├── .gitignore
├── .travis.yml
├── CMakeLists.txt
├── LICENSE
├── README.md
├── boolfunc.c
├── boolfunc.h
├── convert_graph.c
├── convert_graph.h
├── des_s1_bit0.svg
├── gates.xsd
├── lut.c
├── lut.h
├── sboxes
├── crypto1_fa.txt
├── crypto1_fb.txt
├── crypto1_fc.txt
├── des_s1.txt
├── identity.txt
├── linear.txt
├── rijndael.txt
└── sodark.txt
├── sboxgates.c
├── sboxgates.h
├── state.c
└── state.h
/.gitignore:
--------------------------------------------------------------------------------
1 | build/
2 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: c
2 | dist: focal
3 | compiler:
4 | - gcc
5 |
6 | addons:
7 | apt:
8 | update: true
9 | packages:
10 | - graphviz
11 | - libmpich-dev
12 | - libxml2-dev
13 | - mpich
14 | - nvidia-cuda-toolkit
15 |
16 | before_install:
17 | - pip install --user cpp-coveralls
18 |
19 | before_script:
20 | - mkdir build
21 | - cd build
22 |
23 | script:
24 | - cmake -DENABLE_COVERAGE=ON ..
25 | - make
26 | - ./sboxgates --help
27 | - '! ./sboxgates'
28 | - '! ./sboxgates -a -123 ../sboxes/des_s1.txt'
29 | - '! ./sboxgates -a 65536 ../sboxes/des_s1.txt'
30 | - '! ./sboxgates -i 0 ../sboxes/des_s1.txt'
31 | - '! ./sboxgates -i -123 ../sboxes/des_s1.txt'
32 | - '! ./sboxgates -o -123 ../sboxes/des_s1.txt'
33 | - '! ./sboxgates -o 8 ../sboxes/des_s1.txt'
34 | - '! ./sboxgates -p -123 ../sboxes/des_s1.txt'
35 | - '! ./sboxgates -p 256 ../sboxes/des_s1.txt'
36 | - '! ./sboxgates -c -d test.xml'
37 | - '! ./sboxgates -l -s ../sboxes/des_s1.txt'
38 | - '! ./sboxgates nonexisting.txt'
39 | - '! ./sboxgates -o 7 ../sboxes/des_s1.txt'
40 | - mpirun -N 4 ./sboxgates -vv -i 3 -o 0 -s -n ../sboxes/des_s1.txt
41 | - mpirun -N 4 ./sboxgates -vv -i 3 -s -n ../sboxes/des_s1.txt -g 1*.xml
42 | - rm *.xml
43 | - mpirun -N 4 ./sboxgates -vv -a 10694 -i 3 -p 63 ../sboxes/des_s1.txt
44 | - ./sboxgates -d 4*.xml | dot -Tpng > /dev/null
45 | - ./sboxgates -c 4*.xml > test.c
46 | - $CC -c -Wall -Wpedantic -Werror test.c
47 | - rm *.xml *.c *.o
48 | - mpirun -N 10 ./sboxgates -vv -a 10694 -l -o 0 ../sboxes/des_s1.txt
49 | - ./sboxgates -d 1*.xml | dot -Tpng > /dev/null
50 | - ./sboxgates -c 1*.xml > test.cu
51 | - nvcc -c test.cu
52 |
53 | after_success:
54 | - cd ..
55 | - coveralls --gcov-options '\-lp' -E '.*CMake.*'
56 |
--------------------------------------------------------------------------------
/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | # CMakeLists.txt
2 | #
3 | # Copyright (c) 2019-2021 Marcus Dansarie
4 | #
5 | # This program is free software: you can redistribute it and/or modify
6 | # it under the terms of the GNU General Public License as published by
7 | # the Free Software Foundation, either version 3 of the License, or
8 | # (at your option) any later version.
9 | #
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | # GNU General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU General Public License
16 | # along with this program. If not, see .
17 |
18 | cmake_minimum_required (VERSION 3.9)
19 |
20 | project(SBOXGATES VERSION 1.0.0 LANGUAGES C)
21 |
22 | option(ENABLE_COVERAGE "Compile and link with gcov." OFF)
23 |
24 | find_package(MPI REQUIRED)
25 | find_package(LibXml2 REQUIRED)
26 |
27 | add_executable(sboxgates boolfunc.c convert_graph.c lut.c sboxgates.c state.c)
28 | include_directories(${LIBXML2_INCLUDE_DIR})
29 | target_include_directories(sboxgates PRIVATE ${MPI_C_INCLUDE_PATH})
30 | target_link_libraries(sboxgates ${MPI_C_LIBRARIES} ${MPI_C_LINK_FLAGS} ${LIBXML2_LIBRARIES})
31 |
32 | set(CMAKE_C_FLAGS "-march=native -Ofast -g -Wall -Wpedantic")
33 | if (ENABLE_COVERAGE AND CMAKE_C_COMPILER_ID STREQUAL "GNU")
34 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --coverage")
35 | endif (ENABLE_COVERAGE AND CMAKE_C_COMPILER_ID STREQUAL "GNU")
36 |
37 | include(CheckIPOSupported)
38 | check_ipo_supported(RESULT result)
39 | if(result)
40 | set_target_properties(sboxgates PROPERTIES INTERPROCEDURAL_OPTIMIZATION TRUE)
41 | endif()
42 |
43 | install(TARGETS sboxgates DESTINATION bin)
44 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 | {one line to give the program's name and a brief idea of what it does.}
635 | Copyright (C) {year} {name of author}
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | {project} Copyright (C) {year} {fullname}
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # sboxgates
2 | [](https://doi.org/10.21105/joss.02946)
3 | [](https://doi.org/10.5281/zenodo.891020)
4 | [](https://www.gnu.org/licenses/gpl-3.0)
5 | [](https://travis-ci.com/github/dansarie/sboxgates)
6 | [](https://coveralls.io/github/dansarie/sboxgates)
7 |
8 | Program for finding low gate count implementations of S-boxes. S-boxes are often the only nonlinear
9 | components in modern block ciphers. Thus, low gate count implementations can be useful for
10 | cryptanalysis and fast implementations in hardware or software.
11 |
12 | The algorithm used is described in [Kwan, Matthew: "Reducing the Gate Count of Bitslice DES."
13 | IACR Cryptology ePrint Archive 2000 (2000): 51](https://ia.cr/2000/051). Improvements from the
14 | GitHub project [SBOXDiscovery](https://github.com/tripcode/SBOXDiscovery) have been added. The
15 | program supports searching for gates using any subset of the 16 standard two-input boolean gates.
16 | Additionally, the program also supports 3-bit LUTs. The latter can be used to find efficient
17 | implementations for use on Nvidia GPUs that support the LOP3.LUT instruction, or on FPGAs.
18 |
19 | * [Dependencies](#dependencies)
20 | * [Build](#build)
21 | * [Test](#test)
22 | * [Run](#run)
23 | * [Command examples](#command-examples)
24 | * [Single output](#single-output)
25 | * [Multiple iterations](#multiple-iterations)
26 | * [Selecting gates](#selecting-gates)
27 | * [Metrics](#metrics)
28 | * [Permuting S-boxes](#permuting-s-boxes)
29 | * [Contributing](#contributing)
30 | * [Citing](#citing)
31 | * [License and Copyright](#license-and-copyright)
32 |
33 | #### Graph representation of output bit 0 of DES S1 generated with sboxgates and Graphviz
34 | 
35 |
36 | ## Dependencies
37 |
38 | * [CMake](https://github.com/Kitware/CMake) version 3.9 or later (for build)
39 | * [libxml2](https://github.com/GNOME/libxml2)
40 | * An MPI implementation such as [MPICH](https://github.com/pmodels/mpich) or
41 | [Open MPI](https://github.com/open-mpi/ompi)
42 | * [Graphviz](https://github.com/ellson/graphviz) (for generating visual representations)
43 |
44 | ## Build
45 |
46 | The following commands will build sboxgates on Debian-based Linux distributions, such as Ubuntu.
47 |
48 | ```
49 | sudo apt-get install cmake graphviz libmpich-dev libxml2-dev mpich
50 | mkdir build
51 | cd build
52 | cmake ..
53 | make
54 | ```
55 |
56 | ## Test
57 |
58 | Tests are run automatically by [Travis CI](https://travis-ci.com/dansarie/sboxgates) on each new
59 | commit. The tests are documented in the testing script [.travis.yml](.travis.yml). Code coverage
60 | reports are available from [Coveralls](https://coveralls.io/github/dansarie/sboxgates).
61 |
62 | ## Run
63 |
64 | This program uses MPI for parallelization and should generally be run with the mpirun utility.
65 | Graph generation without LUTs (i.e. without the `--lut` argument) is not parallelized and the
66 | program can safely be run without MPI in those cases. The number of processes to use for the
67 | parallelized operations can be selected using the `-n` flag to mpirun. `man mpirun` should provide
68 | documentation on the options available for controlling execution and parallelization
69 |
70 | The `--help` command line argument will display a brief list of command line options. The only
71 | required argument is the path of an S-box file. S-box files are text files that contain an S-box
72 | lookup table in hex format, with the values separated by whitespace. See
73 | [rijndael.txt](sboxes/rijndael.txt) for how the
74 | [AES S-box](https://en.wikipedia.org/wiki/Rijndael_S-box) is represented.
75 |
76 | Generated graphs are saved as XML files, using the schema specified in [gates.xsd](gates.xsd). They
77 | should be fairly easy to understand since each gate in the generated graph is represented by one
78 | tag. The output files are named according to the pattern A-B-C-D-E.xml where A is the
79 | number of output bits, B the number of gates, C the SAT metric (if applicable), D the output bit
80 | numbers in the order they were added to the graph, and E a simple hash of the particular graph.
81 |
82 | The program can convert the XML files to C or CUDA functions. This is enabled by the `-c`
83 | argument. Graphs that include at least one LUT are converted to CUDA functions and graphs without
84 | LUTs are converted to C functions. For visualization of the generated graphs, they can be converted
85 | to Graphviz DOT format with the `-d` argument.
86 |
87 | ### Command examples
88 |
89 | Generate a logic circuit representation of the Rijndael S-box:
90 | ```
91 | ./sboxgates ../sboxes/rijndael.txt
92 | ```
93 |
94 | Generate a LUT circuit for output bit 0 of the Rijndael S-box:
95 | ```
96 | mpirun ./sboxgates --lut --single-output 0 ../sboxes/rijndael.txt
97 | ```
98 |
99 | Generate a LUT circuit for output bit 0 of the Rijndael S-box using 8 processes for the
100 | parallelized search:
101 | ```
102 | mpirun -n 8 ./sboxgates --lut --single-output 0 ../sboxes/rijndael.txt
103 | ```
104 |
105 | Visualize a generated circuit with Graphviz:
106 | ```
107 | ./sboxgates -d 1-067-162-3-c32281db.xml | dot -Tpng > 1-067-162-3-c32281db.png
108 | ```
109 |
110 | Convert a generated circuit to C/CUDA:
111 | ```
112 | ./sboxgates -c 1-067-162-3-c32281db.xml > 1-067-162-3-c32281db.c
113 | ```
114 |
115 | ### Single output
116 |
117 | It is possible to generate graphs for just a single output bit of the S-box by using the
118 | `--single-output` argument followed by a bit number. The least significant output bit is bit 0. This
119 | can, for example, be used to generate separate functions for each single bit in an S-box to reduce
120 | register pressure in bitslicing implementations.
121 |
122 | Graphs can be built one output at a time by combining the `--single-output` with `--graph` to load
123 | a previously generated graph. This can be used to manually control the build order and to keep the
124 | total build time down.
125 |
126 | ### Multiple iterations
127 |
128 | The `--iterations` argument can be used to make the program do more than one search iteration for
129 | each output bit. This will often result in smaller output graphs being found, at the cost of much
130 | longer search time. It is most suitable for use together with `--single-output`.
131 |
132 | ### Selecting gates
133 |
134 | The `--available-gates` command line argument is used to specify the two-input gates gates that are
135 | available for the search. The argument value is a bitfield, where each bit represents one gate
136 | type. To specify the gates to be used, add up their values from the table below and pass the sum as
137 | the value of the `--available-gates` argument. If no such argument is specified, the default is
138 | 194, i.e. AND, OR, and XOR. The `--append-not` flag can also be used to increase the number of
139 | gates used for the search, by generating versions of the available gates with inverted outputs.
140 | This can both increase and decrease the size of generated graphs.
141 |
142 | When the `--verbose` flag is used, the program starts by printing out the 2- and 3-input gates that
143 | have been generated and will be used for the search. Generation with LUTs will always include all
144 | 3-input gates, regardless of the result of this generation.
145 |
146 | | Gate | Value |
147 | | ----------- | ----- |
148 | | FALSE | 1 |
149 | | AND | 2 |
150 | | A AND NOT B | 4 |
151 | | A | 8 |
152 | | NOT A AND B | 16 |
153 | | B | 32 |
154 | | XOR | 64 |
155 | | OR | 128 |
156 | | NOR | 256 |
157 | | XNOR | 512 |
158 | | NOT B | 1024 |
159 | | A OR NOT B | 2048 |
160 | | NOT A | 4096 |
161 | | NOT A OR B | 8192 |
162 | | NAND | 16384 |
163 | | TRUE | 32768 |
164 |
165 | ### Metrics
166 |
167 | The default metric used in the search is the number of gates in the generated graph. An alternative
168 | metric can be selected with the `--sat-metric` argument. Instead of minimizing the number of gates,
169 | it attempts to minimize the size of the
170 | [CNF](https://en.wikipedia.org/wiki/Conjunctive_normal_form) representation of the generated graph.
171 | It is meant to improve the performance when the graph is used with
172 | [SAT](https://en.wikipedia.org/wiki/Boolean_satisfiability_problem) solvers.
173 |
174 | ### Permuting S-boxes
175 |
176 | The `--permute` argument can be used to permute the S-box input by XORing it with a constant value,
177 | so that the S-box value for input value I becomes S(I ^ V), where V is the permutation value.
178 |
179 | ## Contributing
180 |
181 | Reports on bugs and other issues are welcome. Please don't hesitate to open a new
182 | [issue](https://github.com/dansarie/sboxgates/issues).
183 |
184 | Likewise, contrubutions to code or documentation in the form of
185 | [pull requests](https://github.com/dansarie/sboxgates/pulls) are welcomed.
186 |
187 | ## Citing
188 |
189 | If you use sboxgates in a report or scientific publication, please cite the corresponding article in the Journal of Open Source Software:
190 |
191 | Dansarie, M., (2021). sboxgates: A program for finding low gate count implementations of S-boxes. Journal of Open Source Software, 6(62), 2946, [https://doi.org/10.21105/joss.02946](https://doi.org/10.21105/joss.02946)
192 |
193 | ```
194 | @article{Dansarie2021,
195 | doi = {10.21105/joss.02946},
196 | url = {https://doi.org/10.21105/joss.02946},
197 | year = {2021},
198 | publisher = {The Open Journal},
199 | volume = {6},
200 | number = {62},
201 | pages = {2946},
202 | author = {Marcus Dansarie},
203 | title = {sboxgates: A program for finding low gate count implementations of S-boxes},
204 | journal = {Journal of Open Source Software}
205 | }
206 | ```
207 |
208 | ## License and Copyright
209 |
210 | Copyright 2017-2021 [Marcus Dansarie](https://github.com/dansarie).
211 |
212 | This project is licensed under the GNU General Public License – see the [LICENSE](LICENSE)
213 | file for details.
214 |
--------------------------------------------------------------------------------
/boolfunc.c:
--------------------------------------------------------------------------------
1 | /* boolfunc.c
2 |
3 | Copyright (c) 2020 Marcus Dansarie
4 |
5 | This program is free software: you can redistribute it and/or modify
6 | it under the terms of the GNU General Public License as published by
7 | the Free Software Foundation, either version 3 of the License, or
8 | (at your option) any later version.
9 |
10 | This program is distributed in the hope that it will be useful,
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | GNU General Public License for more details.
14 |
15 | You should have received a copy of the GNU General Public License
16 | along with this program. If not, see . */
17 |
18 | #include
19 | #include
20 | #include "boolfunc.h"
21 |
22 | uint8_t get_val(uint8_t fun, uint8_t bit) {
23 | assert(fun < 16);
24 | return (fun >> (3 - bit)) & 1;
25 | }
26 |
27 | static bool inarray(uint8_t fun, const boolfunc * array) {
28 | for (int i = 0; array[i].num_inputs != 0; i++) {
29 | if (array[i].fun == fun) {
30 | return true;
31 | }
32 | }
33 | return false;
34 | }
35 |
36 | int get_not_functions(const boolfunc * restrict input_funs, boolfunc * restrict output_funs) {
37 | assert(input_funs != NULL);
38 | assert(output_funs != NULL);
39 |
40 | output_funs[0].num_inputs = 0;
41 |
42 | int outp = 0;
43 | for (int i = 0; input_funs[i].num_inputs != 0; i++) {
44 | uint8_t cfun = ~input_funs[i].fun & 0xF;
45 | if (!inarray(cfun, input_funs) && !inarray(cfun, output_funs)) {
46 | output_funs[outp] = input_funs[i];
47 | output_funs[outp].fun = cfun;
48 | output_funs[outp].not_out = !output_funs[outp].not_out;
49 | outp += 1;
50 | output_funs[outp].num_inputs = 0;
51 | }
52 | }
53 | return outp;
54 | }
55 |
56 | boolfunc create_2_input_fun(uint8_t fun) {
57 | assert(fun < 16);
58 | boolfunc ret;
59 | ret.num_inputs = 2;
60 | ret.fun = fun;
61 | ret.fun1 = fun;
62 | ret.fun2 = NO_GATE;
63 | ret.not_a = false;
64 | ret.not_b = false;
65 | ret.not_c = false;
66 | ret.not_out = false;
67 | ret.ab_commutative = ~(fun >> 1 ^ fun >> 2) & 1;
68 | ret.ac_commutative = false;
69 | ret.bc_commutative = false;
70 | return ret;
71 | }
72 |
73 | int get_3_input_function_list(const boolfunc * restrict input_funs,
74 | boolfunc * restrict output_funs, bool try_nots) {
75 | assert(input_funs != NULL);
76 | assert(output_funs != NULL);
77 | boolfunc funs[256];
78 | memset(funs, 0xff, sizeof(boolfunc) * 256);
79 |
80 |
81 | uint8_t nots[] = {0, 1, 2, 4, 3, 5, 6, 7};
82 | /* Iterate over all combinations of two two-input boolean functions. */
83 | for (int notsp = 0; notsp < (try_nots ? 8 : 1); notsp++) {
84 | for (int i = 0; input_funs[i].num_inputs != 0; i++) {
85 | for (int k = 0; input_funs[k].num_inputs != 0; k++) {
86 | assert(input_funs[k].num_inputs == 2);
87 | assert(input_funs[k].fun == input_funs[k].fun1);
88 | assert(input_funs[k].fun < 16);
89 | uint8_t fun = 0;
90 | /* Compute truth table. */
91 | for (uint8_t val = 0; val < 8; val++) {
92 | uint8_t ab = ((7 - val) ^ nots[notsp]) >> 1;
93 | uint8_t c = ((7 - val) ^ nots[notsp]) & 1;
94 | fun <<= 1;
95 | fun |= get_val(input_funs[k].fun, get_val(input_funs[i].fun, ab) << 1 | c);
96 | }
97 | if (funs[fun].fun >= 16) { /* If function isn't already set. */
98 | funs[fun].num_inputs = 3;
99 | funs[fun].fun = fun;
100 | funs[fun].fun1 = input_funs[i].fun;
101 | funs[fun].fun2 = input_funs[k].fun;
102 | funs[fun].not_a = (nots[notsp] & 4) != 0;
103 | funs[fun].not_b = (nots[notsp] & 2) != 0;
104 | funs[fun].not_c = (nots[notsp] & 1) != 0;
105 | funs[fun].not_out = false;
106 | funs[fun].ab_commutative = ~(fun >> 2 ^ fun >> 4) & ~(fun >> 3 ^ fun >> 5) & 1;
107 | funs[fun].ac_commutative = ~(fun >> 1 ^ fun >> 4) & ~(fun >> 3 ^ fun >> 6) & 1;
108 | funs[fun].bc_commutative = ~(fun >> 1 ^ fun >> 2) & ~(fun >> 5 ^ fun >> 6) & 1;
109 | }
110 | }
111 | }
112 | }
113 |
114 | /* Attempt to create new functions by appending a NOT gate to the output of those already
115 | discovered. */
116 | if (try_nots) {
117 | for (int i = 0; i < 256; i++) {
118 | int nfun = ~i & 0xff;
119 | if (funs[i].fun1 < 16 && funs[nfun].fun1 >= 16) {
120 | funs[nfun] = funs[i];
121 | funs[nfun].fun = ~funs[nfun].fun;
122 | funs[nfun].not_out = true;
123 | }
124 | }
125 | }
126 |
127 | int outp = 0;
128 | for (int i = 0; i < 256; i++) {
129 | if (funs[i].fun1 < 16) {
130 | output_funs[outp++] = funs[i];
131 | }
132 | }
133 | return outp;
134 | }
135 |
136 | ttable generate_ttable_2(const gate_type gate, const ttable in1, const ttable in2) {
137 | ttable zero = {0};
138 | switch (gate) {
139 | case FALSE_GATE: return zero;
140 | case AND: return in1 & in2;
141 | case A_AND_NOT_B: return in1 & ~in2;
142 | case A: return in1;
143 | case NOT_A_AND_B: return ~in1 & in2;
144 | case B: return in2;
145 | case XOR: return in1 ^ in2;
146 | case OR: return in1 | in2;
147 | case NOR: return ~(in1 | in2);
148 | case XNOR: return (in1 & in2) | (~in1 & ~in2);
149 | case NOT_B: return ~in2;
150 | case A_OR_NOT_B: return in1 | ~in2;
151 | case NOT_A: return ~in1;
152 | case NOT_A_OR_B: return ~in1 | in2;
153 | case NAND: return ~(in1 & in2);
154 | case TRUE_GATE: return ~zero;
155 | default: assert(0);
156 | }
157 | }
158 |
159 | ttable generate_ttable_3(boolfunc fun, const ttable in1, const ttable in2, const ttable in3) {
160 | ttable ret = {0};
161 | if (fun.fun & 1) {
162 | ret |= ~in1 & ~in2 & ~in3;
163 | }
164 | if (fun.fun & 2) {
165 | ret |= ~in1 & ~in2 & in3;
166 | }
167 | if (fun.fun & 4) {
168 | ret |= ~in1 & in2 & ~in3;
169 | }
170 | if (fun.fun & 8) {
171 | ret |= ~in1 & in2 & in3;
172 | }
173 | if (fun.fun & 16) {
174 | ret |= in1 & ~in2 & ~in3;
175 | }
176 | if (fun.fun & 32) {
177 | ret |= in1 & ~in2 & in3;
178 | }
179 | if (fun.fun & 64) {
180 | ret |= in1 & in2 & ~in3;
181 | }
182 | if (fun.fun & 128) {
183 | ret |= in1 & in2 & in3;
184 | }
185 | return ret;
186 | }
187 |
--------------------------------------------------------------------------------
/boolfunc.h:
--------------------------------------------------------------------------------
1 | /* boolfunc.h
2 |
3 | Copyright (c) 2020 Marcus Dansarie
4 |
5 | This program is free software: you can redistribute it and/or modify
6 | it under the terms of the GNU General Public License as published by
7 | the Free Software Foundation, either version 3 of the License, or
8 | (at your option) any later version.
9 |
10 | This program is distributed in the hope that it will be useful,
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | GNU General Public License for more details.
14 |
15 | You should have received a copy of the GNU General Public License
16 | along with this program. If not, see . */
17 |
18 | #ifndef __BOOLFUNC_H__
19 | #define __BOOLFUNC_H__
20 |
21 | #include
22 | #include
23 | #include "state.h"
24 |
25 | /* Three-input boolean functions f(A, B, C) are created from two-input boolean functions as:
26 | fun(A, B, C) = fun2(fun1(A, B), C). */
27 |
28 | typedef struct {
29 | int num_inputs;
30 | uint8_t fun; /* Three-input boolean function. fun2(fun1(0xF0, 0xCC), 0xAA) */
31 | gate_type fun1; /* Two-input boolean function 1. */
32 | gate_type fun2; /* Two-input boolean function 2. */
33 | bool not_a; /* True if NOT gate is appended to input A. */
34 | bool not_b; /* True if NOT gate is appended to input B. */
35 | bool not_c; /* True if NOT gate is appended to input C. */
36 | bool not_out; /* True if NOT gate is appended to output. */
37 | bool ab_commutative; /* True if the function is commutative with respect to inputs A and B. */
38 | bool ac_commutative; /* True if the function is commutative with respect to inputs A and C. */
39 | bool bc_commutative; /* True if the function is commutative with respect to inputs B and C. */
40 | } boolfunc;
41 |
42 | /* Returns the value of the two-input boolean function fun for inputs bit = A << 1 | B. */
43 | uint8_t get_val(uint8_t fun, uint8_t bit);
44 |
45 | /* Returns a boolfunc struct representing the two-input boolean function fun. */
46 | boolfunc create_2_input_fun(uint8_t fun);
47 |
48 | /* Generates a list of new functions by appending a NOT gate to one or the inputs or the output of
49 | the functions in input_funs.
50 | input_funs - array of input functions, terminated with END.
51 | output_funs - output_array. Will contain num_inputs members at most on return. */
52 | int get_not_functions(const boolfunc * restrict input_funs,
53 | boolfunc * restrict output_funs);
54 |
55 | /* Generates a list of unique three-input boolean functions from a list of available two-input
56 | boolean functions. Returns the number of functions in output_fun.
57 | input_funs - array of input functions, terminated with END.
58 | output_funs - output array. Will contain num_inputs^2 members at most on return.
59 | try_nots - set to true to append NOT gates in order to find more 3-input functions. */
60 | int get_3_input_function_list(const boolfunc * restrict input_funs,
61 | boolfunc * restrict output_funs, bool try_nots);
62 |
63 | /* Generates the truth table for a two-input gate.
64 | fun - the gate function.
65 | in1 - input truth table 1.
66 | in2 - input truth table 2. */
67 | ttable generate_ttable_2(const gate_type gate, const ttable in1, const ttable in2);
68 |
69 | /* Generates the truth table for a three-input gate.
70 | fun - the gate function.
71 | in1 - input truth table 1.
72 | in2 - input truth table 2.
73 | in3 - input truth table 3. */
74 | ttable generate_ttable_3(boolfunc fun, const ttable in1, const ttable in2, const ttable in3);
75 |
76 | #endif /* __BOOLFUNC_H__ */
77 |
--------------------------------------------------------------------------------
/convert_graph.c:
--------------------------------------------------------------------------------
1 | /* convert_graph.c
2 |
3 | Helper functions for converting generated graphs to C/CUDA code or Graphviz dot format for
4 | visualization.
5 |
6 | Copyright (c) 2016-2017, 2019-2021 Marcus Dansarie
7 |
8 | This program is free software: you can redistribute it and/or modify
9 | it under the terms of the GNU General Public License as published by
10 | the Free Software Foundation, either version 3 of the License, or
11 | (at your option) any later version.
12 |
13 | This program is distributed in the hope that it will be useful,
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | GNU General Public License for more details.
17 |
18 | You should have received a copy of the GNU General Public License
19 | along with this program. If not, see . */
20 |
21 | #include
22 | #include
23 | #include
24 | #include
25 | #include "convert_graph.h"
26 | #include "sboxgates.h"
27 |
28 | void print_ttable(ttable tbl) {
29 | uint64_t vec[4];
30 | memcpy((ttable*)vec, &tbl, sizeof(ttable));
31 | uint64_t *var = &vec[0];
32 | for (uint16_t i = 0; i < 256; i++) {
33 | if (i == 64) {
34 | var = &vec[1];
35 | } else if (i == 128) {
36 | var = &vec[2];
37 | } else if (i == 192) {
38 | var = &vec[3];
39 | }
40 | if (i != 0 && i % 16 == 0) {
41 | printf("\n");
42 | }
43 | printf("%" PRIu64, (*var >> (i % 64)) & 1);
44 | }
45 | printf("\n");
46 | }
47 |
48 | void print_digraph(const state *st) {
49 | printf("digraph sbox {\n");
50 | assert(st->num_gates < MAX_GATES);
51 | for (int gt = 0; gt < st->num_gates; gt++) {
52 | char gatename[20];
53 | assert(st->gates[gt].type <= LUT);
54 | if (st->gates[gt].type == IN) {
55 | sprintf(gatename, "IN %d", gt);
56 | } else if (st->gates[gt].type == LUT) {
57 | sprintf(gatename, "0x%02x", st->gates[gt].function);
58 | } else {
59 | strcpy(gatename, gate_name[st->gates[gt].type]);
60 | for (int i = 0; gatename[i] != '\0'; i++) {
61 | if (gatename[i] == '_') {
62 | gatename[i] = ' ';
63 | }
64 | }
65 | }
66 | printf(" gt%d [label=\"%s\"];\n", gt, gatename);
67 | }
68 | for (int gt = get_num_inputs(st); gt < st->num_gates; gt++) {
69 | if (st->gates[gt].in1 != NO_GATE) {
70 | printf(" gt%" PRIgatenum " -> gt%d;\n", st->gates[gt].in1, gt);
71 | }
72 | if (st->gates[gt].in2 != NO_GATE) {
73 | printf(" gt%" PRIgatenum " -> gt%d;\n", st->gates[gt].in2, gt);
74 | }
75 | if (st->gates[gt].in3 != NO_GATE) {
76 | printf(" gt%" PRIgatenum " -> gt%d;\n", st->gates[gt].in3, gt);
77 | }
78 | }
79 | for (uint8_t i = 0; i < 8; i++) {
80 | if (st->outputs[i] != NO_GATE) {
81 | printf(" gt%" PRIgatenum " -> out%" PRIu8 ";\n", st->outputs[i], i);
82 | }
83 | }
84 | printf("}\n");
85 | }
86 |
87 | /* Called by print_c_function to get variable names. Returns true if the variable should be
88 | declared.
89 | st - pointer to state.
90 | gate - gate to generate variable name for.
91 | buf - output buffer.
92 | ptr_out - true if output variables are pointers (i.e. there is more than one). */
93 | static bool get_c_variable_name(const state * restrict st, const gatenum gate, char * restrict buf,
94 | bool ptr_out) {
95 | if (gate < get_num_inputs(st)) {
96 | sprintf(buf, "in.b%" PRIgatenum, gate);
97 | return false;
98 | }
99 | for (uint8_t i = 0; i < get_num_inputs(st); i++) {
100 | if (st->outputs[i] == gate) {
101 | sprintf(buf, "%sout%d", ptr_out ? "*" : "", i);
102 | return false;
103 | }
104 | }
105 | sprintf(buf, "var%" PRIgatenum, gate);
106 | return true;
107 | }
108 |
109 | bool print_c_function(const state *st) {
110 | /* Generate CUDA code if LUT gates are present. */
111 | bool cuda = false;
112 | for (int gate = get_num_inputs(st); gate < st->num_gates; gate++) {
113 | if (st->gates[gate].type == LUT) {
114 | cuda = true;
115 | break;
116 | }
117 | }
118 |
119 | int num_outputs = 0;
120 | int outp_num = 0;
121 | for (int outp = 0; outp < get_num_inputs(st); outp++) {
122 | if (st->outputs[outp] != NO_GATE) {
123 | num_outputs += 1;
124 | outp_num = outp;
125 | }
126 | }
127 | if (num_outputs <= 0) {
128 | fprintf(stderr, "Error: no output gates in circuit. (convert_graph.c:%d)\n", __LINE__);
129 | return false;
130 | }
131 | bool ptr_ret = num_outputs > 1;
132 |
133 | /* Generate type definitions. */
134 | const char TYPE[] = "bit_t";
135 | if (cuda) {
136 | printf("#define LUT(a,b,c,d,e) asm(\"lop3.b32 %%0, %%1, %%2, %%3, \"#e\";\" : "
137 | "\"=r\"(a): \"r\"(b), \"r\"(c), \"r\"(d));\n");
138 | printf("typedef int %s;\n", TYPE);
139 | } else {
140 | printf("typedef unsigned long long int %s;\n", TYPE);
141 | }
142 | printf("typedef struct {\n");
143 | for (int i = 0; i < get_num_inputs(st); i++) {
144 | printf(" %s b%d;\n", TYPE, i);
145 | }
146 | printf("} bits;\n");
147 |
148 | /* Output start of S-box function. */
149 | if (cuda) {
150 | if (num_outputs > 1) {
151 | printf("__device__ __forceinline__ void s(bits in");
152 | for (int outp = 0; outp < 8; outp++) {
153 | if (st->outputs[outp] != NO_GATE) {
154 | printf(", %s *out%d", TYPE, outp);
155 | }
156 | }
157 | printf(") {\n");
158 | } else {
159 | printf("__device__ __forceinline__ %s s%d(bits in) {\n", TYPE, outp_num);
160 | }
161 | } else {
162 | if (num_outputs > 1) {
163 | printf("void s(bits in");
164 | for (int outp = 0; outp < get_num_inputs(st); outp++) {
165 | if (st->outputs[outp] != NO_GATE) {
166 | printf(", %s *out%d", TYPE, outp);
167 | }
168 | }
169 | printf(") {\n");
170 | } else {
171 | printf("%s s%d(bits in) {\n", TYPE, outp_num);
172 | }
173 | }
174 |
175 | /* Output graph code. */
176 | char start[10];
177 | char var_in1[10];
178 | char var_in2[10];
179 | char var_in3[10];
180 | char var_out[10];
181 | for (int gate = get_num_inputs(st); gate < st->num_gates; gate++) {
182 | if (st->gates[gate].in1 != NO_GATE) {
183 | get_c_variable_name(st, st->gates[gate].in1, var_in1, ptr_ret);
184 | }
185 | if (st->gates[gate].in2 != NO_GATE) {
186 | get_c_variable_name(st, st->gates[gate].in2, var_in2, ptr_ret);
187 | }
188 | if (st->gates[gate].in3 != NO_GATE) {
189 | get_c_variable_name(st, st->gates[gate].in3, var_in3, ptr_ret);
190 | }
191 | bool decl = get_c_variable_name(st, gate, var_out, ptr_ret);
192 | if (decl || var_out[0] != '*') {
193 | sprintf(start, " %s ", TYPE);
194 | } else {
195 | strcpy(start, " ");
196 | }
197 |
198 | switch (st->gates[gate].type) {
199 | case FALSE_GATE: printf("%s%s = 0;\n", start, var_out); break;
200 | case AND: printf("%s%s = %s & %s;\n", start, var_out, var_in1, var_in2); break;
201 | case A_AND_NOT_B: printf("%s%s = %s & ~%s;\n", start, var_out, var_in1, var_in2); break;
202 | case A: printf("%s%s = %s;\n", start, var_out, var_in1); break;
203 | case NOT_A_AND_B: printf("%s%s = ~%s & %s;\n", start, var_out, var_in1, var_in2); break;
204 | case B: printf("%s%s = %s;\n", start, var_out, var_in2); break;
205 | case XOR: printf("%s%s = %s ^ %s;\n", start, var_out, var_in1, var_in2); break;
206 | case OR: printf("%s%s = %s | %s;\n", start, var_out, var_in1, var_in2); break;
207 | case NOR: printf("%s%s = ~(%s | %s);\n", start, var_out, var_in1, var_in2); break;
208 | case XNOR: printf("%s%s = (%s & %s) | (~%s & ~%s);\n", start, var_out, var_in1,
209 | var_in2, var_in1, var_in2); break;
210 | case NOT_B: printf("%s%s = ~%s;\n", start, var_out, var_in2); break;
211 | case A_OR_NOT_B: printf("%s%s = %s | ~%s;\n", start, var_out, var_in1, var_in2); break;
212 | case NOT_A: printf("%s%s = ~%s;\n", start, var_out, var_in1); break;
213 | case NOT_A_OR_B: printf("%s%s = ~%s | %s;\n", start, var_out, var_in1, var_in2); break;
214 | case NAND: printf("%s%s = ~(%s & %s);\n", start, var_out, var_in1, var_in2); break;
215 | case TRUE_GATE: printf("%s%s = ~0;\n", start, var_out); break;
216 | case NOT: printf("%s%s = ~%s;\n", start, var_out, var_in1); break;
217 | case LUT: printf(" %s %s; LUT(%s, %s, %s, %s, 0x%02x);\n", TYPE, var_out, var_out,
218 | var_in1, var_in2, var_in3, st->gates[gate].function); break;
219 | default: assert(0);
220 | }
221 |
222 | if (!decl && num_outputs == 1) {
223 | get_c_variable_name(st, gate, var_out, ptr_ret);
224 | printf(" return %s;\n", var_out);
225 | }
226 | }
227 | printf("}\n");
228 | return true;
229 | }
230 |
--------------------------------------------------------------------------------
/convert_graph.h:
--------------------------------------------------------------------------------
1 | /* convert_graph.h
2 |
3 | Header file for graph conversion functions.
4 |
5 | Copyright (c) 2019-2021 Marcus Dansarie
6 |
7 | This program is free software: you can redistribute it and/or modify
8 | it under the terms of the GNU General Public License as published by
9 | the Free Software Foundation, either version 3 of the License, or
10 | (at your option) any later version.
11 |
12 | This program is distributed in the hope that it will be useful,
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | GNU General Public License for more details.
16 |
17 | You should have received a copy of the GNU General Public License
18 | along with this program. If not, see . */
19 |
20 | #ifndef __CONVERT_GRAPH_H__
21 | #define __CONVERT_GRAPH_H__
22 |
23 | #include "state.h"
24 |
25 | /* Prints a truth table to the console. Used for debugging.
26 | tbl - the truth table to print. */
27 | void print_ttable(ttable tbl);
28 |
29 | /* Prints a gate network to stdout in Graphviz dot format.
30 | st - pointer to the state to be printed. */
31 | void print_digraph(const state *st);
32 |
33 | /* Converts a gate network to a C or CUDA function and prints it to stdout. If the state contains
34 | at least one LUT gate it will be converted to a CUDA function. Otherwise, it will be converted to
35 | a C function.
36 | st - pointer to the state to be converted to a function. */
37 | bool print_c_function(const state *st);
38 |
39 | #endif /* __CONVERT_GRAPH_H__ */
40 |
--------------------------------------------------------------------------------
/des_s1_bit0.svg:
--------------------------------------------------------------------------------
1 |
2 |
4 |
6 |
7 |
404 |
--------------------------------------------------------------------------------
/gates.xsd:
--------------------------------------------------------------------------------
1 |
2 |
3 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
--------------------------------------------------------------------------------
/lut.c:
--------------------------------------------------------------------------------
1 | /* lut.c
2 |
3 | Functions for handling and search for LUTs.
4 |
5 | Copyright (c) 2016-2017, 2019-2020 Marcus Dansarie
6 |
7 | This program is free software: you can redistribute it and/or modify
8 | it under the terms of the GNU General Public License as published by
9 | the Free Software Foundation, either version 3 of the License, or
10 | (at your option) any later version.
11 |
12 | This program is distributed in the hope that it will be useful,
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | GNU General Public License for more details.
16 |
17 | You should have received a copy of the GNU General Public License
18 | along with this program. If not, see . */
19 |
20 | #include
21 | #include
22 | #include
23 | #include
24 | #include
25 | #include "lut.h"
26 |
27 | static void get_nth_combination(int64_t n, int num_gates, int t, gatenum first, gatenum *ret);
28 | static bool get_search_result(uint16_t *ret, int *quit_msg, MPI_Request *recv_req,
29 | MPI_Request *send_req);
30 | static inline int64_t n_choose_k(int n, int k);
31 | static inline void next_combination(gatenum *combination, int t, int max);
32 |
33 | /* Called by check_n_lut_possible. */
34 | static bool check_n_lut_possible_recurse(const int num, const ttable target, const ttable mask,
35 | const ttable *tables, ttable *match, ttable tt) {
36 |
37 | if (num == 0) {
38 | if (ttable_equals_mask(target & tt, tt, mask)) {
39 | *match |= tt;
40 | } else if (!ttable_zero(target & tt & mask)) {
41 | return false;
42 | }
43 | return true;
44 | }
45 |
46 | if (!check_n_lut_possible_recurse(num - 1, target, mask, tables + 1, match, tt & ~tables[0])) {
47 | return false;
48 | }
49 | if (!check_n_lut_possible_recurse(num - 1, target, mask, tables + 1, match, tt & tables[0])) {
50 | return false;
51 | }
52 |
53 | return true;
54 | }
55 |
56 | /* Returns true if it is possible to create a num input Boolean function with the specified input
57 | truth tables that satisfies the target truth table, under the specified mask.*/
58 | bool check_n_lut_possible(const int num, const ttable target, const ttable mask,
59 | const ttable *tables) {
60 | ttable match = {0};
61 | ttable tt = ~match;
62 | if (!check_n_lut_possible_recurse(num, target, mask, tables, &match, tt)) {
63 | return false;
64 | }
65 | return ttable_equals_mask(target, match, mask);
66 | }
67 |
68 | /* Generates all possible truth tables for a LUT with the given three input truth tables. Used for
69 | caching in the search functions. */
70 | void generate_lut_ttables(const ttable in1, const ttable in2, const ttable in3, ttable *out) {
71 | for (int func = 0; func < 256; func++) {
72 | out[func] = generate_lut_ttable(func, in1, in2, in3);
73 | }
74 | }
75 |
76 | /* Returns a LUT function func with the three input truth tables with an output truth table matching
77 | target in the positions where mask is set. Returns true on success and false if no function that
78 | can satisfy the target truth table exists. */
79 | bool get_lut_function(ttable in1, ttable in2, ttable in3, ttable target, ttable mask,
80 | const bool randomize, uint8_t *func) {
81 | *func = 0;
82 | uint64_t funcset = 0; /* Keeps track of which function bits have been set. */
83 |
84 | while (!ttable_zero(mask)) {
85 | for (int v = 0; v < sizeof(ttable) / sizeof(uint64_t); v++) {
86 | if (mask[v] & 1) {
87 | uint64_t temp = ((in1[v] & 1) << 2) | ((in2[v] & 1) << 1) | (in3[v] & 1);
88 | if ((funcset & (1 << temp)) == 0) {
89 | *func |= (target[v] & 1) << temp;
90 | funcset |= 1 << temp;
91 | } else if ((*func & (1 << temp)) != ((target[v] & 1) << temp)) {
92 | return false;
93 | }
94 | }
95 | }
96 | target >>= 1;
97 | mask >>= 1;
98 | in1 >>= 1;
99 | in2 >>= 1;
100 | in3 >>= 1;
101 | }
102 |
103 | /* Randomize don't-cares in table. */
104 | if (randomize && funcset != 0xff) {
105 | *func |= ~funcset & (uint8_t)xorshift1024();
106 | }
107 |
108 | return true;
109 | }
110 |
111 | /* Search for a combination of five outputs in the graph that can be connected with a 5-input LUT
112 | to create an output truth table that matches target in the positions where mask is set. Returns
113 | true on success. In that case the result is returned in the 7 position array ret: ret[0]
114 | contains the outer LUT function, ret[1] the inner LUT function, and ret[2] - ret[6] the five
115 | input gate numbers. */
116 | bool search_5lut(const state st, const ttable target, const ttable mask, const int8_t *inbits,
117 | uint16_t *ret, int verbosity) {
118 | assert(ret != NULL);
119 | assert(st.num_gates >= 5);
120 |
121 | int rank, size;
122 | MPI_Comm_rank(MPI_COMM_WORLD, &rank);
123 | MPI_Comm_size(MPI_COMM_WORLD, &size);
124 |
125 | uint8_t func_order[256];
126 | for (int i = 0; i < 256; i++) {
127 | func_order[i] = i;
128 | }
129 | /* Fisher-Yates shuffle. */
130 | for (int i = 0; i < 256; i++) {
131 | uint64_t j = xorshift1024() % (i + 1);
132 | uint8_t t = func_order[i];
133 | func_order[i] = func_order[j];
134 | func_order[j] = t;
135 | }
136 |
137 | /* Determine this rank's work. */
138 | uint64_t search_space_size = n_choose_k(st.num_gates, 5);
139 | uint64_t worker_space_size = search_space_size / size;
140 | uint64_t remainder = search_space_size - worker_space_size * size;
141 | uint64_t start_n;
142 | uint64_t stop_n;
143 | if (rank < remainder) {
144 | start_n = (worker_space_size + 1) * rank;
145 | stop_n = start_n + worker_space_size + 1;
146 | } else {
147 | start_n = (worker_space_size + 1) * remainder + worker_space_size * (rank - remainder);
148 | stop_n = start_n + worker_space_size;
149 | }
150 |
151 | MPI_Request recv_req = MPI_REQUEST_NULL;
152 | MPI_Request send_req = MPI_REQUEST_NULL;
153 | int quit_msg = -1;
154 |
155 | if (rank == 0) {
156 | MPI_Irecv(&quit_msg, 1, MPI_INT, MPI_ANY_SOURCE, 1, MPI_COMM_WORLD, &recv_req);
157 | } else {
158 | MPI_Irecv(&quit_msg, 1, MPI_INT, 0, 2, MPI_COMM_WORLD, &recv_req);
159 | }
160 |
161 | if (start_n >= n_choose_k(st.num_gates, 5)) {
162 | return get_search_result(ret, &quit_msg, &recv_req, &send_req);
163 | }
164 |
165 | gatenum nums[5] = {NO_GATE, NO_GATE, NO_GATE, NO_GATE, NO_GATE};
166 | get_nth_combination(start_n, st.num_gates, 5, 0, nums);
167 |
168 | ttable tt[5] = {st.gates[nums[0]].table, st.gates[nums[1]].table, st.gates[nums[2]].table,
169 | st.gates[nums[3]].table, st.gates[nums[4]].table};
170 |
171 | memset(ret, 0, sizeof(uint16_t) * 10);
172 |
173 | bool quit = false;
174 | for (uint64_t i = start_n; !quit && i < stop_n; i++) {
175 | /* Reject input gate combinations that contain a bit that the algorithm has already used as a
176 | multiplexer input in step 5 of the algorithm. */
177 | bool rejected = false;
178 | for (int k = 0; !rejected && inbits[k] != -1; k++) {
179 | for (int m = 0; m < 5; m++) {
180 | if (nums[m] == inbits[k]) {
181 | rejected = true;
182 | break;
183 | }
184 | }
185 | }
186 |
187 | if (!rejected && check_n_lut_possible(5, target, mask, tt)) {
188 | /* Try all 10 ways to build a 5LUT from two 3LUTs. */
189 | gatenum order[5] = {0, 1, 2, 3, 4};
190 | for (int k = 0; k < 10; k++) {
191 | for (uint16_t fo = 0; !quit && fo < 256; fo++) {
192 | uint8_t func_outer = func_order[fo];
193 | ttable t_outer = generate_lut_ttable(func_outer, tt[order[0]], tt[order[1]],
194 | tt[order[2]]);
195 | uint8_t func_inner;
196 | if (!get_lut_function(t_outer, tt[order[3]], tt[order[4]], target, mask, true,
197 | &func_inner)) {
198 | continue;
199 | }
200 | ttable t_inner = generate_lut_ttable(func_inner, t_outer, tt[order[3]], tt[order[4]]);
201 | assert(ttable_equals_mask(target, t_inner, mask));
202 | ret[0] = func_outer;
203 | ret[1] = func_inner;
204 | ret[2] = nums[order[0]];
205 | ret[3] = nums[order[1]];
206 | ret[4] = nums[order[2]];
207 | ret[5] = nums[order[3]];
208 | ret[6] = nums[order[4]];
209 | ret[7] = 0;
210 | ret[8] = 0;
211 | ret[9] = 0;
212 | assert(send_req == MPI_REQUEST_NULL);
213 | if (rank == 0) {
214 | quit_msg = 0;
215 | } else {
216 | MPI_Isend(&rank, 1, MPI_INT, 0, 1, MPI_COMM_WORLD, &send_req);
217 | }
218 | quit = true;
219 | if (verbosity >= 1) {
220 | printf("[% 4d] Found 5LUT: %02x %02x %3d %3d %3d %3d %3d\n", rank, ret[0],
221 | ret[1], ret[2], ret[3], ret[4], ret[5], ret[6]);
222 | }
223 | }
224 | next_combination(order, 3, 5); /* Next combination of three gates. */
225 | /* Work out the other two gates. */
226 | unsigned int xx = ~((1 << order[0]) | (1 << order[1]) | (1 << order[2]));
227 | order[3] = __builtin_ffs(xx) - 1;
228 | xx ^= 1 << order[3];
229 | order[4] = __builtin_ffs(xx) - 1;
230 | }
231 | }
232 |
233 | if (!quit) {
234 | int flag;
235 | MPI_Test(&recv_req, &flag, MPI_STATUS_IGNORE);
236 | if (flag) {
237 | break;
238 | }
239 | next_combination(nums, 5, st.num_gates);
240 | tt[0] = st.gates[nums[0]].table;
241 | tt[1] = st.gates[nums[1]].table;
242 | tt[2] = st.gates[nums[2]].table;
243 | tt[3] = st.gates[nums[3]].table;
244 | tt[4] = st.gates[nums[4]].table;
245 | }
246 | }
247 |
248 | return get_search_result(ret, &quit_msg, &recv_req, &send_req);
249 | }
250 |
251 | /* Search for a combination of seven outputs in the graph that can be connected with a 7-input LUT
252 | to create an output truth table that matches target in the positions where mask is set. Returns
253 | true on success. In that case the result is returned in the 10 position array ret: ret[0]
254 | contains the outer LUT function, ret[1] the middle LUT function, ret[2] the inner LUT function,
255 | and ret[3] - ret[9] the seven input gate numbers. */
256 | bool search_7lut(const state st, const ttable target, const ttable mask, const int8_t *inbits,
257 | uint16_t *ret, int verbosity) {
258 | assert(ret != NULL);
259 | assert(st.num_gates >= 7);
260 |
261 | int rank, size;
262 | MPI_Comm_rank(MPI_COMM_WORLD, &rank);
263 | MPI_Comm_size(MPI_COMM_WORLD, &size);
264 |
265 | /* Determine this rank's work. */
266 | uint64_t search_space_size = n_choose_k(st.num_gates, 7);
267 | uint64_t worker_space_size = search_space_size / size;
268 | uint64_t remainder = search_space_size - worker_space_size * size;
269 | uint64_t start;
270 | uint64_t stop;
271 | if (rank < remainder) {
272 | start = (worker_space_size + 1) * rank;
273 | stop = start + worker_space_size + 1;
274 | } else {
275 | start = (worker_space_size + 1) * remainder + worker_space_size * (rank - remainder);
276 | stop = start + worker_space_size;
277 | }
278 |
279 | gatenum nums[7];
280 | if (start >= n_choose_k(st.num_gates, 7)) {
281 | memset(nums, 0, sizeof(gatenum) * 7);
282 | } else {
283 | get_nth_combination(start, st.num_gates, 7, 0, nums);
284 | }
285 |
286 | ttable tt[7] = {st.gates[nums[0]].table, st.gates[nums[1]].table, st.gates[nums[2]].table,
287 | st.gates[nums[3]].table, st.gates[nums[4]].table, st.gates[nums[5]].table,
288 | st.gates[nums[6]].table};
289 |
290 | /* Filter out the gate combinations where a 7LUT is possible. */
291 | gatenum *result = malloc(sizeof(gatenum) * 7 * 100000);
292 | assert(result != NULL);
293 | int p = 0;
294 | for (uint64_t i = start; i < stop; i++) {
295 | /* Reject input gate combinations that contain a bit that the algorithm has already used as a
296 | multiplexer input in step 5 of the algorithm. */
297 | bool rejected = false;
298 | for (int k = 0; !rejected && inbits[k] != -1; k++) {
299 | for (int m = 0; m < 7; m++) {
300 | if (nums[m] == inbits[k]) {
301 | rejected = true;
302 | break;
303 | }
304 | }
305 | }
306 |
307 | if (!rejected && check_n_lut_possible(7, target, mask, tt)) {
308 | result[p++] = nums[0];
309 | result[p++] = nums[1];
310 | result[p++] = nums[2];
311 | result[p++] = nums[3];
312 | result[p++] = nums[4];
313 | result[p++] = nums[5];
314 | result[p++] = nums[6];
315 | }
316 | if (p >= 7 * 100000) {
317 | break;
318 | }
319 | next_combination(nums, 7, st.num_gates);
320 | tt[0] = st.gates[nums[0]].table;
321 | tt[1] = st.gates[nums[1]].table;
322 | tt[2] = st.gates[nums[2]].table;
323 | tt[3] = st.gates[nums[3]].table;
324 | tt[4] = st.gates[nums[4]].table;
325 | tt[5] = st.gates[nums[5]].table;
326 | tt[6] = st.gates[nums[6]].table;
327 | }
328 |
329 | /* Gather the number of hits for each rank.*/
330 | int rank_nums[size];
331 | MPI_Allgather(&p, 1, MPI_INT, rank_nums, 1, MPI_INT, MPI_COMM_WORLD);
332 | assert(rank_nums[0] % 7 == 0);
333 | int tsize = rank_nums[0];
334 | int offsets[size];
335 | offsets[0] = 0;
336 | for (int i = 1; i < size; i++) {
337 | assert(rank_nums[i] % 7 == 0);
338 | tsize += rank_nums[i];
339 | offsets[i] = offsets[i - 1] + rank_nums[i - 1];
340 | }
341 |
342 | gatenum *lut_list = malloc(sizeof(gatenum) * tsize);
343 | assert(lut_list != NULL);
344 |
345 | /* Get all hits. */
346 | MPI_Allgatherv(result, p, MPI_UINT16_T, lut_list, rank_nums, offsets, MPI_UINT16_T,
347 | MPI_COMM_WORLD);
348 | free(result);
349 | result = NULL;
350 |
351 | /* Calculate rank's work chunk. */
352 | worker_space_size = (tsize / 7) / size;
353 | remainder = (tsize / 7) - worker_space_size * size;
354 | if (rank < remainder) {
355 | start = (worker_space_size + 1) * rank;
356 | stop = start + worker_space_size + 1;
357 | } else {
358 | start = (worker_space_size + 1) * remainder + worker_space_size * (rank - remainder);
359 | stop = start + worker_space_size;
360 | }
361 |
362 | uint8_t outer_func_order[256];
363 | uint8_t middle_func_order[256];
364 | for (int i = 0; i < 256; i++) {
365 | outer_func_order[i] = middle_func_order[i] = i;
366 | }
367 |
368 | /* Fisher-Yates shuffle the function search orders. */
369 | for (int i = 0; i < 256; i++) {
370 | uint64_t oj = xorshift1024() % (i + 1);
371 | uint64_t mj = xorshift1024() % (i + 1);
372 | uint8_t ot = outer_func_order[i];
373 | uint8_t mt = middle_func_order[i];
374 | outer_func_order[i] = outer_func_order[oj];
375 | middle_func_order[i] = middle_func_order[mj];
376 | outer_func_order[oj] = ot;
377 | middle_func_order[mj] = mt;
378 | }
379 | int outer_cache_set = 0;
380 | int middle_cache_set = 0;
381 | ttable outer_cache[256];
382 | ttable middle_cache[256];
383 | memset(ret, 0, 10 * sizeof(uint16_t));
384 |
385 | MPI_Request recv_req = MPI_REQUEST_NULL;
386 | MPI_Request send_req = MPI_REQUEST_NULL;
387 | int quit_msg = -1;
388 |
389 | if (rank == 0) {
390 | MPI_Irecv(&quit_msg, 1, MPI_INT, MPI_ANY_SOURCE, 1, MPI_COMM_WORLD, &recv_req);
391 | } else {
392 | MPI_Irecv(&quit_msg, 1, MPI_INT, 0, 2, MPI_COMM_WORLD, &recv_req);
393 | }
394 |
395 | bool quit = false;
396 | const int order[70 * 7] = {
397 | 0, 1, 2, 3, 4, 5, 6, 0, 1, 2, 3, 4, 6, 5, 0, 1, 2, 3, 5, 6, 4, 0, 1, 2, 4, 5, 6, 3,
398 | 0, 1, 3, 2, 4, 5, 6, 0, 1, 3, 2, 4, 6, 5, 0, 1, 3, 2, 5, 6, 4, 0, 1, 3, 4, 5, 6, 2,
399 | 0, 1, 4, 2, 3, 5, 6, 0, 1, 4, 2, 3, 6, 5, 0, 1, 4, 2, 5, 6, 3, 0, 1, 4, 3, 5, 6, 2,
400 | 0, 1, 5, 2, 3, 4, 6, 0, 1, 5, 2, 3, 6, 4, 0, 1, 5, 2, 4, 6, 3, 0, 1, 5, 3, 4, 6, 2,
401 | 0, 1, 6, 2, 3, 4, 5, 0, 1, 6, 2, 3, 5, 4, 0, 1, 6, 2, 4, 5, 3, 0, 1, 6, 3, 4, 5, 2,
402 | 0, 2, 3, 1, 4, 5, 6, 0, 2, 3, 1, 4, 6, 5, 0, 2, 3, 1, 5, 6, 4, 0, 2, 3, 4, 5, 6, 1,
403 | 0, 2, 4, 1, 3, 5, 6, 0, 2, 4, 1, 3, 6, 5, 0, 2, 4, 1, 5, 6, 3, 0, 2, 4, 3, 5, 6, 1,
404 | 0, 2, 5, 1, 3, 4, 6, 0, 2, 5, 1, 3, 6, 4, 0, 2, 5, 1, 4, 6, 3, 0, 2, 5, 3, 4, 6, 1,
405 | 0, 2, 6, 1, 3, 4, 5, 0, 2, 6, 1, 3, 5, 4, 0, 2, 6, 1, 4, 5, 3, 0, 2, 6, 3, 4, 5, 1,
406 | 0, 3, 4, 1, 2, 5, 6, 0, 3, 4, 1, 2, 6, 5, 0, 3, 4, 1, 5, 6, 2, 0, 3, 4, 2, 5, 6, 1,
407 | 0, 3, 5, 1, 2, 4, 6, 0, 3, 5, 1, 2, 6, 4, 0, 3, 5, 1, 4, 6, 2, 0, 3, 5, 2, 4, 6, 1,
408 | 0, 3, 6, 1, 2, 4, 5, 0, 3, 6, 1, 2, 5, 4, 0, 3, 6, 1, 4, 5, 2, 0, 3, 6, 2, 4, 5, 1,
409 | 0, 4, 5, 1, 2, 3, 6, 0, 4, 5, 1, 2, 6, 3, 0, 4, 5, 1, 3, 6, 2, 0, 4, 5, 2, 3, 6, 1,
410 | 0, 4, 6, 1, 2, 3, 5, 0, 4, 6, 1, 2, 5, 3, 0, 4, 6, 1, 3, 5, 2, 0, 4, 6, 2, 3, 5, 1,
411 | 0, 5, 6, 1, 2, 3, 4, 0, 5, 6, 1, 2, 4, 3, 0, 5, 6, 1, 3, 4, 2, 0, 5, 6, 2, 3, 4, 1,
412 | 1, 2, 3, 4, 5, 6, 0, 1, 2, 4, 3, 5, 6, 0, 1, 2, 5, 3, 4, 6, 0, 1, 2, 6, 3, 4, 5, 0,
413 | 1, 3, 4, 2, 5, 6, 0, 1, 3, 5, 2, 4, 6, 0, 1, 3, 6, 2, 4, 5, 0, 1, 4, 5, 2, 3, 6, 0,
414 | 1, 4, 6, 2, 3, 5, 0, 1, 5, 6, 2, 3, 4, 0
415 | };
416 | for (int i = start; !quit && i < stop; i++) {
417 | for (int k = 0; !quit && k < 70; k++) {
418 | const gatenum a = lut_list[7 * i + order[7 * k + 0]];
419 | const gatenum b = lut_list[7 * i + order[7 * k + 1]];
420 | const gatenum c = lut_list[7 * i + order[7 * k + 2]];
421 | const gatenum d = lut_list[7 * i + order[7 * k + 3]];
422 | const gatenum e = lut_list[7 * i + order[7 * k + 4]];
423 | const gatenum f = lut_list[7 * i + order[7 * k + 5]];
424 | const gatenum g = lut_list[7 * i + order[7 * k + 6]];
425 | const ttable ta = st.gates[a].table;
426 | const ttable tb = st.gates[b].table;
427 | const ttable tc = st.gates[c].table;
428 | const ttable td = st.gates[d].table;
429 | const ttable te = st.gates[e].table;
430 | const ttable tf = st.gates[f].table;
431 | const ttable tg = st.gates[g].table;
432 | if (((uint64_t)a << 32 | (uint64_t)b << 16 | c) != outer_cache_set) {
433 | generate_lut_ttables(ta, tb, tc, outer_cache);
434 | outer_cache_set = (uint64_t)a << 32 | (uint64_t)b << 16 | c;
435 | }
436 | if (((uint64_t)d << 32 | (uint64_t)e << 16 | f) != middle_cache_set) {
437 | generate_lut_ttables(td, te, tf, middle_cache);
438 | middle_cache_set = (uint64_t)d << 32 | (uint64_t)e << 16 | f;
439 | }
440 |
441 | for (uint16_t fo = 0; !quit && fo < 256; fo++) {
442 | uint8_t func_outer = outer_func_order[fo];
443 | ttable t_outer = outer_cache[func_outer];
444 | for (uint16_t fm = 0; !quit && fm < 256; fm++) {
445 | uint8_t func_middle = middle_func_order[fm];
446 | ttable t_middle = middle_cache[func_middle];
447 | uint8_t func_inner;
448 | if (!get_lut_function(t_outer, t_middle, tg, target, mask, true, &func_inner)) {
449 | continue;
450 | }
451 | ttable t_inner = generate_lut_ttable(func_inner, t_outer, t_middle, tg);
452 | assert(ttable_equals_mask(target, t_inner, mask));
453 | ret[0] = func_outer;
454 | ret[1] = func_middle;
455 | ret[2] = func_inner;
456 | ret[3] = a;
457 | ret[4] = b;
458 | ret[5] = c;
459 | ret[6] = d;
460 | ret[7] = e;
461 | ret[8] = f;
462 | ret[9] = g;
463 | assert(send_req == MPI_REQUEST_NULL);
464 | if (rank == 0) {
465 | quit_msg = 0;
466 | } else {
467 | MPI_Isend(&rank, 1, MPI_INT, 0, 1, MPI_COMM_WORLD, &send_req);
468 | }
469 | quit = true;
470 | if (verbosity >= 1) {
471 | printf("[% 4d] Found 7LUT: %02x %02x %02x %3d %3d %3d %3d %3d %3d %3d\n", rank,
472 | func_outer, func_middle, func_inner, a, b, c, d, e, f, g);
473 | }
474 | }
475 | }
476 | if (!quit) {
477 | int flag;
478 | MPI_Test(&recv_req, &flag, MPI_STATUS_IGNORE);
479 | if (flag) {
480 | quit = true;
481 | }
482 | }
483 | }
484 | }
485 | free(lut_list);
486 | return get_search_result(ret, &quit_msg, &recv_req, &send_req);
487 | }
488 |
489 | gatenum lut_search(state *st, const ttable target, const ttable mask, const int8_t *inbits,
490 | const gatenum *gate_order, const options *opt) {
491 | assert(st != NULL);
492 | assert(inbits != NULL);
493 | assert(gate_order != NULL);
494 | assert(opt != NULL);
495 | assert(opt->lut_graph);
496 |
497 | /* Look through all combinations of three gates in the circuit. For each combination, check if any
498 | of the 256 possible three bit Boolean functions produces the desired map. If so, add that LUT
499 | and return the ID. */
500 |
501 | for (int i = 0; i < st->num_gates; i++) {
502 | const gatenum gi = gate_order[i];
503 | const ttable ta = st->gates[gi].table;
504 | for (int k = i + 1; k < st->num_gates; k++) {
505 | const gatenum gk = gate_order[k];
506 | const ttable tb = st->gates[gk].table;
507 | for (int m = k + 1; m < st->num_gates; m++) {
508 | const gatenum gm = gate_order[m];
509 | const ttable tc = st->gates[gm].table;
510 | const ttable tables[] = {ta, tb, tc};
511 | if (!check_n_lut_possible(3, target, mask, tables)) {
512 | continue;
513 | }
514 | uint8_t func;
515 | if (!get_lut_function(ta, tb, tc, target, mask, opt->randomize, &func)) {
516 | continue;
517 | }
518 | ttable nt = generate_lut_ttable(func, ta, tb, tc);
519 | assert(ttable_equals_mask(target, nt, mask));
520 | ASSERT_AND_RETURN(add_lut(st, func, nt, gi, gk, gm), target, st, mask);
521 | }
522 | }
523 | }
524 |
525 | if (!check_num_gates_possible(st, 2, 0, opt)) {
526 | return NO_GATE;
527 | }
528 |
529 | int size;
530 | MPI_Comm_size(MPI_COMM_WORLD, &size);
531 |
532 | /* Broadcast work to be done. */
533 | mpi_work work;
534 | work.st = *st;
535 | work.target = target;
536 | work.mask = mask;
537 | work.quit = false;
538 | work.verbosity = opt->verbosity;
539 | memcpy(work.inbits, inbits, sizeof(uint8_t) * 8);
540 | MPI_Bcast(&work, 1, g_mpi_work_type, 0, MPI_COMM_WORLD);
541 |
542 | /* Look through all combinations of five gates in the circuit. For each combination, check if a
543 | combination of two of the possible 256 three bit Boolean functions as in LUT(LUT(a,b,c),d,e)
544 | produces the desired map. If so, add those LUTs and return the ID of the output LUT. */
545 |
546 | uint16_t res[10];
547 |
548 | memset(res, 0, sizeof(uint16_t) * 10);
549 | if (opt->verbosity >= 2) {
550 | printf("[ 0] Search 5.\n");
551 | }
552 |
553 | if (work.st.num_gates >= 5
554 | && search_5lut(work.st, work.target, work.mask, work.inbits, res, opt->verbosity)) {
555 | uint8_t func_outer = (uint8_t)res[0];
556 | uint8_t func_inner = (uint8_t)res[1];
557 | gatenum a = res[2];
558 | gatenum b = res[3];
559 | gatenum c = res[4];
560 | gatenum d = res[5];
561 | gatenum e = res[6];
562 | ttable ta = st->gates[a].table;
563 | ttable tb = st->gates[b].table;
564 | ttable tc = st->gates[c].table;
565 | ttable td = st->gates[d].table;
566 | ttable te = st->gates[e].table;
567 | if (opt->verbosity >= 1) {
568 | printf("[ 0] Selected: %02x %02x %3d %3d %3d %3d %3d\n",
569 | func_outer, func_inner, a, b, c, d, e);
570 | }
571 |
572 | const ttable tables[] = {ta, tb, tc, td, te};
573 | assert(check_n_lut_possible(5, target, mask, tables));
574 | ttable t_outer = generate_lut_ttable(func_outer, ta, tb, tc);
575 | ttable t_inner = generate_lut_ttable(func_inner, t_outer, td, te);
576 | assert(ttable_equals_mask(target, t_inner, mask));
577 |
578 | ASSERT_AND_RETURN(add_lut(st, func_inner, t_inner,
579 | add_lut(st, func_outer, t_outer, a, b, c), d, e), target, st, mask);
580 | }
581 |
582 | if (!check_num_gates_possible(st, 3, 0, opt)) {
583 | bool search7 = false;
584 | MPI_Bcast(&search7, 1, MPI_C_BOOL, 0, MPI_COMM_WORLD);
585 | return NO_GATE;
586 | }
587 | bool search7 = true;
588 | MPI_Bcast(&search7, 1, MPI_C_BOOL, 0, MPI_COMM_WORLD);
589 |
590 | if (opt->verbosity >= 2) {
591 | printf("[ 0] Search 7.\n");
592 | }
593 | if (work.st.num_gates >= 7
594 | && search_7lut(work.st, work.target, work.mask, work.inbits, res, opt->verbosity)) {
595 | uint8_t func_outer = (uint8_t)res[0];
596 | uint8_t func_middle = (uint8_t)res[1];
597 | uint8_t func_inner = (uint8_t)res[2];
598 | gatenum a = res[3];
599 | gatenum b = res[4];
600 | gatenum c = res[5];
601 | gatenum d = res[6];
602 | gatenum e = res[7];
603 | gatenum f = res[8];
604 | gatenum g = res[9];
605 | ttable ta = st->gates[a].table;
606 | ttable tb = st->gates[b].table;
607 | ttable tc = st->gates[c].table;
608 | ttable td = st->gates[d].table;
609 | ttable te = st->gates[e].table;
610 | ttable tf = st->gates[f].table;
611 | ttable tg = st->gates[g].table;
612 | if (opt->verbosity >= 1) {
613 | printf("[ 0] Selected: %02x %02x %02x %3d %3d %3d %3d %3d %3d %3d\n",
614 | func_outer, func_middle, func_inner, a, b, c, d, e, f, g);
615 | }
616 | const ttable tables[] = {ta, tb, tc, td, te, tf, tg};
617 | assert(check_n_lut_possible(7, target, mask, tables));
618 | ttable t_outer = generate_lut_ttable(func_outer, ta, tb, tc);
619 | ttable t_middle = generate_lut_ttable(func_middle, td, te, tf);
620 | ttable t_inner = generate_lut_ttable(func_inner, t_outer, t_middle, tg);
621 | assert(ttable_equals_mask(target, t_inner, mask));
622 | ASSERT_AND_RETURN(add_lut(st, func_inner, t_inner,
623 | add_lut(st, func_outer, t_outer, a, b, c),
624 | add_lut(st, func_middle, t_middle, d, e, f), g), target, st, mask);
625 | }
626 |
627 | if (opt->verbosity >= 2) {
628 | printf("[ 0] No LUTs found. Num gates: %d\n", st->num_gates - get_num_inputs(st));
629 | }
630 | return NO_GATE;
631 | }
632 |
633 | /* Generates the nth combination of num_gates choose t gates numbered first, first + 1, ...
634 | Return combination in ret. */
635 | static void get_nth_combination(int64_t n, int num_gates, int t, gatenum first, gatenum *ret) {
636 | assert(ret != NULL);
637 | assert(t <= num_gates);
638 | assert(n < n_choose_k(num_gates, t));
639 |
640 | if (t == 0) {
641 | return;
642 | }
643 |
644 | ret[0] = first;
645 |
646 | for (int i = 0; i < num_gates; i++) {
647 | if (n == 0) {
648 | for (int k = 1; k < t; k++) {
649 | ret[k] = ret[0] + k;
650 | }
651 | return;
652 | }
653 | int64_t nck = n_choose_k(num_gates - i - 1, t - 1);
654 | if (n < nck) {
655 | get_nth_combination(n, num_gates - ret[0] + first - 1, t - 1, ret[0] + 1, ret + 1);
656 | return;
657 | }
658 | ret[0] += 1;
659 | n -= nck;
660 | }
661 | assert(0);
662 | }
663 |
664 | /* Called by search_5lut and search_7lut to fetch the result of a search from the workers. */
665 | static bool get_search_result(uint16_t *ret, int *quit_msg, MPI_Request *recv_req,
666 | MPI_Request *send_req) {
667 |
668 | int rank, size;
669 | MPI_Comm_rank(MPI_COMM_WORLD, &rank);
670 | MPI_Comm_size(MPI_COMM_WORLD, &size);
671 |
672 | int flag;
673 | MPI_Request *quit_requests = NULL;
674 | if (rank == 0) {
675 | /* If we've received a message, the search was successful. In that case, tell all workers to
676 | quit the search. */
677 | if (*quit_msg >= 0) {
678 | quit_requests = malloc(sizeof(MPI_Request) * (size - 1));
679 | assert(quit_requests != NULL);
680 | for (int i = 1; i < size; i++) {
681 | MPI_Isend(quit_msg, 1, MPI_INT, i, 2, MPI_COMM_WORLD, &quit_requests[i - 1]);
682 | }
683 | }
684 | }
685 |
686 | /* Wait for all workers before continuing. */
687 | MPI_Barrier(MPI_COMM_WORLD);
688 |
689 | /* Cancel any non-completed requests. */
690 | if (*recv_req != MPI_REQUEST_NULL) {
691 | MPI_Test(recv_req, &flag, MPI_STATUS_IGNORE);
692 | if (!flag) {
693 | MPI_Cancel(recv_req);
694 | MPI_Wait(recv_req, MPI_STATUS_IGNORE);
695 | }
696 | }
697 |
698 | if (*send_req != MPI_REQUEST_NULL) {
699 | MPI_Test(send_req, &flag, MPI_STATUS_IGNORE);
700 | if (!flag) {
701 | MPI_Cancel(send_req);
702 | MPI_Wait(send_req, MPI_STATUS_IGNORE);
703 | }
704 | }
705 |
706 | if (quit_requests != NULL) {
707 | for (int i = 0; i < (size - 1); i++) {
708 | MPI_Test(&quit_requests[i], &flag, MPI_STATUS_IGNORE);
709 | if (!flag) {
710 | MPI_Cancel(&quit_requests[i]);
711 | }
712 | }
713 | MPI_Waitall(size - 1, quit_requests, MPI_STATUSES_IGNORE);
714 | free(quit_requests);
715 | }
716 |
717 | MPI_Barrier(MPI_COMM_WORLD);
718 |
719 | /* If more than one worker found a match, there may be extra messages waiting. Receive and
720 | dispose of those. */
721 | if (rank == 0) {
722 | do {
723 | MPI_Iprobe(MPI_ANY_SOURCE, 1, MPI_COMM_WORLD, &flag, MPI_STATUS_IGNORE);
724 | if (flag) {
725 | int foo;
726 | MPI_Recv(&foo, 1, MPI_INT, MPI_ANY_SOURCE, 1, MPI_COMM_WORLD, MPI_STATUS_IGNORE);
727 | }
728 | } while (flag);
729 | }
730 |
731 | /* Broadcast rank of worker that will broadcast search result. This will be -1 if the search
732 | was unsuccessful. */
733 | MPI_Bcast(quit_msg, 1, MPI_INT, 0, MPI_COMM_WORLD);
734 | if (*quit_msg < 0) {
735 | assert(*send_req == MPI_REQUEST_NULL);
736 | return false;
737 | }
738 | MPI_Bcast(ret, 10, MPI_UINT16_T, *quit_msg, MPI_COMM_WORLD);
739 | return true;
740 | }
741 |
742 | /* Creates the next combination of t numbers from the set 0, 1, ..., max - 1. */
743 | static inline void next_combination(gatenum *combination, int t, int max) {
744 | int i = t - 1;
745 | while (i >= 0) {
746 | if (combination[i] + t - i < max) {
747 | break;
748 | }
749 | i--;
750 | }
751 | if (i < 0) {
752 | return;
753 | }
754 | combination[i] += 1;
755 | for (int k = i + 1; k < t; k++) {
756 | combination[k] = combination[k - 1] + 1;
757 | }
758 | }
759 |
760 | /* Calculates the binomial coefficient (n, k). */
761 | static inline int64_t n_choose_k(int n, int k) {
762 | assert(n > 0);
763 | assert(k >= 0);
764 | int64_t ret = 1;
765 | for (int i = 1; i <= k; i++) {
766 | ret *= (n - i + 1);
767 | ret /= i;
768 | }
769 | return ret;
770 | }
771 |
--------------------------------------------------------------------------------
/lut.h:
--------------------------------------------------------------------------------
1 | /* lut.h
2 |
3 | Header file for LUT functions.
4 |
5 | Copyright (c) 2019-2020 Marcus Dansarie
6 |
7 | This program is free software: you can redistribute it and/or modify
8 | it under the terms of the GNU General Public License as published by
9 | the Free Software Foundation, either version 3 of the License, or
10 | (at your option) any later version.
11 |
12 | This program is distributed in the hope that it will be useful,
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | GNU General Public License for more details.
16 |
17 | You should have received a copy of the GNU General Public License
18 | along with this program. If not, see . */
19 |
20 | #ifndef __LUT_H__
21 | #define __LUT_H__
22 |
23 | #include "sboxgates.h"
24 | #include "state.h"
25 |
26 | /* Returns true if it is possible to create a num input Boolean function with the specified input
27 | truth tables that satisfies the target truth table, under the specified mask.*/
28 | bool check_n_lut_possible(const int num, const ttable target, const ttable mask,
29 | const ttable *tables);
30 |
31 | /* Generates all possible truth tables for a LUT with the given three input truth tables. Used for
32 | caching in the search functions. */
33 | void generate_lut_ttables(const ttable in1, const ttable in2, const ttable in3, ttable *out);
34 |
35 | /* Returns a LUT function func with the three input truth tables with an output truth table matching
36 | target in the positions where mask is set. Returns true on success and false if no function that
37 | can satisfy the target truth table exists. */
38 | bool get_lut_function(const ttable in1, const ttable in2, const ttable in3, const ttable target,
39 | const ttable mask, const bool randomize, uint8_t *func);
40 |
41 | /* Search for a combination of five outputs in the graph that can be connected with a 5-input LUT
42 | to create an output truth table that matches target in the positions where mask is set. Returns
43 | true on success. In that case the result is returned in the 7 position array ret: ret[0]
44 | contains the outer LUT function, ret[1] the inner LUT function, and ret[2] - ret[6] the five
45 | input gate numbers. */
46 | bool search_5lut(const state st, const ttable target, const ttable mask, const int8_t *inbits,
47 | uint16_t *ret, int verbosity);
48 |
49 | /* Search for a combination of seven outputs in the graph that can be connected with a 7-input LUT
50 | to create an output truth table that matches target in the positions where mask is set. Returns
51 | true on success. In that case the result is returned in the 10 position array ret: ret[0]
52 | contains the outer LUT function, ret[1] the middle LUT function, ret[2] the inner LUT function,
53 | and ret[3] - ret[9] the seven input gate numbers. */
54 | bool search_7lut(const state st, const ttable target, const ttable mask, const int8_t *inbits,
55 | uint16_t *ret, int verbosity);
56 |
57 | gatenum lut_search(state *st, const ttable target, const ttable mask, const int8_t *inbits,
58 | const gatenum *gate_order, const options *opt);
59 |
60 | #endif /* __LUT_H__ */
61 |
--------------------------------------------------------------------------------
/sboxes/crypto1_fa.txt:
--------------------------------------------------------------------------------
1 | 0 0 0 1 1 0 0 1 0 1 1 1 1 0 0 1
2 |
--------------------------------------------------------------------------------
/sboxes/crypto1_fb.txt:
--------------------------------------------------------------------------------
1 | 0 1 1 1 0 0 0 1 0 0 1 0 1 1 0 1
2 |
--------------------------------------------------------------------------------
/sboxes/crypto1_fc.txt:
--------------------------------------------------------------------------------
1 | 0 1 0 1 0 0 0 0 0 0 0 1 0 1 1 1 1 1 1 0 1 0 1 0 0 0 1 1 0 1 1 1
2 |
--------------------------------------------------------------------------------
/sboxes/des_s1.txt:
--------------------------------------------------------------------------------
1 | e 4 d 1 2 f b 8 3 a 6 c 5 9 0 7
2 | 0 f 7 4 e 2 d 1 a 6 c b 9 5 3 8
3 | 4 1 e 8 d 6 2 b f c 9 7 3 a 5 0
4 | f c 8 2 4 9 1 7 5 b 3 e a 0 6 d
5 |
--------------------------------------------------------------------------------
/sboxes/identity.txt:
--------------------------------------------------------------------------------
1 | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
2 | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
3 | 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
4 | 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f
5 | 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f
6 | 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f
7 | 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f
8 | 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f
9 | 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f
10 | 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f
11 | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af
12 | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf
13 | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
14 | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df
15 | e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef
16 | f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff
17 |
--------------------------------------------------------------------------------
/sboxes/linear.txt:
--------------------------------------------------------------------------------
1 | 00 03 06 09 0c 0f 12 15 18 1b 1e 21 24 27 2a 2d
2 | 30 33 36 39 3c 3f 42 45 48 4b 4e 51 54 57 5a 5d
3 | 60 63 66 69 6c 6f 72 75 78 7b 7e 81 84 87 8a 8d
4 | 90 93 96 99 9c 9f a2 a5 a8 ab ae b1 b4 b7 ba bd
5 | c0 c3 c6 c9 cc cf d2 d5 d8 db de e1 e4 e7 ea ed
6 | f0 f3 f6 f9 fc ff 02 05 08 0b 0e 11 14 17 1a 1d
7 | 20 23 26 29 2c 2f 32 35 38 3b 3e 41 44 47 4a 4d
8 | 50 53 56 59 5c 5f 62 65 68 6b 6e 71 74 77 7a 7d
9 | 80 83 86 89 8c 8f 92 95 98 9b 9e a1 a4 a7 aa ad
10 | b0 b3 b6 b9 bc bf c2 c5 c8 cb ce d1 d4 d7 da dd
11 | e0 e3 e6 e9 ec ef f2 f5 f8 fb fe 01 04 07 0a 0d
12 | 10 13 16 19 1c 1f 22 25 28 2b 2e 31 34 37 3a 3d
13 | 40 43 46 49 4c 4f 52 55 58 5b 5e 61 64 67 6a 6d
14 | 70 73 76 79 7c 7f 82 85 88 8b 8e 91 94 97 9a 9d
15 | a0 a3 a6 a9 ac af b2 b5 b8 bb be c1 c4 c7 ca cd
16 | d0 d3 d6 d9 dc df e2 e5 e8 eb ee f1 f4 f7 fa fd
17 |
--------------------------------------------------------------------------------
/sboxes/rijndael.txt:
--------------------------------------------------------------------------------
1 | 63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76
2 | ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0
3 | b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15
4 | 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75
5 | 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84
6 | 53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf
7 | d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8
8 | 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2
9 | cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73
10 | 60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db
11 | e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79
12 | e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08
13 | ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a
14 | 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e
15 | e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
16 | 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16
17 |
--------------------------------------------------------------------------------
/sboxes/sodark.txt:
--------------------------------------------------------------------------------
1 | 9c f2 14 c1 8e cb b2 65 97 7a 60 17 92 f9 78 41
2 | 07 4c 67 6d 66 4a 30 7d 53 9d b5 bc c3 ca f1 04
3 | 03 ec d0 38 b0 ed ad c4 dd 56 42 bd a0 de 1b 81
4 | 55 44 5a e4 50 dc 43 63 09 5c 74 cf 0e ab 1d 3d
5 | 6b 02 5d 28 e7 c6 ee b4 d9 7c 19 3e 5e 6c d6 6e
6 | 2a 13 a5 08 b9 2d bb a2 d4 96 39 e0 ba d7 82 33
7 | 0d 5f 26 16 fe 22 af 00 11 c8 9e 88 8b a1 7b 87
8 | 27 e6 c7 94 d1 5b 9b f0 9f db e1 8d d2 1f 6a 90
9 | f4 18 91 59 01 b1 fc 34 3c 37 47 29 e2 64 69 24
10 | 0a 2f 73 71 a9 84 8c a8 a3 3b e3 e9 58 80 a7 d3
11 | b7 c2 1c 95 1e 4d 4f 4e fb 76 fd 99 c5 c9 e8 2e
12 | 8a df f5 49 f3 6f 8f e5 eb f6 25 d5 31 c0 57 72
13 | aa 46 68 0b 93 89 83 70 ef a4 85 f8 0f b3 ac 10
14 | 62 cc 61 40 f7 fa 52 7f ff 32 45 20 79 ce ea be
15 | cd 15 21 23 d8 b6 0c 3f 54 1a bf 98 48 3a 75 77
16 | 2b ae 36 da 7e 86 35 51 05 12 b8 a6 9a 2c 06 4b
17 |
--------------------------------------------------------------------------------
/sboxgates.c:
--------------------------------------------------------------------------------
1 | /* sboxgates.c
2 |
3 | Program for finding low gate count implementations of S-boxes.
4 | The algorithm used is described in Kwan, Matthew: "Reducing the Gate Count of Bitslice DES."
5 | IACR Cryptology ePrint Archive 2000 (2000): 51. Improvements from
6 | SBOXDiscovery (https://github.com/DeepLearningJohnDoe/SBOXDiscovery) have been added.
7 |
8 | Copyright (c) 2016-2017, 2019-2021 Marcus Dansarie
9 |
10 | This program is free software: you can redistribute it and/or modify
11 | it under the terms of the GNU General Public License as published by
12 | the Free Software Foundation, either version 3 of the License, or
13 | (at your option) any later version.
14 |
15 | This program is distributed in the hope that it will be useful,
16 | but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | GNU General Public License for more details.
19 |
20 | You should have received a copy of the GNU General Public License
21 | along with this program. If not, see . */
22 |
23 | #include
24 | #include
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include "convert_graph.h"
34 | #include "lut.h"
35 | #include "sboxgates.h"
36 | #include "state.h"
37 |
38 | uint8_t g_sbox_enc[256] = {0}; /* Defined in sboxgates.h. */
39 |
40 | ttable g_target[8]; /* Truth tables for the output bits of the sbox. */
41 | MPI_Datatype g_mpi_work_type; /* MPI type for mpi_work struct. Defined in sboxgates.h. */
42 |
43 | const char *argp_program_version = "sboxgates 1.0";
44 | const char *argp_program_bug_address = "https://github.com/dansarie/sboxgates/issues";
45 | const char doc[] = "Generates graphs of Boolean gates or 3-input LUTs that realize a specified "
46 | "S-box. Generated graphs can be converted to C/CUDA source code or to Graphviz DOT format.\v"
47 | "This program uses MPI for parallelization and should therefore be run using the mpirun "
48 | "utility. Generated graphs are output as XML files. In its basic mode, the program generates a "
49 | "single graph for all outputs of the S-box. It is also possible to generate separate graphs "
50 | "for each output, which can significantly decrease the time to generate the graph. ";
51 | const char args_doc[] = "INPUT_FILE";
52 | struct argp_option argp_options[] = {
53 | {0, 1000, 0, 0, "Graph generation", 1},
54 | {"available-gates", 'a', "gates", 0, "Specify the set of available gates "
55 | "(bitfield 0-65535).", 1},
56 | {"graph", 'g', "graph", 0, "Load graph from file as initial state. "
57 | "(For use with -o.)", 1},
58 | {"iterations", 'i', "iterations", 0, "Set number of iterations per step.", 1},
59 | {"lut", 'l', 0, 0, "Generate LUT graph. Results in smaller graphs but "
60 | "takes significantly more time.", 1},
61 | {"append-not", 'n', 0, 0, "Try to generate more boolean functions by appending "
62 | "NOT gates.", 1},
63 | {"single-output", 'o', "output", 0, "Generate single-output graph for specified output.",
64 | 1},
65 | {"permute", 'p', "value", 0, "Permute the input S-box by XORing it with value.", 1},
66 | {"sat-metric", 's', 0, 0, "Use graph size metric which attempts to optimize the "
67 | "generated graph for use with SAT solvers.", 1},
68 | {"verbose", 'v', 0, 0, "Increase verbosity.", 1},
69 | {0, 1001, 0, 0, "Graph conversion", 2},
70 | {"convert-c", 'c', 0, 0, "Convert input file to a C or CUDA function.", 2},
71 | {"convert-dot", 'd', 0, 0, "Convert input file to a DOT digraph.", 2},
72 | {0}
73 | };
74 |
75 | /* Returns true if the truth table is all-zero. */
76 | bool ttable_zero(ttable tt) {
77 | for(size_t i = 0; i < sizeof(ttable) / sizeof(uint64_t); i++) {
78 | if(tt[i]) {
79 | return false;
80 | }
81 | }
82 | return true;
83 | }
84 |
85 | /* Test two truth tables for equality. */
86 | static inline bool ttable_equals(const ttable in1, const ttable in2) {
87 | return ttable_zero(in1 ^ in2);
88 | }
89 |
90 | /* Performs a masked test for equality. Only bits set to 1 in the mask will be tested. */
91 | bool ttable_equals_mask(const ttable in1, const ttable in2, const ttable mask) {
92 | return ttable_zero((in1 ^ in2) & mask);
93 | }
94 |
95 | /* Adds a gate to the state st. Returns the gate id of the added gate. If an input gate is
96 | equal to NO_GATE (only gid1 in case of a NOT gate), NO_GATE will be returned. */
97 | static gatenum add_gate(state * restrict st, gate_type type, gatenum gid1, gatenum gid2,
98 | const options * restrict opt) {
99 | assert(!(type == NOT && gid2 != NO_GATE));
100 | assert(type != IN && type != LUT);
101 | assert(gid1 < st->num_gates);
102 | assert(gid2 < st->num_gates || type == NOT);
103 | assert(gid1 != gid2);
104 | if (gid1 == NO_GATE || (gid2 == NO_GATE && type != NOT)) {
105 | return NO_GATE;
106 | }
107 | if (st->num_gates > st->max_gates) {
108 | return NO_GATE;
109 | }
110 | if (opt->metric == SAT && st->sat_metric > st->max_sat_metric) {
111 | return NO_GATE;
112 | }
113 |
114 | st->sat_metric += get_sat_metric(type);
115 | if (type == NOT) {
116 | st->gates[st->num_gates].table = ~st->gates[gid1].table;
117 | } else {
118 | st->gates[st->num_gates].table = generate_ttable_2(type, st->gates[gid1].table,
119 | st->gates[gid2].table);
120 | }
121 | st->gates[st->num_gates].type = type;
122 | st->gates[st->num_gates].in1 = gid1;
123 | st->gates[st->num_gates].in2 = gid2;
124 | st->gates[st->num_gates].in3 = NO_GATE;
125 | st->gates[st->num_gates].function = 0;
126 | st->num_gates += 1;
127 | return st->num_gates - 1;
128 | }
129 |
130 | gatenum add_lut(state *st, uint8_t func, ttable table, gatenum gid1, gatenum gid2, gatenum gid3) {
131 | if (gid1 == NO_GATE || gid2 == NO_GATE || gid3 == NO_GATE || st->num_gates > st->max_gates) {
132 | return NO_GATE;
133 | }
134 | assert(gid1 < st->num_gates);
135 | assert(gid2 < st->num_gates);
136 | assert(gid3 < st->num_gates);
137 | assert(gid1 != gid2 && gid2 != gid3 && gid3 != gid1);
138 | st->gates[st->num_gates].table = table;
139 | st->gates[st->num_gates].type = LUT;
140 | st->gates[st->num_gates].in1 = gid1;
141 | st->gates[st->num_gates].in2 = gid2;
142 | st->gates[st->num_gates].in3 = gid3;
143 | st->gates[st->num_gates].function = func;
144 | st->num_gates += 1;
145 | return st->num_gates - 1;
146 | }
147 |
148 | /* The functions below are all calls to add_gate above added to improve code readability. */
149 |
150 | static gatenum add_not_gate(state *st, gatenum gid, const options *opt) {
151 | if (gid == NO_GATE) {
152 | return NO_GATE;
153 | }
154 | return add_gate(st, NOT, gid, NO_GATE, opt);
155 | }
156 |
157 | static gatenum add_and_gate(state *st, gatenum gid1, gatenum gid2, const options *opt) {
158 | if (gid1 == NO_GATE || gid2 == NO_GATE) {
159 | return NO_GATE;
160 | }
161 | if (gid1 == gid2) {
162 | return gid1;
163 | }
164 | return add_gate(st, AND, gid1, gid2, opt);
165 | }
166 |
167 | static gatenum add_or_gate(state *st, gatenum gid1, gatenum gid2, const options *opt) {
168 | if (gid1 == NO_GATE || gid2 == NO_GATE) {
169 | return NO_GATE;
170 | }
171 | if (gid1 == gid2) {
172 | return gid1;
173 | }
174 | return add_gate(st, OR, gid1, gid2, opt);
175 | }
176 |
177 | static gatenum add_xor_gate(state *st, gatenum gid1, gatenum gid2, const options *opt) {
178 | if (gid1 == NO_GATE || gid2 == NO_GATE) {
179 | return NO_GATE;
180 | }
181 | return add_gate(st, XOR, gid1, gid2, opt);
182 | }
183 |
184 | static gatenum add_boolfunc_2(state * restrict st, const boolfunc * restrict fun, gatenum gid1,
185 | gatenum gid2, const options * restrict opt) {
186 | assert(fun->num_inputs == 2);
187 | if (gid1 == NO_GATE || gid2 == NO_GATE || st->num_gates > st->max_gates) {
188 | return NO_GATE;
189 | }
190 | if (opt->metric == SAT && st->sat_metric > st->max_sat_metric) {
191 | return NO_GATE;
192 | }
193 | if (fun->not_a) {
194 | gid1 = add_not_gate(st, gid1, opt);
195 | }
196 | if (fun->not_b) {
197 | gid2 = add_not_gate(st, gid2, opt);
198 | }
199 | gatenum gid = add_gate(st, fun->fun1, gid1, gid2, opt);
200 | if (fun->not_out) {
201 | gid = add_not_gate(st, gid, opt);
202 | }
203 | return gid;
204 | }
205 |
206 | static gatenum add_boolfunc_3(state * restrict st, const boolfunc * restrict fun, gatenum gid1,
207 | gatenum gid2, gatenum gid3, const options * restrict opt) {
208 | if (gid1 == NO_GATE || gid2 == NO_GATE || (gid3 == NO_GATE && fun->num_inputs == 3)
209 | || st->num_gates > st->max_gates) {
210 | return NO_GATE;
211 | }
212 | if (opt->metric == SAT && st->sat_metric > st->max_sat_metric) {
213 | return NO_GATE;
214 | }
215 | if (fun->not_a) {
216 | gid1 = add_not_gate(st, gid1, opt);
217 | }
218 | if (fun->not_b) {
219 | gid2 = add_not_gate(st, gid2, opt);
220 | }
221 | if (fun->not_c) {
222 | gid3 = add_not_gate(st, gid3, opt);
223 | }
224 | gatenum out1 = add_gate(st, fun->fun1, gid1, gid2, opt);
225 | if (fun->not_out) {
226 | return add_not_gate(st, add_gate(st, fun->fun2, out1, gid3, opt), opt);
227 | }
228 | return add_gate(st, fun->fun2, out1, gid3, opt);
229 | }
230 |
231 | /* Returns the number of outputs in the current target S-box. */
232 | static int get_num_outputs() {
233 | static int outputs = -1;
234 | if (outputs != -1) {
235 | return outputs;
236 | }
237 | for (int i = 7; i >= 0; i--) {
238 | if (!ttable_zero(g_target[i])) {
239 | outputs = i + 1;
240 | return outputs;
241 | }
242 | }
243 | assert(0);
244 | }
245 |
246 | uint64_t xorshift1024() {
247 | static bool init = false;
248 | static uint64_t rand[16];
249 | static int p = 0;
250 | if (!init) {
251 | FILE *rand_fp = fopen("/dev/urandom", "r");
252 | if (rand_fp == NULL) {
253 | fprintf(stderr, "Error opening /dev/urandom. (sboxgates.c:%d)\n", __LINE__);
254 | } else if (fread(rand, 16 * sizeof(uint64_t), 1, rand_fp) != 1) {
255 | fprintf(stderr, "Error reading from /dev/urandom. (sboxgates.c:%d)\n", __LINE__);
256 | fclose(rand_fp);
257 | } else {
258 | init = true;
259 | fclose(rand_fp);
260 | }
261 | }
262 | uint64_t r0 = rand[p];
263 | p = (p + 1) & 15;
264 | uint64_t r1 = rand[p];
265 | r1 ^= r1 << 31;
266 | rand[p] = r1 ^ r0 ^ (r1 >> 11) ^ (r0 >> 30);
267 | return rand[p] * 1181783497276652981U;
268 | }
269 |
270 | bool check_num_gates_possible(const state *st, int add, int add_sat, const options *opt) {
271 | if (opt->metric == SAT && st->sat_metric + add_sat > st->max_sat_metric) {
272 | return false;
273 | }
274 | if (st->num_gates + add > st->max_gates) {
275 | return false;
276 | }
277 | return true;
278 | }
279 |
280 | /* Recursively builds the gate network. The numbered comments are references to Matthew Kwan's
281 | paper. */
282 | static gatenum create_circuit(state *st, const ttable target, const ttable mask,
283 | const int8_t *inbits, const options *opt) {
284 |
285 | gatenum gate_order[MAX_GATES];
286 | for (int i = 0; i < st->num_gates; i++) {
287 | gate_order[i] = st->num_gates - 1 - i;
288 | }
289 |
290 | /* Randomize the gate search order. */
291 | if (opt->randomize) {
292 | /* Fisher-Yates shuffle. */
293 | for (uint32_t i = st->num_gates - 1; i > 0; i--) {
294 | uint64_t j = xorshift1024() % (i + 1);
295 | gatenum t = gate_order[i];
296 | gate_order[i] = gate_order[j];
297 | gate_order[j] = t;
298 | }
299 | }
300 |
301 | /* 1. Look through the existing circuit. If there is a gate that produces the desired map, simply
302 | return the ID of that gate. */
303 |
304 | for (int i = 0; i < st->num_gates; i++) {
305 | if (ttable_equals_mask(target, st->gates[gate_order[i]].table, mask)) {
306 | ASSERT_AND_RETURN(gate_order[i], target, st, mask);
307 | }
308 | }
309 |
310 | /* 2. If there are any gates whose inverse produces the desired map, append a NOT gate, and
311 | return the ID of the NOT gate. */
312 |
313 | if (!check_num_gates_possible(st, 1, get_sat_metric(NOT), opt)) {
314 | return NO_GATE;
315 | }
316 |
317 | for (int i = 0; i < st->num_gates; i++) {
318 | if (ttable_equals_mask(target, ~st->gates[gate_order[i]].table, mask)) {
319 | ASSERT_AND_RETURN(add_not_gate(st, gate_order[i], opt), target, st, mask);
320 | }
321 | }
322 |
323 | /* 3. Look at all pairs of gates in the existing circuit. If they can be combined with a single
324 | gate to produce the desired map, add that single gate and return its ID. */
325 |
326 | if (!check_num_gates_possible(st, 1, get_sat_metric(AND), opt)) {
327 | return NO_GATE;
328 | }
329 |
330 | const ttable mtarget = target & mask;
331 | for (int i = 0; i < st->num_gates; i++) {
332 | const gatenum gi = gate_order[i];
333 | const ttable ti = st->gates[gi].table;
334 | for (int k = i + 1; k < st->num_gates; k++) {
335 | const gatenum gk = gate_order[k];
336 | const ttable tk = st->gates[gk].table;
337 | for (int m = 0; opt->avail_gates[m].num_inputs != 0; m++) {
338 | if (ttable_equals(mtarget, generate_ttable_2(opt->avail_gates[m].fun, ti, tk))) {
339 | ASSERT_AND_RETURN(add_boolfunc_2(st, &opt->avail_gates[m], gi, gk, opt), target, st,
340 | mask);
341 | }
342 | if (!opt->avail_gates[m].ab_commutative) {
343 | if (ttable_equals(mtarget, generate_ttable_2(opt->avail_gates[m].fun, tk, ti))) {
344 | ASSERT_AND_RETURN(add_boolfunc_2(st, &opt->avail_gates[m], gk, gi, opt), target, st,
345 | mask);
346 | }
347 | }
348 | }
349 | }
350 | }
351 |
352 | if (opt->lut_graph) {
353 | gatenum ret = lut_search(st, target, mask, inbits, gate_order, opt);
354 | if (ret != NO_GATE) {
355 | ASSERT_AND_RETURN(ret, target, st, mask);
356 | }
357 | } else {
358 | /* 4. Look at all combinations of two or three gates in the circuit. If they can be combined
359 | with two gates to produce the desired map, add the gates, and return the ID of the one that
360 | produces the desired map. */
361 |
362 | if (!check_num_gates_possible(st, 2, get_sat_metric(AND) + get_sat_metric(NOT), opt)) {
363 | return NO_GATE;
364 | }
365 |
366 | /* All combinations of two gates. */
367 | for (int i = 0; i < st->num_gates; i++) {
368 | const gatenum gi = gate_order[i];
369 | ttable ti = st->gates[gi].table;
370 | for (int k = i + 1; k < st->num_gates; k++) {
371 | const gatenum gk = gate_order[k];
372 | ttable tk = st->gates[gk].table;
373 | for (int m = 0; opt->avail_not[m].num_inputs != 0; m++) {
374 | if (ttable_equals(mtarget, generate_ttable_2(opt->avail_not[m].fun, ti, tk))) {
375 | ASSERT_AND_RETURN(add_boolfunc_2(st, &opt->avail_not[m], gi, gk, opt), target, st,
376 | mask);
377 | }
378 | if (!opt->avail_not[m].ab_commutative) {
379 | if (ttable_equals(mtarget, generate_ttable_2(opt->avail_not[m].fun, tk, ti))) {
380 | ASSERT_AND_RETURN(add_boolfunc_2(st, &opt->avail_not[m], gk, gi, opt), target, st,
381 | mask);
382 | }
383 | }
384 | }
385 | }
386 | }
387 |
388 | if (!check_num_gates_possible(st, 3, 2 * get_sat_metric(AND) + get_sat_metric(NOT), opt)) {
389 | return NO_GATE;
390 | }
391 |
392 | /* All combinations of three gates. */
393 | for (int i = 0; i < st->num_gates; i++) {
394 | const gatenum gi = gate_order[i];
395 | ttable ti = st->gates[gi].table;
396 | for (int k = i + 1; k < st->num_gates; k++) {
397 | const gatenum gk = gate_order[k];
398 | ttable tk = st->gates[gk].table;
399 | for (int m = k + 1; m < st->num_gates; m++) {
400 | const gatenum gm = gate_order[m];
401 | ttable tm = st->gates[gm].table;
402 | const ttable tables[] = {ti, tk, tm};
403 | if (!check_n_lut_possible(3, target, mask, tables)) {
404 | continue;
405 | }
406 | for (int p = 0; opt->avail_3[p].num_inputs != 0; p++) {
407 | if (ttable_equals_mask(target, generate_ttable_3(opt->avail_3[p], ti, tk, tm), mask)) {
408 | ASSERT_AND_RETURN(add_boolfunc_3(st, &opt->avail_3[p], gi, gk, gm, opt), target, st,
409 | mask);
410 | }
411 | if (!opt->avail_3[m].ab_commutative) {
412 | if (ttable_equals_mask(target, generate_ttable_3(opt->avail_3[p], tk, ti, tm),
413 | mask)) {
414 | ASSERT_AND_RETURN(add_boolfunc_3(st, &opt->avail_3[p], gk, gi, gm, opt), target, st,
415 | mask);
416 | }
417 | }
418 | if (!opt->avail_3[m].ac_commutative) {
419 | if (ttable_equals_mask(target, generate_ttable_3(opt->avail_3[p], tm, tk, ti),
420 | mask)) {
421 | ASSERT_AND_RETURN(add_boolfunc_3(st, &opt->avail_3[p], gm, gk, gi, opt), target, st,
422 | mask);
423 | }
424 | }
425 | if (!opt->avail_3[m].bc_commutative) {
426 | if (ttable_equals_mask(target, generate_ttable_3(opt->avail_3[p], ti, tm, tk),
427 | mask)) {
428 | ASSERT_AND_RETURN(add_boolfunc_3(st, &opt->avail_3[p], gi, gm, gk, opt), target, st,
429 | mask);
430 | }
431 | }
432 | }
433 | }
434 | }
435 | }
436 | } /* End of if (opt->lut_graph)... */
437 |
438 | /* 5. Use the specified input bit to select between two Karnaugh maps. Call this function
439 | recursively to generate those two maps. */
440 |
441 | /* Copy input bits already used to new array to avoid modifying the old one. */
442 | int8_t next_inbits[8];
443 | uint8_t bitp = 0;
444 | while (bitp < 6 && inbits[bitp] != -1) {
445 | next_inbits[bitp] = inbits[bitp];
446 | bitp += 1;
447 | }
448 | assert(bitp < 7);
449 | next_inbits[bitp] = -1;
450 | next_inbits[bitp + 1] = -1;
451 |
452 | state best;
453 | gatenum best_out = NO_GATE;
454 | best.num_gates = 0;
455 | best.sat_metric = 0;
456 |
457 | /* Try all input bit orders. */
458 | for (int bit = 0; bit < get_num_inputs(st); bit++) {
459 | /* Skip input bits that have already been used for multiplexing. */
460 | bool skip = false;
461 | for (int i = 0; i < bitp; i++) {
462 | if (inbits[i] == bit) {
463 | skip = true;
464 | break;
465 | }
466 | }
467 | if (skip == true) {
468 | continue;
469 | }
470 | next_inbits[bitp] = bit;
471 |
472 | const ttable fsel = st->gates[bit].table; /* Selection bit. */
473 | state nst;
474 | gatenum nst_out;
475 | if (opt->lut_graph) { /* Use a LUT-based multiplexer. */
476 | nst = *st;
477 | nst.max_gates -= 1; /* A multiplexer will have to be added later. */
478 | gatenum fb = create_circuit(&nst, target, mask & ~fsel, next_inbits, opt);
479 | if (fb == NO_GATE) {
480 | continue;
481 | }
482 | assert(ttable_equals_mask(target, nst.gates[fb].table, mask & ~fsel));
483 | gatenum fc = create_circuit(&nst, target, mask & fsel, next_inbits, opt);
484 | if (fc == NO_GATE) {
485 | continue;
486 | }
487 | assert(ttable_equals_mask(target, nst.gates[fc].table, mask & fsel));
488 | nst.max_gates += 1;
489 |
490 | if (fb == fc) {
491 | nst_out = fb;
492 | assert(ttable_equals_mask(target, nst.gates[nst_out].table, mask));
493 | } else if (fb == bit) {
494 | nst_out = add_and_gate(&nst, fb, fc, opt);
495 | if (nst_out == NO_GATE) {
496 | continue;
497 | }
498 | assert(ttable_equals_mask(target, nst.gates[nst_out].table, mask));
499 | } else if (fc == bit) {
500 | nst_out = add_or_gate(&nst, fb, fc, opt);
501 | if (nst_out == NO_GATE) {
502 | continue;
503 | }
504 | assert(ttable_equals_mask(target, nst.gates[nst_out].table, mask));
505 | } else {
506 | ttable mux_table = generate_lut_ttable(0xac, nst.gates[bit].table, nst.gates[fb].table,
507 | nst.gates[fc].table);
508 | nst_out = add_lut(&nst, 0xac, mux_table, bit, fb, fc);
509 | if (nst_out == NO_GATE) {
510 | continue;
511 | }
512 | assert(ttable_equals_mask(target, nst.gates[nst_out].table, mask));
513 | }
514 | assert(ttable_equals_mask(target, nst.gates[nst_out].table, mask));
515 | } else { /* Not a LUT graph. Test both AND- and OR-based multiplexers. */
516 | state nst_and = *st; /* New state using AND multiplexer. */
517 |
518 | /* A multiplexer will have to be added later. */
519 | nst_and.max_gates -= 2;
520 | nst_and.max_sat_metric -= get_sat_metric(AND) + get_sat_metric(XOR);
521 |
522 | gatenum fb = create_circuit(&nst_and, target & ~fsel, mask & ~fsel, next_inbits, opt);
523 | assert(fb == NO_GATE || ttable_equals_mask(target, nst_and.gates[fb].table, mask & ~fsel));
524 | gatenum mux_out_and = NO_GATE;
525 | if (fb != NO_GATE) {
526 | gatenum fc = create_circuit(&nst_and, nst_and.gates[fb].table ^ target, mask & fsel,
527 | next_inbits, opt);
528 | assert(fc == NO_GATE || ttable_equals_mask(nst_and.gates[fb].table ^ target,
529 | nst_and.gates[fc].table, mask & fsel));
530 | /* Add back subtracted max from above. */
531 | nst_and.max_gates += 2;
532 | nst_and.max_sat_metric += get_sat_metric(AND) + get_sat_metric(XOR);
533 | gatenum andg = add_and_gate(&nst_and, fc, bit, opt);
534 | mux_out_and = add_xor_gate(&nst_and, fb, andg, opt);
535 | assert(mux_out_and == NO_GATE ||
536 | ttable_equals_mask(target, nst_and.gates[mux_out_and].table, mask));
537 | }
538 |
539 | state nst_or = *st; /* New state using OR multiplexer. */
540 | if (mux_out_and != NO_GATE) {
541 | nst_or.max_gates = nst_and.num_gates;
542 | nst_or.max_sat_metric = nst_and.sat_metric;
543 | }
544 |
545 | /* A multiplexer will have to be added later. */
546 | nst_or.max_gates -= 2;
547 | nst_or.max_sat_metric -= get_sat_metric(OR) + get_sat_metric(XOR);
548 |
549 | gatenum fd = create_circuit(&nst_or, ~target & fsel, mask & fsel, next_inbits, opt);
550 | assert(fd == NO_GATE || ttable_equals_mask(~target & fsel, nst_or.gates[fd].table,
551 | mask & fsel));
552 | gatenum mux_out_or = NO_GATE;
553 | if (fd != NO_GATE) {
554 | gatenum fe = create_circuit(&nst_or, nst_or.gates[fd].table ^ target, mask & ~fsel,
555 | next_inbits, opt);
556 | assert(fe == NO_GATE || ttable_equals_mask(nst_or.gates[fd].table ^ target,
557 | nst_or.gates[fe].table, mask & ~fsel));
558 | /* Add back subtracted max from above. */
559 | nst_or.max_gates += 2;
560 | nst_or.max_sat_metric += get_sat_metric(AND) + get_sat_metric(XOR);
561 | gatenum org = add_or_gate(&nst_or, fe, bit, opt);
562 | mux_out_or = add_xor_gate(&nst_or, fd, org, opt);
563 | assert(mux_out_or == NO_GATE ||
564 | ttable_equals_mask(target, nst_or.gates[mux_out_or].table, mask));
565 | nst_or.max_gates = st->max_gates;
566 | nst_or.max_sat_metric = st->max_sat_metric;
567 | }
568 | if (mux_out_and == NO_GATE && mux_out_or == NO_GATE) {
569 | continue;
570 | }
571 |
572 | if (opt->metric == GATES) {
573 | if (mux_out_or == NO_GATE
574 | || (mux_out_and != NO_GATE && nst_and.num_gates < nst_or.num_gates)) {
575 | nst = nst_and;
576 | nst_out = mux_out_and;
577 | } else {
578 | nst = nst_or;
579 | nst_out = mux_out_or;
580 | }
581 | } else {
582 | if (mux_out_or == NO_GATE
583 | || (mux_out_and != NO_GATE && nst_and.sat_metric < nst_or.sat_metric)) {
584 | nst = nst_and;
585 | nst_out = mux_out_and;
586 | } else {
587 | nst = nst_or;
588 | nst_out = mux_out_or;
589 | }
590 | }
591 | } /* End of if (opt->lut_graph)... New state in nst. */
592 |
593 | /* Compare nst to best. */
594 | assert(best.num_gates == 0 || ttable_equals_mask(target, best.gates[best_out].table, mask));
595 | if (opt->metric == GATES) {
596 | if (best.num_gates == 0 || nst.num_gates < best.num_gates) {
597 | best = nst;
598 | best_out = nst_out;
599 | }
600 | } else {
601 | if (best.sat_metric == 0 || nst.sat_metric < best.sat_metric) {
602 | best = nst;
603 | best_out = nst_out;
604 | }
605 | }
606 | assert(best.num_gates == 0 || ttable_equals_mask(target, best.gates[best_out].table, mask));
607 | } /* End of for loop over all input bits. */
608 |
609 | if (best.num_gates == 0) {
610 | return NO_GATE;
611 | }
612 |
613 | assert(ttable_equals_mask(target, best.gates[best_out].table, mask));
614 | *st = best;
615 | return best_out;
616 | }
617 |
618 | /* All MPI ranks except rank 0 will call this function and wait for work units. */
619 | static void mpi_worker() {
620 | int rank, size;
621 | MPI_Comm_rank(MPI_COMM_WORLD, &rank);
622 | MPI_Comm_size(MPI_COMM_WORLD, &size);
623 |
624 | uint16_t res[10];
625 | while (1) {
626 | mpi_work work;
627 | MPI_Bcast(&work, 1, g_mpi_work_type, 0, MPI_COMM_WORLD);
628 | if (work.quit) {
629 | return;
630 | }
631 |
632 | if (work.st.num_gates >= 5
633 | && search_5lut(work.st, work.target, work.mask, work.inbits, res, work.verbosity)) {
634 | continue;
635 | }
636 | bool search7;
637 | MPI_Bcast(&search7, 1, MPI_C_BOOL, 0, MPI_COMM_WORLD);
638 | if (search7 && work.st.num_gates >= 7) {
639 | search_7lut(work.st, work.target, work.mask, work.inbits, res, work.verbosity);
640 | }
641 | }
642 | }
643 |
644 | static ttable generate_mask(int num_inputs) {
645 | uint64_t mask_vec[] = {0xFFFFFFFFFFFFFFFFUL, 0xFFFFFFFFFFFFFFFFUL,
646 | 0xFFFFFFFFFFFFFFFFUL, 0xFFFFFFFFFFFFFFFFUL};
647 | if (num_inputs < 8) {
648 | mask_vec[2] = mask_vec[3] = 0;
649 | }
650 | if (num_inputs < 7) {
651 | mask_vec[1] = 0;
652 | }
653 | if (num_inputs < 6) {
654 | mask_vec[0] = (1L << (1 << num_inputs)) - 1;
655 | }
656 | ttable t;
657 | memcpy(&t, &mask_vec, sizeof(ttable));
658 | return t;
659 | }
660 |
661 | void generate_graph_one_output(state st, const options *opt) {
662 | assert(opt->iterations > 0);
663 | assert(opt->oneoutput >= 0 && opt->oneoutput <= get_num_outputs() - 1);
664 | printf("Generating graphs for output %d...\n", opt->oneoutput);
665 | for (int iter = 0; iter < opt->iterations; iter++) {
666 | state nst = st;
667 |
668 | int8_t bits[8] = {-1, -1, -1, -1, -1, -1, -1, -1};
669 | const ttable mask = generate_mask(get_num_inputs(&st));
670 | nst.outputs[opt->oneoutput] = create_circuit(&nst, g_target[opt->oneoutput], mask, bits, opt);
671 | if (nst.outputs[opt->oneoutput] == NO_GATE) {
672 | printf("(%d/%d): Not found.\n", iter + 1, opt->iterations);
673 | continue;
674 | }
675 | printf("(%d/%d): %d gates. SAT metric: %d\n", iter + 1, opt->iterations,
676 | nst.num_gates - get_num_inputs(&nst), nst.sat_metric);
677 | save_state(nst);
678 | if (opt->metric == GATES) {
679 | if (nst.num_gates < st.max_gates) {
680 | st.max_gates = nst.num_gates;
681 | }
682 | } else {
683 | if (nst.sat_metric < st.max_sat_metric) {
684 | st.max_sat_metric = nst.sat_metric;
685 | }
686 | }
687 | }
688 | }
689 |
690 | static inline int count_state_outputs(state st) {
691 | int num_outputs = 0;
692 | for (int i = 0; i < 8; i++) {
693 | if (st.outputs[i] != NO_GATE) {
694 | num_outputs += 1;
695 | }
696 | }
697 | return num_outputs;
698 | }
699 |
700 | /* Called by main to generate a graph. */
701 | void generate_graph(const state st, const options *opt) {
702 | assert(opt != NULL);
703 | int num_start_states = 1;
704 | state start_states[20];
705 | start_states[0] = st;
706 |
707 | /* Build the gate network one output at a time. After every added output, select the gate network
708 | or network with the least amount of gates and add another. */
709 | int num_outputs;
710 | while ((num_outputs = count_state_outputs(start_states[0])) < get_num_outputs()) {
711 | gatenum max_gates = MAX_GATES;
712 | int max_sat_metric = INT_MAX;
713 | state out_states[20];
714 | memset(out_states, 0, sizeof(state) * 20);
715 | int num_out_states = 0;
716 |
717 | for (int iter = 0; iter < opt->iterations; iter++) {
718 | printf("Generating circuits with %d output%s. (%d/%d)\n", num_outputs + 1,
719 | num_outputs == 0 ? "" : "s", iter + 1, opt->iterations);
720 | for (uint8_t current_state = 0; current_state < num_start_states; current_state++) {
721 | start_states[current_state].max_gates = max_gates;
722 | start_states[current_state].max_sat_metric = max_sat_metric;
723 |
724 | /* Add all outputs not already present to see which resulting network is the smallest. */
725 | for (uint8_t output = 0; output < get_num_outputs(); output++) {
726 | if (start_states[current_state].outputs[output] != NO_GATE) {
727 | printf("Skipping output %d.\n", output);
728 | continue;
729 | }
730 | printf("Generating circuit for output %d...\n", output);
731 | int8_t bits[8] = {-1, -1, -1, -1, -1, -1, -1, -1};
732 | state st = start_states[current_state];
733 | if (opt->metric == GATES) {
734 | st.max_gates = max_gates;
735 | } else {
736 | st.max_sat_metric = max_sat_metric;
737 | }
738 |
739 | const ttable mask = generate_mask(get_num_inputs(&st));
740 | st.outputs[output] = create_circuit(&st, g_target[output], mask, bits, opt);
741 | if (st.outputs[output] == NO_GATE) {
742 | printf("No solution for output %d.\n", output);
743 | continue;
744 | }
745 | assert(ttable_equals_mask(g_target[output], st.gates[st.outputs[output]].table, mask));
746 | save_state(st);
747 |
748 | if (opt->metric == GATES) {
749 | if (max_gates > st.num_gates) {
750 | max_gates = st.num_gates;
751 | num_out_states = 0;
752 | }
753 | if (st.num_gates <= max_gates) {
754 | if (num_out_states < 20) {
755 | out_states[num_out_states++] = st;
756 | } else {
757 | printf("Output state buffer full! Throwing away valid state.\n");
758 | }
759 | }
760 | } else {
761 | if (max_sat_metric > st.sat_metric) {
762 | max_sat_metric = st.sat_metric;
763 | num_out_states = 0;
764 | }
765 | if (st.sat_metric <= max_sat_metric) {
766 | if (num_out_states < 20) {
767 | out_states[num_out_states++] = st;
768 | } else {
769 | printf("Output state buffer full! Throwing away valid state.\n");
770 | }
771 | }
772 | }
773 | }
774 | }
775 | }
776 | if (opt->metric == GATES) {
777 | printf("Found %d state%s with %d gates.\n", num_out_states,
778 | num_out_states == 1 ? "" : "s", max_gates - get_num_inputs(&out_states[0]));
779 | } else {
780 | printf("Found %d state%s with SAT metric %d.\n", num_out_states,
781 | num_out_states == 1 ? "" : "s", max_sat_metric);
782 | }
783 | for (int i = 0; i < num_out_states; i++) {
784 | start_states[i] = out_states[i];
785 | }
786 | num_start_states = num_out_states;
787 | }
788 | }
789 |
790 | /* Causes the MPI workers to quit. */
791 | static void stop_workers() {
792 | mpi_work work;
793 | work.quit = true;
794 | MPI_Bcast(&work, 1, g_mpi_work_type, 0, MPI_COMM_WORLD);
795 | }
796 |
797 | /* Called by main to create data types for structures passed between MPI instances. */
798 | void create_g_mpi_work_type() {
799 | /* gate struct */
800 | int gate_block_lengths[] = {4, 1, 1, 1, 1, 1};
801 | MPI_Aint gate_displacements[] = {
802 | offsetof(gate, table),
803 | offsetof(gate, type),
804 | offsetof(gate, in1),
805 | offsetof(gate, in2),
806 | offsetof(gate, in3),
807 | offsetof(gate, function)
808 | };
809 | MPI_Datatype gate_datatypes[] = {
810 | MPI_UINT64_T,
811 | MPI_INT,
812 | MPI_UINT16_T,
813 | MPI_UINT16_T,
814 | MPI_UINT16_T,
815 | MPI_UINT8_T
816 | };
817 | MPI_Datatype gate_type;
818 | assert(MPI_Type_create_struct(6, gate_block_lengths, gate_displacements, gate_datatypes,
819 | &gate_type) == MPI_SUCCESS);
820 | assert(MPI_Type_create_resized(gate_type, 0, sizeof(gate), &gate_type)
821 | == MPI_SUCCESS);
822 | assert(MPI_Type_commit(&gate_type) == MPI_SUCCESS);
823 |
824 | /* state struct */
825 | int state_block_lengths[] = {1, 1, 1, 1, 8, MAX_GATES};
826 | MPI_Aint state_displacements[] = {
827 | offsetof(state, max_sat_metric),
828 | offsetof(state, sat_metric),
829 | offsetof(state, max_gates),
830 | offsetof(state, num_gates),
831 | offsetof(state, outputs),
832 | offsetof(state, gates)
833 | };
834 | MPI_Datatype state_datatypes[] = {
835 | MPI_INT,
836 | MPI_INT,
837 | MPI_UINT16_T,
838 | MPI_UINT16_T,
839 | MPI_UINT16_T,
840 | gate_type
841 | };
842 | MPI_Datatype state_type;
843 | assert(MPI_Type_create_struct(6, state_block_lengths, state_displacements, state_datatypes,
844 | &state_type) == MPI_SUCCESS);
845 | assert(MPI_Type_commit(&state_type) == MPI_SUCCESS);
846 |
847 | /* mpi_work struct*/
848 | int work_block_lengths[] = {1, 4, 4, 8, 1, 1};
849 | MPI_Aint work_displacements[] = {
850 | offsetof(mpi_work, st),
851 | offsetof(mpi_work, target),
852 | offsetof(mpi_work, mask),
853 | offsetof(mpi_work, inbits),
854 | offsetof(mpi_work, quit),
855 | offsetof(mpi_work, verbosity)
856 | };
857 | MPI_Datatype work_datatypes[] = {
858 | state_type,
859 | MPI_UINT64_T,
860 | MPI_UINT64_T,
861 | MPI_UINT8_T,
862 | MPI_C_BOOL,
863 | MPI_INT
864 | };
865 | assert(MPI_Type_create_struct(6, work_block_lengths, work_displacements, work_datatypes,
866 | &g_mpi_work_type) == MPI_SUCCESS);
867 | assert(MPI_Type_commit(&g_mpi_work_type) == MPI_SUCCESS);
868 | }
869 |
870 | static void create_avail_gates(uint16_t gates, options *opt) {
871 | assert(opt != NULL);
872 | opt->avail_gates[0].num_inputs = 0;
873 | int gatep = 0;
874 | for (int i = 0; i < 16; i++) {
875 | if (gates & (1 << i)) {
876 | opt->avail_gates[gatep++] = create_2_input_fun(i);
877 | opt->avail_gates[gatep].num_inputs = 0;
878 | }
879 | }
880 | }
881 |
882 | /* Used in parse_opt to increase readability. */
883 | #define PARSE_OPTIONS_EXIT()\
884 | stop_workers();\
885 | MPI_Finalize();\
886 | exit(1);
887 | #define PARSE_OPTIONS_TEST_NAME_LENGTH(X)\
888 | if (strlen(X) >= MAX_NAME_LEN) {\
889 | fprintf(stderr, "Error: File name too long. (sboxgates.c:%d)\n", __LINE__);\
890 | stop_workers();\
891 | MPI_Finalize();\
892 | exit(1);\
893 | }
894 |
895 | static error_t parse_opt(int key, char *arg, struct argp_state *state) {
896 | options *opt = state->input;
897 | int avail_gates;
898 | char *endptr;
899 | switch (key) {
900 | case 'a':
901 | avail_gates = atoi(arg);
902 | if (avail_gates <= 0 || avail_gates > 65535) {
903 | fprintf(stderr, "Bad available gates value: %s (sboxgates.c:%d)\n", arg, __LINE__);
904 | PARSE_OPTIONS_EXIT();
905 | }
906 | create_avail_gates(avail_gates, opt);
907 | return 0;
908 | case 'c':
909 | opt->output_c = true;
910 | return 0;
911 | case 'd':
912 | opt->output_dot = true;
913 | return 0;
914 | case 'g':
915 | PARSE_OPTIONS_TEST_NAME_LENGTH(arg);
916 | strcpy(opt->gfname, arg);
917 | return 0;
918 | case 'i':
919 | opt->iterations = strtoul(arg, &endptr, 10);
920 | if (*endptr != '\0' || opt->iterations < 1) {
921 | fprintf(stderr, "Bad iterations value: %s (sboxgates.c:%d)\n", arg, __LINE__);
922 | PARSE_OPTIONS_EXIT();
923 | }
924 | return 0;
925 | case 'l':
926 | opt->lut_graph = true;
927 | return 0;
928 | case 'n':
929 | opt->try_nots = true;
930 | return 0;
931 | case 'o':
932 | opt->oneoutput = strtoul(arg, &endptr, 10);
933 | if (*endptr != '\0' || opt->oneoutput < 0 || opt->oneoutput > 7) {
934 | fprintf(stderr, "Bad output value: %s (sboxgates.c:%d)\n", arg, __LINE__);
935 | PARSE_OPTIONS_EXIT();
936 | }
937 | return 0;
938 | case 'p':
939 | opt->permute = strtoul(arg, &endptr, 10);
940 | if (*endptr != '\0' || opt->permute < 0 || opt->permute > 255) {
941 | fprintf(stderr, "Bad permutation value: %s (sboxgates.c:%d)\n", arg, __LINE__);
942 | PARSE_OPTIONS_EXIT();
943 | }
944 | return 0;
945 | case 's':
946 | opt->metric = SAT;
947 | return 0;
948 | case 'v':
949 | opt->verbosity += 1;
950 | return 0;
951 | case ARGP_KEY_ARG:
952 | if (strlen(opt->fname) != 0) {
953 | return 0;
954 | }
955 | PARSE_OPTIONS_TEST_NAME_LENGTH(arg);
956 | strcpy(opt->fname, arg);
957 | return 0;
958 | case ARGP_KEY_END:
959 | if (opt->output_c && opt->output_dot) {
960 | fprintf(stderr, "Cannot combine c and d options. (sboxgates.c:%d)\n", __LINE__);
961 | PARSE_OPTIONS_EXIT();
962 | }
963 |
964 | if (opt->lut_graph && opt->metric == SAT) {
965 | fprintf(stderr, "SAT metric can not be combined with LUT graph generation. "
966 | "(sboxgates.c:%d)\n", __LINE__);
967 | PARSE_OPTIONS_EXIT();
968 | }
969 |
970 | if (strlen(opt->fname) == 0) {
971 | fprintf(stderr, "Input file name argument missing. (sboxgates.c:%d)\n", __LINE__);
972 | PARSE_OPTIONS_EXIT();
973 | }
974 | /* Create derived boolean functions. */
975 | int num = 0;
976 | if (opt->try_nots) {
977 | num = get_not_functions(opt->avail_gates, opt->avail_not);
978 | }
979 | memset(opt->avail_not + num, 0, sizeof(boolfunc));
980 | num = get_3_input_function_list(opt->avail_gates, opt->avail_3, opt->try_nots);
981 | memset(opt->avail_3 + num, 0, sizeof(boolfunc));
982 | return 0;
983 | default:
984 | return ARGP_ERR_UNKNOWN;
985 | }
986 | }
987 |
988 | /* Loads an S-box from a file. The file should contain the S-box table as 2^n (1 <= n <= 8)
989 | whitespace separated hexadecimal numbers. The S-box is loaded into the 256 item array pointed to
990 | by sbox and num_input is set to the calculated number of input bits. The input file name is
991 | taken from the opt structure. */
992 | bool load_sbox(uint8_t *sbox, uint32_t *num_inputs, const options *opt) {
993 | assert(sbox != NULL);
994 | assert(num_inputs != NULL);
995 | assert(opt != NULL);
996 | assert(opt->fname != NULL);
997 | int sbox_inp = 0;
998 |
999 | FILE *fp = fopen(opt->fname, "r");
1000 | if (fp == NULL) {
1001 | fprintf(stderr, "Error when opening target S-box file. (sboxgates.c:%d)\n", __LINE__);
1002 | return false;
1003 | }
1004 |
1005 | int ret;
1006 | uint8_t target_sbox[256];
1007 | memset(target_sbox, 0, sizeof(uint8_t) * 256);
1008 | uint32_t input;
1009 | while ((ret = fscanf(fp, " %x", &input)) > 0 && ret != EOF && sbox_inp < 256 && input < 256) {
1010 | target_sbox[sbox_inp++] = input;
1011 | }
1012 | fclose(fp);
1013 |
1014 | if (__builtin_popcount(sbox_inp) != 1) {
1015 | fprintf(stderr, "Bad number of items in target S-box. (sboxgates.c:%d)\n", __LINE__);
1016 | return false;
1017 | }
1018 |
1019 | *num_inputs = 31 - __builtin_clz(sbox_inp);
1020 |
1021 | if (opt->permute == 0) {
1022 | memcpy(sbox, target_sbox, sizeof(uint8_t) * 256);
1023 | } else {
1024 | if (opt->permute >= (1 << *num_inputs)) {
1025 | fprintf(stderr, "Bad permutation value: %d (sboxgates.c:%d)\n", opt->permute, __LINE__);
1026 | return false;
1027 | }
1028 | for (int i = 0; i < 256; i++) {
1029 | sbox[i] = target_sbox[i ^ (uint8_t)opt->permute];
1030 | }
1031 | }
1032 |
1033 | if (opt->verbosity >= 2) {
1034 | printf("Loaded %d input S-box:\n", *num_inputs);
1035 | for (int i = 0; i < sbox_inp; i++) {
1036 | printf("%02x%s", sbox[i], (i + 1) % 16 ? " " : "\n");
1037 | }
1038 | }
1039 | return true;
1040 | }
1041 |
1042 | static struct argp argp = {argp_options, parse_opt, args_doc, doc, 0, 0, 0};
1043 |
1044 | int main(int argc, char **argv) {
1045 | MPI_Init(&argc, &argv);
1046 | int rank, size;
1047 | MPI_Comm_rank(MPI_COMM_WORLD, &rank);
1048 | MPI_Comm_size(MPI_COMM_WORLD, &size);
1049 |
1050 | create_g_mpi_work_type();
1051 |
1052 | /* Let all ranks except for rank 0 go into worker loop. */
1053 | if (rank != 0) {
1054 | mpi_worker();
1055 | MPI_Finalize();
1056 | return 0;
1057 | }
1058 |
1059 | /* Parse command line options. */
1060 | options opt = {
1061 | .fname = {0},
1062 | .gfname = {0},
1063 | .iterations = 1,
1064 | .oneoutput = -1,
1065 | .permute = 0,
1066 | .metric = GATES,
1067 | .output_c = false,
1068 | .output_dot = false,
1069 | .lut_graph = false,
1070 | .randomize = true,
1071 | .try_nots = false,
1072 | .avail_gates = {{0}},
1073 | .avail_not = {{0}},
1074 | .avail_3 = {{0}},
1075 | .num_avail_3 = 0,
1076 | .verbosity = 0
1077 | };
1078 | create_avail_gates(2 + 64 + 128, &opt); /* AND + OR + XOR */
1079 | argp_parse(&argp, argc, argv, 0, 0, &opt);
1080 | if (opt.verbosity >= 1) {
1081 | printf("Available gates: NOT ");
1082 | for (int i = 0; opt.avail_gates[i].num_inputs != 0; i++) {
1083 | printf("%s ", gate_name[opt.avail_gates[i].fun]);
1084 | }
1085 | printf("\nGenerated gates: ");
1086 | for (int i = 0; opt.avail_not[i].num_inputs != 0; i++) {
1087 | printf("%s ", gate_name[opt.avail_not[i].fun]);
1088 | }
1089 | printf("\nGenerated 3-input gates: ");
1090 | for (int i = 0; opt.avail_3[i].num_inputs != 0; i++) {
1091 | printf("%02x ", opt.avail_3[i].fun);
1092 | }
1093 | printf("\n");
1094 | }
1095 |
1096 | /* Convert graph to C or DOT output and quit. */
1097 | if (opt.output_c || opt.output_dot) {
1098 | stop_workers();
1099 | state st;
1100 | if (!load_state(opt.fname, &st)) {
1101 | fprintf(stderr, "Error when reading state file. (sboxgates.c:%d)\n", __LINE__);
1102 | MPI_Finalize();
1103 | return 1;
1104 | }
1105 | int retval = 0;
1106 | if (opt.output_c) {
1107 | retval = print_c_function(&st) ? 0 : 1;
1108 | } else {
1109 | print_digraph(&st);
1110 | }
1111 | MPI_Finalize();
1112 | return retval;
1113 | }
1114 |
1115 | /* Load specified S-box from file. */
1116 | uint32_t num_inputs; /* Used to initialize the input gates below. */
1117 | if (!load_sbox(g_sbox_enc, &num_inputs, &opt)) {
1118 | stop_workers();
1119 | MPI_Finalize();
1120 | return 1;
1121 | }
1122 |
1123 | /* Generate truth tables for all output bits of the target sbox. */
1124 | for (uint8_t i = 0; i < 8; i++) {
1125 | g_target[i] = generate_target(i, true);
1126 | }
1127 |
1128 | if (opt.oneoutput >= get_num_outputs()) {
1129 | fprintf(stderr, "Error: Can't generate output bit %d. Target S-box only has %d outputs. "
1130 | "(sboxgates.c:%d)\n", opt.oneoutput, get_num_outputs(), __LINE__);
1131 | stop_workers();
1132 | MPI_Finalize();
1133 | return 1;
1134 | }
1135 |
1136 | /* Initialize the state structure. */
1137 | state st;
1138 | memset(&st, 0, sizeof(state));
1139 | if (strlen(opt.gfname) == 0) {
1140 | st.max_sat_metric = INT_MAX;
1141 | st.sat_metric = 0;
1142 | st.max_gates = MAX_GATES;
1143 | st.num_gates = num_inputs;
1144 | for (int i = 0; i < num_inputs; i++) {
1145 | st.gates[i].type = IN;
1146 | st.gates[i].table = generate_target(i, false);
1147 | st.gates[i].in1 = NO_GATE;
1148 | st.gates[i].in2 = NO_GATE;
1149 | st.gates[i].in3 = NO_GATE;
1150 | st.gates[i].function = 0;
1151 | }
1152 | for (int i = 0; i < 8; i++) {
1153 | st.outputs[i] = NO_GATE;
1154 | }
1155 | } else if (!load_state(opt.gfname, &st)) {
1156 | stop_workers();
1157 | MPI_Finalize();
1158 | return 1;
1159 | } else {
1160 | printf("Loaded %s.\n", opt.gfname);
1161 | }
1162 |
1163 | /* Generate the graph. */
1164 | if (opt.oneoutput != -1) {
1165 | generate_graph_one_output(st, &opt);
1166 | } else {
1167 | generate_graph(st, &opt);
1168 | }
1169 |
1170 | stop_workers();
1171 | MPI_Finalize();
1172 |
1173 | return 0;
1174 | }
1175 |
--------------------------------------------------------------------------------
/sboxgates.h:
--------------------------------------------------------------------------------
1 | /* sboxgates.h
2 |
3 | Copyright (c) 2019-2021 Marcus Dansarie
4 |
5 | This program is free software: you can redistribute it and/or modify
6 | it under the terms of the GNU General Public License as published by
7 | the Free Software Foundation, either version 3 of the License, or
8 | (at your option) any later version.
9 |
10 | This program is distributed in the hope that it will be useful,
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | GNU General Public License for more details.
14 |
15 | You should have received a copy of the GNU General Public License
16 | along with this program. If not, see . */
17 |
18 | #ifndef __SBOXGATES_H__
19 | #define __SBOXGATES_H__
20 |
21 | #include
22 | #ifndef NO_MPI_HEADER
23 | #include
24 | #endif /* NO_MPI_HEADER */
25 | #include
26 | #include "boolfunc.h"
27 | #include "state.h"
28 |
29 | #define MAX_NAME_LEN (1000)
30 |
31 | #define ASSERT_AND_RETURN(R, T, S, M) \
32 | { \
33 | gatenum aar_ret = R; \
34 | ttable aar_target = T; \
35 | state *aar_st = S; \
36 | ttable aar_mask = M; \
37 | if (aar_ret == NO_GATE || ttable_equals_mask(aar_target, (aar_st)->gates[aar_ret].table, \
38 | aar_mask)) { \
39 | return aar_ret; \
40 | } else { \
41 | fprintf(stderr, "Return assertion in %s failed: %s:%d.\n", __func__, __FILE__, __LINE__); \
42 | abort(); \
43 | } \
44 | }
45 |
46 | extern uint8_t g_sbox_enc[256]; /* Target S-box. */
47 |
48 | /* Holds all options set by the user. */
49 | typedef struct {
50 | char fname[MAX_NAME_LEN]; /* Input file name. */
51 | char gfname[MAX_NAME_LEN]; /* Partial graph file name. */
52 | int iterations; /* Number of iterations per step. */
53 | int oneoutput; /* Set to 0-8 if only one output should be generated, else -1. */
54 | int permute; /* Set to 1-255 if S-box should be XOR permuted. */
55 | metric metric; /* The graph metric to use. */
56 | bool output_c; /* Set to true to convert graph to C function. */
57 | bool output_dot; /* Set to true to convert graph to DOT graph. */
58 | bool lut_graph; /* Set to true to build 3LUT graph. */
59 | bool randomize; /* Set to true to use randomization at various steps. */
60 | bool try_nots; /* Set to true to generate functions by appending NOT gates. */
61 | boolfunc avail_gates[17]; /* Available two-input gates. */
62 | boolfunc avail_not[49]; /* Available two-input gates with inverted input/output. */
63 | boolfunc avail_3[256]; /* Available three-input gates. */
64 | int num_avail_3; /* Number of available three-input gates. */
65 | int verbosity; /* How much information should be printed to the terminal. */
66 | } options;
67 |
68 | /* Used to broadcast work to be done by other MPI ranks. */
69 | typedef struct {
70 | state st; /* The current search state. */
71 | ttable target; /* The search target truth table. */
72 | ttable mask; /* The current search mask. */
73 | int8_t inbits[8]; /* List of input bits already used for multiplexing. Terminated by -1. */
74 | bool quit; /* Set to true to signal workers to quit. */
75 | int verbosity; /* Current verbosity level. */
76 | } mpi_work;
77 |
78 | #ifndef NO_MPI_HEADER
79 | extern MPI_Datatype g_mpi_work_type; /* MPI type for mpi_work struct. */
80 | #endif /* NO_MPI_HEADER */
81 |
82 | /* Adds a three input LUT gate to the state st. Returns the gate number of the added LUT, or
83 | NO_GATE.
84 | st - pointer to the state struct where the LUT should be added.
85 | func - the function, i.e. lookup table, of the added LUT gate.
86 | table - truth table of the added LUT.
87 | gid1 - gate number of input 1.
88 | gid2 - gate number of input 2.
89 | gid3 - gate number of input 3. */
90 | gatenum add_lut(state *st, uint8_t func, ttable table, gatenum gid1, gatenum gid2, gatenum gid3);
91 |
92 | /* Used to check if any solutions with smaller metric are possible. Uses either the add or the
93 | add_sat parameter depending on the current metric in use. Returns true if a solution with the
94 | provided metric is possible with respect to the value of st->max_gates or st->max_sat_metric.
95 | st - pointer to the search state to check.
96 | add - the number of added gates to check for.
97 | add_sat - the added SAT metric to check for.
98 | opt - pointer to options struct. */
99 | bool check_num_gates_possible(const state *st, int add, int add_sat, const options *opt);
100 |
101 | /* Returns true if the truth table is all-zero.
102 | tt - a truth table. */
103 | bool ttable_zero(const ttable tt);
104 |
105 | /* Performs a masked test for equality. Only bits set to 1 in the mask will be tested.
106 | in1 - a truth table.
107 | in2 - a truth table.
108 | mask - a mask. */
109 | bool ttable_equals_mask(const ttable in1, const ttable in2, const ttable mask);
110 |
111 | /* Returns a pseudorandom 64 bit string. Uses the xorshift1024 algorithm, initialized by
112 | /dev/urandom. Used in various places to randomize the search process. */
113 | uint64_t xorshift1024();
114 |
115 | #endif /* __SBOXGATES_H__ */
116 |
--------------------------------------------------------------------------------
/state.c:
--------------------------------------------------------------------------------
1 | /* state.c
2 |
3 | Helper functions for saving and loading files containing logic circuit
4 | representations of S-boxes created by sboxgates.
5 |
6 | Copyright (c) 2016-2017, 2020-2021 Marcus Dansarie
7 |
8 | This program is free software: you can redistribute it and/or modify
9 | it under the terms of the GNU General Public License as published by
10 | the Free Software Foundation, either version 3 of the License, or
11 | (at your option) any later version.
12 |
13 | This program is distributed in the hope that it will be useful,
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | GNU General Public License for more details.
17 |
18 | You should have received a copy of the GNU General Public License
19 | along with this program. If not, see . */
20 |
21 | #include
22 | #include
23 | #include
24 | #include
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include "lut.h"
30 | #include "sboxgates.h"
31 | #include "state.h"
32 |
33 | const char* const gate_name[] = {
34 | "FALSE",
35 | "AND",
36 | "A_AND_NOT_B",
37 | "A",
38 | "NOT_A_AND_B",
39 | "B",
40 | "XOR",
41 | "OR",
42 | "NOR",
43 | "XNOR",
44 | "NOT_B",
45 | "A_OR_NOT_B",
46 | "NOT_A",
47 | "NOT_A_OR_B",
48 | "NAND",
49 | "TRUE",
50 | "NOT",
51 | "IN",
52 | "LUT"
53 | };
54 |
55 | /* The Speck round function. */
56 | static inline uint32_t speck_round(uint16_t pt1, uint16_t pt2, uint16_t k1) {
57 | pt1 = (pt1 >> 7) | (pt1 << 9);
58 | pt1 += pt2;
59 | pt2 = (pt2 >> 14) | (pt2 << 2);
60 | pt1 ^= k1;
61 | pt2 ^= pt1;
62 | return (((uint32_t)pt1) << 16) | pt2;
63 | }
64 |
65 | /* Generates a simple fingerprint based on the Speck round function. It is meant to be used for
66 | creating unique-ish names for the state save file and is not intended to be cryptographically
67 | secure by any means. */
68 | static uint32_t state_fingerprint(const state st) {
69 | assert(st.num_gates <= MAX_GATES);
70 | state fpstate;
71 | memset(&fpstate, 0, sizeof(state));
72 | fpstate.max_gates = st.max_gates;
73 | fpstate.num_gates = st.num_gates;
74 | for (int i = 0; i < 8; i++) {
75 | fpstate.outputs[i] = st.outputs[i];
76 | }
77 | for (int i = 0; i < st.num_gates; i++) {
78 | fpstate.gates[i].table = st.gates[i].table;
79 | fpstate.gates[i].type = st.gates[i].type;
80 | fpstate.gates[i].in1 = st.gates[i].in1;
81 | fpstate.gates[i].in2 = st.gates[i].in2;
82 | fpstate.gates[i].in3 = st.gates[i].in3;
83 | fpstate.gates[i].function = st.gates[i].function;
84 | }
85 | uint16_t fp1 = 0;
86 | uint16_t fp2 = 0;
87 | uint16_t *ptr = (uint16_t*)&fpstate;
88 | size_t len = sizeof(state) - sizeof(gate) * (MAX_GATES - fpstate.num_gates);
89 | for (int p = 0; p < len / 2; p++) {
90 | uint32_t ct = speck_round(fp1, fp2, ptr[p]);
91 | fp1 = ct >> 16;
92 | fp2 = ct & 0xffff;
93 | }
94 | if (len & 1) {
95 | uint32_t ct = speck_round(fp1, fp2, ((uint8_t*)&fpstate)[len - 1]);
96 | fp1 = ct >> 16;
97 | fp2 = ct & 0xffff;
98 | }
99 | for (int r = 0; r < 22; r++) {
100 | uint32_t ct = speck_round(fp1, fp2, 0);
101 | fp1 = ct >> 16;
102 | fp2 = ct & 0xffff;
103 | }
104 | return (((uint32_t)fp1) << 16) | fp2;
105 | }
106 |
107 | void save_state(state st) {
108 | /* Generate a string with the output gates present in the state, in the order they were added. */
109 | char out[9];
110 | int num_outputs = 0;
111 | memset(out, 0, 9);
112 | for (int i = 0; i < st.num_gates; i++) {
113 | for (uint8_t k = 0; k < 8; k++) {
114 | if (st.outputs[k] == i) {
115 | num_outputs += 1;
116 | char str[2] = {'0' + k, '\0'};
117 | strcat(out, str);
118 | break;
119 | }
120 | }
121 | }
122 |
123 | char name[40];
124 | assert(snprintf(name, 40, "%d-%03d-%04d-%s-%08x.xml", num_outputs,
125 | st.num_gates - get_num_inputs(&st), st.sat_metric, out, state_fingerprint(st)) < 40);
126 |
127 | FILE *fp = fopen(name, "w");
128 | if (fp == NULL) {
129 | fprintf(stderr, "Error opening file for writing. (state.c:%d)\n", __LINE__);
130 | return;
131 | }
132 |
133 | fprintf(fp, "\n");
134 | fprintf(fp, "\n");
135 | for (int i = 0; i < 8; i++) {
136 | if (st.outputs[i] != NO_GATE) {
137 | fprintf(fp, " \n", i, st.outputs[i]);
138 | }
139 | }
140 | for (int i = 0; i < st.num_gates; i++) {
141 | const char *type = NULL;
142 | assert(st.gates[i].type <= LUT);
143 | type = gate_name[st.gates[i].type];
144 | if (st.gates[i].type == IN) {
145 | fprintf(fp, " \n");
146 | } else {
147 | if (st.gates[i].type == LUT) {
148 | fprintf(fp, " \n", st.gates[i].function);
149 | } else {
150 | fprintf(fp, " \n", type);
151 | }
152 | if (st.gates[i].in1 != NO_GATE) {
153 | fprintf(fp, " \n", st.gates[i].in1);
154 | }
155 | if (st.gates[i].in2 != NO_GATE) {
156 | fprintf(fp, " \n", st.gates[i].in2);
157 | }
158 | if (st.gates[i].in3 != NO_GATE) {
159 | fprintf(fp, " \n", st.gates[i].in3);
160 | }
161 | fprintf(fp, " \n");
162 | }
163 | }
164 | fprintf(fp, "\n");
165 | fclose(fp);
166 | }
167 |
168 | int get_sat_metric(gate_type type) {
169 | switch (type) {
170 | case FALSE_GATE: return 1;
171 | case AND: return 7;
172 | case A_AND_NOT_B: return 4;
173 | case A: return 4;
174 | case NOT_A_AND_B: return 7;
175 | case B: return 4;
176 | case XOR: return 12;
177 | case OR: return 7;
178 | case NOR: return 7;
179 | case XNOR: return 12;
180 | case NOT_B: return 4;
181 | case A_OR_NOT_B: return 7;
182 | case NOT_A: return 4;
183 | case NOT_A_OR_B: return 7;
184 | case NAND: return 7;
185 | case TRUE_GATE: return 1;
186 | case NOT: return 4;
187 | case IN: return 0;
188 | case LUT:
189 | default: assert(0);
190 | }
191 | }
192 |
193 | int get_num_inputs(const state *st) {
194 | int inputs = 0;
195 | for (int i = 0; st->gates[i].type == IN && i < st->num_gates; i++) {
196 | inputs += 1;
197 | }
198 | return inputs;
199 | }
200 |
201 | /* Calculates the truth table of a LUT given its function and three input truth tables. */
202 | ttable generate_lut_ttable(const uint8_t function, const ttable in1, const ttable in2,
203 | const ttable in3) {
204 | ttable ret = {0};
205 | if (function & 1) {
206 | ret |= ~in1 & ~in2 & ~in3;
207 | }
208 | if (function & 2) {
209 | ret |= ~in1 & ~in2 & in3;
210 | }
211 | if (function & 4) {
212 | ret |= ~in1 & in2 & ~in3;
213 | }
214 | if (function & 8) {
215 | ret |= ~in1 & in2 & in3;
216 | }
217 | if (function & 16) {
218 | ret |= in1 & ~in2 & ~in3;
219 | }
220 | if (function & 32) {
221 | ret |= in1 & ~in2 & in3;
222 | }
223 | if (function & 64) {
224 | ret |= in1 & in2 & ~in3;
225 | }
226 | if (function & 128) {
227 | ret |= in1 & in2 & in3;
228 | }
229 | return ret;
230 | }
231 |
232 | ttable generate_target(uint8_t bit, bool sbox) {
233 | assert(bit < 8);
234 | uint64_t vec[] = {0, 0, 0, 0};
235 | uint64_t *var = &vec[0];
236 | for (uint16_t i = 0; i < 256; i++) {
237 | if (i == 64) {
238 | var = &vec[1];
239 | } else if (i == 128) {
240 | var = &vec[2];
241 | } else if (i == 192) {
242 | var = &vec[3];
243 | }
244 | *var >>= 1;
245 | *var |= (uint64_t)(((sbox ? g_sbox_enc[i] : i) >> bit) & 1) << 63;
246 | }
247 | ttable t;
248 | memcpy(&t, &vec, sizeof(ttable));
249 | return t;
250 | }
251 |
252 | #define LOAD_STATE_RETURN_ON_ERROR(X, Y)\
253 | if (X) {\
254 | fprintf(stderr, "Error when parsing XML document. (state.c:%d)\n", __LINE__);\
255 | if (Y != NULL) xmlFreeDoc(Y);\
256 | return false;\
257 | }
258 |
259 | /* Loads a saved state */
260 | bool load_state(const char *name, state *return_state) {
261 | assert(name != NULL);
262 | assert(return_state != NULL);
263 |
264 | xmlDocPtr doc = xmlParseFile(name);
265 | LOAD_STATE_RETURN_ON_ERROR(doc == NULL, doc);
266 |
267 | /* Get gates. */
268 | xmlNodePtr gates = NULL;
269 | for (xmlNodePtr ptr = doc->children; ptr != NULL; ptr = ptr->next) {
270 | if (strcmp((char*)ptr->name, "gates") == 0) {
271 | gates = ptr;
272 | break;
273 | }
274 | }
275 | LOAD_STATE_RETURN_ON_ERROR(gates == NULL, doc);
276 |
277 | state st;
278 | memset(&st, 0, sizeof(state));
279 | st.max_gates = MAX_GATES;
280 | for (int i = 0; i < 8; i++) {
281 | st.outputs[i] = NO_GATE;
282 | }
283 |
284 | /* Parse gates. */
285 | for (xmlNodePtr gate = gates->children; gate != NULL; gate = gate->next) {
286 | if (strcmp((char*)gate->name, "gate") != 0) {
287 | continue;
288 | }
289 |
290 | /* Parse type enum. */
291 | char *typestr = (char*)xmlGetProp(gate, (xmlChar*)"type");
292 | LOAD_STATE_RETURN_ON_ERROR(typestr == NULL, doc);
293 | gate_type type = 0;
294 | while (type <= LUT) {
295 | if (strcmp(typestr, gate_name[type]) == 0) {
296 | break;
297 | }
298 | type += 1;
299 | }
300 | xmlFree(typestr);
301 | if (type > LUT) {
302 | LOAD_STATE_RETURN_ON_ERROR(true, doc);
303 | }
304 | typestr = NULL;
305 |
306 | /* Parse LUT function. */
307 | long func = 0;
308 | char *funcstr = (char*)xmlGetProp(gate, (xmlChar*)"function");
309 | if (funcstr != NULL) {
310 | func = strtol(funcstr, NULL, 16);
311 | xmlFree(funcstr);
312 | funcstr = NULL;
313 | LOAD_STATE_RETURN_ON_ERROR(func <= 0 || func > 255, doc);
314 | }
315 | /* Error if function is set for gate types other than LUT. */
316 | LOAD_STATE_RETURN_ON_ERROR(type != LUT && func != 0, doc);
317 |
318 | /* Parse input gates. */
319 | int inp = 0;
320 | gatenum inputs[] = {NO_GATE, NO_GATE, NO_GATE};
321 | for (xmlNodePtr input = gate->children; input != NULL; input = input->next) {
322 | if (strcmp((char*)input->name, "input") != 0) {
323 | continue;
324 | }
325 | char *gatestr = (char*)xmlGetProp(input, (xmlChar*)"gate");
326 | char *endptr;
327 | int gatenum = strtoul(gatestr, &endptr, 10);
328 | if (*endptr != '\0') {
329 | xmlFree(gatestr);
330 | LOAD_STATE_RETURN_ON_ERROR(true, doc);
331 | }
332 | xmlFree(gatestr);
333 | gatestr = NULL;
334 | LOAD_STATE_RETURN_ON_ERROR(gatenum >= st.num_gates, doc);
335 | inputs[inp++] = gatenum;
336 | }
337 |
338 | ttable table;
339 | if (type <= TRUE_GATE) {
340 | LOAD_STATE_RETURN_ON_ERROR(inp != 2, doc);
341 | table = generate_ttable_2(type, st.gates[inputs[0]].table, st.gates[inputs[1]].table);
342 | } else if (type == NOT) {
343 | LOAD_STATE_RETURN_ON_ERROR(inp != 1, doc);
344 | table = ~st.gates[inputs[0]].table;
345 | } else if (type == IN) {
346 | LOAD_STATE_RETURN_ON_ERROR(inp != 0, doc);
347 | LOAD_STATE_RETURN_ON_ERROR(st.num_gates >= 8, doc);
348 | LOAD_STATE_RETURN_ON_ERROR(st.num_gates != 0 && st.gates[st.num_gates - 1].type != IN, doc);
349 | table = generate_target(st.num_gates, false);
350 | } else if (type == LUT) {
351 | LOAD_STATE_RETURN_ON_ERROR(inp != 3, doc);
352 | table = generate_lut_ttable(func, st.gates[inputs[0]].table, st.gates[inputs[1]].table,
353 | st.gates[inputs[2]].table);
354 | } else {
355 | LOAD_STATE_RETURN_ON_ERROR(true, doc);
356 | }
357 |
358 | st.gates[st.num_gates].table = table;
359 | st.gates[st.num_gates].type = type;
360 | st.gates[st.num_gates].in1 = inputs[0];
361 | st.gates[st.num_gates].in2 = inputs[1];
362 | st.gates[st.num_gates].in3 = inputs[2];
363 | st.gates[st.num_gates].function = (uint8_t)func;
364 | st.num_gates += 1;
365 | }
366 |
367 | /* Parse outputs. */
368 | for (xmlNodePtr output = gates->children; output != NULL; output = output->next) {
369 | if (strcmp((char*)output->name, "output") != 0) {
370 | continue;
371 | }
372 | char *bitstr = (char*)xmlGetProp(output, (xmlChar*)"bit");
373 | char *endptr;
374 | int bit = strtoul(bitstr, &endptr, 10);
375 | if (*endptr != '\0') {
376 | xmlFree(bitstr);
377 | LOAD_STATE_RETURN_ON_ERROR(true, doc);
378 | }
379 | xmlFree(bitstr);
380 | bitstr = NULL;
381 | LOAD_STATE_RETURN_ON_ERROR(bit >= 8, doc);
382 | LOAD_STATE_RETURN_ON_ERROR(st.outputs[bit] != NO_GATE, doc);
383 |
384 | char *gatestr = (char*)xmlGetProp(output, (xmlChar*)"gate");
385 | int gate = strtoul(gatestr, &endptr, 10);
386 | if (*endptr != '\0') {
387 | xmlFree(gatestr);
388 | LOAD_STATE_RETURN_ON_ERROR(true, doc);
389 | }
390 | xmlFree(gatestr);
391 | gatestr = NULL;
392 | LOAD_STATE_RETURN_ON_ERROR(gate >= st.num_gates, doc);
393 |
394 | st.outputs[bit] = gate;
395 | }
396 |
397 | xmlFreeDoc(doc);
398 |
399 | /* Calculate SAT metric. */
400 | for (int i = 0; i < st.num_gates; i++) {
401 | if (st.gates[i].type == LUT) {
402 | st.sat_metric = 0;
403 | break;
404 | }
405 | st.sat_metric += get_sat_metric(st.gates[i].type);
406 | }
407 |
408 | *return_state = st;
409 |
410 | return true;
411 | }
412 |
--------------------------------------------------------------------------------
/state.h:
--------------------------------------------------------------------------------
1 | /* state.h
2 |
3 | Function definitions for state.h.
4 |
5 | Copyright (c) 2016-2017, 2020-2021 Marcus Dansarie
6 |
7 | This program is free software: you can redistribute it and/or modify
8 | it under the terms of the GNU General Public License as published by
9 | the Free Software Foundation, either version 3 of the License, or
10 | (at your option) any later version.
11 |
12 | This program is distributed in the hope that it will be useful,
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | GNU General Public License for more details.
16 |
17 | You should have received a copy of the GNU General Public License
18 | along with this program. If not, see . */
19 |
20 | #ifndef __STATE_H__
21 | #define __STATE_H__
22 |
23 | #include
24 | #include
25 |
26 | #define MAX_GATES 500
27 |
28 | /* Returned by functions returning a gate number to indicate that no gate was found or no gate
29 | could be added. */
30 | #define NO_GATE ((gatenum)-1)
31 |
32 | /* Used in printf format strings. */
33 | #define PRIgatenum PRIu16
34 |
35 | /* All two-input boolean gates and the special gates IN and LUT. */
36 | typedef enum {
37 | FALSE_GATE,
38 | AND,
39 | A_AND_NOT_B,
40 | A,
41 | NOT_A_AND_B,
42 | B,
43 | XOR,
44 | OR,
45 | NOR,
46 | XNOR,
47 | NOT_B,
48 | A_OR_NOT_B,
49 | NOT_A,
50 | NOT_A_OR_B,
51 | NAND,
52 | TRUE_GATE,
53 | NOT,
54 | IN,
55 | LUT,
56 | END = 0xff
57 | } gate_type;
58 |
59 | typedef enum {GATES, SAT} metric;
60 |
61 | /* Display strings for the gate types in gate_type. */
62 | extern const char* const gate_name[];
63 |
64 | /* 256 bit truth table. */
65 | #define TABLE_SIZE 256
66 | typedef uint64_t ttable
67 | __attribute((aligned(TABLE_SIZE / 8)))
68 | __attribute((vector_size(TABLE_SIZE / 8)));
69 |
70 | typedef uint16_t gatenum;
71 |
72 | typedef struct {
73 | ttable table; /* The truth table of the gate. */
74 | gate_type type; /* The type of gate represented. */
75 | gatenum in1; /* Input 1 to the gate. NO_GATE for the inputs. */
76 | gatenum in2; /* Input 2 to the gate. NO_GATE for NOT gates and the inputs. */
77 | gatenum in3; /* Input 3 if LUT or NO_GATE. */
78 | uint8_t function; /* For LUTs: the implemented lookup table/function. */
79 | } gate;
80 |
81 | typedef struct {
82 | int max_sat_metric; /* Current maximum accepted SAT metric. */
83 | int sat_metric; /* SAT metric of the current state. */
84 | gatenum max_gates; /* Current maximum accepted number of gates. */
85 | gatenum num_gates; /* Current number of gates. */
86 | gatenum outputs[8]; /* Gate number of the respective output gates, or NO_GATE. */
87 | gate gates[MAX_GATES]; /* Individual gates in the current graph. */
88 | } state;
89 |
90 | /* Saves the state st to a file named O-GGG-MMMM-NNNNNNNN-FFFFFFFF.xml, where
91 | O is the number of output Boolean functions in the circuit;
92 | GGG is the number of gates in the circuit;
93 | MMMM is the value of the SAT metric for the circuit;
94 | NNNNNNNN are the bit numbers of the output Boolean functions, in order of inclusion; and
95 | FFFFFFFF is a fingerprint that aims to uniquely identify the solution.
96 | */
97 | void save_state(state st);
98 |
99 | /* Returns the SAT metric of the specified gate type. Calling this with the LUT
100 | gate type will cause an assertion to fail. */
101 | int get_sat_metric(gate_type type);
102 |
103 | /* Returns the number of input gates in the state.
104 | st - pointer to a state. */
105 | int get_num_inputs(const state *st);
106 |
107 | /* Calculates the truth table of a LUT given its function and three input truth tables. */
108 | ttable generate_lut_ttable(const uint8_t function, const ttable in1, const ttable in2,
109 | const ttable in3);
110 |
111 | /* Generates a target truth table for the search.
112 | bit - which bit of the input/sbox to generate the target truth table for.
113 | sbox - If true, a target truth table for the given bit of g_sbox_enc is generated.
114 | If false, the truth table of the given input bit is generated. */
115 | ttable generate_target(uint8_t bit, bool sbox);
116 |
117 | /* Loads a saved state from an XML file. Returns true if successful and false otherwise.
118 | name - the file name to load the file from.
119 | state - a pointer to an allocted state struct that should be updated with the loaded state. */
120 | bool load_state(const char *name, state *return_state);
121 |
122 | #endif /* __STATE_H__ */
123 |
--------------------------------------------------------------------------------