proxmark3/common/legic_prng.c
2020-05-11 23:57:32 +02:00

61 lines
1.9 KiB
C

//-----------------------------------------------------------------------------
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// LEFIC's obfuscation function
//-----------------------------------------------------------------------------
#include "legic_prng.h"
// the prng is a muxed value from two lsfr a, b
// a is 7bit lsfr
// b is 8bit lsfr
// c keeps track on which step the prng is.
// legic_prng_get_bit() = gets a bit muxed from a and b.
struct lfsr {
uint8_t a;
uint8_t b;
uint32_t c;
} lfsr;
// Normal init is set following variables with a random value IV
// a == iv
// b == iv << 1 | 1
// * someone mentioned iv must be ODD.
// Hack:
// Now we have a special case with iv == 0
// it sets b to 0 aswell to make sure we get a all zero keystream out
// which is used in the initialisation phase sending the IV
//
void legic_prng_init(uint8_t iv) {
lfsr.a = iv;
lfsr.b = 0; // hack to get a always 0 keystream
lfsr.c = 0;
if (iv)
lfsr.b = (iv << 1) | 1;
}
void legic_prng_forward(int count) {
if (count == 0) return;
lfsr.c += count;
while (count--) {
// According: http://www.proxmark.org/forum/viewtopic.php?pid=5437#p5437
lfsr.a = (lfsr.a >> 1 | (lfsr.a ^ lfsr.a >> 6) << 6) & 0x7F;
lfsr.b = lfsr.b >> 1 | (lfsr.b ^ lfsr.b >> 2 ^ lfsr.b >> 3 ^ lfsr.b >> 7) << 7;
}
}
uint8_t legic_prng_get_bit(void) {
uint8_t idx = 7 - ((lfsr.a & 4) | (lfsr.a >> 2 & 2) | (lfsr.a >> 4 & 1));
return lfsr.b >> idx & 1;
}
uint32_t legic_prng_get_bits(uint8_t len) {
uint32_t a = 0;
for (uint8_t i = 0; i < len; ++i) {
a |= legic_prng_get_bit() << i;
legic_prng_forward(1);
}
return a;
}