Matthew W Pagano Masters Thesis PRNGs Microcontrollers

MaLLhew W.
agano
CompuLer SecurlLy ArchlLecLure
Sprlng 2008 SemesLer
ur. Masson / ur. vasconcelos
!"#$%&'()%&* )$*,#' -#)#'(.&'" &) (.*#/ (0' (.12$",3456 *78'&8&).'&//#'"
!"##$%&
1he purpose of Lhls reporL ls Lo provlde exhausLlve deLalls of my CompuLer SecurlLy ArchlLecLure pro[ecL
Lhls sprlng 2008 semesLer. ulLlmaLely, Lhe goal has been Lo prepare a documenL LhaL an undergraduaLe
sLudenL can read Lo lncrease hls/her comprehenslon of Lhe ALmel Av8 A190uS81287 mlcroconLroller
and lLs hardware componenLs, Lhe Assembler programmlng language, random number generaLlon,
pseudorandom number generaLlon, and LesLlng meLhods Lo deLermlne levels of randomness. 1hls
reporL ouLllnes how Lo program a random number generaLor (8nC) on Lhe A190uS81287 uslng Lhe on-
board LhermomeLer, as well as Lwo pseudorandom number generaLors (8nCs) on Lhe A190uS81287.
Cne of Lhe 8nCs ls a Llnear leedback ShlfL 8eglsLer (LlS8) and ls deslgnaLed as Lhe weak" 8nC. 1he
oLher 8nC ls Lhe Advanced LncrypLlon SLandard (ALS) algorlLhm and ls deslgnaLed as Lhe sLrong"
8nC algorlLhm. AfLer programmlng Lhe 8nC, weak 8nC, and sLrong 8nC on Lhe A190uS81287, Lhls
reporL deLalls Lhe resulLs of randomness LesLs offered by Lhe naLlonal lnsLlLuLe of SLandards and
1echnology (nlS1) on boLh 8nC algorlLhms. 1he purpose of Lhls ls Lo demonsLraLe speclflcally whaL lL
means Lo have a crypLographlcally secure 8nC algorlLhm.
()*%+,"-*.+)/ 0+$12/ $), 3456-*.762
1he cenLral moLlvaLlon of Lhls pro[ecL ls Lo demonsLraLe proper lmplemenLaLlon of pseudorandom
number generaLors (8nCs). lL wlll be assumed LhaL Lhe sLudenLs of Lhls pro[ecL have some compuLer
sclence background, buL Lhls should be Lhe only prerequlslLe. uurlng Lhe compleLlon of Lhls pro[ecL,
sLudenLs wlll be expecLed Lo research Lhe lmporLance of random and pseudorandom number generaLlon
wlLhln modern compuLlng. SLudenLs wlll be exposed Lo Lhe dlfflculLles of obLalnlng sufflclenL amounLs of
Lrue random daLa. 1hls wlll hlghllghL Lhe reallsLlc need for pseudorandom number generaLlon.
lrom a hlgh-level perspecLlve, sLudenLs wlll analyze Lwo 8nC algorlLhms. 1he flrsL 8nC algorlLhm, Lhe
Llnear leedback ShlfL 8eglsLer (LlS8), wlll be slmple, buL wlll noL generaLe daLa LhaL ls random enough."
1he flrsL 8nC algorlLhm wlll noL be crypLographlcally secure ln order Lo demonsLraLe Lhe slgnlflcance of
Lhls Lerm. 1he goal ls Lo demonsLraLe Lhe plLfalls of a 8nC algorlLhm whose ouLpuL an aLLacker can
easlly dlfferenLlaLe from Lrue random daLa. 1hls flrsL 8nC algorlLhm wlll be referred Lo as Lhe weak
8nC algorlLhm."
1he second 8nC algorlLhm, Lhe Advanced LncrypLlon SLandard (ALS), wlll be complex, wlll produce
daLa LhaL appears Lo be very random, and wlll be crypLographlcally secure. 1he second 8nC algorlLhm
wlll be referred Lo as Lhe sLrong 8nC algorlLhm." SLudenLs wlll conLrasL Lhese Lwo 8nC algorlLhms ln
order Lo undersLand Lhe LheoreLlcal and pracLlcal dlfferences beLween weak and sLrong 8nC
algorlLhms. SLudenLs wlll learn LhaL even supposedly sLrong 8nC algorlLhms musL be lmplemenLed
carefully Lo avold produclng predlcLable daLa.
lrom a low-level perspecLlve, sLudenLs wlll be requlred Lo code Lhe weak 8nC algorlLhm ln Assembler
and execuLe lL on Lhe ALmel Av8 A190uS81287 mlcroconLroller. 1hls wlll provlde sLudenLs wlll an
excellenL opporLunlLy Lo learn Lhe flner componenLs of Assembler. Codlng a secure 8nC algorlLhm wlll
requlre a vasL knowledge of algorlLhm analysls, Assembler programmlng LacLlcs, and debugglng on Lhe
A190uS81287. SLudenLs should leave Lhe course havlng sharply lncreased Lhelr skllls ln all of Lhese
areas.
LasLly, sLudenLs wlll be requlred Lo evaluaLe Lhelr resulLs agalnsL Lhe naLlonal lnsLlLuLe of SLandards and
1echnology (nlS1) sulLe of randomness LesLs. 1he lnLended resulL ls LhaL pseudorandom daLa produced
by Lhe sLrong 8nC algorlLhm wlll score much hlgher Lhan LhaL of Lhe weak 8nC algorlLhm. 1hls should
conflrm Lhe need for a 8nC algorlLhm Lo be Lhoroughly LesLed Lo ensure LhaL lL produces sLrongly
random daLa.
8$-9:%+"), $), ;61$*6, <=6+%&
seudorandom number generaLors (8nCs) are commonly encounLered LhroughouL many areas of
compuLer sclence. 1he demand for 8nCs resulLs from a need for randomness ln numerous
appllcaLlons. 8andom daLa ls essenLlal for many gamlng appllcaLlons, crypLographlc proLocols, sLaLlsLlcal
programs for random sampllng, prlme numbers generaLors, sorLlng algorlLhms, and so on.
unforLunaLely, Lrue random daLa (unpredlcLable daLa noL produced by deLermlnlsLlc formulas) ls ofLen
expenslve and dlfflculL Lo obLaln. Sources of Lrue randomness LhaL have been used ln Lhe pasL lnclude
LemperaLures of hardware componenLs, feedback from nolsy dlodes, formulas based on Lhe Llme of day,
keysLroke or mouse movemenL, and nuclear decay. 1he reallLy of Lhese forms of randomness ls LhaL
Lhey ofLen requlre slgnlflcanL resources Lo generaLe relaLlvely low amounLs of random daLa. ln shorL,
random daLa Lends noL Lo be cosL-effecLlve.
1hls downslde of random daLa has lead Lo Lhe wldespread use of pseudorandom daLa. 1he appllcaLlons
LhaL need randomness ofLen requlre Lhe random daLa Lo be generaLed qulckly and ln large amounLs.
Accordlngly, pseudorandom algorlLhms are deslgned Lo Lake as lnpuL small amounLs of Lrue random
daLa and Lhen apply varlous 8nC algorlLhms Lo produce hlgh volumes of pseudorandom daLa. 1hese
pseudorandom algorlLhms are of course deLermlnlsLlc ln naLure, so Lhe pseudorandom daLa LhaL ls
produced ls noL Lruly random. Powever, lf Lhe followlng Lwo condlLlons are meL, Lhe pseudorandom
daLa wlll be random enough" for mosL appllcaLlons:
1) 1he Lrue random sLrlng provlded as lnpuL ls sufflclenLly long and comes from a hlghly
unpredlcLable source. 1hls Lrue random sLrlng needs Lo be regeneraLed each Llme Lhe 8nC
algorlLhm ls used Lo prevenL predlcLable paLLers ln successlve generaLlons of pseudorandom
daLa.
2) 1he pseudorandom algorlLhm has been conflrmed Lo produce pseudorandom daLa LhaL an
aLLacker bounded by polynomlal space and Llme cannoL dlfferenLlaLe from Lrue random
daLa.

When evaluaLlng sources of Lrue random daLa and pseudorandom algorlLhms, Lhe developer ls advlsed
Lo use LesLs offered by Lhe naLlonal lnsLlLuLe of SLandards and 1echnology (nlS1). 1he nlS1 webslLe
offers a sulLe of LesLs LhaL evaluaLe and provlde quanLlflable sLaLlsLlcs on Lhe daLa's level of randomness.
nlS1 has cerLlfled LhaL Lhese LesLs provlde an accuraLe esLlmaLlon of how random Lhe daLa ls. lor
example, lL ls reasonable Lo expecL LhaL Lrue random blnary daLa should have approxlmaLely Lhe same
number of ones and zeros. Cne of Lhe nlS1 randomness LesLs ls Lherefore Lo deLermlne lf Lhe LoLal
number of ones and zeros versus Lhe lengLh of Lhe blnary sLrlng falls wlLhln an accepLable range of
randomness.
!+1"*.+) (#>16#6)*6, $), ?"2*.@.-$*.+)
1he precedlng secLlons have provlded a deLalled overvlew of Lhe soluLlon lmplemenLed and Lhe
[usLlflcaLlons for Lhe declslons made. WhaL remalns ls Lo dlscuss whlch 8nC algorlLhms were selecLed
for Lhe weak and sLrong algorlLhms (LlS8 and ALS, respecLlvely), and [usLlfy Lhese selecLlons. 1he
followlng Lwo llsLs of polnLs provlde Lhese [usLlflcaLlons.
Weak 8nC: Llnear leedback ShlfL 8eglsLer (LlS8)
lnvolves manlpulaLlons of blLs (ofLen wlLh Lhe LC8 operaLlon) wlLhln 8-blL or 16-blL reglsLers, so
lL ls ldeal for Lhe ALmel mlcroconLroller
As a resulL, LlS8s are readlly lmplemenLed ln hardware, whlch works well ln Lhls pro[ecL, Lhls wlll
also demonsLraLe Lo Lhe sLudenLs whaL lL means Lo be easlly lmplemenLed ln hardware, whlch
wlll solldlfy Lhe polnL for Lhem when Lhey hear LhaL Lerm wlLh respecL Lo algorlLhms such as uLS
CuLpuL ls a sLream of ones and zeroes, whlch can be readlly lnpuL lnLo Lhe nlS1 sulLe of
randomness LesLs
LlS8s are used ln Lhe real world for such appllcaLlons as CS, dlglLal broadcasLlng and
communlcaLlons sysLems, and some gamlng consoles, so Lhe sLudenL would noL be learnlng an
anLlquaLed algorlLhm LhaL ls solely used for pedagoglcal purposes
8elaLlvely slmple Lo undersLand and code, so lL wlll provlde a good sLarLlng polnL for Lhe
sLudenLs Lo learn and bulld Lhelr confldence (as opposed Lo Lhe sLrong 8nC, whlch wlll requlre
more Llme Lo undersLand)
LfflclenL and fasL, so Llme wlll noL be a slgnlflcanL lssue when runnlng Lhls 8nC
lnvolves concepLs of polynomlals Lo map sequences of LransformaLlons and concepLs of
perlodlclLy, so lL wlll be a good revlew for Lhe sLudenLs of Lhe maLhemaLlcs lnvolved ln
crypLography
lnvolves a caveaL of whlch Lo be mlndful durlng lmplemenLaLlon (ensure LhaL Lhe sequence does
noL reach an all-zero sLaLe, afLer whlch polnL Lhere wlll be no change), Lhls wlll be an excellenL
demonsLraLlon Lo Lhe sLudenLs of how secure 8nCs can become lnsecure lf noL lmplemenLed
properly
CuLpuLs of LlS8s are llnear, whlch means LhaL Lhey are suscepLlble Lo crypLanalysls, Lhls wlll
perfecLly demonsLraLe Lo Lhe sLudenLs Lhe dlfference beLween Lhls weak 8nC and a sLrong
8nC (crypLographlcally speaklng)
noLe: Lhls llnear weakness has been correcLed ln some lmplemenLaLlons of LlS8, buL Lhe
sLronger lmplemenLaLlons wlll noL be used ln order Lo hlghllghL Lhe dlfference beLween a weak
and sLrong 8nC
SLrong 8nC: ALS
Consldered Lo be one of Lhe mosL crypLographlcally secure (lf noL Lhe mosL crypLographlcally
secure) 8nCs avallable
1hus, lL wlll do very well on nlS1's sulLe of randomness LesLs, whlch wlll demonsLraLe Lhe
dlfferences Lo Lhe sLudenLs beLween weak and sLrong 8nCs
Wlll demonsLraLe Lo Lhe sLudenLs Lhe need Lo use openly and freely avallable crypLographlc
algorlLhms LhaL have been Lhoroughly LesLed, as opposed Lo relylng on obscurlLy by uslng lesser-
known algorlLhms
Wlll demonsLraLe Lhe level of complexlLy LhaL sLudenLs can expecL from Lop-Ller block clphers
8ecause Lhe sLudenLs wlll noL be codlng ALS Lhemselves as Lhey wlll wlLh LlS8 (buL wlll lnsLead
geL Lhe code from a slLe llke hLLp://polnL-aL-lnflnlLy.org/avraes/ as referenced ln
hLLp://www.cdc.lnformaLlk.Lu-darmsLadL.de/~dahmen/papers/MerkleMlcro.pdf), Lhey wlll learn
how Lo securely lmplemenL code from an exLernal source. 1here wlll surely be lmplemenLaLlon
errors assoclaLed wlLh Lhls process, so Lhe sLudenLs wlll galn experlence wlLh deallng wlLh Lhese
Lypes of lssues.
As a shorL slde asslgnmenL, sLudenLs should be expecLed Lo wrlLe a shorL reporL on Lhe hlsLory of
ALS, Lhls wlll famlllarlze Lhem wlLh Lhe modern process of developlng crypLographlcally secure
8nCs, as Lhe sLory of ALS does Lhls exceedlngly well
A6*$.16, A62-%.>*.+) +@ *=6 (#>16#6)*$*.+) B.*= C1+B-=$%*2 $), D+,6 !).>>6*2
1he lmplemenLaLlon of Lhls pro[ecL can be dlvlded lnLo four secLlons: 1) 8nC, 2) Weak 8nC (LlS8), 3)
SLrong 8nC (ALS), 4) sulLe of Lhe randomness LesLs offered by nlS1 and subsequenL resulLs.
8nC
A flowcharL of Lhe 8nC ls shown below:

1he basls of Lhe 8nC ls Lo read daLa from Lhe LhermomeLer on board Lhe A190uS81287 mlcroconLroller.
1he on-board LhermomeLer ls a reslsLor LhaL dlsplays varlous levels of reslsLance LhaL are dlrecLly
affecLed by Lhe LemperaLure of Lhe mlcroconLroller. 1he reslsLance of Lhls reslsLor lncreases as Lhe
LemperaLure decreases, whlch ls referred Lo as a negaLlve 1emperaLure CoefflclenL (n1C). 1hls reslsLor
ls consequenLly labeled as a LemperaLure-senslLlve reslsLor, or more commonly as a LhermlsLor.
8ecause Lhe values read from Lhe LhermlsLor flucLuaLe ln proporLlon Lo Lhe LemperaLure of Lhe
mlcroconLroller, Lhe LhermlsLor can be effecLlvely used as a LhermomeLer for Lhe mlcroconLroller. 1he
assumpLlon behlnd Lhe 8nC ls LhaL Lhe LemperaLure of Lhe mlcroconLroller, or aL Lhe very leasL Lhe leasL
slgnlflcanL blLs of Lhe LemperaLure, wlll be conslsLenLly flucLuaLlng and sufflclenLly unpredlcLable Lo
serve as a source of randomness. Should Lhls premlse be correcL, 8nC daLa can be obLalned by readlng
values from Lhe LhermlsLor.
uaLa can be read from Lhe LhermlsLor uslng Lhe on-board 8-channel Analog MulLlplexer. 1he 8-channel
Analog MulLlplexer ls connecLed Lo 8 volLage lnpuLs from one of Lhe mlcroconLroller's porLs. 1hese
volLage lnpuLs are labeled AuC0, AuC1, AuC2, AuC3, AuC4, AuC3, AuC6, and AuC7. 1he LhermlsLor ls
Lhe AuC0 volLage lnpuL. AuC0 sends analog volLage daLa Lo Lhe 8-channel Analog MulLlplexer, whlch
Lhen sends Lhls analog daLa Lo Lhe on-board Analog-Lo-ulglLal ConverLer (AuC). 1he AuC converLs Lhe
analog daLa from Lhe MulLlplexer lnLo 10-blL values. 1hls sysLem of Lhe AuC and 8-channel Analog
MulLlplexer ls referred Lo as Lhe AuMux. 1he dlglLal daLa from Lhe AuMux ls Lhe senL Lo Lhe AuC uaLa
8eglsLer. 8ecause Lhe AuC generaLes 10-blL values, Lhe AuC uaLa 8eglsLer ls comprlsed of Lwo 8-blL
reglsLers, labeled AuCP (AuC Plgh) and AuCL (AuC Low). AuCL conLalns Lhe leasL slgnlflcanL 8 blLs of Lhe
AuC ouLpuL, AuCP conLalns Lhe 2 mosL slgnlflcanL blLs of Lhe AuC ouLpuL ln blLs 0 and 1 of Lhe AuCP
reglsLer. 1he programmer can Lhen read daLa from Lhls sysLem Lhrough Lhe AuC uaLa 8eglsLers (AuCP
and AuCL). ln Lhe speclflc case of Lhe LhermlsLor, LemperaLure daLa can be read by conflgurlng Lhe
AuMux Lo read daLa from AuC0 (Lhe volLage lnpuL of Lhe LhermlsLor) and Lhen readlng ln daLa from Lhe
AuC uaLa 8eglsLers (AuCP and AuCL).
1he remalnder of Lhls secLlon wlll be dedlcaLed Lo a Lhorough explanaLlon of Lhe 8nC code. Code
snlppeLs wlll be shown flrsL and wlll be followed by an evaluaLlon of whaL Lhese snlppeLs slgnlfy.
.org 0x0000
r[mp maln

.org 0x003A
call AuC_lS8
1he org dlrecLlve ln Assembler ls an abbrevlaLlon for orlgln" and lndlcaLes Lo Lhe compller Lo whlch
address wlLhln Lhe code segmenL Lo dlrecL Lhe flow of execuLlon for a speclflc rouLlne. ln Lhls case, Lhe
flrsL llne shows LhaL Lhe program wlll sLarL aL address 0x0000 wlLhln Lhe code segmenL. 1hls ls Lyplcally
done because Lhe processor beglns execuLlon aL address 0000. Address 0x0000 ls Lherefore referred Lo
as Lhe reseL vecLor". 1he nexL llne ls a relaLlve [ump Lo Lhe label of Lhe maln" rouLlne Lo begln Lhe
program.
1he lasL Lwo llnes of Lhe code snlppeL above relaLe Lo Lhe AuC lnLerrupL rouLlne. 1he purpose of an
lnLerrupL ls Lo sLop program execuLlon ln order Lo perform a speclfled rouLlne. AfLer Lhe lnLerrupL
rouLlne has compleLed, lL ls requlred LhaL program conLrol be Lransferred back Lo Lhe locaLlon where
program execuLlon was orlglnally sLopped. 1hls requlremenL necesslLaLes Lhe use of Lhe sLack ln order
Lo sLore Lhe address Lo whlch program execuLlon musL be reLurned afLer Lhe lnLerrupL rouLlne has
compleLed (named Lhe reLurn address).
1he .org 0x003A" lnforms Lhe compller of Lhe address of Lhe AuC lnLerrupL vecLor. As dlscussed above,
because Lhe processor beglns execuLlon aL address 0000, address 0x0000 ls referred Lo as Lhe reseL
vecLor". 1he vecLors LhaL follow Lhe reseL vecLor wlLhln program space are addresses 0x0001, 0x0002,
0x0003, eLc. 1hese vecLors are labeled lnLerrupL vecLors". lf an lnLerrupL ls Lrlggered, program conLrol
ls Lransferred Lo Lhe poslLlon ln program space glven by lnLerrupL vecLor LhaL corresponds Lo Lhe Lype of
lnLerrupL Lrlggered. 1he speclflc lnLerrupL vecLors LhaL correspond Lo each Lype of lnLerrupL are
hardware-dependenL. lor Lhe A190uS81287, Lhe programmer can use ALmel's usb1287def.lnc flle Lo
flnd Lhls lnformaLlon. 1he usb1287def.lnc flle conLalns Lhe followlng llne LhaL ls perLlnenL Lo Lhe AuC
lnLerrupL vecLor:
.equ AuCCaddr = 0x003a , AuC Converslon CompleLe
1hls llne lndlcaLes LhaL Lhe address of Lhe AuC Converslon lnLerrupL vecLor ls 0x003A. 1hls ls why Lhe
.org dlrecLlve shown above speclfles 0x003A as Lhe address Lo whlch Lo dlrecL program conLrol ln Lhe
evenL of an lnLerrupL. 1he llne LhaL follows uses a call sLaLemenL Lo glve Lhe compller Lhe name of Lhe
rouLlne Lo execuLe lf Lhls lnLerrupL ls Lrlggered. As a resulL, lf Lhe AuC Converslon lnLerrupL ls Lrlggered,
Lhe AuC_lS8 rouLlne wlll be execuLed and Lhen program conLrol wlll be redlrecLed Lo Lhe reLurn address.
More lnformaLlon on Lhe AuC_lS8 rouLlne wlll be glven below.
lL ls lmporLanL Lo noLe LhaL Lhe command lmmedlaLely followlng Lhe org dlrecLlve Lo Lhe reseL vecLor
(.org 0x0000) has Lo be a relaLlve [ump (r[mp maln) ln order Lo [ump over Lhe lnLerrupL vecLors LhaL are
llsLed below (ln Lhls case, Lhe AuC Converslon lnLerrupL).
1hese llnes of code begln Lhe AuC_lS8 rouLlne. 1he AuC_lS8 rouLlne wlll be called whenever Lhere ls an
lnLerrupL Lrlggered by a readlng from Lhe LhermlsLor:
push r16
ln r16, S8LC
push r16
push r17
8ecall LhaL an lnLerrupL sLops program execuLlon, performs a speclflc rouLlne, and Lhen Lransfers
program execuLlon Lo Lhe orlglnal locaLlon where lL was sLopped. lL ls very lmporLanL Lo ensure LhaL Lhe
sLaLe of Lhe program LhaL ls noL relaLed Lo Lhe lnLerrupL ls noL modlfled by Lhe lnLerrupL rouLlne. MosL
noLably, Lhe lnLerrupL should noL permanenLly modlfy any reglsLers (lncludlng Lhe sLaLus reglsLer) LhaL
Lhe lnLerrupL uses. As a resulL, lL ls common pracLlce Lo push Lhe values of any reglsLers used by Lhe
lnLerrupL onLo Lhe sLack before performlng any oLher acLlons. 1hese values remaln on Lhe sLack unLll
Lhe lnLerrupL ls compleLed, afLer whlch Lhese values are popped off Lhe sLack lnLo Lhe correspondlng
reglsLers. When program conLrol ls Lransferred back Lo Lhe reLurn address, Lhe reglsLers (lncludlng Lhe
sLaLus reglsLer) have Lhe same values as Lhey dld lmmedlaLely before Lhe lnLerrupL was Lrlggered.
8ecause Lhe sLack ls a LasL-ln-llrsL-CuL (LllC) operaLlon, values musL be popped off ln Lhe reverse order
as Lhey were pushed on. 1hls ls why Lhe lasL llnes of Lhe AuC_lS8 rouLlne are Lhe followlng:
pop r17
pop r16
ouL S8LC, r16
pop r16
reLl

noLe LhaL reLl ls Lhe command used Lo lndlcaLe LhaL an lnLerrupL has flnlshed and LhaL program conLrol
should be Lransferred back Lo Lhe reLurn address.

lds r16, AuCL
lds r17, AuCP

1hls lndlcaLes LhaL Lhe value of AuCL (leasL slgnlflcanL elghL blLs) ls belng read lnLo Lhe r16 reglsLer and
Lhe value of AuCP (mosL slgnlflcanL Lwo blLs) ls belng read lnLo Lhe r17 reglsLer.

lsl 8nCSeed

8nCSeed ls Lhe reglsLer LhaL holds Lhe elghL blLs of randomness LhaL have been gaLhered so far by Lhe
8nC. Lvery Llme Lhe AuC Converslon lnLerrupL ls called, Lhe blL of randomness LhaL was leasL recenLly
added Lo 8nCSeed (l.e., Lhe oldesL) ls removed, and new blL of randomness ls exLracLed from Lhe
LhermlsLor and added Lo 8nCSeed. 1hls ls analogous Lo a llrsL-ln-llrsL-CuL (lllC) meLhod. 8lLs of
randomness are added Lo 8nCSeed from rlghL Lo lefL uslng Lhe lsl command, as shown ln Lhe code
snlppeL above. ln oLher words, lf Lhe blLs of a reglsLer are labeled from lefL Lo rlghL aL 8lL 7, 8lL 6, 8lL 3,
8lL 4, 8lL 3, 8lL 2, 8lL 1, and 8lL 0, a new blL of randomness ls added Lo 8nCSeed by shlfLlng all of Lhe blLs
over one blL Lo Lhe lefL. 8lL 6 ls moved Lo 8lL 7, 8lL 3 ls moved Lo 8lL 6, 8lL 4 ls moved Lo 8lL 3, 8lL 3 ls
moved Lo 8lL 4, 8lL 2 ls moved Lo 8lL 3, 8lL 1 ls moved Lo 8lL 2, 8lL 0 ls moved Lo 8lL 1, and a zero ls placed
ln 8lL 0. 1hls effecLlvely pops off 8lL 7, slldes everyLhlng over Lo Lhe lefL one blL, and places a zero ln 8lL
0, whlch ls whaL Lhe lsl command does. 1he new blL of randomness exLracLed from Lhe AuC Converslon
lnLerrupL can Lhen be added Lo 8lL 0, as wlll be descrlbed below.

andl r16, 0b00000001
andl 8nCSeed, 0b11111110
or 8nCSeed, r16

1he above code snlppeL ls Lhe algorlLhm used Lo add Lhe newesL blL of randomness Lo 8lL 0 of 8nCSeed.
8ecall LhaL r16 conLalns Lhe 8 leasL slgnlflcanL blLs of Lhe 10-dlglL dlglLlzed value of Lhe laLesL LhermlsLor
readlng. Lmplrlcal daLa from Lhls sLudy showed LhaL Lhe readlngs of Lhe LhermlsLor Lended Lo be largely
homongenous. 1hls was qulLe deLrlmenLal Lo Lhls sLudy because of Lhe need for hlghly unpredlcLable
daLa Lo be used as Lhe 8nC. ln order Lo remedy Lhe homogenelLy observed from Lhe LhermlsLor, only
Lhe leasL slgnlflcanL blL (LS8) of Lhe readlngs from Lhe LhermlsLor was used ln Lhe 8nC. 1he assumpLlon
was LhaL Lhe LS8 would be Lhe blL LhaL would be flucLuaLlng mosL frequenLly and unpredlcLably. As a
resulL, Lhe goal of Lhls algorlLhm ls Lo copy 8lL 0 of r16 (Lhe LS8 of Lhe daLa read from Lhe LhermlsLor)
lnLo 8lL 0 of 8nCSeed (now LhaL Lhe lsl command has made 8nCSeed ready Lo accepL Lhe newesL blL of
randomness lnLo lLs 8lL 0).

1he algorlLhm shown above makes use of Lhe followlng four facLs: 1) erformlng an Anu operaLlon wlLh
any blnary dlglL and zero always ylelds zero, 2) erformlng an Anu operaLlon wlLh any blnary dlglL and
one always ylelds Lhe orlglnal blnary dlglL, 3) erformlng an C8 operaLlon wlLh any blnary dlglL and zero
always ylelds Lhe orlglnal blnary dlglL, 4) erformlng an C8 operaLlon wlLh any blnary dlglL and one
always ylelds one. 1he flrsL sLep of Lhe algorlLhm shown above, andl r16, 0b00000001", zeroes 8lLs 1-7
of r16 and allows 8lL 0 of r16 Lo keep lLs orlglnal value. 1he second sLep, andl 8nCSeed, 0b11111110",
allows 8lLs 1-7 of 8nCSeed Lo keep Lhelr orlglnal values and zeroes 8lL 0. 8ecause 8lLs 1-7 of r16 are
zero and because 8lLs 1-7 of 8nCSeed are Lhelr orlglnal values, performlng an C8 operaLlon on 8nCSeed
and r16 and sLorlng Lhe resulL ln 8nCSeed ensures LhaL 8lLs 1-7 of 8nCSeed reLaln Lhelr orlglnal values.
8ecause 8lL 0 of r16 ls lLs orlglnal value and 8lL 0 of 8nCSeed ls zero, performlng an C8 operaLlon on
8nCSeed and r16 and sLorlng Lhe resulL ln 8nCSeed ensures LhaL 8lL 0 of 8nCSeed Lakes on Lhe value of
8lL 0 of r16. 1hls was lndeed Lhe goal of Lhls algorlLhm. noLe LhaL ln order Lo ensure LhaL Lhe resulL of
Lhe C8 operaLlon ls copled Lo 8nCSeed, 8nCSeed had Lo be Lhe flrsL operand ln Lhe C8 sLaLemenL, as
shown ln Lhe lasL llne of Lhls algorlLhm.

mov 8nCSeed, 8nCSeed

8ecause 8nCSeed ls Lhe flrsL operand of Lhe mov command, Lhls command coples Lhe conLenLs of Lhe
8nCSeed reglsLer lnLo Lhe 8nCSeed reglsLer. 1hls command ls presenL wlLhln Lhe AuC Converslon
lnLerrupL so LhaL 8nCSeed always conLalns Lhe laLesL verslon of 8nCSeed. As wlll be dlscussed laLer,
when Lhe 8nC funcLlonallLy of Lhls program ls called, Lhe 8nCSeed reglsLer ls used as Lhe seed Lo Lhe
8nC algorlLhm. uue Lo Lhls, lL ls vlLal LhaL 8nCSeed be updaLed lmmedlaLely afLer 8nCSeed ls
updaLed so LhaL Lhe 8nC algorlLhm can make use of Lhe laLesL randomly generaLed numbers.

lnc 8nCCounLer

As wlll be descrlbed laLer, ln order Lo generaLe large volumes of random daLa for nlS1 LesLlng, byLes of
daLa generaLed from Lhe AuC ConversLlon lnLerrupL are wrlLLen Lo LL8CM memory wlLhln Lhe
lnLerrupL. LL8CM ls a componenL on Lhe A190uS81287 mlcroconLroller LhaL funcLlons as a Lype of
memory. LL8CM ls used ln Lhls code Lo record Lhe random daLa LhaL ls generaLed by Lhe LhermlsLor Lo
be evaluaLed laLer by Lhe nlS1 LesLs. 8ecall, however, LhaL each run of Lhe lnLerrupL only generaLes one
blL of randomness, noL one byLe. lf Lhe 8nCSeed reglsLer were copled lnLo LL8CM every Llme Lhe
lnLerrupL was run, paLLerns of blLs would emerge. 1hls can be observed from Lhe followlng example.
Suppose LhaL aL any glven Llme, 8nCSeed conLalned Lhe followlng byLe: 10010101. Suppose LhaL Lhe
nexL run of Lhe lnLerrupL generaLed a 0 for Lhe random dlglL. 8nCSeed would Lhen become 00101010.
lf each run of Lhe lnLerrupL conLalned code Lo wrlLe Lhe conLenLs of 8nCSeed lnLo LL8CM, LL8CM
would Lhen conLaln Lhe followlng sLrlng of daLa: 1001010100101010. Cbserve LhaL 8lLs 1-7 (0010101,
counLlng from rlghL Lo lefL) and 8lLs 8-14 (0010101) are ldenLlcal.

1he soluLlon lmplemenLed ln Lhls code ls Lo only wrlLe Lo LL8CM for every elghL runs of Lhe lnLerrupL.
1hls ensures LhaL all blLs of 8nCSeed wlll have been replaced by new random blLs from Lhe LhermlsLor
before wrlLlng Lo LL8CM. 8ecause noLhlng ls wrlLLen Lo LL8CM before all blLs have been replaced
wlLh newly generaLed values from Lhe LhermlsLor, no paLLerns should form. 1hls soluLlon ls
lmplemenLed by placlng a counLer reglsLer ln Lhe lnLerrupL, named 8nCCounLer. 8nCCounLer ls
lnlLlallzed Lo zero ln Lhe maln rouLlne and ls lncremenLed every Llme Lhe lnLerrupL ls run. When
8nCCounLer reaches elghL, 8lLs 0-7 wlll have been rewrlLLen wlLh newly generaLed values from Lhe
LhermlsLor, and 8nCSeed ls Lhen wrlLLen Lo LL8CM. LaLer ln Lhe code, 8nCCounLer ls reseL Lo zero Lo
begln Lhe nexL byLe generaLlon of 8nCSeed.

cpse 8nCCounLer, LlghL8eglsLer
r[mp flnlshlnLerrupL

wrlLerngeeprom:

1hls segmenL of code ls deslgned Lo LesL wheLher 8nCCounLer has reached elghL. lf so, 8nCSeed should
be wrlLLen Lo LL8CM and 8nCCounLer should be reseL Lo zero, as descrlbed above. 1he reglsLer
LlghL8eglsLer ls declared Lo be 0x08 ln Lhe maln rouLlne and ls noL changed aL any oLher polnL ln Lhe
code. 8nCCounLer ls compared Lo LlghL8eglsLer Lo deLermlne lf 8nCCounLer equals elghL. lf so, Lhe
cpse command evaluaLes as Lrue, sklps Lhe nexL sLaLemenL (r[mp flnlshlnLerrupL), and beglns Lhe
wrlLerngeeprom rouLlne. lf 8nCCounLer ls noL equal Lo elghL, Lhe nexL sLaLemenL ls execuLed (r[mp
flnlshlnLerrupL). rogram conLrol ls Lhus Lransferred Lo Lhe flnlshlnLerrupL rouLlne, ln whlch Lhe AuC
ConversLlon lnLerrupL ls ended wlLhouL wrlLlng anyLhlng Lo LL8CM.

wrlLerngeeprom:

sblc LLC8,LLL
r[mp wrlLerngeeprom

1hls segmenL of code ls a loop LhaL verlfles LhaL LL8CM ls noL currenLly belng wrlLLen Lo before wrlLlng
8nCSeed Lo LL8CM. LL8CM offers a reglsLer named LL8CM ConLrol 8eglsLer (LLC8) LhaL holds Lhe
sLaLus of LL8CM. 8lL 1 of Lhe LLC8 ls Lhe LLL LL8CM rogrammlng Lnable (LLL) blL. When Lhe
programmer ls ready Lo wrlLe Lo LL8CM, Lhe LLL blL musL be seL Lo one. AfLer seLLlng Lhe LLL blL Lo
one, Lhe Cu ls halLed for Lwo cycles before Lhe nexL lnsLrucLlon ls execuLed. lL ls very lmporLanL LhaL
Lhe program noL aLLempL Lo wrlLe Lo LL8CM whlle anoLher wrlLe Lo LL8CM ls already Laklng place.
uue Lo Lhls, Lhe code shown above conLalns a loop LhaL conLlnues Lo loop unLll Lhe LLL blL ls zero. 1he
flrsL llne of Lhe loop (sblc LLC8, LLL) sklps Lhe nexL lnsLrucLlon lf Lhe blL ln quesLlon (LLL) ls clear,
meanlng LhaL lL ls seL Lo zero. 1he LranslaLlon ls LhaL lf LLL ls seL Lo zero, Lhere ls no oLher LL8CM
wrlLe Laklng place, so Lhe r[mp wrlLerngeeprom lnsLrucLlon can be sklpped. 1hls prevenLs Lhe loop from
looplng agaln and conLlnues wlLh Lhe nexL lnsLrucLlon ln Lhe wrlLerngeeprom rouLlne. lf LLL ls noL seL
Lo zero, Lhe r[mp wrlLerngeeprom lnsLrucLlon ls noL sklpped and ls Lhus execLuLed, whlch beglns Lhe loop
agaln. 1hls ls referred Lo as a polllng looop. As a slde noLe, Lhe programmer musL be sure LhaL an
lnLerrupL noL Lake place durlng an LL8CM wrlLe. Powever, because Lhls LL8CM wrlLe ls occurrlng
lnslde of an lnLerrupL, Lhls ls noL a concern for Lhls code.

ldl 8nCCounLer, 0x00

lf program execuLlon has enLered Lhe wrlLerngeeprom rouLlne, lL ls because 8nCCounLer became equal
Lo elghL. now 8nCCounLer musL be reseL Lo zero so LhaL Lhe Lally on Lhe nexL byLe of 8nCSeed can
begln.

ouL LLA8P, r26
ouL LLA8L, r23

ln Lhe A190uS81287, LL8CM ls 4096 byLes ln slze (approxlmaLely 4k8). 1he byLe addresses of LL8CM
Lherefore range from 0 Lo 4093. 8ecause Lhe maxlmum number LhaL one byLe can represenL ls 233 (lf all
blLs are 1, as ln 11111111), Lhe full range of LL8CM addresses requlres Lwo byLes. Accordlngly, Lhe
A190uS81287 has Lwo reglsLers Lo represenL LL8CM addresses, named LLA8P (hlgh byLe) and LLA8L
(and low byLe). LLA8L represenLs LL8CM addresses 0 - 233 and LLA8P represenLs LL8CM addresses
236 - 4096. LLA8P only needs Lhe use of lLs 8lLs 0-3 because 4096 can be represenLed wlLh 12 blLs (8
from LLA8L and 8lLs 0-3 of LLA8P).

r23 and r26 hold Lhe addresses of LLA8L and LLA8P, respecLlvely, LhaL correspond Lo Lhe byLe of
LL8CM Lo whlch Lhe nexL byLe of daLa wlll be wrlLLen. ln order Lo maxlmlze Lhe amounL of daLa LhaL
can be sLored ln LL8CM, Lhls program beglns wrlLlng Lo LL8CM aL address 0. 823 and r26 are
accordlngly seL Lo zero ln Lhe maln rouLlne. 823 and r26 are lncremenLed accordlngly ln Lhe lnLerrupL Lo
ensure LhaL byLes of daLa are wrlLLen Lo LL8CM sequenLlally. 1hls ensures LhaL every byLe of LL8CM
ls wrlLLen Lo ln numerlcal order. 1he sLeps shown above (ouL LLA8P, r26 $), ouL LLA8L, r23) load Lhe
proper values lnLo LLA8P and LLA8L so LhaL daLa ls wrlLLen Lo Lhe correcL byLe ln LL8CM.

ouL LLu8, 8nCSeed

LL8CM conLalns a daLa reglsLer named LL8CM uaLa 8eglsLer, or LLu8. LLu8 conLalns Lhe byLe of
daLa Lo be wrlLLen Lo LL8CM. 1he sLaLemenL above loads Lhe conLenLs of 8nCSeed lnLo LLu8 so LhaL
8nCSeed may be wrlLLen Lo LL8CM.

sbl LLC8,LLML
sbl LLC8,LLL

8lL 2 of LL8CM ls Lhe LL8CM MasLer rogrammlng Lnable (LLML) blL. As dlscussed above, when
Lhe programmer ls ready Lo wrlLe Lo LL8CM, Lhe LLL blL musL be seL Lo one. Powever, no wrlLlng Lo
LL8CM wlll occur unless Lhe LLML blL ls also seL Lo one. 1he LLML blL ls reseL Lo zero ln four cycles
afLer Lhe LLML blL ls seL Lo one. ConsequenLly, afLer Lhe LLML blL ls seL, wrlLlng Lo LL8CM wlll occur
only lf Lhe LLL blL ls seL Lo one wlLhln four clock cycles. lf noL, LLML wlll Llme ouL and be seL Lo zero.
1hls ls why Lhe LLL blL ls seL Lo one (uslng Lhe sbl command) lmmedlaLely afLer LLML ls seL Lo one
(uslng Lhe sbl command). AfLer performlng boLh of Lhese commands, Lhe byLe ln Lhe LLu8 reglsLer
(whlch conLalns Lhe conLenLs of Lhe 8nCSeed reglsLer) wlll be wrlLLen Lo Lhe nexL byLe ln LL8CM. 1hls
ls how random daLa generaLed by Lhe LhermlsLor ls wrlLLen Lo LL8CM.

cp r23, lull8eglsLer
breq overflowrng

1hls segmenL of code ls deslgned Lo address Lhe overflow lssue ln LL8CM. As dlscussed above, Lhe full
range of byLe addresses ln LL8CM requlres Lhe use of Lwo reglsLers, LLA8P and LLA8L. ln Lhls
program, Lhe reglsLers r23 and r26 hold Lhe values of Lhe nexL byLe ln LL8CM Lo whlch Lhe currenL
value of 8nCSeed ls wrlLLen. 823 and r26 correspond dlrecLly Lo LLA8L and LLA8P, respecLlvely.
8ecause of Lhe need for Lwo reglsLers, a slmple lncremenL wlll noL sufflce. 1here has Lo be some meLhod
of organlzaLlon beLween r23 and r26 Lo ensure LhaL all byLe addresses ln LL8CM are used. Conslder
Lhe followlng example. Suppose r23 ls currenLly seL Lo 11111111 (0xll) and r26 ls currenLly seL Lo
00000000 (0x00). 1hls corresponds Lo byLe address 233 (recall LhaL byLe addresses ln LL8CM range
from 0 Lo 4093, for a LoLal of 4096 byLes). 1he nexL byLe address should be 236, whlch would
correspond Lo r23 belng seL Lo 00000000 (0x00) and r26 belng seL Lo 00000001 (0x01). Powever, slmply
lncremenLlng r23 wlll noL converL 11111111 (0xll) Lo 00000000 (0x00) [for r23] $), 00000000 (0x00) Lo
00000001 (0x01) [for r26]. An overflow mechanlsm musL Lherefore be lmplemenLed for slLuaLlons such
as Lhls. 1he overflow mechanlsm ls only necessary when r23 equal 11111111 (0xll) because LhaL ls
when Lhe lncremenL needs Lo overflow lnLo r26. 1he llnes of code shown above address Lhls slLuaLlon.
1he lull8eglsLer reglsLer ls seL Lo 0xll ln Lhe maln rouLlne and ls noL changed aL any locaLlon ln Lhe code.
1he cp command compares Lhe value of r23 Lo Lhe sLaLlc value of lull8eglsLer (whlch ls always 0xll ln
Lhls code). lf Lhe Lwo reglsLers are equal, Lhe breq command branches and program conLrol ls senL Lo
Lhe overflowrng rouLlne. Cverflowrng handles Lhe overflow and reLurns program conLrol Lo Lhe nexL
llne of code afLer Lhe breq overflowrng" llne (wrlLerngeepromll: ). noLe LhaL ln order Lo reLurn conLrol
Lo Lhe llne of code followlng breq overflowrng", LhaL llne of code has Lo be a rouLlne so LhaL Lhe r[mp
command has a rouLlne Lo whlch Lo perform a relaLlve [ump. 8[mp cannoL perform a relaLlve [ump Lo a
llne of code LhaL ls noL Lhe label of a rouLlne. lf Lhe r23 and lull8eglsLer reglsLers are noL equal, Lhe
breq overflowrng" llne of code ls sklpped alLogeLher and Lhe llne of code afLer breq overflowrng"
(wrlLerngeepromll: )ls execuLed.

ln order Lo effecLlvely demonsLraLe Lhe loglc of Lhe code, Lhe overflowrng rouLlne wlll now be examlned.

overflowrng:

lnc r26

ldl r23, 0x00

ldl Cverllow8eg, 0xll

r[mp wrlLerngeepromll

1he proper meLhod of handllng Lhe overflow ls Lo lncremenL r26 and reseL r23 Lo zero, as shown ln Lhe
overflow example glven above. 1he flrsL Lwo llnes of code ln overflowrng handle Lhese Lasks. 1he nexL
llne of code ls ldl Cverllow8eg, 0xll". 1he Cverllow8eg reglsLer ls a sLaLus flag LhaL lndlcaLes wheLher
an overflow has [usL been performed. lf Cverllow8eg ls zero, no overflow has [usL Laken place, lf
Cverllow8eg ls 0xll, an overflow has [usL Laken place. 8ecause an overflow has [usL Laken place ln Lhe
overflowrng rouLlne, Lhe Cverllow8eg reglsLer ls seL Lo 0xll ln Lhe ldl Cverllow8eg, 0xll" command.
LasLly, as descrlbed above, program conLrol ls Lransferred Lo Lhe wrlLerngeepromll rouLlne uslng Lhe
r[mp wrlLerngeepromll" command.

wrlLerngeepromll:

cpse Cverllow8eg, lull8eglsLer
lnc r23

ldl Cverllow8eg, 0x00

1he cpse Cverllow8eg, lull8eglsLer" command deLermlnes wheLher an overflow has [usL been
performed. lL does so by LesLlng wheLher Cverllow8eg ls equal Lo lull8eglsLer, Lhe laLLer of whlch ls
always seL Lo 0xll. lf so, an overflow has [usL been performed (as descrlbed above), and so Lhe cpse
sLaLemenL sklps Lhe nexL command (lnc r23). lnc r23" musL be sklpped ln Lhe evenL of an overflow
because r23 ls reseL Lo zero ln Lhe overflowrng rouLlne. lf r23 were Lhen lncremenLed agaln, a byLe ln
LL8CM would be mlssed enLlrely. 1hls ls obvlously noL Lhe proper meLhod Lo handle an overflow, so
Lhe lnc r23" command ls sklpped lf Cverllow8eg equals lull8eglsLer (l.e. ln Lhe evenL of an overflow). lf
Lhere has been no overflow, cpse Cverllow8eg, lull8eglsLer" evaluaLes Lo false and Lhus lnc r23" ls
execuLed. 1hls ls done so LhaL Lhe nexL byLe of LL8CM wlll be wrlLLen Lo durlng Lhe nexL lnLerrupL.
LasLly, now LhaL Lhe overflow has been properly handled (lf one has Laken place), Lhe Cverllow8eg
sLaLus flag ls reseL Lo zero, whlch lndlcaLes no overflow for Lhe nexL Llme an lnLerrupL occurs.

flnlshlnLerrupL:

pop r17
pop r16
ouL S8LC, r16
pop r16
reLl

As descrlbed above, Lhe flnlshlnLerrupL rouLlne flnlshes Lhe lnLerrupL and reLurns conLrol Lo Lhe reLurn
address where program conLrol was sLopped Lo perform Lhe lnLerrupL. All reglsLers used ln Lhe lnLerrupL
(l.e. S8LC, r16, and r17) are reseL Lo Lhe values Lhey held before Lhe lnLerrupL by popplng Lhese saved
values off Lhe sLack. 1he reLl" command reLurns program conLrol Lo Lhe reLurn address, whlch ls saved
on Lhe sLack.

Maln

8elow ls Lhe flrsL porLlon of Lhe maln rouLlne:

maln:
wdr , 8eseL waLchdog Llmer

ldl r16, 0xl0 , Lnable 816's blLs 7-4 (1111 0000)
ouL uu8u, r16 , SeL orLu[7-4] as ouLpuL (leds)

ldl r16, 0xCl , ulsable 816's blLs 3-4 (1100 1111)
ouL uu8L, r16 , SeL orLL[3-4] as lnpuL (!oysLlck: 8lghL & uown)

ldl r16, 0x1l , ulsable 816's blLs 7-3 (0001 1111)
ouL uu88, r16 , SeL orL8[7-3] as lnpuL (!oysLlck: SelecL,up & LefL)

, 8eseL [oysLlc's porLs
ldl r16, 0x30 , Lnable 816's blLs 3-4 (0011 0000)
ouL orLL, r16
ldl r16, 0xL0 , Lnable 816's blLs 7-3 (1110 0000)
ouL orL8, r16

1hls porLlon of maln was copled verbaLlm from Lhe LlghLs program LhaL was glven and explalned Lo
sLudenLs ln Lhe flrsL week of Lhe CompuLer SecurlLy ArchlLecLure course. lL ls Lherefore assumed LhaL
any reader of Lhls reporL wlll have had experlence wlLh Lhls segmenL of code. no furLher dlscourse on
Lhe sub[ecL ls needed as a resulL.

ldl r16, low(8AMLnu)
ouL SL, r16
ldl r16, hlgh(8AMLnu)
ouL SP, r16

1he purpose of Lhls code segmenL ls Lo lnlLlallze Lhe sLack for use. 1he use of Lhe sLack ls necessary ln
Lhls program because Lhls program lmplemenLs lnLerrupLs, as dlscussed ln Lhe 8nC secLlon. When uslng
Lhe A190uS81287 mlcroconLroller, Lhe on-board sLaLlc 8AM (S8AM) memory ls used Lo funcLlon as Lhe
sLack. 1he sLack musL flrsL be lnlLlallzed before use by properly conflgurlng Lhe sLack polnLer (S). 1he
S ls a Lwo-byLe polnLer LhaL can be accessed ln Lhe same manner as a porL. 1he Lwo byLes of S are
SLack olnLer Plgh (SP) and SLack olnLer Low (SL). SP holds Lhe mosL slgnlflcanL address byLe
(MS8), SL holds Lhe leasL slgnlflcanL address byLe (LS8). 1hls ls slmllar Lo Lhe LLA8P and LLA8L byLes of
LL8CM.

1he code segmenL above lnlLlallzes Lhe sLack by seLLlng Lhe S Lo Lhe hlghesL address of S8AM, labeled
8AMLnu. As ls LradlLlonally Lrue wlLh sLack archlLecLure, Lhe sLack of Lhe A190uS81287 grows
downward, sLarLlng from hlgher addresses and movlng downward Loward lower addresses. 1hls ls why
Lhe S ls lnlLlallzed Lo Lhe hlghesL address of S8AM and noL Lhe lowesL address. 8AMLnu represenLs Lhe
hlghesL address of S8AM and ls hardware-speclflc. 1he aforemenLloned usb1287def.lnc flle for Lhe
A190uS81287 hardware has Lhe followlng llne Lo glve Lhe Lwo-byLe address of 8AMLnu:

.equ 8AMLnu = 0x20ff

0x20ll ls Lherefore Lhe hlghesL address of S8AM ln Lhe A190uS81287. 1he MS8 and LS8 of Lhls address
are 0x20 and 0xll, respecLlvely. uue Lo Lhls, hlgh(8AMLnu) evaluaLes Lo 0x20 and low(8AMLnu)
evaluaLes Lo 0xll. 1hese addresses are loaded lnLo SP and SL, respecLlvely, uslng Lhe code segmenL
shown above. Cnce SP and SL are lnlLlallzed, Lhe programmer can make use of Lhe sLack.

ldl r16, 0b01000000
sLs AuMux, r16

8ecall from Lhe 8nC secLlon Lhe AuMux componenL of Lhe A190uS81287. 1hls segmenL of code seLs
Lhe conflguraLlon of AuMux LhaL deflne how AuMux wlll be used LhroughouL Lhe program. 1he
usb1287def.lnc flle shows LhaL Lhe blLs of AuMux represenL Lhe followlng conflguraLlons:

, ***** Au_CCnvL81L8 *****************
, AuMux - 1he AuC mulLlplexer SelecLlon 8eglsLer
.equ Mux0 = 0 , Analog Channel and Caln SelecLlon 8lLs
.equ AuLA8 = 3 , LefL Ad[usL 8esulL
.equ 8LlS0 = 6 , 8eference SelecLlon 8lL 0
.equ 8LlS1 = 7 , 8eference SelecLlon 8lL 1

1he numbers 0 -7 shown above correspond Lo Lhe elghL blLs of Lhe AuMux reglsLer. SeLLlng any of Lhese
blLs Lo 1 enables Lhe correspondlng feaLure, seLLlng any of Lhese blLs Lo 0 dlsables Lhe correspondlng
feaLure. 1he code segmenL shown above lndlcaLes LhaL Lhe 8eference SelecLlon 8lL 0" (8lL 6) was
enabled and LhaL Lhe remalnlng feaLures (8lL 1-3 and 8lL 7) were dlsabled. 8esearch from varlous slLes
such as Lhose glven ln Lhe 8eferences" secLlon of Lhls reporL suggesLed Lo dlsable all of Lhe feaLures of
AuMux. unforLunaLely, Lhls dld noL produce Lhe lnLended resulLs. 1rlal and error ulLlmaLely provlded
Lhe soluLlon, whlch was Lo enable Lhe 8eference SelecLlon 8lL 0.

ldl r16, 0b11101111
sLs AuCS8A, r16

1he AuCS8A reglsLer ls a reglsLer assoclaLed wlLh Lhe AuC compononenL of Lhe A190uS81287, [usL as ls
Lhe AuMux reglsLer. As wlLh Lhe AuMux reglsLer (dlscussed above), Lhe blLs of Lhe AuCS8A reglsLer all
represenL varlous conflguraLlons LhaL can be enabled or dlsabled. 1he usb1287def.lnc flle glves Lhe
followlng LexL regardlng Lhe AuCS8A reglsLer's blLs:

, AuCS8A - 1he AuC ConLrol and SLaLus reglsLer
.equ AuS0 = 0 , AuC rescaler SelecL 8lLs
.equ AulL = 3 , AuC lnLerrupL Lnable
.equ Aull = 4 , AuC lnLerrupL llag
.equ AuA1L = 3 , AuC AuLo 1rlgger Lnable
.equ AuSC = 6 , AuC SLarL Converslon
.equ AuLn = 7 , AuC Lnable

!usL as wlLh Lhe AuMux reglsLer, each of Lhese feaLures can be enabled by seLLlng Lhe blL Lo one, and
dlsabled by seLLlng Lhe blL Lo zero. 1he code segmenL shown above glves Lhe conflguraLlon used ln Lhls
pro[ecL. 8elow ls an explanaLlon of each:

8lLs 0-2 deLermlne Lhe dlvlslon facLor beLween Lhe x1AL frequency and Lhe lnpuL clock Lo Lhe
AuC", as sLaLed aL hLLp://www.analoglab.com/adc.hLml. WhaL Lhls quoLe means ls beyond Lhe
scope of Lhls pro[ecL and Lhls reporL. lL ls sufflclenL Lo say LhaL emplrlcal LesLlng and daLa
showed LhaL Lhe opLlmum conflguraLlon of Lhese Lhree blLs for Lhe goals of Lhls pro[ecL was
111.
8lL 3 ls Lhe AuC lnLerrupL Lnable. 1hls blL musL be enabled for Lhe AuC Converslon lnLerrupL Lo
Lrlgger, so obvlously Lhls musL be seL Lo one.
8lL 4 ls Lhe AuC lnLerrupL llag. 1he hardware of Lhe A190uS81287 modlfles Lhls blL based on
wheLher an AuC conversLlon lnLerrupL has been compleLed. As such, Lhe programmer need
noL concern hlmself/herself wlLh Lhls blL. 1hls blL should be dlsabled (zero) aL flrsL because no
lnLerrupL has yeL Laken place.
8lL 3 ls Lhe AuC AuLo 1rlgger Lnable. SeLLlng Lhls blL Lo one enables lree 8unnlng mode, ln
whlch Lhe AuC conLlnuously updaLes Lhe hardware wlLh new values. 8ecause Lhe programmer
needs Lo generaLe large amounLs of random daLa, Lhls blL needs Lo be enabled. 1he alLernaLlve
(seLLlng Lhe blL Lo zero) represenLs Slngle Converslon mode, ln whlch only one lnLerrupL rouLlne
ls Lrlggered.
8lL 6 ls Lhe AuC SLarL Converslon. 1hls blL should be seL when Lhe programmer ls ready Lo begln
Lhe flrsL AuC conversLlon lnLerrupL, so lL should be seL Lo one.
8lL 7 ls Lhe AuC Lnable. SeLLlng Lhls blL enables Lhe AuC ln general, so Lhls blL should be seL Lo
one.

ldl 8nCSeed, 0x00
ldl revSeed, 0x00
ldl 1empSeed, 0x00
ldl 8nCSeed, 0x00
ldl ZeroCounLer, 0x00
ldl lull8eglsLer, 0xll
ldl r26, 0x00
ldl r23, 0x00
ldl LlghL8eglsLer, 0x08

1hls llsL ls slmply Lhe lnlLlallzaLlons of all reglsLers used ln Lhls program.

Sel

Sel ls Lhe command needed Lo enable Lhe lnLerrupL blL on Lhe SLaLus 8eglsLer (S8LC). lf Lhe lnLerrupL blL
on S8LC ls clear, no lnLerrupLs can Lake place. lf Lhe lnLerrupL blL on S8LC ls seL, lnLerrupLs can begln
Laklng place. Cbvlously, Lhls blL needs Lo be seL.

loop:

wdr

ln r17, ln8
ln r18, lnL

sbrs r17, 6
r[mp prng

sbrs r18, 4
r[mp prng

sbrs r17, 7
r[mp prng

sbrs r18, 3
r[mp prng

sbrs r17, 3
r[mp prng

r[mp loop

1hls loop ls analogous Lo Lhe LedLoop" of Lhe LlghLs program LhaL sLudenLs analyzed ln Lhe flrsL week of
Lhe CompuLer SecurlLy ArchlLecLure class. 1he purpose of Lhls loop ls Lwofold. llrsL, because Lhe lasL
llne of Lhls loop ls r[mp loop", lL ensures LhaL Lhe program runs conLlnuously wlLhouL sLopplng. 1hls ls
vlLal because Lhe 8nC needs Lo gaLher large amounLs of daLa. lf Lhe program sLops, no more daLa can
be gaLhered. Addlng Lhe loop: . . . r[mp loop" sLaLemenLs Lo Lhls program ensures LhaL Lhe program wlll
run lndeflnlLely. Second, Lhls loop glves Lhe user Lhe opLlon Lo move Lhe [oysLlck ln any dlrecLlon Lo
[ump Lo Lhe prng rouLlne. As wlll be dlscussed below, when Lhe prng rouLlne ls accessed, all 8nC and
lnLerrupL funcLlonallLy ceases, and pseudorandom daLa ls generaLed.

Weak 8nC (LlS8)

A flowcharL of Lhe weak 8nC (LlS8) algorlLhm ls shown below:

prng:

cll

sLs AuCS8A, ZeroCounLer

1hese are Lhe flrsL Lwo llnes of Lhe prng rouLlne. 1he flrsL prlorlLy of Lhe prng rouLlne ls Lo compleLely
dlsable all lnLerrupLs. When Lhe prng rouLlne ls called, lL ls assumed LhaL Lhe user has flnlshed gaLherlng
random daLa uslng Lhe AuC Converslon lnLerrupL rouLlne, and would llke Lo use LhaL random daLa as
lnpuL lnLo Lhe 8nC. no furLher random daLa need be collecLed, Lhe lnLerrupL funcLlonallLy should be
dlsabled as a resulL. ulsabllng Lhe lnLerrupL funcLlonallLy ls also necessary Lo avold dlsrupLlng or
lnLerferlng wlLh Lhe prng rouLlne. Accordlngly, Lhe cll command clears Lhe lnLerrupL blL on Lhe SLaLus
8eglsLer (S8LC). 1hls ls Lhe opposlLe effecL of Lhe sel command. When Lhe lnLerrupL blL on S8LC ls
cleared, no furLher lnLerrupLs can Lake place. AlLhough lL should noL be necessary, Lhls program also
clears all of Lhe AuC enable blLs of Lhe AuCS8A reglsLer as a redundanL means of cancellng Lhe AuC
Converslon lnLerrupL.

ldl r23, 0x00
ldl r26, 0x00

1hese are sLandard lnlLlallzaLlons Lo prepare for Lhe prng rouLlne.

wrlLeprngeeprom:

sblc LLC8,LLL
r[mp wrlLeprngeeprom

wdr

1hls ls Lhe beglnnlng of Lhe wrlLeprngeeprom rouLlne. 1he flrsL Lwo llnes of Lhls rouLlne are Lhe polllng
loop Lo ensure LhaL Lhe LLL blL of LLC8 ls clear (see Lhe 8nC secLlon for more deLalls). 1he nexL
command, wdr, slmpl clears Lhe waLchdog.


8ecall from Lhe 8nC secLlon LhaL 8nCSeed was noL wrlLLen Lo LL8CM unLll all of Lhe elghL blLs ln Lhe
8nCSeed byLe were rewrlLLen wlLh fresh random daLa. 1hls was done Lo prevenL unnecessary paLLerns
from formlng. 1he same meLhodology ls used for Lhe prng rouLlne. 8nCCounLer ls Lhe counLer LhaL
sLores Lhe number of blLs of 8nCSeed LhaL have been replaced wlLh fresh pseudorandom daLa.
8nCCounLer ls seL Lo elghL and ls decremenLed every Llme a new blL ls added Lo 8nCSeed. When
8nCCounLer reaches zero, 8nCSeed ls wrlLLen Lo LL8CM.

mov 8nC8yLelorLLrom, 8nCSeed

ouL LLA8P, r26
ouL LLA8L, r23

ouL LLu8, 8nC8yLelorLLrom

sbl LLC8,LLML
sbl LLC8,LLL

As dlscussed above, when 8nCCounLer reaches zero, 8nCSeed ls wrlLLen Lo LL8CM. 1he code
segmenL shown above ls Lhe algorlLhm used Lo do Lhls. lL ls mosLly ldenLlcal Lo Lhe algorlLhm used ln Lhe
8nC secLlon Lo wrlLe 8nCSeed Lo LL8CM. ln Lhls case, 8nCSeed ls flrsL copled Lo anoLher reglsLer
(8nC8yLeforLLrom), and LhaL reglsLer (8nC8yLeforLLrom) ls Lhen wrlLLen Lo LL8CM.

breq overflowprng

wrlLeprngeepromll:

lnc r23


8ecause Lhe prng rouLlne wrlLes Lo all byLes of LL8CM (address byLes 0 - 4096), [usL as does Lhe 8nC
rouLlne, lL uses Lhe same meLhodology and algorlLhms as does Lhe 8nC rouLlne Lo wrlLe Lo LL8CM.
1he code segmenL shown above ls ldenLlcal Lo Lhe correspondlng code segmenL ln Lhe 8nC rouLlne
because Lhe algorlLhm ls exacLly Lhe same. lor a more deLalled dlscusslon on whaL Lhls code segmenL
does, Lhe reader ls encouraged Lo revlew Lhe 8nC secLlon.

lfsr:

mov revSeed, 8nCSeed

mov 1empSeed, 8nCSeed

lsl 1empSeed
lsl 1empSeed

eor revSeed, 1empSeed

lsl 1empSeed


lsl 1empSeed


1he code segmenL shown above ls Lhe beglnnlng of Lhe lfsr rouLlne. 1he lfsr rouLlne ls where Lhe Llnear
leedback ShlfL 8eglsLer (LlS8) algorlLhm ls acLually performed. ln order Lo undersLand Lhe lfsr rouLlne, lL
ls necessary Lo revlew Lhe general LlS8 algorlLhm.

1he llbonaccl LlS8 algorlLhm works as follows:

1) A reglsLer conLalnlng a predeLermlned number of blLs ls fllled wlLh ones and zeroes. 1hls ls Lhe
seed of Lhe LlS8. ln Lhls pro[ecL, because Lhe A190uS81287 offers 8-blL reglsLers, Lhe LlS8 seed
was deLermlned Lo have 8 blLs.
2) 1he Laps" are chosen. 1he Laps are Lhe blLs wlLhln Lhe reglsLer LhaL wlll be used Lo deLermlne
Lhe nexL blL generaLed by Lhe LlS8. 1he llsL of Laps ln Lhe LlS8 ls referred Lo as Lhe Lap
sequence.
3) lL ls Lo Lhe user's advanLage Lo choose Laps LhaL produce a maxlmum LlS8. A maxlmum LlS8
wlll cycle Lhrough all posslble sLaLes of ones and zeroes LhaL Lhe reglsLer can assume (excepL for
Lhe sLaLe ln whlch all blLs are zero, whlch wlll never change, no maLLer how many lLeraLlons)
before repeaLlng a sLaLe. lncreaslng Lhe number of unlque sLaLes LhaL Lhe LlS8 produces before
repeaLlng a sLaLe ls advanLageous so LhaL paLLerns do noL form ln Lhe pseudorandom daLa. 1he
user ls Lhus advlsed Lo choose Laps LhaL produce a maxlmal LlS8. ln Lhls pro[ecL, Lhe Lap
sequence ls Lhe 8
Lh
blL, Lhe 6
Lh
blL, Lhe 3
Lh
blL, and Lhe 4
Lh
blL, whlch ls labeled [8, 6, 3, 4].
4) 1he values of Lhe Laps are LC8ed LogeLher Lo form Lhe nexL blL Lo be added Lo Lhe reglsLer.
8ecause Lhe [8, 6, 3, 4] Lap sequence was chosen for Lhls pro[ecL, Lhe 8
Lh
, 6
Lh
, 3
Lh
, and 4
Lh
blLs are
LC8ed LogeLher Lo produce Lhe nexL blL Lo be added Lo Lhe reglsLer.
3) 1he blLs of Lhe reglsLer are shlfLed elLher one blL Lo Lhe lefL or one blL Lo Lhe rlghL. 1he blL
generaLed ln sLep four ls copled lnLo Lhe vacanL blL LhaL remalned from Lhe shlfL of Lhls sLep.
6) 1hls procedure ls repeaLed Lo conLlnuously generaLe pseduorandom daLa.

1o reLurn Lo Lhe code of Lhls pro[ecL:

lfsr:



1he conLenLs of 8nCSeed are copled Lo Lhe revSeed and 1empSeed reglsLers so LhaL Lhese Lwo
reglsLers can perform Lhe LlS8 algorlLhm.

lsl 1empSeed
lsl 1empSeed


8ecause Lhe Lap sequence ls [8, 6, 3, 4], Lhe flrsL sLep ls Lo LC8 Lhe 8
Lh
and 6
Lh
blLs. 1empSeed ls shlfLed
Lo Lhe lefL Lwlce Lo lsolaLe 8lL 6 of 1empSeed ln Lhe lefLmosL blL poslLlon. now revSeed holds Lhe 8
Lh
blL
of 8nCSeed ln lLs lefLmosL blL poslLlon, and 1empSeed holds Lhe 6
Lh
blL of 8nCSeed ln lLs lefLmosL
poslLlon. 1he LC8 operaLlon beLween revSeed and 1empSeed wlll LC8 Lhese Lwo lefLmosL blLs and
sLore Lhe resulL ln Lhe lefLmosL blL of revSeed. revSeed now holds Lhe resulL of Lhe LC8 operaLlon of
Lhe 8
Lh
and 6
Lh
blLs of 8nCSeed, as deslred.

lsl 1empSeed


1empSeed ls now shlfLed lefL so LhaL Lhe 3
Lh
blL of 8nCSeed ls now ln Lhe lefLmosL blL poslLlon of
1empSeed. 1hls blL ls LC8ed wlLh revSeed and sLored ln revSeed. 1hls ls equlvalenL Lo Laklng Lhe
resulL of Lhe LC8 of Lhe 8
Lh
and 6
Lh
blLs of 8nCSeed (Lhe sLep [usL compleLed) and LC8lng lL wlLh Lhe 3
Lh

blL of 8nCSeed. 1he resulL ls sLored ln revSeed because revSeed ls Lhe flrsL operand ln Lhe LC8
command.

lsl 1empSeed


LasLly, 1empSeed ls shlfLed lefL so LhaL Lhe 4
Lh
blL of 8nCSeed ls now ln Lhe lefLmosL blL poslLlon of
1empSeed. 1hls blL ls LC8ed wlLh revSeed and sLored ln revSeed. 1hls ls equlvalenL Lo Laklng Lhe
resulL of Lhe LC8 of Lhe 8
Lh
, 6
Lh
, and 3
Lh
blLs of 8nCSeed (Lhe sLep [usL compleLed) and LC8lng lL wlLh
Lhe 4
Lh
blL of 8nCSeed. 1hls compleLes Lhe Lap sequence, as Lhe 8
Lh
, 6
Lh
, 3
Lh
, and 4
Lh
blLs of 8nCSeed
have now been LC8ed. 1he resulL of Lhls operaLlon ls sLored ln Lhe lefLmosL blL of revSeed.

lsr 8nCSeed

andl revSeed, 0b10000000
or 8nCSeed, revSeed

LssenLlally, Lhe purpose of Lhls algorlLhm ls as follows. 8nCSeed ls shlfLed Lo Lhe rlghL once Lo make
room for Lhe newesL blL generaLed ln Lhe sLeps above. 1hls means LhaL 8lL 7 (lefLmosL blL) ls now vacanL
and ready Lo accepL Lhe newesL generaLed blL. 1he Lhree llnes of code LhaL follow copy Lhe lefLmosL blL
of revSeed (newesL generaLed blL, as descrlbed above) lnLo Lhe lefLmosL blL of 8nCSeed. 1hls
algorlLhm ls ldenLlcal Lo LhaL used ln Lhe 8nC rouLlne. 1he reader ls encouraged Lo revlew LhaL secLlon
ln Lhe 8nC explanaLlon for more deLall.

dec 8nCCounLer

now LhaL a new blL of pseudorandom daLa has been added Lo 8nCSeed, Lhe 8nCCounLer can be
decremenLed.

cpse ZeroCounLer, 8nCCounLer
r[mp lfsr


1he flrsL sLaLemenL of Lhe code segmenL shown above LesLs Lo see lf ZeroCounLer ls equal Lo
8nCCounLer. ZeroCounLer ls a reglsLer LhaL sLaLlcally sLores 0x00. ZeroCounLer was lnlLlallzed ln Lhe
maln rouLlne Lo hold 0x00 and lLs value ls never changed LhroughouL Lhe program. As a resulL,
comparlng ZeroCounLer Lo 8nCCounLer ls acLually a LesL Lo deLermlne lf 8nCCounLer equals 0x00. lf
8nCCounLer does equal zero, lL means LhaL Lhe lfsr rouLlne has been performed elghL Llmes. 1hls
means LhaL each of Lhe elghL blLs ln Lhe 8nCSeed byLe has been replaced by freshly generaLed
pseduorandom daLa. lf Lhls ls Lhe case, Lhe cpse ZeroCounLer, 8nCCounLer" sLaLemenL wlll evaluaLe
Lo Lrue, whlch wlll cause program conLrol Lo sklp Lhe nexL sLaLemenL (r[mp lfsr). rogram conLrol wlll
Lherefore be Lransferred Lo Lhe r[mp wrlLeprngeeprom" sLaLemenL. 1he wrlLeprngeeprom rouLlne wlll
Lhen be execuLed, as dlscussed above, Lhls wlll cause 8nCSeed Lo be wrlLLen Lo LL8CM. Cn Lhe oLher
hand, lf 8nCCounLer ls noL equal Lo 0x00, lL means LhaL lfsr has noL been yeL been performed elghL
Llmes. ln Lhls case, Lhe lfsr needs Lo be run agaln. 1he cpse ZeroCounLer, 8nCCounLer" sLaLemenL wlll
evaluaLe Lo false, Lhe r[mp lfsr" sLaLemenL wlll noL be sklpped and wlll be execuLed Lhls Llme, and
program conLrol wlll be Lransferred Lo Lhe lfsr rouLlne Lo be run agaln.

overflowprng:

ldl 8nCSeed, 0b00010000

cp r26, 8nCSeed
breq endprogramloop

lnc r26

ldl r23, 0x00


r[mp wrlLeprngeepromll

endprogramloop:

r[mp endprogramloop

1he lasL porLlon of code ls Lhe overflow rouLlne used for Lhe prng (overflowprng). 1hls rouLlne ls almosL
ldenLlcal Lo Lhe overflow rouLlne used for Lhe rng (overflowrng), wlLh one excepLlon. WlLh Lhe 8nC, Lhe
program allows LL8CM Lo be overwrlLLen lndeflnlLely. As long as Lhe user does noL LermlnaLe Lhe
program, LL8CM wlll conLlnue Lo wrlLe over lLself. 1hls ls noL Lhe case wlLh Lhe 8nC ln order Lo
provlde Lhe programmer wlLh bullL-ln debugglng and LesLlng. When Lhe 8nC rouLlne ls called, Lhe
program flrsL wrlLes ouL Lhe seed used for Lhe 8nC Lo LL8CM aL byLe address zero. 1hls ls a good LesL
Lo deLermlne lf Lhe 8nC ls worklng correcLly because Lhe flrsL byLe of LL8CM should always be Lhe
seed of Lhe 8nC. lf Lhe program allows Lhe 8nC Lo freely overwrlLe LL8CM as does Lhe 8nC, Lhls
seed aL byLe address zero wlll be overwrlLLen. 1he code segmenL shown above lncludes Lhe followlng
code Lo prevenL Lhls from happenlng:


cp r26, 8nCSeed
breq endprogramloop

.

.

.

endprogramloop:

r[mp endprogramloop

As prevlously descrlbed, LL8CM ranges from byLe addresses 0 - 4093. ln order Lo prevenL LL8CM
from belng overwrlLLen, Lhe program needs Lo sLop when Lhe LLA8P and LLA8L reglsLers evaluaLe Lo
4096. 8ecall LhaL Lhls program conLrols LLA8P and LLA8L wlLh reglsLers r26 and r23, respecLlvely.
ConsequenLly, when r26 and r23 evaluaLe Lo 4096, Lhe program should LermlnaLe. 826 and r23 evaluaLe
Lo 4096 when r26 ls equal Lo 0b00010000 and r23 ls equal Lo 0b00000000 because 2 ^ 12 = 4096 (Lhe blL
LhaL ls seL Lo one ln r26 ls Lhe 12
Lh
blL of r26 and r23).. lL ls sufflclenL, Lhough, Lo slmply LesL Lo
deLermlne lf r26 ls equal Lo 0b00010000. 1hls ls whaL Lhe flrsL Lwo llnes of Lhe sub-code snlppeL shown
above does. lf r26 does noL equal 0b00010000, Lhe program conLrol follows Lhe same overflow
algorlLhm as used ln Lhe 8nC. lf r26 does equal 0b00010000, program conLrol ls Lransferred Lo a rouLlne
named endprogramloop. 1he purpose of endprogramloop ls Lo run lndeflnlLely, buL noL perform any
acLlons, unLll Lhe user LermlnaLes Lhe program.

8esulLs of nlS1 8andomness 1esLs on Weak and SLrong 8nCs

All of Lhe LesLs execuLed on Lhe weak and sLrong 8nCs were developed by Lhe nlS1 8andom number
CeneraLlon 1echnlcal Worklng Croup (nlS1 8nC-1WC). 1hese LesLs were lmplemenLed because Lhls
group's LesL sulLe lf ofLen clLed as Lhe lndusLry sLandard and sLaLe-of-Lhe-arL ln random number
generaLlon. 1he LesLs llsLed below were chosen for Lhls pro[ecL.
lrequency LesL
8uns LesL
CumulaLlve Sums (lorward) LesL
CumulaLlve Sums (8everse) LesL
Llnear ComplexlLy LesL
Cverlapplng 1emplaLes LesL

lor each of Lhese LesLs, a LesL sLaLlsLlc named Lhe p-value ls generaLed. nlS1 conslders daLa Lo be
sufflclenLly random ls Lhe p-value ls greaLer Lhan 0.01.

1he lrequency (MonoblL) 1esL was chosen because, as sLaLed ln Lhe nlS1 8nC-1WC sofLware
documenLaLlon, lL ls recommended LhaL Lhe lrequency LesL be run flrsL, slnce Lhls supplles Lhe mosL
baslc evldence for Lhe exlsLence of non-randomness ln a sequence, speclflcally, non-unlformlLy." uue Lo
Lhe facL LhaL Lhe lrequency (MonoblL) 1esL was chosen, Lhe use of Lhe lrequency (8lock) 1esL was
excluded because Lhese Lwo LesLs examlned Lhe same Lype of non-randomness, namely havlng Loo many
ones or zeroes.

1he 8uns and Lhe LongesL-8un-of-Cnes (8lock) 1esLs boLh examlne Lhe osclllaLlon of ones and zeroes
wlLhln a sLrlng Lo deLermlne randomness. 1he 8uns 1esL measures Lhe LoLal number of runs wlLhln Lhe
LargeL sLrlng, whereas Lhe LongesL-8un-of-Cnes (8lock) 1esL measures Lhe longesL run of ones wlLhln
blocks of Lhe LargeL sLrlng. 1he 8uns 1esL was chosen because Lhe sample slze ls relaLlvely low (4096
byLes).

8oLh Lhe Cverlapplng 1emplaLe Mapplng 1esL and Lhe non-overlapplng 1emplaLe 1esL deLermlne lf a
pre-speclfled LargeL subsLrlng occurs Loo frequenLly for Lhe enLlre sLrlng Lo be consldered random. lf Lhe
LargeL subsLrlng ls found beglnnlng aL a cerLaln blL wlLhln Lhe enLlre sLrlng, Lhe non-overlapplng 1esL
conLlnues checklng by proceedlng Lo Lhe blL afLer Lhe 9:;< blL of Lhe LargeL subsLrlng maLch. 1he
Cverlapplng 1esL lnsLead proceeds Lo only Lhe blL afLer Lhe =>?;< blL of Lhe LargeL subsLrlng maLch. 1he
Cverlapplng 1esL was chosen Lo ensure LhaL all posslble maLches were consldered. lL was accepLed for
Lhe purposes of Lhls sLudy Lhe nlS1 8nC-1WC's suggesLed defaulL LemplaLe lengLh of 9 blLs.

1he CumulaLlve Sums 1esL evaluaLes Lhe parLlal summaLlons of Lhe Lerms ln Lhe LargeL sLrlng, provlded
LhaL Lhe zeros are converLed Lo (-1). 1he absoluLe value of Lhe dlfference beLween Lhese cumulaLlve
parLlal summaLlons and zero ls compared Lo whaL would be expecLed from a Lruly random sLrlng of Lhe
same slze. 1hls LesL was chosen because lLs examlnaLlon of sequenLlal dependence ls relaLlvely dlfferenL
from Lhe naLure of Lhe oLher LesLs. 1here was no use of Lhe 8andom Lxcurslons 1esL or Lhe 8andom
Lxcurslons varlanL 1esL because Lhese LesLs were very slmllar ln naLure Lo Lhe CumulaLlve Sums 1esL.
1he use of any Lwo of Lhese LesLs would have generaLed redundanL resulLs.

Weak 8nC: LlS8

1he orlglnal lnLenLlon of Lhls pro[ecL was Lo use Lhe LhermlsLor Lo produce random daLa LhaL would serve
as a seed for Lhe Lwo 8nCs (l.e. LlS8 and ALS). unforLunaLely, Lhe LhermlsLor dld noL generaLe daLa
was sufflclenLly random for Lhe purpose of evaluaLlng Lhe effecLlveness of 8nC algorlLhms. lf a 8nC
accepLs as lnpuL a seed LhaL ls noL sufflclenLly random, Lhe resulLlng pseudorandom daLa wlll be hlghly
predlcLable. 1hls wlll cerLalnly cause Lhe 8nC algorlLhm Lo fall Lhe nlS1 LesLs.

1he maln goal of Lhls sLudy was Lo provlde a Lhorough evaluaLlon of Lwo 8nC algorlLhms. ln order Lo
ensure LhaL Lhe evaluaLlon ls an accuraLe represenLaLlon of Lhe besL resulLs Lo be expecLed from each
algorlLhm, Lhe random daLa generaLed by Lhe LhermlsLor was noL used. lnsLead, a seed creaLed by Lhe
programmer was hard-coded lnLo Lhe code for each 8nC. 1he 8nC Lhen used Lhese hard-coded
seeds as lnpuL Lo Lhe 8nC algorlLhm. 1hese seeds were deslgned Lo be as random as posslble.

1he hard-coded random seed for Lhe weak 8nC (LlS8) was 10010110. 1he code glven ln Lhe Appendlx
was modlfled Lo use Lhls sLrlng as Lhe random seed and Lo flll LL8CM wlll 4096 byLes of pseudorandom
daLa. 1hls daLa was Lhen run agalnsL Lhe nlS1 LesLs. 1he modlfled code Lo LesL Lhe LlS8 algorlLhm wlLh
Lhe hard-coded seed was as follows:

.lnclude "usb1287def.lnc"

.devlce A190uS81287

.uLl 8nCSeed = 819
.uLl revSeed = 820
.uLl 1empSeed = 821
.uLl 8nCSeed = 822
.uLl 8nCCounLer = 823
.uLl 8nC8yLelorLLrom = 824
.uLl ZeroCounLer = 827
.uLl lull8eglsLer = 829
.uLl Cverllow8eg = 830
.uLl LlghL8eglsLer = 831

.org 0x0000
r[mp maln

maln:

wdr

ouL SL, r16
ouL SP, r16

ldl 8nCSeed, 0x00
ldl revSeed, 0x00
ldl 1empSeed, 0x00
ldl 8nCSeed, 0x00
ldl r26, 0x00
ldl r23, 0x00

prng:

ldl r23, 0x00
ldl r26, 0x00


wrlLeprngeeprom:

sblc LLC8,LLL

wdr



ouL LLA8P, r26
ouL LLA8L, r23


sbl LLC8,LLML
sbl LLC8,LLL

breq overflowprng

wrlLeprngeepromll:

lnc r23


lfsr:



lsl 1empSeed
lsl 1empSeed


lsl 1empSeed


lsl 1empSeed


lsr 8nCSeed

or 8nCSeed, revSeed

dec 8nCCounLer

r[mp lfsr


overflowprng:


cp r26, 8nCSeed
breq endprogramloop

lnc r26

ldl r23, 0x00



endprogramloop:

r[mp endprogramloop:

lL should be noLed LhaL Lhe !1AC devlce for Lhe A190uS81287 was used Lo read daLa from LL8CM. 1he
use of Lhls devlce was lnvaluable Lo Lhls pro[ecL because Lhere was no oLher way Lo read LL8CM as
easlly. 1he one drawback of Lhe !1AC devlce was LhaL lL appeared Lo add meLadaLa Lo LL8CM when
savlng Lhls daLa Lo a flle. ln order Lo remove Lhls meLadaLa, Lhe followlng grep command was used on all
LL8CM daLa flles generaLed by Lhe !1AC devlce:

grep -o ".\[34\}$" LesL.hex | ./scrb 0x0A | ./hLobln > LesL.ouL

1hls grep sLaLemenL also converLed Lhe LL8CM hex flle lnLo a blnary flle, whlch ls whaL worked besL
wlLh nlS1's LesL.

8elow are Lhe resulLs of nlS1's LesLs on Lhe weak 8nC (LlS8). 8ecall LhaL ln order for Lhe LesLs Lo be
successful, p musL be greaLer Lhan 0.01:

lrequency LesL produced a p-value of 0.661749 (SuCCLSSluL)
8uns LesL produced a p-value of 0.041918 (SuCCLSSluL)
CumulaLlve Sums (lorward) LesL produced a p-value of 0.378338 (SuCCLSSluL)
CumulaLlve Sums (8everse) LesL produced a p-value of 0.160236 (SuCCLSSluL)
Llnear ComplexlLy LesL produced a p-value of 0.609283 (SuCCLSSluL)
Cverlapplng 1emplaLes LesL produced a p-value of 0.397277 (SuCCLSSluL)

SLrong 8nC: ALS

1he Advanced LncrypLlon SLandard (ALS) ls wldely consldered Lo be one of Lhe sLrongesL (lf noL Lhe
sLrongesL) encrypLlon algorlLhm ln use Loday. lL ls Lherefore approprlaLe LhaL ALS be used as Lhe sLrong
8nC algorlLhm. Powever, Lhe ALS algorlLhm ls qulLe complex. lL would be far beyond Lhe scope of any
undergraduaLe pro[ecL for Lhe sLudenL Lo code Lhe ALS algorlLhm ln Assembler. lnsLead, sLudenLs of Lhls
pro[ecL are requlred Lo download Assembler codlng of Lhe ALS lanLasLlc algorlLhm from hLLp://polnL-aL-
lnflnlLy.org/avraes/ ln order Lo use ALS on Lhe A190uS81287. As a slde noLe, Lhls should Leach Lo Lhe
sLudenLs Lhe value of only uslng open-source and freely LesLed crypLographlc algorlLhms for Lhelr
encrypLlon needs. lL wlll also Leach sLudenLs how Lo learn and lncorporaLe lnLo Lhelr pro[ecLs an
algorlLhm wrlLLen by anoLher programmer. 1hls ls a sklll LhaL Lhey wlll ofLen need Lo use ln Lhe fuLure.

ln Lhe Appendlx, Lhe reader wlll flnd Lhe ALS lanLasLlc code glven aL hLLp://polnL-aL-lnflnlLy.org/avraes/
wlLh modlflcaLlons used Lo wrlLe Lhe ALS pseudorandom daLa Lo LL8CM. All modlflcaLlons are clearly
marked ln Lhe commenLs dlrecLly ad[acenL Lo Lhe code. All of Lhe Lechnlques used ln Lhe modlfled ALS
lanLasLlc code were used ln elLher Lhe 8nC or weak 8nC code glven ln Lhe pro[ecL (or boLh). As a
resulL, no furLher explanaLlon of Lhe modlfled ALS lanLasLlc code wlll be glven ln Lhls secLlon Lo avold
redundancy. 1he reader ls encouraged Lo read Lhe code explanaLlons ln Lhe 8nC or weak 8nC secLlons
Lo obLaln more deLalls.

1he ALS lanLasLlc code aL hLLp://polnL-aL-lnflnlLy.org/avraes/ hard-codes a 16-byLe plalnLexL sLrlng lnLo
reglsLers r0 - r13 of Lhe A190uS81287. 1he modlfled ALS lanLasLlc code wrlLes Lhls plalnLexL sLrlng lnLo
Lhe flrsL 16 byLes of LL8CM. 1he ALS lanLasLlc code Lhen performs ALS encrypLlon on Lhe 16 byLes of
plalnLexL and produces Lhe correspondlng 16 byLes of clpherLexL. 1he modlfled ALS lanLasLlc code Lhen
wrlLes Lhls clpherLexL Lo LL8CM. ln order Lo compleLely flll LL8CM wlLh pseudorandom daLa creaLed
wlLh ALS, Lhe 16 byLes of clpherLexL are Lhen re-encrypLed wlLh ALS Lo produce an addlLlonal 16 byLes of
clpherLexL. 1he addlLlonal 16 byLes of clpherLexL are Lhen wrlLLen Lo LL8CM. 1hls process of Laklng as
lnpuL Lhe 16 byLes of clpherLexL produced by Lhe lasL sLep, re-encrypLlng Lhem wlLh ALS, and wrlLlng Lhe
resulLanL new 16 byLes of clpherLexL Lo LL8CM ls repeaLed unLll LL8CM ls full (4096 byLes ln LoLal).

unforLunaLely, Lhe modlfled ALS lanLasLlc code dld noL appear Lo work correcLly. 1here were several
checks seL up Lo LesL wheLher Lhe modlfled ALS fanLasLlc code was successful, such as: 1) Was all of
LL8CM belng fllled? 2) Was all of LL8CM belng fllled only once? 3) Were Lhe flrsL 16 byLes of
LL8CM Lhe orlglnal 16-byLe plalnLexL coded lnLo Lhe ALS fanLasLlc code? 4) uld any paLLerns emerge
ln Lhe resulLlng pseudorandom daLa LhaL could be deLecLed by eye? LLc. 1he modlfled ALS lanLasLlc
code passed all of Lhese checks wlLh Lhe excepLlon of one (buL posslbly Lhe mosL lmporLanL one). A
debugger was used Lo sLep Lhrough Lhe modlfled ALS lanLasLlc code llne-by-llne Lo deLermlne whaL Lhe
flrsL 16 byLes of clpherLexL should be (Lhe clpherLexL produced afLer Lhe flrsL round of ALS encrypLlon).
All slgns from Lhe debugger lndlcaLed LhaL Lhese 16 byLes of clpherLexL should have been wrlLLen
correcLly Lo LL8CM. Powever, Lhe correspondlng 16 byLes ln LL8CM dld noL maLch whaL Lhe
debugger reporLed. lL ls posslble LhaL Lhe aforemenLloned meLadaLa LhaL Lhe !1AC devlce produces
could have caused Lhls dlscrepancy, buL Lhls has noL yeL been conflrmed or denled. lurLher sLudy wlll be
requlred Lo deLermlne Lhe cause of Lhe dlscrepancy.

8ecause all oLher checks of Lhe modlfled ALS lanLasLlc code passed, Lhe pseudorandom daLa LhaL was
produced was run agalnsL Lhe nlS1 LesLs. 8elow are Lhe resulLs (recall LhaL a LesL passes lf p ls greaLer
Lhan 0.01):

lrequency LesL produced a p-value of 0.434633 (SuCCLSSluL)
8uns LesL produced a p-value of 0.083891 (SuCCLSSluL)
CumulaLlve Sums (lorward) LesL produced a p-value of 0.443366 (SuCCLSSluL)
CumulaLlve Sums (8everse) LesL produced a p-value of 0.091001 (SuCCLSSluL)
Llnear ComplexlLy LesL produced a p-value of 0.376198 (SuCCLSSluL)
Cverlapplng 1emplaLes LesL produced a p-value of 0.246770 (SuCCLSSluL)

lL should be noLed LhaL Lhe resulLs of Lhe sLrong 8nC (ALS) LesLs cannoL be fully LrusLed unLll Lhe
dlscrepancy descrlbed above ls resolved. 1hese numbers were generaLed purely as a LroubleshooLlng
and/or curloslLy measure.

uesplLe Lhls seLback, Lhe lesson LhaL Lhe sLudenLs were supposed Lo learn was Lo observe LhaL Lhe p-
values of Lhe sLrong 8nC (ALS) should have been hlgher Lhan Lhose of Lhe weak 8nC (LlS8). lL ls
helpful Lo noLe, however, LhaL Lhe p-values of Lhe weak 8nC (LlS8), whlch can be LrusLed, were all
relaLlvely hlgh. 1hls ls qulLe reassurlng conslderlng Lhe facL LhaL Lhe LlS8 algorlLhm ls sLlll ln use Loday as
a 8nC algorlLhm.

A.@@.-"1*.62 EF>6%.6)-6,
1he Lwo maln dlfflculLles experlenced ln Lhls pro[ecL have been descrlbed ln deLall ln Lhe secLlons above.
namely, 1) Lhe on-board LhermlsLor of Lhe A190uS81287 dld noL produce sufflclenLly random daLa, 2)
Lhe code used Lo wrlLe Lo LL8CM Lhe pseudorandom daLa generaLed by Lhe ALS lanLasLlc code dld noL
pass all accuracy checks. More deLalls on Lhese dlfflculLles can be found ln Lhe 8nC and SLrong 8nC
secLlons of Lhls reporL, respecLlvely.
AddlLlonal dlfflculLles experlenced were Lhe followlng: 1) codlng a secure 8nC algorlLhm ln Assembler,
2) verlfylng LhaL lL ls worklng properly on Lhe A190uS81287. AlLhough l do have experlence codlng
crypLographlc algorlLhms such as 8C4 ln hlgh-level languages such as C++ and !ava, l dld noL have any
Assembler experlence before enrolllng ln Lhe CompuLer SecurlLy ArchlLecLure course. 1hls slLuaLlon ls
exacerbaLed by Lhe facL LhaL Assembler ls so dlfferenL ln deslgn and sLrucLure Lhan languages such as
C++ and !ava.
Moreover, when selecLlng a sLrong 8nC algorlLhm, l had Lo perform furLher research Lo deLermlne lLs
mosL secure form. 1here are relaLlvely secure crypLographlc algorlLhms LhaL have known weaknesses lf
noL lmplemenLed properly. A good example of Lhls ls Lhe 8C4 algorlLhm. 8C4 operaLes aL a fasL speed
and has Lhe capablllLy Lo provlde sLrong encrypLlon wlLh pseudorandom daLa. Powever, lL has been
shown LhaL lf 8C4 ls noL lmplemenLed properly, a known plalnLexL aLLack can reveal lnformaLlon abouL
Lhe key.
LasLly, ln my experlence wlLh codlng crypLographlc algorlLhms, l always had access Lo lnpuL/ouLpuL
sysLems LhaL allowed me Lo vlew Lhe values LhaL my program generaLed. 1hls allowed me Lo conflrm
wlLh a hlgh degree of confldence LhaL my program was worklng as lnLended. 1he llmlLed lnpuL/ouLpuL
lnLerface of Lhe A190uS81287 made Lhls process more challenglng. 1he use of Lhe !1AC devlce wlLh Lhe
A190uS81287 was absoluLely essenLlal wlLh respecL Lo Lhls maLLer.
!"::62*.+)2 @+% (#>%+76#6)* $), C"*"%6 G+%9
1here are Lwo maln suggesLlons for fuLure work: 1) lmprove Lhe 8nC Lo provlde daLa LhaL ls more
random, 2) revlse Lhe sLrong 8nC code (ALS lanLasLlc) so LhaL lL works as lnLended. WlLh respecL Lo
Lhe former, Lhls could conslsL of researchlng beLLer ways Lo use Lhe on-board LhermlsLor so LhaL lL
produces daLa wlLh a hlgher level of unpredlcLablllLy. 1hls could also conslsL of flndlng an enLlrely
dlfferenL source of random daLa, such as a dlfferenL hardware componenL of Lhe A190uS81287. WlLh
respecL Lo Lhe revlslons of Lhe sLrong 8nC code, Lhls wlll requlre furLher debugglng of Lhe code glven ln
Lhe Appendlx of Lhls reporL.
D+)-1"2.+)2
1he purpose of Lhls reporL ls Lo provlde sLudenLs wlLh a beLLer undersLandlng of programmlng ln
Assembler and of random and pseudorandom daLa. 8oLh of Lhese Loplcs are covered ln deLall so as Lo
demonsLraLe Lo Lhe sLudenL Lhelr lmporLance ln modern pracLlce. Sample code and deLalled
explanaLlons are glven Lo Lhe sLudenL of how Lo program Lhe followlng: 1) a 8nC uslng Lhe on-board
LhermlsLor of Lhe A190uS81287, 2) a weak 8nC uslng Lhe LlS8 algorlLhm, and 3) a sLrong 8nC uslng
Lhe ALS algorlLhm. lL ls hoped LhaL by Lhe end of Lhls reporL, sLudenLs wlll undersLand all Lhree
componenLs, how Lhey flL LogeLher, and why Lhey are lmporLanL Lo Lhe modern pracLlce of codlng and
crypLography.
unforLunaLely, noL every componenL of Lhls pro[ecL wenL accordlngly Lo plan. 1he on-board LhermlsLor
ulLlmaLely dld noL provlde daLa LhaL was sufflclenLly unpredlcLable, so random sLrlngs had Lo be hard-
coded lnLo Lhe 8nC algorlLhms. ln addlLlon, Lhe sLrong 8nC code (ALS lanLasLlc) dld noL pass all
checks for accuracy, so lLs resulLs could noL be LrusLed. 8oLh of Lhese dlscrepancles wlll be resolved by
Lhe Llme Lhls reporL ls used ln an undergraduaLe course ln Lhe lall 2008 semesLer.
;6@6%6)-62
SecurlLy and rlvacy". LecLure course offered aL Lhe !ohns Popklns unlverslLy lnformaLlon SecurlLy
lnsLlLuLe by ur. Avlel u. 8ubln. lall 2007 SemesLer.
hLLp://en.wlklpedla.org/wlkl/8c4. 8C4". ArLlcle publlshed by Wlklpedla.
hLLp://csrc.nlsL.gov/rng. nlS1 8andomness 1esLs offered on Lhe nlS1 webslLe.
hLLp://www.aLmel.com/dyn/resources/prod_documenLs/doc7608.pdf
hLLp://www.avr-asm-download.de/beglnner_en.pdf
hLLp://www.aLmel.com/dyn/resources/prod_documenLs/7393S.pdf
hLLp://www.avrbeglnners.neL/archlLecLure/adc/m8_adc_example.hLml
hLLp://en.wlklpedla.org/wlkl/Llnear_feedback_shlfL_reglsLer
hLLp://polnL-aL-lnflnlLy.org/avraes/
hLLp://www.analoglab.com/adc.hLml
H>>6),.-62
I!+"%-6 D+,6
no commenLs have been lncluded ln Lhls source code because each llne of code has been Lhoroughly
commenLed ln Lhe secLlons above.
8nC and Weak 8nC (LlS8)
.lnclude "usb1287def.lnc"

.devlce A190uS81287

.uLl 8nCSeed = 819
.uLl revSeed = 820
.uLl 1empSeed = 821
.uLl 8nCSeed = 822
.uLl 8nC8yLelorLLrom = 824
.uLl ZeroCounLer = 827
.uLl lull8eglsLer = 829
.uLl Cverllow8eg = 830
.uLl LlghL8eglsLer = 831

.org 0x0000
r[mp maln

.org 0x003A
call AuC_lS8

AuC_lS8:

push r16
ln r16, S8LC
push r16
push r17

lds r16, AuCL
lds r17, AuCP

lsl 8nCSeed

andl r16, 0b00000001
or 8nCSeed, r16

mov 8nCSeed, 8nCSeed

lnc 8nCCounLer

cpse 8nCCounLer, LlghL8eglsLer
r[mp flnlshlnLerrupL

wrlLerngeeprom:

sblc LLC8,LLL
r[mp wrlLerngeeprom


ouL LLA8P, r26
ouL LLA8L, r23

ouL LLu8, 8nCSeed

sbl LLC8,LLML
sbl LLC8,LLL

breq overflowrng

wrlLerngeepromll:

lnc r23


flnlshlnLerrupL:

pop r17
pop r16
ouL S8LC, r16
pop r16
reLl

overflowrng:

lnc r26

ldl r23, 0x00


r[mp wrlLerngeepromll

maln:

wdr

ldl r16, 0xll
ouL uu8u, r16

ldl r16, 0xCl
ouL uu8L, r16

ldl r16, 0x1l
ouL uu88, r16

ldl r16, 0x30
ouL orLL, r16

ldl r16, 0xL0
ouL orL8, r16

ouL SL, r16
ouL SP, r16

ldl r16, 0b01000000
sLs AuMux, r16

ldl r16, 0b11101111
sLs AuCS8A, r16

ldl 8nCSeed, 0x00
ldl revSeed, 0x00
ldl 1empSeed, 0x00
ldl 8nCSeed, 0x00
ldl r26, 0x00
ldl r23, 0x00

sel

loop:

wdr

ln r17, ln8
ln r18, lnL

sbrs r17, 6
r[mp prng

sbrs r18, 4
r[mp prng

sbrs r17, 7
r[mp prng

sbrs r18, 3
r[mp prng

sbrs r17, 3
r[mp prng

r[mp loop

prng:

cll

sLs AuCS8A, ZeroCounLer

ldl r23, 0x00
ldl r26, 0x00

wrlLeprngeeprom:

sblc LLC8,LLL

wdr



ouL LLA8P, r26
ouL LLA8L, r23


sbl LLC8,LLML
sbl LLC8,LLL

breq overflowprng

wrlLeprngeepromll:

lnc r23


lfsr:



lsl 1empSeed
lsl 1empSeed


lsl 1empSeed


lsl 1empSeed


lsr 8nCSeed

or 8nCSeed, revSeed

dec 8nCCounLer

r[mp lfsr


overflowprng:


cp r26, 8nCSeed
breq endprogramloop

lnc r26

ldl r23, 0x00



endprogramloop:

r[mp endprogramloop

SLrong 8nC (ALS)

My modlflcaLlons Lo Lhe orlglnal code have been clearly marked ln Lhe ad[acenL commenLs.

; Copyright (C) 2006 B. Poettering
;
; This program is free software; you can redistribute and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation; either version 2 of the License, or
; (at your option) any later version. Whenever you redistribute a copy
; of this document, make sure to include the copyright and license
; agreement without modification.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program; if not, write to the Free Software
; Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
; The license text can be found here: http://www.gnu.org/licenses/gpl.txt

; http://point-at-infinity.org/avraes/
;
; This AES implementation was written in November 2006 by B. Poettering.
; It is published under the terms of the GNU General Public License. If
; you need AES code, but this license is unsuitable for your project,
; feel free to contact me: avraes AT point-at-infinity.org

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
;
; RijndaelFantastic
;
; This is a microcontroller implementation of the Rijndael block cipher,
better
; known as AES. The target device class is Atmel's AVR, a family of very fast
; and very powerful flash MCUs, operating at clock rates up to 16 MHz,
; executing one instruction per clock cycle (16 MIPS). The implementation
; given here is optimized for RAM requirement, and achieves an encryption
; rate of about 63 kByte/sec (on a 16MHz MCU). Decryption is done with
; 55 kByte/sec.
;
; The implemented algorithm is restricted to block and key sizes of 128 bit.
; Larger key sizes can be obtained by altering the key scheduling code, which
; should be easy.
;
; This implementation makes extensive use of the AVR's "lpm" instruction,
; which loads data bytes from program memory at given addresses (the s-boxes
; are realized that way). Some members of the AVR family don't offer that
; instruction at all (e.g. AT90S1200), others only in a restricted way
; (forcing the target register to be r0). The code below requires the least
; restricted lpm instruction (with free choice of the target register).
; The ATmega161 devices meet the above mentioned requirements.
;
; Statistics:
;
; 16 MHz MCU | clock cycles | blocks per second | bytes per second
; -----------+--------------+-------------------+------------------
; encryption | 4059 | 3942 | 63070
; decryption | 4675 | 3422 | 54759
;
; (key preprocessing time is not considered)
;
; This source code consists of some routines and an example application,
; which encrypts a certain plaintext and decrypts it afterwards with the
; same key. Comments in the code clarify the interaction between the key
; expansion and the encryption/decryption routines.
;
; I encourage to read the following Rijndael-related papers/books/sites:
; [1] "The Design of Rijndael", Daemen & Rijmen, Springer, ISBN 3-540-42580-2
; [2] http://www.esat.kuleuven.ac.be/~rijmen/rijndael/
; [3] http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip
; [4] http://www.esat.kuleuven.ac.be/~rijmen/rijndael/atmal.zip
; [5] http://csrc.nist.gov/CryptoToolkit/aes/rijndael/
;
; [1] is *the* book about Rijndael, [2] is the official Rijndael homepage,
; [3] contains the complete Rijndael AES specification, [4] is another
; Rijndael-implementation for AVR MCUs (but much slower than this one,
; taking 3815 clock cycles per encryption), [5] is the official NIST AES
; site with further links.
;
; AVR and ATmega are registered trademarks by the ATMEL corporation.
; See http://www.atmel.com and http://www.atmel.com/products/avr/ for
; further details.

.include "usb1287def.inc"

.def H1 = r16
.def H2 = r17
.def Rcon = r18
.def OverFlowReg = r21 ; THIS IS MY CODE
.def FullRegister = r22 ; THIS IS MY CODE
.def HighByteOverflow = r27; THIS IS MY CODE

main: cli ; initialize stack
ldi r31,high(RAMEND)
out SPH,r31
ldi r31,low(RAMEND)
out SPL,r31

ldi ZH, high(key<<1) ; load key to RAM position $0060
ldi ZL, low(key<<1)
ldi YH, high($0060)
ldi YL, low($0060)
main0: lpm r16, Z+
st Y+, r16
cpi YL, low($0060+16)
brne main0

ldi ZH, high(text<<1) ; load plaintext to r0-r15
ldi ZL, low(text<<1)
lpm r0, Z+
lpm r1, Z+
lpm r2, Z+
lpm r3, Z+
lpm r4, Z+
lpm r5, Z+
lpm r6, Z+
lpm r7, Z+
lpm r8, Z+
lpm r9, Z+
lpm r10, Z+
lpm r11, Z+
lpm r12, Z+
lpm r13, Z+
lpm r14, Z+
lpm r15, Z+

; MY INSERTED CODE BEGINS HERE
; THIS CODE IS TO WRITE THE PLAINTEXT TO EEPROM BEFORE IT IS ENCRYPTED

ldi r19, 0x00
ldi r20, 0x00
ldi OverFlowReg, 0x00
ldi FullRegister, 0xFF

wdr

writetexteepromi:

sbic EECR,EEPE
rjmp writetexteepromi

out EEARH, r20
out EEARL, r19

out EEDR, r0

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromii:

sbic EECR,EEPE
rjmp writetexteepromii

out EEARH, r20
out EEARL, r19

out EEDR, r1

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromiii:

sbic EECR,EEPE
rjmp writetexteepromiii

out EEARH, r20
out EEARL, r19

out EEDR, r2

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromiv:

sbic EECR,EEPE
rjmp writetexteepromiv

out EEARH, r20
out EEARL, r19

out EEDR, r3

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromv:

sbic EECR,EEPE
rjmp writetexteepromv

out EEARH, r20
out EEARL, r19

out EEDR, r4

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromvi:

sbic EECR,EEPE
rjmp writetexteepromvi

out EEARH, r20
out EEARL, r19

out EEDR, r5

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromvii:

sbic EECR,EEPE
rjmp writetexteepromvii

out EEARH, r20
out EEARL, r19

out EEDR, r6

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writeeepromviii:

sbic EECR,EEPE
rjmp writeeepromviii

out EEARH, r20
out EEARL, r19

out EEDR, r7

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromix:

sbic EECR,EEPE
rjmp writetexteepromix

out EEARH, r20
out EEARL, r19

out EEDR, r8

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromx:

sbic EECR,EEPE
rjmp writetexteepromx

out EEARH, r20
out EEARL, r19

out EEDR, r9

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromxi:

sbic EECR,EEPE
rjmp writetexteepromxi

out EEARH, r20
out EEARL, r19

out EEDR, r10

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromxii:

sbic EECR,EEPE
rjmp writetexteepromxii

out EEARH, r20
out EEARL, r19

out EEDR, r11

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromxiii:

sbic EECR,EEPE
rjmp writetexteepromxiii

out EEARH, r20
out EEARL, r19

out EEDR, r12

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromxiv:

sbic EECR,EEPE
rjmp writetexteepromxiv

out EEARH, r20
out EEARL, r19

out EEDR, r13

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromxv:

sbic EECR,EEPE
rjmp writetexteepromxv

out EEARH, r20
out EEARL, r19

out EEDR, r14

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

writetexteepromxvi:

sbic EECR,EEPE
rjmp writetexteepromxvi

out EEARH, r20
out EEARL, r19

out EEDR, r15

inc r19

sbi EECR,EEMPE
sbi EECR,EEPE

; MY INSERTED CODE ENDS HERE

ldi YH, high($0060) ; encrypt the plaintext
ldi YL, low($0060)

; MY INSERTED CODE BEGINS HERE
; THIS IS TO CONTINUOSLY RUN AES AND WRITE THE RESULTS TO EEPROM

ldi FullRegister, 0xFF

myloop:

rcall AESEncrypt128
rcall AESKeyRewind

writecipheepromi:

sbic EECR,EEPE
rjmp writecipheepromi

out EEARH, r20
out EEARL, r19

out EEDR, r0

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

cp r19, FullRegister
breq overflowprngi

writeciphitwo:

cpse OverFlowReg, FullRegister
inc r19


rjmp writecipheepromii

overflowprngi:

ldi HighByteOverflow, 0b00010000

cp r20, HighByteOverflow
breq endprogramone

inc r20

ldi r19, 0x00

ldi OverFlowReg, 0xFF

rjmp writeciphitwo

endprogramone:

jmp endprogram

writecipheepromii:

sbic EECR,EEPE
rjmp writecipheepromii

out EEARH, r20
out EEARL, r19

out EEDR, r1

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngii

writeciphiitwo:

inc r19


rjmp writecipheepromiii

overflowprngii:


breq endprogramtwo

inc r20

ldi r19, 0x00


rjmp writeciphiitwo

endprogramtwo:

jmp endprogram

writecipheepromiii:

sbic EECR,EEPE
rjmp writecipheepromiii

out EEARH, r20
out EEARL, r19

out EEDR, r2

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngiii

writeciphiiitwo:

inc r19


rjmp writecipheepromiv

overflowprngiii:


breq endprogramthree

inc r20

ldi r19, 0x00


rjmp writeciphiiitwo

endprogramthree:

jmp endprogram

writecipheepromiv:

sbic EECR,EEPE
rjmp writecipheepromiv

out EEARH, r20
out EEARL, r19

out EEDR, r3

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngiv

writeciphivtwo:

inc r19


rjmp writecipheepromv

overflowprngiv:


breq endprogramfour

inc r20

ldi r19, 0x00


rjmp writeciphivtwo

endprogramfour:

jmp endprogram

writecipheepromv:

sbic EECR,EEPE
rjmp writecipheepromv

out EEARH, r20
out EEARL, r19

out EEDR, r4

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngv

writeciphvtwo:

inc r19


rjmp writecipheepromvi

overflowprngv:


breq endprogramfive

inc r20

ldi r19, 0x00


rjmp writeciphvtwo

endprogramfive:

jmp endprogram

writecipheepromvi:

sbic EECR,EEPE
rjmp writecipheepromvi

out EEARH, r20
out EEARL, r19

out EEDR, r5

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngvi

writeciphvitwo:

inc r19


rjmp writecipheepromvii

overflowprngvi:


breq endprogramsix

inc r20

ldi r19, 0x00


rjmp writeciphvitwo

endprogramsix:

jmp endprogram

writecipheepromvii:

sbic EECR,EEPE
rjmp writecipheepromvii

out EEARH, r20
out EEARL, r19

out EEDR, r6

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngvii

writeciphviitwo:

inc r19


rjmp writecipheepromviii

overflowprngvii:


breq endprogramseven

inc r20

ldi r19, 0x00


rjmp writeciphviitwo

endprogramseven:

jmp endprogram

writecipheepromviii:

sbic EECR,EEPE
rjmp writecipheepromviii

out EEARH, r20
out EEARL, r19

out EEDR, r7

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngviii

writeciphviiitwo:

inc r19


rjmp writecipheepromix

overflowprngviii:


breq endprogrameight

inc r20

ldi r19, 0x00


rjmp writeciphviiitwo

endprogrameight:

jmp endprogram

writecipheepromix:

sbic EECR,EEPE
rjmp writecipheepromix

out EEARH, r20
out EEARL, r19

out EEDR, r8

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngix

writeciphixtwo:

inc r19


rjmp writecipheepromx

overflowprngix:


breq endprogramnine

inc r20

ldi r19, 0x00


rjmp writeciphixtwo

endprogramnine:

jmp endprogram

writecipheepromx:

sbic EECR,EEPE
rjmp writecipheepromx

out EEARH, r20
out EEARL, r19

out EEDR, r9

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngx

writeciphxtwo:

inc r19


rjmp writecipheepromxi

overflowprngx:


breq endprogramten

inc r20

ldi r19, 0x00


rjmp writeciphxtwo

endprogramten:

jmp endprogram

writecipheepromxi:

sbic EECR,EEPE
rjmp writecipheepromxi

out EEARH, r20
out EEARL, r19

out EEDR, r10

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngxi

writeciphxitwo:

inc r19


rjmp writecipheepromxii

overflowprngxi:


breq endprogrameleven

inc r20

ldi r19, 0x00


rjmp writeciphxitwo

endprogrameleven:

jmp endprogram

writecipheepromxii:

sbic EECR,EEPE
rjmp writecipheepromxii

out EEARH, r20
out EEARL, r19

out EEDR, r11

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngxii

writeciphxiitwo:

inc r19


rjmp writecipheepromxiii

overflowprngxii:


breq endprogramtwelve

inc r20

ldi r19, 0x00


rjmp writeciphxiitwo

endprogramtwelve:

jmp endprogram

writecipheepromxiii:

sbic EECR,EEPE
rjmp writecipheepromxiii

out EEARH, r20
out EEARL, r19

out EEDR, r12

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngxiii

writeciphxiiitwo:

inc r19


rjmp writecipheepromxiv

overflowprngxiii:


breq endprogramthirteen

inc r20

ldi r19, 0x00


rjmp writeciphxiiitwo

endprogramthirteen:

jmp endprogram

writecipheepromxiv:

sbic EECR,EEPE
rjmp writecipheepromxiv

out EEARH, r20
out EEARL, r19

out EEDR, r13

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngxiv

writeciphxivtwo:

inc r19


rjmp writecipheepromxv

overflowprngxiv:


breq endprogramfourteen

inc r20

ldi r19, 0x00


rjmp writeciphxivtwo

endprogramfourteen:

jmp endprogram

writecipheepromxv:

sbic EECR,EEPE
rjmp writecipheepromxv

out EEARH, r20
out EEARL, r19

out EEDR, r14

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngxv

writeciphxvtwo:

inc r19


rjmp writecipheepromxvi

overflowprngxv:


breq endprogramfifteen

inc r20

ldi r19, 0x00


rjmp writeciphxvtwo

endprogramfifteen:

jmp endprogram

writecipheepromxvi:

sbic EECR,EEPE
rjmp writecipheepromxvi

out EEARH, r20
out EEARL, r19

out EEDR, r15

sbi EECR,EEMPE
sbi EECR,EEPE

wdr

breq overflowprngxvi

writeciphxvitwo:

inc r19


rjmp myloop

overflowprngxvi:


breq endprogram

inc r20

ldi r19, 0x00


rjmp writeciphxvitwo

endprogram:

rjmp endprogram

; MY INSERTED CODE ENDS HERE

; I AM COMMENTING THIS OUT B/C WE DO NOT NEED DECRYPTION

/*
ldi YH, high($0060) ; prepare key for decryption
ldi YL, low($0060)
rcall AESKeyDecPreprocess
rcall AESDecrypt128 ; decrypt the cipher text
*/

main1: rjmp main1 ; stop

text:
.db $32,$43,$f6,$a8,$88,$5a,$30,$8d,$31,$31,$98,$a2,$e0,$37,$07,$34
key:
.db $2b,$7e,$15,$16,$28,$ae,$d2,$a6,$ab,$f7,$15,$88,$09,$cf,$4f,$3c

;****************************************************************************
**
; Encrypt the 16 byte block defined by r0-r15 under the 128 bit key [Y].
; Note that calling this function modifies [Y]. Therefore, before encrypting
a
; second block with the same key [Y] has to be restored. This can be done by
; calling the function AESKeyRewind, but it is faster to simply backup the
; original key somewhere to RAM and to restore it after calling
AESEncrypt128.
;
; Touched registers: Rcon, H1, H2, Z
;
AESEncrypt128:
ldi Rcon, 1
AESEnc1:rcall AddRoundKey
rcall RAMIncKey128
rcall ShiftRowsSubBytes
cpi Rcon, 0x6c
breq AddRoundKey
rcall MixColumns
rjmp AESEnc1

;****************************************************************************
**
; Rewind the key given in [Y]. See AESEncrypt128 for more details.
;
;
AESKeyRewind:
ldi Rcon, 0x36
AESKeyR:rcall RAMDecKey128
cpi Rcon, 0
brne AESKeyR
ret

;****************************************************************************
**
; Preprocess the key given in [Y] for use for decryption. See AESDecrypt128
; for more details.
;
;

; I AM COMMENTING THIS OUT B/C WE DO NOT NEED DECRYPTION

/*
AESKeyDecPreprocess:
ldi Rcon, 1
AESKeyF:rcall RAMIncKey128
cpi Rcon, 0x6c
brne AESKeyF
ret

;****************************************************************************
**
; Decrypt the 16 byte block defined by r0-r15 under the 128 bit key [Y].
; The decryption key has to be preprocessed by AESKeyDecPreprocess before
; calling this funtion. Like in AESEncrypt128 [Y] is modified by this
; function, but the key can be restored by calling AESKeyDecPreprocess.
Again,
; backing up the key to RAM will be faster.
;
; Note that AESKeyRewind and AESKeyDecPreprocess are the inverses of each
; other. In other words: if encryption and decryption are performed in
; strictly alternating order, the calls to AESKeyRewind and AESKeyPreprocess
; can be ommitted.
;
;
AESDecrypt128:
ldi Rcon, 0x36
rcall AddRoundKey
rcall RAMDecKey128
rcall ShiftRowsSubBytesInverse
AESDec1:rcall AddRoundKey
rcall RAMDecKey128
rcall MixColumnsInverse
rcall ShiftRowsSubBytesInverse
cpi Rcon, 0
brne AESDec1
*/

;****************************************************************************
**
; The following subroutines are for internal use only. They shouldn't be
; called by any client application directly.
;****************************************************************************
**

.def ST11 = r0
.def ST21 = r1
.def ST31 = r2
.def ST41 = r3
.def ST12 = r4
.def ST22 = r5
.def ST32 = r6
.def ST42 = r7
.def ST13 = r8
.def ST23 = r9
.def ST33 = r10
.def ST43 = r11
.def ST14 = r12
.def ST24 = r13
.def ST34 = r14
.def ST44 = r15

AddRoundKey: ; Touched registers: ST11-ST44, H1
ld H1, Y
eor ST11, H1
ldd H1, Y+1
eor ST21, H1
ldd H1, Y+2
eor ST31, H1
ldd H1, Y+3
eor ST41, H1
ldd H1, Y+4
eor ST12, H1
ldd H1, Y+5
eor ST22, H1
ldd H1, Y+6
eor ST32, H1
ldd H1, Y+7
eor ST42, H1
ldd H1, Y+8
eor ST13, H1
ldd H1, Y+9
eor ST23, H1
ldd H1, Y+10
eor ST33, H1
ldd H1, Y+11
eor ST43, H1
ldd H1, Y+12
eor ST14, H1
ldd H1, Y+13
eor ST24, H1
ldd H1, Y+14
eor ST34, H1
ldd H1, Y+15
eor ST44, H1
ret

MixColumnsInverse: ; Touched registers: ST11-ST44, H1, H2, Z
ldi ZH, high(xtime<<1)
mov ZL, ST11 ; u = xtime(xtime(a[0] ^ a[2]))
eor ZL, ST31
lpm ZL, Z
lpm ZL, Z
eor ST11, ZL ; a[0] ^= u
eor ST31, ZL ; a[2] ^= u
mov ZL, ST21 ; v = xtime(xtime(a[1] ^ a[3]))
eor ZL, ST41
lpm ZL, Z
lpm ZL, Z
eor ST21, ZL ; a[1] ^= v
eor ST41, ZL ; a[3] ^= v

mov ZL, ST12
eor ZL, ST32
lpm ZL, Z
lpm ZL, Z
eor ST12, ZL
eor ST32, ZL
mov ZL, ST22
eor ZL, ST42
lpm ZL, Z
lpm ZL, Z
eor ST22, ZL
eor ST42, ZL

mov ZL, ST13
eor ZL, ST33
lpm ZL, Z
lpm ZL, Z
eor ST13, ZL
eor ST33, ZL
mov ZL, ST23
eor ZL, ST43
lpm ZL, Z
lpm ZL, Z
eor ST23, ZL
eor ST43, ZL

mov ZL, ST14
eor ZL, ST34
lpm ZL, Z
lpm ZL, Z
eor ST14, ZL
eor ST34, ZL
mov ZL, ST24
eor ZL, ST44
lpm ZL, Z
lpm ZL, Z
eor ST24, ZL
eor ST44, ZL

MixColumns: ; Touched registers: ST11-ST44, H1, H2, Z
ldi ZH, high(xtime<<1)
mov H1, ST11 ; Tmp = a[0] ^ a[1] ^ a[2] ^ a[3]
eor H1, ST21
mov ZL, H1
eor H1, ST31
eor H1, ST41
mov H2, ST11 ; save a[0] for later use
lpm ZL, Z ; Tm = xtime(a[0] ^ a[1])
eor ST11, ZL ; a[0] ^= Tm ^ Tmp
eor ST11, H1
mov ZL, ST21 ; Tm = xtime(a[1] ^ a[2])
eor ZL, ST31
lpm ZL, Z
eor ST21, H1
eor ZL, ST41
lpm ZL, Z
eor ST31, H1
eor ZL, H2
lpm ZL, Z
eor ST41, H1

mov H1, ST12
eor H1, ST22
mov ZL, H1
eor H1, ST32
eor H1, ST42
mov H2, ST12
lpm ZL, Z
eor ST12, ZL
eor ST12, H1
mov ZL, ST22
eor ZL, ST32
lpm ZL, Z
eor ST22, ZL
eor ST22, H1
mov ZL, ST32
eor ZL, ST42
lpm ZL, Z
eor ST32, ZL
eor ST32, H1
mov ZL, ST42
eor ZL, H2
lpm ZL, Z
eor ST42, ZL
eor ST42, H1

mov H1, ST13
eor H1, ST23
mov ZL, H1
eor H1, ST33
eor H1, ST43
mov H2, ST13
lpm ZL, Z
eor ST13, ZL
eor ST13, H1
mov ZL, ST23
eor ZL, ST33
lpm ZL, Z
eor ST23, ZL
eor ST23, H1
mov ZL, ST33
eor ZL, ST43
lpm ZL, Z
eor ST33, ZL
eor ST33, H1
mov ZL, ST43
eor ZL, H2
lpm ZL, Z
eor ST43, ZL
eor ST43, H1

mov H1, ST14
eor H1, ST24
mov ZL, H1
eor H1, ST34
eor H1, ST44
mov H2, ST14
lpm ZL, Z
eor ST14, ZL
eor ST14, H1
mov ZL, ST24
eor ZL, ST34
lpm ZL, Z
eor ST24, ZL
eor ST24, H1
mov ZL, ST34
eor ZL, ST44
lpm ZL, Z
eor ST34, ZL
eor ST34, H1
mov ZL, ST44
eor ZL, H2
lpm ZL, Z
eor ST44, ZL
eor ST44, H1
ret

ShiftRowsSubBytes: ; Touched registers: ST11-ST44, H1, Z
ldi ZH, high(sbox<<1)
mov ZL, ST11
lpm ST11, Z
mov ZL, ST12
lpm ST12, Z
mov ZL, ST13
lpm ST13, Z
mov ZL, ST14
lpm ST14, Z
mov H1, ST21
mov ZL, ST22
lpm ST21, Z
mov ZL, ST23
lpm ST22, Z
mov ZL, ST24
lpm ST23, Z
mov ZL, H1
lpm ST24, Z
mov H1, ST31
mov ZL, ST33
lpm ST31, Z
mov ZL, H1
lpm ST33, Z
mov H1, ST32
mov ZL, ST34
lpm ST32, Z
mov ZL, H1
lpm ST34, Z
mov H1, ST44
mov ZL, ST43
lpm ST44, Z
mov ZL, ST42
lpm ST43, Z
mov ZL, ST41
lpm ST42, Z
mov ZL, H1
lpm ST41, Z
ret

ShiftRowsSubBytesInverse: ; Touched registers: ST11-ST44, H1, Z
ldi ZH, high(isbox<<1)
mov ZL, ST11
lpm ST11, Z
mov ZL, ST12
lpm ST12, Z
mov ZL, ST13
lpm ST13, Z
mov ZL, ST14
lpm ST14, Z
mov H1, ST21
mov ZL, ST24
lpm ST21, Z
mov ZL, ST23
lpm ST24, Z
mov ZL, ST22
lpm ST23, Z
mov ZL, H1
lpm ST22, Z
mov H1, ST31
mov ZL, ST33
lpm ST31, Z
mov ZL, H1
lpm ST33, Z
mov H1, ST32
mov ZL, ST34
lpm ST32, Z
mov ZL, H1
lpm ST34, Z
mov H1, ST44
mov ZL, ST41
lpm ST44, Z
mov ZL, ST42
lpm ST41, Z
mov ZL, ST43
lpm ST42, Z
mov ZL, H1
lpm ST43, Z
ret

RAMIncKey128: ; Touched registers: Rcon, H1, H2, Z
ldd H2, Y+12
ldd ZL, Y+13
lpm ZL, Z
eor ZL, Rcon
lsl Rcon
brcc PC+2
ldi Rcon, 0x1b
rcall RAMInc1
ldd ZL, Y+13
lpm ZL, Z
rcall RAMInc1
ldd ZL, Y+13
lpm ZL, Z
rcall RAMInc1
mov ZL, H2
lpm ZL, Z
rcall RAMInc1
sbiw YL, 4
ret
RAMInc1:ld H1, Y
eor ZL, H1
st Y+, ZL
ldd H1, Y+3
eor ZL, H1
std Y+3, ZL
ldd H1, Y+7
eor ZL, H1
std Y+7, ZL
ldd H1, Y+11
eor ZL, H1
std Y+11, ZL
ret

RAMDecKey128: ; Touched registers: Rcon, H1, H2, Z
ldi H1, 4
RAMDec1:ldd ZL, Y+12
ldd H2, Y+8
eor ZL, H2
std Y+12, ZL
ldd ZL, Y+4
eor H2, ZL
std Y+8, H2
ld H2, Y+
eor ZL, H2
std Y+3, ZL
dec H1
brne RAMDec1
ldd ZL, Y+8
lpm ZL, Z
ld H1, -Y
eor H1, ZL
st Y, H1
ldd ZL, Y+12
lpm ZL, Z
ld H1, -Y
eor H1, ZL
st Y, H1
ldd ZL, Y+12
lpm ZL, Z
ld H1, -Y
eor H1, ZL
st Y, H1
ldd ZL, Y+12
lpm ZL, Z
ld H1, -Y
eor H1, ZL
eor H1, Rcon
st Y, H1
lsr Rcon
cpi Rcon, 0x0d
brne PC+2
ldi Rcon, 0x80
ret

;;;
***************************************************************************
;;;
;;; SBOX and "xtime" tables
;;;
;;; The following tables have to be aligned to a flash position with lower
;;; address byte equal to $00. In assembler syntax: low(sbox<<1) == 0.
;;; To ensure the proper alignment the assembler directive .ORG should be
;;; used. The order of the tables is arbitrary. They even do not have to be
;;; allocated in adjacent memory areas.

.CSEG
.ORG $800 ; ensure proper alignement

sbox:
.db $63,$7c,$77,$7b,$f2,$6b,$6f,$c5,$30,$01,$67,$2b,$fe,$d7,$ab,$76
.db $ca,$82,$c9,$7d,$fa,$59,$47,$f0,$ad,$d4,$a2,$af,$9c,$a4,$72,$c0
.db $b7,$fd,$93,$26,$36,$3f,$f7,$cc,$34,$a5,$e5,$f1,$71,$d8,$31,$15
.db $04,$c7,$23,$c3,$18,$96,$05,$9a,$07,$12,$80,$e2,$eb,$27,$b2,$75
.db $09,$83,$2c,$1a,$1b,$6e,$5a,$a0,$52,$3b,$d6,$b3,$29,$e3,$2f,$84
.db $53,$d1,$00,$ed,$20,$fc,$b1,$5b,$6a,$cb,$be,$39,$4a,$4c,$58,$cf
.db $d0,$ef,$aa,$fb,$43,$4d,$33,$85,$45,$f9,$02,$7f,$50,$3c,$9f,$a8
.db $51,$a3,$40,$8f,$92,$9d,$38,$f5,$bc,$b6,$da,$21,$10,$ff,$f3,$d2
.db $cd,$0c,$13,$ec,$5f,$97,$44,$17,$c4,$a7,$7e,$3d,$64,$5d,$19,$73
.db $60,$81,$4f,$dc,$22,$2a,$90,$88,$46,$ee,$b8,$14,$de,$5e,$0b,$db
.db $e0,$32,$3a,$0a,$49,$06,$24,$5c,$c2,$d3,$ac,$62,$91,$95,$e4,$79
.db $e7,$c8,$37,$6d,$8d,$d5,$4e,$a9,$6c,$56,$f4,$ea,$65,$7a,$ae,$08
.db $ba,$78,$25,$2e,$1c,$a6,$b4,$c6,$e8,$dd,$74,$1f,$4b,$bd,$8b,$8a
.db $70,$3e,$b5,$66,$48,$03,$f6,$0e,$61,$35,$57,$b9,$86,$c1,$1d,$9e
.db $e1,$f8,$98,$11,$69,$d9,$8e,$94,$9b,$1e,$87,$e9,$ce,$55,$28,$df
.db $8c,$a1,$89,$0d,$bf,$e6,$42,$68,$41,$99,$2d,$0f,$b0,$54,$bb,$16

isbox:
.db $52,$09,$6a,$d5,$30,$36,$a5,$38,$bf,$40,$a3,$9e,$81,$f3,$d7,$fb
.db $7c,$e3,$39,$82,$9b,$2f,$ff,$87,$34,$8e,$43,$44,$c4,$de,$e9,$cb
.db $54,$7b,$94,$32,$a6,$c2,$23,$3d,$ee,$4c,$95,$0b,$42,$fa,$c3,$4e
.db $08,$2e,$a1,$66,$28,$d9,$24,$b2,$76,$5b,$a2,$49,$6d,$8b,$d1,$25
.db $72,$f8,$f6,$64,$86,$68,$98,$16,$d4,$a4,$5c,$cc,$5d,$65,$b6,$92
.db $6c,$70,$48,$50,$fd,$ed,$b9,$da,$5e,$15,$46,$57,$a7,$8d,$9d,$84
.db $90,$d8,$ab,$00,$8c,$bc,$d3,$0a,$f7,$e4,$58,$05,$b8,$b3,$45,$06
.db $d0,$2c,$1e,$8f,$ca,$3f,$0f,$02,$c1,$af,$bd,$03,$01,$13,$8a,$6b
.db $3a,$91,$11,$41,$4f,$67,$dc,$ea,$97,$f2,$cf,$ce,$f0,$b4,$e6,$73
.db $96,$ac,$74,$22,$e7,$ad,$35,$85,$e2,$f9,$37,$e8,$1c,$75,$df,$6e
.db $47,$f1,$1a,$71,$1d,$29,$c5,$89,$6f,$b7,$62,$0e,$aa,$18,$be,$1b
.db $fc,$56,$3e,$4b,$c6,$d2,$79,$20,$9a,$db,$c0,$fe,$78,$cd,$5a,$f4
.db $1f,$dd,$a8,$33,$88,$07,$c7,$31,$b1,$12,$10,$59,$27,$80,$ec,$5f
.db $60,$51,$7f,$a9,$19,$b5,$4a,$0d,$2d,$e5,$7a,$9f,$93,$c9,$9c,$ef
.db $a0,$e0,$3b,$4d,$ae,$2a,$f5,$b0,$c8,$eb,$bb,$3c,$83,$53,$99,$61
.db $17,$2b,$04,$7e,$ba,$77,$d6,$26,$e1,$69,$14,$63,$55,$21,$0c,$7d

xtime:
.db $00,$02,$04,$06,$08,$0a,$0c,$0e,$10,$12,$14,$16,$18,$1a,$1c,$1e
.db $20,$22,$24,$26,$28,$2a,$2c,$2e,$30,$32,$34,$36,$38,$3a,$3c,$3e
.db $40,$42,$44,$46,$48,$4a,$4c,$4e,$50,$52,$54,$56,$58,$5a,$5c,$5e
.db $60,$62,$64,$66,$68,$6a,$6c,$6e,$70,$72,$74,$76,$78,$7a,$7c,$7e
.db $80,$82,$84,$86,$88,$8a,$8c,$8e,$90,$92,$94,$96,$98,$9a,$9c,$9e
.db $a0,$a2,$a4,$a6,$a8,$aa,$ac,$ae,$b0,$b2,$b4,$b6,$b8,$ba,$bc,$be
.db $c0,$c2,$c4,$c6,$c8,$ca,$cc,$ce,$d0,$d2,$d4,$d6,$d8,$da,$dc,$de
.db $e0,$e2,$e4,$e6,$e8,$ea,$ec,$ee,$f0,$f2,$f4,$f6,$f8,$fa,$fc,$fe
.db $1b,$19,$1f,$1d,$13,$11,$17,$15,$0b,$09,$0f,$0d,$03,$01,$07,$05
.db $3b,$39,$3f,$3d,$33,$31,$37,$35,$2b,$29,$2f,$2d,$23,$21,$27,$25
.db $5b,$59,$5f,$5d,$53,$51,$57,$55,$4b,$49,$4f,$4d,$43,$41,$47,$45
.db $7b,$79,$7f,$7d,$73,$71,$77,$75,$6b,$69,$6f,$6d,$63,$61,$67,$65
.db $9b,$99,$9f,$9d,$93,$91,$97,$95,$8b,$89,$8f,$8d,$83,$81,$87,$85
.db $bb,$b9,$bf,$bd,$b3,$b1,$b7,$b5,$ab,$a9,$af,$ad,$a3,$a1,$a7,$a5
.db $db,$d9,$df,$dd,$d3,$d1,$d7,$d5,$cb,$c9,$cf,$cd,$c3,$c1,$c7,$c5
.db $fb,$f9,$ff,$fd,$f3,$f1,$f7,$f5,$eb,$e9,$ef,$ed,$e3,$e1,$e7,$e5

Matthew W Pagano Masters Thesis PRNGs Microcontrollers

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Matthew W Pagano Masters Thesis PRNGs Microcontrollers

Загружено:

Авторское право:

Доступные форматы

MaLLhew W.

Вам также может понравиться