OpenCores
URL https://opencores.org/ocsvn/csa/csa/trunk

Subversion Repositories csa

[/] [csa/] [trunk/] [sw_sim/] [csa.c] - Blame information for rev 13

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 10 simon111
/*
2
    dvb common scrambling algorithm
3
 
4
    refs:
5
        uk patent: gb 2322 994
6
        uk patent: gb 2322 995
7
        freedec v2.1
8
        iso/iec 13818-1
9
        etr289 / dvb document a007
10
 
11
*/
12
 
13
#include <memory.h>
14
#include "csa.h"
15
 
16
#ifndef NULL
17
#define NULL 0
18
#endif
19
 
20
/* stream cypher */
21
 
22
/*  107 state bits */
23
/*  26 nibbles (4 bit) */
24
/*  +  3 bits */
25
/*  reg A[1]-A[10], 10 nibbles */
26
/*  reg B[1]-B[10], 10 nibbles */
27
/*  reg X,           1 nibble */
28
/*  reg Y,           1 nibble */
29
/*  reg Z,           1 nibble */
30
/*  reg D,           1 nibble */
31
/*  reg E,           1 nibble */
32
/*  reg F,           1 nibble */
33
/*  reg p,           1 bit */
34
/*  reg q,           1 bit */
35
/*  reg r,           1 bit */
36
 
37
int sbox1[0x20] = {2,0,1,1,2,3,3,0, 3,2,2,0,1,1,0,3, 0,3,3,0,2,2,1,1, 2,2,0,3,1,1,3,0};
38
int sbox2[0x20] = {3,1,0,2,2,3,3,0, 1,3,2,1,0,0,1,2, 3,1,0,3,3,2,0,2, 0,0,1,2,2,1,3,1};
39
int sbox3[0x20] = {2,0,1,2,2,3,3,1, 1,1,0,3,3,0,2,0, 1,3,0,1,3,0,2,2, 2,0,1,2,0,3,3,1};
40
int sbox4[0x20] = {3,1,2,3,0,2,1,2, 1,2,0,1,3,0,0,3, 1,0,3,1,2,3,0,3, 0,3,2,0,1,2,2,1};
41
int sbox5[0x20] = {2,0,0,1,3,2,3,2, 0,1,3,3,1,0,2,1, 2,3,2,0,0,3,1,1, 1,0,3,2,3,1,0,2};
42
int sbox6[0x20] = {0,1,2,3,1,2,2,0, 0,1,3,0,2,3,1,3, 2,3,0,2,3,0,1,1, 2,1,1,2,0,3,3,0};
43
int sbox7[0x20] = {0,3,2,2,3,0,0,1, 3,0,1,3,1,2,2,1, 1,0,3,3,0,1,1,2, 2,3,1,0,2,3,0,2};
44
 
45
void stream_cypher(int init, unsigned char *CK, unsigned char *sb, unsigned char *cb) {
46
    int i,j;
47
    int in1;        /*  most  significant nibble of input byte */
48
    int in2;        /*  least significant nibble of input byte */
49
    int op;
50
    int extra_B;
51
    int s1,s2,s3,s4,s5,s6,s7;
52
    int next_A1;
53
    int next_B1;
54
    int next_E;
55
 
56
    static int A[11];
57
    static int B[11];
58
    static int X;
59
    static int Y;
60
    static int Z;
61
    static int D;
62
    static int E;
63
    static int F;
64
    static int p;
65
    static int q;
66
    static int r;
67
 
68
    /*  reset */
69
    if (init) {
70
        /*  load first 32 bits of CK into A[1]..A[8] */
71
        /*  load last  32 bits of CK into B[1]..B[8] */
72
        /*  all other regs = 0 */
73
        A[1] = (CK[0] >> 4) & 0xf;
74
        A[2] = (CK[0] >> 0) & 0xf;
75
        A[3] = (CK[1] >> 4) & 0xf;
76
        A[4] = (CK[1] >> 0) & 0xf;
77
        A[5] = (CK[2] >> 4) & 0xf;
78
        A[6] = (CK[2] >> 0) & 0xf;
79
        A[7] = (CK[3] >> 4) & 0xf;
80
        A[8] = (CK[3] >> 0) & 0xf;
81
        A[9] = 0;
82
        A[10] = 0;
83
        B[1] = (CK[4] >> 4) & 0xf;
84
        B[2] = (CK[4] >> 0) & 0xf;
85
        B[3] = (CK[5] >> 4) & 0xf;
86
        B[4] = (CK[5] >> 0) & 0xf;
87
        B[5] = (CK[6] >> 4) & 0xf;
88
        B[6] = (CK[6] >> 0) & 0xf;
89
        B[7] = (CK[7] >> 4) & 0xf;
90
        B[8] = (CK[7] >> 0) & 0xf;
91
        B[9] = 0;
92
        B[10] = 0;
93
 
94
        X=0;
95
        Y=0;
96
        Z=0;
97
        D=0;
98
        E=0;
99
        F=0;
100
        p=0;
101
        q=0;
102
        r=0;
103
    } /* init */
104
 
105
    /*  8 bytes per operation */
106
    for(i=0; i<8; i++) {
107
        if (init) {
108
            in1 = (sb[i] >> 4) & 0x0f;
109
            in2 = (sb[i] >> 0) & 0x0f;
110
        } /* init */
111
        op = 0;
112
        /*  2 bits per iteration */
113
        for(j=0; j<4; j++) {
114
            /*  from A[1]..A[10], 35 bits are selected as inputs to 7 s-boxes */
115
            /*  5 bits input per s-box, 2 bits output per s-box */
116
            s1 = sbox1[ (((A[4]>>0)&1)<<4) | (((A[1]>>2)&1)<<3) | (((A[6]>>1)&1)<<2) | (((A[7]>>3)&1)<<1) | (((A[9]>>0)&1)<<0) ];
117
            s2 = sbox2[ (((A[2]>>1)&1)<<4) | (((A[3]>>2)&1)<<3) | (((A[6]>>3)&1)<<2) | (((A[7]>>0)&1)<<1) | (((A[9]>>1)&1)<<0) ];
118
            s3 = sbox3[ (((A[1]>>3)&1)<<4) | (((A[2]>>0)&1)<<3) | (((A[5]>>1)&1)<<2) | (((A[5]>>3)&1)<<1) | (((A[6]>>2)&1)<<0) ];
119
            s4 = sbox4[ (((A[3]>>3)&1)<<4) | (((A[1]>>1)&1)<<3) | (((A[2]>>3)&1)<<2) | (((A[4]>>2)&1)<<1) | (((A[8]>>0)&1)<<0) ];
120
            s5 = sbox5[ (((A[5]>>2)&1)<<4) | (((A[4]>>3)&1)<<3) | (((A[6]>>0)&1)<<2) | (((A[8]>>1)&1)<<1) | (((A[9]>>2)&1)<<0) ];
121
            s6 = sbox6[ (((A[3]>>1)&1)<<4) | (((A[4]>>1)&1)<<3) | (((A[5]>>0)&1)<<2) | (((A[7]>>2)&1)<<1) | (((A[9]>>3)&1)<<0) ];
122
            s7 = sbox7[ (((A[2]>>2)&1)<<4) | (((A[3]>>0)&1)<<3) | (((A[7]>>1)&1)<<2) | (((A[8]>>2)&1)<<1) | (((A[8]>>3)&1)<<0) ];
123
 
124
            /*  use 4x4 xor to produce extra nibble for T3 */
125
            extra_B = ( ((B[3]&1)<<3) ^ ((B[6]&2)<<2) ^ ((B[7]&4)<<1) ^ ((B[9]&8)>>0) ) |
126
                      ( ((B[6]&1)<<2) ^ ((B[8]&2)<<1) ^ ((B[3]&8)>>1) ^ ((B[4]&4)>>0) ) |
127
                      ( ((B[5]&8)>>2) ^ ((B[8]&4)>>1) ^ ((B[4]&1)<<1) ^ ((B[5]&2)>>0) ) |
128
                      ( ((B[9]&4)>>2) ^ ((B[6]&8)>>3) ^ ((B[3]&2)>>1) ^ ((B[8]&1)>>0) ) ;
129
 
130
            /*  T1 = xor all inputs */
131
            /*  in1,in2, D are only used in T1 during initialisation, not generation */
132
            next_A1 = A[10] ^ X;
133
            if (init)
134
                                next_A1 = next_A1 ^ D ^ ((j % 2) ? in2 : in1);
135
 
136
            /*  T2 =  xor all inputs */
137
            /*  in1,in2 are only used in T1 during initialisation, not generation */
138
            /*  if p=0, use this, if p=1, rotate the result left */
139
            next_B1 = B[7] ^ B[10] ^ Y;
140
            if (init)
141
                                next_B1 = next_B1 ^ ((j % 2) ? in1 : in2);
142
 
143
            /*  if p=1, rotate left */
144
            if (p)
145
                                next_B1 = ( (next_B1 << 1) | ((next_B1 >> 3) & 1) ) & 0xf;
146
 
147
            /*  T3 = xor all inputs */
148
            D = E ^ Z ^ extra_B;
149
 
150
            /*  T4 = sum, carry of Z + E + r */
151
            next_E = F;
152
            if (q) {
153
                F = Z + E + r;
154
                /*  r is the carry */
155
                r = (F >> 4) & 1;
156
                F = F & 0x0f;
157
            } /* q */
158
            else {
159
                F = E;
160
            }
161
            E = next_E;
162
 
163
            A[10] = A[9];
164
            A[9] = A[8];
165
            A[8] = A[7];
166
            A[7] = A[6];
167
            A[6] = A[5];
168
            A[5] = A[4];
169
            A[4] = A[3];
170
            A[3] = A[2];
171
            A[2] = A[1];
172
            A[1]= next_A1;
173
 
174
            B[10] = B[9];
175
            B[9] = B[8];
176
            B[8] = B[7];
177
            B[7] = B[6];
178
            B[6] = B[5];
179
            B[5] = B[4];
180
            B[4] = B[3];
181
            B[3] = B[2];
182
            B[2] = B[1];
183
            B[1] = next_B1;
184
 
185
            X = ((s4&1)<<3) | ((s3&1)<<2) | (s2&2) | ((s1&2)>>1);
186
            Y = ((s6&1)<<3) | ((s5&1)<<2) | (s4&2) | ((s3&2)>>1);
187
            Z = ((s2&1)<<3) | ((s1&1)<<2) | (s6&2) | ((s5&2)>>1);
188
            p = (s7&2)>>1;
189
            q = (s7&1);
190
 
191
            /*  require 4 loops per output byte */
192
            /*  2 output bits are a function of the 4 bits of D */
193
            /*  xor 2 by 2 */
194
            op = (op << 2)^ ( (((D^(D>>1))>>1)&2) | ((D^(D>>1))&1) );
195
        }
196
        /*  return input data during init */
197
        cb[i] = (init) ? sb[i] : op;
198
    }
199
}
200
 
201
/* block cypher */
202
 
203
/*  key preparation */
204
unsigned char key_perm[0x40] = {
205
    0x12,0x24,0x09,0x07,0x2A,0x31,0x1D,0x15,0x1C,0x36,0x3E,0x32,0x13,0x21,0x3B,0x40,
206
    0x18,0x14,0x25,0x27,0x02,0x35,0x1B,0x01,0x22,0x04,0x0D,0x0E,0x39,0x28,0x1A,0x29,
207
    0x33,0x23,0x34,0x0C,0x16,0x30,0x1E,0x3A,0x2D,0x1F,0x08,0x19,0x17,0x2F,0x3D,0x11,
208
    0x3C,0x05,0x38,0x2B,0x0B,0x06,0x0A,0x2C,0x20,0x3F,0x2E,0x0F,0x03,0x26,0x10,0x37,
209
};
210
 
211
/*  block - sbox */
212
unsigned char block_sbox[0x100] = {
213
    0x3A,0xEA,0x68,0xFE,0x33,0xE9,0x88,0x1A,0x83,0xCF,0xE1,0x7F,0xBA,0xE2,0x38,0x12,
214
    0xE8,0x27,0x61,0x95,0x0C,0x36,0xE5,0x70,0xA2,0x06,0x82,0x7C,0x17,0xA3,0x26,0x49,
215
    0xBE,0x7A,0x6D,0x47,0xC1,0x51,0x8F,0xF3,0xCC,0x5B,0x67,0xBD,0xCD,0x18,0x08,0xC9,
216
    0xFF,0x69,0xEF,0x03,0x4E,0x48,0x4A,0x84,0x3F,0xB4,0x10,0x04,0xDC,0xF5,0x5C,0xC6,
217
    0x16,0xAB,0xAC,0x4C,0xF1,0x6A,0x2F,0x3C,0x3B,0xD4,0xD5,0x94,0xD0,0xC4,0x63,0x62,
218
    0x71,0xA1,0xF9,0x4F,0x2E,0xAA,0xC5,0x56,0xE3,0x39,0x93,0xCE,0x65,0x64,0xE4,0x58,
219
    0x6C,0x19,0x42,0x79,0xDD,0xEE,0x96,0xF6,0x8A,0xEC,0x1E,0x85,0x53,0x45,0xDE,0xBB,
220
    0x7E,0x0A,0x9A,0x13,0x2A,0x9D,0xC2,0x5E,0x5A,0x1F,0x32,0x35,0x9C,0xA8,0x73,0x30,
221
 
222
    0x29,0x3D,0xE7,0x92,0x87,0x1B,0x2B,0x4B,0xA5,0x57,0x97,0x40,0x15,0xE6,0xBC,0x0E,
223
    0xEB,0xC3,0x34,0x2D,0xB8,0x44,0x25,0xA4,0x1C,0xC7,0x23,0xED,0x90,0x6E,0x50,0x00,
224
    0x99,0x9E,0x4D,0xD9,0xDA,0x8D,0x6F,0x5F,0x3E,0xD7,0x21,0x74,0x86,0xDF,0x6B,0x05,
225
    0x8E,0x5D,0x37,0x11,0xD2,0x28,0x75,0xD6,0xA7,0x77,0x24,0xBF,0xF0,0xB0,0x02,0xB7,
226
    0xF8,0xFC,0x81,0x09,0xB1,0x01,0x76,0x91,0x7D,0x0F,0xC8,0xA0,0xF2,0xCB,0x78,0x60,
227
    0xD1,0xF7,0xE0,0xB5,0x98,0x22,0xB3,0x20,0x1D,0xA6,0xDB,0x7B,0x59,0x9F,0xAE,0x31,
228
    0xFB,0xD3,0xB6,0xCA,0x43,0x72,0x07,0xF4,0xD8,0x41,0x14,0x55,0x0D,0x54,0x8B,0xB9,
229
    0xAD,0x46,0x0B,0xAF,0x80,0x52,0x2C,0xFA,0x8C,0x89,0x66,0xFD,0xB2,0xA9,0x9B,0xC0,
230
};
231
 
232
/*  block - perm */
233
unsigned long block_perm[0x100] = {
234
    0x00,0x02,0x80,0x82,0x20,0x22,0xA0,0xA2, 0x10,0x12,0x90,0x92,0x30,0x32,0xB0,0xB2,
235
    0x04,0x06,0x84,0x86,0x24,0x26,0xA4,0xA6, 0x14,0x16,0x94,0x96,0x34,0x36,0xB4,0xB6,
236
    0x40,0x42,0xC0,0xC2,0x60,0x62,0xE0,0xE2, 0x50,0x52,0xD0,0xD2,0x70,0x72,0xF0,0xF2,
237
    0x44,0x46,0xC4,0xC6,0x64,0x66,0xE4,0xE6, 0x54,0x56,0xD4,0xD6,0x74,0x76,0xF4,0xF6,
238
    0x01,0x03,0x81,0x83,0x21,0x23,0xA1,0xA3, 0x11,0x13,0x91,0x93,0x31,0x33,0xB1,0xB3,
239
    0x05,0x07,0x85,0x87,0x25,0x27,0xA5,0xA7, 0x15,0x17,0x95,0x97,0x35,0x37,0xB5,0xB7,
240
    0x41,0x43,0xC1,0xC3,0x61,0x63,0xE1,0xE3, 0x51,0x53,0xD1,0xD3,0x71,0x73,0xF1,0xF3,
241
    0x45,0x47,0xC5,0xC7,0x65,0x67,0xE5,0xE7, 0x55,0x57,0xD5,0xD7,0x75,0x77,0xF5,0xF7,
242
 
243
    0x08,0x0A,0x88,0x8A,0x28,0x2A,0xA8,0xAA, 0x18,0x1A,0x98,0x9A,0x38,0x3A,0xB8,0xBA,
244
    0x0C,0x0E,0x8C,0x8E,0x2C,0x2E,0xAC,0xAE, 0x1C,0x1E,0x9C,0x9E,0x3C,0x3E,0xBC,0xBE,
245
    0x48,0x4A,0xC8,0xCA,0x68,0x6A,0xE8,0xEA, 0x58,0x5A,0xD8,0xDA,0x78,0x7A,0xF8,0xFA,
246
    0x4C,0x4E,0xCC,0xCE,0x6C,0x6E,0xEC,0xEE, 0x5C,0x5E,0xDC,0xDE,0x7C,0x7E,0xFC,0xFE,
247
    0x09,0x0B,0x89,0x8B,0x29,0x2B,0xA9,0xAB, 0x19,0x1B,0x99,0x9B,0x39,0x3B,0xB9,0xBB,
248
    0x0D,0x0F,0x8D,0x8F,0x2D,0x2F,0xAD,0xAF, 0x1D,0x1F,0x9D,0x9F,0x3D,0x3F,0xBD,0xBF,
249
    0x49,0x4B,0xC9,0xCB,0x69,0x6B,0xE9,0xEB, 0x59,0x5B,0xD9,0xDB,0x79,0x7B,0xF9,0xFB,
250
    0x4D,0x4F,0xCD,0xCF,0x6D,0x6F,0xED,0xEF, 0x5D,0x5F,0xDD,0xDF,0x7D,0x7F,0xFD,0xFF,
251
};
252
 
253 13 simon111
void key_schedule(unsigned char *CK, int *kk)
254
{
255 10 simon111
    int i,j,k;
256
    int bit[64];
257
    int newbit[64];
258
    int kb[9][8];
259
 
260
    /*  56 steps */
261
    /*  56 key bytes kk(56)..kk(1) by key schedule from CK */
262
 
263
    /*  kb(7,1) .. kb(7,8) = CK(1) .. CK(8) */
264
    kb[7][1] = CK[0];
265
    kb[7][2] = CK[1];
266
    kb[7][3] = CK[2];
267
    kb[7][4] = CK[3];
268
    kb[7][5] = CK[4];
269
    kb[7][6] = CK[5];
270
    kb[7][7] = CK[6];
271
    kb[7][8] = CK[7];
272
 
273
    /*  calculate kb[6] .. kb[1] */
274
    for(i=0; i<7; i++) {
275
        /*  64 bit perm on kb */
276
        for(j=0; j<8; j++) {
277
            for(k=0; k<8; k++) {
278
                bit[j*8+k] = (kb[7-i][1+j] >> (7-k)) & 1;
279
                newbit[key_perm[j*8+k]-1] = bit[j*8+k];
280
            }
281
        }
282
        for(j=0; j<8; j++) {
283
            kb[6-i][1+j] = 0;
284
            for(k=0; k<8; k++) {
285
                kb[6-i][1+j] |= newbit[j*8+k] << (7-k);
286
            }
287
        }
288
    }
289
 
290
    /*  xor to give kk */
291
    for(i=0; i<7; i++) {
292
        for(j=0; j<8; j++) {
293
            kk[1+i*8+j] = kb[1+i][1+j] ^ i;
294
        }
295
    }
296
 
297
}
298
 
299
void block_decypher(int *kk, unsigned char *ib, unsigned char *bd) {
300
    int i;
301
    int sbox_in;
302
    int sbox_out;
303
    int perm_out;
304
    int R[9];
305
    int next_R8;
306
 
307
    R[1] = ib[0];
308
    R[2] = ib[1];
309
    R[3] = ib[2];
310
    R[4] = ib[3];
311
    R[5] = ib[4];
312
    R[6] = ib[5];
313
    R[7] = ib[6];
314
    R[8] = ib[7];
315
 
316
    /*  loop over kk[56]..kk[1] */
317
    for(i=56; i>0; i--) {
318
        sbox_in = kk[i] ^ R[7];
319
        sbox_out = block_sbox[sbox_in];
320
        perm_out = block_perm[sbox_out];
321
 
322
        next_R8 = R[7];
323
        R[7] = R[6] ^ perm_out;
324
        R[6] = R[5];
325
        R[5] = R[4] ^ R[8] ^ sbox_out;
326
        R[4] = R[3] ^ R[8] ^ sbox_out;
327
        R[3] = R[2] ^ R[8] ^ sbox_out;
328
        R[2] = R[1];
329
        R[1] = R[8] ^ sbox_out;
330
 
331
        R[8] = next_R8;
332
    }
333
 
334
    bd[0] = R[1];
335
    bd[1] = R[2];
336
    bd[2] = R[3];
337
    bd[3] = R[4];
338
    bd[4] = R[5];
339
    bd[5] = R[6];
340
    bd[6] = R[7];
341
    bd[7] = R[8];
342
 
343
}
344
 
345
void set_cws(unsigned char *cws, struct key *key) {
346
        memcpy(key->odd_ck,cws+8,8);
347
        memcpy(key->even_ck,cws,8);
348
        key_schedule(key->odd_ck,key->odd_kk);
349
        key_schedule(key->even_ck,key->even_kk);
350
}
351
 
352
void decrypt(struct key *key, unsigned char *encrypted, unsigned char *decrypted) {
353
    int i,j,offset=4,N;
354
    int *kk=key->even_kk;
355
    unsigned char *ck=key->even_ck;
356
    unsigned char stream[8];
357
    unsigned char ib[8];
358
    unsigned char block[8];
359
    int residue;
360
 
361
        ((unsigned long *) decrypted)[0]=((unsigned long *) encrypted)[0];
362
 
363
        if(decrypted[3]&0x40) {
364
                kk=key->odd_kk;
365
                ck=key->odd_ck;
366
        }
367
 
368
    decrypted[3] &= 0x3f;              /* remove scrambling bits */
369
 
370
    if ((decrypted[3] & 0x20) == 0x20)
371
      offset += (encrypted[4] +1);               /* skip adaption field */
372
 
373
    N = (188 - offset) / 8;
374
    residue = (188 - offset) % 8;
375
 
376
    /*  1st 8 bytes of initialisation */
377
    stream_cypher(1, ck, &encrypted[offset], ib);
378
 
379
    for(j=1; j<(N+1); j++) {
380
                block_decypher(kk, ib, block);
381
 
382
        if (j != N) {
383
            stream_cypher(0, ck, NULL, stream);
384
 
385
            /*  xor sb x stream */
386
            for(i=0; i<8; i++)
387
                ib[i] = encrypted[offset+8*j+i] ^ stream[i];
388
        }
389
        else {
390
            /*  last block - sb[N+1] = IV(initialisation vetor)(=0) */
391
            for(i=0; i<8; i++)  ib[i] = 0;
392
        }
393
 
394
        /*  xor ib x block */
395
        for(i=0; i<8; i++)
396
                 decrypted[offset+8*(j-1)+i] = ib[i] ^ block[i];
397
    } /* for(j=1; j<(N+1); j++) */
398
 
399
    if (residue) {
400
       stream_cypher(0, ck, NULL, stream);
401
       for (i=0;i<residue;i++)
402
        decrypted[188-residue+i] = encrypted[188-residue+i] ^ stream[i];
403
    }
404
 
405
}
406
 

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.