(0x6,0xc);\
  ROUND_32(0x3,0xc);\
  ROUND_32(0x6,0x9);\
  ROUND_32(0x3,0x9);\
  ROUND_32(0xc,0x6);\
  ROUND_32(0x9,0x6);\
  ROUND_32(0xc,0x3);\
  ROUND_32(0x9,0x3);\
})

#define P6_32 ({\
  ROUND_32(0x6,0x9);\
  ROUND_32(0x3,0x9);\
  ROUND_32(0xc,0x6);\
  ROUND_32(0x9,0x6);\
  ROUND_32(0xc,0x3);\
  ROUND_32(0x9,0x3);\
})

int crypto_aead_encrypt(
    unsigned char *c, unsigned long long *clen,
    const unsigned char *m, unsigned long long mlen,
    const unsigned char *ad, unsigned long long adlen,
    const unsigned char *nsec,
    const unsigned char *npub,
    const unsigned char *k) {

  u64 rlen;
  int i;
  
  u32 K0_o;
  u32 K1_o;
  u32 N0_o;
  u32 N1_o;
  u32 x0_o, x1_o, x2_o, x3_o, x4_o;
  u32 t0_o, t1_o;
  
  u32 K0_e;
  u32 K1_e;
  u32 N0_e;
  u32 N1_e;
  u32 x0_e, x1_e, x2_e, x3_e, x4_e;
  u32 t0_e, t1_e;
  
  u32 in_o, in_e;
  
  COMPRESS_BYTE_ARRAY(k,K0_o,K0_e);
  COMPRESS_BYTE_ARRAY(k+8,K1_o,K1_e);
  COMPRESS_BYTE_ARRAY(npub,N0_o,N0_e);
  COMPRESS_BYTE_ARRAY(npub+8,N1_o,N1_e);

  
  // initialization
  t1_e = (u32)((CRYPTO_KEYBYTES * 8) << 24 | (RATE * 8) << 16 | PA_ROUNDS << 8 | PB_ROUNDS << 0);
  t1_o = t1_e >> 1;
  COMPRESS_LONG(t1_e);
  COMPRESS_LONG(t1_o);
  x0_e = t1_e << 16;
  x0_o = t1_o << 16;
  x1_o = K0_o;
  x1_e = K0_e;
  x2_e = K1_e;
  x2_o = K1_o;
  x3_e = N0_e;
  x3_o = N0_o;
  x4_e = N1_e;
  x4_o = N1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;
  // process associated data
  if (adlen) {
    rlen = adlen;
    while (rlen >= RATE) {
      COMPRESS_BYTE_ARRAY(ad,in_o,in_e);
      x0_e ^= in_e;
      x0_o ^= in_o;
      P6_32;
      rlen -= RATE;
      ad += RATE;
    }
    t1_e = 0;
    t1_o = 0;
    for (i = 0; i < rlen; ++i, ++ad)
      if(i < 4)
        t1_o |= INS_BYTE32(*ad, i);
      else
        t1_e |= INS_BYTE32(*ad, (i - 4));
    if(rlen < 4)
      t1_o |= INS_BYTE32(0x80, rlen);
    else
      t1_e |= INS_BYTE32(0x80, (rlen - 4));
    COMPRESS_U32(t1_e,in_o,in_e);
    COMPRESS_U32(t1_o,t0_o,t0_e);
    in_o |= t0_o << 16;
    in_e |= t0_e << 16;
    x0_e ^= in_e;
    x0_o ^= in_o;
    P6_32;
  }
  x4_e ^= 1;

  // process plaintext
  rlen = mlen;
  while (rlen >= RATE) {
    COMPRESS_BYTE_ARRAY(m,in_o,in_e);
    x0_e ^= in_e;
    x0_o ^= in_o;
    EXPAND_U32(t1_e,x0_o>>16,x0_e>>16);
    ((u32*)c)[0] = U32BIG(t1_e);
    EXPAND_U32(t1_e,x0_o,x0_e);
    ((u32*)c)[1] = U32BIG(t1_e);
    P6_32;
    rlen -= RATE;
    m += RATE;
    c += RATE;
  }
  t1_o = t1_e = 0;
  for (i = 0; i < rlen; ++i, ++m) 
    if(i < 4)
      t1_o |= INS_BYTE32(*m, i);
    else
      t1_e |= INS_BYTE32(*m, (i - 4));
  if(rlen < 4)
    t1_o |= INS_BYTE32(0x80, rlen);
  else
    t1_e |= INS_BYTE32(0x80, (rlen - 4));
  COMPRESS_U32(t1_e,in_o,in_e);
  COMPRESS_U32(t1_o,t0_o,t0_e);
  in_o |= t0_o << 16;
  in_e |= t0_e << 16;
  x0_e ^= in_e;
  x0_o ^= in_o;
  EXPAND_U32(t1_e,x0_o,x0_e);
  EXPAND_U32(t1_o,x0_o>>16,x0_e>>16);
  for (i = 0; i < rlen; ++i, ++c)
    if(i < 4)
      *c = EXT_BYTE32(t1_o, i);
    else
      *c = EXT_BYTE32(t1_e, i - 4);

  // finalization
  x1_e ^= K0_e;
  x1_o ^= K0_o;
  x2_e ^= K1_e;
  x2_o ^= K1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;

  // return tag
  EXPAND_U32(t1_e,x3_o>>16,x3_e>>16);
  ((u32*)c)[0] = U32BIG(t1_e);
  EXPAND_U32(t1_e,x3_o,x3_e);
  ((u32*)c)[1] = U32BIG(t1_e);
  EXPAND_U32(t1_e,x4_o>>16,x4_e>>16);
  ((u32*)c)[2] = U32BIG(t1_e);
  EXPAND_U32(t1_e,x4_o,x4_e);
  ((u32*)c)[3] = U32BIG(t1_e);
  *clen = mlen + CRYPTO_KEYBYTES;

  return 0;
}

int crypto_aead_decrypt(
    unsigned char *m, unsigned long long *mlen,
    unsigned char *nsec,
    const unsigned char *c, unsigned long long clen,
    const unsigned char *ad, unsigned long long adlen,
    const unsigned char *npub,
    const unsigned char *k) {

  *mlen = 0;
  if (clen < CRYPTO_KEYBYTES)
    return -1;

  u64 rlen;
  int i;

  u32 K0_o;
  u32 K1_o;
  u32 N0_o;
  u32 N1_o;
  u32 x0_o, x1_o, x2_o, x3_o, x4_o;
  u32 t0_o, t1_o;

  u32 K0_e;
  u32 K1_e;
  u32 N0_e;
  u32 N1_e;
  u32 x0_e, x1_e, x2_e, x3_e, x4_e;
  u32 t0_e, t1_e;

  u32 in_o, in_e;

  COMPRESS_BYTE_ARRAY(k,K0_o,K0_e);
  COMPRESS_BYTE_ARRAY(k+8,K1_o,K1_e);
  COMPRESS_BYTE_ARRAY(npub,N0_o,N0_e);
  COMPRESS_BYTE_ARRAY(npub+8,N1_o,N1_e);


  // initialization
  t1_e = (u32)((CRYPTO_KEYBYTES * 8) << 24 | (RATE * 8) << 16 | PA_ROUNDS << 8 | PB_ROUNDS << 0);
  t1_o = t1_e >> 1;
  COMPRESS_LONG(t1_e);
  COMPRESS_LONG(t1_o);
  x0_e = t1_e << 16;
  x0_o = t1_o << 16;
  x1_o = K0_o;
  x1_e = K0_e;
  x2_e = K1_e;
  x2_o = K1_o;
  x3_e = N0_e;
  x3_o = N0_o;
  x4_e = N1_e;
  x4_o = N1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;
  // process associated data
  if (adlen) {
    rlen = adlen;
    while (rlen >= RATE) {
      COMPRESS_BYTE_ARRAY(ad,in_o,in_e);
      x0_e ^= in_e;
      x0_o ^= in_o;
      P6_32;
      rlen -= RATE;
      ad += RATE;
    }
    t1_e = 0;
    t1_o = 0;
    for (i = 0; i < rlen; ++i, ++ad)
      if(i < 4)
        t1_o |= INS_BYTE32(*ad, i);
      else
        t1_e |= INS_BYTE32(*ad, (i - 4));
    if(rlen < 4)
      t1_o |= INS_BYTE32(0x80, rlen);
    else
      t1_e |= INS_BYTE32(0x80, (rlen - 4));
    COMPRESS_U32(t1_e,in_o,in_e);
    COMPRESS_U32(t1_o,t0_o,t0_e);
    in_o |= t0_o << 16;
    in_e |= t0_e << 16;
    x0_e ^= in_e;
    x0_o ^= in_o;
    P6_32;
  }
  x4_e ^= 1;

  // process plaintext
  rlen = clen - CRYPTO_KEYBYTES;
  while (rlen >= RATE) {
    EXPAND_U32(t1_e,x0_o,x0_e);
    EXPAND_U32(t1_o,x0_o>>16,x0_e>>16);
    ((u32*)m)[0] = U32BIG(t1_o) ^ ((u32*)c)[0];
    ((u32*)m)[1] = U32BIG(t1_e) ^ ((u32*)c)[1];
    COMPRESS_BYTE_ARRAY(c,x0_o,x0_e);
    P6_32;
    rlen -= RATE;
    m += RATE;
    c += RATE;
  }
  EXPAND_U32(t1_e,x0_o,x0_e);
  EXPAND_U32(t1_o, x0_o >> 16, x0_e >> 16);
  for (i = 0; i < rlen; ++i, ++m, ++c) {
    if (i < 4) {
      *m = EXT_BYTE32(t1_o, i) ^ *c;
      t1_o &= ~INS_BYTE32(0xff, i);
      t1_o |= INS_BYTE32(*c, i);
    } else {
      *m = EXT_BYTE32(t1_e, i-4) ^ *c;
      t1_e &= ~INS_BYTE32(0xff, i-4);
      t1_e |= INS_BYTE32(*c, i-4);
    }
  }
  if (rlen < 4)
    t1_o ^= INS_BYTE32(0x80, rlen);
  else
    t1_e ^= INS_BYTE32(0x80, rlen-4);

  COMPRESS_U32(t1_e,x0_o,x0_e);
  COMPRESS_U32(t1_o,t0_o,t0_e);
  x0_o |= t0_o << 16;
  x0_e |= t0_e << 16;

  // finalization
  x1_e ^= K0_e;
  x1_o ^= K0_o;
  x2_e ^= K1_e;
  x2_o ^= K1_o;
  P12_32;
  x3_e ^= K0_e;
  x3_o ^= K0_o;
  x4_e ^= K1_e;
  x4_o ^= K1_o;

  // return -1 if verification fails
  int ret_val = 0;
  EXPAND_U32(t1_e, x3_o, x3_e);
  EXPAND_U32(t1_o, x3_o >> 16, x3_e >> 16);
  if (((u32*) c)[0] != U32BIG(t1_o))
    ret_val--;
  else
    ret_val++;
  if (((u32*) c)[1] != U32BIG(t1_e))
    ret_val--;
  else
    ret_val++;
  EXPAND_U32(t1_e, x4_o, x4_e);
  EXPAND_U32(t1_o, x4_o >> 16, x4_e >> 16);
  if (((u32*) c)[2] != U32BIG(t1_o))
    ret_val--;
  else
    ret_val++;
  if (((u32*) c)[3] != U32BIG(t1_e))
    ret_val--;
  else
    ret_val++;

  if (ret_val != 4)
    return -1;

  // return plaintext
  *mlen = clen - CRYPTO_KEYBYTES;
  return 0;
}
    Probably does not make that big of a difference, but I had placed the wrong version of the code

  • 0 in reply to Susan Joseph26
    TI__Guru**** 249680 points

    On MSP430, the sizeof the built-in type int is 16-bits.  So, the explanation given in the first post by Archaeologist is correct, even though it assumed you use a C28x device.  I'll give the same explanation, but go about it a bit differently.

    On MSP430, the following expression is not legal C ...

    1 << 16

    The shift count is too big.  The shift count cannot exceed the width of the left operand of the shift.  In this case, that operand is the constant "1", which is of type int.  Since int is 16-bits wide, the diagnostic is issued.  The fix is to change the type of the left operand from int to long.  There are few different ways to do that.  One is to add the suffix L to the constant ...

    1L << 16

    In your code, you need to take similar steps to insure that, whenever the shift count is >= 16, the type of the left operand is long.  

    Thanks and regards,

    -George

  • 0 in reply to Susan Joseph26
    TI__Guru* 84285 points
    Well, MSP430 also has 16-bit "int", so you're going to need to take care in all your code to make sure to cast to u32 where the code assumes it is dealing with a 32-bit type.
  • 0 in reply to George Mock
    Prodigy 190 points
    Hmm so I have not had to do this before and just want to make sure I did it properly would I just do this :

    ((u32)COMPRESS_BYTE_ARRAY(k,K0_o,K0_e)) ?

    I tried implementing the line that Archaeologist suggested but the line was still flagged with the same warning
  • 0 in reply to Susan Joseph26
    TI__Guru**** 249680 points

    That's the wrong level of analysis.  You need to carefully inspect each shift expression, where the value of the right operand is 16 or more.  In your case, such expressions do appear inside macros.  Make sure the type of the left operand is long (or, perhaps unsigned long).  This is typically done by adding a cast, or adding a suffix to a constant.

    Thanks and regards,

    -George

  • 0 in reply to George Mock
    Prodigy 190 points
    I got it fixed! Thank you both very much!! :)