Blame - src/common/snow_3g.c - MME2

blob: 045a10e8c28da2817771bf2d197a3b90a0517f00 [file] [log] [blame]

anjana_sreekumar@infosys.com	991c206	2020-01-08 11:42:57 +0530	[diff] [blame^]	1	/*------------------------------------------------------------------
				2	* SNOW_3G.c
				3	-------------------------------------------------------------------/
				4
				5	/*
				6	* The code has been referred from
				7	* 1. https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				8	* 2. https://www.gsma.com/aboutus/wp-content/uploads/2014/12/uea2uia2d1v21.pdf
				9	*/
				10
				11
				12	#include "snow_3g.h"
				13
				14	/* LFSR */
				15
				16	u32 LFSR_S0 = 0x00;
				17	u32 LFSR_S1 = 0x00;
				18	u32 LFSR_S2 = 0x00;
				19	u32 LFSR_S3 = 0x00;
				20	u32 LFSR_S4 = 0x00;
				21	u32 LFSR_S5 = 0x00;
				22	u32 LFSR_S6 = 0x00;
				23	u32 LFSR_S7 = 0x00;
				24	u32 LFSR_S8 = 0x00;
				25	u32 LFSR_S9 = 0x00;
				26	u32 LFSR_S10 = 0x00;
				27	u32 LFSR_S11 = 0x00;
				28	u32 LFSR_S12 = 0x00;
				29	u32 LFSR_S13 = 0x00;
				30	u32 LFSR_S14 = 0x00;
				31	u32 LFSR_S15 = 0x00;
				32
				33	/* FSM */
				34
				35	u32 FSM_R1 = 0x00;
				36	u32 FSM_R2 = 0x00;
				37	u32 FSM_R3 = 0x00;
				38
				39
				40	/* Rijndael S-box SR */
				41
				42	u8 SR[256] = {
				43	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
				44	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
				45	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
				46	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
				47	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
				48	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
				49	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
				50	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
				51	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
				52	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
				53	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
				54	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
				55	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
				56	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
				57	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
				58	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16
				59	};
				60
				61	/* S-box SQ */
				62
				63	u8 SQ[256] = {
				64	0x25,0x24,0x73,0x67,0xD7,0xAE,0x5C,0x30,0xA4,0xEE,0x6E,0xCB,0x7D,0xB5,0x82,0xDB,
				65	0xE4,0x8E,0x48,0x49,0x4F,0x5D,0x6A,0x78,0x70,0x88,0xE8,0x5F,0x5E,0x84,0x65,0xE2,
				66	0xD8,0xE9,0xCC,0xED,0x40,0x2F,0x11,0x28,0x57,0xD2,0xAC,0xE3,0x4A,0x15,0x1B,0xB9,
				67	0xB2,0x80,0x85,0xA6,0x2E,0x02,0x47,0x29,0x07,0x4B,0x0E,0xC1,0x51,0xAA,0x89,0xD4,
				68	0xCA,0x01,0x46,0xB3,0xEF,0xDD,0x44,0x7B,0xC2,0x7F,0xBE,0xC3,0x9F,0x20,0x4C,0x64,
				69	0x83,0xA2,0x68,0x42,0x13,0xB4,0x41,0xCD,0xBA,0xC6,0xBB,0x6D,0x4D,0x71,0x21,0xF4,
				70	0x8D,0xB0,0xE5,0x93,0xFE,0x8F,0xE6,0xCF,0x43,0x45,0x31,0x22,0x37,0x36,0x96,0xFA,
				71	0xBC,0x0F,0x08,0x52,0x1D,0x55,0x1A,0xC5,0x4E,0x23,0x69,0x7A,0x92,0xFF,0x5B,0x5A,
				72	0xEB,0x9A,0x1C,0xA9,0xD1,0x7E,0x0D,0xFC,0x50,0x8A,0xB6,0x62,0xF5,0x0A,0xF8,0xDC,
				73	0x03,0x3C,0x0C,0x39,0xF1,0xB8,0xF3,0x3D,0xF2,0xD5,0x97,0x66,0x81,0x32,0xA0,0x00,
				74	0x06,0xCE,0xF6,0xEA,0xB7,0x17,0xF7,0x8C,0x79,0xD6,0xA7,0xBF,0x8B,0x3F,0x1F,0x53,
				75	0x63,0x75,0x35,0x2C,0x60,0xFD,0x27,0xD3,0x94,0xA5,0x7C,0xA1,0x05,0x58,0x2D,0xBD,
				76	0xD9,0xC7,0xAF,0x6B,0x54,0x0B,0xE0,0x38,0x04,0xC8,0x9D,0xE7,0x14,0xB1,0x87,0x9C,
				77	0xDF,0x6F,0xF9,0xDA,0x2A,0xC4,0x59,0x16,0x74,0x91,0xAB,0x26,0x61,0x76,0x34,0x2B,
				78	0xAD,0x99,0xFB,0x72,0xEC,0x33,0x12,0xDE,0x98,0x3B,0xC0,0x9B,0x3E,0x18,0x10,0x3A,
				79	0x56,0xE1,0x77,0xC9,0x1E,0x9E,0x95,0xA3,0x90,0x19,0xA8,0x6C,0x09,0xD0,0xF0,0x86
				80	};
				81
				82
				83	/* MULx.
				84	* Input V: an 8-bit input.
				85	* Input c: an 8-bit input.
				86	* Output : an 8-bit output.
				87	* See section 3.1.1 of
				88	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				89	* for details.
				90	*/
				91
				92
				93	u8 MULx(u8 V, u8 c)
				94	{
				95	if ( V & 0x80 )
				96	return ( (V << 1) ^ c);
				97	else
				98	return ( V << 1);
				99	}
				100
				101	/* MULxPOW.
				102	* Input V: an 8-bit input.
				103	* Input i: a positive integer.
				104	* Input c: an 8-bit input.
				105	* Output : an 8-bit output.
				106	* See section 3.1.2
				107	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				108	* for details.
				109	*/
				110
				111
				112	u8 MULxPOW(u8 V, u8 i, u8 c)
				113	{
				114	/GSLab-Intel modification to avoid recurssion/
				115	while(i > 0) {
				116	V = ( V & 0x80 ) ? ( (V << 1) ^ c): ( V << 1);
				117	--i;
				118	}
				119	return V;
				120
				121	}
				122	/* The function MUL alpha.
				123	* Input c: 8-bit input.
				124	* Output : 32-bit output.
				125	* See section 3.4.2
				126	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				127	* for details.
				128	*/
				129
				130	u32 MULalpha(u8 c)
				131	{
				132	return ( ( ((u32)MULxPOW(c, 23, 0xa9)) << 24 ) \|
				133	( ((u32)MULxPOW(c, 245, 0xa9)) << 16 ) \|
				134	( ((u32)MULxPOW(c, 48, 0xa9)) << 8 ) \|
				135	((u32)MULxPOW(c, 239, 0xa9)) ) ;
				136	}
				137
				138	/* The function DIV alpha.
				139	* Input c: 8-bit input.
				140	* Output : 32-bit output.
				141	* See section 3.4.3
				142	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				143	* for details.
				144	*/
				145
				146	u32 DIValpha(u8 c)
				147	{
				148	return ( ( ((u32)MULxPOW(c, 16, 0xa9)) << 24 ) \|
				149	( ((u32)MULxPOW(c, 39, 0xa9)) << 16 ) \|
				150	( ((u32)MULxPOW(c, 6, 0xa9)) << 8 ) \|
				151	( ((u32)MULxPOW(c, 64, 0xa9)) ) ) ;
				152	}
				153
				154	/* The 32x32-bit S-Box S1
				155	* Input: a 32-bit input.
				156	* Output: a 32-bit output of S1 box.
				157	* See section 3.3.1
				158	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				159	* for details.
				160	*/
				161
				162	u32 S1(u32 w)
				163	{
				164	u8 r0=0, r1=0, r2=0, r3=0;
				165	u8 srw0 = SR[ (u8)((w >> 24) & 0xff) ];
				166	u8 srw1 = SR[ (u8)((w >> 16) & 0xff) ];
				167	u8 srw2 = SR[ (u8)((w >> 8) & 0xff) ];
				168	u8 srw3 = SR[ (u8)((w) & 0xff) ];
				169
				170	r0 = ( ( MULx( srw0 , 0x1b) ) ^
				171	( srw1 ) ^
				172	( srw2 ) ^
				173	( (MULx( srw3, 0x1b)) ^ srw3 )
				174	);
				175
				176	r1 = ( ( ( MULx( srw0 , 0x1b) ) ^ srw0 ) ^
				177	( MULx(srw1, 0x1b) ) ^
				178	( srw2 ) ^
				179	( srw3 )
				180	);
				181
				182	r2 = ( ( srw0 ) ^
				183	( ( MULx( srw1 , 0x1b) ) ^ srw1 ) ^
				184	( MULx(srw2, 0x1b) ) ^
				185	( srw3 )
				186	);
				187
				188	r3 = ( ( srw0 ) ^
				189	( srw1 ) ^
				190	( ( MULx( srw2 , 0x1b) ) ^ srw2 ) ^
				191	( MULx( srw3, 0x1b) )
				192	);
				193
				194	return ( ( ((u32)r0) << 24 ) \| ( ((u32)r1) << 16 ) \| ( ((u32)r2) << 8 ) \|
				195	( ((u32)r3) ) );
				196
				197	}
				198
				199	/* The 32x32-bit S-Box S2
				200	* Input: a 32-bit input.
				201	* Output: a 32-bit output of S2 box.
				202	* See section 3.3.2
				203	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				204	* for details.
				205	*/
				206
				207	u32 S2(u32 w)
				208	{
				209	u8 r0=0, r1=0, r2=0, r3=0;
				210	u8 sqw0 = SQ[ (u8)((w >> 24) & 0xff) ];
				211	u8 sqw1 = SQ[ (u8)((w >> 16) & 0xff) ];
				212	u8 sqw2 = SQ[ (u8)((w >> 8) & 0xff) ];
				213	u8 sqw3 = SQ[ (u8)((w) & 0xff) ];
				214
				215
				216	r0 = ( ( MULx( sqw0 , 0x69) ) ^
				217	( sqw1 ) ^
				218	( sqw2 ) ^
				219	( (MULx( sqw3, 0x69)) ^ sqw3 )
				220	);
				221
				222
				223	r1 = ( ( ( MULx( sqw0 , 0x69) ) ^ sqw0 ) ^
				224	( MULx(sqw1, 0x69) ) ^
				225	( sqw2 ) ^
				226	( sqw3 )
				227	);
				228
				229	r2 = ( ( sqw0 ) ^
				230	( ( MULx( sqw1 , 0x69) ) ^ sqw1 ) ^
				231	( MULx(sqw2, 0x69) ) ^
				232	( sqw3 )
				233	);
				234
				235	r3 = ( ( sqw0 ) ^
				236	( sqw1 ) ^
				237	( ( MULx( sqw2 , 0x69) ) ^ sqw2 ) ^
				238	( MULx( sqw3, 0x69) )
				239	);
				240
				241
				242	return ( ( ((u32)r0) << 24 ) \| ( ((u32)r1) << 16 ) \| ( ((u32)r2) << 8 ) \|
				243	( ((u32)r3) ) );
				244
				245	}
				246
				247	/* Clocking LFSR in initialization mode.
				248	* LFSR Registers S0 to S15 are updated as the LFSR receives a single clock.
				249	* Input F: a 32-bit word comes from output of FSM.
				250	* See section 3.4.4
				251	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				252	* for details.
				253	*/
				254
				255	void ClockLFSRInitializationMode(u32 F)
				256	{
				257	u32 v = ( ( (LFSR_S0 << 8) & 0xffffff00 ) ^
				258	( MULalpha( (u8)((LFSR_S0>>24) & 0xff) ) ) ^
				259	( LFSR_S2 ) ^
				260	( (LFSR_S11 >> 8) & 0x00ffffff ) ^
				261	( DIValpha( (u8)( ( LFSR_S11) & 0xff ) ) ) ^
				262	( F )
				263	);
				264
				265	LFSR_S0 = LFSR_S1;
				266	LFSR_S1 = LFSR_S2;
				267	LFSR_S2 = LFSR_S3;
				268	LFSR_S3 = LFSR_S4;
				269	LFSR_S4 = LFSR_S5;
				270	LFSR_S5 = LFSR_S6;
				271	LFSR_S6 = LFSR_S7;
				272	LFSR_S7 = LFSR_S8;
				273	LFSR_S8 = LFSR_S9;
				274	LFSR_S9 = LFSR_S10;
				275	LFSR_S10 = LFSR_S11;
				276	LFSR_S11 = LFSR_S12;
				277	LFSR_S12 = LFSR_S13;
				278	LFSR_S13 = LFSR_S14;
				279	LFSR_S14 = LFSR_S15;
				280	LFSR_S15 = v;
				281	}
				282
				283	/* Clocking LFSR in keystream mode.
				284	* LFSR Registers S0 to S15 are updated as the LFSR receives a single clock.
				285	* See section 3.4.5
				286	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				287	* for details.
				288	*/
				289
				290	void ClockLFSRKeyStreamMode()
				291	{
				292	u32 v = ( ( (LFSR_S0 << 8) & 0xffffff00 ) ^
				293	( MULalpha( (u8)((LFSR_S0>>24) & 0xff) ) ) ^
				294	( LFSR_S2 ) ^
				295	( (LFSR_S11 >> 8) & 0x00ffffff ) ^
				296	( DIValpha( (u8)( ( LFSR_S11) & 0xff ) ) )
				297	);
				298
				299
				300	LFSR_S0 = LFSR_S1;
				301	LFSR_S1 = LFSR_S2;
				302	LFSR_S2 = LFSR_S3;
				303	LFSR_S3 = LFSR_S4;
				304	LFSR_S4 = LFSR_S5;
				305	LFSR_S5 = LFSR_S6;
				306	LFSR_S6 = LFSR_S7;
				307	LFSR_S7 = LFSR_S8;
				308	LFSR_S8 = LFSR_S9;
				309	LFSR_S9 = LFSR_S10;
				310	LFSR_S10 = LFSR_S11;
				311	LFSR_S11 = LFSR_S12;
				312	LFSR_S12 = LFSR_S13;
				313	LFSR_S13 = LFSR_S14;
				314	LFSR_S14 = LFSR_S15;
				315	LFSR_S15 = v;
				316	}
				317
				318	/* Clocking FSM.
				319	* Produces a 32-bit word F.
				320	* Updates FSM registers R1, R2, R3.
				321	* See Section 3.4.6 of
				322	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				323	* for details.
				324	*/
				325
				326	u32 ClockFSM()
				327	{
				328	u32 F = ( ( LFSR_S15 + FSM_R1 ) & 0xffffffff ) ^ FSM_R2 ;
				329	u32 r = ( FSM_R2 + ( FSM_R3 ^ LFSR_S5 ) ) & 0xffffffff ;
				330	FSM_R3 = S2(FSM_R2);
				331	FSM_R2 = S1(FSM_R1);
				332	FSM_R1 = r;
				333	return F;
				334	}
				335
				336	/* Initialization.
				337	* Input k[4]: Four 32-bit words making up 128-bit key.
				338	* Input IV[4]: Four 32-bit words making 128-bit initialization variable.
				339	* Output: All the LFSRs and FSM are initialized for key generation.
				340	* See Section 4.1 of
				341	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				342	* for details.
				343	*/
				344
				345	void Initialize(u32 k[4], u32 IV[4])
				346	{
				347	u8 i=0;
				348	u32 F = 0x0;
				349	LFSR_S15 = k[3] ^ IV[0];
				350	LFSR_S14 = k[2];
				351	LFSR_S13 = k[1];
				352	LFSR_S12 = k[0] ^ IV[1];
				353	LFSR_S11 = k[3] ^ 0xffffffff;
				354	LFSR_S10 = k[2] ^ 0xffffffff ^ IV[2];
				355	LFSR_S9 = k[1] ^ 0xffffffff ^ IV[3];
				356	LFSR_S8 = k[0] ^ 0xffffffff;
				357	LFSR_S7 = k[3];
				358	LFSR_S6 = k[2];
				359	LFSR_S5 = k[1];
				360	LFSR_S4 = k[0];
				361	LFSR_S3 = k[3] ^ 0xffffffff;
				362	LFSR_S2 = k[2] ^ 0xffffffff;
				363	LFSR_S1 = k[1] ^ 0xffffffff;
				364	LFSR_S0 = k[0] ^ 0xffffffff;
				365	FSM_R1 = 0x0;
				366	FSM_R2 = 0x0;
				367	FSM_R3 = 0x0;
				368
				369	for(i=0;i<32;i++)
				370	{
				371	F = ClockFSM();
				372	ClockLFSRInitializationMode(F);
				373	}
				374	}
				375
				376
				377	/* Generation of Keystream.
				378	* input n: number of 32-bit words of keystream.
				379	* input z: space for the generated keystream, assumes
				380	* memory is allocated already.
				381	* output: generated keystream which is filled in z
				382	* See section 4.2 of
				383	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				384	* for details.
				385	*/
				386
				387	void GenerateKeystream(u32 n, u32 *ks)
				388	{
				389	u32 t = 0;
				390	u32 F = 0x0;
				391	ClockFSM(); /* Clock FSM once. Discard the output. */
				392	ClockLFSRKeyStreamMode(); /* Clock LFSR in keystream mode once. */
				393
				394	for ( t=0; t<n; t++)
				395	{
				396	F = ClockFSM();/* STEP 1 */
				397	ks[t] = F ^ LFSR_S0; /* STEP 2 */
				398
				399	/* Note that ks[t] corresponds to z_{t+1} in section 4.2 of
				400	* https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf
				401	*/
				402
				403	ClockLFSRKeyStreamMode(); /* STEP 3 */
				404	}
				405	}
				406	/------------------------------------------------------------------/