Commit 87bedb7f authored by obronchain's avatar obronchain

optimize LFSR

parent 1ce363fe
#include "primitives.h"
#ifdef SHADOW
static uint32_t lfsr_poly;
#endif
// Apply a S-box layer to a Clyde-128 state.
static void sbox_layer(uint32_t* state) {
......@@ -31,19 +34,17 @@ static void lbox(uint32_t* x, uint32_t* y) {
*y = b;
}
#if (DBOX==8)
static uint32_t xtime(uint32_t x) {
uint32_t x_msk1 = x & 0x80808080;
uint32_t x_msk2 = x & 0x7f7f7f7f;
return ((x_msk2 << 1) | (x_msk1 >> 7)) ^ (x_msk1 >> (5));
#ifdef SHADOW
void set_poly(uint32_t lol){
lfsr_poly = lol;
}
#elif (DBOX==32)
static uint32_t xtime(uint32_t x) {
uint32_t tmp = ROTL(x,1);
return tmp ^ ((x >> (31-8))& ~0xff);
int32_t tmp1 = x;
uint32_t tmp = (tmp1 >>31) & lfsr_poly;
return (x<<1) ^ tmp;
}
#endif
// Apply a D-box layer to a Shadow state.
static void dbox_mls_layer(shadow_state state,uint32_t *lfsr) {
......@@ -55,18 +56,6 @@ static void dbox_mls_layer(shadow_state state,uint32_t *lfsr) {
state[0][row] = x ^ y ^ z;
state[1][row] = x ^ z;
state[2][row] = x ^ y;
#else
#if (DBOX==1)
uint32_t w = state[0][row];
uint32_t x = state[1][row];
uint32_t y = state[2][row];
uint32_t z = state[3][row];
uint32_t u = w^x;
uint32_t v = y^z;
state[0][row] = x^v;
state[1][row] = w^v;
state[2][row] = u^z;
state[3][row] = u^y;
#else
uint32_t x1 = state[0][row];
uint32_t x2 = state[1][row];
......@@ -94,9 +83,10 @@ static void dbox_mls_layer(shadow_state state,uint32_t *lfsr) {
state[2][row] = w3 ^ w4;
state[3][row] = w4;
state[0][row] ^= ROTL(*lfsr,8*row);
#endif // DBOX
state[0][row] ^= *lfsr;
*lfsr = xtime(*lfsr);
#endif // SMALL_PERM
}
}
#endif
......@@ -19,11 +19,11 @@
#define ROTL(x, n) ((x << n) | (x >> ((32-n) & 31)))
#ifndef SHCST
#define SHCST -1
#define SHCST 1
#endif
#ifndef DBOX
#define DBOX -1
#define DBOX 1
#endif
#if SMALL_PERM
......
......@@ -24,6 +24,8 @@
#include <string.h>
#include <stdint.h>
#include "primitives.h"
#define SHADOW
#include "primitives.c"
#define CLYDE_128_NS 6 // Number of steps
......@@ -31,43 +33,24 @@
#define SHADOW_NS 6 // Number of steps
#define SHADOW_NR 2 * SHADOW_NS // Number of roundsv
#if (SHCST==1)
#define XORCST(DEST, LFSR, SHIFT) do { \
(DEST)[0] ^= ((LFSR)>>3 & 0x1)<< (SHIFT); \
(DEST)[1] ^= ((LFSR)>>2 & 0x1)<< (SHIFT); \
(DEST)[2] ^= ((LFSR)>>1 & 0x1)<< (SHIFT); \
(DEST)[3] ^= ((LFSR) & 0x1)<< (SHIFT); } while (0)
#elif (SHCST==8)
#define XORCST(DEST, LFSR, SHIFT) do { \
(DEST)[0] ^= (LFSR) & (0xff << (8*(SHIFT))); } while(0)
#elif (SHCST==32)
#define XORCST(DEST, LFSR, SHIFT) do { \
(DEST)[0] ^= (LFSR); \
(LFSR) = ROTL((LFSR),8); } while (0)
#endif
static uint32_t update_lfsr(uint32_t lfsr) {
uint32_t b = lfsr & 0x1;
return (lfsr^(b<<3) | b<<4)>>1;
}
// Shadow permutation. Updates state.
void shadow(shadow_state state) {
uint32_t lfsr = 0x8;
uint32_t lfsr = 0x0f0f0f0f;
set_poly(0x91);
for (unsigned int s = 0; s < SHADOW_NS; s++) {
#pragma GCC unroll 0
for (unsigned int b = 0; b < MLS_BUNDLES; b++) {
for (unsigned int b = 0; b < MLS_BUNDLES; b++){
sbox_layer(state[b]);
lbox(&state[b][0], &state[b][1]);
lbox(&state[b][2], &state[b][3]);
XORCST(state[b], lfsr, b);
state[b][0] ^= lfsr;
lfsr = xtime(lfsr);
sbox_layer(state[b]);
}
lfsr = update_lfsr(lfsr);
dbox_mls_layer(state,&lfsr);
lfsr = update_lfsr(lfsr);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment