#define S(i) ((ctx->lfsr[9-((i)/8)])>>(7-((i)%8)))
/* b0, b1, b2, ..., b78, b79 */
#define B(i) ((ctx->nfsr[9-((i)/8)])>>(7-((i)%8)))
+#define _B(i) (((ctx->nfsr[9-((i)/8)])>>(7-((i)%8)))&1)
uint8_t h_lut[4] PROGMEM = {0x4C, 0xB6, 0xD3, 0x26};
+#ifdef GRAIN_BADOPTIMISATION
+uint8_t g_lut[128] PROGMEM = {
+ 0xF0, 0xA5, 0x0F, 0x5A, 0x0F, 0x5A, 0xF0, 0xA5, 0x0F, 0x5A, 0xF0, 0xA5, 0xF0, 0x5A, 0x0F, 0x0F,
+ 0xC3, 0x96, 0x3C, 0x69, 0x3C, 0x69, 0xC3, 0x96, 0x9C, 0xC9, 0x63, 0x36, 0x63, 0xC9, 0x9C, 0x9C,
+ 0x0F, 0x5A, 0x0F, 0x5A, 0xF0, 0xA5, 0xF0, 0x5A, 0xF0, 0xA5, 0xF0, 0xA5, 0x0F, 0xA5, 0x0F, 0xF0,
+ 0x3C, 0x69, 0x3C, 0x69, 0xC3, 0x96, 0xC3, 0x69, 0x63, 0x36, 0x63, 0x36, 0x9C, 0x36, 0x9C, 0x63,
+ 0x0F, 0xD2, 0xF0, 0x2D, 0xF0, 0x2D, 0x0F, 0xD2, 0xF0, 0x2D, 0x0F, 0xD2, 0x0F, 0x2D, 0xF0, 0x78,
+ 0x3C, 0xE1, 0xC3, 0x1E, 0xC3, 0x1E, 0x3C, 0xE1, 0x63, 0xBE, 0x9C, 0x41, 0x9C, 0xBE, 0x63, 0xEB,
+ 0x00, 0xDD, 0x00, 0xDD, 0xFF, 0x22, 0xFF, 0xDD, 0xFF, 0x22, 0xFF, 0x22, 0x00, 0x22, 0xF0, 0x87,
+ 0xF3, 0x2E, 0xF3, 0x2E, 0x0C, 0xD1, 0x0C, 0x2E, 0xAC, 0x71, 0xAC, 0x71, 0x53, 0x71, 0xA3, 0xD4 };
+#endif
+
uint8_t grain_enc(grain_ctx_t* ctx){
uint8_t s80, s0, c1, c2;
uint8_t i;
c1 = c2;
}
/* clock the NFSR */
- uint8_t b80, a,b,d,e;
+ uint8_t b80;
+/* 778 Byte in this variant / 617 clks enc_time */
+#ifndef GRAIN_BADOPTIMISATION
+ uint8_t a,b,d,e;
b80 = B(62) ^ B(60) ^ B(52) ^ B(45) ^
B(37) ^ B(33) ^ B(28) ^ B(21) ^
B(14) ^ B( 9) ^ B( 0) ^ s0;
b80 ^= (a = B(63) & B(60));
b80 ^= (b = B(37) & B(33));
- b80 ^= B(15) & B( 9); /* c */
+ b80 ^= B(15) & B( 9); // c
b80 ^= (d = B(60) & B(52) & B(45));
b80 ^= (e = B(33) & B(28) & B(21));
- b80 ^= B(63) & B(45) & B(28) & B(9); /* f */
+ b80 ^= B(63) & B(45) & B(28) & B(9); // f
/* -- */
- b80 ^= b & B(60) & B(52); /* g */
- b80 ^= a & B(21) & B(15); /* h */
- b80 ^= d & B(63) & B(37); /* i */
- b80 ^= e & B(15) & B( 9); /* j */
- b80 ^= e & B(52) & B(45) & B(37); /* k */
+ b80 ^= b & B(60) & B(52); // g
+ b80 ^= a & B(21) & B(15); // h
+ b80 ^= d & B(63) & B(37); // i
+ b80 ^= e & B(15) & B( 9); // j
+ b80 ^= e & B(52) & B(45) & B(37); // k
+#else
+ /* let's reorder the bits */
+ uint16_t x;
+
+/*
+ x = _B(21); x<<=1;
+ x |= _B(33); x<<=1;
+ x |= _B(9) ; x<<=1;
+ x |= _B(45); x<<=1;
+ x |= _B(52); x<<=1;
+ x |= _B(37); x<<=1;
+ x |= _B(60); x<<=1;
+ x |= _B(28); x<<=1;
+ x |= _B(15); x<<=1;
+ x |= _B(63);
+*/
+ x = ((ctx->nfsr[8])&0x41)<<1; // B15 & B09
+ x |= ((ctx->nfsr[2])&0x09); // B63 & B60
+// x |= ((ctx->nfsr[4])&0x04)<<4; // B45
+ x |= (((ctx->nfsr[5])&0x44) |
+ ((ctx->nfsr[3])&0x08) |
+ (((((ctx->nfsr[7])&0x04)<<3) |((ctx->nfsr[4])&0x04))<<2) )<<2; // B37 & B33
+// x |= ((ctx->nfsr[3])&0x08)<<2; // B52
+ x |= ((ctx->nfsr[6])&0x08)>>1; // B28
+// x |= ((ctx->nfsr[7])&0x04)<<7; // B21
+
+
+ b80 = pgm_read_byte(g_lut+(x/8))>>(x%8);
+ b80 ^= s0 ^ B(62) ^ B(14) ^ B(0);
+#endif
c1 = b80 & 1;
for(i=0; i<10; ++i){
c2 = (ctx->nfsr[i])>>7;
--- /dev/null
+/**
+ *
+ * author: Daniel Otte
+ * email: daniel.otte@rub.de
+ * license: GPLv3
+ *
+ * this program generate a lookuptable for the nfsr-feedback-function in grain
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+
+#define X(i) ((x)>>((i)))
+#define B63 X(0)
+#define B60 X(3)
+#define B52 X(5)
+#define B45 X(6)
+#define B37 X(4)
+#define B33 X(8)
+#define B28 X(2)
+#define B21 X(9)
+#define B15 X(1)
+#define B09 X(7)
+
+uint8_t g(uint16_t x){
+ uint8_t a,b,d,e;
+ uint8_t ret;
+
+ ret = B60 ^ B52 ^ B45 ^ B37 ^ B33 ^ B28 ^ B21 ^ B09;
+ ret ^= (a = B63 & B60);
+ ret ^= (b = B37 & B33);
+ ret ^= B15 & B09;
+ ret ^= (d = B60 & B52 & B45);
+ ret ^= (e = B33 & B28 & B21);
+ ret ^= B63 & B45 & B28 & B09;
+ ret ^= b & B60 & B52;
+ ret ^= a & B21 & B15;
+ ret ^= d & B63 & B37;
+ ret ^= e & B15 & B09;
+ ret ^= e & B52 & B45 & B37;
+
+ return ret&1;
+}
+
+int main(void){
+ uint16_t i;
+ uint8_t t, lut[128]={0}; /* 2**10 / 8 == 2**(10-3) == 2**7 == 128 */
+ puts(
+ "/* \n"
+ " * author: Daniel Otte \n"
+ " * email: daniel.otte@rub.de \n"
+ " * license: GPLv3 \n"
+ " * \n"
+ " * this program generate a lookuptable for the h-function in grain \n"
+ " * \n"
+ " */ \n");
+ puts("/* \n"
+ " * b63 b15 b28 b60 b37 b52 b45 b09 b33 b21 - g");
+
+ for(i=0; i<0x0400; ++i){
+ t = g(i);
+ printf(" * %c %c %c %c %c %c %c %c %c %c - %c\n",
+ (i&0x01)?'1':'0',
+ (i&0x02)?'1':'0',
+ (i&0x04)?'1':'0',
+ (i&0x08)?'1':'0',
+ (i&0x10)?'1':'0',
+ (i&0x20)?'1':'0',
+ (i&0x40)?'1':'0',
+ (i&0x80)?'1':'0',
+ (i&0x0100)?'1':'0',
+ (i&0x0200)?'1':'0',
+ t?'1':'0' );
+ lut[i/8] |= t<<(i%8);
+// if(i%4==3){
+// puts(" * --");
+// }
+ }
+ puts(" */\n");
+
+ printf(" uint8_t g_lut[128]= {");
+ for(i=0; i<128; ++i){
+ if(i%16==0){
+ printf("\n\t");
+ }
+ printf("0x%2.2X%c ", lut[i], (i!=127)?',':' ');
+ }
+ printf("};\n\n");
+ return 0;
+}
+
projects / avr-crypto-lib.git / commitdiff