(navigation image)
Home American Libraries | Canadian Libraries | Universal Library | Community Texts | Project Gutenberg | Children's Library | Biodiversity Heritage Library | Additional Collections
Search: Advanced Search
Anonymous User (login or join us)
Upload
See other formats

Full text of "Cracking DES : secrets of encryption research, wiretap politics & chip design"

cracking 




Secrets of 



How federal 



Encryption Research 



agencies 



Wiretap Politics 



subuert 



& Chip Design 



priuacv 



■e 



ELECTRONIC FRONTIER FOUNDATION 



Digitized by the Internet Archive 
in 2013 



http://archive.org/details/crackingdessecreOOelec 



Cracking DES 



Cracking DES 

Secrets of Encryption Research, Wiretap 

Politics & Chip Design 



Electronic Frontier Foundation 



Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design 

by the Electronic Frontier Foundation 

With the exceptions noted, this book and all of its contents are in the public domain. 
Published in 1998 by the Electronic Frontier Foundation. Printed in the United States of 
America. No rights reserved. Every part of this book, except as noted below, may be 
reproduced, in any form or by any means, without permission in writing from the publisher. 
Because this material is in the public domain, permission to reproduce, use, copy, modify, 
and distribute this material for any purpose and without fee is hereby granted. 

The test-file, bootstrap, and bootstrap2 listings in Chapter 4 are Copyright © 1997 by Network 
Associates, Inc. These listings may be reproduced in whole or in part without payment of 
royalties. Chapter 10, Architectural Considerations for Cryptanalytic Hardware, is 
Copyright ©1996 by the authors, Ian Goldberg and David Wagner. It may not be reproduced 
without the permission of the authors, who can be reached at iang@cs.berkeley.edu and 
daw@cs.berkeley.edu. Chapter 11, Efficient DES Key Search: An Update, is Copyright © 1997 
by Entrust Technologies. It may be reproduced in whole or in part without payment of 
royalties. Chapter 9, Breaking One Million DES Keys, is Copyright © 1986. Work done at the 
University of Leuven, Belgium, and supported by the NFWO, Belgium. It may not be repro- 
duced without the permission of the author, who can be reached at desmedt@cs.uwm.edu. 

Distributed by O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol, CA 95472. 

Printing History: 

May 1998: First Edition. 



Many of the designations used by manufacturers and sellers to distinguish their products are 
claimed as trademarks. Where those designations appear in this book, and the publisher was 
aware of a trademark claim, the designations have been printed in caps or initial caps. 

While many precautions have been taken in the preparation of this book, the publisher and 
distributor assume no responsibility for errors or omissions, or for damages resulting from the 
use of the information contained herein. 



This book is printed on acid-free paper with 85% recycled content, 15% post-consumer waste. 
O'Reilly & Associates is committed to using paper with the highest recycled content available 
consistent with high quality. 

ISBN: 1-56592-520-3 [9/98] 



Table of Contents 



Foreword ix 

Preface xiii 

1: Overview /-/ 

Politics of Decryption 1-1 

Goals 1-7 

History of DES Cracking 1-8 

EFF's DES Cracker Project 1-8 

Architecture 1-9 

Who Else Is Cracking DES? 1-16 

What To Do If You Depend On DES 1-17 

Conclusion 1-18 

2: Design for DES Key Search Array 2-1 

On-Chip Registers 2-1 

Commands 2-4 

Search Unit Operation 2-4 

Sample Programming Descriptions 2-5 

Scalability and Performance 2-9 

Host Computer Software 2-9 

Glossary 2-10 



vi Table of Contents 

3: Design for DES Key Search Array Chip-Level Specification 3-1 

ASIC Description 3-1 

Board description 3-3 

Read and Write Timing 3-5 

Addressing Registers 3-7 

All-active Signal 3-7 

ASIC Register Allocation 3-8 

4: Scanning the Source Code 4-1 

The Politics of Cryptographic Source Code 4-1 

The Paper Publishing Exception 4-2 

Scanning 4-4 

Bootstrapping 4-5 

5: Software Source Code 5-1 

6: Chip Source Code 6-1 

7: Chip Simulator Source Code 7-1 

8: Hardware Board Schematics 8-1 

Board Schematics 8-1 

Sun-4/470 backplane modifications 8-10 

PC Interfaces 8-12 

Errata 8-13 

9: Breaking One Million DES Keys by Yvo Desmedt 9-1 

Abstract 9-1 

Introduction 9-1 

The basic idea 9-2 

Details of such a machine 9-2 

Obtained results and remarks 9-4 

Conclusion 9-4 

Acknowledgement 9-5 



Table of Contents vii 

10: Architectural Considerations for Crypt analytic Hardware .. 10-1 

Abstract 10-1 

Introduction 10-1 

Motivation 10-2 

Related work 10-4 

Technical Approach 10-6 

Design and Analysis 10-8 

Future work 10-23 

Conclusions 10-23 

Acknowledgements 10-24 

Availability 10-24 

References 10-24 

11: Efficient DES Key Search — An Update by Michael J. Wiener 11-1 

Advancing Technology 11-2 

Programmable Hardware 11-3 

Conclusion 11-4 

12: Authors 12-1 

The Electronic Frontier Foundation 12-1 

John Gilmore 12-2 

Cryptography Research 12-2 

Paul Kocher 12-3 

Advanced Wireless Technologies 12-3 



Foreword 
by Whitfield Dijfie 



In 1974 the Stanford computer science community ate at Loui's.* As I sat eating 
one evening in the fall, Butler Lampson approached me, and in the course of 
inquiring what I was doing, remarked that the IBM Lucifer system was about to be 
made a national standard. I hadn't known it, and it set me thinking. 

My thoughts went as follows: 

NSA doesn't want a strong cryptosystem as a national standard, because it 
is afraid of not being able to read the messages. 

On the other hand, if NSA endorses a weak cryptographic system and is 
discovered, it will get a terrible black eye. 

Hints that Butler was correct began to appear and I spent quite a lot of time think- 
ing about this problem over the next few months. It led me to think about trap- 
door cryptosystems and perhaps ultimately public-key cryptography. 

When the Proposed Data Encryption Standard was released on the 17th of March 
1975,* I thought I saw what they had done. The basic system might be ok, but the 
keyspace was on the small side. It would be hard to search, but not impossible. 
My first estimate was that a machine could be built for $650M that would break 
DES in a week. I discussed the idea with Marty Hellman and he took it on with a 
vengance. Before we were through, the estimated cost had fallen to $20M and the 
time had declined to a day.* 



* Louis Kao's Hsi-Nan restaurant in Town and Country Village, Palo Alto 

t 40 Federal Register 12067 

\ Whitfield Diffie and Martin E. Hellman. Exhaustive cryptanalysis of the NBS data encryption stan- 
dard. Computer, 10(6):74-84, June 1977. 



IX 



Foreword by Whitfield Diffie 



Our paper started a game in the cryptographic community and many papers on 
searching through DES keys have since been written. About three years after the 
publication of our paper, Robert Jueneman — then at Satellite Business Systems in 
McLean, Virginia — wrote "The Data Encryption Standard vs. Exhaustive Search."* 
This opus was substantially more optimistic about the chances for DES breaking. It 
predicted that by 1985 a half-million dollar investment would get you a DES key 
every hour and that by 1995, $10 million similarly spent would reduce that time to 
two seconds, an estimate remarkably close to one made fifteen years later. 

A decade later, Yvo Desmedt and Jean-Jaques Quisquater made two contibutions, 
one whimsical, one serious. Using a related "birthday problem" sort of approach, 
they proposed a machine for attacking many cryptographic problems at a timet. 
Their whimsical suggestion took advantage of the fact that the polulation of China 
was about the square root of the size of the DES key space.* 

The year 1993 brought a watershed. Michael Wiener of Bell-Northern Research 
(BNR) designed the most solid paper machine yet.S It would not be too far off to 
describe it as a Northern Telecom DMS100 telephone switch, specialized to attack- 
ing DES. What made the paper notworthy was that it used standard Northern Tele- 
com design techniques from the chips to the boards to the cabinets. It anticipated 
an investment of under a million dollars for a machine that would recover a key 
every three hours. A provocative aside was the observation that the required bud- 
get could be hidden in a director's budget at BNR. 

Finally, in 1996, an estimate was prepared by not one or two cryptographers but 
by a group later, and not entirely sympathetically, called the magnificent seven. 11 
This estimate outlined three basic approaches loosely correlated with three levels 
of resources. At the cheap end was scrounging up time on computers you didn't 
need to own. In the middle was using programmable logic arrays, possibly PLA 
machines built for some other purpose such as chip simulation. The high end was 
the latest refinement of the custom chip approach. 



* R. R. Jueneman, The Data Encryption Standard vs. Exhaustive Search: Practicalities and Politics. 5 
Feb 1981. 

f Yvo Desmedt, "An Exhaustive Key Search Machine Breaking One Million DES Keys", presented at 
Eurocrypt 1987. Chapter 9 of this book. 

t Jean-Jacques Quisquater and Yvo G. Desmedt, Chinese Lotto as an Exhaustive Code-Breaking 
Machine, Computer, 24(11): 14-22, November 1991. 

§ Michael Wiener, "Efficient DES Key Search", presented at the Rump session of Crypto '93. Reprinted 
in Practical Cryptography for Data Internetworks, W. Stallings, editor, IEEE Computer Society Press, pp. 
31-79 (1996). Currently available at ftp://ripem.msu.edu/pub/crypt/docs/des-key- 
search.ps. 

II Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson, 
and Michael Wiener. "Minimal key lengths for symmetric ciphers to provide adequate commercial 
security: A report by an ad hoc group of cryptographers and computer scientists", January 1996. Avail- 
able at http: //www. bsa.org /policy /encrypt ion /cryptographers .html. 



Foreword by Whitfield Dijfie 



Exhaustive key search is a surprising problem to have enjoyed such popularity. To 
most people who have considered the probem, it is obvious that a search through 
2~56 possibilites is doable if somewhat tedious. If it a is mystery why so many of 
them, myself included, have worked to refine and solidify their estimates, it is an 
even greater mystery that in the late 1990s, some people have actually begun to 
carry out key searches. 

At the 1997 annual RSA cryptographic trade show in San Francisco, a prize was 
announced for cracking a DES cryptogram*. The prize was claimed in five months 
by a loose consortium using computers scattered around the Internets It was the 
most dramatic success so far for an approach earlier applied to factoring and to 
breaking cryptograms in systems with 40-bit keys. 

At the 1998 RSA show, the prize was offered again. This time the prize was 
claimed in 39 days* a result that actually represents a greater improvement than it 
appears to. The first key was found after a search of only 25% of the key space; 
the second was not recovered until the 85% mark. Had the second team been 
looking for the first key, they would have found it in a month. 

These efforts used the magnificent seven's first approach. No application of the 
second has yet come to light. This book skips directly to the third. It describes a 
computer built out of custom chips. A machine that 'anyone' can build, from the 
plans it presents — a machine that can extract DES keys in days at reasonable 
prices, or hours at high prices. With the appearance of this book and the machine 
it represents, the game changes forever. It is not a question of whether DES keys 
can be extracted by exhaustive search; it is a question of how cheaply they can be 
extracted and for what purposes. 

Using a network of general purpose machines that you do not own or control is a 
perfectly fine way of winning cryptanalytic contests, but it is not a viable way of 
doing production cryptanalysis. For that, you have to be able to keep your activi- 
ties to yourself. You need to be able to run on a piece of hardware that you can 
protect from unwanted scrutiny. This is such a machine. It is difficult to know how 
many messages have been encrypted with DES in the more than two decades that 
it has been a standard. Even more difficult is knowing how many of those mes- 
sages are of enduring interest and how many have already been captured or 
remain potentially accessible on disks or tapes, but the number, no matter pre- 
cisely how the question is framed must be large. All of these messages must now 
be considered to be vulnerable. 



* http: //www. rsa.com/rsalabs/97challenge/ 

t June 17, 1997, See the announcements at http://www.rsa.com/des/ and 
http: //www. frii . com/~rcv/deschall .htm 

t February 24, 1998, http://www.wired.com/news/news/technology/story/10544.html 
and http: //www. distributed. net. 



Foreword by Whitfield Diffie 



The vulnerability does not end there, however, for cryptosystems have nine lives. 
The most convincing argument that DES is insecure would not outweigh the vast 
investment in DES equipment that has accumulated throughout the world. People 
will continue using DES whatever its shortcomings, convincing themselves that it is 
adequate for their needs. And DES, with its glaring vulnerabilities, will go on pre- 
tending to protect information for decades to come. 



Preface 



In privacy and computer security, real information is too hard to find. Most people 
don't know what's really going on, and many people who do know aren't telling. 

This book was written to reveal a hidden truth. The standard way that the US Gov- 
ernment recommends that we make information secure and private, the "Data 
Encryption Standard" or DES, does not actually make that information secure or 
private. The government knows fairly simple ways to reveal the hidden informa- 
tion (called "cracking" or "breaking" DES). 

Many scientists and engineers have known or suspected this for years. The ones 
who know exactly what the government is doing have been unable to tell the 
public, fearing prosecution for revealing "classified" information. Those who are 
only guessing have been reluctant to publish their guesses, for fear that they have 
guessed wrong. 

This book describes a machine which we actually built to crack DES. The machine 
exists, and its existence can easily be verified. You can buy one yourself, in the 
United States; or can build one yourself if you desire. The machine was designed 
and built in the private sector, so it is not classified. We have donated our design 
to the public domain, so it is not proprietary. There is no longer any question that 
it can be built or has been built. We have published its details so that other scien- 
tists and engineers can review, reproduce, and build on our work. There can be 
no more doubt. DES is not secure. 



xiii 



Preface 



Chapters 

The first section of the book describes the Electronic Frontier Foundation's 
research project to build a machine to crack DES. The next section provides full 
technical details on the machine that we designed: for review, critique, explo- 
ration, and further evolution by the cryptographic research community. The final 
section includes several hard-to-find technical reports on brute force methods of 
cracking DES. 

Technical description 

Chapter 1, Overview, introduces our project and gives the basic architecture of the 
Electronic Frontier Foundation's DES-cracking machine. 

Chapter 2, Design Specification, by Paul Kocher of Cryptography Research, pro- 
vides specifications for the machine from a software author's point of view. 

Chapter 3, Hardware Specification, by Advanced Wireless Technologies, provides 
specifications for the custom gate array chips, and the boards that carry them, from 
a hardware designer's point of view. 

Technical design details 

Chapter 4, Scanning the Source Code, explains how you can feed this book 
through an optical scanner and regenerate the exact source code needed to build 
the software and the specialized gate array chip that we designed. 

Chapter 5, Software Source Code, contains a complete listing of the C-language 
software that runs on a PC and controls the DES-Cracker. 

Chapter 6, Chip Source Code, contains a complete listing of the chip design lan- 
guage (VHDL) code that specifies how we designed the custom gate array chip. 

Chapter 7, Chip Simulator Source Code, contains a complete listing of the C-lan- 
guage software that simulates the operation of the chip, for understanding how the 
chip works, and for generating test-vectors to make sure that the chips are prop- 
erly fabricated. 

Chapter 8, Hardware Board Schematics, provides schematic diagrams of the 
boards which provide power and a computer interface to the custom chips, as 
well as information on the layout of the boards and the backplanes that connect 
them. 



Preface xv 

Related Research Papers 

Chapter 9, Breaking One Million DES Keys by Yvo Desmedt, is a 1987 paper 
proposing an interesting design for a machine that could search for many DES 
keys simultaneously. 

Chapter 10, Architectural considerations for cryptanalytic hardware, by Ian Gold- 
berg and David Wagner, is a 1996 study that explores cracking DES and related 
ciphers by using field-programmable gate array chips. 

Chapter 11, Efficient DES Key Search -An Update, by Michael J. Wiener, revises for 
1998 the technology estimates from his seminal 1993 paper, which was the first to 
include full schematic diagrams of a custom chip designed to crack DES. 

Chapter 12, About the Authors, describes the foundation and the companies which 
collaborated to build this project. 



In This chapter: 

• Politics of Decryption 

• Goals 

• History of DES 
Cracking 

• EFFs DES Cracker 
Project 

• Architecture 

• Who Else Is Cracking 
DES? 

• What To Do If You 
Depend On DES 

• Conclusion 




Overview 



Politics of Decryption 



We began the Electronic Frontier Foundation's DES Cracker project because of our 
interest in the politics of decryption.* The vulnerability of widely used encryption 
standards like DES is important for the public to understand. 

A "DES Cracker" is a machine that can read information encrypted with the Data 
Encryption Standard (DES), by finding the key that was used to encrypt it. "Crack- 
ing DES" is a name for this search process. It is most simply done by trying every 
possible key until the right one is found, a tedious process called "brute-force 
search". 

If DES-encrypted information can easily be decrypted by those who are not 
intended to see it, the privacy and security of our infrastructures that use DES are 
at risk. Many political, social, and technological decisions depend on just how 
hard it is to crack DES. 

We noticed an increasing number of situations in which highly talented and 
respected people from the U.S. Government were making statements about how 
long it takes to crack DES. In all cases, these statements were at odds with our 
own estimates and those of the cryptographic research community. A less polite 
way to say it is that these government officials were lying, incompetent, or both. 
They were stating that cracking DES is much more expensive and time-consuming 
than we believed it to be. A very credible research paper had predicted that a 



* DES, the Data Encryption Standard, encrypts a confidential message into scrambled output under the 
control of a secret key. The input message is also known as "plaintext", and the resulting output as 
"ciphertext". The idea is that only recipients who know the secret key can decrypt the ciphertext to 
obtain the original message. DES uses a 56-bit key, so there are 2 56 possible keys. 



1-1 



1-2 Chapter 1: Overview 

machine could be built for $1.5 million, including development costs, that would 
crack DES in 3-1/2 hours. Yet we were hearing estimates of thousands of comput- 
ers and weeks to years to crack a single message. 

On Thursday, June 26, 1997 the U.S. House of Representatives' Committee on 
International Relations heard closed, classified testimony on encryption policy 
issues. The Committee was considering a bill to eliminate export controls on cryp- 
tography. After hearing this testimony, the Committee gutted the bill and inserted a 
substitute intended to have the opposite effect. A month later, a censored tran- 
script of the hearing was provided; see http://jya.com/hir-hear.htm. 
Here are excerpts: 

Statement of Louis J. Freeh, Director, Federal Bureau of 
Investigation 

. . . And we do not have the computers, we do not have the technology to get 
either real-time access to that information or any kind of timely access. 

If we hooked together thousands of computers and worked together over 4 
months we might, as was recently demonstrated decrypt one message bit. That is 
not going to make a difference in a kidnapping case, it is not going to make a dif- 
ference in a national security case. We don't have the technology or the brute 
force capability to get to this information. 

Statement of William P. Crowell, Deputy Director, National Security 
Agency 

... I would go further and say there have been people who have said that Louis 
Freeh's organization should just get smarter technically, and if they were just 
smarter technically, they would be able to break all of this stuff. I would like to 
leave you with just one set of statistics, and then I think I am going to close with 
just a few comments on the bill itself. 

There is no brute force solution for law enforcement, [blacked out 



] a group of students — not students — the Internet 

gang last week broke a single message using 56-bit DES. It took 78,000 computers 
96 days to break one message, and the headline was, DES has weak encryption. 

He doesn't consider that very weak. If that had been 64-bit encryption, which is 
available for export today, and is available freely for domestic use, that same effort 
would have taken 7,000 years. And if it had been 128-bit cryptography, which is 
what PGP is, pretty good privacy, it would have taken 8.6 trillion times the age of 
the universe. 



Politics of Decryption 1-3 

Comments made later in the hearing 

Chairman Gilman. Would you need added manpower resource and equipment if 
there is a need to decrypt? And would that add to your already difficult case of 
language translation in many of your wiretaps? 

Director Freeh. We would certainly need those resources, but I think more impor- 
tantly is the point that was made here. Contrary to the National Research Council 
recommendation that the FBI buy more computers and Bill Gates' suggestion to 
me that we upgrade our research and development [blacked out- — 

] American industry cannot do it, and that is decrypt real time 

encryption over a very minimal level of robustness, [blacked out ] If you 

gave me $3 million to buy a Cray computer, it would take me how many years to 
do one message bit? 

Mr. Crowell. 64 bits, 7,000 years. 

Director Freeh. I don't have that time in a kidnapping case. It would kill us. 

On March 17, 1998, Robert S. Litt, Principal Associate Deputy Attorney General, 
testified to the U.S. Senate Judiciary Committee, Subcommittee on the Constitution, 
Federalism, and Property. The subject of the hearing was "Privacy in a Digital Age: 
Encryption and Mandatory Access". Mr. Litt's whole statement is available at 

http: //www. computerprivacy . org/archive/0317199 8-4 . shtml. The 
part relevant to DES cracking is: 

Some people have suggested that this is a mere resource problem for law enforce- 
ment. They believe that law enforcement agencies should simply focus their 
resources on cracking strong encryption codes, using high-speed computers to try 
every possible key when we need lawful access to the plaintext of data or com- 
munications that is evidence of a crime. But that idea is simply unworkable, 
because this kind of brute force decryption takes too long to be useful to protect 
the public safety. For example, decrypting one single message that had been 
encrypted with a 56-bit key took 14,000 Pentium-level computers over four 
months; obviously, these kinds of resources are not available to the FBI, let alone 
the Jefferson City Police Department. 

What's Wrong With Their Statements? 

Some of the testimony quoted may have been literally true; nevertheless, it is 
deceptive. All of the time estimates presented by Administration officials were 
based on use of general-purpose computers to do the job. But that's fundamentally 
the wrong way to do it, and they know it. 

A ordinary computer is ill-suited for use as a DES Cracker. In the first place, the 
design of DES is such that it is inherently very slow in software, but fast in hard- 
ware. Second, current computers do very little in parallel; the designers don't 
know exactly what instructions will be executed, and must allow for all combina- 
tions. 



1-4 Chapter 1: Overview 

The right way to crack DES is with special-purpose hardware. A custom-designed 
chip, even with a slow clock, can easily outperform even the fastest general-pur- 
pose computer. Besides, you can get many such chips on a single board, rather 
than the one or two on a typical computer's motherboard. 

There are practical limits to the key sizes which can be cracked by brute-force 
searching, but since NSA deliberately limited the key size of DES to 56 bits, back 
in the 1970's when it was designed, DES is crackable by brute force. Today's tech- 
nology might not be able to crack other ciphers with 64-bit or 128-bit keys — or it 
might. Nobody will know until they have tried, and published the details for scien- 
tific scrutiny. Most such ciphers have very different internal structure than DES, 
and it may be possible to eliminate large numbers of possible keys by taking 
advantage of the structure of the cipher. Some senior cryptographers estimated 
what key sizes were needed for safety in a 1996 paper;* they suggest that to pro- 
tect against brute force cracking, today's keys should have a minimum of 75 bits, 
and to protect information for twenty years, a minimum of 90 bits. 

The cost of brute-force searching also overstates the cost of recovering encrypted 
text in the real world. A key report on the real impact of encryption on law 
enforcementt reveals that there are no cases in which a lack of police access to 
encrypted files resulted in a suspected criminal going free. In most cases the plain- 
text was recovered by other means, such as asking the suspect for the key, or 
finding another copy of the information on the disk. Even when brute force is the 
method of choice, keys are seldom truly random, and can be searched in the most 
likely order. 

Export Controls and DES 

The U.S. Government currently restricts the ability of companies, individuals, and 
researchers to export hardware or software that includes the use of DES for confi- 
dentiality. These "export controls" have been a severe impediment to the develop- 
ment of security and privacy for networked computers, cellular phones, and other 
popular communications devices. The use of encryption algorithms stronger than 
DES is also restricted. 

In December 1996, the government formally offered exporters the ability to incor- 
porate DES, but nothing stronger, into their products. The catch is that these com- 
panies would have to sign an agreement with the government, obligating them to 



* Minimal Key Lengths For Symmetric Ciphers To Provide Adequate Commercial Security: A Report By 
An Ad Hoc Group Of Cryptographers And Computer Scientists. Matt Blaze, Whitfield Diffie, Ronald L. 
Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson, Michael Wiener, January 1996. Available 

at http: //www. bsa.org /policy /encrypt ion /index. html. 

f Encryption and Evolving Technologies: Tools of Organized Crime and Terrorism, by Dorothy E. Den- 
ning and William E. Baugh, Jr. National Strategy Information Center, 1997. ISSN 1093-7269. 



Politics of Decryption 1-5 

install "key recovery" into their products within two years. Key recovery technol- 
ogy provides a way for the government to decrypt messages at will, by offering 
the government a copy of the key used in each message, in a way that the prod- 
uct's user cannot circumvent or control. In short, the government's offer was: col- 
lude with us to violate your customers' privacy, or we won't let you export any 
kind of secure products. 

At the same time, the FBI was let into the group that reviews each individual com- 
pany's application to export a cryptographic product. All reports indicate that the 
FBI is making good on the threat, by objecting to the export of all kinds of prod- 
ucts that pose no threat at all to the national security (having been exportable in 
previous years before the FBI gained a voice). The FBI appears to think that by 
making itself hated and feared, it will encourage companies to follow orders. 
Instead it is encouraging companies to overturn the regulatory scheme that lets the 
FBI abuse the power to control exports. Industry started a major lobbying group 
called Americans for Computer Privacy (http : //www. computerpri- 
vacy . org), which is attempting to change the laws to completely decontrol non- 
military encryption exports. 

Some dozens of companies to signed up for key recovery, though it is unclear 
how many actually plan to follow through on their promise to deploy the technol- 
ogy. You will not find many of these companies trumpeting key recovery in their 
product advertisements. Users are wary of it since they know it means compro- 
mised security. If customers won't buy such products, companies know it makes 
no sense to develop them. 

The best course for companies is probably to develop products that provide actual 
security, in some jurisdiction in the world which does not restrict their export. 
Some companies are doing so. The government's "compromise" offer discourages 
hesitant companies from taking this step, by providing a more moderate and con- 
ciliatory step that they can take instead. Companies that go to the effort to build 
overseas cryptographic expertise all use stronger technology than DES, as a selling 
point and to guard against early obsolesence. If those companies can be con- 
vinced to stay in the US, play the government's key-recovery game, and stick with 
DES, the government continues to win, and the privacy of the public continues to 
lose. 

The success or failure of the government's carrot-and-stick approach depends on 
keeping industry and the public misled about DES's security. If DES-based prod- 
ucts were perceived as insecure, there would be little reason for companies to sign 
away their customers' privacy birthrights in return for a mess of DES pottage. If 
DES-based products are perceived as secure, but the government actually knows 
that the products are insecure, then the government gets concessions from compa- 



1-6 Chapter 1: Overview 

nies, without impacting its ability to intercept communications. Keeping the public 
ignorant gives the government the best of both worlds. 

Political Motivations and EFF's Response 

We speculate that government officials are deliberately misleading the public about 
the strength of DES encryption: 

• To encourage the public to continue using DES, so their agencies can eaves- 
drop on the public. 

• To prevent the widespread adoption of stronger standards than DES, which 
the government would have more trouble decrypting. 

• To offer DES exportability as a bargaining-chip, which actually costs the gov- 
ernment little, but is perceived to be valuable. 

• To encourage policy-makers such as Congressmen or the President to impose 
drastic measures such as key recovery, in the belief that law enforcement has 
a major encrypted-data problem and no practical way to crack codes. 

As advocates on cryptography policy, we found ourselves in a hard situation. It 
appeared that highly credible people were either deliberately lying to Congress 
and to the public in order to advance their own harmful agendas, or were advo- 
cating serious infringement of civil liberties based on their own ignorance of the 
underlying issues. Most troubling is the possibility that they were lying. Perhaps 
these government executives merely saw themselves as shielding valuable classi- 
fied efforts from disclosure. As advocates of good government, we do not see that 
classifying a program is any justification for an official to perjure themselves when 
testifying about it. (Declining to state an opinion is one thing; making untruthful 
statements as if they were facts is quite another.) 

The National Research Council studied encryption issues and published a very 
complete 1996 report.* The most interesting conclusion of their report was that 
"the debate over national cryptography policy can be carried out in a reasonable 
manner on an unclassified basis". This presumes good faith on the part of the 
agencies who hide behind classified curtains, though. If it turns out that their pub- 
lic statements are manipulative falsehoods, an honest and reasonable public 
debate must necessarily exclude them, as dishonest and unreasonable participants. 

In the alternative, if poor policy decisions are being made based on the ignorance 
or incomptence of senior government officials, the role of honest advocates should 
be to inform the debate. 



* Cryptography's Role In Securing the Information Society, Kenneth W. Dam and Herbert S. Lin, edi- 
tors. National Academy Press, Washington, DC, 1996. 



Goals 1-7 

In response to these concerns, EFF began a research program. Our research results 
prove that DES can be cracked quickly on a low budget. This proves that these 
officials were either lying or incompetent. The book you are holding documents 
the research, and allows it to be validated by other scientists. 

Goals 

The goal of EFF's DES Cracker research project is to determine just how cheap or 
expensive it is to build a machine that cracks DES usefully. 

Technically, we were also interested in exploring good designs for plaintext recog- 
nizers. These are circuits that can notice when the result of decryption is likely 
enough to be correct that specialized software — or a human — should look at it. 
Little research has been published on them,* yet they are a vital part of any effi- 
cient system for cryptanalysis. 

Merely doing the research would let EFF learn the truth about the expense of 
cracking DES. But only publishing the research and demonstrating the machine 
would educate the public on the truth about the strength of DES. Press releases 
and even technical papers would not suffice; the appearance of schematics for a 
million-dollar DES Cracker in Michael Wiener's excellent 1993 paper should have 
been enough. But people still deploy DES, and Congressmen blindly accept the 
assurances of high officials about its strength. 

There are many people who will not believe a truth until they can see it with their 
own eyes. Showing them a physical machine that can crack DES in a few days is 
the only way to convince some people that they really cannot trust their security 
to DES. 

Another set of people might not believe our claims unless several other teams 
have reproduced them. (This is a basic part of the scientific method.) And many 
people will naturally be interested in how such a box works, and how it was built 
for only about $200,000. This book was written for such people. It contains the 
complete specifications and design documents for the DES Cracker, as well as cir- 
cuit diagrams for its boards, and complete listings of its software and its gate array 
design. The full publication of our design should enable other teams to rapidly 
reproduce, validate, and improve on our design. 



* But see: David A. Wagner and Steven M. Bellovin, "A Programmable Plaintext Recognizer," 1994. 
Available at http: //www. research. at t . com/~smb/papers/recog.ps or recog.pdf. 



1-8 Chapter 1: Overview 



History ofDES Cracking 



DES Crackers have been mentioned in the scientific and popular literature since 
the 1970's. Whitfield Diffie's Foreword describes several of them. The most recent 
detailed description was in a paper by Michael Wiener of Bell Northern Research 
in 1993. Wiener's paper included a detailed hardware design of a DES Cracker 
built with custom chips. The chips were to be built into boards, and the boards 
into mechanical "frames" like those of telephone central office switches. A com- 
pleted design would have cost about a million dollars and would determine a DES 
key from known plaintext and known ciphertext in an average of 3-1/2 hours (7 
hours in the worst case). 

Mr. Wiener updated his conclusions in 1998, adjusting for five years of technologi- 
cal change. His update paper is included in this book, thanks to the courtesy of 
RSA Data Security, which originally published his update. 

Ian Goldberg and David Wagner of the University of California at Berkeley took a 
different approach. Their design used a "field programmable gate array" (FPGA), 
which is a chip that can be reprogrammed after manufacturing into a variety of 
different circuits. 

FPGA chips are slower than the custom chips used in the Wiener design, but can 
be bought quickly in small quantities, without a large initial investment in design. 
Rather than spend a big chunk of a million dollars to design a big machine, these 
researchers bought one or two general purpose chips and programmed them to be 
a slow DES Cracker. This let them quickly measure how many slow chips they 
would need to pile up to make a practical DES Cracker. Their paper is also 
included in this book. 



EFF's DES Cracker Project 



The Electronic Frontier Foundation began its investigation into DES Cracking in 
1997. The original plan was to see if a DES Cracker could be built out of a 
machine containing a large number of FPGA's. 

Large machines built out of FPGAs exist in the commercial market for use in simu- 
lating large new chip designs before the chip is built. A collection of thousands of 
relatively incapable FPGA chips can be put together to simulate one very capable 
custom chip, although at l/10th or l/100th of the speed that the eventual custom 
chip would run at. This capability is used by chip designers to work the "bugs" 
out of their chip before committing to the expensive and time-consuming step of 
fabricating physical chips from their design. 

EFF never got access to such a chip simulator. Instead, our investigations led us to 
Paul Kocher of Cryptography Research. Paul had previously worked with a team 



Architecture 1-9 

of hardware designers who knew how to build custom gate array chips cheaply, 
in batches of a few thousand chips at a time. 

Paul and EFF met with the chip designers at Advanced Wireless Technologies, and 
determined that a workable DES Cracker could be built on a budget of about 
$200,000. The resulting machine would take less than a week, on average, to 
determine the key from a single 8-byte sample of known plaintext and ciphertext. 
Moreover, it would determine the key from a 16-byte sample of ciphertext in 
almost the same amount of time, if the statistical characteristics of the plaintext 
were known or guessable. For example, if the plaintext was known to be an elec- 
tronic mail message, it could find all keys that produce plaintext containing noth- 
ing but letters, numbers, and punctuation. This makes the machine much more 
usable for solving real-world decryption problems. 

There is nothing revolutionary in our DES Cracker. It uses ordinary ideas about 
how to crack DES that have been floating around in the cryptographic research 
community for many years. The only difference is that we actually built it, instead 
of just writing papers about it. Very similar machines could have been built last 
year, or the year before, or five or ten years ago; they would have just been slower 
or more expensive. 

Architecture 

The design of the EFF DES Cracker is simple in concept. It consists of an ordinary 
personal computer connected with a large array of custom chips. Software in the 
personal computer instructs the custom chips to begin searching, and interacts 
with the user. The chips run without further help from the software until they find 
a potentially interesting key, or need to be directed to search a new part of the 
key space. The software periodically polls the chips to find any potentially inter- 
esting keys that they have turned up. 

The hardware's job isn't to find the answer, but rather to eliminate most of the 
answers that are incorrect. Software is then fast enough to search the remaining 
potentially-correct keys, winnowing the "false positives" from the real answer. The 
strength of the machine is that it replicates a simple but useful search circuit thou- 
sands of times, allowing the software to find the answer by searching only a tiny 
fraction of the key space. 

As long as there is a small bit of software to coordinate the effort, the problem of 
searching for a DES key is "highly parallelizable". This means the problem can be 
usefully solved by many machines working in parallel, simultaneously. For exam- 
ple, a single DES-Cracker chip could find a key by searching for many years. A 
thousand DES-Cracker chips can solve the same problem in one thousandth of the 
time. A million DES-Cracker chips could theoretically solve the same problem in 



1-10 Chapter 1: Overview 

about a millionth of the time, though the overhead of starting each chip would 
become visible in the time required. The actual machine we built contains 1536 
chips. 

When conducting a brute-force search, the obvious thing to do is to try every pos- 
sible key, but there are some subtleties. You can try the keys in any order. If you 
think the key isn't randomly selected, start with likely ones. When you finally find 
the right key, you can stop; you don't have to try all the rest of the keys. You 
might find it in the first million tries; you might find it in the last million tries. On 
average, you find it halfway through (after trying half the keys). As a result, the 
timings for brute-force searches are generally given as the average time to find a 
key. The maximum time is double the average time. 

Search units 

The search unit is the heart of the EFF DES Cracker; it contains thousands of them. 

A search unit is a small piece of hardware that takes a key and two 64-bit blocks 
of ciphertext. It decrypts a block of ciphertext with the key, and checks to see if 
the resulting block of plaintext is "interesting". If not, it adds 1 to the key and 
repeats, searching its way through the key space. 

If the first decryption produces an "interesting" result, the same key is used to 
decrypt the second block of ciphertext. If both are interesting, the search unit 
stops and tells the software that it has found an interesting key. If the second 
block's decryption is uninteresting, the search unit adds one to the key and goes 
on searching the key space. 

When a search unit stops after finding an interesting result, software on the host 
computer must examine the result, and determine whether it's the real answer, or 
just a "false positive". A false positive is a plaintext that looked interesting to the 
hardware, but which actually isn't a solution to the problem. The hardware is 
designed to produce some proportion of false positives along with the real solu- 
tion. (The job of the hardware isn't to find the answer, but to eliminate the vast 
majority of the non-answers.) As long as the false positives don't occur so rapidly 
that they overwhelm the software's ability to check and reject them, they don't 
hurt, and they simplify the hardware and allow it to be more general-purpose. For 
the kinds of problems that we're trying to solve, the hardware is designed to waste 
less than 1% of the search time on false positives. 



Architecture 1-11 

Recognizing interesting plaintext 

What defines an interesting result? If we already know the plaintext, and are just 
looking for the key, an interesting result would be if the plaintext from this key 
matches our known block of plaintext. If we don't know the plaintext, perhaps the 
guess that it's all composed of letters, digits, and punctuation defines "interesting". 
The test has to be simple yet flexible. We ended up with one that's simple for the 
hardware, but a bit more complicated for the software. 

Each result contains eight 8-bit bytes. First, the search unit looks at each byte of 
the result. Such a byte can have any one of 256 values. The search unit is set up 
with a table that defines which of these 256 byte values are "interesting" and 
which are uninteresting. For example, if the plaintext is known to be all numeric, 
the software sets up the table so that the ten digits (0 to 9) are interesting, and all 
other potential values are uninteresting. 

The result of decrypting with the wrong key will look pretty close to random. So 
the chance of having a single byte look "interesting" will be based on what frac- 
tion of the 256 values are defined to be "interesting". If, say, 69 characters are 
interesting (A-Z, a-z, 0-9, space, and a few punctuation characters), then the 
chance of a random byte appearing to be interesting is 69/256 or about 1/4. These 
don't look like very good odds; the chip would be stopping on one out of every 
four keys, to tell the software about "interesting" but wrong keys. 

But the "interest" test is repeated on each byte in the result. If the chance of hav- 
ing a wrong key's byte appear interesting is 1/4, then the chance of two bytes 
appearing interesting is 1/4 of 1/4, or l/l6th. For three bytes, l/4th of l/4th of 
l/4th, or l/64th. By the time the chip examines all 8 bytes of a result, it only 
makes a mistake on 1/6 5 5 36th of the keys (1/4 8 keys). 

That seems like a pretty small number, but when you're searching through 
72,057,594,037,927,936 keys (2 56 keys, or 72 quadrillion keys), you need all the 
help you can get. Even having the software examine l/65536th of the possible 
keys would require looking at 1,099,511,627,776 keys (2 40 or about a trillion keys). 
So the chip provides a bit more help. 

This help comes from that second block of ciphertext. If every byte of a result 
looks interesting when the first block of ciphertext is decrypted, the chip goes 
back around and decrypts the second block of ciphertext with the same key. This 
divides the "error rate" by another factor of 65536, leaving the software with only 
16,777,216 (2 24 or about sixteen million) keys to look at. Software on modern 
computers is capable of handling this in a reasonable amount of time. 

(If we only know one block of ciphertext, we just give the chip two copies of the 
same ciphertext. It will test both copies, and eventually tell us that the block is 



1-12 Chapter 1: Overview 

interesting. The amount of time it spends checking this "second block" is always a 
tiny fraction of the total search time.) 

In the plaintext recognizer there are also 8 bits that lets us specify which bytes of a 
plaintext are interesting to examine. For example, if we know or suspect the con- 
tents of the first six bytes of a plaintext value, but don't know anything about the 
last two bytes, we can search for keys which match in just those six bytes. 

Known plaintext 

The chips will have many fewer "false positives" if the plaintext of the message is 
known, instead of just knowing its general characteristics. In that case, only a 
small number of byte values will be "interesting". If the plaintext has no repeated 
byte values, only eight byte values will be interesting, instead of 69 as above. 

For example, if the plaintext block is "hello th", then only the six byte values "h", 
"e", "1", "o", space, and "t" are interesting. If a plaintext contains only these bytes, 
it is interesting. We'll get some "false positives" since many plaintexts like "tholo tt" 
would appear "interesting" even though they don't match exactly. 

Using this definition of "interesting", a byte resulting from a wrong key will look 
interesting only about 8/256ths of the time, or l/32nd of the time. All eight bytes 
resulting from a wrong key will look interesting only l/32nd to the eighth power 
(l/32nd of l/32nd of l/32nd of l/32nd of l/32nd of l/32nd of l/32nd of l/32nd) 
of the time, or l/l,099,511,627,776th of the time (1/2 40 of the time). In other 
words, a search unit can try an average of a trillion keys before reporting that a 
wrong key looks interesting. This lets it search for a long time without slowing 
down or bothering the software. 

Speed 

Once you get it going, a search unit can do one decryption in 16 clock cycles. The 
chips we have built can run with a clock of 40 Mhz (40 million cycles per second). 
Dividing 16 into 40 million shows that each search unit can try about 2.5 million 
keys per second. 

In building the search units, we discovered that we could make them run faster if 
we used simpler circuitry for adding 1 to a key. Rather than being able to count 
from a key of all the way up to a key of all ones, we limited the adder so that it 
can only count the bottom 32 bits of the key. The top 24 bits always remain the 
same. At a rate of 2.5 million keys per second, it takes a search unit 1717 seconds 
(about half an hour) to search all the possible keys that have the same top 24 bits. 
At the end of half an hour, the software has to stop the chip, reload it with a new 
value in the top 24 bits, and start it going again. 



Architecture 1-13 

Feedback Modes 

The chip can also decrypt ciphertext that was encrypted in "Cipher Block Chain- 
ing" mode. In this mode, the ciphertext of each block is exclusive-OR'd into the 
plaintext of the next block before it is encrypted. (An "initialization vector" is 
exclusive-OR'd into the first block of plaintext.) The search unit knows how to 
exclusive-OR out an Initialization Vector (IV) after decrypting the first cyphertext, 
and to exclusive-OR out the first cyphertext after decrypting the second one. The 
software specifies the IV at the same time it provides the cyphertext values. 

Blaze Challenge 

In June, 1997 Matt Blaze, a cryptography researcher at AT&T, proposed a different 
sort of cryptographic challenge. He wanted a challenge that not even the propo- 
nent knew how to solve, without either doing a massive search of the key-space, 
or somehow cryptanalyzing the structure of DES. 

His challenge is merely to find a key such that a ciphertext block of the form 
XXXXXXXX decrypts to a plaintext block of the form YYYYYYYY, where X and Y 
are any fixed 8-bit value that is repeated across each of the eight bytes of the 
block. 

We added a small amount of hardware to the search units to help with solving this 
challenge. There is an option to exclusive-OR the right half of the plaintext into 
the left half, before looking to see if the plaintext is "interesting". For plaintexts of 
the form YYYYYYYY, this will result in a left half of all zeros. We can then set up 
the plaintext recognizer so it only looks at the left half, and only thinks zeroes are 
interesting. This will produce a large number of false positives (any plaintext 
where the left and right halves are equal, like ABCDABCD), but software can 
screen them out with only about a 1% performance loss. 

Structure Of The Machine 

Now that you know how a single search unit works, let's put them together into 
the whole machine. 

Each search unit fits inside a custom chip. In fact, 24 search units fit inside a single 
chip. All the search units inside a chip share the same ciphertext blocks, initializa- 
tion vector, and the same plaintext-recognizer table of "interesting" result values. 
Each search unit has its own key, and each can be stopped and started indepen- 
dently. 

The chip provides a simple interface on its wires. There are a few signals that say 
whether any of the search units are stopped, some address and data wires so that 



1-14 Chapter 1: Overview 

the software ean read and write to the search units, and wires for electrical power 
and grounding. 

Since each search unit tries 2.5 million keys per second, a chip with 24 search 
units will try 60 million keys per second. But there are a lot of keys to look at. For 
a single chip, it would take 6,950 days (about 19 years) to find the average key, or 
38 years to search the entire key space. Since we don't want to wait that long, we 
use more than one chip. 

Each chip is mounted onto a large circuit board that contains 64 chips, along with 
a small bit of interface circuitry. The board blinks a light whenever the software is 
talking to that board. 64 other lights show when some search unit in each chip has 
stopped. In normal operation the software will talk to the board eveiy few sec- 
onds, to check up on the chips. The chips should only stop every once in a while, 
and should be quickly restarted by the software. 

The boards are designed to the mechanical specifications of "9U" VMEbus boards 
(about 15" by 15"). VMEbus is an industrial standard for computer boards, which 
was popular in the 1980s. We used the VMEbus form factor because it was easy to 
buy equipment that such boards plug into; we don't actually use the VMEbus elec- 
trical specifications. 

9U VMEbus boards are much larger than the average interface card that plugs into 
a generic PC, so a lot more chips can be put onto them. Also, 9U VxMEbus boards 
are designed to supply a lot of power, and our DES Cracker chips need it. 

Since each chip searches 60 million keys per second, a board containing 64 chips 
will search 3.8 billion keys per second. Searching half the key space would take 
the board about 109 days. Since we don't want to wait that long either, we use 
more than one board. 

The boards are mounted into chassis, also called "card cages". In the current 
design, these chassis are recycled Sun workstation packages from about 1990. Sun 
Microsystems built a large number of systems that used the large 9U VMEbus 
boards, and provide excellent power and cooling for the boards. The Sun-4/470 
chassis provides twelve slots for VMEbus boards, and can easily be modified to 
handle our requirements. Subsequent models may use other physical packaging. 

Each chassis has a connector for a pair of "ribbon cables" to connect it to the next 
chassis and to the generic PC that runs the software. The last chassis will contain a 
"terminator", rather than a connection to the next chassis, to keep the signals on 
the ribbon cable from getting distorted when they reach the end of the line. 

Since each board searches 3.8 billion keys per second, a chassis containing 12 
boards will search 46 billion keys per second. At that rate, searching half the key 
space takes about 9 days. One chassis full of boards is about 25% faster than the 



Architecture 



1-15 



entire worldwide network of machines that solved the RSA "DES-II" challenge in 
February 1998, which was testing about 34 billion keys per second at its peak. 

Since an informal design goal for our initial DES Cracker was to crack an average 
DES key in less than a week, we need more than 12 boards. To give ourselves a 
comfortable margin, we are using 24 boards, which we can fit into two chassis. 
They will search 92 billion keys per second, covering half the key space in about 
4.5 days. If the chips consume too much power or produce too much heat for two 
chassis to handle,* we can spread the 24 boards across three chassis. 

Table 1-1: Summary of DES Cracker performance 



Device 


How Many In Next Device 


Keys/Sec 


Days/avg search 


Search Unit 


24 


2,500,000 


166,800 


Chip 


64 


60,000,000 


6,950 


Board 


12 


3,840,000,000 


109 


Chassis 


2 


46,080,000,000 


9.05 


EFF DES Cracker 




92,160,000,000 


4.524 



We designed the search unit once. Then we got a speedup factor of more than 
36,000 to 1 just by replicating it 24 times in each chip and making 1500 chips. This 
is what we meant by "highly parallelizable". 

Budget 

The whole project was budgeted at about US$210,000. Of this, $80,000 is for the 
labor of designing, integrating, and testing the DES Cracker. The other $130,000 is 
for materials, including chips, boards, all other components on the boards, card 
cages, power supplies, cooling, and a PC. 

The software for controlling the DES Cracker was written separately, as a volun- 
teer project. It took two or three weeks of work. 

The entire project was completed within about eighteen months. Much of that 
time was used for preliminary research, before deciding to use a custom chip 
rather than FPGA's. The contract to build custom chips was signed in September, 
1997, about eight months into the project. The team contained less than ten peo- 
ple, none of whom worked full-time on the project. They include a project man- 
ager, software designer, programmer, chip designer, board designer, hardware 
technicians, and hardware managers. 



* At publication time, we have tested individual chips but have yet not built the full machine. If the 
chips' power consumption or heat production is excessive in a machine containing 1500 chips, we also 
have the option to reduce the chips' clock rate from 40 MHz down to, say, 30 MHz. This would signifi- 
cantly reduce the power and heat problems, at a cost of 33% more time per search (6 days on aver- 
age). 



1-16 Chapter 1: Overview 

We could have reduced the per-chip cost, or increased the chip density or search 
speed, had we been willing to spend more money on design. A more complex 
design could also have been flexible enough to crack other encryption algorithms. 
The real point is that for a budget that any government, most companies, and tens 
of thousands of individuals could afford, we built a usable DES Cracking machine. 
The publication of our design will probably in itself reduce the design cost of 
future machines, and the advance of semiconductor technology also makes this 
cost likely to drop. In five years some teenager may well build her own DES 
Cracker as a high school science fair project. 



Who Else Is Cracking DES? 



If a civil liberties group can build a DES Cracker for $200,000, it's pretty likely that 
governments can do the same thing for under a million dollars. (That's a joke.) 
Given the budget and mission of the US National Security Agency, they must have 
started building DES Crackers many years ago. We would guess that they are now 
on their fourth or fifth generation of such devices. They are probably using chips 
that are much faster than the ones we used; modern processor chips can run at 
more than 300 Mhz, eight times as fast as our 40 Mhz chips. They probably have 
small "field" units that fit into a suitcase and crack DES in well under a day; as 
well as massive central units buried under Ft. Meade, that find the average DES 
key in seconds, or find thousands of DES keys in parallel, examining thousands of 
independent intercepted messages. 

Our design would scale up to finding a DES key in about half an hour, if you used 
333,000 chips on more than 5,200 boards. The boards would probably require 
about 200 parallel port cards to communicate with them; an IBM-compatible PC 
could probably drive four such cards, thus requiring about 50 PC's too. The soft- 
ware required would be pretty simple; the hard part would be the logistics of 
physical arrangement and repair. This is about 200 times as much hardware as the 
project we built. A ridiculously high upper bound on the price of such a system 
would be 200 times the current project price, or $40 million. 

Of course, if we were going to build a system to crack DES in half an hour or less, 
using a third of a million chips, it would be better to go back to the drawing board 
and design from scratch. We'd use more modern chip fabrication processes; a 
higher- volume customer can demand this. We'd spend more on the initial design 
and the software, to produce a much cheaper and simpler total system, perhaps 
allowing boards full of denser, faster, lower-voltage chips to use a small onboard 
processor and plug directly into an Ethernet. We'd work hard to reduce the cost of 
each chip, since there would be so many of them. We'd think about how to crack 
multiple DES keys simultaneously. 



What To Do If You Depend On DES 1-17 

It would be safe to assume that any large country has DES Cracking machines. 
After the publication of this book wakes them up, probably more small countries 
and some criminal organizations will make or buy a few DES Crackers. That was 
not the intent of the book; the intent was to inform and warn the targets of this 
surveillance, the builders of equipment, and the policy makers who grapple with 
encryption issues. 

What To Do If You Depend On DES 

Don't design anything else that depends on single DES. 

Take systems out of service that use permanently fixed single-DES keys, or 
superencrypt the traffic at a higher level. Superencryption requires special care, 
though, to avoid providing any predictable headers that can be used to crack the 
outer DES encryption. 

Start changing your software and/or hardware to use a stronger algorithm than 
DES. 

Three-key Triple-DES is an obvious choice, since it uses the same block size and 
can possibly use the same hardware; it just uses three keys and runs DES three 
times (encrypting each block with the first key, decrypting it with the second, then 
encrypting it with the third). The strength of Triple-DES is not known with any 
certainty, but it is certainly no weaker than single DES, and is probably substan- 
tially stronger. Beware of "mixed up" variants or modes of Triple-DES; research by 
Eli Biham* and David Wagnert shows that they are significantly weaker than the 
straightforward Triple-DES, and may be even weaker than single-DES. Use three 
copies of DES in Electronic Code Book (ECB) mode as a basic primitive. You can 
then build a mode such as Cipher Feedback mode using the primitive ECB 3DES. 

The US Government is tardily going through a formal process to replace the DES. 
This effort, called the Advanced Encryption Standard, will take several years to 
decide on a final algorithm, and more years for it to be proven out in actual use, 
and carefully scrutinized by public cryptanalysts for hidden weaknesses. If you are 
designing products to appear five to ten years from now, the AES might be a good 
source of an encryption algorithm for you. 

The reason that the AES is tardy is because the NSA is believed to have blocked 
previous attempts to begin the process over the last decade. In recent years NSA 



* "Cryptanalysis of Triple-Modes of Operation", Eli Biham, Technion Computer Science Department 
Technical Report CS0885, 1996. 

f "Cryptanalysis of some Recently Proposed Multiple Modes of Operation", David Wagner, University of 
California at Berkeley, http://www.cs.berkeley.edu/~daw/multmode-fse98.ps. Presented 
at the 1998 Fast Software Encryption workshop. 



1-18 Chapter 1: Overview 

has tried, without success, to get the technical community to use classified, NSA- 
designed encryption algorithms such as Skipjack, without letting the users subject 
these algorithms to public scrutiny. Only after this effort failed did they permit the 
National Institute of Standards and Technology to begin the AES standardization 
process. 

Conclusion 

The Data Encryption Standard has served the public pretty well since 1975. But it 
was designed in an era when computation cost real money, when massive com- 
puters hunkered on special raised flooring in air-conditioned inner sanctums. In an 
era when you can carry a supercomputer in your backpack, and access millions of 
machines across the Internet, the Data Encryption Standard is obsolete. 

The Electronic Frontier Foundation hopes that this book inspires a new level of 
truth to enter the policy debates on encryption. In order to make wise choices for 
our society, we must make well-informed choices. Great deference has been paid 
to the perspective and experience of the National Security Agency and Federal 
Bureau of Investigation in these debates. This is particularly remarkable given the 
lack of any way for policy-makers or the public to check the accuracy of many of 
their statements.* (The public cannot even hear many of their statements, because 
they are classified as state secrets.) We hope that the crypto policy debate can 
move forward to a more successful and generally supported policy. Perhaps if 
these agencies will consider becoming more truthful, or policy-makers will stop 
believing unverified statements from them, the process can move more rapidly to 
such a conclusion. 



* DES cracking is not the only issue on which agency credibility is questionable. For example, the 
true extent of the law enforcement problem posed by cryptography is another issue on which official 
dire predictions have been made, while more careful and unbiased studies have shown little or no 
impact. The validity of the agencies' opinion of the constitutionality of their own regulations is also in 
doubt, having been rejected two decades ago by the Justice Department, and declared unconstitutional 
in 1997 by a Federal District Court. The prevalence of illegal wiretapping and communications inter- 
ception by government employees is also in question; see for example the Los Angeles Times story of 
April 26, 1998, "Can the LA. Criminal-Justice System Work Without Trust?" 



In This chapter: 

• On-Chip Registers 

• Commands 

• Search Unit 
Operation 

• Sample 
Programming 
Descriptions 

• Scalability and 
Performance 

• Host Computer 
Software 

• Glossary 




Design for DES 
Key Search Array 



Cryptography Research 

and 

Advanced Wireless Technologies, Inc. 



On-Chip Registers 



Each chip contains the following registers. They are addressed as specified in Fig- 
ure 2-1. 

CiphertextO (64 bits = 8 bytes) 

The value of the first ciphertext being searched. CiphertextO is identical in all 
search units and is set only once (when the search system is first initialized). 

Ciphertext 1 (64 bits = 8 bytes) 

The value of the second ciphertext being searched. Ciphertextl is identical in all 

search units and is set only once (when the search system is first initialized). 

PlaintextByteMask (8 bits) 

The plaintext byte selector. One-bits in this register indicate plaintext bytes that 
should be ignored when deciding whether or not the plaintext produced by a par- 
ticular key is possibly correct. This mask is helpful when only a portion of the 
plaintext's value is known. For example, if the first 5 bytes equal a known header 
but the remaining three are unknown, a PlaintextByteMask of 0x07 would be 
used. 

PlaintextXorMask (64 bits = 8 bytes) 

This register is XORed with decryption of CiphertextO. This is normally filled with 



2-1 



2-2 



Chapter 2: Design for DES Key Search Array 





Figure 


2-1: 


Register Addressing 




Register (s) 


Description 


& Comments 










OxOO-OxlF 


Plaintext Vector 












0x20-0x27 


Plaint extXorMa 


3k 












0x28-0x2F 


CiphertextO 
















0x30-0x37 


Ciphertextl 
















0x38 


Plaintext By teMask 












0x39-0x3E 


Unused 


(reserved) 












0x3F 


Searchlnf o 
















0x40-0x47 


Search 


unit 





key 


counter 


0x40-0x46) 


and 


SearchStatus 


0x47) 


0x48-0x4F 


Search 


unit 


1 


key 


counter 


0x48-0x4E) 


and 


SearchStatus 


0x4F) 


0x50-0x57 


Search 


unit 


2 


key 


counter 


0x50-0x56) 


and 


SearchStatus 


0x57) 


0x58-0x5F 


Search 


unit 


3 


key 


counter 


0x58-0x5E) 


and 


SearchStatus 


0x5F) 


0x60-0x67 


Search 


unit 


4 


key 


counter 


0x60-0x66) 


and 


SearchStatus 


0x67) 


0x68-0x6F 


Search 


unit 


5 


key 


counter 


0x68-0x6E) 


and 


SearchStatus 


0x6F) 


0x70-0x77 


Search 


unit 


6 


key 


counter 


0x70-0x76) 


and 


SearchStatus 


0x77) 


0x78-0x7F 


Search 


unit 


7 


key 


counter 


0x78-0x7E) 


and 


SearchStatus 


0x7F) 


0x80-0x87 


Search 


unit 


8 


key 


counter 


0x80-0x86) 


and 


SearchStatus 


0x87) 


0x88-0x8F 


Search 


unit 


9 


key 


counter 


0x88-0x8E) 


and 


SearchStatus 


0x8F) 


0x90-0x97 


Search 


unit 


10 


key 


counter 


0x90-0x96) 


and 


SearchStatus 


0x97) 


0x98-0x9F 


Search 


unit 


11 


key 


counter 


0x98-0x9E) 


and 


SearchStatus 


0x9F) 


0xA0-0xA7 


Search 


unit 


12 


key 


counter 


0xA0-0xA6) 


and 


SearchStatus 


0xA7) 


0xA8-0xAF 


Search 


unit 


13 


key 


counter 


0xA8-0xAE) 


and 


SearchStatus 


OxAF) 


0xB0-0xB7 


Search 


unit 


14 


key 


counter 


0xB0-0xB6) 


and 


SearchStatus 


0xB7) 


0xB8-0xBF 


Search 


unit 


15 


key 


counter 


0xB8-0xBE) 


and 


SearchStatus 


OxBF) 


0xC0-0xC7 


Search 


unit 


16 


key 


counter 


0xC0-0xC6) 


and 


SearchStatus 


0xC7) 


0xC8-0xCF 


Search 


unit 


17 


key 


counter 


0xC8-0xCE) 


and 


SearchStatus 


OxCF) 


0xD0-0xD7 


Search 


unit 


18 


key 


counter 


0xD0-0xD6) 


and 


SearchStatus 


0xD7) 


0xD8-0xDF 


Search 


unit 


19 


key 


counter 


0xD8-0xDE) 


and 


SearchStatus 


OxDF) 


0xE0-0xE7 


Search 


unit 


20 


key 


counter 


0xE0-0xE6) 


and 


SearchStatus 


0xE7) 


0xE8-0xEF 


Search 


unit 


21 


key 


counter 


0xE8-0xEE) 


and 


SearchStatus 


OxEF) 


0xF0-0xF7 


Search 


unit 


22 


key 


counter 


0xF0-0xF6) 


and 


SearchStatus 


0xF7) 


0xF8-0xFF 


Search 


unit 


23 


key 


counter 


0xF8-0xFE) 


and 


SearchStatus 


OxFF) 



the CBC mode IV. 



PlaintextVector (256 bits = 8 bytes) 

Identifies allowable plaintext byte values (ignoring those masked by the Plain- 
textByteMask). If, for any plaintext byte P[i=0..7], bit P[i] is not set, the decryption 
key will be rejected. PlaintextVector is identical in all search units and is set only 
once (when the search system is first initialized). 

Searchlnfo (8 bits) 

The bits in Searchlnfo describe how the correct plaintext identification function 
works. Bits of Searchlnfo are defined as follows: 



On-Chip Registers 2-3 

bit = UseCBC 

If this bit is set, CiphertextO is XORed onto the plaintext produced by 
decrypting Ciphertextl before the plaintext is checked. This bit is used 
when checking CBC-mode ciphertexts. 

bit 1 = ExtraXOR 

If set, the right half of the resulting plaintext is XORed onto the left before 
any plaintext checking is done. ExtraXOR and UseCBC cannot be used 
together. 

bit 2 = ChipAllActive 

If cleared, one or more search units in this chip have halted (e.g., 
SearchActive is zero). This value is computed by ANDing the SearchActive 
bits of all search units' SearchStatus bytes. The inverse of this value is sent 
out on a dedicated pin, for use in driving a status LED which lights up 
whenever the chip halts. 

bit 3 = BoardAllActive 

This pin is the AND of the ChipAllActive lines of this chip and all later 
chips on the board. This is implemented by having each chip n take in 
chip n+l's BoardAllActive line, AND it with its own ChipAllActive line, 
and output the result to chip n-1 for its BoardAllActive computation. This 
makes it possible to find which chip on a board has halted by querying 
log 2 N chips, where N is the number of chips on the board. If BoardAllAc- 
tiveEnable is not set to 1, BoardAllActive simply equals the BoardAllAc- 
tivelnput pin, regardless of the chip's internal state. 

bit 4 = BoardAllActiveEnable 

If this value is set to then BoardAllActive always equals the BoardAllAc- 
tivelnput pin, regardless of whether all search units on the board are 
active. If this bit is set to 1, then the BoardAllActive register (and output) 
are set to reflect the internal state of the chip ANDed with the input pin. 

bits 5-7 = Unused 

KeyCounter (56 bits) 

The value of the key currently being checked The KeyCounter is updated very 
frequently (i.e., once per key tested). A unique KeyCounter value is assigned to 
every search unit. When the search unit halts after a match, KeyCounter has 
already been incremented to the next key; the match was on the previous key. 

SearchCommandAndStatus (8 bits) 

The bits in SearchStatus describe the current search state of a specific search unit. 
A unique SearchStatus register is allocated for each search unit. Bits of SearchSta- 
tus are allocated as follows: 



2-4 Chapter 2: Design for DES Key Search Array 

bit = SearchActive 

Indicates whether the search is currently halted (Ohalted, l=active). The 
computer sets this bit to begin a search, and it is cleared by the search 
unit if a matching candidate key is found. The host computer checks the 
status of this bit periodically and, if it is zero, reads out the key then 
restarts the search. (See also ChipAllActive and BoardAllActive in the 
Searchlnfo register.) 

bit 1 = CiphertextSelector 

Indicates whether the search engine is currently checking CiphertextO or 
Ciphertextl. (0=CiphertextO, l=Ciphertextl). If this bit is clear, the search 
engine decrypts CiphertextO and either sets CiphertextSelector to 1 (if the 
plaintext passes the checks) or increments KeyCounter (if the plaintext 
does not pass). If this bit is set, the search engine decrypts Ciphertextl 
and either sets SearchActive to (if the plaintext passes the checks) or 
sets CiphertextSelector to and increments KeyCounter (if the plaintext 
does not pass). 

bits 2-7 = Unused 

Commands 

In order to be able to address each search unit separately, each can be addressed 
uniquely by the combination of its location on the chip, the location of the chip 
on the board, and board's identifier. The BoardID is interpreted off-chip; each chip 
has a board select pin, which notifies the chip when the board has been selected. 
Chip ID matching is done inside each ASIC; the ID pins of the ASIC are wired to 
the chip's ID. 

All commands are originated by the computer go via a bus which carries 8 bits for 
BoardlD/ChipID/Register address, 8 bits for data, and a few additional bits for 
controls. 

To do a search, the host computer will program the search units as shown in Fig- 
ure 2-2. (N is the total number of search units, numbered from to N-l, each with 
a unique BoardlD/ChipID/Register address.) 



Search Unit Operation 



Each search unit contains a DES engine, which performs DES on two 32-bit regis- 
ters L/R using the key value in KeyCounter. Each search unit goes through the 
process detailed in Figure 2-3, and never needs to halt. If registers are updated 
during the middle of this process, the output is meaningless (which is fine, since 
an incorrect output is statistically almost certain to not be a match). 



Sample Programming Descriptions 2-5 



Figure 2-2: Example algorithm for programming 
the search array using host computer 

This is a very simple algorithm intended only as an example. The actual soft- 
ware will use more intelligent search techniques, using the BoardAllActive 
and ChipAllActive lines. 

Load CiphertextO, Ciphertextl, PlaintextXorMask, PlaintextByteMask, 

Plaintext Vector, and Searchlnfo into each chip. 
For i = upto N-l 

Set SearchStatus in search unit i to while loading the key. 
Set KeyCounter of search unit i to ((256)(i) / N). 
Set SearchStatus in search unit i to 1 to enable SearchActive. 
EndFor 

While correct key has not been found: 
For i = upto N-l: 
Read SearchStatus from search unit i. 
Check SearchActive bit. 
If SearchActive is set to 0: 

Read KeyCounter from search unit i. 

Subtract 1 from the low 32 bits of the key. 

Perform a DES operation at the local computer to check the key. 

If the key is correct, the search is done. 
Set the SearchActive bit of SearchStatus to restart the search. 
Endlf 
EndFor 
EndWhile 



Sample Programming Descriptions 

This section describes how the system will be programmed for some typical oper- 
ations. 

Known ciphertext/plaintext (ECB, CBC, etc.) 

If a complete ciphertext/plaintext block is known, this mode is used. This works 
for most DES modes (ECB, CBC, counter, etc.), but does require a full plaintext/ 
ciphertext pair. 

PlaintextVector 

For this search, there are 8 (or fewer) unique plaintext bytes in the known plain- 
text. The bits corresponding to these bytes are set in PlaintextVector, but all other 
bits are set to 0. 



2-6 Chapter 2: Design for DES Key Search Array 



Figure 2-3: Search unit operation 

1. If CiphertextSelector is 0, then Let L/R = CiphertextO. 
If CiphertextSelector is 1, then Let L/R = Ciphertextl. 

2. Decrypt L/R using the key in KeyCounter, producing a candidate 
plaintext in L/R. 

3. If ExtraXOR is 1, then Let L = L XOR R. 
If CiphertextSelector is 0, then 

Let L/R = L/R XOR PlaintextXorMask. 
If CiphertextSelector is 1 and UseCBC is 1, then: 
Let L/R = L/R XOR CiphertextO. 

4. If SearchActive = 1 AND ( 

(PlaintextByteMask[0x80l = AND PlaintextVectorlbyte of L] is 0) OR 
(PlaintextByteMask[0x40] = AND Plaintext Vector[byte 1 of L] is 0) OR 
(PlaintextByteMask[0x20] = AND PlaintextVectorlbyte 2 of L] is 0) OR 
(PlaintextByteMask[0xl0] = AND PlaintextVectorlbyte 3 of L] is 0) OR 
(PlaintextByteMask[0x08] = AND PlaintextVector[byte of R] is 0) OR 
(PlaintextByteMask[0x04] = AND PlaintextVectorlbyte 1 of Rl is 0) OR 
(PlaintextByteMask[0x02] = AND PlaintextVectorlbyte 2 of R] is 0) OR 
(PlaintextByteMasklOxOll = AND PlaintextVectorlbyte 3 of Rl is 0)) then: 

Let CiphertextSelector = 0. 

Increment KeyCounter. 
else 

If CiphertextSelector is 1 then Let SearchActive = 0. 

Let CiphertextSelector = 1. 

5. Go to step 1. 



CiphertextO 

Equals the ciphertext block. 

Ciphertextl 

Equals the ciphertext block. 

Searchlnfo 

UseCBC and ExtraXOR are both set to 0. 

PlaintextByteMask 

Set to 0x00 (all bytes used). 



Sample Programming Descriptions 2-7 

PlaintextXorMask 

Set to 0x0000000000000000. 

Because the plaintext byte order does not matter, there are 8 acceptable values for 
each ciphertext byte, or 8 8 = 2 24 = 16.7 million possible ciphertexts which will sat- 
isfy the search criteria. The probability that an incorrect ciphertext will pass is 2 24 / 
2 64 , so over a search of 2 55 keys there will be an average of (2 55 )( 2 24 / 2 64 ), or 
32768 false positives which will need to be rejected by the controlling computer. 
Because the CiphertextO and Ciphertextl selections are identical, any false posi- 
tives that pass the first test will also pass the second test. (The performance 
penalty is negligible; the search system will do two DES operations on each of the 
32768 false positive keys, but only one DES operation on all other incorrect keys.) 

ASCII text (ECB or CBC) 

A minimum of two adjacent ciphertexts (16 bytes total) are required for ASCII-only 
attacks. 

PlaintextVector 

Set only the bits containing acceptable ASCII characters. For normal text, this 
would normally include 55 of the 256 possible characters occur (10=line feed, 
13=carriage return, 32=space, 65-90=capital letters, and 97-122=lowercase letters). 

CiphertextO 

Equals the first ciphertext. 

Ciphertextl 

Equals the second ciphertext. 

Searchlnfo 

UseCBC is set to if ECB, or set to 1 if the ciphertext was produced using CBC. 

ExtraXOR is set to 0. 

PlaintextByteMask 

Set to 0x00 (all bytes used). 

PlaintextXorMask 

Set to 0x0000000000000000 for ECB, to IV for CBC. 

The probability that the two (random) candidate plaintexts produced by an incor- 
rect key will contain only the ASCII text characters listed above is (55/256) 16 . In a 
search, there will thus be an average of 2 55 (55/256) 16 = 742358 false positives 
which need to be rejected by the computer. For one key in about 220,000, the first 
check will pass and an extra DES will be required. (The time for these extra DES 
operations is insignificant.) Idle time lost while waiting for false positives to be 
cleared is also insignificant. If the computer checks each search unit's SearchActive 
flag once per second, a total of 0.5 search unit seconds will be wasted for every 



2-8 Chapter 2: Design for DES Key Search Array 

false positive, or a total of 103 search-unit hours, out of about 4 million search-unit 
hours for the whole search. 

When programming CBC mode, note that the PlaintextXorMask must be set to the 
IV (or the previous ciphertext, if the ciphertext being attacked is not in the first 
block). 

Matt Blaze's Challenge 

The goal is to find a case where all plaintext bytes are equal and all ciphertext 
bytes are equal. 

PlaintextVector 

Set only bit 0. 

CiphertextO 

Set to a fixed value with all bytes equal 

Ciphertext 1 

Same as CiphertextO. 

Searchlnfo 

UseCBC is set to 0. ExtraXOR is set to 1. 

PlaintextByteMask 

Set to OxOF (only left half examined). 

PlaintextXorMask 

Set to 0x0000000000000000. 

If the right and left half are equal, as must be the case if all plaintext bytes are the 
same, then when the ExtraXOR bit's status causes the L=L XOR R step, L will 
become equal to 0. The plaintext byte mask selects only the left half and the Plain- 
textVector makes sure the 4 bytes are 0. 

False positives occur whenever L=R, or with one key in 2 32 . Because this search is 
not guaranteed to terminate after 2 56 operations, the average time is 2 56 (not 2 55 ). 
The number of false positives is expected to be 2 56 / 2 32 = 2 24 = 16.8 million. Each 
search unit will thus find a false positive every 2 32 keys on average, or about once 
every half hour. At 1 second polling of search units, (0.5X16.8 million)/3600 = 
2333 search unit hours will be idle (still under 1% of the total). The host computer 
will need to do the 16.8 million DES operations (on average), but even a fairly 
poor DES implementation can do this in just a few minutes. 



Host Computer Software 2-9 



Scalability and Performance 

The architecture was intended to find DES keys in less than 10 days on average. 
The performance of the initial implementation is specified in Figure 2-4. Faster 
results can be easily obtained with increased hardware; doubling the amount of 
hardware will halve the time per result. Within the design, boards of keysearch 
ASICs can be added and removed easily, making it simple to make smaller or 
larger systems, where larger systems cost more but find results more quickly. 
Larger systems will have additional power and cooling requirements. 



Figure 2-4: Performance Estimate 


Total ASICs 


1536 


Search units per ASIC 


24 


Total search units 


36864 


Clock speed (Hz) 


4.00E+07 


Clocks per key (typical) 


16 


DES keys per search unit per second 


2.50E+06 


Total DES keys per second 


9.22E+10 


Search size (worst case) 


7.21E+16 


Seconds per result (worst case) 


7.82E+05 


Days per result (worst case) 


9.05 


Search size (average case) 


3.60E+16 


Seconds per result (average case) 


3.91E+05 


Days per result (average case) 


4.52 



Host Computer Software 

Cryptography Research will write the following software: 

Simulation 

Cryptography Research will develop software to generate test vectors for the chip 
for testing before the design is sent to the fab. This software will test all features 
on the chip and all modes of operation. This program will have a simple com- 
mand line interface. 

Host computer 

The host computer software program will implement the standard search tasks of 
breaking a known plaintexts, breaking encrypted ASCII text (ECB and CBC 
modes), and solving the Matt Blaze challenge. These programs will be written in 



2-10 Chapter 2: Design for DES Key Search A rray 

standard ANSI C, except for platform-specific I/O code. The host program will also 
have a test mode, which loads search units with tasks that are known to halt rea- 
sonably quickly (e.g., after searching a few million keys) and verifies the results to 
detect of any failed parts. (The software will include the capability of bypassing 
bad search units during search operations.) Users who wish to perform unusual 
searches will need to add a custom function to determining whether candidate 
keys are actually correct and recompile the code. 

The initial version of this program will have a simple command line interface and 
will be written for DOS. A Linux port will also be written, but may not be ready by 
the initial target completion date. (Because the only platform-specific code will be 
the I/O functions, it should be very easy to port to any platform with an appropri- 
ate compiler.) Software programs will identify the participants in the project (AWT, 
EFF, and Cryptography Research). 

Cryptography Research will also produce a version with a prettier user interface to 
make the demonstration more elegant (platform-to-be-determined). 

All software and source code will be placed in the public domain. 



Glossary 



BoardID 

An 8-bit identifier unique for each board. This will be set with a DIP switch on the 
board. The host computer addresses chips by their ChipID and BoardID. 

CBC mode 

A DES mode in which the first plaintext block is XORed with an initialization vec- 
tor (IV) prior to encryption, and each subsequent plaintext is XOR with the previ- 
ous ciphertext. 

ChipID 

A value used by the host computer to specify which chip on a board is being 
addressed. 

Ciphertext 

Encrypted data. 

CiphertextO 

The first of the two ciphertexts to be attacked. 

Ciphertext 1 

The second of the two ciphertexts to be attacked. 



Pre -ANSI C can be supported if required. Any GUI code will probably be written in C++. 



Glossary 2-11 

CiphertextSelector 

A register used to select the current ciphertext being attacked. The selector is 
needed because a single DES engine needs to be able to test two ciphertexts to 
determine whether both are acceptable matches before deciding that a key is a 
good match. 

DES 

The Data Encryption Standard. 

ExtraXOR 

A register to make the search units perform an extra operation which XORs the 
right and left halves of the result together. This is used to add support for Matt 
Blaze's DES challenge. 

Host computer 

The computer that controls the DES search array. 

KeyCounter 

Each search unit has a KeyCounter register which contains the current key being 
searched. These registers are each 7 bytes long, to hold a 56-bit key. 

Plaintext 

Unencrypted data corresponding to a ciphertext. 

PlaintextByteMask 

An 8-bit register used to mask off plaintext bytes. This is used to mask off bytes in 
the plaintext whose values aren't known or are too variable to list in the Plain- 
textVector. 

PlaintextVector 

A 256-bit register used to specify which byte values can be present in valid plain- 
texts. It is the host computer's responsibility to ensure that only a reasonable num- 
ber of bits are set in the PlaintextVector; setting too many will cause the DES 
search units to halt too frequently. 

PlaintextXorMask 

A 64-bit register XORed onto the value derived by decrypting ciphertext 0. Nor- 
mally this mask is either zero or set to the CBC mode initialization vector (IV). 

SearchActive 

A bit for each search unit which indicates whether it is currently searching, or 
whether it has stopped at a candidate key. Stopped search units can be restarted 
by loading a key which does not halt and resetting this bit. 

Searchlnfo 

A register containing miscellaneous information about how DES results should be 
post- processed and also indicating whether any search units on the chip or on the 



2-12 Chapter 2: Design for DES Key Search Array 

board have halted. 

UseCBC 

A bit in Searchlnfo which directs the search engine to do CBC-mode post-process- 
ing after decryption (e.g., XOR the decryption of ciphertextl with ciphertextO to 
produce plaintextl). 



In This chapter: 

• ASIC Description 

• Board description 

• Read and Write 
Timing 

• Addressing Registers 

• All-active Signal 

• ASIC Register 
Allocation 




Design for DES 

Key Search Array 

Chip-Level Specification 



Advanced Wireless Technologies, Inc. 

and 
Cryptography Research 



ASIC Description 

Selectl 

Selects Cipher text 1 

CO 

Cipher text 

CI 

Cipher text 1 

Search 

Search is active 

K 

Key 

Mask 

Plain text bit mask and DES output 

Match=0 

a Zero is found in any bit position of plain text vector as specified in step 4 of 
Search Unit Operation (see Chapter 2) 

CBC & Extra XOR 

Perform step 3 of Search Unit Operation (see Chapter 2) 



3-1 



3-2 



Chapter 3- Design for DES Key Search Array Chip-Level Specification 




yes 



L/R = CO 



L/R = C1 




Figure 3~1 : Search Unit Operation Flow Chart 

To determine the maximum number of bit required for the Key: 

K- log 2 (Maximum combinations/number of chips) 

= log 2 (2 56 /(24 cpc * 64 cpb * 24 boards) = log 2 (l. 95£12) = 42 bits 
If we are going to use 32-bit counters, then it will overflow every: 

2 32 * 16 cycles * 25ns = 1. 72 * 10 12 ns = 1720 sec = 28. 7 minutes 



Board description 



3-3 





I 






1 






\ 






I 




DESO 
Match BO 






DES 4 
Match B4 






DES 8 






DES 12 




1 






+ 






1 






* 




DES 1 

Match B 1 






DES 5 

Match B5 






DES 9 






DES 13 




1 






* 






{ 






1 




DES 2 

Match B2 






DES 6 

Match B6 






DES 10 






DES 14 




♦ 






+ 






♦ 






+ 




DES 3 

Match B3 






DES 7 

Match B7 






DES 11 

Keyslnc 






DES 15 
StartDES 
































^ 











Total clocks per DES: 16 clocks 



1 23 4567 8 9 101112131415 1 2 34 5 67 89 1011 12131415 12 3 4 



StartDES 

Done 

Result 

Match 

Matching 

Key incr 

Key deer 



JL 
JL 
[X 



n 
n 



x 



X 



1 2345 6 7 



1 2345 6 7 



~L 



M 



Figure 3~2: State Diagram for the Search Unit 



Board description 



The PC will interface with the ASICs through a parallel card. The parallel card has 
three ports, assigned: 

Port A: Address(7:0) 

Port B: Data(7:0) 

Port C: Control, 8 signals 

To reduce the routing resources on the boards and ASICs we multiplex the address 
lines. To access a register on the ASIC, it is required that the software latch the 



3-4 



Chapter 3: Design for DES Key Search Array Chip-Level Specification 



Select 1 in 



cog ci 

— \° MUX '/ 



Key in 



56 



Key 



load 



Start 



'64 



Mesg 



Des 

(16 Clocks) 



CBC 



Extra XOR 



Done 



CBC & Extra XOR 



Mask 



load 




ShiftRegister 



PlainbitVector . 256 



iJO y 



Z-. 



MUX 



ByteOL 
BytelL 




Select 



ByteOR 
BytelR 



Search in 



> 



Key 
Counter 



Search logic 



56 Key out 

/ i — - 



Search out 

1 out 



Search out 



- I out > 



Figure 3~ 3: Search Unit's Block Diagram 



address three times: Board-ID(7:0), Chip-ID(6:0) and then Register address. 

Having switches on the board makes the design flexible and expandable. Each 
board has its own unique Board-ID configured on switches: for example a board 



Read and Write Timing 



3-5 



with an ID of hexadecimal 5F has its board ID switches configured as follows: 




Read and Write Timing 



Addr 

ALE 

ADRSEL 

WRB 

CSB 

DATA 



<( Board-ID V Chip-ID V Reg-Addr \ 



L asl 



ahl 



ah2 



L as2 



av 



ch 



ds 



dh 



^ Write y 



3-6 



Chapter 3- Design for DES Key Search Array Chip-Level Specification 



Addr 
ALE 
ADRSEL 



RDB 
CSB 
DATA 



<^ Board-ID V Chip-ID )j( Reg-Addr \ 



"as3 



dv 



<«-EL* 



dh 



^ Read ) - 



asl 


10 


ns 


Min 


as2 


10 


ns 


Min 


as3 


10 


ns 


Min 


f ahl 


10 


ns 


Min 


l ah2 


10 


ns 


Min 


av 


10 


ns 


Min 


Ms 


10 


ns 


Min 


r ch 


10 


ns 


Min 


r dh 


10 


ns 


Min 


TV 


10 


ns 


Min 


Vlv 


100 ns 


Max 


r dh 


100 ns 


Max 



Board-ID and Chip-ID Address setup 

Write Register-Address setup 

Read Register-Address setup 

Board-ID and Chip-ID Address invalid (hold) 

Write strobe trailing edge to Address invalid 

(hold) 

ALE valid 

Data valid to Write strobe goes low (setup) 

Chip select hold 

Write strobe goes high to data invalid (Data 

hold) 

Read strobe duration 

Read strobe goes low to data valid 

Read strobe goes high to data invalid (Data 

hold) 



All-active Signal 



3-7 



Addressing Registers 



PA(Addess Port) 



Comp 



Board-ID 
Reg 



switch 



Board en 



ASIC 



Addr 



Chip-ID 

Block 



RegAddr 



en Dec 



ALE 



Chip-ID pins 



Figure 3~4: Address Bus Scheme 

All-active Signal 

If low, one or more search unit is halted. This value is the result of ANDing all of 
the SearchActive bit together. We will place one AND gate per ASIC and cascade 
them. 



/ 


// 


ASICO 




ASIC1 




ASIC2 




ASIC63 






en bitO 

" c> "Li-^ 




en bitl 




en bit2 




en bit63 
search_out63 


All Active 






search_outO 




search_outl 




search_out2 























3-8 


Chapter 3' Design for DES Key Search Array Chip-Level Spec 


ification 


ASIC Register Allocation 




Registers Common to All Search Units 




OxOO-Oxlf 


PlaintextVector 




0x20-0x27 


PlaintextXorMask 




0x28-0x2f 


CipherTextO 




0x30-0x37 


CipherTextl 




0x38 


PlaintextByteMask 




0x39-0x3e 


Reserved 




0x3f 


Searchlnfo 




Additional Registers for Search Units 




0x40-0x47 


Search Unit 0: Key counter (first 7 bytes) and Search Status 




0x48-0x4f 


Search Unit 1: Key counter (first 7 bytes) and Search Status 










0xf8-0xff 


Search Unit 23: Key counter (first 7 bytes) and Search Status 





Number of register required: 

58 common registers + 8 * n registers; n = the total number of search units in an ASIC 
In this case n = 24, therefore 58 + 192 = 250 registers 



ASIC Register Allocation 



3-9 



03 

H £ 55 a 

co pq Q F 



CQ 



PJ 



p4 m 2 > < 



2 * 



H 

S o 

i i 

< < 



> V > < < 



J 

H 
U 



> > 



2081179 177 175 173 171 169 167 165 



Vss 

Vdd 


1 

2 


DO 


21 


Dl 


22 


D2 


23 


D3 


24 


Vss 


25 


Vss 


26 


Vdd 


27 


D4 


28 


D5 


29 


D6 


30 


D7 


31 


Vss 


52 



178 176 174 172 170 168 



166 



208 PFQP 
AWT-6001 



53 54 



75 
74 76 



77 79 
78 



81 
80 82 



83 



84 



< < 



O ►— N> U> eg eg p»-P^^ON^I 



\ 157 
158 156 



136 
135 
134 
133 
132 
131 
130 
129 
128 
127 
126 



106 

105 
104 



Vss 



ID7 
ID6 
ID5 
ID4 
Vdd 
Vss 
Vss 
ID3 
ID2 
ID1 
IDO 



Vdd 

Vss 



Note: The unspecified pins are Non-Connects 
CNTRL0 = ALE = ADDSEL1 



CNTRL1 = CSB = ADDSEL2 



In This chapter: 

• The Politics of 
Cryptographic Source 
Code 

• The Paper Publishing 
Exception 

• Scanning 

• Bootstrapping 




Scanning the 
Source Code 



The next few chapters of this book contain specially formatted versions of the 
documents that we wrote to design the DES Cracker. These documents are the pri- 
mary sources of our research in brute-force cryptanalysis, which other researchers 
would need in order to duplicate or validate our research results. 

The Politics of Cryptographic Source 
Code 

Since we are interested in the rapid progress of the science of cryptography, as 
well as in educating the public about the benefits and dangers of cryptographic 
technology, we would have preferred to put all the information in this book on 
the World Wide Web. There it would be instantly accessible to anyone worldwide 
who has an interest in learning about cryptography. 

Unfortunately the authors live and work in a country whose policies on cryptogra- 
phy have been shaped by decades of a secrecy mentality and covert control. Pow- 
erful agencies which depend on wiretapping to do their jobs — as well as to do 
things that aren't part of their jobs, but which keep them in power — have com- 
promised both the Congress and several Executive Branch agencies. They con- 
vinced Congress to pass unconstitutional laws which limit the freedom of 
researchers — such as ourselves — to publish their work. (All too often, convinc- 
ing Congress to violate the Constitution is like convincing a cat to follow a squeak- 
ing can opener, but that doesn't excuse the agencies for doing it.) They pressured 
agencies such as the Commerce Department, State Department, and Department of 
Justice to not only subvert their oaths of office by supporting these unconstitu- 
tional laws, but to act as front-men in their repressive censorship scheme, creating 
unconstitutional regulations and enforcing them against ordinary researchers and 



4-1 



4-2 Chapter 4: Scanning the Source Code 

authors of software. 

The National Security Agency is the main agency involved, though they seem to 
have recruited the Federal Bureau of Investigation in the last several years. From 
the outside we can only speculate what pressures they brought to bear on these 
other parts of the government. The FBI has a long history of illicit wiretapping, fol- 
lowed by use of the information gained for blackmail, including blackmail of Con- 
gressmen and Presidents. FBI spokesmen say that was "the old bad FBI" and that 
all that stuff has been cleaned up after J. Edgar Hoover died and President Nixon 
was thrown out of office. But these agencies still do everything in their power to 
prevent ordinary citizens from being able to examine their activities, e.g. 
stonewalling those of us who try to use the Freedom of Information Act to find 
out exactly what they are doing. 

Anyway, these agencies influenced laws and regulations which now make it illegal 
for U.S. crypto researchers to publish their results on the World Wide Web (or else- 
where in electronic form). 

The Paper Publishing Exception 

Several cryptographers have brought lawsuits against the US Government because 
their work has been censored by the laws restricting the export of cryptography. 
(The Electronic Frontier Foundation is sponsoring one of these suits, Bernstein v. 
Department of Justice, et al).* One result of bringing these practices under judicial 
scrutiny is that some of the most egregious past practices have been eliminated. 

For example, between the 1970's and early 1990's, NSA actually did threaten peo- 
ple with prosecution if they published certain scientific papers, or put them into 
libraries. They also had a "voluntary" censorship scheme for people who were 
willing to sign up for it. Once they were sued, the Government realized that their 
chances of losing a court battle over the export controls would be much greater if 
they continued censoring books, technical papers, and such. 

Judges understand books. They understand that when the government denies peo- 
ple the ability to write, distribute, or sell books, there is something very fishy 
going on. The government might be able to pull the wool over a few judges' eyes 
about jazzy modern technologies like the Internet, floppy disks, fax machines, 
telephones, and such. But they are unlikely to fool the judges about whether it's 
constitutional to jail or punish someone for putting ink onto paper in this free 
country. 



See http : / /www. ef f . org/pub/Privacy/ITAR_export/Bernstein_case/. 



The Paper Publishing Exception 4-3 

Therefore, the last serious update of the cryptography export controls (in 1996) 
made it explicit that these regulations do not attempt to regulate the publication of 
information in books (or on paper in any format). They waffled by claiming that 
they "might" later decide to regulate books — presumably if they won all their 
court cases — but in the meantime, the First Amendment of the United States 
Constitution is still in effect for books, and we are free to publish any kind of 
cryptographic information in a book. Such as the one in your hand. 

Therefore, cryptographic research, which has traditionally been published on 
paper, shows a trend to continue publishing on paper, while other forms of scien- 
tific research are rapidly moving online. 

The Electronic Frontier Foundation has always published most of its information 
electronically. We produce a regular electronic newsletter, communicate with our 
members and the public largely by electronic mail and telephone, and have built a 
massive archive of electronically stored information about civil rights and responsi- 
bilities, which is published for instant Web or FTP access from anywhere in the 
world. 

We would like to publish this book in the same form, but we can't yet, until our 
court case succeeds in having this research censorship law overturned. Publishing 
a paper book's exact same information electronically is seriously illegal in the 
United States, if it contains cryptographic software. Even communicating it pri- 
vately to a friend or colleague, who happens to not live in the United States, is 
considered by the government to be illegal in electronic form. 

The US Department of Commerce has officially stated that publishing a World 
Wide Web page containing links to foreign locations which contain cryptographic 
software "is not an export that is subject to the Export Administration Regulations 
(EAR)."* This makes sense to us — a quick reductio ad absurdum shows that to 
make a ban on links effective, they would also have to ban the mere mention of 
foreign Universal Resource Locators. URLs are simple strings of characters, like 
http://www.eff.org; it's unlikely that any American court would uphold a 
ban on the mere naming of a location where some piece of information can be 
found. 

Therefore, the Electronic Frontier Foundation is free to publish links to where 
electronic copies of this book might exist in free countries. If we ever find out 
about such an overseas electronic version, we will publish such a link to it from 
the page at http://www.eff.org/pub/Privacy/Crypto_misc/ 
DES_Cracking/. 



* In the letter at http: //samsara. law.cwru.edu/comp_law/jvd/pdj -bxa-gjs07 03 97 .htm, 
which is part of Professor Peter Junger's First Amendment lawsuit over the crypto export control regula- 
tions. 



4-4 Chapter 4: Scanning the Source Code 



Scanning 



When printing this book, we used tools from Pretty Good Privacy, Inc (which has 
since been merged into Network Associates, Inc.). They built a pretty good set of 
tools for scanning source code, and for printing source code for scanning. The 
easiest way to handle the documents we are publishing in this book is to use their 
tools and scanning instructions. 

PGP published the tools in a book, naturally, called "Tools for Publishing Source 
Code via OCR", by Colin Plumb, Mark H. Weaver, and Philip R. Zimmermann, 
ISBN # 1-891064-02-9. The book was printed in 1997, and is sold by Printers Inc. 
Bookstore, 301 Castro St, Mountain View, California 94041 USA; phone +1 650 96 1 
8500; http : / /www. pibooks . com. 

The tools and instructions from the OCR Tools book are now available on the 
Internet as well as in PGP's book. See http://www.pgpi.com/project/, and 
follow the link to "proof-reading utilities". If that doesn't work because the pages 
have been moved or rearranged, try working your way down from the Interna- 
tional PGP page, http : //www.pgpi . com. 

PGP's tools produce per-line and per-page checksums, and make normally invisi- 
ble characters like tabs and multiple spaces explicit. Once you obtain these tools, 
we strongly suggest reading the textual material in the book, or the equivalent 
README file in the online tool distribution. It contains very detailed instructions 
for scanning and proofreading listings like those in this book. The instructions that 
follow in this chapter are a very abbreviated version. 

The first two parts of converting these listings to electronic form is to scan in 
images of the pages, then convert the images into an approximation of the text on 
the pages. The first part is done by a mechanical scanner; the second is done by 
an Optical Character Recognition (OCR) program. You can sometimes rent time at 
a local "copy shop" on a computer that has both a scanner and an OCR program. 

When scanning the sources, we suggest "training" your OCR program by scanning 
the test-file pages that follow, and some of the listings, and correcting the OCR 
program's idea of what the text actually said. The details of how to do this will 
depend on your particular OCR program. But if you straighten it out first about the 
shapes of the particular characters and symbols that we're using, the process of 
correcting the errors in the rest of the pages will be much easier. 

Some unique characters are used in the listings; train the OCR program to convert 
them as follows: 



Bootstrapping 4-5 

Right pointing triangle (used for tabs) - currency symbol (byte value octal 244) 

Tiny centered triangle "dot" (used for multiple spaces) - center dot or 
bullet (byte value octal 267) 

Form feed - yen (byte value octal 245) 

Big black square (used for line continuation) - pilcrow or paragraph 
symbol (byte value octal 266). 

Once you've scanned and OCR'd the pages, you can run them through PGP's tools 
to detect and correct errors, and to produce clean online copies. 



Bootstrapping 



By the courtesy of Philip R. Zimmermann and Network Associates, to help people 
who don't have the PGP OCR tools, we have included PGP's bootstrap and boot- 
strap2 pages. (The word bootstrap refers to the concept of "pulling yourself up by 
your bootstraps", i.e. getting something started without any outside help.) If you 
can scan and OCR the pages in some sort of reasonable way, you can then extract 
the corrected files using just this book and a Perl interpreter. It takes more manual 
work than if you used the full set of PGP tools. 

The first bootstrap program is one page of fairly easy to read Perl code. Scan in 
this page, as carefully as you can: you'll have to correct it by hand. Make a copy 
of the file that results from the OCR, and manually delete the checksums, so that it 
will run as a Perl script. Then run this Perl script with the OCR result (with check- 
sums) as the argument. If you've corrected it properly, it will run and produce a 
clean copy of itself, in a file called bootstrap. (Make sure none of your files 
have that name.) If you haven't corrected it properly, the perl script will die some- 
how and you'll have to compare it to the printed text to see what you missed. 

When the bootstrap script runs, it checks the checksum on each line of its input 
file. For any line that is incorrect, the script drops you into a text editor (set by the 
EDITOR environment variable) so you can fix that line. When you exit the editor, 
it starts over again. 

Once the bootstrap script has produced a clean version of itself, you can run it 
against the scanned and OCR'd copy of the bootstrap2 page. Correct it the same 
way, line by line until bootstrap doesn't complain. This should leave you with a 
clean copy of bootstrap2. 

The bootstrap2 script is what you'll use to scan in the rest of the book. It works 
like the bootstrap script, but it can detect more errors by using the page 



4-6 Chapter 4: Scanning the Source Code 

checksum. Again, it wont correct most errors itself, but will drop you into an edi- 
tor to correct them manually. (If you want automatic error correction, you have to 
get the PGP book.) 

All the scannable listings in this book are in the public domain, except the test-file, 
bootstrap, and bootstrap2 pages, which are copyrighted, but which Network Asso- 
ciates permits you to freely copy. So none of the authors have put restrictions on 
your right to copy their listings for friends, reprint them, scan them in, publish 
them, use them in products, etc. However, if you live in an unfree country, there 
may be restrictions on what you can do with the listings or information once you 
have them. Check with your local thought police. 



Chapter 4: Scanning the Source Code 4-7 



— a2b7 000063ee6a78001 0001 Page 1 of test-file 

2e0bc8 This is a test page for OCR training. -This includes many possible 
206b53 glyphs for training purposes. 
e4af 5a 

d96fef ■!"#$%&'()*+,-. /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZII\: A ^"abcdefghijklmno 
f2a107 !"#$%&' ()*+,-. /0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZi:\] A ^'abcdefghijklmnop 
681 6d9 "#$%&'()*+,-. /01 23456789 :;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZi:\] A - , abcdefghijklmnopq 
e998f4 #$%&'()*+,-. /01 23456789 :;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZII\] A ^'abcdefghijklmnopqr 
050dba $%S'()*+,-./01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZC\] A ^'abcdefghijklmnopqrs 
5ea3b1 %&'(>*+,-. /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\] A -'abcdefghijklmnopqrst 
8d72eb 8' ()*+,-. /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\] A ^'abcdefghijklmnopqrstu 
333e8c '()* + ,-. /0123456789: ; <=>?3ABC D E FGH I J KLMNO PQR STU VWX Y Z [ \ ] A - ' abcdefghijklmnopqrstuv 
68465e ()* + ,-. /0123456789:;< = >?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\: A -'abcdefghijklmnopqrstuvw 
84d756 )* + ,-. /01 23456789: ;< = >?aABCDEFGHIJKLMNOPQRSTUVWXYZC\] A -'abcdefghijklmnopqrstuvwx 
e334a8 * + ,-. /01 23456789: ;< = >?aABCDEFGHIJKLMNOPQRSTUVWXYZi:\] A ^'abcdefghijklmnopqrstuvwxy 
319bd3 +,-./0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ:\: A -'abcdefghijklmnopqrstuvwxyz 
d8390f ,-./0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\] A -'abcdefghijklmnopqrstuvwxyz{ 
5120a8 -./0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\: A _'abcdefghijklmnopqrstuvwxyz{! 
c29e23 ./01 23456789: ;< = >?aABCDEFGHIJKLMNOPQRSTUVWXYZlI\D A -abcdefghijklmnopqrstuvwxyz{:j> 
f5152f /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ:\] A - , abcdefghijklmnopqrstuvwxyz<:!}~ 
e103f5 •!"#$%&'()* + ,-./: ;< = >?a[\D A ^' { j }~ !"#$%&'()* + ,-./:;< = > ?a L" \ J A - 'C|> ~ !"#$%&'(>*+,- 
a65757 !"#$%&'()* + ,-./:;< = >?a:\: A -'-C!>" !"#$%&'()* + ,-. /:;< = >?3II\:i A -'-C!}~ !"#$%&'()* + ,-. 
3f0d4d '■#$%&• (>* + ,-. /:;< = >?aC\: A -*-ti>" !"#$%&'()* + ,-. /:;< = >?aC\] A -'-C|>~ !"#$%&■ <)* + ,-./ 
39c2e4 #$%& '()* + ,-./:; <=>?aC \ ] A - ' £ | > " !"#$%&■()*+,-./:;<=> ?3C \ D A - * -C | > " !"#$%&'()* + ,-./: 
af95c7 $%&'()* + ,-. /:;< = >?a:\] A ^"{|>~ ! "#$%&■ ()* + ,-. /:;< = >?a[\] A ^'-C|>~ !"#$%&•(>*+,-./:; 
bd83ed %&'()* + ,-./:; < = >?aH \ II A - '{ | } ~ !"#$%&'()*+,-. /:;<=>?a[\: A --{|>~ !"#$%&•()*+,-./:;< 
616284 &'()* + ,-. /:;< = >?aiI\] A ^' { j }~ !" #$%&'()*+,-./:; <=> ?a I \ D A - * * | > " !"#$%&'()* + ,-./:;< = 
27af 5a 

91caca The following letters are often confused: 

ce6e48 C vs. c C c C c CC cc CCC ccc CcCc cCcC -0 vs. o o o 00 oo 000 ooo OoOo 0O0O 
666db7 P vs. p P p P p PP pp PPP ppp PpPp pPpP -S vs. s S s S s SS ss SSS sss SsSs sSsS 
a1d639 U vs. u U u U u UU uu UUU uuu UuUu uUuU -V vs. v V v V v VV vv VVV vvv VvVv vVvV 
3f1e31 W vs. w W w W w WW ww WWW www WwWw wWwW -X vs. x X x X x XX xx XXX xxx XxXx xXxX 
3883cf Y vs. y Y y Y y YY yy YYY yyy YyYy yYyY -Z vs. z Z z Z z ZZ zz ZZZ zzz ZzZz zZzZ 
8bbbae 1 vs . I 1 I 1 I 1 1 I I 111 III 1111 1111 -9 vs. g 9 g 9 g 99 gg 999 ggg 9g9g g9g9 

e5035e - vs. «-«-« — «« _~ ---- _,--- -a vs. a a a a a aa aa 333 aaa 3a3a a3aa 

a 3 9 2 5 i vs. ; i ; i ; i i ; ; i i i ; ; ; i ; i ; ; i ; i • X vs. X % X X X XX XX XXX XXX % X % X X % X % 

408038 . vs. ••. •-. ••.. ••-... ••••. . ••. . -i vs. 7 i 7 i 7 i i 77 iii 777 i 7 i 7 7i7i 

406e48 C vs. c C c C c CC cc CCC ccc CcCc cCcC -0 vs. o o o 00 oo 000 ooo OoOo 0O0O 

a0a f 5a 

d4a6bb Some normally non-printing characters are printed. 

68c3d5 > One space: One tab:> One form feed:¥ 

2ae0c3 > Two tabs:o > Two spaces: -Two form feeds:¥ 

c47e1d ¥ 

62c06d t> Three spaces: --Three tabs:> > > One trailing space:* 

71af 5a 

82fc34 Very long lines are wrapped as follows: 

a53f7d !"#$%S'()*+,-./01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\: A ^'abcdefghijklmnol 

f7dc06 pqrstuvwxyz-C | >"!"#$% 8' (>*+,-./ 01 23456789: ;< = >?3ABCDEFGHIJKLMN0PQRSTUVWXYZ[\] A -"i 

c2dace abcdefghijklmnopqrstuvwxyz{!}~! ,, #$%&' ()* + ,-. /0123456789:;< = >?3ABCDEFGHIJKLMNOPQi 

aa1090 RSTUVWXYZ[\] A - , abcdefghijklmnopqrstuvwxyz£!}~!"#$%& , ()*+,-./01 23456789: ;<=>?3ABi 

1 1 3f 71 CDEFGHIJKLMNOPQRSTUVWXYZ[\] A ^'abcdefghijklmnopqrstuvwxyz{ [>"!"#$% 8' ()*+,-. /01231 

f2ff02 45678 

25af 5a 

4 f 7 5 1 f > > int some~identifierSwlook-like-this; 

d861db > > #ifdef OTH E R-D E F I N ES-LOOK-L I KE-TH I S 

5bdb4at> > t> for(i=0;i<100;i++)-C 

c8f92d > > > > if (foo( ) j J bar( )) 

073aae > > > > > variable A = F LAG-ONE j F LAG-TWO j F LAG-THREi 

64c29b E; 

4a15b5 o > > } 

aee89d The following lines have 77 underscores: 

2 a 6438 /* _-__, - ___ 

a77cb9 -MMl ______ ________________________ _*/ 

dca f 5a 

33c707 i> > > > Tabs and spacesc- - - * > ••-•[> Tabs and spaces 

977212 * > • > -> *> Tabs and spaces^ ••••[> > Tabs and spaces 

f4eca2 **i> **t> - - > - - > Tabs and spacest> t> t> Tabs and spaces 

c551ac **-i> •.•[> •..[> . » » > Tabs and spaceso > !>Tabs and spaces 

18af 5a 

4354d3 The OCR radix-64 character set: 

88cb81 > ABCDEFGHIJKLMNPQRSTVWXYZabcdehijklmnpqtuwy145689\ A !#$ %&*+=/: <>?3 

06af 5a 



4-8 



Chapter 4: Scanning the Source Code 



b735 00039830f b280010001 Page 2 of test-file 



39eaa9 
3eaf 5a 
36eac9 
654ed8 
ad9f70 
438a45 
b20375 
5038d1 
8bd3e3 
9f 2301 
67f 2c3 
331559 
8027ee 
9ca861 
3d9206 
a93391 
4da208 
d5b793 
73959b 
eb9b69 
517be6 
4d37bd 
22bd2c 
901ab2 
f a9d4d 
ee 5dbe 
ec7999 
b266a7 
6f 131d 
da9cb0 
4cc3f b 
129172 
982f4e 
d7eebc 
baebd 
5a5020 
a1 f664 
0998b1 
b7ada c 
a2317d 
bf2f 5c 
8ad4c7 
013dd1 
3e5c3b 
104f ca 
4a2737 
4c12b5 
f 77b32 
589b18 
cae791 
f6c12b 
b1a023 
f 58008 
d4dad0 
eb1627 
88e179 
a6b1f f 
3d31ad 
32c163 
749224 
fbd2e2 
8975ad 
db7126 
c9c2e2 
f8cfa9 
5f 267a 
10c95b 
0af a94 
943f 18 
965f 95 
75fd5c 
39b879 



The following pattern contains every pair of adjacent printable ASCII chars 



% + 



)*( + 
*) + ( 
*+), 
+ *,) 



+ 8, 

',! 
i . 

(- 
-( 

) . i 



1 + 



0.1-2 



3-4 



5;4 



7;6<5 



9;8<7=6 

;9< 



; :<9 



3; A 



3>A=B<C 



{$z%y 
${%z8 
| % { & z 
% | S { ' 

}&! '{ 
&>• ! ( 
" ■ >( | 
'•"<>) 
. (~)> 
(.)"* 
) .*" 
) *.+ 



$-#. " 
-$.#/ 
%.$/# 
.%/$0 
&/%0$ 
/80%1 
■081% 
0' 1&2 
(1 '2& 
1 (2'3 
)2(3' 
2)3(4 
*3)4( 
3*4)5 
+ 4*5) 
4 + 5*6 
,5 + 6* 
5,6 + 7 
-6,7 + 
6-7,8 
.7-8, 
7.8-9 
/8.9- 
8/9. : 
09/: . 
90: /; 
1:0;/ 
: 1 ; < 
2;1<0 
;2<1 = 
3<2 = 1 
<3 = 2> 
4 = 3>2 
= 4>3? 
5>4?3 

>5?4a 

67534 
?65)5A 
736A5 
37A6B 
8A7B6 
A8B7C 
9B8C7 
B9C8D 
: C9D8 
C : D9E 
; D : E 9 
D ; E : F 
< E ; F : 
E < F ; G 
= F < G ; 
F = G<H 



8x'w( 
y ' x ( w 
'y(x) 
z ( y ) x 
(z)y* 
Oz*y 
X*z + 
!*{ + z 
*!+{, 
>+!,< 
+ >,!- 

-. ."/ 
. . /- 

. /.0 

! / 0. 
/ !0 1 
"0! 1 
0"1 !2 
#1 "2! 
1 #2 "3 
$2 #3" 
2$3#4 
%3$4# 
3%4$5 
8 4 % 5 $ 
485%6 
' 586% 
5 '687 
(6'78 
6(7'8 
)7(8' 
7)8(9 
*8)9( 
8*9) : 
+ 9*: ) 
9+:*; 
■ + ■ * 
: , ; + < 
- ; , < + 

;-<,= 

<- = , 

< . =-> 

/=.>- 
= />. ? 
0>/? . 
>0?/a 

1 ?0S)/ 
?1S)0A 

2ai A0 

32A1B 
3A2B1 
A3B2C 
4B3C2 
B4C3D 
5C4D3 
C5D4E 
6D5E4 
D6E5F 
7E6F5 
E7F6G 
8F7G6 
F8G7H 
9G8H7 
G9H8I 
: H9I8 
H: I9J 
; I : J 9 



v ) u* t + 
) v*u+t 
w*v+u, 
*w+v, u 
x+w, v- 
+x, w-v 
y,x-w. 
,y-x . w 
z-y . x/ 
-z .y/x 
{.z/y 
. -C/z0y 
| /-C0z1 
/ |0{1z 
>0| 1<2 
0>1 | 2{ 
~1>2 | 3 
1 ~2>3 | 
-2~3>4 
2.3~4> 
3.4~5 
3 4.5~ 
!4 5.6 
4!5 6. 
" 5 ! 6 7 
5"6!7 
#6"7!8 
6#7"8! 
$7#8"9 
7$8#9" 
%8$9#: 
8%9$:# 
8 9 % : $ ; 
98:%;$ 
• :8;%< 
: ' ;8<% 
(; '<8= 
;(<'=8 
)<(=■> 
<)=(>' 
*=)>(? 
=*>)?( 

+>*? >a 
>+?*a) 
,?+a*A 
?,a+A* 
-a,A+B 
a-A,B+ 

. A-B,C 
A.B-C, 
/B. C-D 
B/C. D- 
0C/D. E 
C0D/E . 
1 D0E/F 
D1E0F/ 
2E1 F0G 
E2F1G0 
3F2G1H 
F3G2H1 
4G3H2I 
G4H3I2 
5H4I3J 
H5I4J3 
6I5J4K 
I6J5K4 
7J6K5L 
J7K6L5 
8K7L6M 
K8L7M6 



0x1 
1x 

y" 

2 
z 
3 
{ 

4 

5 
> 
6 

7 

8 

9 



1m 2 



7u8 



5n6 



r :q 



e;d 



= f 



k;j 



h>g 



i : m ; I < 
n ; m< I 



<o=n>m? I 
p=o>n?ma 
m 

A 
n 



:p>o?na 



: x;w<v = u>t 



z:y;x<w=v>u 



: { 



< 

< y = x > w ".' v 

z=y>x?w3 
=z>y?x3w 



y<x = w>v .' u 

a 

V 

A 



< 
={>z?ya 



#<" = 



8 = % > $ 
>%? 



}=!>{ 
= >> 
~>} 
>~ ?: 

. ?"i 

? .a 

a.- 

a a 

! A I 
A!B 

I ! i 
C 



CD 



B! C 



DS 



E8 



F8 



GS 



+ 1 



G!H 



J+K' 
K + 



M8N /! 



NS 



:GwH' 



!0 



P8Q 



$ 
R 
% 
Q' R8S 



IwJvK 



xKwLvM 

KxLwMv 

L 

y 

M 
z 
N 
{ 





S ! 



zQ 



■ r.8 
r. ■ \ 

(\ ' D8 



b = a> 
= b>a 
Ob? 
>c?b 

d?ca 
?dac 

e3dA 
aeAd 
f AeB 
AfBe 
gBf C 
BgCf 
hCgD 
ChDg 
i DhE 
Di Eh 
jEiF 
EjFi 
kF jG 
FkGj 
IGkH 
GlHk 
mHU 
Hml I 
n Im J 
I n Jm 
oJnK 
JoKn 
pKoL 
KpLo 
qLpM 
LqMp 
rMqN 
MrNq 
sNrO 
NsOr 
tOsP 
OtPs 
uPtQ 
PuQt 
vQuR 
QvRu 
wRvS 
RwSv 
xSwT 
SxTw 
yTxU 
TyUx 
zUyV 
UzVy 
{VzW 
V{Wz 
! WO 
W ! X{ 
}X ! Y 
X>Y| 
~Y>Z 
Y~Z> 
.Z~C 
Z.C" 

c. \ 

r. \. 
! \ ] 

\ ! : 

"] ! A 

]„A] 

# A "_ 
A #^" 
$„#• 
_$' # 



?-a 
?'a- 

aa ' A 
3aA ' 
bAaB 
AbBa 
cBbC 
BcCb 
dCcD 
CdDc 
eDdE 
DeEd 
f EeF 
Ef Fe 
gFfG 
FgGf 
hGgH 
GhHg 
i Hhl 
Hi Ih 
jli J 
I j Ji 
kJ jK 
JkKj 
IKkL 
KILk 
mLIM 
LmMl 
nMmN 
MnNm 
oNnO 
NoOn 
pOoP 
OpPo 
qPpQ 
PqQp 
rQqR 
QrRq 
sRrS 
RsSr 
tSsT 
StTs 
uTtU 
TuUt 
vUuV 
UvVu 
wVvW 
VwWv 
xWwX 
WxXw 
yXxY 
XyYx 
zYyZ 
YzZy 
{ZzC 
Z{[z 

! c<\ 

C ! \i 

y\ ! : 
\>: i 

~] } A 

:~ A > 



"a !b 
a"b! 



A A]B 

a a b: 

^B A C 
B-C A 
* CD 
C* D^ 
aD' E 
DaE' 
bEaF 
EbFa 
cFbG 
FcGb 
dGcH 
GdHc 
eHdl 
Held 
f IeJ 
If Je 
gJf K 
JgKf 
hKgL 
KhLg 
i LhM 
LiMh 
jMi N 
MjNi 
kNjO 
NkOj 
lOkP 
OlPk 
mPlQ 
PmQl 
nQmR 
QnRm 
oRnS 
RoSn 
pSoT 
SpTo 
qTpU 
TqUp 
rUqV 
UrVq 
sVrW 
VsWr 
tWsX 
WtXs 
uXtY 
XuYt 
vYuZ 
YvZu 
uZ v C 
ZwCv 
xtw\ 
Cx\w 
y\x] 
\yJx 
z]y A 
]z A y 
< A z- 
A Cz 
j„-T 
-i *t 
>' |a 
•>a| 
~a>b 
a~b> 
.b~c 
b. c~ 
c.d 
c d. 



\CCDZ 
C\DCE 

:d\e: 
d:e\f 
a e:f\ 
e a f:g 
^f a g: 
f^g a h 

, G-H A 
G' h_i 
aH" I„ 
Hal ' J 
blaJ ' 
IbJaK 
cJbKa 
JcKbL 
dKcLb 
KdLcM 
eLdMc 
LeMdN 
f MeNd 
Mf NeO 
gNf Oe 
NgOf P 
hOgPf 
OhPgQ 
iPhQg 
PiQhR 
jQi Rh 
QjRiS 
kRjSi 
RkSjT 
ISkTj 
SITkU 
mTlUk 
TmUlV 
nUmVl 
UnVmW 

VnWm 
VoWnX 
pWoXn 
WpXoY 
qXpYo 
XqYpZ 
rYqZp 
YrZqC 
sZ rCq 
ZsCr\ 
t£s\r 
[t\s] 
u\tDs 
\u3t A 
vHu A t 

1 v A u- 
w A v-u 

A WwV ' 

x-w ' v 
-x'wa 
y'xaw 
' yaxb 
zaybx 
a zbyc 
{bz cy 
b{czd 
! c(dz 
c |d{e 
>d|e{ 
d>e| f 
~e>f ! 
e~f >g 



EYFXG 
ZFYGX 
FZGYH 
CGZHY 
GtHZI 
\HCIZ 
H\IC J 
]I\J[ 

i:j\k 
a j:k\ 
j a k:l 
-k a l: 

K^L A M 
N L^M A 

aM' N^ 
MaN' 
bNaO' 
NbOaP 
cObPa 
OcPbQ 
dPcQb 
PdQcR 
eQdRc 
QeRdS 
f ReSd 
Rf SeT 
gSfTe 
SgTfU 
hTgUf 
ThUgV 
iUhVg 
Ui VhW 
j Vi Wh 
V jWiX 
kWjXi 
WkX j Y 
IXkYj 
XlYkZ 
mYlZk 
YmZ IC 
nZmCl 
Zn[m\ 
o C n \m 
Co\n] 
p\oDn 

\ P :o A 

q]p A o 
]q A p- 
r A q^p 
A r-q- 
s-r' q 
-s'ra 
t'sar 
' tasb 
ua t bs 
aubtc 
vbu c t 
bvcud 
w c vdu 
cwdve 
xduev 
dxewf 
yexf w 
eyf xg 
zf ygx 
f zgyh 
{gzhy 
g{hz i 
' h<iz 



Chapter 4: Scanning the Source Code 4-9 



--2402 0008e6572098001 0001 Page 3 of test-file 

6783e0 BCADaE?F>G=H<I;J:K9L8M7N6O5P4Q3R2S1T0U/V.W-X,Y+Z*[)\(] ,A 8-%*$a#b"c!d e. f ~g>h | i{ j 
7a003c CBDAEaF?G>H=I<J;K:L9M8N7O6P5Q4R3S2T1U0V/W.X-Y,Z+C*\)3( A, ^& , %a$b#c"d!e f . g ~ h }i |j{ 
0860ab CDBEAFaG?H>I=J<K;L:M9N8O7P6Q5R4S3T2U1V0W/X.Y-Z,C+\*:) A (-. ,- Sa%b$c#d"e!f g.h~i>j|k 
a30f62 DCEBFAGaH?I>J=K<L;M:N9O8P7Q6R5S4T3U2V1W0X/Y.Z-II,\+:* A )-(' 'a8b%c$d#e"f!g h.i~j>k| 
6fd75a DECFBGAHai?J>K=L<M;N:O9P8Q7R6S5T4U3V2WlX0Y/Z.II-\,:+ A *-)"(a , b&c%d$e#f"g!h i.j~k>L 
4845ae EDFCGBHAiaJ?K>L=M<N;O:P9Q8R7S6T5U4V3W2XlY0Z/[.\-:, A +^*')a(b'c&d%e$f#g"h!i j.k~l> 
81cac2 EFDGCHBIAjaK?L>M=N<O;P:Q9R8S7T6U5V4W3X2Y1Z0C/\.:- A ,^+'*a)b(c'd8e°/f$g#h"i ! j k.L~m 
4e48f8 FEGDHCIBJAKaL?M>N=O<P;Q:R9S8T7U6V5W4X3Y2Z1C0\/]. A -^, , +a*b)c(d , e8f%g$h#i"j!k L.m" 
81ada4 FGEHDICJBKALaM?N>O=P<Q;R:S9T8U7V6W5X4Y3Z2[1\0]/ A .--',a+b*c)d(e'f8g%h$i#j"k! I m.n 
1c7040 GFHEIDJCKBLAMaN?O>P=Q<R;S:T9U8V7W6X5Y4Z3[2\i:0 A /^.'-a,b+c*d)e(f , g8h%i$j#k"l!m n. 
5fed17 GHFIEJDKCLBMANaO?P>Q=R<S;T:U9V8W7X6Y5Z4C3\2]1 A 0-/' .a-b,c+d*e)f(g'h8i%j$k#l"m!n o 
b6d83b HGIFJEKDLCMBNAOaP?Q>R=S<T;U:V9W8X7Y6Z5II4\3:2 A 1-0'/a.b-c,d+e*f)g(h , i8j%k$L#m"n!o- 
a3ad8f HIGJFKELDMCNBOAPaQ?R>S=T<U;V:W9X8Y7Z6:5\4]3 A 2-1 % 0a/b.c-d,e+f*g)h(i , j8k%L$m#n"o!p 
725802 IHJGKFLEMDNCOBPAQaR?S>T=U<V;W:X9Y8Z7[6\5D4 A 3-2'1a0b/c.d-e,f+g*h)i(j'k8L%m$n#o"p! 
959bd0 IJHKGLFMENDOCPBQARaS?T>U=V<W;X:Y9Z8C7\6]5 A 4w3'2a1b0c/d.e-f,g+h*i)j(k'L8m%n$o#p"q 
a7ece6 JIKHLGMFNEODPCQBRASaT?U>V=W<X;Y:Z9[8\7]6 A 5-4'3a2b1c0d/e.f-g,h+i*j)k(L'ni8n%o$p#q" 
41 1 82d JKILHMGNFOEPDQCRBSATaU?V>W=X<Y;Z:[9\8:7 A 6-5'4a3b2c1d0e/f.g-h,i+j*k)L(m'n8o%p$q#r 
c0ca81 KJLIMHNGOFPEQDRCSBTAUaV?W>X=Y<Z;C:\9:8 A 7„6'5a4b3c2d1e0f/g.h-i,j+k*l)m(n'o8p%q$r# 
02ff93 KLJMINHOGPFQERDSCTBUAVaW?X>Y=Z<C;\:]9 A 8^7 , 6a5b4c3d2e1f0g/h.i-j,k+L*m)n(o , p8q%r$s 
6d2e9f LKMJNIOHPGQFRESDTCUBVAWaX?Y>Z=[<\;]: A 9-8 , 7a6b5c4d3e2f1g0h/i.j-k,L+m*n)o(p'q8r%s$ 
6e2054 LMKNJOIPHQGRFSETDUCVBWAXaY?Z>[=\<]; A :_9'8a7b6c5d4e3f2g1h0i/j.k-L,m+n*o)p(q , r8s%t 
48b315 MLNKOJPIQHRGSFTEUDVCWBXAYaZ?C>\=:< A ;-:'9a8b7c6d5e4f3g2h1i0j/k.L-m,n+o*p)q(r's8t% 
3eb1de MNLOKPJQIRHSGTFUEVDWCXBYAZaC?\>:= A <^; , :a9b8c7d6e5f4g3h2i1j0k/L.m-n,o+p*q)r(s't8u 
3a0012 NMOLPKQJRISHTGUFVEWDXCYBZA:a\?:> A =-<';a:b9c8d7e6f5g4h3i2j1k0L/m.n-o,p+q*r)s(fu8 
a59b13 NOMPLQKRJSITHUGVFWEXDYCZBCA\a]? A >-= , <a;b:c9d8e7f6g5h4i3j2k1L0m/n.o-p,q+r*s)t(u'v 
ba4ad0 ONPMQLRKSJTIUHVGWFXEYDZC[B\A:a A ?->■=a<b;c:d9e8f7g6h5^4j3k2l1m0n/o.p-q l ,r+s*t)u(v , 
b0fcc9 OPNQMRLSKTJUIVHWGXFYEZDCC\B]A A a-?'>a=b<c;d:e9f8g7h6i5j4k3L2m1n0o/p.q-r,s+t*u)v(w 
0dab0d POQNRMSLTKUJVIWHXGYFZE[D\C]B A A-a'?a>b=c<d;e:f9g8h7i6j5k4L3m2n1o0p/q.r-s,t+u*v)w( 
53bd66 PQORNSMTLUKVJWIXHYGZF[E\D]C A B-,A'aa?b>c=d<e;f:g9h8i7j6k5L4m3n2o1p0q/r.s-t,u+v*w)x 
a26c65 QPROSNTMULVKWJXIYHZGCF\E]D A C-B'Aaab?c>d=e<f;g:h9i8j7k6L5m4n3o2p1q0r/s.t-u,v+w*x) 
19511a QRPSOTNUMVLWKXJYIZHCG\F]E A D_C , BaAbac?d>e=f<g;h:i9j8k7l6m5n4o3p2q1r0s/t.u-v,w+x*y 
6c16da RQSPTOUNVMWLXKYJZI[H\G]F A E-D"CaBbAcad?e>f=g<h;i:j9k8L7m6n5o4p3q2r1s0t/u.v-w,x+y* 
e0f314 RSQTPUOVNWMXLYKZJ[I\H]G A F^E'DaCbBcAdae?f>g=h<i;j:k9L8m7n6o5p4q3r2s1t0u/v.w-x,y+z 
c6caf3 SRTQUPVOWNXMYLZK[J\I]H A G^F'EaDbCcBdAeaf?g>h=i<j;k:L9m8n7o6p5q4r3s2t1u0v/w.x-y,z+ 
de37f4 STRUQVPWOXNYMZLCK\j:i A H^GFaEbDcCdBeAfag?h>i=j<k;L:ni9n8o7p6q5r4s3t2u1v0w/x.y-z,{ 
2b2379 TSURVQWPXOYNZMllL\K:j A I^H"GaFbEcDdCeBfAgah?i>j = k<L;iTi:n9o8p7q6r5s4t3u2v1w0x/y.z-{, 
ede510 TUSVRWQXPYOZNCM\LDK A J-I'HaGbFcEdDeCfBgAhai?j>k=L<m;n:o9p8q7r6s5t4u3v2w1x0y/z.-C-! 
20eb2e UTVSWRXQYPZO:N\M]L A K„J'IaHbGcFdEeDfCgBhAiaj?k>L=m<n;o:p9q8r7s6t5u4v3w2x1y0z/-C.!- 
6714a3 UVTWSXRYQZP:o\N:M A L_K'JaIbHcGdFeEfDgChBiAjak?L>m=n<o;p:q9r8s7t6u5v4w3x2y1z0{/!.> 
fc8685 VUWTXSYRZQ[P\O]N A M^L'KaJbIcHdGeFfEgDhCiBjAkaL?m>n=o<p;q:r9s8t7u6v5w4x3y2z1{0|/>. 
3750b7 VWUXTYSZR[Q\P]O A N-.M'LaKbJcIdHeGfFgEhDiCjBkALam?n>o = p<q;r:s9t8u7v6w5x4y3z2{:ij0}/~ 
45ee74 WVXUYTZSCR\Q]P A O-N'MaLbKcJdIeHfGgFhEiDjCkBLAman?o>p=q<r;s:t9u8v7w6x5y4z3{2|1}0~/ 
64b9b2 WXVYUZTCS\R:Q A P-O'NaMbLcKdJeIfHgGhFiEjDkCLBmAnao?p>q=r<s;t:u9v8w7x6y5z4{3!2>1~0. 
20c748 XWYVZUCT\SDR A Q^P'OaNbMcLdKeJfIgHhGiFjEkDLCmBnAoap?q>r=s<t;u:v9w8x7y6z5{4|3>2~1.0 
bc3d2d XYWZVCU\TDS A R-Q'Pa0bNcMdLeKfJgIhHiGjFkELDmCnBoApaq?r>s=t<u;v:w9x8y7z6{5j4>3~2.1- 
e6c1a4 YXZWCV\U]T A S-R"QaPb0cNdMeLfKgJhIiHjGkFLEmDnCoBpAqar?s>t=u<v;w:x9y8z7<6!5>4~3.2 1 
7a663b YZXCW\V]U A T-S , RaQbPc0dNeMfLgKhJiIjHkGLFmEnDoCpBqAras?t>u=v<w;x:y9z8{7j6>5~4.3 2! 
efa2ac ZY[X\W]V A U-T'SaRbQcPd0eNfMgLhKiJjIkHLGmFnEoDpCqBrAsat?u>v=w<x;y:z9{8!7>6~5.4 3! 2 
c198ae Z[Y\X]W A V~U'TaSbRcQdPe0fNgMhLiKjJkIlHmGnFoEpDqCrBsAtau?v>w=x<y;z:{9j8>7~6.5 4!3" 
97238a [Z\Y]X A W^V'UaTbScRdQePfOgNhMiLjKkJLImHnGoFpEqDrCsBtAuav?w>x=y<z;{: |9>8~7.6 5! 4" 3 
aa0ad0 :\Z]Y A X„W'VaUbTcSdReQfPgOhNiMjLkKLJmInHoGpFqErDsCtBuAvaw?x>y=z<-C;! :>9~8.7 6! 5"4# 
8cd1ba \C]Z A Y-X'WaVbUcTdSeRfQgPh0iNjMkLLKmJnIoHpGqFrEsDtCuBvAwax?y>z={<!;}:~9.8 7!6"5#4 
98f7cb \:C A Z-Y'XaWbVcUdTeSfRgQhPiOjNkMLLmKnJoIpHqGrFsEtDuCvBwAxay?z>-C= !<};":. 9 8!7"6#5$ 
0c80ce ]\ A C-Z'YaXbWcVdUeTfSgRhQiPjOkNLMmLnKoJpIqHrGsFtEuDvCwBxAyaz?{:>!=><~;.: 9!8"7#6$5 
dcf8ca ] A \-C'ZaYbXcWdVeUfTgShRiQjPkOlNmMnLoKpJqIrHsGtFuEvDwCxByAza{?j>}=~<.; : !9"8#7$6% 
0d9748 A ]^\'IIaZbYcXdWeVfUgThSiRjQkPLOmNnMoLpKqJrIsHtGuFvEwDxCyBzA{aj?}>~=.< ;! : " 9 # 8 $ 7 % 6 
ff5a18 A -3'\a:bZcYdXeWfVgUhTiSjRkQLPm0nNoMpLqKrJsItHuGvFwExDyCzB{:Aja>?~>.= <!;":#9$8%78 
3fe6b9 - A ':a\b[cZdYeXfWgVhUiTjSkRLQmPnOoNpMqLrKsJtIuHvGwFxEyDzC{B!A}a~?.> =!<";# :$9%887 
51 5664 -' A a]b\cCdZeYfXgWhViUjTkSLRmQnPoOpNqMrLsKtJuIvHwGxFyEzD{C|B>A~a.? >!="<#;$:% 988' 
0f1ce8 '-a A b]c\d:eZfYgXhWiVjUkTLSmRnQoPpOqNrMsLtKuJvIwHxGyFzE{DjC>B~A.a ?!>"=#<$;%: 89 ' 8 
d99cbd 'a-b A c:d\e[fZgYhXiWjVkULTmSnRoQpPqOrNsMtLuKvJwIxHyGzF{:E!D>C~B.A a !?"># = $<%; 8: '9( 
322b4d a"b-c A d:e\flIgZhYiXjWkVLUmTnSoRpQqPrOsNtMuLvKwJxIyHzG{F!E>D~C.B A ! a " ? #>$ = %<8 ; ' : ( 9 
ef9c29 ab"c-d A e:f\g[hZiYjXkWlVmUnToSpRqQrPsOtNuMvLwKxJyIzH{GiF}E~D.C B ! A " a# ?$>% = 8< ' ; ( : ) 
ec74ce bac'd^e A f:g\htiZjYkXlWmVnUoTpSqRrQsPtOuNvMwLxKyJzI{H!G}F~E.D C!B"A#a$?%>8='<(;): 
f43761 bcad'e-f A g:h\iCjZkYLXmWnVoUpTqSrRsQtPuOvNwMxLyKzJ{IjH}G~F.E D!C"B#A$a%?8>' =(<);* 
b3a479 cbdae'f-g A h:i\jCkZLYmXnWoVpUqTrSsRtQuPvOwNxMyLzK{J|I}H~G.F E !D"C#B$A% 38?' >( = )<*; 
cb79f0 cdbeafg„h A i:j\k[lZmYnXoWpVqUrTsStRuQvPwOxNyMzL{K!J>I~H.G F!E"D#C$B%A8a' ?(>)=*<+ 
cc2a87 dcebfag"h~i A j]k\lCmZnYoXpWqVrUsTtSuRvQwPxOyNzM{L.iK>J~I.H GIF" E#D$C%B8A'a(?)>* = + < 
1b4685 decfbgah'i„j A k]L\mCnZoYpXqWrVsUtTuSvRwQxPyOzN{:M!L>K~J.I H!G"F#E$D%C8B'A(a)?*>+=, 
5dcf03 edfcgbhai x j^k A L]m\n[oZpYqXrWsVtUuTvSwRxQyPzO{N!M}L~K.J I!H"G#F$E%D8C'B(A)3*?+>,= 
cf0f70 efdgchbiaj'k-L A m]n\o[pZqYrXsWtVuUvTwSxRyQzP{0!N}M"L.K J!I"H#G$F%E8D'C(B)A*a+?,>- 
8e0d9c fegdhcibjak'L„m A n]o\p:qZrYsXtWuVvUwTxSyRzQ{P!0>N"M.L K!J" I#H$G%F8E , D(C)B*A + a,?-> 



4-10 Chapter 4: Scanning the Source Code 



--6332 000cb2b0f 0d80010001 Page 4 of test-file 

3eea20 fgehdicjbkal'm_n A o:p\qCrZsYtXuWvVwUxTySzR{QjP}0~N.M L!K"J#I$H%G&F'E(D)C*B+A,a-?. 

fca03c gfheidjckbLam , n^o A p]q\rCsZtYuXvWwVxUyTzS{R|Q>P~O.N M!L"K#J$I%H&G'F(E)D*C+B,A-a.? 

ec6e74 ghfiejdkclbman , o^p A q]r\s[tZuYvXwWxVyUzT{S!R>Q~P.O N!M" L#K$J%I&H , G(F)E*D + C,B-A.a/ 

e46bb2 hgifjekdlcmbnao'p_q A r:]s\tr.uZvYwXxWyVzlKT!S}R~Q.P 0!N"M#L$K%J&I , H(G)F*E+D,C-B.A/a 

233e6e higjfkeldmcnboap , q^r A s:t\u:vZwYxXyWzV{U|T}S~R.Q P!O"N#M$L%K&J'I(H)G*F+E,D-C.B/A0 

bfc578 ihjgkfLemdncobpaq'r^s A t:u\v:wZxYyXzW{V!U}T~S.R Q!P"O#N$M%LSK'J(I)H*G+F,E-D.C/B0A 

9ab11c ijhkgLfmendocpbqar's^t A u]v\w[:xZyYzX{W!V}U~T.S R!Q"P#O$N%M&L'K(J)I*H+G,F-E.D/C0B1 

4d3718 jikhLgmfneodpcqbras't-u A v:w\x:yZzY{X!W>V~U.T S!R"Q#P$O%NSM'L(K)J*I+H,G-F.E/D0C1B 

53e9a2 j ki Ihmgnfoepdqcrbsaf u-v A w]x\y[zZ{Y | X)W"V.U T!S"R#Q$P%O8N'M(L)K*J+I,H-G.F/E0D1C2 

7381 b2 kjLimhngofpeqdrcsbtau'v-w A x]y\z[{Z!Y>X~W.V U!T"S#R$Q%P&O i N(M)L*K+J,I-H.G/F0E1D2C 

20acf2 kLjminhogpfqerdsctbuav'w_x A y:z\{II!Z>Y~X.W V!U"T#S$R%Q&P'O(N)M*L+K,J-I.H/G0F1E2D3 

1 52764 Lkmjniohpgqfresdtcubvaw'x^y A z:{\|C>Z~Y.X W!V"U#T$S%R&Q'P(O)N*M+L,K-J.I/H0G1F2E3D 

49579d Lmknjoiphqgrfsetducvbwax'y_z A {:!\>[~Z.Y X!W"V#U$T%S&R , Q(P)O*N+M,L-K.J/I0H1G2F3E4 

ba5335 mLnkojpiqhrgsfteudvcwbxay'z-{ A !]}\~E.Z Y!X"W#V$U%T&S'R(Q)P*O+N,M-L.K/J0I1H2G3F4E 

2f2f06 mnLokpjqirhsgtfuevdwcxbyaz , -C-| A }]~\.[ Z!Y"X#W$V%U8T'S(R)Q*P+O,N-M.L/K0J1I2H3G4F5 

6a6706 nmolpkqjrishtgufvewdxcybzat' |-> A ~].\ H!Z"Y#X$W%V&U , T(S)R*Q+P,O-N.M/L0K1J2I3H4G5F 

efbf49 nomplqkrjsithugvfwexdyczbta! ' }-~ A . ] \!r."Z#Y$X%W&V'U(T)S*R + Q,P-O.N/M0L1K2J3I4H5G6 

3f7c1f onpmqlrksjtiuhvgwfxeydzc{b|a}'~-. A :!\"[#Z$Y%X&W'V(U)T*S+R,Q-P.O/N0M1L2K3J4I5H6G 

bd4c7d opnqmrlsktjuivhwgxfyezd{c!b}a"" . M A !II M \#r.$Z%Y&X'W(V)U*T + S,R-Q.P/O0N1M2L3K4J5I6H7 

6fa56d poqnrmsLtkujviwhxgyfze{d!c}b~a.' -! A,, :#\$II%Z&Y , X(W)V*U + T,S-R.Q/P0O1N2M3L4K5J6I7H 

47a050 pqornsmtLukvjwixhygzf{e!d>c~b.a * !-" A #]$\%[&Z'Y(X)W*V+U,T-S.R/Q0P1O2N3M4L5K6J7I8 

113535 qprosntmuLvkwjxiyhzg{f!e}d~c.b a! '"-# A $]%\8C'Z(Y)X*W+V,U-T.S/R0Q1P2O3N4M5L6K7J8I 

144d7f qrpsotnumvlwkxjyizh{g!f}e~d.c b!a ,,, #_$ A %:S\ , C(Z)Y*X+W,V-U.T/S0R1Q2P3O4N5M6L7K8J9 

3423b4 rqsptounvmwLxkyjzi<h|g>f~e.d c!b"a#'$^% A &D , \(i:)Z*Y+X,W-V.U/T0S1R2Q3P4O5N6M7L8K9J 

64762c rsqtpuovnwmxlykzjti |h>g~f.e d!c"b#a$ , %-& A, ](\)C*Z+Y,X-W.V/U0T1S2R3Q4P5O6N7M8L9K: 

f9a617 srtqupvownxmylzktj | i >h~g. f e!d"c#b$a%'&- ,A C)\*:+Z / Y-X.W/V0U1T2S3R4Q5P6O7N8M9L:K 

5e5771 struqvpwoxnymzUk|j>i~h.g f!e"d#c$b%a&" '-( A )]*\+[,Z-Y.X/W0V1U2T3S4R5Q6P7O8N9M:L; 

85db5e tsurvqwpxoynzmd | k> j"i . h g!f"e#d$c%b&a' ' („) A *: + \,II-Z.Y/X0W1V2U3T4S5R6Q7P8O9N:M;L 

c7debb tusvrwqxpyozn{m| l>k" j . i h!g"f#e$d%c&b'a(-)^* A +:,\-C.Z/Y0X1W2V3U4T5S6R7Q8P9O:N;M< 

cbac24 utvswrxqypzo{n|m>L~k.j i!h"g#f$e%d&c , b(a)'*-+ A ,]-\.[/Z0Y1X2W3V4U5T6S7R8Q9P:O;N<M 

ed7864 uvtwsxryqzp{o|n>m~L.k j !i"h#g$f%e&d , c(b)a* , +-, A -:.\/II0Z1Y2X3W4V5U6T7S8R9Q:P;O<N= 

32169a vuwtxsyrzq{p|o}n~m.L k!j" i#h$g%f&e , d(c)b*a+',^- A .]/\0C1Z2Y3X4W5V6U7T8S9R:Q;P<O=N 

79bc26 vwuxtyszr{q|p>o~n.m L!k"j#i$h%g&f'e(d)c*b+a,'--. A /]0\i:2Z3Y4X5W6V7U8T9S:R;Q<P=O> 

45e089 wvxuytzs{r|q}p~o.n m!l"k#j$i%h&g , f(e)d*c+b,a-■ .-/ A 0]1\2[3Z4Y5X6W7V8U9T:S;R<Q=P>O 

4ee0e2 wxvyuzt{s|r>q~p.o n!m"L#k$j%i&h , g(f)e*d+c,b-a.'/-0 A i:2\3C4Z5Y6X7W8V9U:T;S<R=Q>P? 

f989db xwyvzu{t|s}r~q.p o ! n "m# I $ k% j & i 'h(g)f*e + d,c-b.a/'0-1 A 2:3\4[5Z6Y7X8W9V:U;T<S = R>Q?P 

869caf xywzv{u|t>s~r.q p!o"n#m$l%k8j , i(h)g*f+e,d-c.b/a0'1-2 A 3:4\5C6Z7Y8X9W:V;U<T=S>R?Qa 

6c9875 yxzw{v|u>t~s.r q!p ,, o#n$m%L8k'j(i)h*g+f,e-d.c/b0a1 , 2^3 A 4]5\6[7Z8Y9X:W;V<U=T>S?RaQ 

1ba50d yzx{w|v}u"t.s r!q ,, p#o$n%m&L , k(j)i*h+g,f-e.d/c0b1a2'3-4 A 5]6\7[8Z9Y:X;W<V=U>T?SaRA 

b140c9 zy{x|w}v~u.t s!r"q#p$o%n&m' L(k)j*i+h,g-f.e/d0c1b2a3'4-5 A 6]7\8:9Z:Y;X<W=V>U?TaSAR 

15d133 z{y|x>w~v.u t!s"r#q$p%o&n , m(l)k*j+i,h-g.f/e0d1c2b3a4 , 5-6 A 7]8\9[:Z;Y<X=W>V?uaTASB 

8eb266 {zjy>x~w.v u!t"s#r$q%p&o'n(m)L*k+j,i-h.g/f0e1d2c3b4a5 , 6^7 A 8]9\:[;Z<Y=X>W?vaUATBS 

9bde2c { | z>y~x.w v!u"t#s$r%q&p , o(n)m*L+k,j-i.h/g0f1e2d3c4b5a6'7_8 A 9]:\;C<Z=Y>X?WaVAUBTC 

21e1c4 j Oz~y .x w!v"u#t$s%r8q , p(o)n*m+L,k-j.i/h0g1f2e3d4c5b6a7'8-9 A :];\<C=Z>Y?xaWAVBUCT 

41b188 | M~z.y x!w"v#u$t%s8r'q(p)o*n+m,L-k.j/i0h1g2f3e4d5c6b7a8 , 9^: A ;]<\=C>Z?YaXAWBVCUD 

ed5a3a > j ~ { . z y!x"w#v$u%t&s , r(q)p*o+n,m-l.k/j0i1h2g3f4e5d6c7b8a9' :^; A <] = \>[?ZaYAXBWCVDU 

9cebb3 >~| . { z!y"x#w$v%u&t , s(r)q*p+o / n-m.l/k0j1i2h3g4f5e6d7c8b9a:';-< A =]>\?:aZAYBXCWDVE 

e4be9d ~>. | {!z"y#x$w%vSu , t(s)r*q+p,o-n.m/L0k1j2i3h4g5f6e7d8c9b:a;'<-= A >:?\a:AZBYCXDWEV 

97a297 ~. > | !{"z#y$x%w&v , u(t)s*r+q,p-o.n/m0L1k2j3i4h5g6f7e8d9c:b;a< , =-> A ?]a\A[BZCYDXEWF 

d43633 . " >! !"-C#z$y%x&w , v(u)t*s + r,q-p.o/n0m1L2k3j4i5h6g7f8e9d:c;b<a = , >_? A aDA\Bi:cZDYEXFW 
b6af 5a 

44529f This is random noise with every printable ASCII character: 

094411 Qt!d6p07F- f3NY*}TCb0 yxW+<"-3W1 Vs<DCSjM=N k(ujYQMiLE !M|$*0X<6/ 0SM#?{Ajf* \qJ 

165bf0 +=2U~qV kZ8y1Q03 A \ ,J(}xo8iI 5R2D(q3 A ••5yHf'hBcZN hT?bAELg: A M B?4"?46Q A 55DWu 

05b360 |$9e UEvzr A 6Nyc < c;=wQn#- 50\+L'A/6w -oEltfsccC •$9"xgm{ur1 M9n+C>BPPL u6Agy%(wf 

1625e6 - e#xT kD..q |>!x=NFik: - M w0*Lv4}Z t/5'SCLCef f ^[ 5 $B~>a , 6<G#1\~kqs 'QKG>k.8*q b 

6f4b1a %f&$%C0BY jDXG\D6M<= dd;No>Xb!< e?hjbx.:3u x=Q:S~Smz6 6d3T: SSd9 M!SC/md%bZ 4uo0 

12983f IZ+_+B Hs-HG0*]$W T z k ? \ n " 8 . 3 {CTSN5 A mV$ 31'DSeE+By -9'!8x)K$" YU:k2)B6hS Lw40=aq 

d97aef 4A! "zbx$.y&yS 4<k:^" 0bm t:B5-VS.!U cK+qF.hvg| S5pV2!6|S+ H=E~pP GVc aR6p;.X5?- 

343a33 -0Z.vW4#o\ 2X2bUV76Fx Hf!h=3(GX5 03{dT~R.=d 0E<#\RIR8$ 6iTFn{~!!, |quyD!7)dc }f 

57d159 (M0Cb2rx D=k=<l>F,8 ~2\!Fbb*/a 7/~or.-h*$ rA3]\fiu~h CfL;JVJ,E- AL+0-tVlwJ 8%-"k 

0cda24 #>T)V RrcS:LHv%i . 6Q mbw531 >0&A,WG-my Q}j;FaA1SL TL25DGER A c a&L:JI(EyW aofa.tDZ 

598658 :x L.IqTxP8Y3 CJfmO)g$II -i##+ A =%bf )Xd 'zY:3> yk. P3Fv%T (WicqnDXtJ aJ6Y"ML ,d- 

c0598a :d6J,-0]jU Q6$=ZY:#ex { RL F ? LR ! 2m H8oReM;8\L K'7B*};Tv ">*Kp, A [o$ \TWoocY;A BUS 

534b45 LP<~H'! 2LQ;(.(* d TkNA0(\mj -kLt)K:0I>? 0W{Z-#ZAa/ -MV6+D>+hf Zo>t>Go:8? 2z05Rn 

8f0eb8 w_x% P88t33Zzr5 p'e5v}N7m] :r A )g> JIM a?4 z/r-s' Wr)UA=a{LZ )aWGa?p,3P TMC'aNT}' 

2ce552 , i A 0(~,QZxZ Q wmm$.>0b p38?u$ ~uf #kZ/>2)uKW CBaGQ|t4fb L"Hq"Ddb#d r.sjmy':NQZ 3 

0f4684 -a0qQvT$a LP0q52qvaM l9b(P.Y+|l =yyLnNpP"; N-3a{*3Gqg Qo13l9Z6Eu <b{kSLjnJ: Dxrd 

8284d9 6:W>z& )c7B<Jd2U" QjB{U/FL(" zcy28t*?c3 wS<a8Nu7=D 'aUodBtcSm | "q^R; K :h"hC9$ 

aa0c35 • 9d nQ .Fc11++ h>:ePRcx<> >c:Tg8mIVY Ve?:sPB -) vnKGOBcM!" 9VvQB>(x9C UrS'5Pc;NC 

3f36cf -v#W6f#8e2Q &#XD(RCc.1 A 5h/y%ZU-R de<g}"vL8> q?TDz50*h/ R>6TykaI>C Z)+Y Trz"a S& 

cbc063 3fU=0aZ~ pSwZ2AxVMQ U(\+zX-\s3 'D3Btt|srj jBW)9+Tjg* E5k>?En>#r 624(,){wNc #mP/? 



Chapter 4: Scanning the Source Code 4-1 1 



--7fda 0002a3ecf 6580010001 Page 5 of test-file 

45283a 8vl)< t7{7#y:v:M NV3T0+#3?' p3=8*d/GA$ =9-5SS0~Yz LP"tP22T.# H8r-67N7ri 0~" K!ZF 
fc0cd2 SD R7EaIyoIb9 RCeiozYVK* J*>KaA{$6K C.aRz(5lWd ;KB68x A -K* IUvjOw!z0Y n-"v?3N%ef- 
1abcb9 (|S!\'Ifuo i[eaY A n1dD fTJu -Ilg.c aa>3,"6{9 -{ A ,ZM=3+X$ 3x\sWD~8$: B>#B4 X1QT ] : 
1f7770 wMBPN~d YU|zT5~2/? A B07Q A k>= V2FucrrE;L 8DLMDCYcii *vVCV?vp9J \Ac048j'} -GJF!%' 
d6751f jkFq jJ7=?%Si%0 f II ? I E | h F F1rNy\th=o Q-SV':XmF? e-q"u8"#&' yR)SEqp5#B Su nNm5n7 
db875e w )Xk>6nA;>; 'n3y\Ey{gN d:>SO-jD#p n,1ZMLYi8] HT0nO,S>~9 =idGQ8G?!6 0mxYD-q#6; C 
9f21f7 ,, 0Z"Kp7e x*) QH>ds. mhwMWw'oPS TQ0W|=k'ue ~e=E'"9oR$ KR*C0wp2kF ;zZVf;LL'K AppC 
4abf3f Cv,0? :„i/GK{w\4 4jVP7$W'0u }9VC-chL<! 80 A ~,SXACm y>Azr")hP' (c-hLY%Jc) ?(gr A &3 
b9783c L0+ N#WP,=!498 Fn>>qiazE~ *n A .#(; + U A7; A 5Lx<A< \:yFyqhxrp N~gT7rA!~c 7?Jc8f"Rl A 
232864 -f8"VkYF\?t $Fowhpsl8+ Qn~5pN"08f y = ?Pc{oUUq Efb4Z)7eqh m{?<}kUd?L C | b T j 6 * \ M o A 
f12495 zxu]g-/V NoV:B9Vn82 xgT,n.<9N, I"n'iK3a$a WxPpPS'-* - A ,1iEJ8Naa ,e:WxXXWf- 70T# 
eecfe5 EC -7 .!KV9yvzJ# dWV:-.!:-6 Zg66D34C9? duv A Lo8oMk %8Q3%Lo8 K 4 A DGo!a0 A F R#sBKpt 
17809e 8r T8zAv3??3S UzkV\x2!~d o%-Nr Q e u 8 pE-!d<48ti '=jVLkR/oa y n ' y 3 i o C R ' 3aM,sb!Zs A - 
994ff6 A 5BGeQ78e1 i)2SxU$W<7 fa'GBb;>Xv z>vMR|0'qz !KcS08ocNT V{A64?n(Pf D1uABV0:>1 ~b0 
d471d9 70sb$r6 4L1Q89" \D OeP$vjB%NA [U5086aL4T B82Y8/6J=f nj!V*$"Hh] Z+3/K-3 Vb h<*tPQ 
3f8df9 24C! ]X8aZNG6IC \RL:oLpRmV t K : C ] N \J] M<i{c E$A~ .9Cx'sf]]Y wjdC!AjZP8 :4X;V\\U1 
f 3 1 2 b f h T A pHE08{Rz 7;vU808;F> ~Y#Y3VjxC? 1e>3hv1dpE h{$8~?C = LX L2%Cy>c9Vu QPeHaJ:(G • H 
e75df3 5 em;0F,< 1]0->fc1b2 HZDoqL5qM] K3rco6o*i~ 9 , # | I 5 ' ~ t 8 6vIc,8.f=V 0:tF(~0$cG dAyv 
69371f ~uk8L" rb8,niFBnV dyb'(cB0p$ gzmUcs'emw p!2WGTG>/) nf|R8l3*8( 8bhvgLa_oO "'%VK#c 
114cc0 QwR r#?<CJTILW 6Np^0MO^.N 3%03eb)6x{ 55Y-j#-?-3 > {LL\Wz>h Nxc."y'z0: iyxj$8wA$u 
a7cb8b • ! ? j Z w b x ' * D ASY8WQEq-/ Uyjnn-oeHp 1HysAWQf/o h(n7M A wZHM 09A:*$cw8t !e_X5Fg%]M Je 
774040 U8Z-N%-£ >vC~Z;%LY8 :_DDDG9rR" %f0352opNj qi?+nhauxx :Wvapf1Q<7 LGJ\48+~>z :#T!d 
ecf923 Jy A y4 ns!U"0o9d9 ,uqA"p<yVT ,U A S0:N'M: KLTz\j\sIh 8+h*DbDx\i 9>zSi\~$.J ^CHK <qf 
a15cca 8* L13Lo-*YXC Ts A 1r-<;Nj sE[07?3A. -BM3LTy%wlV Kg\)"tT{PH ,XULksWiDv d3k\C'IyIq- 
125920 #zawOZHt{R N{7BS!dK5F !#, A I'(9f, H$a#JV{|"J 6iL7KtLr A J j):n.SU:d> OfzycyAY0 #DT 
9d92b4 xpDT88< R,L# A dgD!, d$PEzq~+w" Jw=nIR$cpS :VN~<)|Eb A 3$A"#Lw#xB 6.Bh08Vcrp AmTHjv 
9a47e4 (J=8 A 70+/0$NG7 i|joSKbAc" 5Gw,0BIdm% :0,f1W/E2x yiuCl8$KD: <C?Cj$Jo!a *I, A XRnNt 
13cf6d e h)^>.(BEx- 8;M:b>8B9B E>>tLLgS#P -Nggm*'Mpy >1FYIeohN3 L(TWo%Z= A : D~WN'"<WeX - 
00334e /2r z?0 A ) 3'8583q0*6 aa-ctdJTJT \D'Tcm3j$D 'VaGH.QCZ0 gt7KhspIM +~vu3 A yT*! hFQw 
faa3af w-0)E8 \ A 4ES%o>7w +m.ihbqfjW <L#G|)L5$G 51D7Y3NGOW I>#,-iset. wU/!?A"f37 WN+tyZ3 
03b612 Nw\ zewaWUVemN j LW<N<0bm$ xy)P*WEdB3 ; "xVgc# a Uz{qG A -KmU v , MNL2njY* Y >>dA<Cnq 
997419 -jcbF3.4uN+ xWD(F/aMv8 2W/Ts03bj( MNfYcY(kT! x8f%g10- + k\F<|8$%LR 0,5i1>>/?4 89 
b8843b y82wt>J] mvus{w=NIM C5hZPtye*| $5,y'GAbB0 5!U.?!WiX4 >nP3e3=b/? ;6|bW^#d75 LC#nx 
1617d6 LD-Lc :v A M2A\N7u 2U<nU"8kes h^%U$2?g(Y f'k8a:=T~L 8<:7?F|3Re X<tgCYp36T ~Z{9uM5B 
9e56ab XN 3e{Y",)F| A nG9H5L\ffC "r8.(WcS4s 0Jw<T;63x% 2Ki A %QB3p ■ > , S ' I ' t a ; " 0<]LRnEUCW- 
35e6cb .3 \ R ] M S ) S \4Ic'(|82- oYr[{H PC+ Cg4>2g'eAc jEzsB"80Dr 70#\LT W5C I?N.F10(%8 !,L 
5f26ef # / < D ~ 3 Y D6zu70(WkO 7H;E+CKCmL WLXpmW2G'S ~IrLNG5><M Wodw;(bdQ: *+ja=Dem#b r/f;Dd 
ca8676 Wn>, #!w(c]Yzhc eCA(8/(hD{ (4:ik)8te) A /V9hQ"JTe ump#uZDqOL f3nm9'S3S/ *E5XH\.+G 
314574 ! 6$kmH[:q A " Nl?,3-'M/j BD8~0CDP9Z 8Eza_m3 A pk 0ximV7y>'< a</ , ]'w53> .\:xyyicEz / 
c942f6 e0C_NK|/h >Ip{A8/<'; z4pq~T8v.D >e<i16uyI2 :.b3;{!Vry c k i 5 ! H C C : A TE:g<12NQL 1jt. 
718a76 kK>b4 A zsMY4psoyE 1.NB3yqiQ -OL)!!gPt {UiLGVdiir 535-%| A %Q" Ln7nL|<iR8 =#cpdNZ 
7d58c8 WCm VzLSVo"U>o 5 A /2wxe16 -vpuBIMf76= #mero;pJ$ m64cxBvxSn I11vwE-2T. 7!m0oM+sfu 
47fe31 -zY!=Qyp= A : o.D29ScGTz BH5LS8SI.N /hQ8Ynep;R _e63FZdB $ 6q;9BdGndS 4Z/ =|;Lyw -, 
3dcd7e vgm9hr}{ 95$z]r„1Hp Wq8T-pL8CY 7?|P(oK$Qd S-sF=#n.hC Lu(]B.}x:6 7c=%0AStU' FKoI7 
2a2790 z0Cx| !Zp,UfCk|W :\]Y.R/2"U q|rj-N''! A jj4N+}KbNc ,:KCF] A x9M )5|Wu$QTb9 tgGr1+>q 
8e36ad HJ p#0K A Ha*<j 9?3;pdz*"o Fb>N!osHxd H.%mo/'C0> bViGQpFB*j A 9!K+FDloi uUk"YDQw<1- 
0ee8b7 8V!wy3Ud?2 33' d sQflD XGs|uk9(8= 62RSg8rv11 5uR8G6rLPK DE*-\/BygX ;)pP[ha + ;v jyH 
4bb686 >m2N6Co Kz9W=03s9X *)vrg"+[#u ItCXaW|14H J FW=:pu5z )kc,v?,jrR 3,|j8+~N4F X>fon\ 
62f038 %gY/ :8JWD2Jtn] iI'qER$iz\ aIT<L<rXo- 7d2G,'3g%y )LSXm:TG#3 TO=mBuZMcq s6<zJ!>D/ 
3bdbde ' -.]xz2azB2L L:2at-!cot )pB'kc6oru km\*h 92re "#Ab%80y!U CNS'oDvbn' Lj7L$J<fv> 9 
a6b96a >L?Jc= L] jaI>V-.7CW r$ :3f/[NH ;d%|~#F\\a $-q.j8fB%V "q'i!<8FvQ yN'|q'V2xW kbYn 
9c2f0b Ixq!9s y]p7s7+B?% C~-$Sqy(ae 8R2/D3H8#C pWd(_'Dbqd Qe2a';"C$8 6G:GoPJ0A< 8AH*c(x 
46daf4 HiG ygL2g06 'I >p4k9E-R*0 O7TW0>?W*9 sK%$ A %(%LG *3-#>-.KP] 86p!RI(kf{ k|op8t:Jhw 
ccaaba -r{uO'B!d8$ v"G= , 3$ DL 4Z 'tJLj#' x0j;.L>/B6 iP5>R5??0Q -XLUBTX//8Q #j<M)Lo<ZY pT 
76d9da a#t\0FW> Bs>vL?-zP0 i]o6J,n%v\ 7^HqmkI,gh $3lCjDpw+Z wn!!Z#x7Z- #~aoFmT/jX 4tTVi 
d4f49d MaB!V ~Wh#P Z A sZ VJ!A|.-UwA Mw9wVXu-ft 0t300nD+Jw H90VC8LeRv hn/Bd9)V{Y 08£{G$C? 
2dcf19 Wi 'ay*i\Y'5C Db.UheZ?2g +'j0%+dn A h Usv3JTEj"i 0D4r~S"cv. b;Jj 6IhB{ 6,%kQoj;;w 
3051d5 Lk\ mAwxfW .B1Ahz"dTw V'CDK\-C=, y)w8>p{U#* 4K',*Ca"58 XY+56K07UG M_G;\z;coM QY7 
83e1a5 q;6'Qu\ >oBF<axc(C M\zHwC5Ehc |U80\f87r! 2E3p>%vbCD >i4y{Z'WD onsWq(Gp,V LDTN;4 
29ed6c q\S0 h(aah!wC4d %9"-3r918c Z2nl%I=2i8 *C#(8G=zV? UMrHcINGW Dp\m.nW2*- *gnQ"i8Bz 
ca8989 C j"PLMuAQMe *SQx,c k6+ "YPh\od9\L *9b [5MATT 8N~fKg>S5 -eigRK!,w67 y4j,-,"4~d z 
e9e7e9 K,_,I„uGjX S,YQ5QhL'- KkAUIRQ.3J ?*!~!EjVS; - L t-U? = 2> i <<EnjS"5 + A *>:08m$AJ. =ja\ 
04586a )sWoLs 2bvbe*k$Gu aBHMCfwRu5 WnFHF62:?D 4%];mab , "A GnG/gy%y4Y [~-n2H,S3= >XC-8$ A 
a415fe YZ' I6.C8%Tqk0 y||?8N„C$Z H:1IyjN!1w <8L?m;+z8" $AzR>;SX1x BCg+ne9dyV Cud A >]d!0e 
c223ca -K8>cisubd5 L3r2ZT).NL 1+~nm >S3f CHS0;62P: A *nF A wQ*ER; N';LCLi'SE $qg7$6GT"X E7 
8938cb Gv?LFW;t S> =($pJQt 6->LC~K5Np sde'+>x>zJ zgB~VLMK'd C./BZAnKgb N39L74gaQ- pC|Z* 
9a6222 FbnxS (ETF4!/v/] EJLZ/+)nQy LTQo43h7;n L5njAcy{x3 EwRP!A~ziH ;8aY~xqjS A CJ?$A;j A 
479d17 -B /oWQk085jP A, FTx1)U/I KM;cJzCiNP $"BS7TPgj/ CdeUj8a15* Qm8I/Lw_C{ bPr5>Z2+GR- 
c926e2 +%WCfhVmD( JNh7CHW3$: vLhN A ss2'~ 5B{>uf?zCi )}mQU+RmuI A uvPi81h:G 3B~zby;IDE /sw 
162349 7Ge-m>h q9JwH3/L<C 8;k2V6S{X- Pv24!|/ja! )xF=(3VH3n ,>;?04w/~F 1W%/fomgnv 51blg, 
b3c963 fSor <0~:%+9K/H 5Wf'BNp6,$ oM-x1 A h!+n ')72B-?j'Q GS A sBujF;i Hb~$L /;26 FFc8eLc7k 
2a22a1 ) H!'>yMYd;~ :$p;0)JGJp ,sPUUg> A Lf T%R~[78X\R JjiQ2.x x" IWJ.v8C]a- 1,9IDq#tKJ 3 



4-12 Chapter 4: Scanning the Source Code 



--1285 001 f 0024b3880010001 Page 6 of test-file 

af9d47 (oAro;taa )mD/F~mS- -vF~hIs5pME =f]+~Ri A s A rAnOn t ~ r_ [ omI>34X q'vEKUB<~d q#(2 

79d247 >v2p)/ a~:,=M3vD0 8U jt9iVVX CjXS>IY-r< *EGTe;uro/ my;'dqZ:L7 "g$HA.8Z7B A vcvLVg 

314c2f <|U 5YU'5oPIuO vwR%-+:0+x kp13U*=(>0 PVs>%=4TN) ~+W*E(2<K{ \<„dVd-&C1 50 A R " 4~ i [ z 

455427 -3"881Ta- A ; ; ••'#Aq3V <&{M"c&|V: nO.A18!Jb9 ~6+"Wy>+5W 2#4u)/L3(8 6Y~0TI/mtk |L 

ccd2d2 Ywjd-3s< ) 2 L5 C m = t CO. Z> "*jsuLp Fe((pH|-k# 65x!Rm\!74 46) *|Lx=0 E50n/ZW2wm pkw\E 

cdc9aa xsZu% ~"u{nk9{J- wK>R#NJnr8 jtlaeXWkCS 6MZ"fSJCbB ~qoM9ll3Q3) 1g*i<r+o A A 6A"fkBJ+ 

2bbb58 /F { s 3 W 1 a j : # | + c ; z n , Y . F I HT;h~CwB=s MHG,0-0- A 8 z3H$jhJW8p P Y ( p N J . ? ' X 8ewbr#Xq9- 

9ed9e0 L:&6e A KSgy pjC;vuyO\| Q_%T>-C5Fm I!2%LemCo A Hv&3mR|jeO j!FuBX90%b 5hZzS~k/+1 .Rt 

a54165 "L\Fx%/ K":!;GSzU8 044,|C7.GE 9'+uJ!zYxC 0AsTEo*]P; bDk#\wJ~LT ]WN-0%Up A c R8W7C6 

f18e74 m[%P qSYi~Y<\Yz (Wa+*Rimd9 :YGMG Rw A Z(GlB%j=6p wxxGbgMhD 0ny-An-'8d \r(a[BuI4 

b7c98b j .3"r:>CCQh Huk8 IMb0* 8L.C_TLJvw xjttCPOwk d!|+N\;Y/Q ;* ovJgo#] t(HCr%;\"! { 

e96423 )'XA]go! -!pnHUCH03> , A S/y-.wh* lb<JG-KH$I rnkK5<\S\h .w)88>>-xj 6553HZD$p5 Y'&U 

815e30 =V0$e; nS|jR*c=wv *7.aY0Rn!) ,A g]khC'a/ Cy+fCHCOub "D>2s*3|S: ;wE!8lcG%? 0#wVCGI 

aa0a2d >,K JHSTpM)($A IC5r$Zu3v# nV|6!<ai{j M=uwF~{d{B 23)i)J')nL k-C% %~k*I !AI ;.t34+ 

effc2b -=qvgR}S{[= 7?\9>EDdKE tB?!;|5DkO -5f]eb6#?J ydC?)AhKE] aC>EmMG>d% Hb6+v7HAWB 3 A 

105291 ,TGWv#EX L5JyYhC A 6! L-6cRW8q A L g}u3rubKQ/ {'8a_swa3B I#>~<-]eZB PbSCCjuOWn LN7aF 

a7fec7 uqea9 |8#*rea5F0 wS<qFkI6a4 Tr(Jdn)>U8 U-);n? A ~5S NEv7L-W>n) tSlTYQ3-gh n!Y+^U31 

afe035 &k }#3(X>ta/i bJL4]JxC4g jr!A02G{fB 'KUC=7R'G2 5F)_aLs%m\ n}#~B|eeyi 0-Kc]0,o>>- 

7406d4 $zQMnV;KI' M&iGkLAVZm #N>RW/Mu3Q q~]H7&o>J: 4a+'# A 8m3; A mtj8g+iV| 1Cy435 A JWr cP/ 

390c15 ?hy_$6< ( ,, m0mD*PR Jf]"F(561u 36M7uON2;S 3AD.bN_5y' Wg3]>Vks8* cA>0o-KDAk ewF5TC 

93e60a , C U ' u;?J(0b28F 6VD3 e^hHE nW2Hcn>E0t L<h\~wtCL( pFyS&'-CHAh T1a3,$P!b| HV:AI]mNT 

db8854 C 0,w-%ANm? ->=)#m'bgB( \Ie:44kL'8 ~E~ati-qfC lCzs>'6Fjo b*~ssiz,-z A 8DFu6-QCv < 

f87f3e jH|"nvqYV VJmaCy >L\ m#I%-zE$%a MCmiRDp&TG ?dq6e-'?"N +PL#vM)U9S %m A b»e4'7S )i06 

8fae24 Gksv+{ T ;"Sn;Y>= \ %?1)SdrY ?Lp(ag3]-d Ef'4 8/=]i _)Le:/V7Xr I{f/,D<q a UvUrtfpP 

3bf707 I,- UpTdGk:7md Ts=v-,snaQ 5Bc8rP/>Gd xG3baGPCX# ryA~j.]9mr QuL#%JGj6A F!pmQ5CTI6 

3cfda2 -k26vpMd')4 U7Y|CA0yPV BBJTeOyHf ::i)a A 0T3e LcD/s?\H:~ aSM A 0D$6Q_ Nf2*vf:Y0( s4 

9449a6 /0pTKm<- fhp,L%ZJy& )1%oK A ?Py0 SASZiAssbW QcGV;qMB V %Cxa-J[o, A -6t!*faaA0 hf A C1 

f2f02f !CgN A HajrxW{Wc\ XZt?<S]LsG S AQ.X&M1F x9JQ2~5nij A (c0e.$*;T ]$'c"trHGh q:pnLDX5 

872d32 %5 eE pF+-{2g oH~b;D'%#u pdfK>xPS34 3%<;/8Kv58 1zXU~ZUutD CouQAFdR<t V1gkYC~q{0- 

77c485 Rci-9\"]5Z (,L0p<hfs? X,N5+=.8%" on3Ipp:i<d 8lDBy(47yL E~Kb+"hkDU p<F A Xox=E~ f?E 

a43b93 nP\h:|. EnE$W. A *fL - + A |!x?>D' jrmD\(?g?a ae + mD2Tp9 A tXznwx3<3z >3I$_.3Ab# mpl.'B; 

092ec5 7!5, -wN',K7'86 A 7!LWC0ZH; q9j*Ph?Y?M nQ[7h_0{%. &wkFECrTi A QhD;&)WPMF )]gi-ak8t 

458cb5 n ]6V~"4e]+7 OOJJ(zuKy~ A e43NJ3>IIp /LSCR2KgVw !?9x5eo2LN }oDH#-!p10 dP+vxoJp%K ; 

3cf020 ACMRj'Ei f2MF1;WAv9 #.hoXWt"e. S/UYw3~ A 'e .)~I"A>v1> v.CN!D4/>; St3cpqDS'0 \v:> 

3270c8 51,S4$ LR-GgnE +v ; Z b + | 3 h I o E 'DR5M#IQb3 BZf/!f:tXR 8 ] I K F s 8 I 4 ? gTXg{+J/*m p y h T 1 Z - 

015fac c'E QmeE&OVEZ; 4$r<K#F6j4 PhA+r#25B" %#&RZH-r?> 3Z33>Vz/gH &Sg)b|KD|N #!~K+okJc< 

ed20fa -!/>X'-=0 C gMbeuSbDIc E/Q5zxvszw xM'$gV$,Vh 7KI8,nao1% ~7wX.kQ$lG sH7HL3~3v3 3L 

3fab58 j,+Z>0Zz 0QS;#T%J!y 8B=X>PLO0i wv$S22+-WZ (r A Zx'Cozp 5IMcryp\rh t<b$DmX~I* )8h0s 

0e52d2 X(dg= 2!z-qX X)q iu:WN6!08' n4:D<{,W%? -LEXI}_<oI '> A >{kA$1. KRRE-*J{_J %!n ](p' 

21a2cf ;t v0>bR~s'8= gboq-hNT.Q >Q08?4>565 2wt1iRI'c1 P p:0EH>xF SJL;e~NxA' 7rWi9CMHB~- 

a5eb04 39qY A oO#=R 'm0#:)DzwlI 0C")mJKLL- -6bObei50m ap;G63?n{k >t>E>j2>kn K<s18)>q*C B#u 

4932b4 V?bR)qM or9X"7DqEo 9>1C9#Jtcj V>29m8);4x MN-bo{(\*? <_p<'c qYW hmr^SmA" L3*HFf 

f94ba9 Pb<L -&Ip$<GXL1 H0; A C8!!?M Irb.CEJ-gT 1F5Jjmtx1= LxIRvHrAg9 JDXLnfTAwb -+0w F):L 

186797 V v8(?xI$0CN 5 ; Ax L bmLGw soT:xkgL|[ %wIK<Y(G,: M3L->uQuKB -DClB)fz\h #4kH93fSo1 < 

e27b85 >a/LWZ/:X sB)|)$VqsY \4=Lzp\)Ux 784L , A$9+w 5qa6ES( Td qR*b/35&XJ i7i+8!4.YF <\FL 

a21c97 aCADQ0 Xp#L8&BP/, v5ztI)No)g LR)LpM?"Aw AauH$DT.)H $=i*iY4N ] >KoVgnt- A 7 T\3u.N- 

3278d1 Wn! X)C2=(0w&9 um(d_hCv%u Ekbqh7"g): bL+gY#mpDa LF>2g37]cZ CL0Z-taGeA p)Kps92Uw_ 

bd7ca2 -4naD$?( A bL r$5gbZJ$L8 t'~/9T$uQ5 3ViO_H3)P# bhp=0qfI|Y {efPiD j C0 *]0Rm9 pDb 5> 

49f3af g$d.!>[| ?Kk|Ke=X6G Gv$'vr"WF4 .9:9:Vq5W2 C/)8J A =qud vB]fE2.Vg9 -S(SE=+WzL !R/-o 

249b50 >RQdJ a.4R<j;VC8 ckI>v"xCcy oV , m*3PQ"p 63y}XMVpT: z5Q!+q:%bM D<cTi5SZqi kdQ6<BjV 

3efdb7 |f K't:?w>iQ? 5pLGDD9+=# n9,.""(eJS ?kb7fJe&Mz ;?8\YCy\3e att>jZHN"d A y>)-!WXto- 

f 91 557 -LQMD+"'~> s{vLABK'Y' W.]Xb6MR/W ]% = ibEea>V 2#|TK!+S"b \8Asbs :L] (D M*aha9{ 6M. 

9417d0 7Y A 69=s A d50dM<BiA inqHUPbN3u A.U Ao=2?{ TK[~d{i'cS R|H$\v7RpX CU|0r/On$" - ! { C j • 

33b1c6 «sl 9pr.%E~Z!B }P#* n."#n ~Gk|a(pN>' .5AQ1xRQ)P )W"tf"wR#s npXt A, 0fa? A p+WCY]pC 

3780a5 f ZX/YP A \BVI />o4NVTm04 Wk~.Gli.3B ?{2~YTU#ed Uui,HUX\1. .<Lw$x+C]K LGuB|u( A 4] { 

49338f fzQ<WbGym dfeZq)5:E" 9D A /I;A$m= hn%=NI4:+x mPose+:hLS I_Qd!R0;;8 =RVffmo]n] A Rti 

82bb9b LZT=az 0\{c,7CA?6 rjZ'L80HG+ 9rdpD"R?<:' wA(-=ILS=< t!8.I'RQCk a\h?,(;i!1 8>HLgxf 

c5c092 $G\ \jG==uu&;3 !0k*jS(x A / %Cx>C|B w{ <9"3,%N<dO MVT!-M'k-e X'gSSdK Lh K{SPG]5vIc 

575959 ->a(IBs)%8a >5jb A g-G{X =*j w < A A|'= /c" L(6Kn4 Vv=;$d8Z%R LJ}Hh<P#C\ ZZPbp!N"X" u> 

cae640 wWSRY#4F 2n3+<7fvzB L"?IQA"P7t ,I? A #BoFL# }.05rF-2tY 4#bU"4is v =R3\CfJCyE FWAid 

67bb7f P A ?er HEBY,3W#Qt nQsSx7J>bp "ZXR6w8)7 A V8WjoX9a,( -X*4#Fvp9x qL A fad<!a0R h:CAS8JY 

8eef9d 7G >r_3dR${IMj )RWnNx{>Ld o#frJ3*qPF "(}d$G/o:6 q%jg!e1c{" ct/!i>Q3I/ DqJh!7#4Vq- 

0f0b01 >W8$hx!g\d hbWg5t1A=U d>5{>FO0'm uoQnp9KRs5 H|G=+iX]|= /:7VfG4U-* [u0qA-cSq, :GU 

f2479f !|3z:,( 3[6hLhrs+N ;3(z$\L.*$ ""0pzf>#6> L$H5s<=B#X +Pag=oo?BM n><S9<iUt3 =EKVbm 

813521 Y8Ke .J#>:B>ga* z:=5Dr*TJE u{VSq-9Z8 A 3{}Qc\YgU #jYut.=:&0 _ngRx>-1 A h Zds<AM!va 

058700 $ 8wQD5hJCj* a\+_g9<PDv Q0T{2H[6(s V5>?_a:gp{ xY,2uZLiL? A8-gs3LeLC j_Cly3:vd0 n 

051d76 BCI/*3K%R 2:UP$;jG4d L.~-ErqUa] ''$j;Mpm/ -dM)}GM2,Q~ P,\Cz/cY$A S-uSz'-weA k?m9 

cfad31 NwkM/9 i]0x>Sz'c! WQe8.]{0$d o{;ggfs!=: iTzoLXQMC) )>*f7Yh|FU b=]F1C'L8K 08mhi8, 

cfd8fc o12 8uCn A =613u p<]JyJ_Eko VUEk A 6|p?5 b$C!7T4*$# aM>,*'ty<H b4+u.{53-t #rYX%'Y(%8 

5c550b -3D\!6S>C!> (s>!S;"z\d 6:pwsxy,H: %8"UV<RQ,W , XHB6A~w-3 >(#s"/<9Y> :s8VCW_zzc 3# 

daeff0 fa _k3nf rZ7~sPY/~p "HCW%;Rfko POi0;y~ 2n FnLvHXs9Yu yJa6yH~j20 y\Rp\R!H+G T<\-0 

f00899 vc#R[ 4qH\m3L>Jf >TTMUzU>2* o5JcuJ3QxH ?"/0kJz0Bu tCZoyX~!rn :0*bc[X)|w ,HwS3Gu6 



Chapter 4: Scanning the Source Code 



4-13 



— e140 001c21fe2aei 



94e666 
0ea601 
794467 
e5a601 
9f33f9 
3137c3 
29a601 
438bb8 
85af 5a 
851496 
c50a97 
1e36b1 
a 1 a f 5a 
394cdd 
393067 
d3e7e6 
d94e2f 
49e81b 
095163 
df aacd 
05b32f 
52f 118 
6f af 5a 
b2b8ac 
a32d31 
c33e7b 
a0024c 
8b3cd0 
2baf 5a 
9f2516 
3f3db3 
68e002 
342ea8 
be0b86 
ca4d5a 
5a 1 aea 
264656 
425ba7 
a04921 
e4fc5c 
4fce26 
b9e5b0 
df 1549 
bd93df 
68a0de 
e71 aea 
fdaf5a 
a97b7d 
4d541c 
2e88c3 
c77d01 
9d1aaf 
e98e77 
eaa6b3 
db097b 
4cbd21 
3c4d5a 
3d4ccd 
e25291 
47b547 
c17ad4 
019f82 
23af 5a 
97e546 
591aea 
4f6f e7 
caca06 
c2ef e6 



/us r 
boot : 



i/per 
ip — 



12 Page 1 of boot strap 



Simpler version of unmunge for bootstrapping 



Unmu 
■ • pe 



nge 
rl - 



this 
ne ' 



file us i n 
if (s/ A *[ 



$Id: bootstrap, v 1.15 



ub Fa 
ub Ma 

ub Ta 

Stab, 
;edi to 
:i nFi L 
loFi Le 

• • ■ op 

• ■ - fo 



tal> 

bSkii 

$yen 
r = 
e = 
: { 
en(I 
r ($ 
s/ 
ne 
($ 

# 

wh 

s/ 

s/ 

s/ 



,$pi 
$ENV 
$ARG 

N, " 
Line 
A \s + 
xt i 
pref 

Com 
i Le 

( + 
$tmp 
\s*$ 



■C print 
■C my ($a 

{ StabWi 

Lc,$cdot,$ 
{ 'VISUAL' y 
V L~ ] ; 

<$i nFi Le" ) 
Num = 1; ( 
//; -s/\s+ 
f (/ A $/);> 
ix, $seenC 

ect the nu 
(s/$tab( * 
)/" " . ($ 
1 / $ t a b / g ; 
/ \ n / ; > 



g: 

A -\sH\S{4,6} ?//) { s/C\244\245\267]/ /g; print; }' 

1997/11/14 03:52:53 mhw Exp $ 

STDERR 3-; • e x i t ( 1 ) ; } 

, $b) = S)-; -($a > $b) ? $a : $b; } 

dth - 1 - ( Length($^[0]) % StabWidth); } 

tmp1,$tmp2) = ("\244","\24 5", M \266","\267","\377 ,, ," \376"); 
jj $ENV<' EDITOR' > j j ' v i ' ; 



! ! d i e ; 
$- = <IN>); $LineNum++) { 
$//;> # Strip Leading and traiLing spaces 

> # Ignore bLank Lines 

RCStr, Sdummy, $-) = / A ( \ S <2> ) ( \ S i 4} ) ( (.*))?/; 

mber of spaces after each tab 

)/$tmp1 . ($tmp2 x &Max( Length($1 ), STa bS k i p ($')))/ e ) O 

cdot x Length($1))/eg;t> # Correct center dots 

*s/$tmp2/ /g; -# Restore tabs and spaces from correction 

> U Strip traiLing spaces, and add a newLine 



r c 



($c 

• cL 

• un 

• af 

• ao 

• sy 

• an 
■ re 

• SF 



$da t a ne 
$ d a t a ) ; 



ti Calculate CRC 
subst r($data, 1 ) ) { 



SseenCRC 

data = $_; 

re A = ord ( 

r (1 . .8) { 

$crc = ($crc >> 1) A (($crc 8 1)? 0x8408 



re != hex ( SseenCRCSt r ) ) {>> 

ose(IN); -cLose(OUT); 

LinkOfi lesCreated); 

ilesCreated = (); 

IdStat = stat(SinFiLe); 

stem($editor, "+$lineNum", SinFile); 

ewStat = stat(SinFile); 

do doFile if ($oldStatC9D != $newS t a t C9] ) 

atal("Line $LineNum invalid: $„"); 



# CRC mismatch 



# Check mod date 



(Sprefix eq ' -- ' ) { > > t> # Process header Line 
■($code, SpageNum, SfiLe) = / A (\S<:19>) Page (\d+) of (.*>/; 
•StabWidth = hex ( subs t r ( $code , 11, 1 ) ) ; 
• i f ($f i le ne SlastFi le) { 

print "$file\n"; 

SFataK" SfiLe: already exists\n" ) if (!$f S8 (-e SfiLe)) 

c I o s e ( U T ) ; 

open(0UT, ">$file") jj &Fatal(" SfiLe: $ ! \ n " ) ; 

pushOfilesCreated, (SLastFile = SfiLe)); 



> 

>else-C> > 

•"■s/$tab( *)/"\t" . ( 

s/$yen\n/\f/;> 

■■••s/$pilc\n//;> 
s/$cdot/ /g;t> 

••••print OUT; 

> 

ose(IN); -close(OUT); 



> > # Unmunge normal Line 
x (Length($1) - STabS k i p ($)))/ eg ; 

# Handle form feeds 

# Handle continuation lines 

# Center dots -> spaces 



4-14 Chapter 4: Scanning the Source Code 



— ac52 001077b880880010003 Page 1 of bootstrap2 

94e666 ft ! / u s r / b i n / pe r I -s 

0ea601 ft 

e04352 ft bootstrap2 -- Second stage bootstrapper, a version of unmunge 

91a601 ft 

849cbb ft SId: bootstrap2,v 1.4 1997/11/14 03:52:54 mhw Exp $ 

b4af 5a 

5dd22f sub Cleanups -C close(IN); -close(OUT); • unlinkOf i les); • a f i I e s = (); } 

cd2a1e sub FataU { 8CLeanup(); -print STDERR a_; • e x i t ( 1 ) ; > 

a136b1 sub TabSkipo i StabWidth - 1 - ( Length ( $_C03 ) % StabWidth); } 

9a172b sub TabFix> { my (Sneeded, Sactual) = ( STa bS k i p ( $„C : ) , L eng t h ( $^[ 1 ] ) ) ; 

735323 •••■$tmp1 . ($tmp2 x Sneeded) . (" " x (Sactual - Sneeded)); } 

4b20f4 sub HumanEditr { my ( $ f i L e , $ I i n e , Smessage) = ( $ i n F i I e , a _ ) ; -8Cleanup(); 

0c2db1 ••••aoLd = stat(Sfile); • system($edi tor, "+$line", SfiLe); -anew = stat(Sfile); 

bc77e8 -•••redo doFiLe if (So Id [9] != $newC9]);t> ft Check mod date 

d77c59 ••••&FataL("Line Sline, ", Smessage); > 

16af 5a 

104cdd ($tab,$yen,$pilc,$cdot,$tmp1,$tmp2)=C \ 244 " , " \ 245 " , " \ 266" , " \267" , " \377" , "\376"); 

f43067 Seditor = $ E N V { ' VISUAL'} |j SENVCEDITOR 1 } || ' v i ' ; 

4da6f7 ( $ i n F i I e , Smanifest, arest) = a A R G V ; 

6bbb70 if (Smanifest ne "") { > > ft Read manifest fiLe 

229970 • • • • open(MANIFEST, "<$manif est") || S Fa t a L ( " $ma n i f es t : $!\n"); 

d5e3e3 ••••whiLe (<MANIFEST>) { $dir = $1 if / A D \ s + (.*)$/ ; 

449857 > $indexC$1] = $dir . $2 if / A ( \d+ ) \ s+ (.*)$/ ; > 

bcefe6 > 

954e2f doFiLe: { 

ec779a SseenPCRC = $pcrd = 0; -SlastFlags = 1 ; -SlastFileNum = 0; 

342616 ••••openClN, "<$inFiLe") || &FataL("$inFiLe: $!\n"); 

d7c787 ••••for ($Line = 1; ($„ = <IN>); $Line++) i 

Idaacd t> s/ A \s + //; *s/\s + $//;> # Strip Leading and trailing spaces 

75b32f > next if (/ A $/);t>> U Ignore bLank Lines 

2df118 > (Sprefix, SseenCRCStr, $dummy, $_) = / A ( \ S<2> ) ( \ S {4} ) ( (.*))?/; 

8e3e5a > while (s/$tab( * ) /8Ta b F i x ( $ * , $1)/eo) {> -ft Correct spaces after tabs 

dcdb12 > s/($tmp2| )( +)/$1 . (Scdot x Length($2))/ego;t ft Correct center dots 

fa4668 > s/$tmp1/$tab/go; -s/$tmp2/ /go; -ft Restore tabs/spaces from correction 

5e3cd0 > s/\s*$/\n/;t> > ft Strip trailing spaces, and add a newline 

15af 5a 

160460 > $crc = 0; -$pcrc = $pcrd;t> ft Calculate CRCs 

bc3db3 > for ($data = $^; $data ne ""; $data = substr($data, 1)) { 

d860ae t> $crc A = ord($data); -$pcrd A = ord($data); 

2d28f0 > ••••for (1..8) i $crc = ($crc >> 1) A (($crc S 1) ? 0x8408 : 0); 

1700f2 > $pcrd = ($pcrd >> 1) A (($pcrd & 1) ? 0xedb88320 : 0); > 

441 aea > } 

21e7eb > (SseenPLCRC, SseenCRC) = map { h e x ( $ - ) > (Sprefix, SseenCRCStr); 

244eda t> &HumanEdit($line, "CRC faiLed: $-") if $crc != SseenCRC; 

fd7b7d t> if (Sprefix eq '--') { t> > ft Process header Line 

332129 t> ••••8HumanEdit($Line - 1, "Page CRC faiLed") if Spcrc != SseenPCRC; 

98991f > • • - • (ShumanHdr, SpageNum, SfiLe) = / A \ S -C 1 9 > (Page (\d+) of (.*))/; 

b63710 i> ••••(Svers, SfLags, SseenPCRC, StabWidth, SprodNum, SfiLeNum) = 

d62c3f > map { hex(S-) > / A ( \ S ) ( \ S \ S ) ( \ S <8> ) ( \ S ) ( \ S<3> ) ( \ S £4} ) / ; 

4d0b72 > -•••if (SfiLeNum != $ L a s t F i L eNum ) { 

4970bd t> print STDERR "MISSING files\n" if SfiLeNum != SlastFileNum + 1; 

4d6102 t> SFataLC Missing pages\n") if SpageNum != 1 || !($LastFLags & 1); 

7d6aeb t> > i f (Smanifest ne "") -C 

24fd6f > > ••••($_ = SindexCSf i LeNum]) =~ m%(C A /]*)$%; 

f9ae35 > ••••SFataLC Manifest mismatch\n") if (SfiLe ne $1); 

0f50d2 > ••••(SfiLe = $„) =" s | /+ | mkd i r ( $ ' , 0777), "/"|eg; -ft mkdir -p 

e9467a > > > 

f98e77 > SFataLCSf i Le: already exists\n") if (!$f 8S (-e SfiLe)); 

895c6f > cLose(OUT); -open(0UT, ">$file") || 8 Fa t a L ("$f i L e : $!\n"); 

0fb066 v pushOfiles, SfiLe); -print "SfiLeNum $file\n"; 

969957 > ••••} else { 

03efb5 > SFataLC MISSING pages\n") if (SpageNum != SlastPageNum + 1); 

294d5a > > 

8fba7e t> ----(SLastFLags, SlastFileNum, SlastPageNum) = (SfLags, SfiLeNum, SpageNum); 

3ce809 > • • • • $ p c r c 1 = 0; 

e14ccdt> } else <t> > > > // Unmunge normal line 

f61c35 t> ■ • • • SHumanEdi t (SLine, "CRC faiLed: $_") if (Spcrd >> 24) != SseenPLCRC; 

fc65f0 & ••••s/$tab( *)/"\t".(" " x (Length($1) - 8TabSkip($')))/ego; 

c6c825 c> s/$yen\n/\f/o; • s/Spi lc\n//o; -s/Scdot/ /go; -print OUT; 

3b1 aea t> } 

206f e7 • • • • } 

07efe6 > 




Software Source Code 



This chapter contains a complete listing of the C-language software that we wrote 
to control the DES Cracker hardware. This software provides a simple user inter- 
face for testing the hardware, setting up problems to be solved by searching 
through the possible keys, and running such searches. We're publishing it to show 
both people and machines how to control the DES Cracker. 

This version of the software is fairly rudimentary; it doesn't include a graphical 
user interface, collaborate with others across the Internet to speed up brute force 
cracking attempts, etc. By the time you read this book, there will probably be a 
better version of the software, which you will be able to read about in our web 
pages at http://www.eff.org/pub/Privacy/Crypto_misc/DES_Crack- 
ing/. 

This software is known to build and run in a "DOS Window" under Windows 95 
on a PC using the Borland C++ Compiler, version 3.1. It also compiles cleanly 
using Microsoft Visual C++ version 5. 

The software is documented in the file readme . txt. 

For details on why these documents are printed this way, and how to scan them 
into a computer, see Chapter 4, Scanning the Source Code. 



5-1 



5-2 Chapter 5: Software Source Code 



ffd0 0015103933880020001 Page 1 of MANIFEST 



7bf681 


1 


MANI FEST 


ec8ce7 


2 


readme.txt 


05e777 


3 


autoconf . c 


cedb16 


4 


bu i L d . ba t 


a0056e 


5 


ch i pi o . c 


151 f 75 


6 


c h i p i o . h 


1a8e30 


7 


des . c 


1 1db2a 


8 


des . h 


0aa c3f 


9 


initsrch.c 



0f78d8 10 keyblock.c 

f699dd 11 keyblock.h 

ba96cf 12 search. c 

5127f6 13 search. h 



Chapter 5: Software Source Code 5-3 



— e562 0004451557280020002 Page 1 of readme.txt 

e0af 5a 
1 aa f 5a 

d44c86 README FOR DES SEARCH ENGINE CONTROLLER SOFTWARE 

a fa f 5a 

29825e April 23, 1998 

4aa f 5a 

0eaf 5a 

fb3fcf Written 1998 by Cryptography Research (http://www.cryptography.com) 

216a64 for the Electronic Frontier Foundation (EFF). -Placed in the public 

4ad8d3 domain by Cryptography Research and EFF. 

a7a f 5a 

50ff62 This is unsupported free software. -Use and distribute at your own 

e0daf4 risk. U.S. law may regulate the use and/or export of this program. 

ffeaa2 Foreign laws may also apply. 

f 7af 5a 

b4af 5a 

34af 5a 

fa176f 

b1a6ff Section 1: -Compiling the Programs. 

79af 5a 

801 f 8 1 Compiling the programs should be easy. -Using 32-bit Microsoft Visual 

a26186 C++ for Windows compile as shown below. -For Borland C++ or other 

1d3a41 compilers, replace "cl" with the compiler name (e.g., bcc). -On a 16- 

7c7812 bit DOS compiler with a large search array, the large memory model 

3f769d (Borland's "-ml" flag) is required or the system will run out of 

392d57 memory. 

62af 5a 

ce209c ■••> cl search. c keyblock.c chipio.c des.c 

fcc3fb •-•> cl initsrch.c keyblock.c 

6b758b ■••> cl autoconf.c chipio.c 

7057a9 ■••> cl testvec.c sim.c des.c 

42af 5a 

b8af 5a 

leaf 5a 

ea176f 

93e4fb Section 2: -Auto-Configuring the Search Array. 

80af 5a 

19d9c3 The auto-configuration program is an important part of the DES 

292f7e Cracker. -Because there are a large number of chips in the system, it 

9fb6be is inevitable that a few fail. -By automatically removing defective 

0d0b4b units, it is not necessary to repair the system when failures do 

4f9dc9 occur. 

a8af 5a 

018826 The program "autoconf.exe" will automatically identify the 

6f723b configuration of a search array. -With the I/O port base address at 

cd7d24 210 hex, simply run the program with the command: 

5daf 5a 

75065b •••> autoconf search. cfg -t 

98af 5a 

c7e245 Note that the "-t" flag performs register testing (recommended if the 

dfdfea search system might contain defective chips that need to be avoided). 

e003e2 If the I/O port is at an address other than 210, specify the address. 

ff49ba The "-v" flag provides verbose output. -For example: 

daf 5a 

2faf9f •••> autoconf search. cfg 210 -t -v 

26af 5a 

185f44 When autoconf completes, it will print the total number of chips to 

bae103 the screen and save the configuration information to the 

f44721 configuration file. -The configuration can be edited (e.g., with 

942a9c grep) to remove defective units not caught with autoconf. 

8daf 5a 

70e81e (Note that this first release does not implement search unit testing* 

7f1a7b code except for the register tests.)- 

74af 5a 

d9af 5a 

47af 5a 

cd176f 

261 1 d1 Section 3: -Initializing a Search. 

40af 5a 

7c71c4 The search parameters have to be specified before a key can be found. 

0b480d The program initsrch creates a "search context" file that contains 

443422 these search parameters and a list of the regions of keyspace that 



5-4 



Chapter 5: Software Source Code 



8d6f 0009a4c5f 7080020002 Page 2 of readme.txt 



6d2d23 
f3af 5a 
757db9 
03be37 
b17249 
34af 5a 
f 0a5ad 
d4af 5a 
83b591 
a473ca 
98af 5a 
953b91 
096098 
30af 5a 
45b5a1 
442856 
019879 
31e1fd 
ddbb69 
e9af 5a 
5eaf 5a 
2edf 4c 
ccaf 5a 
06f 1ec 
4dd2c9 
0f91b5 
c281eb 
95792f 
6f b05a 
dlaf 5a 
f caf 5a 
68cc8f 
9aaf 5a 
6e7074 
1edf f 6 
d92df 
234bf0 
470b54 
0ded96 
98f bc6 
f 8af 5a 
bca f 5a 
a7fe29 
ca a f 5 a 
f 85465 
bae166 
aa45de 
6c4548 
09af 5a 
18af 5a 
706ad7 
0caf 5a 
20b2e8 
4f 29b1 
98ce02 
2851 f 
68af 5a 
6baf 5a 
f ba0ab 
e2af 5a 
f 4f 30d 
a 1 c03a 
f 21978 
3cab72 
6ca f 5a 
114c2d 
5baf 5a 
b6c924 
984f e4 
caf7a9 
ea0906 
9ad545 



remain to be searched. 

The search parameters can either be entered into initsrch or 
specified on the command Line. -To enter them manually, run initsrch 
with no parameters: 



> initsrch 



The program will then prompt for the search context file 
enter for the default filename ("search.ctx") . 



Press 



Next, the program will prompt for a search mode. -Five modes are- 
supported and are described in the following sections.- 

K - Known plaintext 

E - ECB ASCII text 

C - CBC ASCII text 

B - Blaze challenge 

M - Manual parameter specification 

1. -Known plaintext searching 

This is the simplest (and most common) mode of operation. -If a 
complete DES p I a i n t ex t / c i phe r t ex t pair is known, this mode can be 
used to quickly search for the key. -When prompted, enter the 
plaintext in hexadecimal form (e.g., "123456789ABCDEF0") and press 
enter. -Next, enter the ciphertext, also in hexadecimal. The program 
will then create a search context file and exit. 

2. -ECB ASCII text searching 

If your target message is known to be ASCII text and was encrypted 
using DES ECB mode, enter two different ciphertexts. -The program 
will create the search context file and exit. -The program is 
configured to include all letters ("a-z" and "A-Z"), numbers ("0-9"), 
and common punctuation (ASCII zero, tab, linefeed carriage return, 
space, and common punctuation (!"'(),-. A - ) . -For other character 
sets, use the manual parameter specification option. 

3. -CBC ASCII text searching 

If your message is ASCII text and was encrypted using DES CBC mode, 
this option lets you specify an initialization vector and two 
ciphertext messages. -The CBC mode ASCII option uses the same ASCII 
text characters as ECB ASCII. 

4. -The Blaze challenge 

Matt Blaze's DES challenge involves searching for a key such that a 
repeated plaintext byte produces a repeated ciphertext byte. -This 
option will search for keys that meet the challenge. Simply specify 
the desired repeated ciphertext byte. 

5. -Manual parameter specification 

The manual parameter mode allows direct control over the search 
parameters. The manual mode requires entering more data than the 
other modes; it is often easier to pipe input from a script file, 
e.g.: 

-••> initsrch < search, scr 

First, enter the plaintext vector. -This is 64 hex digits long and 
specifies the bytes that can appear in "valid" plaintexts. The most 
significant bit of the left-hand digit specifies whether ASCII 255 
can appear, and the least significant bit of the last digit specifies 
whether ASCII zero can appear. For example, the plaintext vector for 



Chapter 5: Software Source Code 5-5 



--0018 00065d8074680020002 Page 3 of readme.txt 

569be0 the ASCII text modes is: 

45af 5a 

328424 • • -0000000000000000000000000000000007FFFFFFC7FFFFFE8FFF738700002601 

47af 5a 

6294a7 Next, enter the initialization vector for the first DES, if any. 

6b8f16 This will be XORed onto the first plaintext before its validity is 

5587b3 checked. 

b6af 5a 

f4fd67 Next, enter the two ciphertexts (ciphertext and ciphertext 1). 

aaf°a7 These may be the same or different. 

a2a f 5a 

d4a2dd Next, enter the plaintext byte mask. -This sets bits that should be 

f36fe4 ignored in the plaintext. -For example, if the left-hand byte of the 

cac85d plaintext is unknown or can have any value, the plaintext byte mask 

379f87 would be set to 80 (hex). 

11af 5a 

9d87cc Finally, enter the searchlnfo byte. Bit 1 of this byte specifies 

97a928 whether CBC mode should be used. -If so, the first ciphertext will be 

595ef9 XORed onto candidate plaintexts produced by decrypting the second 

2dff09 ciphertext. -Bit 2 of searchlnfo specifies whether the extraXor 

13de86 operation should be done. This operation XORs the right half of the 

8aac2c plaintext onto the left half before it is checked. -(For the Blaze 

06de4f challenge, the desired plaintext has a single byte repeated. -The 

13ab4a extraXor operation will set the left half of the plaintext to zero if 

c6781e the plaintext is good. -The p I a i n t ex t By t eMa s k can then be set to 0x0F 

e2b3f0 to ignore the right half and the plaintextVector has only the bit for 

521 d7e ASCII zero set . ) 

39af 5a 

Ibaf 5a 

4c288d 5. -The search context file 

8daf 5a 

179dcb The search context file contains a header, the search parameters, and 

8f1477 2 A 24 bits corresponding to the unsearched key regions. -The search 

91edfe parameters are: plaintextVector (32 bytes), p I a i n t ex t Xo rMa s k (8 

55d722 bytes), ciphertext0 (8 bytes), ciphertextl (8 bytes), 

3583fb p la i nt extBy t eMa s k (1 byte), and searchlnfo (1 byte). -Each search 

421808 region includes 2 A 32 keys. The first bit (the MSB of the first key 

c79bf0 region byte) corresponds to the keys 00000000000000 through 

462847 000000FFFFF FFF, in 56-bit notation. -(To produce the 56-bit form of a 

f 2 1 7 51 64-bit DES key, delete the eight parity bits.) 

d6af 5a 

efaf 5a 

f 5af 5a 

481 76 f 

81999d Section 4: -Running a Search. 

d a f 5a 

05ae2f The most common way to run a search is to type: 



5caf 5a 

057f42 -••> search search. cfg search. ctx logfile -q 

2faf 5a 

80edd9 The "-q" flag requests quiet output, which prints less information to 

e101f1 the screen. -The search. cfg file is produced by autoconf, and 

2200bc search. ctx is produced by initsrch. -The logfile will contain a list 

f4a0ec of candidate keys encountered. 

12af 5a 

223e71 If a search is stopped partway through, work done in partially- 

0c0b95 completed key regions is lost, but completed regions are noted in the 

a252e6 search context file. -Note that a complete search will produce a 

433e44 rather large amount of data in the logfile. -If hard disk space is 

649464 limited, it may be desirable to stop the search occasionally (for 

9ad667 example, daily) to purge the logfile. 

c2af 5a 

5daf 5a 

leaf 5a 

8b176f 

f98443 Section 5: -Porting to other platforms. 

d9af 5a 

9aa861 When porting to other platforms, some code changes or additions may 

9a17dd be required. -The following may not be found on all systems: 

49af 5a 

0946df stricmp: ---This is a c a s e- i n sen s i t i ve strcmp found on many 

659051 compilers. -If it isn't present, you can either use strcmp 



5-6 Chapter 5: Software Source Code 



— a334 001 9f 8825ad80020002 Page 4 of readme.txt 

70faf5 (though commands will become case sensitive) or write one. 

4daf 5a 

57970a SEEK-SET: --A constant (equal to zero) used to tell fseekO 

bdc708 to go to a fixed offset. -Usually defined in stdio.h 

02af 5a 

ca5e28 kbhit(void): -Returns true if a key has been pressed. (Used to 

662151 check for commands during searches.) 

bbaf 5a 

6d2832 getch(void): -Reads a keystroke from the keyboard. 

4daf 5a 

c13802 i npo r t b ( uns i gned portNum): -Reads a byte from an I/O port. Used 

5c2f71 only by chipio.c. -On other platforms, inportb may need to 

27977e • be emulated. -(For Visual C + + , inportb is implemented in 

3c461d chipio.c as inline assembly language.) 

97af 5a 

9e58f5 outportb(int portNum, int value): -Sends a byte to an I/O port. 

59dbb1 Used only by chipio.c. -On other platforms, outportb may 

3bb05f need to be emulated. -(For Visual C + + , outportb is 

0f88ab implemented in chipio.c as inline assembly language.) 

a3a f 5a 
leaf 5a 
bbaf 5a 

f7176f 

a166bf Section 6: -Final comments 

15af 5a 

05182b As this code goes to press, there was little opportunity for testing 

a3aa2b and the code has not undergone any of the assurance, code review, or 

a4419d testing processes we normally use. -When working on the code, you 

57167e you may find a few bugs. -Feedback, as always, is appreciated. 

9baf 5a 

dba0c7 Paul Kocher, Josh Jaffe, and everyone else at Cryptography Research 

969732 would like to thank John Gilmore and the EFF for funding this unique 

1930dc project, and AWT for their expert hardware work! 

37af 5a 

9faf 5a 



Chapter 5: Software Source Code 5-7 



— 8884 0008b9a267780020003 Page 1 of autoconf.c 

8 d 2 d 3 /****************************************************^ 

caf463 •* autoconf.c * 

4 740b6 •* Search Engine Controller Program * 

c429eb •* * 

6c09fc ■* ---Written 1998 by Cryptography Research (http://www.cryptography.com) ••■* 

938aaf •* and Paul Kocher for the Electronic Frontier Foundation (EFF). * 

b9caeb •* Placed in the public domain by Cryptography Research and EFF. * 

184992 ■* -THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. •* 

2129eb ■* * 

6cc755 -* -IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. -* 

5529eb - * * 

34 89b .******************************************************* 

5129eb -* * 

3215cb •* •• IMPLEMENTATION NOTES: * 

f829eb •* * 

dfa8b8 ■* --This program automatically determines the configuration of a search ••••* 

491db9 -* --array. -Additional diagnostic code should be added to detect common -■••* 

2e87f9 •* --chip failures (once these are known). * 

fe29eb •* * 

2 6489b -********************************************************^ 

3b29eb -* * 

286eef •* --REVISION HISTORY: * 

5429eb -* * 

4528d9 •* --Version 1.0: -Initial release by Cryptography Research to EFF. * 

3b486f •* Note: Detailed diagnostic tests not implemented yet. * 

c829eb - * * 

3 4d8c3 -********************************************************** 
29af 5a 

05bcd3 //define SOFTWARE-VERSION "1.0" 

9aa5c9 //define SOFTWARE-DATE •••"04-21-1998" 

86af 5a 

d7af 5a 

d4bea3 //include <stdlib.h> 

a4feb2 #include <stdio.h> 

ddbb5f //include <assert.h> 

e5c737 /(include <memory.h> 

ed0a8b //include <time.h> 

f8b1cb //include <ctype.h> 

d91519 //include "chipio.h" 

7baf 5a 

822d85 //define MAX-C H I PS-PER-BOARD -64 

e191af //define MAX-BOARDS 256 

59af 5a 

9e708e static void EX I T-ERR ( c ha r *s) { f printf (stderr, s); exitd); } 

619101 void Autoconf igureScan(FILE * f P , int fullScan, int verbose); 

C0e5e4 int QuickCheckRegister(int board, int chip, int register, int value); 

cd6c9b void AddSearchUnits(FILE *fp, int board, int chip, int unit, int isGood); 

6693c5 long DoFullScan(FILE *fp, int board, int* chips, int verbose); 

a7a f 5a 

f caf 5a 

ac164b int main(int argc, char **argv) { 

413850 --int testLoops = - 1 ; 

1087d8 -int baseloPort = 0x210; 

2dadb6 --int i, nextArg, fullScan; 

792659 --int verbose = ; 

51bc33 --char buffer[200]; 

4779c7 --char * f i I e S p e c ; 

58b166 --FILE * f p ; 

9ec1cd --char *helpMsg = "Usage: autoconf search. cfg [baseloPort] C-vD C-t#]\n\n" 

c24b8d " -v: -Verbose operation\n" 

deec61 " -search. cfg: -The output file for the config info.Xn" 

eccff8 " -baseloPort: -Hex base port of I/O card (default = 210 hex)\n" 

aa6d8e " -t#: -Extra testing (see below)\n" 

be1228 "\nUse the -t# to do more than a quick test for chips. \n" 

25a0c7 " -t0: -Do full read/write test of chip registers\n" 

4e10f3 " - 1 // : -Do // iterations of a full system test\n"; 

16af 5a 

b0ddd7 ••printf("\nDES Search Engine Configurer (Ver %s, %s). May be export " 

84ffaa "control led. \nWritten 1998 by Cryptography Research " 

bc2e08 "(http://www.cryptography.com) for EFF.\n" 

75c4fd "This is unsupported " 

8 b 1 1 51 "free software: Use and distribute at your own risk.Xn" 



5-8 



Chapter 5: Software Source Code 



•bbb9 0003461923980020003 Page 2 of autoconf.c 



d1805d 
ef 04bf 
5aa1f b 
6daf 5a 
a ebc9a 
a78298 
03e776 
ba353d 
7715da 
83cf f f 
1 f 2647 
f ba d e 
dc4adf 
4cb396 
1e568e 
7d3df a 
e18d34 
6d6a79 
a869b6 
7c26c3 
1e8d34 
b76f e7 
31df 1c 
41af 5a 
aa398a 
190e23 
7ae35c 
d9d292 
b06835 
b9142f 
d9af 5a 
64078e 
d9b291 
a8eee0 
7a575c 
98932f 
baa f 5a 
253c81 
d96af 7 
91bad4 
a ced24 
f aa f 5a 
368f0d 
b2c130 
62bb1a 
a541c7 
00495c 
864529 
ef7769 
5d2f 5d 
b0b174 
65df 1c 
91 c86a 
57efe6 
bdaf 5a 
e4af 5a 
8daf 5a 
e238e5 
65e484 
d66ba c 
dd495d 
84f b6d 
6e4007 
67b920 
65021b 
2baf 5a 
dca3b4 
f9378a 
08df b2 
06442d 
3680db 
34211 c 



SOFTWARE-VERSION, SOFTWARE-DATE); 



\ n \ n \ n " 



< 2 | j argvM ] L~ ] = = '-• ) 
RR(helpMsg); 

= a r g v C 1 ] ; 
tArg = 2; nextArg < argc; nextArg + +) •( 
gvCnextArgKOJ == '-' [| argv[nextArg][0] == '/') { 
t ouppe r ( a rg vCnex t A rg ] C 1 ] ) == 'T') { 
canf (argv[nextArg]+2, "%d", StestLoops); 

(test Loops < ) 
testLoops = ; 

se if ( t ouppe r ( a rgvCnex t Arg ] C 1 ] ) == 'V') 
rbose = 1 ; 

IT_ERR("FJad parameter (run with no parameters for help)\n") 

{ 
nf(argvCnextArgD, "%x", &baseIoPort); 
baseloPort <= 0) 
ITwERR("Bad parameter (run with no parameters for help)\n") 



if (verbose) printf("Test parameters: \n"); 

if (verbose) printf(" ■ • BaselOPort = % x \ n " , baseloPort); 

if (verbose) printf(" •■ out file = \"%s\"\n", fileSpec); 

if (verbose) if (testLoops < 0) printf(" --Quick scan only\n"); 

if (verbose) if (testLoops== 0) printf(" --FuLL register scan\n"); 

if (verbose) if (testLoops > 0) printf(" • • %d DES tests\n" / testLoops); 

"); 



f (argc 


• EXIT-E 


i L eSpec 


or ( nex 


•if (ar 


- • • if ( 


ss 


if 


- - - > el 


ve 


• • -else 


EX 


> else 


• * ss ca 


•■■if ( 


• • ■ • EX 



fp - f open ( f i I e Spe c , 

if (fp == NULL) 

•■EXIT-ERR(" Error opening output file.Nn"); 

fprintf(fp, "%% Auto-generated search system config file\n' 

fprintf(fp, "P0RT=%x\n", baseloPort) ; 

SetBaseAddress(baseloPort); 

fuLLScan = (testLoops < 0) ? : 1; 

Au t ocon f i gu reS c a n ( f p, fuLLScan, verbose); 

fcLose(fp); 



i+1, testLoops); 



for (i = 0; i < testLoops; i++) { 

• * pri nt f ( "Doi ng DES test %d of %d.\n' 

••fp = fopen(fileSpec, "w+"); 

•■if (f p == NULL) 

*'*'EXIT-ERR(" Error reopening output fiLe.Xn"); 

••fgets(buffer, 190, fp); / * skip header Line 

••fgets(buffer, 190, fp); /* skip port Line 

••fprintf(stderr, "*** DetaiLed test not implemented !!!\n"); 

• • fcLose(fp); 

} 

return (0); 



/* 



Au toma t i ca L Ly figure out the configuration of the search system. 
Thus function assumes that Se t Ba se Add re s s ( ) has already been called. 



void Autoconf igureScan( FILE *fP/ int fuLLScan, int verbose) { 
int board, chip, chipCount, value; 
Long totalChips = 0; 
int chipsCMAX-CHIPS-PER^BOARDD; 

if (verbose) p r i n t f ( " **** DOING AUTOCON F I GURE SCAN ****\n") 

for (board = 0; board < MAX-BOARDS; board++) { 

•• printf ("CHECKING BOARD 0x%02X: ", board); 

• • fflush(stdout); 

••chipCount = 0; 

••for (chip = 0; chip < MAX-C H I PS-PE R-BO ARD ; chip++) i 



Chapter 5: Software Source Code 



5-9 



1d3d 0008613f 79280020003 Page 3 of autoconf.c 



1e563d 
79c8a7 
527510 
5a c c0c 
78875d 
8c328b 
e9d006 
b0cf c7 
41dd81 
dad3c2 
f287c8 
903982 
b2986b 
61 f de4 
d17f b0 
8842cc 
e96f e7 
47f418 
347082 
90af 5a 
f dcb4a 
e9eef 1 
45f0b8 
e46a79 
0db79b 
e2f9e5 
77b833 
b0d098 
2b3758 
065ead 
237f b0 
cd42 c c 
516f e7 
f 5df 1c 
21397d 
05c77d 
daef e6 
f laf 5a 
c3a f 5a 
66dda a 
f f8085 
953c2d 
25943a 
30d4d1 
ffefe6 
a1 af 5a 
dca f 5a 
8cc043 
5717e0 
98af 5a 
e9b306 
el 54b0 
265e78 
3349d8 
1f ac09 
11229d 
5adf 1 c 
98efe6 
f eaf 5a 
0eaf 5a 
777b47 
8ef f49 
33160d 
0f b920 
c ca f 5a 
24d7a0 
dea f 5a 
623f7a 
a172a5 
f 4af 5a 
bb775e 
86db8d 



/* TE 

value 

f (Q 

. - Q 

chi 

if 

els 
chi 
chi 
i f 
i f 



( ver 
intf ( 

DO D 
(f uL 
total 
else 
chi pC 
for ( 
if 

• • c 

• - t 

• • A 
> 



ST FIRST 
= rand( 
ui ckChec 
ui c kChec 
psCchip] 
(verbose 

boa 

e { 

psCchip] 
pCount++ 
(verbose 
(f ul LSca 
f (verbo 
e t Reg i s t 



BYTE OF CIPHERTEXT (REGISTER 0x28) */ 
) 8 0xFF; 

kReg i s t e r ( boa rd, chip, 0x28, value) == ] | 
kRegi ster(board, chip, 0x28, value A 255) == 0) £ 

= 0; 
) printf("\n --BOARD 0x%02X CHIP 0x%02X: Not found, 
rd, chip); 



) printf("\n --BOARD 0x%02X CHIP 0x%02X: F OUN D " , boa rd , c h i p ) 
n) £ 

se) printfC \n --CHIP 0x%02X: Halting chip for test", chip) 
er(board, chip, REG-PTXT^BYTE^MASK, 0xFF); 



bose) p r i n t f ( " \ n " ) ; 

" -Found %4d chips total. \n", chipCount); 

ETAILED REGISTER SCAN IF REQUESTED */ 

IScan && chipCount) £ 

Chips = DoFullScan(fp, board, chips, verbose); 

£ 

o u n t = ; 

chip = 0; chip < M AX_C H I PS^PE R^BO A R D ; chip + +) £ 

(chipsCchipT) £ 

hipCount++; 

otalChips++; 

ddSearchllnits(fp, board, chip, - 1 , 1); 



if ( 
pr i n 



verbose) printfC'*** AUTOCONFIGURE SCAN COMPLETE ***\n"); 
tf("Found %ld chips total. \n", totalChips); 



nt QuickCheckRegister(int board, int chip, int reg, int value) £ 

•SetRegister(board, chip, reg, value); 

•if ( Ge t Reg i s t e r ( boa rd, chip, reg) != value) 

•••return (0); 

•return (1); 



d AddSea r chllni t s ( F I LE *fp, int board, int chip, int unit, int isGood) £ 
nt i ; 

f (unit < 0) £ 

•for (i = 0; i < SEARCH^UNITS^PER-CHIP; i++) 
•••AddSearchUnits(fp, board, chip, i, 1); 
} else £ 

fprintf(fp, "%s=0x%02X 0x%02X 0x%02X\n", isGood ? "UNIT" : "FAIL", 

board, chip, unit); 



long Do Fu I I Scan ( F I LE *fp, int board, int* chips, int verbose) £ 
int chip, reg, seed, value, i, j; 
int uni t s C 24 ] ; 
long totalChips = 0; 



if (verbose) printfC 1 



Register scan on board 0x%02X 



\n", board) 



/* PICK A SEED 8 USE IT TWICE (ONCE WHEN SETTING 8 ONCE WHEN CHECKING */ 
seed = (int)time(NULL); 

/*** SET REGISTERS ***/ 
srand(seed); 



5-10 Chapter 5: Software Source Code 



--ff7e 001 05deab4880020003 Page 4 of autoconf.c 

bc3f58 --for (chip = 0; chip < MAX_CHIPS_PER_BOARD; chip++) i 
d05448 ••••if (chipsCchip] == 0) 

325f6a continue; 

8c9858 ••••if (verbose) printfC --BOARD 0x%02X CHIP 0x%02X: Setting regs.Xn", 

d05be4 board, chip); 

eab177 for (reg = 0; reg <= 0xFF; reg + +) i 

e5beec if ((reg >= 0x39 && reg < 0x40) |j (reg > 0x40 S& (reg & 7) == 7)) 

7ca511 continue; 

cec87b value = randO & 2 5 5; 

9aca50 SetRegister(board, chip, reg, value); 

7e6fe7 • • • - > 

e2df 1c • • } 

eba f 5a 

60d84d ••/*** CHECK REGISTERS ***/ 

57db8d --srand(seed); 

843f58 ••for (chip = 0; chip < MAX^CH I PS..PE R_B0 AR D ; chip + +) { 

1a5448 ••••if (chipsCchip] = = 0) 

7d5f6a continue; 

d51775 ••••for (i = 0; i < 24; i++) 

d30734 unitsCi] = 1; 

d4a885 ----if (verbose) printfC --BOARD 0x%02X CHIP 0x%02X: Checking. ..\n", 

6c5be4 board, chip); 

5ab177 for (reg = 0; reg <= 0xFF; reg + +) { 

00beec if ((reg >= 0x39 && reg < 0x40) || (reg > 0x40 && (reg & 7) == 7)) 

1 7 a 5 1 1 continue; 

205f9e value = randO 8 255; 

2da5d1 i = GetRegi ster(board, chip, reg); 

3acb31 SetRegister(board, chip, reg, value A 255); 

39b29a j = GetRegi ster(board, chip, reg); 

c71a0d if (i != value !! j != (value A 255)) { 

cb5495 if (chipsCchipH) 

b7125b printf("\n *** BOARD 0x%02X, CHIP 0x%02X FAILED ***\n -Details 

0ba711 board, chip); 

6d08d0 if (reg < 0x40) 

056181 chipsCchip] = 0; 

a31e5b else 

d464e9 units[(reg - x 4 ) / 8 ] = 0; 

0e6b2c if (i != value || j != value) 

15f088 printfC \n -Board 0x%02X Chip 0x%02X Reg 0x%02X bad:", 

dd88d1 board, chip, reg); 

6e3a74 if (i != value) 

1e6ac7 printfC -Got 0x%02X, not %02X.", i, value); 

c746af if (j != (value A 255)) 

1547f8 printfC -Got 0x%02X, not %02X.", j, value A 255); 

d8cf c7 > else { 

8bef4b if (verbose) 

dfa942 printfC \n --Reg 0x%02X good (Read 0x%02X)", reg, value); 

8742cc > 

676f e7 - - - • > 

b15448 ----if (chipsCchip] == 0) 

e1b2b4 printfC \n CHIP FAILED --\n M ); 

bf 83c8 - • • • else { 

2ca741 for (i = 0; i < 24; i++) 

2e958f AddSearchl)nits(fp, board, chip, i, unitsti]); 

3688b7 totalChips + + ; 

e46fe7 • • • • > 

ccdf 1 c • • > 

c00cbb •• return (totalChips); 

47efe6 > 

dea f 5 a 

05af 5a 



Chapter 5: Software Source Code 5-11 



— 4dcb 001b8acf 45a80020004 Page 1 of build.bat 

eb1685 rem Sample build script (using Microsoft Visual C++) 

89af 5a 

a05793 cl search. c keyblock.c chipio.c des.c 

049d12 cl initsrch.c keyblock.c 

818947 cl autoconf.c chipio.c 

110940 cl testvec.c sim.c des.c 

b8af 5a 



5-12 



Chapter 5: Software Source Code 



27e3 000793f 2b7c80020005 Page 1 of chipio.c 



8d2d03 
a07c89 
87350a 
be29eb 
3309f c 
b28aaf 
a e ca eb 
6c4992 
6d29eb 
95c755 
f 329eb 
12489b 
0e29eb 
596eef 
6629eb 
2f28d9 
d929eb 
3dd8c3 
49af 5a 
c8f eb2 
ab1465 
ef bea3 
4e1519 
24af 5a 
f c411c 
0ce1 ec 
b3ed93 
766981 
29af 5a 
ec08d9 
823310 
40f c87 
5f 8cee 
7d9f2f 
b52497 
5aa f 5a 
3c4951 
663867 
e7ded 
8a8735 
777b8e 
dd9757 
e884f 1 
49af 5a 
8738e5 
4ce308 
59495d 
aee62 f 
67ac33 
e5126b 
b62102 
3a8807 
c48418 
c82d1d 
439bf 5 
7532f 
97157a 
07d8af 
b9874e 
eca f 5a 
d72e32 
d5af 5a 
08af 5a 
f cc96f 
f438e5 
6a5039 
b0495d 
aa4429 
4599d0 
5a8d6b 
a c a f 5 a 
7948ba 



************************* 



*************: 



chipio.c 



Search Engine Low-Level Hardware Interface Module 



••Written 1998 by Cryptography Research (http://www.cryptography.com) 

and Paul Kocher for the Electronic Frontier Foundation (EFF). »••■ 

Placed in the public domain by Cryptography Research and EFF. ••• 

THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK 



IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. 



*********** 



********* 



********** 



********************** 



REVISION HISTORY: 

Version 1.0: -Initial release by Cryptography Research to EFF. 



******* 



******** 



******** 



**************** 



//include <stdio.h> 

//include <conio.h> 

//include <stdlib.h> 

//include "chipio.h" 

static int CURRENT-BOARD ••••= - 1 ; 

static int CURRENT-CHIP = - 1 ; 

static int CURRENT-PORT-CNFG = - 1 ; 

static int I O-BAS E-A D D RES S = 0x210; 

//define I 0-PORTA-ADDR E S S ( I O-BAS E-A D DR ES S + ) 

//define I 0-PORTB-A D DR E S S ( I 0-B AS E-A D D R E S S + 1 ) 

//define I 0-PORTC-A D D R E S S ( I O-BA S E-A D DR E S S + 2 ) 

//define I O-CN FG-AD DR ESS • ( I O-BAS E-A D DR E S S + 3 ) 

//define CNFG-OUTPUT • • 0x80 

//define CNFG-INPUT •-•0x82 



//define 
//define 
//define 
//define 
#de f i ne 
#de f i ne 
#de f i ne 



CTRL-BASE 

CTRL-RST 

CTRL-RDB 

CTRL-WRB 

CTRL-ALE 

CTRL-ADRSEL2 

CTRL-ADRSEL1 



0x1B 
0x20 
0x10 
0x08 
0x04 
0x02 
0x01 



/* base value onto which others are XORed */ 



in documentation is also called CNTR1 */ 
in documentation is also called CNTR0 */ 



/* 

•* -DELAYS CAN BE ADDED TO DEAL WITH BUS LO A D I NG / C A P A C I T AN C E / E T C . 

• */ 

//define DELAY-FACTOR 100L 

//define DELAY-ADDRESS-SETTLE • • 0* D E LA Y- F A CTOR 

//define DELAY-DATA-SETTLE 0* D E LA Y- F AC TOR 

//define D E LA Y-RST-HO LD 0* D E LA Y- F A C TOR 

//define D E LA Y-RST-RECOVER 0* D E L A Y- F AC TO R 

//define D E LA Y-R DB-HO LD 0* D E LA Y- F A C TOR 

//define D E LA Y-RDB-R E COVER 0*DE LA Y- F A CTOR 

//define D E LA Y-WRB-HO LD 0* D E L A Y- F A C TO R 

//define D E LA Y-WRB-R E COVER 0* D E LA Y- F A CTOR 

//define DELAY-ALE-SETTLE 0*D E LA Y- F A C TOR 

//define D E LA Y-AD RS E L2-S ETTLE - - 0* D E L A Y- F A C TO R 

//define D E LA Y-AD RS E L1 -S ETTLE - • 0* D E L A Y- F A C TO R 



//define i oDe I a y ( de I ay T i me ) 



O 



/* insert delay if rqd */ 



//ifdef -MSC-VER 

/* 

•* -Microsoft C++ Direct I/O Functions 

- */ 

static int inportb(int portNum) { 

-•unsigned char r v a I ; 

••unsigned short portNumShort = (unsigned short)portNum; 

••-asm { mov dx , po r t NumS ho r t > 



Chapter 5: Software Source Code 



5-13 



--80c3 000e63846a280020005 Page 2 of chipio.c 



05a1b8 
390458 
5b76c9 
aeef e6 
09af 5a 
0f9285 
3355b6 
0b8d6b 
64af 5a 
ac005a 
6893dc 
1af f c5 
a 5e f e6 
987454 
e0af 5a 
f0af 5a 
04d629 
37d170 
a43113 
7eaf 5a 
226c42 
022f bb 
38d9be 
61e818 
0f 2e99 
dcbbe3 
8cf9a6 
96e4d4 
71ef e6 
dca f 5a 
bbaf 5a 
334e16 
b354f 5 
85ef e6 
leaf 5a 
49af 5a 
2952e2 
e81c12 
20ef e6 
6aa f 5a 
08af 5a 
1db8ab 
5899a6 
67efe6 
98af 5a 
ebaf 5a 
c6415d 
186000 
9f0c74 
a1f9a6 
029b83 
b4ef e6 
83af 5a 
a8b6a1 
23c7b8 
92b28f 
bcec59 
2baf 5a 
485205 
d81486 
14af 5a 
797450 
f c1486 
36af 5a 
7c9619 
b11e79 
39af 5a 
647dd7 
14d3d3 
c4ef e6 
5baf 5a 
e6a f 5a 



-asm -C in a I ,dx } 
-asm { mov rval, al } 
return (rval); 



static void outportb(int portNum, int val) { 
■-unsigned char vaLChar = (unsigned char)val; 
••unsigned short portNumShort = (unsigned short )portNum, 

••-asm -C mov dx, portNumShort > 
••-asm -C mov at, vaLChar } 
••-asm { out dx, al } 
> 
#endi f 



static void Conf i gu r e I 0_Po r t ( i n t i nputOrOutput ) { 
outportb(IO-CNFG-ADDRESS, i nputOrOutput); 
CURRENT-PORT-CNFG = inputOrOutput; 

/ * -Warning: 



Changing the 10 port state causes a tiny glitch to go out on the 
PC-DIO card. -This is enough to ocasionally trigger the ALE, which 
causes read/write errors. -To avoid this, always explicitly 
re-select the chip after switching port directions. 



CURRENT-CHIP 



1 ; 



static void Se t Add re ss ( i nt add r es sVa I ue ) { 
• -outportbdO-PORTA-ADDRESS, addressValue) 

> 



static void SetData(int dataValue) { 

• -outportbdO-PORTB-ADDRESS, dataValue) 

> 



static int G e t Da t a ( vo i d ) -C 

• • return (inportb(IO-PORTB-ADDRESS)); 

> 



static void S e t C on t r o I ( i n t controlPortValue) i 



•* Possible optimization: Don't send value if already correct. 

• */ 

outportb(I0-P0RTC-ADDRESS, controlPortValue) ; 

atic void se I e c t Boa r d ( i n t board) -C 

SetAddress(board); 

SetControl (CTRL-BASE A C TR L- A D R S E L1 ) ; •••/* put board ID onto address pins 

ioDelay(max(DELAY-ADDRESS_SETTLE, D E LA Y_A D R S E L 1 -S ETT L E ) ) ; /* wait 

SetControKCTRL-BASE A CTRL-ADRSEL1 A CTRL-ALE); /* pull ALE high 

ioDelay(DELAY-ALE-SETTLE); /* wait 

SetControl (CTRL-BASE A C T R L-A D R S E L 1 ) ; /* pull ALE back 

ioDelay(DELAY -ALE-SETTLE); /* wait 

SetControl (CTRL-BASE); /* ADRSEL1 done 

ioDelay(DELAY-ADRSELI-SETTLE); 

CURRENT-BOARD = board; 
CURRENT-CHIP •= - 1 ; 



5-14 



Chapter 5: Software Source Code 



bfd3 000429a03bf 80020005 Page 3 of chipio.c 



bc4c68 
72cb81 
3ca47d 
ca a f 5 a 
1ad034 
f c1486 
f 4af 5a 
917415 
9b1486 
85af 5a 
f b6496 
4fefe6 
d6af 5a 
8baf 5a 
d13072 
eee199 
21efe6 
34af 5a 
a 7a f 5a 
1a38e5 
2c052d 
8a775e 
810727 
c18338 
30b84c 
11495d 
6aa7b4 
66af 5a 
65da81 
0488b6 
3c750b 
0daf 5a 
23f bb6 
3daf 5a 
350fd9 
fd9c65 
c33f 1e 
63941 c 
09af 5a 
274a62 
15e381 
56c86a 
52ef e6 
65af 5a 
46af 5a 
dd070c 
b637bb 
a221ba 
5277f 8 
5e72c3 
cad37b 
ae038d 
a f a f 5a 
72a826 
2e3549 
1d964b 
a0f c7b 
8a43b6 
bb7938 
72a1d3 
623cfe 
060257 
3ab463 
ab684d 
c6ef e6 
dca f 5a 
2890e3 
7a07b4 
c6a f 5a 
Oaf 350 
f 6b51f 
4277f 8 



static void se L ec t C h i p ( i n t chip) { 

SetAddress(chip); 

ioDelay(DELAY-ADDRESS-SETTLE); ■ 



select chip */ 
••••/* wait */ 



SetControKCTRL-BASE A CTRL-ALE) 
ioDelay(DELAY-ALE-SETTLE); 



/* pull ALE high */ 
/* wait */ 



pull ALE back */ 
/* wait */ 



SetControl(CTRL-BASE); ••• 
ioDelay(DELAY-ALE-SETTLE); 

CURRENT-CHIP = chip; 



void Se t Ba seAdd ress ( i nt address) { 

• • IO-BASE-ADDRESS = address; 

} 



* -RESET A SINGLE BOARD 

* 

* -This function resets an entire board. It is not optimized for speed. 

* -It is necessary to delay after calling this function until the board 

* -reset comp I et es . 
*/ 

nt Reset Boa rd ( i nt board) i 

•/* Configure the 10 card (doesn't matter if for data input or output) */ 

•ConfigurelO-Port(CNFG-INPUT); /* configure the 10 port */ 

■ConfigurelO-Port(CNFG-OUTPUT); /* configure the 10 port */ 



selectBoard(board); 



SetControKCTRL-BASE A CTRL-RST); 

ioDelay(DELAY-RST-HOLD); 

SetControKCTRL-BASE); 

ioDelay(DELAY-RST-RECOVER); 



select the boa rd */ 

RESET THE BOARD */ 

/* wait */ 

* stop resetting */ 
/* wait */ 



CURRENT-BOARD 
CURRENT-CHIP 
return (0); 



-1 ; 
-1; 



reset this on next 10 to be safe */ 
/* reset this to be safe */ 



void Se t Reg i s t e r ( i n t board, int chip, int reg, int value) -C 

if (CURRENT-PORT-CNFG != CNFG-OUTPUT) /* set 10 data lines for output */ 

•-ConfigurelO-Port(CNFG-OUTPUT); 

if (CURRENT-BOARD != board) /* make sure board is selected */ 

• • selectBoard(board); 



if (CURRENT-CHIP != chip) 
• • selectChip(chip); 



/* make sure chip is selected 



SetAddress(reg); / * select the right address */ 

SetData(value); /* output the data */ 

SetControKCTRL-BASE A C T R L- A D R S E L2 ) ; /* pull low */ 

ioDelay(max(max(DELAY-ADDRESS-SETTLE, DELAY-DATA-SETTLE), /* wait */ 

DELAY-ADRSEL2-SETTLE)); 

SetControl (CTRL-BASE A CTRL-WRB A C T R L- A D R S E L2 ) ; /* pull WRB low */ 

ioDelay(DELAY-WRB-HOLD); /* hold it */ 

SetControl (CTRL-BASE A CTR L-A D R S E L2 ) ; /* let WRB high again */ 

ioDelay(DELAY-WRB-RECOVER); /* wait */ 

SetControl (CTRL-BASE); /* let WRB high again */ 

ioDelay(DELAY-ADRSEL2-SETTLE); /* wait */ 



nt Ge t Reg i s t e r ( i n t board, int chip, int reg) -C 
•int r v a I ; 



if (CURRENT-PORT-CNFG != CNFG-INPUT) 

■-ConfigurelO-Port(CNFG-INPUT); 

if (CURRENT-BOARD != board) 



/* set 10 data lines for input */ 
/* make sure board is selected */ 



Chapter 5: Software Source Code 



5-15 



--7ae2 00 1 a 1 c 4 5 4 1 e8002000 5 Page 4 of chipio.c 



5772c3 
C0d37b 
2c038d 
c8af 5a 
e2a826 
8f23d4 
2275f f 
6f e7c0 
fa8603 
5ec058 
bbc573 
c22935 
6dafb3 
9ae0ca 
25af 5a 
2b76c9 
60efe6 
17af 5a 
90b207 
4717e0 
25af 5a 
9a0cd1 
6a76cd 
c2400d 
f ac86a 
15ef e6 
a1 af 5a 



• -selectBoard(board); 

if (CURRENT-CHIP != chip) 

* • selectChip(chip); 



/* make sure chip is selected 



SetAddress(reg); 

SetControl (CTRL-BASE A CT R L- A D RS E L2 ) ; / 

ioDeLay(max( DELAY-ADDRESS-SETTLE, DELAY-ADRSEL2-SETTLE)) 



CTRL-ADRSEL2) 



SetControKCTRL-BASE A CTRL-RDB 

ioDelay(DELAY-RDB-HOLD); 

rval = GetDataO; 

SetControL (CTRL-BASE A C TR L-A D R S E L2 ) 

ioDelay(DELAY-RDB-RECOVER); 

SetControL(CTRL-BASE); 

ioDelay(DELAY-ADRSEL2-SETTLE); 

return (rval); 



nt Chec kReg i s t e r ( i n t board, int chip, int rei 
• i n t i ; 

•i = GetRegister(board, chip, reg); 
■if (i != value) 
•••return ( - 1 ) ; 
•return (0); 



select the right address */ 

pull adrse 12 low */ 

/* wait */ 

• /* pul I RDB low */ 



• /* let RDB high */ 
let ADRSEL2 high */ 



int value) { 



5- / 6 Chapter 5: Software Source Code 



--5810 001 b3720ca780020006 Page 1 of chipio.h 

8d2d03 /****************************************************** 

1a43fa •* chipio.h * 

7c1e7f •* Header file for chipio.c * 

c629eb •* * 

7709fc •* -•■Written 1998 by Cryptography Research (http://www.cryptography.com) •••* 

218aaf •* and Paul Kocher for the Electronic Frontier Foundation (EFF). * 

e6caeb •* Placed in the public domain by Cryptography Research and EFF. ..••*.* 

8b4992 •* -THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. ■* 

1329eb •* * 

3fc755 •* -IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. -* 

2329eb •* * 

2d489b .***************************************************************************** 

3229eb •* * 

046eef ■* --REVISION HISTORY: * 

2b29eb ■* * 

ad28d9 •* --Version 1.0: -Initial release by Cryptography Research to EFF. * 

ba29eb ■* * 

08d8c3 .*****************************************************************************/ 
a7a f 5a 

f51920 tfifndef CHIPIO-H 

e6d6b9 fldefine — CHIPIO-H 

d8af 5a 

a32deb tfdefine S E ARC H^UN I TS-PER-C H I P 24 

b9af 5a 

96c928 #define REG-PTXT-VE C TOR (0x00) 

5821cd tfdefine REG-PTXT-XOR-M ASK ---(0x20) 

9db3c1 #define REG_C I PH E RTEXT0 (0x28) 

211752 #define REG-C I PH E RTEXT 1 (0x30) 

25db81 #define REG-PTXT-B YTE_M ASK --(0x38) 

2b107b #define REG-S E AR C H I N FO (0x3F) 

6db9aa tfdefine REG-S E ARC H-KE Y ( x ) ■■-(0x40 + 8*(x)) 

c4701d #define REG-S E A RC H-STATUS ( x ) (0x47 + 8*(x)) 

69af 5a 

4bea1c void SetBaseAddress(int address); 

6bbdbf int ResetBoard(int board); 

b4274a void Se t Reg i s t e r ( i n t board, int chip, int reg, int value); 

ba59e9 int GetRegister(int board, int chip, int reg); 

6ea7fa int CheckRegister(int board, int chip, int reg, int value); 

f 8af 5a 

147454 tfendif 

b3af 5a 



Chapter 5: Software Source Code 



5-17 



•Written 1995-8 by Cryptography Research (http://www.cryptography.com) 
■Original version by Paul Kocher. Placed in the public domain in 1998. 
THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK 

IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM 



****** 



*********************** 



IMPLEMENTATION NOTES: 



This DES implementation adheres to the FIPS PUB 46 spec and produces 
standard output. -The internal operation of the algorithm is slightly 
different from FIPS 46. -For example, bit orderings are reversed ••-- 
(the right-hand bit is now labelled as bit 0), the S tables have •••• 
rearranged to simplify implementation, and several permutations have 
been inverted. -For simplicity and to assist with testing of hardware 
implementations, code size and performance optimizations are omitted. 



******************************** 



REVISION HISTORY: 



Version 1.0: -Initial release •-- PCK. 

Version 1.1: -Altered DecryptDES exchanges to match EncryptDES. -- PCK 

Version 1.2: -Minor edits and beau t i f i ca t i ons . ■ -- PCK 

Version 1.3: -Changes and edits for EFF DES Cracker project. 



--176a 0002909cb8180020007 Page 1 of des 



8d2d03 
9240d0 
a8bcaa 
9b29eb 
6ed9a2 
b2c441 
d34992 
4829eb 
25c755 
df 29eb 
ce489b 
8229eb 
6015cb 
2829eb 
217602 
a5ad64 
bd2a2b 
fd1be6 
bab9c7 
e3c21e 
c52d8b 
5d29eb 
3c489b 
1929eb 
e76eef 
d229eb 
ccc443 
7bb74c 
425c27 
03d930 
ad29eb 
83d8c3 
e8af 5a 
bf f eb2 
45bea3 
2e324c 
0a2ba c 
32af5a 
557461 
2884a3 
9bccf a 
611504 
3707da 
46017b 
3694f e 
a b7f a e 
6aabe7 
a3fd9c 
ba2f30 
8c43bc 
87af 5a 
27a0e5 
02af 5a 
bdaf 5a 
cea f 5a 
964d6c 
dec68f 
933c1a 
46c68f 
094d6c 
3daf 5a 
b1af5a 
7538e5 
f6556a 
a3495d 
51c166 
4f9d69 
b9c827 
f 038ae 
5c6de0 
86b247 
29e709 



***** 



Software Model of ASIC DES Implementation 



**************: 



^include <stdio.h> 
flinclude <stdlib.h> 
//include <string.h> 
//include "des.h" 

static void ComputeRoundKey(bool roundKeyC56D, bool keyC56]); 

static void Rot a t eRoundKey Le f t ( boo I round Ke y C 56 1 ) ; 

static void Ro t a t e RoundKey R i g h t ( boo I r ou ndKey L 56 ] ) ; 

static void C ompu t e I P ( boo I LC32], bool RC32], bool i nB I k [ 64 ] ) ; 

static void Compu t e F P ( boo I ou t B I k [ 64 ] , bool LC32], bool RC32D); 

static void ComputeF(bool foutr.323, bool RC32H, bool roundKeyC56]) 

static void ComputeP(bool outputC32], bool inputC32]); 

static void Compu t eSu-Lookup ( i n t k, bool outputC4D, bool inputC6D); 

static void ComputePC2(bool subkeyC48D, bool roundKeyE56]); 

static void ComputeExpansionE(bool expandedBlockE48], bool RC32H); 

static void DumpBin(char *str, bool *b, int bits); 

static void Exchange-L-and„R(bool LC323, bool R C 3 2 1 ) ; 



static int Ena b I eDumpBi n 



DES TABLES 



************* 



*** * / 

• • • */ 

• ■ ■ */ 
- • • */ 

• * * * / 



•IP: Output bit tab I e^DES^IPL" i ] equals input bit i. 



static 
39 

38 
37 
36 
35 
34 



int table-DES-IPC64] 



47, 
46, 
45, 
44, 
43, 
42, 



15, 55, 23, 63, 
14, 54, 22, 62, 



13, 53, 21, 61, 29 

12, 52, 20, 60, 28 

11, 51, 19, 59, 27 

50, 18, 58, 26 



5-18 



Chapter 5: Software Source Code 



--e1e6 00020a1 a00d80020007 Page 2 of des.c 



a5829e 
c51 1 f f 

b482f 7 
a 1 a f 5a 
0caf 5a 
6738e5 
b248ca 
1 1495d 
e a d d 2 a 
225b71 
d98cd9 
e79996 
6eb571 
c50e3f 
91d997 
8dccd8 
514da9 
6f82f 7 
47af 5a 
20af 5a 
8038e5 
3cda05 
d4495d 
C00c38 
8bb89e 
8728e4 
9c8d2c 
e21d56 
37bf 91 
a62f eb 
5c91e6 
fad02f 
b082f7 
55af 5a 
df af 5a 
8438e5 
45f 37a 
0a495d 
047f cf 
498889 
2e30a5 
c23f a5 
3ce272 
646356 
207786 
aa82f7 
f faf 5a 
dlaf 5a 
d838e5 
1 cdb31 
76495d 
ac6a87 
fae6fb 
f 62634 
95d06b 
4b7f a0 
cf 4d0d 
d09708 
4082f7 
4f af 5a 
e ea f 5a 
ae38e5 
bcc34a 
b7495d 
365137 
15f 612 
d0b9f8 
18cde3 
9b60a7 
4482f 7 
cea f 5a 
20af 5a 



. ... 33 
••••32 
>; 



41, 

40, 



9, 49, 17, 
8, 48, 16, 



57 
56. 



25, 
24 



/ 
sta 



-FP: Output bit t a b L e_D ES_ F P C i 3 equals input bit 



t i c 
' 57, 
•59, 
•61, 
•63, 
■ 56, 

• 58, 

• 60, 
•62, 



PC1 



int table_DES_FPC64] 



49, 



41, 33, 
51, 43, 35, 
53, 45, 37, 

47 

40 
42 
44 



55, 
48 
50 
52 
54 



39 
32 
34 



25 
27 
29 
31 
24 
26, 



17, 
19, 

21, 



= -C 
•9, 

11, 
13, 



23, 15, 
16, -8, 



36, 28, 
46, 38, 30, 



18 
20 
22 



1, 
3, 
5, 
7, 
0, 
2, 
4, 
6 



static 
27, 
26, 
25, 
24, 
23, 
22, 
21, 
20, 



Permutation choice 1, used to pre-process the key 
int table_DES_PCir.56] = { 



19, 11 

18, 10 

17, 

16, 

15, 

14, 

13, 

12, 



31, 39, 

30, 38 



47, 55, 
46, 54, 



29 
28 



37 
36 



45 
44 



53, 
52, 



3, 35, 43, 51, 
2, 34, 42, 50, 



33. 
32, 



49 
48 



static int t a b I e_D E S_PC2 C 48 ] = { 



PC2: Map 56-bit round key to a 48-bit subkey 



24, 
■ 0. 
16. 



27, 
17, 
26, 



•6, 
12, 
• 9. 



14, 

•8 
19 



10 
23 
25 



•3, 
11, 
• 4, 



54, 43, 36, 29, 49, 40, 48, 
52, 44, 37, 33, 46, 35, 50, 



static int t a b I e_D E S~E [ 48 ] 



28, 53, 51, 55, 32, 45, 39, 42 



Expand 32-bit R to 48 bits 



31, 


• 0, 


•1, -2, 


•3, 


•4, 


■3, -4, 


• 5, 


■6, 


•7, -8, 


• ', 


•8, 


•9, 10, 


1 1 , 


12, 


11, 12, 


13, 


14, 


15, 16, 


15, 


16, 


17, 18, 


19, 


20, 


19, 20, 


21 , 


22, 


23, 24, 


23, 


24, 


25, 26, 


27, 


28, 


27, 28, 


29, 


30, 


31 , -0 



•* *P: Permutation of S table outputs 

• */ 

static int t ab I e_D ES-PH 32 ] = { 

11, 17, -5, 27, 25, 10, 20, • 0, 
13, 21, -3, 28, 29, -7, 18, 24, 
31, 22, 12, -6, 26, -2, 16, -8, 



14, 30, -4, 19, -1, -9, 15, 23 



Chapter 5: Software Source Code 



5-19 



— f1a0 000f 7378b1880020007 Page 3 of des.c 



bc38e5 
8e6f34 
a3495d 
a11e19 
3cd69a 
e4846d 
c965af 
95d5b0 
8c3ee1 
11d2b1 
d54b6a 
98df4d 
35f575 
7b6234 
d2decc 
1ef 108 
9bd582 
7f 0bbf 
9a7505 
68dae7 
305c4d 
d80156 
37f 5dc 
ded332 
5f c636 
ef4850 
14f 1a6 
45f43f 
9ed830 
49c21d 
b1ea9b 
03bd2c 
bed567 
3b8261 
c3ce60 
69a636 
38ac1 c 
6b7311 
a8b1 aa 
ceca4b 
68cf66 
7baa cb 
4d2f45 
3f2777 
1882f 7 
34af 5a 
55af 5a 
e6a f 5a 
f caf 5a 
d34d6c 
dec68f 
f bcabf 
f f c68f 
474d6c 
8eaf 5a 
5baf 5a 
2a38e5 
0f b080 
4d770b 
22495d 
da5620 
062b1c 
909aa1 
6fbfaf 
d8af 5a 
9b1294 
3ccb2a 
728fb2 
490a8e 
d75585 
f faf 5a 
f 7c1be 



/ 
static int t a b I e-DES-S C 8 ] [ 64 1 



•S Tables: Introduce nonlinearity and avalanche 



table SC0] 

i 



tab 

i 



tab 
{ 



tab 



tab 
{ 



tab 
{ 



tab 



tab 

i 



le 



le 



le 



3, • 

0, 1 
7, ■ 

0, 1 

s:i : 

4, 1 

3, 1 

1, • ( 

0, •! 
SC2D 

2, 11 

0, ■ 
9, • 

7, 1 
SE33 

2, 1 

8, ■ 

4, 1 

5, ■ 
SC43 
7, 1 

1, • 
0, ■ 
5, • 
SH5] 

0, 1 

1, • 

3, - 
1, • 
SC6] 
5, ■ 

9, 1 
0, 1 
5, 1 
SC7] 

4, ■ 

3, 1 

4, 1 

5, • 



2, 15, 

5, 



1, 

2, -9, 

2, 11, 
5, - 6, 12 

*/ 

3, 11, • 

4, 12 



1 , 



6, 
4, 
1 , 

4, 
5, 
1 , 
6, 

3, 
4, 
3, 
9, 

3, 
2, 
1 , 

4, 

3, 
2, 

3, 14, 
1, -8, 
*/ 

4, 



■ 3, 
11, 

• 5, 

15, 

• 1, 

■ 3, 
14, 

11, 

• 0, 

• 8, 
15, 



' 8, 
■ 3, 

• 4, 
10, 

■2, 

• 9, 
11, 
' 6, 

10, 

• 3, 
15, 

• 4, 

' 4, 

• 3, 

• 1, 
12, 



3, -4, 
6, 14, 

4, • 1, 
9, 13, 

1 , 14, 



• 7. 
13, 



4, 15 
3, ' 4. 
2, • 5, 
1 , 10, 

2, • 1, 

5, 15, 
2, 11 



3 

2, • 7, 

6, 15, 

1, '4, 



8, 14 



• 7, 
' 8, 
10, 
15, 

13, 



' 6, 

15, 
' 6, 
12, 
11 , 



' 9, 

■ 3, 

' 9, 
12, 

• 4, 

■ 2, 

•8, 

■ 2, 

• 7, 

12, 

13, 
•6, 
14, 

• 9, 



5, 14, 

0, 14 
5, • 7, 



4, 14 

1 , 13 

0, 11 

7, • 6 



7, • 1 

2, 12 

8, • 8 

3, • 7 



8, -6, 10, 

1, "5, -0, 

7, -9, ■ 4, 

0, 15, • 3, 



7, 1 5, 
2, 



2, 

4, 
2, 
7, 

2, 

0, 
7, 
9, 

5, 

2, 1 1 

6, 12 



4, 
5, -2, 
2,-1, 
0, 14, 



5, 12, 
3, 



6, 

4, 11, 12, 
8, • 6, 

5 



9, 



11, 

15, 

• 6, 

• 3, 



2, 14, 



5, 
13, 
•3, 



■9, 
' 4, 
10, 



}; 



5, -3, 11, 

0, 14, 12, 

2, 10, 14, 

3, -5, • 5, 

0, -9, • 8, 

0, 15, • 6, 

3, -4, • 7, 

5, -2, -9, 



• 6 

• 5, 
12 

1 1 



0, -7, 11 , 

0, -9, 14 

3, 14, -7 

3, -4, ■ 0, 

6, 15, -9 

2, 10, -4 

1 , • 1 , -7 

2, -7, -8, 

3, -4, 15 

4, 11, - 2 

5, -9, -3 

0, -5, 14, 

1, -2, -3 
0, - 9, - 5 

4, 15, 13 
3, - 5, • 2, 

5, - 2, 11 
9, -5, • 

6, -9, -2 
0, - 0, - 5 



7, • 1 , -4, 
9, -7, • 2, 

8, -2, 13, 

6, -8, 11 • >, 

1 , 13, 10, 

8, • 1 , * 6, 
0, 14, • 7, 

3, '2, 12 ■ }, 

9, -8, • 5, 
3, 11, -8, 
5, -3, 10, 

8, -6, 13 • >, 

3, -6, -1, 

8, -9, -6, 

2, -8, 13, 

5, 14, -3 •>, 



4, 15, -9, 

3, 13, -8, 
2, -4, 14 ■ } 

6, -5, 10, 

5, - 8, -1, 
8, -0, -7, 
2, - 7, 12 • } 

8, -4, 14, 

1 , 10, -5, 

4, -1, -2, 
14, 15, -9 • > 

13, - 8, -1, 

•3, -7, -8, 

• 1 , 11, -7, 

■6, -0, 13 ■ > 



*****: 



DES CODE 



-EncryptDES: Encrypt a block using DES. Set verbose for debugging info. 
•(This loop does both loops on the "DES Encryption" page of the flowchart.) 
i 

void Enc rypt DES ( boo I keyC56], bool outBlkC64], bool inBlkC64D, int verbose) { 
int i , round; 

bool RC32], LC32], foutC32]; 
bool roundKeyC56]; 



EnableDumpBin = verbose; 

DumpBin("input(left)", inBlk+32, 32); 
DumpBin("input(right)", inBlk, 32); 
DumpBinC'raw key (left )", key+28, 28); 
DumpBin("raw key(right)", key, 28); 

/* Compute the first roundkey by performing PC1 */ 



set debugging on/off flag 



5-20 



Chapter 5: Software Source Code 



--1527 00053c1ed198l 



7 Page 4 of des.c 



47b264 
53af 5a 
0295d4 
840a5f 
48af 5a 
e81340 
1ad1a8 
a e a f 5a 
7777ba 
cc7699 
baa f 5a 
1 f f 437 
4421bf 
a491a0 
838034 
628117 
d2af 5a 
8b7f c3 
a e c8ba 
9b1467 
1950e7 
003cd7 
bb1bd4 
82af 5a 
e0033b 
14d969 
5c54e7 
4a4739 
2ba9e6 
a 5a 5a b 
56af 5a 
7a68b4 
3aa f 5a 
a3a140 
f ca063 
4b21bf 
a24514 
66df 1c 
d9af 5a 
5e8e68 
87af 5a 
71370b 
77cf94 
468b91 
cbf675 
b0ef e6 
43af 5a 
15af 5a 
01af 5a 
e038e5 
1e9b68 
6f a5c7 
1a495d 
b66de8 
b82b1c 
299aa1 
f 9bf af 
24af 5a 
5a1294 
96cb2a 
4b8f b2 
f 60a8e 
395585 
82af 5a 
8cc1be 
a4b264 
dca f 5a 
5f95d4 
300a5f 
33af 5a 
291340 
53d1a8 



ComputeRoundKey(roundKey, key); 

DumpBin("roundKey(D", roundKey+28, 28); 
DumpBin("roundKey(R)", roundKey, 28); 

/ * Compute the initial permutation and divide the result into L and R * / 
ComputeIP(L,R, inBlk) ; 

DumpBinC after IP(D", L, 3 2); 
DumpBinC after I P ( R ) " , R , 32); 



for (round = 0; round < 16; round++) { 
if (verbose) 

••printfC BEGIN ENCRYPT ROUND %d 

DumpBin(" round start(L)", L, 32); 
DumpBin(" round start(R)", R, 32); 



\n 



round); 



/* Rotate roundKey halves left once or twice (depending on round) */ 

RotateRoundKeyLeft ( roundKey) ; 

if (round != SS round != 1 SS round != 8 && round != 15) 

* • RotateRoundKeyl_eft( roundKey); 

DumpBinC roundKey(L)", roundKey + 28, 28); 

DumpBin("roundKey(R)", roundKey, 28); 

/* Compute f(R, roundKey) and exclusive-OR onto the value in L */ 

ComputeF(fout, R, roundKey) ; 

DumpBin("f(R,key)", fout, 32); 

for (i = 0; i < 32; i++) 

* • L C i ] A = foutCi]; 

DumpBin("L A f(R,key)", L, 32); 

Exchange-L~and^R(L,R); 

DumpBinC round end(L)", L, 32); 

DumpBin(" round end(R)", R, 32); 

if (verbose) 

■•printfC END ROUND % d 



Exchange^L-,and-R(L,R) 



\n", round); 



/* Combine L and R then compute the final permutation */ 

ComputeFP(outBlk,L,R); 

DumpBinC FP out( left)", outBlk+32, 32); 

DumpBin("FP out(right)", out B Ik, 32); 



DecryptDES: Decrypt a block using DES. Set verbose for debugging info. 
(This loop does both loops on the "DES Decryption" page of the flowchart.) 

void Dec rypt DES (boo I keyC56], bool ou t B I kll 64 H , bool inBlkC64], int verbose) i 
int i , round; 

bool RH32II, LC32], foutr.3211; 
bool roundKeyC56]; 



set debugging on/off flag */ 



EnableDumpBin = verbose; 

DumpBinC input(left)", inBlk+32, 32); 
DumpBin("input(right)", inBlk, 32); 
DumpBin("raw key (left )", key+28, 28); 
DumpBin("raw key(right)", key, 28); 

/* Compute the first roundkey by performing PC1 */ 
ComputeRoundKey( roundKey, key); 

DumpBinC' roundKey(L)", roundKey + 28, 28); 
DumpBin("roundKey(R)", roundKey, 28); 

/* Compute the initial permutation and divide the result into L and R */ 
ComputeIP(L,R, inBlk); 



Chapter 5: Software Source Code 



5-21 



1 f 1 0005e2de84280020007 Page 5 of des.c 



e0af 5a 
7177ba 
3d7699 
96af 5a 
3cf437 
3d21bf 
f f 2cb4 
528034 
e78117 
22af 5a 
d3033b 
06d969 
dc54e7 
b54739 
e ca9e6 
dba 5ab 
50af 5a 
8e68b4 
e9af 5a 
2dc90d 
3210bc 
be1bd4 
3df 5db 
671 1 ff 
f97c23 
02af 5a 
ceal 40 
7ba063 
4321bf 
f 04514 
3f df 1 c 
61af 5a 
738e68 
71af 5a 
b9370b 
b9cf94 
b08b91 
df675 
7cef e6 
59af 5a 
9aaf 5a 
1daf 5a 
a938e5 
bd8d8b 
6c495d 
94988e 
f e17e0 
a fa f 5a 
be815b 
46d64b 
f3ef e6 
1 aa f 5a 
4caf 5a 
b3af 5a 
af38e5 
3555cb 
42495d 
af7d60 
e4483e 
c717e0 
88af 5a 
9bf 689 
3ef e1b 
bb300b 
43575a 
b53242 
7adf 1c 
4d7b9f 
e0cf 9d 
a8ef e6 
f3af 5a 
5eaf 5a 



DumpBi n( "after I P ( L) " , L , 32) 
DumpBin( "after IP(R)", R, 32) 



for (round = 0; round 
if (verbose ) 

• - printfC" 

DumpBin(" round start(L) 
DumpBin(" round start(R) 



16; round++) i 



BEGIN DECRYPT ROUND %d 
L, 32); 
R, 32); 



\n", round); 



/* Compute f(R, roundKey) and excLusive-OR onto the value in L */ 

ComputeF(f out, R , roundKey); 

DumpBin("f(R,key)", fout, 32); 

for (i = 0; i < 32; i++) 

••LCi] A = foutti]; 

DumpBin("L A f(R,key)", L, 32); 

Exchange-L-and-R(L,R); 

/* Rotate roundKey halves right once or twice (depending on round) */ 

DumpBin("roundKey(L)", roundKey+28, 28); /* show keys before shift */ 

DumpBin("roundKey(R)", roundKey, 28); 

RotateRoundKeyRight(roundKey); 

if (round != && round != 7 && round != 14 SS round != 15) 

• • RotateRoundKeyRight( roundKey) ; 

DumpBin(" round end(D", L, 32); 

DumpBin(" round end(R)", R, 32); 

if (verbose) 

•■printfC END ROUND %d 



\ n " , round) 



Exchange_L_andwR(L,R); 

/* Combine L and R then compute the final permutation */ 

ComputeFP(outBlk,L,R); 

DumpBinC'FP out( left)", outBlk+32, 32); 

DumpBin("FP out(right)", outBlk, 32); 



-* • Compu t eRoundKey : Compute PC1 on the key and store the result in roundKey 

• */ 

static void Compu t eRoundKey ( boo I roundKey C 56] , bool key[56H) i 

• • i n t i ; 

••for (i = 0; i < 56; i++) 
-•••roundKeyCtable-DES-PCIIIiD] = keyHill; 



• Rot a t eRoundKey Lef t : Rotate each of the halves of roundKey left one bit 
i 

static void Rot a t eRoundKey Le f t ( boo I roundKey C 56 ] ) { 
bool tempi, temp2; 
i n t i ; 

tempi = roundKeyC27]; 

temp2 = roundKeyC55D; 

for (i = 27; i >= 1; i--) { 

••roundKeyCi] = roundKeyCi-1]; 

••roundKeyCi+28] = roundKey[i+28-1]; 

> 

roundKeyC 0] = tempi; 

roundKeyC28H = temp2; 



5-22 



Chapter 5: Software Source Code 



1bb7 0002e9cf 80d80020007 Page 6 of des.c 



e0a f 5a 
d338e5 
7dc6ad 
f 9495d 
1ab26c 
7d483e 
1517e0 
c0a f 5a 
7a5025 
9c4548 
5fe568 
196cc2 
7809da 
ecdf 1c 
df a88d 
945d1 1 
e3ef e6 
2caf 5a 
41af 5a 
38af 5a 
7738e5 
a32903 
df 495d 
23ac44 
686085 
d417e0 
a 3a f 5 a 
77aeaf 
07f 9a6 
4e6406 
adc750 
95af 5a 
500318 
70f 9a6 
daba85 
d40368 
3ef2b8 
60842c 
b070b5 
86df 1 c 
f 5ef e6 
4baf 5a 
70af 5a 
2aa f 5a 
3738e5 
8e4f f e 
51495d 
d193a5 
f342e9 
5c17e0 
08af 5a 
2c6c41 
45f9a6 
916406 
878397 
8caf 5a 
d3a ea f 
98f 9a6 
1 c6406 
85e116 
be e f e6 
18af 5a 
bea f 5a 
a8af 5a 
5e38e5 
90810f 
01495d 
0c2720 
a3f6a2 
adbbe6 
d9af 5a 
2e1a04 



• Ro t a t eRoundKey R i gh t : Rotate each of the halves of roundKey right one bit 
I 

static void Ro t a t e RoundKeyR i g h t ( boo L roundKey C 56 ] ) i 
boot tempi, temp2; 
i n t i ; 

tempi = roundKeyC0J; 

temp2 = roundKeyC28D; 

for (i = 0; i < 27; i++) { 

••roundKeyCi] = roundKey[i+1]; 

■•roundKeyCi+28D = roundKeyCi+28+1]; 

} 

roundKeyC27] = tempi; 

roundKeyC55] = t e m p 2 ; 



ComputelP: Compute the initial permutation and split into L and R halves 

static void ComputelPCbool LH32H, bool R C 3 2 D , bool i n B I k £ 6 4 ] ) -C 
bool outputC64]; 
i n t i ; 

* Permute 



or (i = 63; i >= 0; i — ) 
■outputC tab le_DES-IPCiD] 



i n B I k L i 1 ; 
Bits 63 . . 32 go 
) { 



bits 31 



go in R 



* Split into R and L. • 

*/ 

or (i = 63; i >= 0; i — 

•if (i >= 32) 

-•-LCi-32] = outputHi]; 

•else 

--■RCi] = output[i3; 



ComputeFP: Combine the L and R halves and do the final permutation. 

static void C ompu t e F P ( boo I outBlkC64], bool LE323, bool RC32]) { 
bool inputC64]; 
i n t i ; 

/* Combine L and R into inputC64] 

■ */ 

for (i = 63; i >= 0; i--) 

• • inputCiD = (i >= 32) ? LCi - 32] 



RCi ] 



/* Permute 

• */ 

for (i = 63; i >= 0; i — ) 

■•outBlk[table_DES_FPCi]] = inputHi]; 



•* -ComputeF: Compute the DES f function and store the result in fout 

• */ 

static void Compu t e F ( boo I foutC32], bool RC32H, bool roundKey C 56 ] ) { 

••bool expandedBlockC48], subkey[48D, soutC32]; 

- - i n t i , k; 



• • / 



Expand R into 48 bits using the E expansion 



Chapter 5: Software Source Code 



5-23 



— 92d2 000e8f1 171 f 80020007 Page 7 of des.c 



fb99d7 
e5f 0ba 
ef af 5a 
7693f f 
4a7840 
21d717 
39af 5a 
e5154c 
bf f cab 
2d6512 
f baf 5a 
340740 
0225c6 
e985c7 
67af 5a 
dbfd35 
6d2d52 
b3efe6 
0caf 5a 
76af 5a 
d3af 5a 
5538e5 
eb913f 
52495d 
61f410 
3b17e0 
20af 5a 
b5339a 
3f7688 
b1efe6 
10af 5a 
94af 5a 
70af 5a 
5b38e5 
8a859b 
ad495d 
49a67e 
9bf 3da 
a 5a f 5a 
ad1 a9e 
6a f ccb 
f 18c1a 
3faf 5a 
164a3e 
34b706 
4baf 5a 
0a8aed 
0c9a60 
3a6aec 
d9f487 
708c7f 
95ef e6 
dfaf 5a 
78af 5a 
d2af 5a 
0338e5 
8181cc 
2a495d 
22796f 
2817e0 
d0af 5a 
17f cab 
bec8bc 
16ef e6 
67af 5a 
c5af 5a 
43af 5a 
2838e5 
20459d 
b8495d 
4bb46d 
e817e0 



• ComputeExpansionE(expandedBlock, R ) ; 
•DumpBinC expanded E", expandedBLock, 48); 

•/* Convert the roundKey into the subkey using PC2 */ 
•ComputePC2(subkey, roundKey); 
• DumpBinC subkey", subkey, 48); 

•/* XOR the subkey onto the expanded block */ 
•for (i = 0; i < 48; i++) 
•••expandedBLockCiD A = subkeyCi]; 

•/* Divide expandedBLock into 6-bit chunks and do S table Lookups */ 

-for (k = 0; k < 8; k++) 

**'ComputeS_Lookup(k, sout+4*k, expandedBLock+6*k); 

-/* To complete the f() calculation, do permutation P on the S table output 
•ComputeP(fout, sout); 



ComputeP: Compute the P permutation on the S table outputs 



static void Compu t eP ( boo L out put [32 ] , bool input[32]) { 
• • i n t i ; 



for (i = 0; i < 32; i++) 
• • output [table-DES-PM:: 



i npu t [ i H , 



/ 

sta 



•Look up a 6-bit input in S table k and store the result as a 4-bit output 

tic void ComputeS-Lookup(int k, bool output[4], bool input[6D) { 
nt inputValue, outputValue; 

* Convert the input bits into an integer */ 

nputValue = input[0] + 2*input[1D + 4*input[2] + 8*input[3H + 

16*input[4H + 32*inputC53; 



/* Do the S table lookup */ 

outputValue = table-DES-SCkKinputValue]; 

/* Convert the result into binary form */ 

output[0] = (outputValue 8 1) ? 1 

outputMD = (outputValue S 2) ? 1 

output[2D = (outputValue 8 4) ? 1 

output[3H = (outputValue 8 8) ? 1 



•* -ComputePC2: Map a 56-bit round key onto a 48-bit subkey 

• */ 

static void Compu t ePC 2 ( boo I subkey[48H, bool roundKey [ 56 ] ) { 

• • i n t i ; 



for ( i = ; 
••subkeyMH 



< 48; i++) 
roundKey[table^,DES^PC2[iD] 



■* • Compu t e Expans i on E : Compute the E expansion to prepare to use S tables 

• */ 

static void Compu t e Expans i on E ( boo I expa ndedB I oc k[ 48] , bool R[32]) { 

* * i n t i ; 



5-24 



Chapter 5: Software Source Code 



cf4e 001 f 26301 5b80020007 Page 8 of des.c 



e0a f 5a 
f 3f cab 
7db971 
ce f e6 
e0a f 5a 
a1 af 5a 
d8af 5a 
2e38e5 
10f923 
08495d 
c895d1 
5a17e0 
a aa f 5 a 
36339a 
b225db 
f 8ef e6 
3eaf 5a 
84af 5a 
60af 5a 
0038e5 
489231 
41495d 
1ddbd9 
6e17e0 
56af 5a 
648af 7 
6db2e5 
5c646c 
42df 1 c 
8eaf 5a 
413332 
3f f 079 
b7c8c3 
655f c3 
98eac8 
d2de5b 
8a3177 
de821 f 
4ec8c3 
6b6b57 
a705d7 
0bf 78c 
2ef a6f 
04df 1 c 
01ef e6 
f2af 5a 



for (i = 0; i < 48; i + + ) 

• • expandedBlockCi ] = R C t a b L e^D E S^E C i ] ] 



Ex changeu-L^and^R : -Swap L and R 



static void Ex c hange-L^a nd^,R ( boo L LH32H, boot RH32H) { 
* * i n t i ; 



for (i = 0; i < 32; i++) 
• • LCi] A = RCi] A = LM3 A 



R C i ] ; 



/* exchanges LCi] and RCi] */ 



/ 
sta 



■DumpBin: DispLay intermediate values if ema b I e DumpBi n is set. 

tic void DumpBin(char *str, boot *b, int bits) { 
nt i ; 

f ((bits % 4) !=0 | | bi ts>48) { 

*printf("Bad call to DumpBin (bits > 48 or bit len not a multiple of 4\n") 

• e x i t ( 1 ) ; 



f ( Enab I eDumpBi n ) { 
for (i = strlen(str); 

• • p r i n t f ( " " ) ; 
printf("%s: ", str); 
for (i = bits-1; i >= 
- • p r i n t f ( " % d " , b t i ] ) ; 
p r i n t f ( " " ) ; 

for ( i = bits; i < 48; 

• • p r i n t f ( " " ) ; 
p r i n t f ( " ( " ) ; 

for (i = bits-4; i >= 



14; 



i — ) 



4) 



• -printf("%X", bCi]+2*b[i+i:+4*bCi+2:+8*bCi+3]); 
p r i n t f ( " ) \ n " ) ; 



Chapter 5: Software Source Code 5-25 



--5 f 71 001ba22687980020008 Page 1 of des.h 

8d2d03 /*****************************************************^ 

cb1a06 - * des.h 

0f4b62 •* Header file for des.c 

5c29eb -* 

57d9a2 •* ■ -Written 1995-8 by Cryptography Research (http://www.cryptography.com) 
e9c441 •* ■■Original version by Paul Kocher. Placed in the public domain in 1998. 
f64992 •* -THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. 

4329eb •* 

ddc755 ■* -IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. 

3e29eb - * 

d d 4 8 9 b *************************************************************************** 

8029eb - * 

246eef •* --REVISION HISTORY: 

8b29eb •* 

00c443 •* --Version 1.0: -Initial release - -- PCK. 

87f57b •* --Version 1.1: -Changes and edits for EFF DES Cracker project. 

6029eb •* 

ffd8c3 *************************************************************************** 

45af 5a 

9da019 #ifndef ^-DES-H 

828311 #define DES-H 

a3a f 5a 

c608c5 typedef char bool; 

909629 void En c ryp t D E S ( boo I key[56], bool ou t B I k [ 64 ] , bool inBlkC64], int verbose) 

8e8db3 void De c ryp t D E S ( boo I keyC56], bool outBlkC64], bool inBlkt64], int verbose) 

bca f 5a 

f27454 #endif 

baa f 5a 



5-26 



Chapter 5: Software Source Code 



— 5736 0007f67bbbf 80020009 Page 1 of initsrch 



8d2d03 
2fe318 
f a709c 
f829eb 
5d09f c 
0b8aaf 
be caeb 
9a4992 
8c29eb 
72c755 
5329eb 
cf 489b 
cb29eb 
3615cb 
b629eb 
c6922a 
b77950 
ec6515 
6bec7c 
5829eb 
a5489b 
4229eb 
d16eef 
c329eb 
7828d9 
2c29eb 
aed8c3 
41af 5a 
6abcd3 
55a5c9 
02af 5a 
28af 5a 
c5feb2 
a 2bea 3 
9b1465 
49324c 
46c737 
2b0a8b 
93b1cb 
00c94c 
552ba0 
eca f 5a 
5eb216 
7146f f 
51ab37 
66af 5a 
34af 5a 
e2164b 
551309 
ba bedd 
7963f 8 
f a17e0 
5fd5d9 
8e83f 2 
32154a 
16817e 
cbdc95 
90b0c9 
ea6651 
15790e 
78488f 
c7af 5a 
53ee0f 
5bf f aa 
cf 2e08 
c5c4fd 
051151 
50805d 
d504bf 
8aa1fb 
d7af 5a 
7f cf 50 



************************************************************** 



initsrch. c 



DES Search Engine Search Definition Prograi 



•-Written 1998 by Cryptography Research (http://www.cryptography.com) 

and Paul Kocher for the Electronic Frontier Foundation (EFF). •«• 

Placed in the public domain by Cryptography Research and EFF. ••• 

THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK 



IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM 



*********** 



******************************** 



IMPLEMENTATION NOTES 



This program is used to define searches that will be run on the DES 
search array. -The program creates a search context file containing 
the ciphertexts, search parameters, and a list of the key regions • 
to search. -(A key region is the top 24 bits of a key.) 



******* 



******* 



REVISION HISTORY: 

Version 1.0: -Initial release by Cryptography Research to EFF. 



******i 



*************************************; 



*********: 



*********/ 



#de 
#de 



fine SOFTWARE-VERSION "1.0" 

fine SOFTWARE-DATE -•■"04-21-1998 



//include <stdio.h> 
#i nc lude <std I i b . h> 
^include <conio.h> 
//include <string.h> 
//include <memory.h> 
//include <time.h> 
//include <ctype.h> 
//include "search. h" 
#include "keyblock.h" 

//define EXIT-ERR(s) { f printf (stderr, s); exitd); > 

static void dumpFJin(char * i n t r o , unsigned char *data, int len); 

static int unh ex ( uns i gned char *data, char *hex, int byteCount) 



int main(int argc, char **argv) i 

--char searchType; 

-•int nextArg = 1; 

••unsigned char plaintextC8J; 

••int i ; 

• • char *c, buf C1003; 

• • SEARCH-CTX ctx; 
-•FILE * o u t f i I e ; 

••char asciiBytesCH = { -0, 9, 10 

'0' , ' 1 • , '2' , '3' , '4' , ' 5 

'A'/B'/C'/D'/E'/F 

, N , , , , , , P , , , Q , , , R , ,'S 

, a','b , , , c , , , d , , , e , , , f 

'n' , 'o' , 'p' , 'q' , ' r ' , ' s 



/* valid search types are K,C,E,B,M 



i i i 

8' 

I 
V 



pr i nt f ( " \nDES Search Definition Util. (Ver %s, %s). May be export 

" controlled. \nWritten 1998 by Cryptography Research " 

"(http://www.cryptography.com) for EFF.Xn" 

"This is unsupported " 

"free software: Use and distribute at your own risk.Xn" 



\ n \ n \ n " 



SOFTWARE-VERSION, SOFTWARE-DATE) 

if (argc == 1 ) { 



Chapter 5: Software Source Code 



5-27 



— cfc3 000b6391 f9f 80020009 Page 2 of initsrch.c 



87048b 
a20e7c 
0ea4b3 
b34c3c 
192f f0 
289890 
ad835b 
42dba1 
171870 
2cf69b 
c31498 
36df 1c 
41af 5a 
8b3b84 
142284 
b034d4 
5449d8 
3da6db 
7e0aa5 
7a5331 
6ea68e 
383b52 
2bdf 1c 
e2744c 
5c046f 
b8eee0 
27af 5a 
28f 1 d 1 
e92284 
0534d4 
7949d8 
1c4645 
893c39 
458386 
ede877 
c042f 4 
f72546 
457020 
2e98f 5 
6f3b52 
16df 1c 
bde55a 
1 f b2f b 
d09d35 
caa f 5a 
3653c4 
b606fd 
40af 5a 
31beaf 
b6f875 
66d208 
2a6a79 
865acf 
44ec56 
51 9eec 
716fe7 
3b2686 
5284f6 
43af 5a 
d154a2 
99f875 
b6d208 
206a79 
116433 
ebec56 
d79eec 
306f e7 
a00e9c 
ed301 c 
0baf 5a 
95b74c 
b6b998 



"Parameters can be entered on the command Line or entered " 

'manua L Ly . \n\nUsage modes: • ( c t x t = c i phe r t ex t , pt x t = p I a i n t ex t ) \ n 
desbrute search. ctx K (8 bytes ptxt) (8 bytes ctxt)\n" 
desbrute search. ctx E (8 bytes ctxt0) (8 bytes ctxt1)\n" 
desbrute search. ctx C (8 bytes IV) (8 bytes ctxt0) " 

" (8 bytes ctxtl ) \n" 

desbrute search. ctx B (1 ctxt byte to repeat)\n" 
desbrute search. ctx M (ptxtVec) (IV) (ctxt0) (ctxtl)" 
"(bMask) (schlnf )\n\n" 

'Parameters can also be input from a file (e.g., " 

' \" desbrute < param.in\"\n\n"); 



* OPEN OUTPUT FILE ****/ 
argc > nextArg) { 
= argvtnextArg++D; 
se i 

intf(" Enter output file for search context CENTER = \ " search, c t x \ " ] 
ts(buf ); 
(*buf = 
s t r cpy ( bu 
= buf 



\0' ) 
f , "search. ctx") ; 



f ( 
• c 

el 
pr 
pr 
pr 
pr 
pr 
pr 
pr 

fg 

c 



i L e = fop 
ou t f i L e = 

IT-ERRC'E 

* INITALI 
argc > ne 
= argvCne 
se { 

i ntf ( "The 
intf ( 
intf ( 
intf ( 
intf ( 
intf ( 
i ntf ( "Ent 
ets(buf , 
= buf; 

chTy pe = 

strchrC'K 

IT-ERRC'U 

* INITALI 
searchTyp 

Get know 
(argc > 
c = a r g v C 
else { 
pr i ntf ( "E 
f gets (buf 
c = buf; 

(unhex(p 
EXIT-ERR( 

Get ci ph 
(argc > 
c = argvt 
else i. 
printf ( "E 
fgets(buf 
c = buf; 

(unhex(c 
EXIT^ERR( 

Set ctx 
mset(ctx 



/* open output file */ 



e n ( c , " w b " ) ; 

= NULL) 

rror opening output file.Xn" ); 

ZE searchType ****/ 
xt Arg ) i 
xtArg++]; 

array supports a variety of search types:\n"); 
K - Known plaintext (standard brute force). \n") 
E - ECB ASCII t e x t \ n " ) ; 
C - CBC ASCII text\n"); 
B - Blaze c h a L I e n g e \ n " ) ; 

M - Manual parameter specif ication\n"); 
er search type: "); 
99, stdin); 



(char)toupper(cC0D); 

ECBM", searchType) == NULL) 

nknown search type. • Exiting. \n"); 

ZE PARAMETERS FOR KNOWN PLAINTEXT SEARCHES ****/ 
e == 'K' ) { 

n plaintext */ 
nextArg) { 
nextArg++]; 

nter known plaintext (16 hex digits): "); 
, 99, stdin); 



laintext, c, 8)) 

"Invalid plaintext. (Must be 16 hex digits)"); 

ertext (use same for ciphertext 1) */ 

nextArg) { 

nextArg++]; 

nter ciphertext (16 hex digits): "); 
, 99, stdin); 



t x . c i phe r t ex t 0, c, 8) j| unhex ( c t x . c i phe r t ex 1 1 , c, 8)) 
"Invalid ciphertext. (Must be 16 hex digits.)"); 



p I a i n t ex t Vec t or , 0, s i z eof ( c t x . p I a i n t ex t Ve c t o r ) ) 



5-28 



Chapter 5: Software Source Code 



■8f53 000bd86da9880020009 Page 3 of initsrch.c 



D10371 
0c2965 
9d09b5 
231 75f 
d8f 1c6 
73df 1 c 
10af 5a 
1a6d39 
0a4571 
blaf 5a 
9d92ba 
dd5306 
0ae472 
eaa6ab 
dbcf c7 
04935c 
635c62 
20cc35 
8f 42cc 
f77471 
906bc1 
e26f e7 
30af 5a 
16b543 
8cf875 
b0d208 
b86a79 
1 c0a80 
c2e c 56 
819eec 
636fe7 
d0f3c8 
ab36df 
c4a f 5a 
83be07 
2df875 
7ad208 
666a79 
a98349 
6c e c 56 
e69ee c 
ee6f e7 
54dfef 
8bf3eb 
82af 5a 
14b74c 
37b998 
6634e6 
f7c77d 
7609b5 
a84bf c 
c97dd1 
bc0a6e 
476a79 
60ba9b 
6e1 c50 
706f e7 
48df 1 c 
1baf 5a 
ec0b8e 
9f 238e 
6ca f 5a 
207380 
cbf 875 
8fd208 
266a79 
1db847 
cf ec56 
899eec 
2c6f e7 
790aab 
bdc25b 



for (i = 0; i < 8; i++) 

■■ctx.plaintextVectorCplaintextll-n/S] | = (1 << (pLaintextCi] % 8 ) ) ; 

ctx.plaintextByteMask = 0x00; 

memse t ( c t x . p I a i n t ex t XorMa s k, 0, s i zeof ( c t x . p L a i n t ex t Xo rMa s k ) ) ; 

ctx.searchlnfo = 16; /* useCBC=0, extraXor=0, boardActi veEn=1 */ 

> 

/**** INITALIZE PARAMETERS FOR ASCII SEARCHES ****/ 
if (searchType == 'E' || searchType == 'C') ■( 

/* Get IV (only if this is ciphertext mode) */ 
f (searchType == 'C') { 
f (argc > nextArg) -C 
*c = argvCnextArg++]; 

else { 
•printf (" Enter IV (16 hex digits): "); 
•fgets(buf, 99, stdin); 
• c = b u f ; 

f ( unhex ( c t x . p L a i n t ex t Xo rMa s k, c, 8)) 

■EXIT-ERRC Invalid IV. (Must be 16 hex digits.)"); 



hertext */ 
nextArg) -C 

EnextArg++]; 

Enter ciphertext0 (16 hex digits): ") 
f, 99, stdin); 



c t x . c i ph e r t ex t 0, c, 8)) 

("Invalid ciphertext0. (Must be 16 hex digits.)"); 

hertext 1 */ 
nextArg) -C 

EnextArg++]; 

Enter ciphertextl (16 hex digits): "); 
f, 99, stdin); 

ctx. ciphertextl, c, 8)) 

("Invalid ciphertextl. (Must be 16 hex digits.)"); 

*/ 
.plaintextVector, 0, sizeof(ctx.plaintextVector)); 
; i < sizeof(asciiBytes); i++) 

ntextVectorCasciiBytesCi]/8] \= (1 << (asciiBytesHiH % 8 ) ) ; 
ex tBy t eMask = 0x00; 
Type == 'E' ) { 

t x . p I a i n t ex t Xo rMa s k , 0, s i z eof ( c t x . p I a i n t ex t Xo rMa s k ) ) ; 
chlnfo = 16; /* useCBC=0, extraXor=0, boardActiveEn=1 */ 



/* Get ci p 


if (argc > 


• • c = argv 


> else { 


- - pr i nt f ( " 


• * fgets(bu 


■ ■ c = b u f ; 


} 


if (unhex( 


• • EXIT-ERR 


/* Get c i p 


if (argc > 


* ■ c = argv 


> else { 


- - p r i n t f ( " 


■ • fgets(bu 


■ • c = buf ; 


> 


if ( unhex ( 


■ ■ EXIT-ERR 


/* Set ctx 


memset(ctx 


for ( i = 


■ ■ c t x . p I a i 


ctx. plaint 


if (search 


• • memse t ( c 


* * c t x . sea r 


> else { 


• * /* alrea 


• • ctx.sear 



dy set pla i ntextXorMask = IV */ 
chlnfo = 17; /* useCBC = 1 



extraXor: 



boardActi veEn=1 



/**** INITALIZE PARAMETERS FOR BLAZE CHALLENGE ****/ 
i f (searchType == 'B' ) { 

/* Get ciphertext byte */ 

f (argc > nextArg) { 

•c = argvCnextArg++3; 
> else { 

•printfC" Enter ciphertext byte (2 hex digits): "); 

•fgets(buf, 99, stdin); 

• c = b u f ; 

f ( unh ex ( c t x . c i phe r t ex t 0, c, 1)) 

*EXIT_ERR(" Invalid ciphertext byte. (Must be 2 hex digits.)") 



Chapter 5: Software Source Code 



5-29 



32ca 00084f a6dd680020009 Page 4 of initsrch.c 



e0af 5a 
ce0ca4 
3f0371 
e°3cde 
1faf 5a 
c7b74c 
9f b998 
8af eec 
8805d2 
ce175f 
73be5d 
91df 1c 
a2a f 5a 
fd55a2 
dc1e07 
34af 5a 
cca678 
21f875 
edd208 
9a6a79 
ef6b16 
a9a298 
802647 
78b24d 
27ec56 
899eec 
a36f e7 
61e75f 
e70a17 
e0af 5a 
296737 
84f875 
36d208 
aa6a79 
84b7f3 
122794 
98ec56 
6b6ee8 
d39be8 
dc9eec 
e96f e7 
64dd72 
9f cece 
blaf 5a 
f cb543 
9df875 
29d208 
146a79 
f 00a80 
efec56 
ab9eec 
5d6f e7 
19f3c8 
b436df 
a7a f 5a 
af be07 
5f f875 
cdd208 
9d6a79 
918349 
adec56 
799eec 
f 26f e7 
cddf ef 
5ef3eb 
d6af 5a 
67f875 
b3d208 
d06a79 
ac9ea5 
ea0847 
84a104 



•/* Set a L L ciphertext0 and ciphertextl bytes to the input byte */ 

•for (i = 0; i < 8; i++) 

••*ctx.ciphertext0Ci] = ctx.ciphertextlCiD = ctx.ciphertext0[0D; 

•/* Set ctx */ 

•memset(ctx. plaintextVector, 0, sizeof(ctx. plaintextVector)); 

•ctx.plaintextVector[0] = 1 ; /* halt on 00000000???????? */ 

•ctx.plaintextByteMask = 0x0F; /* halt on 00000000???????? * / 

■memset(ctx. plaintextXorMask, 0, sizeof(ctx. plaintextXorMask)); 

•ctx.searchlnfo = 2+16; /* useCBC=0, extraXor=1, boardActiveEn=1 */ 

> 

/**** INITALIZE PARAMETERS FOR MANUAL MODE ****/ 
if (searchType == 'M') { 

/* Get plaintextVector */ 
f (argc > nextArg) { 
•c = a rgv C nex t A rg++] ; 
> else { 

printf("The plaintextVector specifies which bytes can appear in the\n"); 

printf(" plaintext. -The MSB (of the first byte entered) specif ies\n"); 

printfC whether 0xFF (255) can appear. The LSB is for 0x00. \n\n"); 

printf ("Enter plaintextVector (64 hex digits): "); 

fgets(buf, 99, stdin); 

c = buf; 

f ( unhex ( ctx . p la i nt ex t Vector, c, 32)) 

•EXIT-ERRC Invalid plaintextVector. (Must be 64 hex digits.)"); 



* Get p la i ntext XorMask */ 
f (argc > nextArg) i 
•c = argv[nextArg++]; 
> else { 

printf("The plaintextXorMask is used for the CBC mode IV. \n"); 

printfC Enter plaintextXorMask (16 hex digits or ENTER=none): " 

fgets(buf, 99, stdin); 

if ( b u f C 1 == ' \ ' ) ; 

• • strcpy(buf, "0000000000000000"); 

c = buf; 

f ( unhex ( c t x . p I a i n t ex t Xo rMa s k, c, 8)) 

•EXIT-ERRC Invalid plaintextXorMask. (Must be 16 hex digits.)"); 



* Get ci pher text */ 
f (argc > nextArg) -C 
■c = argvCnextArg++]; 
} else { 
•printfC Enter ciphertext0 (16 hex digits): "); 
■fgets(buf, 99, stdin); 
■ c = b u f ; 



f ( unhex ( c tx . c i phe r text 0, c, 
•EXIT-ERRC Invalid ciphertext 



) ) 



(Must be 16 hex digits.)") 



* Get ciphertext 1 */ 
f (argc > nextArg) { 
•c = a rgv C nex t A rg + + ] ; 
> else { 

printfC Enter ciphertextl (16 hex digits) 
fgets(buf, 99, stdin); 
c = buf; 
> 



"); 



f ( unhex ( c t x . c i phe r text 1 , c, 8)) 

-EXIT^ERRC Invalid ciphertextl. (Must be 16 hex digits.)"); 

f (argc > nextArg) -C 

•c = argv[nextArg++]; 
> else { 

printfCThe p I a i n t e x t By t eMa s k specifies which bytes of the p la i ntext \n" ) 
printf ("are examined in the output. -Normally this is zero, but if\n"); 
printfC only partial plaintext is available, the unknown bits can\n"); 



5-30 



Chapter 5: Software Source Code 



7835 00008e1996880020009 Page 5 of initsrch.c 



e2a994 
0c1884 
35f4f 5 
9fec56 
e59eec 
5c6f e7 
11d9bc 
0603d8 
dlaf 5a 
9cf875 
a3d208 
c46a79 
60ef b7 
58f304 
6137c1 
6555ba 
2b6a7f 
7931e2 
1779e1 
7a8401 
c4a056 
5295d9 
41 f 125 
6eec56 
859eec 
a16fe7 
a7ac03 
196157 
a5df 1c 
42af 5a 
c7361b 
630dc6 
ef6965 
22cb15 
d c be e6 
51ed2d 
48fb0f 
8fe310 
54a225 
90f41b 
df af 5a 
022e67 
fbeb50 
14b77b 
1a530e 
1e55cf 
46b812 
2bc86a 
faefe6 
76af 5a 
03af 5a 
5e38e5 
915ba9 
4c495d 
15e54b 
1d17e0 
313b28 
91 c199 
1bcd57 
79fee8 
c8ef e6 
c 5a f 5a 
2daf 5a 
9f38e5 
9cf0ab 
09495d 
a55514 
4253c4 
cb03d6 
db8db1 
b20ada 
0849e3 



printf("be set to 1. For example, if the Left-hand plaintext byte\n") 
printf ("is unknown, the mask would be 0x80.\n\n"); 
printfC Enter plaintextByteMask (1 byte): "); 
fgets(buf, 99, stdin); 
c = bu f ; 



f ( unhex ( & ( c t x . p I a i n t ex t By t eMa s k ) , c 
•EXITnERRC Invalid plaintextByteMask 



1 )) 

(Must be 2 hex digits.)"); 



f (a 

• c = 
els 
pri 
pri 
p r i 
p r i 
pri 
pri 
pri 
p r i 
pri 
pri 
pr i 
fge 
c = 

f (u 

• EXI 



rgc > 
argv 
e { 
ntf (" 
n t f ( " 
n t f ( " 
n t f ( " 
ntf (" 
ntf (" 
ntf (" 
ntf (" 
ntf ( 
ntf (" 
ntf (" 
ts(bu 
buf ; 



nextArg) { 

[nextArg++]; 

\n\nThe searchlnfo byte has two search pa r ame t e rs : \n 
•bit 0x10: boa rdAc t i veEnab I e . -Set this to one.Xn") 
•bit 0x02: extraXor. -If set, after the decryption 

the right half is XORed onto the le 

This is for Matt Blaze's challenge. 

■bit 0x01: useCBC. -If set, the first ciphertext is 

onto the second plaintext before th 

plaintext is checked against the ") 

"plaintextVector.\n(Higher bits con 

searchActive, which is currently unused. )\n"); 

\nEnter searchlnfo (1 byte): "); 

f, 99, stdin); 



"); 

r 

i s do 
f t .\n 
\ n " ) ; 
XORe 
e sec 



n e , \ n " ) ; 
"); 



d \ n " ) ; 

ond\n") 



trol") 



nhex (S ( ctx . searchlnfo) , c, 1)) 

T-ERR ( " I nva I i d searchlnfo. (Must be 2 hex digits.)") 



printf ("\n\n\n SEARCH PARAMETERS ") 

pr i nt f ( "■ 

dumpBin( 

dumpBin( 

dumpB i n ( 

dumpB i n ( 

dumpBi n ( "ptxtBy teMask = ", & ( c t x . p I a i n t ex t By t eMa s k ) , 1); 

dumpBi n ( 

printf (" "); 

pri ntf (" \n") 



" -ptxtVector = 

" ptxtXorMask = 

" ciphertext0 = 

" ciphertextl = 

"ptxtByteMask = 

" -searchlnfo = 



\n"); 

ctx.plaintextVector, 32); 
ctx.plaintextXorMask, 8); 
c t x . c i ph e r t ex t 0, 8); 
ctx. ciphertextl, 8); 
&(ctx. plaintextByteMask), 
&(ctx. searchlnfo), 1); 



/**** write SEARCH PARAMETERS TO OUTPUT FILE 

printf("\n\nWriting output file..."); 

fflush(stdout); 

WriteSearchContext(outfi le, Sctx); 

fclose(outfi le); 

printf("Done.\n"); 

return (0); 



** -Print a descriptive string followed by a binary value (in hex) 

- */ 

static void dumpBin(char *intro, unsigned char *data, int len) { 

i n t i ; 

printf(intro); 

for (i = len-1; i >= 0; i — ) 

- • p r i n t f ( " % 2 X " , d a t a I i ] ) ; 

p r i n t f ( " \ n " ) ; 



•* -Convert an ASCII digit from hex to an int, or return -1 if not hex 

• */ 

static int unh ex D i g i t ( c ha r c) -C 

if (c >= '0' && c <= '9' ) 

■-return (c - '0'); 

if ( c >= ■ a ' SS c <= ' f ' ) 

•-return (c - 'a' + 10); 



if (c > = 



F' ) 






Chapter 5: Software Source Code 



5-31 



— 2b51 001 f dd8d50d80020009 Page 6 of initsrch.c 
A ' + 10); 



0da66f 
59a5eb 
fdef e6 
leaf 5a 
5eaf 5a 
2238e5 
1d22f 5 
a4495d 
62af e2 
01e13a 
6aa f 5a 
e6aea1 
128f8d 
a f af 5a 
852a60 
97d4c3 
f 701aa 
7c72f3 
3bf89c 
a 1 a f 5a 
665c18 
a3400d 
e2ed9d 
759629 
36eb9c 
6e001d 
47b9b9 
bc5824 
66df1c 
171eb2 
9e21eb 
1cb9b9 
23c86a 
f8ef e6 
f caf 5a 
baa f 5a 
fdaf 5a 



••return (c - 
return ( - 1 ) ; 



/* return -1 for error: bad hex digit 



Convert a string of hex characters into unsigned chars. 

static int unhex ( uns i gned char *data, char *hex, int byteCount) { 
i n t i , j ; 

if (data == NULL jj hex == NULL) 
• • return(-1 ); 



&& hexM] 



/* Remove comments and whitespace */ 
for (i = j=0; hexlli] != 8 & hexCiD ! = 
• • if (hexM] > ' ■ ) 
••••hexCj++D = hexti]; 
hextj] = '\0'; 

if ( ( i nt ) st r Len( hex) != byteCount*2) 

••return ( - 1 ) ; 

memset(data, 0, byteCount); 

for (i = 0; i < 2*byteCount; i++) { 

••j = unhexDigit(hexCi]); 

• • if ( j < 0) 

••••return (-1); 

- • dataCbyteCount - 1 - i/2D |= j << ((i & 1) ? 

> 

for (i = 2*byteCount; i < (int )str len(hex); i++) 

••if (!isspace(hexCi])) 

••••return (-1); 

return (0); 



i++) 



: 4) 



5-32 



Chapter 5: Software Source Code 



--c219 0008a71b2228002000a Page 1 of keyblock.c 



8d2d03 
535ef 1 
33ec57 
1c29eb 
bf09f c 
d58aaf 
36caeb 
394992 
c629eb 
11c755 
1b29eb 
27489b 
ee29eb 
a 46e e f 
3129eb 
0b28d9 
4929eb 
b5d8c3 
60af 5a 
56f eb2 
a 1 bea3 
9b1465 
76324c 
e1c737 
0f0a8b 
88b1cb 
28c94c 
f92ba0 
b6af 5a 
817f4a 
a9dcbc 
1a7150 
e8af 5a 
1d41 71 
1391d3 
b8708e 
cf af 5a 
839edf 
9000a6 
2baf 5a 
82af 5a 
3938e5 
bda837 
54495d 
f 504e1 
91e4cc 
5cac42 
7f af 5a 
d261e8 
0e7f 45 
893148 
64052f 
21d22a 
be e f e6 
73af 5a 
e0af 5a 
2c38e5 
f292e2 
c0cc06 
e0495d 
4ab92d 
70180e 
ca1 7e0 
60649a 
fdaf 5a 
da1d80 
ae0183 
489aee 
7c9d45 
42af 5a 
e43738 
8a2eda 



/************ 
•* keyblock.c 



********************** 



*********** 



Key BLock & Search Context Management Functions 



* ■* -Written 1998 by Cryptography Research (http://www.cryptography.com) ■ 

* and Paul Kocher for the Electronic Frontier Foundation (EFF). ---• 

* Placed in the public domain by Cryptography Research and EFF. •*»< 

* -THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK 



IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. - 
************************************************************************* 

■REVISION HISTORY: 



Version 1 



•Initial release by Cryptography Research to EFF. * 

. * * 

.•A***************************************************************************/ 

//include <stdio.h> 

#i nc I ude <std I i b . h> 

//include <conio.h> 

//include <string.h> 

//include <memory.h> 

//include <time.h> 

//include <ctype.h> 

//include " search. h" 

//include "keyblock.h" 

static const char fileHeaderCD = "This is a binary file containing the " 

"parameters for a DES search followed by 2 A 24 bits " 

"indicating which regions of keyspace are left to search. \n\032"; 

//define CTX- F I LE-KE YBLOCKS-0 F FS ET ( s i z eof ( f i I eHeade r ) + 58) 

//define MAX-KE Y-R EG I ON (1L<<24) /* 2 A 56 keys / 2 A 32 keys per region */ 

static void EXIT-ERR(char *s) { fprintf(stderr, s); exitd); > 

static void WriteParams(FILE * f p , SEARCH_CTX * c t x ) ; 
static void ReadParams( FILE *fp, SEARCH-CTX * c t x ) ; 



Create a new search context file from a SEARCH-CTX structure 



void Wri t eSea rchCont ext ( F I LE *fp 
unsigned char tempL"1024/83; 
long i ; 



SEARCH-CTX *ctx) { 



f w r i t e ( f i I eHea de r , 1, si zeof (f i leHeader), fp); 

WriteParamsCfp, ctx); 

memset(temp, 255, 1024/8); 

for (i = 0; i < MAX-KEY-REGION/1024; i + + ) 

•■fwriteCtemp, 1 , sizeof (temp), f P ) ; 



-Read search params from a FILE-STRUCTURE and get ready for 
•••calls to Rese r veKey Reg i on and F i n i s hKey Reg i on . 

I 
void OpenSearchContext ( FILE *fp, SEARCH-CTX *ctx) { 

long blocksLeft, n; 

i n t i ; 

i n t c ; 



rewind(fp); 

for (i = 0; i < sizeof (fi leHeader); i++) 

••if (fgetc(fp) != f i I eHeade r C i 1 ) 

••••EXIT_ERR("Bad file header in search context file.Xn"); 



ReadParams(fp, ctx); 

if (ftell(fp) != CTX-FILE-KEYBLOCKS-OFFSET) 



Chapter 5: Software Source Code 



5-33 



e4bf 00087902e818002000a Page 2 of keyblock 



5346c8 
52af 5a 
43a1af 
3f0522 
30dd9c 
7b09e5 
36d36a 
c7af 5a 
9cc760 
e65f7b 
0e785b 
4dee98 
6c373b 
0ba78e 
2ab9b9 
e1804b 
4bdf 1c 
9f 5ea0 
ad7c26 
4def e6 
76af 5a 
0aaf 5a 
f038e5 
853511 
5b54f 7 
460a86 
6a448b 
424769 
9c495d 
f9dcfa 
5c6b50 
43af 5a 
8242e7 
e48f8d 
d63ef3 
f96018 
276a9d 
22b482 
1bee98 
a7c101 
f 208b3 
e956ec 
40d9d8 
9a373b 
df 563d 
d20bfd 
e49e77 
d85f6a 
7e6fe7 
7e9622 
5d88e1 
7cac89 
d5df 1c 
7042e7 
2d400d 
204784 
30b7db 
e6b95c 
daef e6 
caa f 5a 
ada f 5 a 
1e38e5 
450ed1 
156197 
33495d 
d1a6a3 
3e6b50 
74af 5a 
04227a 
859a72 
4a7978 
8799f2 



EX I T-ERR ( " I nt e rna I error: File Length mismatch.") 



/* 
ctx 
ctx 
ctx 

ctx 

/* 

bio 
for 
c 

i 



> 

ctx- 

ctx- 



INITIALIZE THE SEARCH PROCESS PARAMETERS (except for totalUnits) */ 

->nextllnstartedKeyBlock = 0; 

->totaLFinishedKeyBLocks = ; 

->tota LUnstartedKeyBLocks = MAX-KEY-REGION; 

->totaLPendingKeyBLocks = ; 

FIND OUT HOW MANY KEY BLOCKS ARE LEFT */ 
cksLeft = 0; 

(n = 0; n < MAX-KEY-REGION/8; n++) { 

= fgetc(fp); 
f (c < j | c > 255) 

•EXIT-ERR(" Error or premature EOF reading search context file.Xn"); 
LocksLeft += (c&128)/128 + (c&64)/64 + (c&32)/32 + (c&16)/16 + 
(c&8)/8 + (c&4)/4 + (c&2)/2 + (c&1); 

>totaLUnstartedKeyBLocks = blocksLeft; 
>totaLFinishedKeyBLocks = • MAX-KE Y-R EG I ON - blocksLeft; 



} 
f 

- r 
ctx 
ctx 
ret 



eserve a key region to search. -When done searching it, the program 
hould call F i n i s hKey Reg i on . -This function hands out blocks sequentially, 
tarting with the first unsearched one in the file context file, 
f all blocks have been allocated and no free ones are left, the 
unction returns (-1). 

ReserveKeyRegi on( FILE *fp, SEARCH-CTX *ctx) { 
c,b; 

(ctx->nextUnstartedKeyBlock >= MAX-KEY-REGION) 

e t u r n ( - 1 ) ; 

(fseek(fp, CTX-FILE-KEYBLOCKS-OFFSET + c t x->ne x t Un s t a r t edKey B I o c k / 8 , 

SEEK-SET) ) 

XIT-ERR( "Error seeking search context file.Xn"); 
( ( ctx->nextUnstartedKeyBlock & 7) != 0) 

= fgetc(fp); 
le (ctx->nextUnstartedKeyBlock < MAX-KEY-REGION) { 

= (int)(ctx->nextUnstartedKeyBlock & 7); 
f (b == 0) 
•c = fgetc(fp); 
f (c < | j c > 255) 

•EXIT-ERRC" Error reading from search context file.Xn"); 
f (b == && c == 0) { 
•ctx->nextUnstartedKeyBlock += 8; 
•continue; 

f ((c << b) 8 128) 
* break; 
tx->nextllnstartedKeyBlock + + ; 

( ctx->nextUnstartedKeyBlock >= MAX-KEY-REGION) 

eturn ( - 1 ) ; 

->totalUnstartedKeyBlocks--; 

->totalPendingKeyBlocks++; 

urn (ctx->nextllnstartedKeyBlock + +); 



•* -Finish searching a key region by marking it as completed in the contetx 

- * -file. 

- */ 

void F i ni shKeyRegi on ( FI LE *fp, SEARCH-CTX *ctx, long keyRegion) { 
• • i n t c , b ; 

••if (keyRegion < || keyRegion > MAX-KEY-REGION) 
••••EXIT-ERR("Bad key region\n"); 

••if (fseek(fp, CTX-FILE-KEYBLOCKS-OFFSET + keyRegion/8, SEEK-SET)) 
••••EXIT-ERR(" Error seeking in search context file.Xn"); 



5-34 



Chapter 5: Software Source Code 



■82de 001f9f bc7698002000a Page 3 of keyblock 



7d83b3 
6a1425 
94e261 
533188 
783a1e 
961464 
bd410b 
010f e7 
f78f 5b 
1af 525 
a8f 539 
ccdf 1c 
4fefe6 
ddaf 5a 
53af 5a 
c438e5 
bcf 380 
c1495d 
54c491 
303c52 
c78ca6 
f37a57 
473db4 
9945d9 
64247e 
dae f e6 
60af 5a 
8038e5 
6f c898 
e7495d 
782a49 
3f 5e7e 
868b1a 
fb6dea 
7fb838 
c6f 5b4 
942460 
42ef e6 
f 9af 5a 



/* b = bit in byte */ 



b = (intMkeyRegion 8 7); 

c = getc(fp); 

if ( ( (c << b) & 128) == 0) 

• • p r i n t f ( " WARNING: FinishKeyRegion called, but region already searched! \n"); 

else -C 

••if (fseek(fp, CTX- F I LE_KE YBLOCKS-0 F F S ET + keyRegion/8, SEEK-SET)) 

••••EXIT-ERR(" Error seeking in search context file.Xn"); 

••fputc(c & (255 A <128»b>>, fp); 

• -fflush(fp); 

• • ctx->totalFinishedKeyBlocks++; 

• • ctx->totalPendingKeyBlocks--; 

> 



/ 
sta 

f 
f 
f 
f 
f 
f 



/ 
sta 

f 
f 
f 
f 
f 
f 



•Write a SEARCH-CTX structure to a FILE* 

tic void Wri teParams( FILE *fp, SEARCH^CTX * 
wri te( ctx->p lai ntextVec tor, 1, 32, f p ) ; ••• 
wri te( c tx->plai ntext XorMask, 1, 8, fp); ••• 

write(ctx->ciphertext0, 1, 8, fp); 

write(ctx->ciphertext1, 1, 8, fp); 

write(8(ctx->plaintextByteMask), 1, 1, fp); 
write(8(ctx->searchInfo), 1, 1, fp); 



ctx) { 



/* 


52 


bytes 


*/ 


/* 


8 


bytes 


*/ 


/* 


8 


bytes 


*/ 


/* 


8 


bytes 


*/ 


/* 


1 


byte 


*/ 


/* 


1 


byte 


*/ 



•Read a SEARCH_CTX structure from a FILE* 

tic void ReadParams( FILE *fp, SEARCH-CTX *ctx) { 

read( ctx->plai ntextVector, 1, 32, fp); /* 

read(ctx->plaintextXorMask, 1, 8, fp); /* 

read(ctx->ciphertext0, 1, 8, fp); /* 

read(ctx->ciphertext1, 1, 8, fp); /* 

read(&(ctx->plaintextByteMask), 1, 1, fp); /* 

read(&(ctx->searchInfo), 1, 1, fp); /* 



32 


bytes 


*/ 


• 8 


bytes 


*/ 


• 8 


bytes 


*/ 


■ 8 


bytes 


*/ 


• 1 


byte 


*/ 


• 1 


byte 


*/ 



Chapter 5: Software Source Code 5-35 



--c618 001257315318002000b Page 1 of keyblock.h 

8d2d03 /********************************************************* 

aea835 - * keyblock.h 

d8ed67 •* Header file for keyblock.c 

ed29eb •* 

0209fc -* •••Written 1998 by Cryptography Research (http://www.cryptography.com) • 

4f8aaf •* and Paul Kocher for the Electronic Frontier Foundation (EFF). ■••• 

abcaeb •* Placed in the public domain by Cryptography Research and EFF. ■•■• 

9f4992 •* -THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. 

e829eb • * 

94c755 •* -IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. 

a329eb •* 

7 3489b ********************************************************************** 

0d29eb •* 

866eef •* --REVISION HISTORY: 

bd29eb ■* 

5128d9 •* --Version 1.0: -Initial release by Cryptography Research to EFF. 

8e29eb •* 

9 3 d 8 c 3 *************************************************************************** 
44af 5a 

00c374 flifndef KEYBLOCK-H 

1f33ca #define _KEYBLOCK„H 

0caf 5a 

334d26 void WriteSearchContext(FILE *fp, SEARCH^CTX * s p ) ; 

55d541 void OpenSea r c hCon t ex t ( F I LE *fp, SEARCH-CTX *ctx); 

ae3447 long Rese r veKey Reg i on ( F I LE *fp, SEARCH-CTX *ctx); 

93a2ae void FinishKeyRegionCFILE * f p , SEARCH-CTX *ctx, long keyRegion); 

75af 5a 

1c7454 #endif 

25af 5a 



5-36 



Chapter 5: Software Source Code 



--5629 0005f b2aed48002000c Page 1 of search. c 



8d2d03 
e284a4 
8540b6 
2629eb 
8109f c 
728aaf 
64caeb 
204992 
9329eb 
b7c755 
a029eb 
5c489b 
5d29eb 
e46ee f 
b629eb 
9028d9 
9629eb 
f9d8c3 
6ea f 5 a 
d4bcd3 
89a5c9 
6baf 5a 
4baf 5a 
c9bea3 
70f eb2 
f 9bb5f 
06b1 cb 
05c737 
200a8b 
48324c 
8a1465 
d c94c 
601519 
a12ba0 
c e 2 ba c 
a 1 a f 5a 
aa a f 5a 
3daf 5a 
a538e5 
0e1 ae3 
78775e 
d2e2cf 
f 79e01 
057501 
d66102 
3c7c40 
195c24 
ad77ae 
cd7f25 
cf c098 
3cb9dd 
b10b92 
5b33e4 
d3495d 
92f9cb 
7c2f e6 
4d3673 
f01382 
95dbbf 
ceb33b 
5861b7 
f eb846 
76af 5a 
38af 5a 
1238e5 
a225ec 
17495d 
2329db 
f92415 
4acb69 
08dcb4 
5f 6c5f 



******* 



************** 



******** 



* search. c 



Search Engine Controller Program 



•Written 1998 by Cryptography Research (http://www.cryptography.com) • 

and Paul Kocher for the Electronic Frontier Foundation (EFF). •••• 

Placed in the public domain by Cryptography Research and EFF. •••■ 

THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. 



IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. •* 

* 

************************************************************************** 
* 

•REVISION HISTORY: * 

* 

•Version 1.0: -Initial release by Cryptography Research to EFF. * 



******* 



******** 



******** 



*******/ 



efine SOFTWARE-VERSION "1.0" 

efine SOFTWARE-DATE •••"04-21-1998' 



# i n c I ude 
^include 
//include 
//include 
// i n c I ude 
//include 
//include 
//include 
//include 
//include 
//include 
//include 



<std I i b . h> 
<stdi o . h> 
<assert.h> 
<c type . h> 
<memory. h> 
<t i me . h> 
<string.h> 
<coni o . h> 
"search. h" 
" ch i pi o . h " 
"keyblock.h 
"des. h" 



SEARCH-CHIP STRUCTURE: Contains status information about each chip. 

board: -The board this chip is on (1 byte). 

chip: -The ID of this chip on the board (1 byte). 

initialized: - = un i n i t i a I i z ed , 1 = i n i t i a I i zed, -1=def ective. 

regionC]: Specifies the top 24 bits of the key being searched by each 
search unit. A value of -1 means the search unit is idle 
(idle), and a value of -2 means the search unit is not used. 

overFlowL"]: Specifies the value at which the low 32 bits of the 
key (the key counter) will have gone through all 2 A 32 
possibilities. -Note: this only has the top 24 bits of the 
counter, which corresponds to key bytes: XX XX XX.. (LSB) 

LastSeenL"]: -The value last seen in the low 32 bits of the key. 

••••This has the same encoding as overFlow. 



ty 



pedef struct CHIP-CTX { 

unsigned char board, chip; 

int initialized; 

long regionCSEARCH_UNITS_PER_CHIP:; 

long overFlow[SEARCH_UNITS_PER_CHIP] 

long LastDoneHSEARCH-UNITS-PER-CHIP] 

struct CHIP-CTX *nextChip; 

CHIP-CTX; 



• * • GLOBAL VARIABLES 

• */ 

CHIP-CTX *CHIP-ARRAY = NULL 
SEARCH-CTX CTX; 
static int QUIET = 0; 
static int VERBOSE = 0; 
static FILE *FP-LOG = NULL; 



Chapter 5: Software Source Code 



5-37 



--2313 0001 e8485cc8002000c Page 2 of search. c 



e0af 5a 
1 aa f 5a 
9938e5 
aae°f c 
2b495d 
54708e 
c2f 311 
e0a 2be 
b5e2b2 
0c49e0 
ee873d 
f f0862 
5f8767 
C078a5 
52af 5a 
64af 5a 
8538e5 
ee2 f aa 
9198e6 
643bd0 
a271b3 
a1849f 
b97255 
0ac94c 
0daf98 
a0495d 
54eb8e 
79bc33 
a58685 
ae08f 4 
31 e8aa 
1ec31e 
c344bc 
07b166 
27af 5a 
a2d67e 
398d09 
6860b7 
7caf 5a 
c4a9d2 
d2b291 
668f 5c 
8caf 5a 
b994bf 
5a0a67 
342761 
205f 6a 
C04d2e 
dc6f 2 
9f6771 
6ae67c 
42a4e2 
b0b41f 
50f 03a 
b4da88 
296fe7 
25d89c 
1c3b05 
3044d4 
0a1445 
ca5e35 
f86669 
8ca e4c 
715fa0 
bf 274a 
ca772c 
3343e1 
807e0b 
629822 
7905d7 
b656fb 
1e2825 



■* -FUNCTION PROTOTYPES 8 MINI FUNCTIONS S MACROS 

■ */ 

static void EXIT-ERR(char *s) { fprintf(stderr, s); exitd); } 

Long ReadConfigCchar *configFilespec); 

void RunSea rch ( F I LE *ctxFile); 

void InitializeChip(CHIP-CTX *cp, SEARCH-CTX * c t x ) ; 

void Servi ceChi p(CHIP-CTX *cp, SEARCH-CTX *ctx, FILE *ctxFiLe) 

Long GetUnitKeyCounterCint board, int chip, int unit); 

void CheckAndPrintKey(CHIP-CTX *cp, SEARCH-CTX *ctx, int unit) 

int ServiceKeyboard(SEARCH_CTX * c t x ) ; 

int CheckKey(unsigned char key[56], SEARCH-CTX * c t x ) ; 



• ReadConf i g ( ) : -Read the search array configuration fiLe. -This fiLe 

specifies the I/O base port for S e t Ba s e Add r e s s and also the 

search units. -It can contain 3 kinds of Lines: comments that 

that with '%', base port with "PORT = 210" for port 210 hex, and 

"UNIT= 12 32 8" to add a search unit on board 0x12, chip 0x32, 

and unit 0x08 (aLL hex). -The function constructs CHIP-ARRAY 

as a Linked List of chips. 

■•Returns: TotaL number of search units. 

g ReadConf i g ( cha r *conf i g F i L espe c ) { 

har buf f erL-200]; 

nt basePort = - 1 ; 

nt board, chip, unit, i ; 

nt LastBoard = -1, LastChip = - 1 ; 

ong totaLUnits = ; 

HIP^CTX * c p ; 

ILE *fp; 



/ 
L on 



cp = CHIP-ARRAY; 

if (cp != NULL) 

••EXIT-ERR("Chip array base isn't NULL. (Internal error. )\n"); 

fp = fopen(configFilespec, "rb"); 
f (fp == NULL) 
•EXIT_ERR(" Error opening configuration filespec.Xn"); 

f (! QUIET) printf( "Reading configuration fiLe \"%s\".\n", configFilespec); 
Le (fgets (buffer, 190, fp) != NULL) { 
f (bufferHOD == '\0' \\ buffer[0D == '%') 
• continue; 

f (memcmp(buf f er, "P0RT=", 5) == 0) i 
•basePort = 0; 

• sscanf (buf fer+5, "%x", SbasePort); 
•if (basePort <= ) 

-••EXIT-ERR(" Defective P0RT= in configuration file.Xn"); 
• SetBaseAddress(basePort); 

•if (! QUIET) printfC'Set base port to %x\n", basePort); 

•if (FP-LOG && VERBOSE) f p r i n t f ( F P^LOG , "Set base po r t = 0x%x \ n " , basePort) 
> 
else if ( memcmp ( buf f e r , "UNIT = ", 5) == | | 

memcmp ( bu f f e r , "FAIL = ", 5) == 0) -C 

oard = chip = unit = -1; 

scanf(buffer+5, "%x %x %x", &board, &chip, &unit); 

f (board < j| chip < || unit < 0) 

•EXITwERRC Defective UNIT= or FAIL= in configuration file.Xn" ); 

f (board < LastBoard j| (board == LastBoard && chip < LastChip)) 

• EXIT-ERR( "Bad UNIT= or FAIL= in config: board & chip must decrease\n") 

f (board != LastBoard jj chip != LastChip) { 

•LastBoard = board; 

•LastChip = chip; 

•if (cp == NULL) 

•••cp = CHIP-ARRAY = malloc(sizeof(CHIP-CTX)); 

* e L se { 

• • • cp->nextChi p = ma L L o c ( s i z eof ( CH I P-CTX ) ) ; 
•••cp = cp->nextChip; 



5-38 



Chapter 5: Software Source Code 



4bd2 0003642e9df 8002000c Page 3 of search. c 



e67fb0 
e237f 7 
927f 04 
902174 
b11f fd 
2068f 5 
48d968 
a342cc 
a2 f a c6 
1b9c12 
cf 72d7 
f 442cc 
936a79 
d0f 07c 
3c6fe7 
aadf 1 c 
56ed24 
24f7ab 
ca50bd 
fbaf5a 
ba291a 
0f 24bf 
7e5d63 
4e1222 
f6f2e5 
debb16 
e33c cd 
bb9127 
8d6f e7 
c4df 1 c 
19a980 
239057 
d43f af 
1 5ef e6 
0eaf 5a 
d8af 5a 
0caf 5a 
fe79bf 
d e020 
e41 7e0 
19e624 
f 944bc 
63af 5a 
7207b6 
a2f f aa 
142e08 
2dc4f d 
7b1 151 
b0805d 
3b04bf 
44a1f b 
daba53 
cf ed02 
18f 2f 1 
da327c 
398e60 
ddf 370 
f d94cd 
578e57 
e1a553 
6b646c 
f 5df 1c 
0a5434 
05d081 
df 3904 
a1dd6b 
8bc2f e 
2e14ab 
e593ab 
f e4009 
8b9a4c 
3683c8 



cp->board = (unsigned char)board; 

cp->chip = (unsigned char)chip; 

cp->initiaLized = ; 

for (i = 0; i < S EARCH-UN I TS-PER-C H I P; i++) 

■■cp->regionCi] = - 2 ; 

cp->nextChip = NULL; 

f ( cp->regi onCuni t ] == -2 SS memcmp ( buf f e r , "UNIT=", 5) == 0) { 
• totaLUnits ++; 

• cp->region[uni t] = -1; /* mark the unit as extant */ 

} 
> else { 

• * fprintf (stderr, "IGNORING UNKNOWN CONFIG FILE LINE: \"%s\"\n", buffer); 
> 
> 

fclose(fp); 
f (CHIP-ARRAY == NULL) 
*EXITwERR(" Error: Configuration file does not have any valid units. \n"); 

f (FP-LOG SS VERBOSE) { 
fprintf(FP-LOG, "Configuration summary: \n"); 
for (cp = CHIP-ARRAY; cp != NULL; cp = cp->nex t C h i p ) { 
for (i = 0; i < S E ARC H-UN I TS-PE R-CH I P; i++) 
••if ( c p-> reg i on L i D != -2) 
• • • • f printf ( FP-LOG, "%s=0x%02X 0x%02X 0x%02X\n", 

(cp->ini tialized >= 0) ? "UNIT" : "FAIL", 

cp->board, cp->chip, i); 

> 
} 

f (! QUIET) printf("Config done: Found %Ld search units. Xn", totaLUnits); 
if (FP-LOG) f pri nt f ( FP-LOG, "Config found %Ld search units. Xn", totaLUnits); 
return (totaLUnits); 



char **argv) { 



void main(int argc 
FILE * c t x F i I e ; 
i n t i ; 
t i m e - 1 t ; 
CHIP-CTX *cp; 

ntf("\nDES Search Engine Controller (Ver %s, %s). May be export 
controlled. \nWritten 1998 by Cryptography Research " 
(http://www.cryptography.com) for EFF.Xn" 
This is unsupported " 
free software: Use and distribute at your own risk.Xn" 



f (argc 



f p r 



\ n \ n \ n " 



;OFTWARE, 
3) { 



■VERSION, SOFTWARE-DATE) 



ntf 



stder 
Usage : 

• CO 
con 



exi t ( 1 
> 
for ( i = 

if (i 

• - FP-L 

• • if ( 
• ■ • • EX 
> else 
- • VERB 
else i 
• • QUIE 
else { 



•search configFile contextFile CLogfileU C-v] L~-q]\n 
nfigFiLe: Search array configuration from autoconf\n 
textFile: Search context (from init)\n" 
-logfile: Output file with detailed reporting info\n 

-v: verbose output to logfile\n" 

-q: quiet mode (less output to the screen)\n" 

: paramaters must be in the order above. )\n"); 



3; i < argc; i++) i 
== 3 && argvCi ]C0] != '-' ) { 
OG = fopen(argvC3D, "w"); 
FP-LOG == NULL) 
I T-ERR ( " E r ro r opening log file.") 

if ( s t r i cmp ( a rg v C i ] , "-v") == 0) 
S E = 1 ; 

f ( s t r i cmp ( a rgvC i ] , "-q") == 0) 
T = 1; 



Chapter 5: Software Source Code 



5-39 



— 1911 000b393ee878002000c Page 4 of search. c 



5e813f 
e6dd2 
cc6fe7 
5edf 1c 
b0af 5a 
9f305a 
5df f7c 
13af 5a 
76735d 
861d2e 
c4969d 
7e859a 
e607b1 
06ae60 
7b7546 
056f e7 
99df 1c 
71ec6b 
94af 5a 
3da542 
10ee15 
20f f66 
c0f 8b7 
4c646c 
10df 1 c 
a9af 5a 
5d1da1 
7ab357 
4458f 4 
30af 5a 
b65d7f 
362733 
259966 
0f33d0 
86ef e6 
cda f 5a 
elaf 5a 
8538e5 
8f 13e5 
f fec91 
c140a5 
7c495d 
2fb622 
2944bc 
2d049e 
79c4fb 
d4ce ca 
8cd6eb 
95431e 
c3af 5a 
c9f bd6 
578e14 
45af 5a 
da37ac 
09a530 
7c2a59 
46ec5d 
e4084a 
9abe63 
155889 
1daf 5a 
b005cf 
5f f b77 
97eba6 
e24d90 
c347d2 
16ef a5 
db00a9 
889596 
751c3a 
e61ab3 
b36f e7 



/* 
CTX 



• • > 
> 
t = 

/* 
ctx 
if 
■ - f 

• • e 
> 

/* 
i f 
wh i 

/* 
Run 
f cL 
i f 



fprintf(stderr, "Unknown parameter \"%s\"\n", argvCi]); 
e x i t ( 1 ) ; 



READ CONFIGURATION FILE SPECIFYING BASE PORT AND SEARCH UNITS */ 
.totalUnits = ReadConfig(argvL"1]); 

RESET THE SEARCH ARRAY */ 

(! QUIET) printf(" Resetting the search array. \n"); 

■■ -1; 

(cp = CHIP-ARRAY; cp != NULL; cp = c p->nex t C h i p ) { 
f ( i ! = cp->boa r d ) -C 
•i = cp->board; 
• ResetBoardCi ); 

time(NULL);- 

READ SEARCH FILE SPECIFYING SEARCH INFO & REMAINING KEY BLOCKS */ 

File = fopen(argvC2H / . "r + b"); 

( ctxFi Le == NULL) { 

printf(stderr, "Error opening search context file \"%s\"\n", argvC2]) 

x i t ( 1 ) ; 

MAKE SURE RESET HAD AT LEAST 1 SECOND TO SETTLE. */ 
(! QUIET) printfC Waiting for reset to settle. \n"); 
le( t + 1 >= t i me(NULL) ) {} 

RUN THE SEARCH! */ 

Search(ctxFi le); 

ose(ctxFi le); 

( IQUIET) printf( " Exiting. \n" ); 



/ 
vo i 

C 
S 
i 
t 
I 
c 



Run the search. Uses the search parameters in the 

global linked list CHIP-ARRAY and keeps its context info 

in the g loba I CTX . 



d RunSearch( FILE *ctxFile) { 

HIP-CTX *cp; 

EARCH-CTX *ctx = &CTX; 

n t halt = ; 

ime-t startTime, LastReportTime, t; 

ong loopCount = 0; 

har bufferr.128]; 



if (IQUIET) printf(" Loading search context file...\n"); 
OpenSearchContext(ctxFi le, ctx); 

printf(" Initialization Successful - Beginning search. \n"); 

if (QUIET) printfC" Quiet mode: Press ? for help during search. \n"); 

if (FP-LOG && VERBOSE) f p r i n t f ( F P-LOG , " Beginning search \n") 

for (cp = CHIP-ARRAY; cp != NULL; cp = c p->nex t C h i p ) 
'•InitializeChip(cp, ctx); 
startTime = time(NULL); 
lastReportTime = 0; 



report every 5 seconds 



le (halt == 0) { 

t = time(NULL); 

f (t/5 != LastReportTime/5 ) { 

•sprintf(buffer, "%7ld blocks done, %7ld left, %4ld running (time=%7ld) 

ctx->totalFinishedKeyBlocks, ctx->totalUnstartedKeyBlocks + 

ctx->totalPendingKeyBlocks, ctx->totalPendingKeyBlocks, 

(long)(t - startTime)); 

•if (IQUIET) printf(">%s ( ' ? ' =he I p ) \ n " , buffer); 

•if (FP-LOG && VERBOSE) f p r i n t f ( F P-LOG , "Report: %s\n", buffer); 

•lastReportTime = t; 



5-40 



Chapter 5: Software Source Code 



75c4 000ce8281 be8002000c Page 5 of search. c 



9d0eaa 
3f 8447 
f 591 f 1 
e6cd41 
4a6fe7 
b2bd80 
16865f 
0b1 f76 
3b5f f 2 
43df 1c 
08ef e6 
92af 5a 
c6a f 5a 
4f38e5 
2da22e 
cdf2f7 
cf 495d 
087c0e 
cf e13a 
aba f 5a 
3c3661 
a40940 
f aae75 
9c7828 
be1207 
0b339a 
f bd055 
cbb8cc 
1 31 f 76 
64eca4 
2689f7 
001 f 76 
f98081 
d21 f76 
174d1c 
edeef 
e20a1 e 
0f af 5a 
70b777 
20f 147 
060b46 
e6339a 
f9b65f 
beb8cc 
d1 871 5 
8f dlda 
9a89f7 
bb5f b5 
610e6a 
5854f 1 
5b91bf 
7bdf 1c 
1b77a6 
483279 
e013d5 
23f ed0 
c5e719 
6ad6e1 
4e4342 
8960af 
dadf 1c 
36af 5a 
e1791e 
4f f 396 
b8ef e6 
79af 5a 
96af 5a 
c538e5 
a3c c9c 
274c8c 
670a9d 
ceb01 a 



cp->next Chip) -C 



void Ini tia Li zeC h i p ( CH I P-CTX 
int i , j ; 



for (cp = CHIP-ARRAY; cp != NULL SS halt == 

••ServiceChip(cp, ctx, ctxFile); 

••if ( Se r v i ceKeyboa rd ( c t x ) < 0) 

••••halt = 1 ; 

> 

if ( ctx->tota L Fi ni shedKeyB Locks == (1L<<24)) 

■-halt = 1 ; 

GetRegister(255, 255, 255); 

LoopCount++; 



I n i t i a L i z eCh i p ( cp, ctx): -Initialize a chip whose chip context is 
••••at cp, using the search parameters at ctx. 



SEARCH-CTX *ctx) i 



if (! QUIET) printfC Initializing board 0x%02X, chip 0x%02X\n" , 

cp->board, cp->chip); 

if (FP-LOG && VERBOSE) f p r i n t f ( F P-LOG , 

"Initializing board 0x%02X, chip 0x%02X\n", cp->board, cp->chip); 

SetRegi s t e r ( cp->boa rd , cp->chip, REG-PTXT-BYT E-MAS K, 0xFF); --/* halt chip */ 
for (i = 0; i < 32; i++) 

SetRegi ster ( cp->board, cp->chip, R EG-.PTXT-VECTOR + i , 

ctx->plaintextVectorCi]); 

for (i = 0; i < 8; i++) 

SetRegi ster (cp->board, cp->chip,REG-PTXT_XOR_MASK+i, 

ctx->plaintextXorMaskCi]); 

for ( i = ; i < 8 ; i + + ) 

SetRegi ster ( cp->boa rd, cp->chip, R EG-C I PH E RTEXT0 + i , c t x-> c i ph e r t ex 1 0L" i ] ) ; 
for (i = 0; i < 8; i++) 

SetRegister(cp->board, cp->chip, REG-CIPHERTEXT1+i, ctx->ciphertext1Ci]); 
SetRegi ster ( cp->board, cp->chip, R EG-PTXT..B YT E_M ASK, c t x->p I a i n t ex t By t eMa s k ) ; 
Set Regi ster ( cp->board, cp->chip, R EG-S E AR C H I N FO, c t x->sea r c h I n f o ) ; 

/* TO BE SAFE, VERIFY THAT ALL REGISTERS WERE WRITTEN PROPERLY */ 
/* (Each chip only gets initialized once, so this is quick.) */ 

j = 0; 

for (i = 0; i < 32; i++) 

j += Chec kRegi ster ( cp->boa rd, cp->chip, REG-PTXT-VE CT0R+ i , 

ctx->plaintextVectorCi]); 

or (i = 0; i < 8; i++) -C 
j += CheckRegi ster( cp->boa rd, cp->chip, REG-PTXT-XOR-MASK+ i , 

ctx->plaintextXorHask[il); 

j += Chec kRegi st er ( cp->boa rd, cp->chip, REG-C I PH E RTEXT0+ i , 

ctx->ciphertext0Ci]); 

j += Chec kReg i s t er ( cp->boa rd, cp->chip, REG-C I PH E RT EXT 1 + i , 
ctx->ciphertext1Ci]); 



+= CheckRegi s t e r ( c p->boa rd , cp->chip, REG-PTXT-B YTE-M ASK, 
ctx->plaintextByteMask); 

+= Chec kReg i ster ( cp->boa rd, cp->chip, REG-S E A R C H I N FO , c t x->sea r c h I nf o ) ; 
f (j != 0) { 
•printf("Bad register on board 0x%02X, chip 0x%02X. Chip d i sab I ed . \ n " , 

cp->board, cp->chip); 

■if (FP^LOG) f pri ntf ( FP-LOG, "Bad register on board 0x%02X, chip 0x%02X.%s", 
cp->board, cp->chip, " Chip disabled. \n"); 



/* UPDATE THE CHIP CONTEXT */ 
cp->i ni t i a I i zed = (j == 0) ? 1 



1 ; 



/* initialized or defective */ 



•* -Service a chip by doing the following: 

•* •••- Check if it has halted 

■* ■■■- Check to see if it has finished its region 

■* •••- Restart if it is idle 



Chapter 5: Software Source Code 



5-41 



--040d 00045bb5 1 768002000c Page 6 of search. c 



47495d 
a30d32 
05538a 
5019fa 
2aa f 5a 
348a5b 
0f3471 
25af 5a 
ec6000 
b65d45 
adf 9a6 
6700ef 
ea5e8f 
2bca7c 
29e540 
db6490 
1d42cc 
cd6f e7 
efdf 1c 
23af 5a 
516000 
ae51e4 
ba3534 
aa4028 
7c32c2 
9af 9a6 
1600ef 
f da2b3 
b25f 6a 
f cbaec 
637ad2 
0c9f c8 
db5630 
4c9bf b 
3d961d 
91fd7c 
a5a2d2 
02106a 
9a7e0d 
eb7d4e 
9e7322 
394e24 
cc3197 
64bdf0 
d455f b 
284e24 
263197 
C14588 
72c33f 
ba6a79 
b01b8b 
de6fe7 
3edf 1c 
f aa f 5a 
036000 
beae98 
38f9a6 
0000ef 
8faa03 
7cb961 
f9cd11 
b431a8 
35db12 
3f e31b 
bd2b54 
e8e31b 
d148cb 
8faf 5a 
7523f8 
49945b 
6a a d 2 b 
457b3f 



• */ 

void ServiceChip(CHIP-CTX *cp, SEARCH-CTX *ctx, FILE *ctxFiLe) { 

i n t unit; 

Long k ; 

if ( cp->i n i t i a L i z ed < 0) 
• * return; 



/ 

for 



READ KEYS 8 RESTART ANY HALTED UNITS 



/ 
for 



■ kcmu ncis 6i rccaiHKi himi n h l i c u uiu n 

(unit = 0; unit < SEARCH-UNITS-PER-CHIP; unit + +) -C 

f (cp->regionCunit] >= 0) { /* if currently running */ 

-if ( ! (GetRegi ster (cp->board, cp->chip, R EG~S E A RC H-ST ATU S ( un i t ) ) S 1)) { 

•••CheckAndPrintKey(cp, ctx, unit); 

• • • SetRegi ster( cp->board, cp->chip, REG-S E ARC H-ST ATUS ( un i t ) , 1); 

- > 



See if any units have completed their search regions 

••Note: If I/O bandwidth was a problem and the clock rate of the 

search system was fixed, we could predict when the keycounter 

would flip and avoid this check. 



(unit 
f (cp- 
■ con t i 
= Get 
-= cp 
f (k < 
• k + = 
f (VER 



(k < 

f ( 



f (F 



Finis 
cp->r 
else 
cp->l 



> r eg i 
nue ; 
Uni tK 
->ove 

0) 
(1L < 
BOSE 

• • • "B 

• • • "( 

• • • cp 

• • • cp 



unit < SEARCH-UNITS-PER-CHIP; unit++) { 
onlunit] < 0) 



ey Count e r ( cp->boa rd, cp- 

rFLowlunit]; 



>chip, unit); 



cp 



-> 



QUIET 
- • • "0 

• • • cp 

• • • cp 
P-LOG 



< 24 
&& F 
oa rd 
last 
->bo 
->la 
last 
) pr 
x%06 
->bo 
->la 
) fp 
x%06 
->bo 
->la 
egi o 
C un i 



• • • cp 

• • - cp 
hKeyR 
eg i on 
{ 
a s t Done [ un i t ] 



); 

P-LOG) 
x % 2 
Done=0 
a rd, c 
s t Done 
Done C u 
intf (" 
IX ( la 
a rd, c 
s t Done 
r i ntf ( 
IX ( la 
a r d, c 
s t Done 
n(ctxF 
t] = - 



f printf ( FP_L0G, 
X chip 0x% 02 X unit 0x%02X is at 0x%06lX " 
x%06LX, overFlow=%06lX)\n", 
p->ch ip, unit, k, 
[unit], cp->overFlowCunit]); 
nit]) { 

Board 0x%02X chip 0x%02X unit 0x%02X finished block 
stDone=0x%06LX, got 0x%06lX, overFlow=%06LX)\n", 
p->chip, unit, c p-> r eg i on [ u n i t ] , 
[unit], k, cp->overFlowCunit]); 

FP^LOG, "Unit 0x%02X 0x%02X 0x%02X finished " 
st=%06LX, got %061X, oFlow=%06LX)\n", 
p->chip, unit, cp-> r eg i onC un i t ] , 
[unit], k, cp->overFlow[unit]); 

ile, ctx, cp->region[unit]); •.••/* region is done 
1; /* unit is now idle 



k; 



Start any units that are currently stalled 

r (unit = 0; unit < S E ARC H-UN I TS-PE R_C H I P; unit + +) { 
f ( cp->reg i ontun i t ] == -1) -C 
k = ReserveKeyRegion(ctxFile, ctx); 
if (k < 0) 

••break; /* no more regions.. 

if (! QUIET) printfC" Starting board 0x%02X, chip 0x%02X, unit 0x%02X.. 

cp->board, cp->chip, unit); 

if (FP-LOG) f printf ( FP-LOG, "Starting unit 0x%02X 0x%02X 0x%02X... ", 

cp->board, cp->chip, unit); 

cp->region[unit] = k; 

/* LOAD UP THE KEY REGION AND LET 'ER RIP... */ 

SetRegi ster( cp->board, cp->chip, R EG-S E ARC H^KE Y ( un i t ) +6 , 

(unsigned char)((k >> 16) & 0xFF)); 

Set Regi ster ( cp->boa rd, cp->chip, R EG- S E A R C H-KE Y ( un i t ) + 5 , 



5-42 



Chapter 5: Software Source Code 



-721d 0002227a35d8002000c Page 7 of search. c 



99606b 
4021e3 
593bf 5 
d50d06 
6a92d3 
353abd 
37a568 
f 2af 5a 
176841 
08af 5a 
d3f d1 a 
b20f 12 
619957 
881b8b 
282f 76 
f 3eb34 
0ac31 2 
77eb34 
5a6f e7 
90df 1c 
97ef e6 
38af 5a 
21af 5a 
e338e5 
a964e4 
58278f 
5e7253 
b24a30 
224233 
d494e7 
2740a3 
57495d 
5a0094 
559ab5 
31565f 
76f 04f 
0b190c 
56d778 
9bb868 
9a512b 
996273 
184051 
f9f c72 
63e73f 
9012d1 
6688e1 
696f e7 
99df 1 c 
aa0597 
2a e f e6 
6daf 5a 
00af 5a 
b238e5 
8e23dc 
d0495d 
5caa69 
8a5ec8 
4c4fa7 
bcd5f 5 
0c193c 
elaf 5a 
73aec4 
615cd8 
ebdf 14 
1e8cf c 
804d72 
bad460 
57a964 
c881 5b 
b6f7c3 
e3b642 
221e9a 



(unsigned char)((k >> 8) 8 x F F ) ) ; 

Set Reg i s t er ( cp->boa rd, cp->chip, REG-S E ARC H-KE Y ( un i t ) + 4, 
(unsigned char)(k & x F F ) ) ; 

cp->chip, REG-SEARCH-KEY(unit)+3, 

cp->chip, REG^SEARCH^KEY(unit)+2, 

cp->chip, REG-SEARCH-KEY(unit>+1, 

cp->chip, REG~SEARCH-KEY(unit)+0, 



SetRegi ster(cp->board, 
SetRegi ster(cp->board, 
SetRegi ster(cp->board, 
SetRegi ster(cp->board. 



Set Reg i s t er ( cp->boa rd, cp->chip, R EG-S E ARC H-ST ATUS ( un i t ) 



/* GO! */ 



FO 



* READ OUT THE KEY COUNTER (3 BYTES) 

= GetUnitKeyCounter(cp->board, cp->chip, unit); 
p->overFLow[uni t] = k ; 
p->LastDoneCunit] = k ; 
f (! QUIET) pn'ntf("Region = 0x 

cp->regionCunit], k); 

f (FP^LOG) f printf ( FP^LOG 
cp->region[unit] 



R OVERFLOW SENSING 



*/ 



k); 



x % 6 I X , overFlow=0x%06LX\n", 
Region=0x%06LX, overFLow=0x%06LX\n" 



Read the value of a rap i d L y- i n c remen t i ng key counter register. 
■-•The function reads the register twice, finds the most-sign i 
•••bit that changed during the operation, and returns the Late 
•••(higher) value with all bits to the right of the one that c 
•••set to zero. 

The return value is the top 24 bits of the low 32 bits of the 
•••key counter -- i.e., key bytes (MSB) XX XX XX ..(LS 



/ 

I on 

I 
d 



g g 

ong 
o { 

• v1 

• v1 
■ v1 

• v2 

• v2 

• v2 
wh 

o r 

• i f 



e t Un i t KeyCoun t e r ( i n t board 
v1, v2, m ; 



int chip, int unit) -C 



i = 
i le 
(m 

(( 
v2 
bre 



( ( long) 

( ( long 

((long 

( ( long) 

((long 

( ( long 

(v1 > 

= 0x800 

v1 & m) 

= (v2 8 

ak; 



GetRegi ster(board, chip, REG~S E AR C H-KE Y ( un i t ) + 3 ) ) 
)GetRegi ster(board, chip, REG-S E ARC H-KE Y ( un i t ) + 2 ) ) 
)GetRegi ster(board, chip, REG-S E A R C H^KE Y ( un i t ) + 1 ) ) 
GetRegi ster(board, chip, REG-S E ARC H„KE Y ( un i t ) +3 ) ) 



)GetRegi ster(board, 

)GetRegi ster(board, 

v2); 

000L; m != 0; m >> 

!= (v2 8 m) ) { 

(OxFFFFFFL - m + 1 ) ) 



chip, 
chip, 



= 1 ) { 



REG. 
REG. 



SEARCH-KEY(uni t ) + 2) ) 
SEARCH^KEY(uni t ) + 1 ) ) 



f i can t 

r 

hanged 



<< 16; 
<< 8; 

<< 16; 
<< 8; 



> 

return (v2) 



* -Get the key out of a halted unit and print it to the screen/logs 
*/ 
void CheckAndPrintKey(CHIP-CTX *cp, SEARCH-CTX *ctx, int unit) i 

unsigned char k e y C 7 ] ; 

unsigned char binKeyC56]; 

char bu ft 1283; 

int i,j, goodKey; 

for (i = 0; i < 7; i++) 

•■keyCiD = (unsigned c ha r ) Ge t Reg i s t e r ( c p->boa rd , cp->chip, 

REG^SEARCH„KEY(unit) + i); 

if (--(keyC0D) == 0xFF) /* Decrement key *, 

••if ( — (keyC1 :) == 0xFF) 
••■•if (~(keyC23) == 0xFF) 

--keyr.311; 

for (i = 0; i < 56; i++) 

••binKeyCi: = (key[i/8] >> (i87)) 8 1; 

for (i = 7; i >= 0; i--) { 

••j = binKeyCi*7]*2 + b i nKey C i *7 + 1 ] *4 + b i nKey C i *7 + 2 ] *8 + b i nKey C i *7 + 3 1 *1 6 + 



Chapter 5: Software Source Code 



5-43 



•3b12 000f 2b672408002000c Page 8 of search 



a35717 
9b3764 
5bdf 1c 
a9af 5a 
5076d5 
19c6bc 
be3a1e 
80b718 
99c03b 
889ac7 
9d52d1 
8adf 1c 
5ec ce4 
4757b8 
82c03b 
2a1890 
8ba909 
ccdf 1c 
31af 5a 
eedd3c 
efaf 5a 
7005cd 
352ace 
7d1792 
24b77b 
8384bd 
35ef e6 
41af 5a 
2daf 5a 
d238e5 
0b1 cdc 
f3495d 
6bfd4b 
c31df9 
08431e 
e6a f 5a 
57c536 
d70480 
7d037e 
b83116 
2dbdd0 
c7e45d 
d7aa86 
f cbc76 
045f 6a 
4a6f e7 
0eb946 
a98ae3 
f f 44cc 
43bc76 
8a5f6a 
926f e7 
a30d23 
70cb2a 
8c5d92 
14ea98 
f28ef9 
9e42cc 
5e4ac1 
c85f6a 
d46f e7 
517c47 
0a5669 
97531b 
a34f0b 
99b056 
cce226 
c1657e 
afb365 
5cbc76 
256fe7 
f2b110 



binKeyCi*7+4]*32 + b i nKey I i *7+5 ] *64 + b i nKey C i *7+6 ] *1 28; 

• sprintf <buf + 14-2*i , "%02X", j); 

f (QUIET) 

• printf ("Halt in %02X.%02X.%02X, K = %s P = " , cp->board, cp->chip, unit, buf) 

Lse { 

•printfC "BOARD 0x%02X, CHIP 0x%02X, UNIT 0x%02X HALTED!\n ••■K56 = " , 

cp->board, cp->chip, unit); 

•for (i = 6; i >= 0; i — ) p r i n t f ( " %02 X " , keyMT); 
•printfC"\n • • • K64 = %s\n", buf); 

f CFP-LOG) { 

■ fprintf (FP-LOG, "HaLta %02X.%02X.%02X, K=", 

cp->board, cp->chip, unit); 

■for (i = 6; i >= 0; i — ) f pr i n t f ( FP-LOG , "%02X", keyti]); 
•if (VERBOSE) f printf C FP-LOG, ", K64=%s", buf); 



goodKey = CheckKey(binKey, ctx); 



if (QUIET) printf (goodKey ? " (0K!)\n" : " CBAD)\n"); 

else printfC ...***** K EY IS %s *****\n", goodKey ? " OKAY " : 

if (FP^LOG) f printf ( FP-LOG, goodKey ? " (=0K!)\n" : " <=BAD)\n") 

fflushCstdout); 

if (FP-LOG) f f lushC FP-LOG); 



Let the user see what's going on. 



/* prints plaintexts */ 
"BAD"); 



nt Servi ceKeyboa r d C S E ARC H-CTX *ctx) { 
int k, i, board, chip, reg, val; 
char bufferC1283; 



le (kbhi t( ) ) { 

= toupper(getchO); 
f (k == '?«) { 

printfC "Keystroke options:\n •• 

printfC" •■•R=read a chip\n ••• 

printfC" •••S=set register\n"); 

pr i nt f C " Press a command letter, 

whi le C ! kbhi tC ) ) O 

continue; 



•ESC=quit search\n"); 
SPACE=status\n • • • P=pause\n"); 

ENTER to continue\n"); 



f (k == 'P' ) { 

• f p r i n t f C s t de r r , " • PAUSED \nCPress a command letter, ") 

•fprintfCstderr, "ENTER to continue, or ? for help.)\n"); 
• whi le C ! kbhi t C ) ) O 
• continue; 



TO CONFIRM HALT 



\ n " ) ; 



f Ck == 27) { 

fprintfCstderr, " ESC PRESSED! HIT 

if C toupper CgetchC ) ) == 'Y') -C 

* * fprintfCstderr, "Halting. . . \ n " ) ; 

••return C-1); 

> 

fprintfCstderr, " --CNot halting. )\n"); 

continue; 

f Ck == ' ' ) { 
fprintfCstderr, "There are %ld search units running\n", ctx->totalUnits) 
fprintfCstderr, "Of %ld blocks: %ld done, %ld unstarted, %ld pending\n", 

1L<<24, ctx->totalFinishedKeyBlocks, ctx->totalUnstartedKeyB locks, 

ctx->totalPendingKeyBlocks); 

fprintfCstderr, "The next key block to start is 0x%06lX.\n", 

ctx->nextUnstartedKeyBlock); 

fprintfCstderr, "Press a command letter or ENTER to continue\n"); 
whi le C ! kbhi tC )) O 



f Ck 



R' ) { 



5-44 



Chapter 5: Software Source Code 



ec05 0009a3bf ee08002000c Page 9 of search 



e2f bb8 
e27c75 
91 f 579 
1 aeal 
20e47c 
c9e3e0 
31 1474 
6042cc 
707553 
f 98149 
85d1e0 
28f c62 
0c42cc 
d046a0 
41b365 
7dbc76 
555f6a 
406f e7 
2eb53b 
a57f96 
af7c75 
d40ef 2 
629b24 
c f f c ea 
55a01 5 
287597 
0391e8 
b142cc 
a69b63 
7cbc76 
b05f 6a 
dc6f e7 
c5df 1c 
77c86a 
fdef e6 
02af 5a 
85af 5a 
a638e5 
554279 
f 53655 
c4ca0f 
80495d 
c318aa 
bb169a 
45ac6d 
937d24 
7f af 5a 
5148b0 
085c33 
8e67cf 
fd0c6e 
1b871 5 
5e24a8 
a028a1 
a14997 
9ddf 1 c 
871f76 
161698 
c2eed0 
1449b2 
216b40 
2c7bdf 
dd9984 
ce1bc2 
5bbc64 
5bdf 1 c 
9ba0a6 
e4036d 
c74e9a 
60af 5a 
9a5c33 
9ace92 



fprintf (stderr, "Enter board and chip (in hex): "); 

fgets(buffer, 127, stdin); 

board = chip = - 1 ; 

sscanf (buffer, "%x %x", Sboard, &chip); 

if (board < || board > 255 || chip < || chip > 255) { 

■ ■ fprintf (stderr, "Bad board (0x%02X) or chip (0x%02X)\n", board, chip) 

• • continue; 

> 

for (i = 0; i < 256; i++) { 

• • if ((i & 15) == 0) 

••••printf("\n0x%02X 0x%02X 0x%02X:", board, chip, i); 

■ -printf (" %02X", GetRegister(board, chip, i)); 

} 

p r i n t f ( " \ n " ) ; 

fprintf(stderr, "Press a command Letter or ENTER to continue\n"); 

whi Le ( ! kbhi t( ) ) { > 

continue; 



■ ■ > 

••if (k == ' S ' ) { 

••••fprintf(stderr, "Enter board chip reg value (all hex): "); 

••••fgets(buffer, 127, stdin); 

••••board = chip = reg = val = - 1 ; 

sscanf (buffer, "%x %x %x %x", & board, &chip, Sreg, Sval); 

••••if (board >= && chip >= SS reg >= && val >= 0) { 

fprintf(stderr, "Writing 0x%02X to 0x%02X.0x%02X reg 0x%02X\n", 

val, board, chip, reg); 

SetRegister(board, chip, reg, val); 

. . . . > 

• • • • f p r i n t f ( s t de r r , "Press a command letter or ENTER to con t i nue . \ n " ) 

••••while ( ! kbhi t( ) ) O 

• • • • continue; 

- • > 

> 

return ( ) ; 



If needed, this function can be used to decide whether keys are 
••••actually good or not to reject false positives. 
Returns 1 if the key is not bad, zero if it is wrong. 



*/ 

nt CheckKey ( unsi gned char keyC56II, SEARCH_CTX *ctx) { 

bool ctxtC64:,ptxt0E64D,ptxt1C64:; 

unsigned char p0C8],p1C8D; 

i n t i , c ; 

/* Compute the plaintext and try to print it to the screen */ 

for (i = 0; i < 64; i++) 

■ -ctxtli] = (ctx->ciphertext0Ci/8D >> (i&7)) & 1; 

DecryptDES((bool*)key, ptxt0, ctxt, 0); 

for (i = 0; i < 8; i++) { 

••p0[i] = (unsigned c ha r ) ( p t x 1 C i *8 + 3 + p t x t C i *8 + 1 ] *2 + p t x t [ i *8 + 2 ] *4 + 

ptxt0Ci*8+3D*8+ptxt0[i*8+4]*16+ptxt0:i*8+5]*32+ptxt0Ci*8+6]*64+ 

ptxt0Ci*8+7:*128); 

> 

for (i = 0; i < 8; i++) 
■ p [ i D A = ctx->plaintextXorMask[i]; 
f ( IQUIET) { 
printf(" •••Plaintext0 ="); 

for (i = 7; i> = 0; i — ) printfC %02X", p0CiD); 
p r i n t f ( " • • ( \ " " ) ; 
for (i = 7; i> = 0; i — ) 

•• printf ("%c", (p0Ci: < 32) ? '?' : p0Ci]); 
pr i nt f ( " \ " ) \n" ) ; 
> 
f (QUIET) for (i = 7; i>=! 
f (FP_L06) fprintf ( FP-LOG 
if (FP_L0G) for (i = 7; i>: 



--) printf ("%02X", p0[i]); 

p t x t = " ) ; 
i--) fprintf ( FP-LOG, "%02X", p0M3) 



for ( i = I 
• • ctxt Ci ] 



i < 6 4; i + + ) 

( ctx->ci phertextl Ei /8] >> (i&7)) 



Chapter 5: Software Source Code 



5-45 



fcb9 001 1 1 07d9008002000c Page 10 of search. c 



3509c3 

b1 871 5 

c72b26 

9df932 

c301bd 

f7df 1c 

839a9d 

7e0371 

d78c4c 

eedf 1 c 

4bef 0f 

b2991b 

e2a99a 

615a96 

4c3f73 

aad14f 

54eed0 

867bdf 

659984 

18d65f 

8bbc64 

1adf1c 

eda f 5a 

70b5e8 

14ca29 

900762 

f b5f6a 

a14d40 

2e24c1 

08df 24 

2f496b 

2624c1 

d9df 24 

29df 1c 

eaa f 5a 

9e6000 

66bb06 

8ef9a6 

82d4d1 

06efe6 > 

11af 5a 



Decrypt DES ( ( 
for ( i = ; 

pUi] = (u 



boo L 
i < 
ns i g 
t1 Hi 
t1 Hi 



ey, p t x 1 1 , ctxt, 0); 
i++) { 

char)(ptxt1Ci*8+0]+ptxt1Ci*8+1D*2+ptxt1Ci*8+2]*4+ 
3:*8+ptxti:i*8+4]*16+ptxt1Ci*8+5:*32+ptxt1Ci*8+6:*64+ 
7 ] * 1 2 8 ) ; 



f (ctx 
• for ( 

--pic 



i ] 



searchlnfo 

= 0; i < 8 

A = ctx->c 



8 1 ) i 

; i++) 

i phertextOH i ] 



if CBC mode, XOR w/ 1st ctxt 



( !QU 
(QUI 
(FP~ 
( ! QU 
(QUI 
(FP„ 
( !QU 
•print 

• for ( 
• • • pri 

• print 



/* Re j e 
f o r ( i = 
f ( ( 

• con 
= P 

f (( 

■ret 

= P 

f ( ( 

• ret 



IET 
ET) 
LOG 
IET 
ET) 
LOG 
IET 
f (" 
i = 
ntf 
f (" 



pnn 
mint 
f p r i 
for 
o r ( 
for 
{ 

■ (\" 
'; i> 
% c ■■ , 
)\n" 



" • • • P L a i n t e x 1 1 = " ) ; 

/ " ) ; 

(FP-LOG, "/"); 

= 7; i>=0; i--) pri ntf (" %02X", p 1 L" i ] ) ; 

7; i> = 0; i — ) pr i n t f ( " %02X " , pIMH); 
= 7; i> = 0; i — ) f p r i n t f ( F P^ LOG , "%02X" , plUiH); 



); 

; i - - 

(pi Ci D 



32) 



p1 [i]) 



ct key if doesn't contain good characters */ 

; i < 8 ; i + + ) { 
( c t x->p La i ntextBy teMask ) >> i) & 1) 
tinue; 
[ i J ; 

( ctx->p Lai ntextVectorLc/8] >> (c & 7)) S 1) = = 
urn ( ) ; 
Mil; 

( ctx->plai ntextVectorCc/81 >> (c & 7)) 8 1) = = 
urn ( ) ; 



ERT ADDITIONAL CODE HERE TO REJECT FALSE POSITIVES 
(1 ); 



5-46 



Chapter 5: Software Source Code 



■2752 00185ee2d9a8002000d Page 1 of search. h 



8d2d03 
58bbd7 
b0c275 
a129eb 
7d09f c 
b28aaf 
e4 c a eb 
584992 
4529eb 
a4c755 
a529eb 
cd489b 
7b29eb 
a a 6ee f 
0d29eb 
6e28d9 
e829eb 
f bd8c3 
24af 5a 
01915a 
835ec3 
32af 5a 
42f0f 7 
28e10b 
613b99 
9b6f 32 
69ed17 
15e93c 
c6b1b4 
360356 
83af 5a 
354b87 
d8c e c c 
2dd51a 
9a86cd 
e769ab 
ae947a 
9a5317 
f 5af 5a 
8b7454 
85af 5a 



•a*********************- 



******************x****************** 



search.h 



Header file for search. c 



•••Written 1998 by Cryptography Research (http://www.cryptography.com) • 

and Paul Kocher for the Electronic Frontier Foundation (EFF). •••• 

Placed in the public domain by Cryptography Research and EFF. •••• 

•THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. 



IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. •* 
* 

* 

•REVISION HISTORY: * 



Version 1.0: -Initial release by Cryptography Research to EFF. * 



# i f nde f 
#def ine 



SEARCH-H 
SEARCH.H 



typedef struct i 

/* PARAMETERS DEFINING THE SEARCH (THESE GO IN THE SEARCH CONTEXT FILE) */ 

unsigned char plaintextVectorE256/8D; 

unsigned char plaintextXorMaskE83; 

unsigned char ciphertext0C8]; 

unsigned char ciphertext1E8]; 

unsigned char plaintextByteMask; 

unsigned char searchlnfo; 

/* PARAMETERS ABOUT THE SEARCH PROCESS */ 

long totalUnits; 

long nextUnstartedKeyBlock; 

long totalFinishedKeyBlocks; 

long totalUnstartedKeyBlocks; 

long totalPendingKeyBlocks; 

> SEARCH-CTX; 

//end i f 



/* total search units */ 

/* top 24 bits only */ 

/* number of completed key blocks */ 
/* number of blocks left to start */ 
/* number of blocks running */ 




Chip Source Code 



This chapter contains a complete listing of the chip design language (VHDL) docu- 
ments that we wrote to show both people and machines how we designed the 
custom gate array chip in our DES cracker. 

Today, it is possible to design a complete chip by writing ordinary documents in 
text files. They are written in a special hardware programming language, called 
VHDL. This language is understood by chip simulation software, which works 
much like an ordinary programming language interpreter. Once the designer is sat- 
isfied with their design, this VHDL program text can be fed into a "chip compiler". 
Instead of producing a binary program as a result, the compiler produces low- 
level design information for a chip. 

The compilation process for a chip needs a lot more attention to detail than the 
average binary software compilation. For example, in modern computers it doesn't 
make much difference what exact memory locations your binary program is 
placed into; the program runs largely the same way. In building a chip, human 
attention and skill is still needed to "lay out" and "route" the building blocks of the 
chip so that the result has high performance, low power, low cost, and other desir- 
able attributes. This level of detail is also very dependent on the exact technology 
and equipment being used to build (fabricate) the chip, though the basic design 
documents are independent of all that. 

Thus, these design files don't tell the whole story. You can't just press a button 
and out pops a chip. But they are useful for understanding our design, because 
they specify, in a human readable way, just what the chip will do for any valid 
combination of inputs. 

For details on why these documents are printed this way, and how to scan them 
into a computer, see Chapter 4, Scanning the Source Code. 



6-1 



6-2 



Chapter 6: Chip Source Code 



5db8 0006bbca98980030001 Page 1 of addr-key.vhd 



bb997d 
aa 533a 
f06e63 
704774 
b65356 
407f af 
641 1 e9 
b3da83 
a0e1 05 
325356 
426895 
9daf 5a 
5914be 
c300c5 
4943c8 
53a88e 
7f af 5a 
dae24a 
ef af30 
cf 78be 
a835c4 
34df b3 
b292c9 
e54547 
3f083d 
8b99b8 
46d4c2 
0d593c 
a25f83 
6a5442 
fd52fd 
2b43c0 
98457f 
b44ebe 
b94801 
1a6cc4 
d66a7b 
638eb2 
ca880d 
ae83cc 
d58573 
ba19f8 
61737c 
56af 5a 
83af 5a 
aae532 
e6a f 5a 
e35356 
337e4e 
455356 
a 5 a f 5 a 
a50f89 
f ed83c 
27337d 
128ba3 
9b8baa 
8d8ba3 
209ca5 
b28ba3 
C72472 
a68ba3 
3e73b3 
258ba3 
89cb64 
388ba3 
74dc6b 
f a8ba3 
d3af 5a 
e65c59 
f c8ba3 
76e48e 
6b8ba3 



-- Author •••• 

-- Date 

-- Description 



Tom Vu • • • 
09/19/97 • 
UProcessor 



interface 



Library ieee; 

use IEEE. std-logic-1164. all; 
use IEEE. std-logic-arith. all; 
use I EEE . s td- log i c-uns i gned . a I I 



entity ADDR-KEY 
port( 



ADDSEL2 
CHIP-EN 
ADDR • • 



ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
DATA 



-KEY0 

-KEY1 

-KEY2 

_KEY3 

-KEY4 

-KEY5 

-KEY6 

-KEY7 

-KEY8 

U.KEY9 

-KEY10 

-KEY1 1 

-KEY12 

-KEY13 

-KEY14 

-KEY1 5 

-KEY16 

-KEY17 

-KEY18 

-KEY19 

-KEY20 

-KEY21 

-KEY22 

-KEY23 

I 



l n 

i n 
i n 

out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
i n 



std-logic; 
s t d - I o g i c; 
s td- log i c-vec tor ( 7 downto 0) 



std, 
std, 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 



logic, 
logic. 
I og i c. 
logic, 
logic, 
logic, 
logic. 
I o g i c . 
I og i c. 
logic, 
log i c. 
logic, 
logic, 
logic. 
I o g i c . 
I og i c. 
logic, 
logic, 
logic, 
logic, 
logic. 
I og i c. 
log i c. 
log i c. 
logic. 



vector 


:6 • 


vector 


,6 • 


vector 


,6 ■ 


vector 


:6 • 


vector 


[6 ■ 


vector 


:6 ■ 


vector 


:6 • 


vector 


,6 ■ 


vector 


,6 ■ 


vector 


,6 • 


vector 


:6 • 


vector 


:6 • 


vector 


[6 ■ 


vector 


,6 • 


vector 


,6 ■ 


vector 


,6 • 


vector 


:6 • 


vector 


:6 ■ 


vector 


:6 • 


vector 


:6 • 


vector 


,6 ■ 


vector 


,6 ■ 


vector 


,6 • 


vector 


:6 • 


vector 


,7 c 



own t o 
own t o 
own t o 
own to 
own to 
own to 
own to 
own t o 
own t o 
own to 
own to 
own to 
ownto 
own to 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
wnto ( 



) ; 



end ADDR-KEY; 

architecture beh of ADDR-KEY is 



begin 



ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 



_KEY0(0) <= 
■0' ) ) else 
_KEY0(1) <; 
'0' ) ) else 
_KEY0(2) <= 
1 ' ) ) else 
_KEY0(3) <= 
•0' ) ) else 
-KEY0C4) <: 
1 ' ) ) else 
_KEY0(5) <= 
•0' ) ) else 
_KEY0(6) <: 
' ' ) ) else 



ADDR-KEY1(0) <■ 
2 = '0' ) ) else 
ADDR-KEY1(1) <; 
2 = '0' ) ) else 



when ((ADDR 

when ((ADDR 

when ((ADDR 

when ((ADDR 

when ((ADDR 

when ((ADDR 

when ((ADDR 

when ((ADDR 

when ((ADDR 



1 000000 

1 000001 
>1 00001 

1000011 
1 0001 00 
1000101 
10001 10 

1001 000 
1001001 



) and (CHIP-EN 

) and (CHIP-EN 

) and (CHIP-EN 

) and (CHIP-EN 

) and (CHIP-EN 

) and (CHIP-EN 

) and (CHIP-EN 

) and (CHIP-EN 

) and (CHIP-EN 



) and (ADDSELI 

) and (ADDSELi 

) and (ADDSELI 

) and (ADDSELI 

) and (ADDSELI 

) and (ADDSELI 

) and (ADDSELI 

) and (ADDSELI 

) and (ADDSELI 



Chapter 6: Chip Source Code 



6-3 



— 35c1 000419849248003000 



bcf381 


ADDR- 


858ba3 


2 = ' 


a84b56 


ADDR- 


de8ba3 


2 = ' 


6e1c97 


ADDR- 


0a8ba3 


2 = ' 


c0a440 


ADDR- 


0d8ba3 


2 = ' 


16b34f 


ADDR- 


068ba3 


2 = ' 


dea f 5 a 




096f96 


ADDR- 


a18ba3 


2 = ' 


49d741 


ADDR- 


c48ba3 


2 = ' 


5f c04e 


ADDR- 


d08ba3 


2 = ' 


747899 


ADDR- 


a38ba3 


2 = ' 


682f58 


ADDR- 


ed8ba3 


2 = ' 


a1978f 


ADDR- 


528ba3 


2 = ' 


dd8080 


ADDR- 


538ba3 


2 = ' 


c5af 5a 




dd00b2 


ADDR- 


0f8ba3 


2 = ' 


bab865 


ADDR- 


a a 8ba 3 


2 = ' 


17af6a 


ADDR- 


318ba3 


2 = ' 


7d17bd 


ADDR- 


b88ba3 


2 = ' 


8b407c 


ADDR- 


f68ba3 


2 = ■ 


24f8ab 


ADDR- 


7c8ba3 


2 = ' 


df ef a4 


ADDR- 


bb8ba3 


2 = ' 


46af 5a 




b81db8 


ADDR- 


378ba3 


2 = ' 


12a56f 


ADDR- 


7e8ba3 


2 = ' 


eeb260 


ADDR- 


f 28ba3 


2 = ' 


bb0ab7 


ADDR- 


178ba3 


2 = ' 


b55d76 


ADDR- 


118ba3 


2 = ' 


e4e5a 1 


ADDR- 


4a8ba3 


2 = ' 


93f2ae 


ADDR- 


a68ba3 


2 = ' 


5eaf 5a 




81fd36 


ADDR- 


e08ba3 


2 = ' 


7245e1 


ADDR- 


918ba3 


2 = ' 


cb52ee 


ADDR- 


398ba3 


2 = ' 


d7ea39 


ADDR- 


d48ba3 


2 = ' 


dcbdf8 


ADDR- 


818ba3 


2 = ' 


0e052f 


ADDR- 


f08ba3 


2 = ' 


e41220 


ADDR- 


9e8ba3 


2 = ' 


61af 5a 




41cef9 


ADDR- 



KEY1 (2 


) < = 




0' ) ) e 


. se 


' 


KEY1 (3 


< = 




0' )) e 


. se 


' 


KEY1 (4 


< = 




0' )) e 


. se 


' 


KEY1 (5 


< = 




0' )) e 


. se 


' 


KEY1 (6 


< = 




0' ) ) e 


. se 


' 


KEY2C0 


< = 




0' ) ) e 


se 


' 


KEY2M 


< = 




0' )) e 


se 


0' 


KEY2C2 


< = 




0' ) ) e 


s e 


0' 


KEY2C3 


< = 




0' ) ) e 


s e 


' 


KEY2C4 


< = 




0' )) e 


se 


0' 


KEY2(5 


< = 




0' ) ) e 


se 


0' 


KEY2(6 


< = 




0' ) ) e 


se 


0' 


KEY3(0 


< = 




0' )) e 


se 


' 


KEY3(1 


< = 




0' ) ) e 


se 


' 


KEY3(2 


< = 




0' )) e 


se 


0' 


KEY3(3 


< = 




0' )) e 


se 


' 


KEY3(4 


< = 




0' ) ) e 


se 


' 


KEY3(5 


< = 




0' )) e 


se 


0' 


KEY3(6 


< = 




0' ) ) e 


se 


' 


KEY4(0 


< = 




0' ) ) e 


se 


0' 


KEY4(1 


< = 




0' )) e 


se 


' 


KEY4(2 


< = 




0' ) ) e 


se 


' 


KEY4(3 


< = 




0' )) e 


se 


0' 


KEY4(4 


< = 




0' )) e 


se 


0' 


KEY4(5 


< = 




0' ) ) e 


se 


' 


KEY4(6 


< = 




0' ) ) e 


se 


0' 


KEY5(0 


< = 




0' )) e 


se 


0' 


KEY5 ( 1 


< = 




0' )) e 


se 


0' 


KEY5C2 


< = 




0' ) ) e 


se 


' 


KEY5C3 


< = 




0' )) e 


. se 


0' 


KEY5C4 


< = 




1 )) e 


. se 


' 


KEY5C5 


< = 




0' )) e 


. se 


' 


KEY5(6 


< = 




0' ) ) e 


. se 


' 



Page 2 

when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 



1 ' when 



of add r. 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 



key 



vhd 
001 
001 
001 
001 
001 

010 
010 
010 
010 
010 
010 
010 



01 1000 
01 1001 
011010 
011011 
01 1 100 
011101 
011110 

1 00000 
100001 
100010 
100011 
100100 
100101 
100110 

101000 
101001 
101010 
101011 
101 100 
101101 
101110 

1 10000 



and 
and 
and 
and 
and 

and 
and 
and 
and 
and 
and 
and 

and 
and 
and 
and 
and 
and 
and 

and 
and 
and 
and 
and 
and 
and 

and 
and 
and 
and 
and 
and 
and 



(CHIP-EN 
(CHIP-EN 
( CHIP-EN 
(CHIP-EN 
(CHIP-EN 

(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
( CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 

(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 

(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
( CHIP-EN 

(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 
(CHIP-EN 



and (CHIP-EN 



and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELi 


and 


(ADDSELi 


and 


(ADDSELi 


and 


(ADDSELi 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELi 


and 


(ADDSELI 



and (ADDSELI 



6-4 



Chapter 6: Chip Source Code 



— 4472 0008b773b2580030001 Page 3 of addr-key.vhd 



128ba3 


2 = 


b2762e 


ADDR. 


378ba3 


2 = 


f 56121 


ADDR. 


c98ba3 


2 = 


4ed9f 6 


ADDR. 


8e8ba3 


2 = ■ 


6b8e37 


ADDR. 


508ba3 


2 = ' 


5136e0 


ADDR. 


c28ba3 


2 = ' 


a021ef 


ADDR. 


748ba3 


2 = ' 


6faf 5a 




9ea1dd 


ADDR. 


1 f 8ba3 


2 = ' 


d9190a 


ADDR. 


cb8ba3 


2 = ' 


df 0e05 


ADDR. 


908ba3 


2 = ' 


f db6d2 


ADDR. 


8d8ba3 


2 = ' 


4be113 


ADDR. 


c98ba3 


2 = ' 


f 859c4 


ADDR. 


508ba3 


2 = ' 


1f 4ecb 


ADDR. 


f e8ba3 


2 = ' 


86af 5a 




824397 


ADDR. 


178ba3 


2 = ' 


39f b40 


ADDR. 


768ba3 


2 = ' 


e9ec4f 


ADDR. 


c18ba3 


2 = ' 


575498 


ADDR. 


f f 8ba3 


2 = ' 


720359 


ADDR. 


d58ba3 


2 = ' 


28bb8e 


ADDR. 


998ba3 


2 = ' 


1 cac81 


ADDR. 


288ba3 


2 = ' 


6daf 5a 




af 2cb3 


ADDR. 


498ba3 


2 = ' 


389464 


ADDR. 


cc8ba3 


2 = ■ 


17836b 


ADDR. 


7d8ba3 


2 = ' 


673bbc 


ADDR. 


f68ba3 


2 = ' 


1f6c7d 


ADDR. 


d98ba3 


2 = ' 


e9d4aa 


ADDR. 


c58ba3 


2 = ' 


af c3a5 


ADDR. 


558ba3 


2 = ' 


32af 5a 




428dee 


ADDR. 


bd8ba3 


2 = 


f eaf93 


ADDR. 


c18ba3 


2 = 


4d1 f 73 


ADDR. 


cb8ba3 


2 = 


953d0e 


ADDR. 


1 f8ba3 


2 = 


d7b7aa 


ADDR. 


458ba3 


2 = 


2a95d7 


ADDR. 


198ba3 


2 = 


8b2537 


ADDR. 



0' ) ) e 
KEY6C1 
0' )) e 
KEY6C2 
0' ) ) e 
KEY6C3 
0' )) e 
KEY6(4 
0' )) e 
KEY6C5 
0' ) ) e 
KEY6C6 
0' )) e 

KEY7(0 
0' )) e 
KEY7C1 
0" ) ) e 
KEY7C2 
0' ) ) e 
KEY7(3 
0' )) e 
KEY7(4 
0' )) e 
KEY7C5 
' ) ) e 
KEY7C6 
0' )) e 

KEY8(0 
0' )) e 
KEY8(1 
' ) ) e 
KEY8(2 
0' ) ) e 
KEY8(3 
0' )) e 
KEY8(4 
0' )) e 
KEY8(5 
0' )) e 
KEY8(6 
0' ) ) e 

KEY9(0 
0' )) e 
KEY9(1 
0' )) e 
KEY9C2 
0' )) e 
KEY9C3 
0' )) e 
KEY9C4 
0' )) e 
KEY9C5 
0' )) e 
KEY9C6 
0' ) ) e 



KEY10C0) < 



0' )) e 
KEY10C 
0' )) e 
KEY10C 
' ) ) e 
KEY10( 
0' )) e 
KEY10( 
0' )) e 
KEY10( 
0' ) ) e 



se 

<= > 
se 



se 

< = 

se 

< = 

se 
<= > 

se 



<= > 
se 



se 

< = 
se 

< = 

se 



se 

) < = 

se 

) 

s e 

) 

se 

) < = 

se 

) < = 

se 



-KEY10(6) <= 



1 ■ when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1" when 

1 ' when 

1 ' when 



(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 



1 10001 
110010 
110011 
110100 
110101 
110110 

111000 
111001 
111010 
111011 
111100 
111101 
111110 

1 0000000 

1 0000001 

1 000001 

1000001 1 
1 00001 00 
10000101 
10000110 

10001000 
10001001 
10001010 
1000101 1 
10001 100 
10001101 
10001110 

1 001 0000 
10010001 
10010010 
1001001 1 
10010100 
10010101 
100101 10 



and 


(CHIP. 


EN 


and 


(CHIP. 


.EN 


and 


(CHIP-EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.FN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 



and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 



and (ADDSELI 

and (ADDSELI 

and (ADDSELI 

and (ADDSELI 

and (ADDSELI 

and (ADDSELI 



and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 



Chapter 6: Chip Source Code 



6-5 



■8378 000d61250cd8003000 



128ba3 
leaf 5a 
678b96 
2d8ba3 
5da9eb 
3d8ba3 
71190b 
bc8ba3 
a93b76 
418ba3 
71 b1d2 
828ba3 
1893af 
868ba3 
f c234f 
628ba3 
e3af 5a 
5ba111 
2e8ba3 
94836c 
918ba3 
3d338c 
da8ba3 
f 211 f 1 
328ba3 
259b55 
1d8ba3 
4fb928 
208ba3 
bf09c8 
7f8ba3 
bea f 5a 
f9a769 
298ba3 
e48514 
4e8ba3 
9c35f4 
b28ba3 
411789 
6e8ba3 
0e9d2d 
bf8ba3 
c5bf 50 
8c8ba3 
7b0f b0 
798ba3 
b3af 5a 
8d0e4a 
a98ba3 
8d2c37 
608ba3 
ac9cd7 
9b8ba3 
2 a bea a 
c08ba3 
9b340e 
ef8ba3 
a51673 
948ba3 
eca693 
e08ba3 
52af 5a 
990832 
1 c8ba3 
702a4f 
478ba3 
5c9aaf 
d78ba3 
94b8d2 
4e8ba3 
a83276 
d68ba3 



ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 

ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 

ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 

ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 

ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 



■ )) else 



KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 

KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 

KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 

KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 

KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 
KEY 
0' ) 



1 (0 

el 
1 (1 

el 
1 (2 

el 
1 (3 

el 
1 (4 

el 
1 (5 

el 
1 (6 

el 

2(0 

el 
2(1 

el 
2(2 

el 
2(3 

el 
2(4 

el 
2(5 

el 
2(6 

el 

3(0 

el 
3(1 

el 
3(2 

el 
3(3 

el 
3(4 

el 
3(5 

el 
3(6 

el 

4(0 

el 
4(1 

el 
4(2 

el 
4(3 

el 
4(4 

el 
4(5 

el: 

4(6: 

el: 

5(0: 

el: 
5(1 

el: 
5(2 

el: 
5(3 

el: 
5(4: 

else 



Page 4 of addr-key.vhd 



when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 


when 


(ADDR 



101 1000 
(011001 

101 1010 

101 101 1 

101 1 100 

101 1 101 
1011110 

11 00000 
1100001 
1100010 
110001 1 
1100100 
1100101 
11001 10 

11 01 000 
1101001 
H01010 
1101011 
H01 100 
H01 101 
1101110 

n 10000 
n 10001 
n 10010 
n 10011 
n 1 01 00 
n 10101 
1110110 

1111000 
1111001 
1111010 
1111011 
n 1 1 100 



and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 



and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 



and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 



6-6 



Chapter 6: Chip Source Code 



--2e62 000ddaca1ad80030l 



24100b 


ADDR- 


e98ba3 


2 = ' 


b0a0eb 


ADDR- 


448ba3 


2 = ' 


e8af 5a 




e24d71 


ADDR- 


a58ba3 


2 = ■ 


486f 0c 


ADDR- 


888ba3 


2 = ' 


83df ec 


ADDR- 


568ba3 


2 = ' 


bbfd91 


ADDR- 


388ba3 


2 = ' 


0f7735 


ADDR- 


f 18ba3 


2 = ' 


a85548 


ADDR- 


578ba3 


2 = ' 


84e5a8 


ADDR- 


038ba3 


2 = ' 


08af 5a 




554b09 


ADDR- 


9f 8ba3 


2 = ■ 


6b6974 


ADDR- 


388ba3 


2 = ' 


40d994 


ADDR- 


308ba3 


2 = ' 


4cfbe9 


ADDR- 


4a8ba3 


2 = ■ 


1 f 71 4d 


ADDR- 


208ba3 


2 = ' 


4e5330 


ADDR- 


138ba3 


2 = ' 


bbe3d0 


ADDR- 


688ba3 


2 = ' 


32af 5a 




09a03a 


ADDR- 


f 58ba3 


2 = ' 


888247 


ADDR- 


e18ba3 


2 = ' 


da32a7 


ADDR- 


3f 8ba3 


2 = ' 


3610da 


ADDR- 


648ba3 


2 = ' 


a99a7e 


ADDR- 


ad8ba3 


2 = ' 


deb803 


ADDR- 


c88ba3 


2 = ' 


1608e3 


ADDR- 


c48ba3 


2 = ' 


b9af 5a 




66a642 


ADDR- 


be8ba3 


2 = ' 


17843f 


ADDR- 


678ba3 


2 = ' 


7d34df 


ADDR- 


8e8ba3 


2 = ' 


1616a2 


ADDR- 


278ba3 


2 = ■ 


089c06 


ADDR- 


e48ba3 


2 = ■ 


71be7b 


ADDR- 


748ba3 


2 = ' 


bc0e9b 


ADDR- 


6d8ba3 


2 = ' 


88af 5a 




7a7d73 


ADDR- 


ac8ba3 


2 = ' 


8f 5f0e 


ADDR- 


578ba3 


2 = ' 


64ef ee 


ADDR- 


f 48ba3 


2 = ■ 


ddcd93 


ADDR- 



KEY15C5) < 




0' ) ) else 





KEY1 5(6) < 




0' ) ) else 





KEY16(0) < 




' ) ) else 





KEY16(1 ) < 




* ) ) else 





KEY16(2) < 




' ) ) else 





KEY16(3) < 




' ) ) else 





KEY16(4) < 




' ) ) else 





KEY16(5) < 




' ) ) else 





KEY16(6) < 




' ) ) else 





KEY17C0) < 




0' ) ) else 





KEY17(1 ) < 




' ) ) else 





KEY17C2) < 




' ) ) else 





KEY17C3) < 




0' ) ) else 





KEY17(4) < 




' ) ) else 





KEY17(5) < 




' ) ) else 





KEY17C6) < 




0' ) ) else 





KEY18(0) < 




0' ) ) else 





KEY18C1 ) < 




0' ) ) else 





KEY18C2) < 




0' ) ) else 





KEY18(3) < 




0' ) ) else 





KEY18C4) < 




' ) ) else 





KEY18(5) < 




0' )) else 





KEY18C6) < 




0' )) else 





KEY19C0) < 




0' ) ) else 





KEY19C1 ) < 




0' ) ) else 





KEY19C2) < 




0' ) ) else 





KEY19C3) < 




0' ) ) else 





KEY19(4) < 




0' ) ) else 





KEY19(5) < 




0' ) ) else 





KEY19C6) < 




0' )) else 





KEY20(0) < 




0' ) ) else 





KEY20(1) < 




0' )) else 





KEY20C2) < 




0' ) ) else 





KEY20C3) < 





1 Page 5 

1' when 

1 ' when 

1 ' when 

1 ' when 

1' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1 ' when 

1" when 

1 ' when 

1 ' when 

1 ' when 

1' when 

1 ' when 

1 ' when 



of add r-key . vhd 



(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 

(ADDR = 



10111101 
10111110 

1 1 000000 

1 1000001 

1 1000010 

1 100001 1 
11000100 
11000101 
1 1 0001 10 

11001000 
1 1001001 
11001010 
1100101 1 

1 1001 100 

1 1001 101 
11001 110 

1 1010000 

1 1010001 

1 1010010 

1 101001 1 
1 1010100 
11010101 
11010110 

1 101 1000 
11011001 
11011010 
11011011 
1 101 1 100 
11011101 
11011110 

1 1 100000 

1 1 100001 

1 1 100010 

1 1 10001 1 



and 


(CHIP. 


.EM 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 


and 


(CHIP. 


.EN 



and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 



and 


(ADDSELi 


and 


(ADDSELi 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 


and 


(ADDSELI 



and (ADDSELI 

and (ADDSELI 

and (ADDSELI 

and (ADDSELI 



Chapter 6: Chip Source Code 



6-7 



e4fc 001 7e2d76cd80030001 Page 6 of add r-key . vhd 



128ba3 
f e4737 
e68ba3 
6e654a 
7e8ba3 
52d5aa 
878ba3 
34af 5a 
b97b0b 
4c8ba3 
7a5976 
d88ba3 
aae996 
b58ba3 
53cbeb 
618ba3 
9d414f 
7d8ba3 
fb6332 
918ba3 
36d3d2 
2f8ba3 
f 4af 5a 
8af 320 
5d8ba3 
74d15d 
b78ba3 
db61bd 
c88ba3 
ef 43c0 
c18ba3 
19c964 
238ba3 
f0eb19 
db8ba3 
d05bf 9 
038ba3 
f caf 5a 
91 f 558 
c18ba3 
78d725 
288ba3 
6467c5 
178ba3 
c345b8 
d48ba3 
c5cf 1c 
bd8ba3 
78ed61 
b78ba3 
c65d81 
348ba3 
7f af 5a 
605356 
c0b08a 
9c5356 
7eaf 5a 



2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 

ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 

ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 

ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 
ADDR 
2 = 



' ) ) else 
KEY20C4 
0' )) el 
KEY20C5 
0' ) ) el: 
KEY20C6: 
0' ) ) el 

KEY21 (0 
0' ) ) el 
KEY21 ( 1 
0' )) el 
KEY21 (2 
0' )) el 
KEY21 (3 
0' )) el 
KEY21 (4 
0' ) ) el 
KEY21 (5 
0' )) el 
KEY21 (6 
0' )) el 

KEY22C0 
0' ) ) el 
KEY22U 
0' )) el 
KEY22C2 
0' ) ) el 
KEY22C3 
0' ) ) el 
KEY22(4 
0' ) ) el 
KEY22C5 
0' ) ) el 
KEY22(6 
0' ) ) el 

KEY23(0! 
0' ) ) el: 
KEY23C1 
0' ) ) el: 
KEY23C2 
' ) ) else 
KEY23C3 
0' ) ) el: 
KEY23C4 
0' ) ) el 
KEY23C5 
0' ) ) el: 
KEY23C6: 
' ) ) else 



< = 

e ' i 

< = 

e 'l 

< = 

e ' ! 



e 

< = 
e ' 



when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 


when 


(ADDR 


= 



100100 
100101 
1001 10 

101000 
101001 
101010 
101011 
101 100 
101101 
101110 

1 10000 

1 10001 
110010 
110011 
110100 
110101 
110110 

111000 
111001 

111010 
111011 
1 1 1 100 
111101 
111110 



and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 

and (CHIP-EN 



and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELI 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELi 

and (ADDSELI 

and (ADDSELi 

and (ADDSELI 



end b e h ; 



6-8 



Chapter 6: Chip Source Code 



--f530 0001ae1063b80030002 Page 1 of des.vhd 



bb997d 
a a 533a 
bf 8d0a 
b4d6cd 
a5625a 
aa7f a f 
5211e9 
cada83 
77e105 
df625a 
4d7373 
a7a f 5a 
e1c57e 
363f61 
d21689 
fd4f77 
e91049 
ea38ba 
b1a256 
dd737c 
a9af 5a 
735a26 
daa f 5a 
be625a 
1e4170 
c8625a 
4daf 5a 
c739ea 
97e79c 
cf7187 
02342b 
1ea3a1 
814d49 
e1d2d 
73178d 
b2deb0 
9e1cda 
c90d80 
f f907c 
b66db2 
ddaf 5a 
f 02f82 
f 214be 
5913ef 
d5f417 
b1e2c6 
10af 5a 
cc44e1 
f 5cc6d 
86b12b 
5e694d 
f 0e2c6 
44af 5a 
d00e26 
36cc6d 
ed41a9 
81 cea7 
18e2c6 
6ca f 5a 
8d6a7a 
7ecc6d 
e4e2c c 
80f aaf 
79e2c6 
21af 5a 
028893 
7b96b5 
1 1 1046 
32e2c6 
87af 5a 
3b0f 89 
1 aa f 5a 



Author 

Date 

Description 



Tom Vu 

09/27/97 

Left and Right 32-bit registers 



Library ieee; 

use IEEE.std_Logic_1164.aLL; 
use IEEE.std_Logic_arith.aLL; 
use IEEE.std_Logic_unsigned.aLL; 



ent i ty MESG i s 
por t ( 



• CLK • > 

■RST_N - 

• START> 

DONE • • 

MESSAGE 

SUBKEY 

t>RESULT 



i n 
i n 
i n 
i n 
i n 
i n 
out 



'•••); 
end MESG; 



std_Logi c; 

std_Logi c; 

std_Logi c; 

std_Logi c; 

s t d_ L og i c_ve c t o r ( 63 downto 0) 

s t d_ L og i c_ve c t o r ( 47 downto 0) 

s t d_ L og i c_ve c t o r ( 63 downto 0) 



architecture beh of MESG is 



s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 



IP_KEY 
MESG_L 
MESG_R 
NEW_L 

L 

R 

EXPAND 

X_KEYo 

S_OUT 

FP_IN 

FP_OUT 

P_IN > 

P_OUT 

EX 



EFT 
IGH' 



std- 


Logic 


-vec tor ( 63 


downto 


0) ; 


std- 


Logic 


-vector (31 


downto 


0) ; 


std- 


Logic 


-vector (31 


downto 


0) ; 


std. 


Logic 


-vector(31 


downto 


0) ; 


std- 


Logic 


-vector(31 


downto 


0); 


std- 


Logic 


-vector(31 


downto 


0) ; 


std- 


Logic 


-vector(47 


downto 


0) ; 


std- 


Logic 


-vector(47 


downto 


0) ; 


std. 


Logic 


-vector (31 


downto 


0) ; 


std- 


Logic 


-vector ( 63 


downto 


0) ; 


stcL 


Logic 


-vec tor ( 63 


downto 


0) ; 


std- 


Logic 


-vector (31 


downto 


0); 


std- 


Logic 


-vector (31 


downto 


0); 



component 
por t ( * * 

EX_IN 

EX_OUT 

end component; 

component I P 
por t ( 

IP_IN 

IP_OUT 

end component; 

component FP 
por t ( 

FP_IN 

FP_OUT 

end component; 

component P 
por t ( 

P_IN • 

P_OUT 

end component; 



component S_TABLE 

port ( • KEY : in 

S_OUT : out 

end component; 

begin 



in •••std_Logic_vector(31 downto 0); 
out - • • s td_ L og i c_vec tor ( 47 downto 0)) 



in ••■•std_Logic_vector(63 downto 0); 
out • • • s td_ Log i c_vec tor ( 63 downto 0)) 



in ■ • • • s t d_ L og i c_ve c t o r ( 63 downto 0); 
out • • ■ s t d_ L og i c_ve c t o r ( 63 downto 0)) 



in ••••std_Logic_vector(31 downto 0); 
out • ■ ■ s t d_ L og i c_vec t o r ( 31 downto 0)) 



std_Logic_vector(47 downto 0); 
s t d_ L og i c_ve c t o r ( 31 downto 0)); 



Chapter 6: Chip Source Code 6-9 



--aaa2 00048a a879b80030002 Page 2 of des.vhd 

7d0363 MESSAGE1 : EX 

8f 7097 port map( 

e5c895 > EX-IN => R, 

e4f1b2 > EX-OUT > = > EXPANDED-R);- 

6ea f 5a 

de647d MESSA6E2: IP 

b87097 port map( 

f358db > IP-IN => MESSAGE, 

284c3d > IP-OUT > = > IP-KEY);- 

cea f 5a 

0a1b74 MESSAGE3: S-TABLE 

dd7097 port map ( 

06527c > KEY > => X-KEY, 

0a7ff2 > S-OUT c> => S-OUT);- 

d6af 5a 

fdc7d3 MESSAGE4: P 

437097 port map( 

14299f > P-IN >=> S-OUT, 

5cf3c6 > P-OUT > => P-OUT);- 

0f af 5a 
af a f 5a 

e8326b MESSAGE5: FP 

307097 port map ( 

b1 91 f 5 > FP-IN => FP-IN, 

c8be19 o FP-OUT >=> FP-OUT);- 

59af5a 
b2af 5a 

cc625a -- 

cf63c2 -- SpLi t-to-LEFT-and-RIGHT: p ro c e s s ( I P-KE Y ) 

9b625a -- 

339acc -- begin 

cdd360 -- t> for i in to 31 Loop 

bd964e — > - - - ■ MESG-R I GHT ( i ) > <= IP-KEY(i); 

5ffb1b -- o • • • • MESG-LEFT(i ) > <= I P-KE Y ( i +32 ) ; 

913689 — > end Loop; 

0d55d2 -- end process Sp L i t-t o-LE FT-and-R I GHT ; 

74af 5a 

191a19 MESG-RIGHT <= IP-KEYC31 downto 0); 

7a284c MESG-LEFT <= IP-KEYC63 downto 32); 

b3625a -- 

726ec6 L-AN D-R-REG-PR : p ro c e s s ( R ST-N , C LK ) 

74625a -- 

080f89 begin 

ac61 18 if RST-N = '0' then 



8ce37f 


> L 


<= (others => '0') 


38ab45 


> R 


<= (others => ' ' ) 


a684bd 


elsif CLK 


'event and CLK = '1 


560a81 


if (START 


= ' 1 ' ) then 


e40d0d 


> L 


<= MESG-LEFT; 


f f2134 


> R 


<= MESG-RIGHT; 


f9def 1 


e L se * 




f8af cf 


i> L 


<= R; 


0a1 c45 


> R 


<= NEW-L; 


b4df 0b 


end i f ; 




addf0b 


end i f ; 




9baf 5a 






6bb840 


end process L-AND-R-REG-PR; 


a5a f 5a 







then 



0c625a -- 

1d9726 KEY-XOR-PR: p ro c e s s ( S UBKE Y , EX P AN D E D-R ) 

6e625a -- 

440f89 begin 

0b13e9 > for i in to 47 Loop 

e08bd9 > •■••X-KEY(i) t> <= SUBKEY(i) xor E X P AN D E D-R ( i ) 

737aa9 > end Loop; 

2fa96e end process KEY-XOR-PR; 

2eaf 5a 

a9625a -- 

9f5de9 L-XOR-PR: p ro c e s s ( L, P-OUT ) 

6e625a -- 

db0f89 begin 

48d72a t> for i in to 31 Loop 



6-10 



Chapter 6: Chip Source Code 



•eae4 000 c6a93b2480030002 Page 3 of des.vhd 



1c3971 
5a7aa9 
40a92f 
a f a f 5 a 
50625a 
982ac6 
19625a 
74c45a 
5eaf 5a 
ad625a 
76a4c0 
86625a 
040f 89 
e961 18 
beb369 
b684bd 
9a4eba 
0e352f 
e cdf 0b 
5edf 0b 
61af 5a 
d402a3 
69af 5a 
05625a 
d9b08a 
b9625a 
02af 5a 
8c7faf 
1711e9 
d5da83 
8ae105 
78625a 
d86749 
36af 5a 
48c57e 
223f61 
1e1689 
921049 
1 be2ae 
c319f 6 
858cf6 
65bde3 
a2737c 
2aa f 5a 
8ccbd8 
87af 5a 
f a625a 
18f f 4a 
31625a 
3b4f fd 
6b1864 
42af 5a 
74cf 4e 
f9c57e 
063f61 
051689 
be4f 77 
f 1 1049 
4c38ba 
7ea256 
ca737c 
77e2c6 
2daf 5a 
cdddef 
15cdc7 
1e320d 
667f 2d 
46b9ba 
cb6da8 
19e5f 
bb045e 
c6e2 c6 



• • ■ • NEW-L(i ) 
end loop; 
end process L-XOR-PR; 



L( i ) xor P-0UT( i ) 



Combine final L and R to FP 

FP-IN <= NEW-L(31 downto 0) & R(31 downto 0) 



RESULT-PR: p r o c e s s ( R S T-N , C LK ) 



begin 

i f RST-N = ' ' then 

RESULT <= (others => '0' ); 
eLsif CLK'event and CLK = 'V then 
i f (DONE = ' 1 ' ) then 

RESULT <= FP-OUT; 
end if; 
end if; 

end process RESULTS-PR; 



end be h 



Library ieee; 

use IEEE. std-logic-1164. all; 
use I E E E . s t d- I og i c-a r i t h . a I I ; 
use I E E E . s t d- I og i c-un s i gned . a I I ; 



entity DES is 



por t ( 



• CLK • > 

•RST-N • 

• STARTo 

MESSAGE 

KEY ■ ■ • 

DONE • • 

CNT • • • 

oDES-OUT 



i n 
i n 
i n 
i n 
i n 
out 
out 
out 



std-Logi c; 
std-Logi c; 
std-Logi c; 

std-Logi c-vector(63 downto ) ; 
std-Logi c-vector(55 downto 0); 
' stdwLogi c; 

•std-logic-vector(4 downto 0); 
st d- Log i c-vec tor ( 63 downto 0) 



architecture beh of DES is 



signal SUBKEYt> t> 
signal DONE-BAKi> > 

component MESG 
port( ■ • CLK • > 

RST-N • > 

STARTS 

DONE • - 
> MESSAGE 

SUBKEY 
oRESULT 



s t d- L og i c-ve c t or ( 47 downto 0); 
std-Logi c; 



i n 
i n 
i n 
i n 
i n 
i n 
out 



•■•■); 

end component; 

component KEY-GEN 
port ( ■ ■ CLK • • • 

RST-N • 

START • 

KEY^IN 

DONE * • 

CNT • • • 

KEY^OUT 

end component; 



std-Logi c; 

std_Logi c; 

std-logi c; 

std^Logi c; 

s td- Log i c-vec t or ( 63 downto 0) 

s td- Log i c-vec t or ( 47 downto 0) 

s td- L og i c-vec tor ( 63 downto 0) 



i n 
i n 
i n 
i n 
out 
out 
out 



std-Logi c; 

std-Logi c; 

std-logi c; 

std-Logic-vector(55 downto 0); 

std-Logi c; 

std-Logic-vector(4 downto 0); 

s t d- L og i c-ve c t o r ( 47 downto 0)) 



Chapter 6: Chip Source Code 



6-11 



--381d 00180ac228180030002 Page 4 of des.vhd 



e0af 5a 

4a0f89 begin 

e0af 5a 

554a2f DES1 : ME 

2e1 940 port map 

1392d2 > 

49c81c 

223042 

feff4b > 

1 1 3f 83 > 

f157a1 > 

160e22 > 

faa415 > 

b30759 DES2: KE 

857097 port map 

139892 



f 289c8 • ■ ■ ■ 

c6ba76 

22bf f c 

5045c8 

5b11ad 

4ac932 

130886 t> );• 

15af 5a 

834dc0 DONE <= DONE-BAK; 

60af 5a 

c9b08a end ben; 

80af 5a 



SG 

( • • 

CLK • t> 

RST-N • 

STARTi> 

DONE • - 

MESSAGE 

SUBKEY 

RESULT 

); 

Y-GEN 

( 

CLK • ■ ■ 
RST-N • 
START • 
KEY-IN 
DONE - ■ 
CNT 
KEY-OUT 



CLK, 

RST-N, 

START, 

DONE-BAK, 

MESSAGE, 

SUBKEY, 

DES-OUT 



CLK, 

RST-N, 

START, 

KEY, 

DONE-BAK, 

CNT, 

SUBKEY 



6-12 



Chapter 6: Chip Source Code 



19f8 000b92e30e480030003 Page 1 of des.ctl.vhd 



bb997d 
e7625a 
9cde87 
0773db 
e54087 
8178f 4 
1b997d 
8c5356 
9b7f af 
c111e9 
bcda83 
bdel 05 
f 05c9a 
9f af 5a 
b03876 
73af 5a 
47ec7a 
f 42e77 
99d3de 
8abd37 
ef 5dd7 
d1b4b9 
8be15e 
d4e72f 
b606d7 
5eb5fb 
b06cd6 
e2737c 
blaf 5a 
88eb4c 
0daf 5a 
3e625a 
ee9bda 
e3625a 
27af 5a 
b9c8c3 
446bef 
716d50 
905ba6 
I428a9 
e7b07c 
91b6c3 
b0c721 
fd3ce5 
7caf 5a 
d50f 89 
37625a 
88c675 
3d625a 
230f89 
4b1801 
46c97a 
894f 5b 
ed6ab2 
ed9e8f 
b59193 
56b749 
419236 
db124d 
863598 
ecd5d 
e9e93c 
09036d 
8101cd 
f cb985 
7c5890 
d8af 5a 
55625a 
542e43 
3998b6 
8daf 5a 
b9875a 



AUTHOR 
DATE • 
TITLE 
FILE • 



TOM VU 

10/15/97 

DES -TEST BENCH 
des_ctl.vhd •■• 



Library ieee; 

use IEEE.std_logic_1164.aLL; 
use IEEE.std_Logic_arith.aLL; 
use IEEE.std_Logic_unsigned.aLL; 
use ieee.std_logic_textio.all; 

entity CTL is 



port( 



CLK 

RST.N • • • 
START • • - 
DECR 

DES-OUT ■ 
DECR-INT 
READ_EN • 
START_INT 
MESSAGE • 

KEY 

DATA • • • • 



in • • 


■ • std_Logic; 






in • • 


• • std_Logic; 






in - - 


■ • std-Logic; 






in • • 


• -std-Logic; 






in - - 


■ ■ std_Logic_vector(63 


down t o 


0] 


out ■ 


• - std-Logic; 






out • • 


• std-Logic; 






out • 


• • std-Logic; 






out • 


■ • std_Logic_vector(63 


downto 


0] 


out • 


■ • std_Logic_vector(55 


down t o 


0] 


i nou t 


• std_Logi c_vector(31 


downto 





end CTL; 



architecture BEH of CTL is 



CNT1 6 

MS60 

MSG1 

KEY0 

KEY1 

OUT0 

0UT1 

DATA- 



BAK 



START-INT-D 



std_Logic_vector(3 downto 0); 

s t d_ L og i eve c t o r ( 3 1 downto 0) 

s t d_ L og i c_ve c t o r ( 3 1 downto 0) 

s t d_ L og i c_ve c t o r ( 3 1 downto 0) 

s t d_ L og i c_ve c t o r ( 23 downto 0) 

std_Logic_vector(31 downto 0); 

s t d_ L og i c.vec to r ( 31 downto 0) 

s t d_ L og i c_vec t o r ( 31 downto 0) 
std_Logi c; 



s i g na L 
s i gna L 
s i gna L 
s i gna L 
s i g na L 
s i g na L 
s i gna L 
s i gna L 
s i gna L 

begin 

CNT-PR 

begin 

if RST_N = ' ' then 

CNT16 <= "0000"; 

t> > START-INT <= ' ' ; 

t> > DECR-INT <= '0' ; 

eLsif CLK'event and CLK = '1' then 

> > START-INT <= START_INT_D; 

if CNT16 = 4 then 
> > DECR_INT<=DECR; 

end if; 

if START = ' 1 ' • then 

CNT16 <= "0001 "; 

else 

CNT16 <= CNT16 + 1; 

end if; 

end if; 

end process; 



process(CLK,RST_N) 



KEY ••••<= KEY1 S KEY0; 
MESSAGE <= MSG1 & MSG0; 



START_INT_D <= 



when CNT16 = 4 else 



Chapter 6: Chip Source Code 



6-13 



— 5868 000b6ca077a80030003 Page 2 of des-ctl.vhd 



3b625a 
f8afe8 
f0625a 
bc0f89 
636118 
f8215b 
b18806 
83e94c 
81401 1 
b60502 
e7f 081 
2a0cf b 
973aa4 
bb9705 
d56f35 
a2932e 
b26b0e 
57896f 
e8f94a 
283cf f 
4634e8 
cf9517 
39df0b 
c3a f 5a 
2c7f 1c 
638b8d 
5d7518 
de0f89 
1bf 081 
76ac3f 
dc5734 
b475bf 
9b9950 
e910d3 
5e75bf 
3e3cf f 
322d30 
9b6904 
c29517 
885890 
28d83c 
ce6687 
645c73 
a a 62 5 a 
777faf 
4011e9 
9dda83 
47e105 
ab5c9a 
d3f403 
0daf 5a 
6faf 5a 
79bf60 
d3ec7a 
ef 2e77 
e8d3de 
67bd37 
f 19930 
1c714a 
006cd6 
e3737c 
c4a f 5a 
38c0b8 
2faf 5a 
fb5356 
71bf08 
c7a f 5a 
4ee222 
15ec7a 
832e77 
d6d3de 
b6bd37 



REG-IN-PR: p ro c e s s ( RST-N , C LK ) 
b< 



egi n 
f RS 



Lsif 
• - - c 



T-N 

• • • M 

• • • M 
- ■ • K 

• - * K 
CLK 

a se 



SG0 
SG1 
EY0 
EY1 
1 ev 
CNT 
hen 

hen 

hen 

hen 

hen 



< = 

< = 

ent 
16 



1 >; 
' >; 
' >; 
' >; 

then 



en 

others = 

others = 

others = 

others = 

nd CLK = '0' 

01" => 

SG0 <= DATA; 

10" => 

SG1 <= DATA; 

11" => 

EY0 <= DATA; 



EY1 <= DATAC23 downto 0) 
r s => 
ill I; 



nd i 
nd p 



ESSA 
eg i n 
• ■ • c 



roce 
GE-0 



• * * • end c 
end proce 



ss REG-IN-PR; 

UT-P: process ( C NT1 6 , D E S-OUT ) 

CNT16 is 

hen -"0110" j "0111" => 

DATA <= DES-0UT(63 downto 32) 

READ-EN <= ' 1 ' ; 
hen -"1000" | "1001" => 

DATA <= DES-0UT(31 downto 0); 

READ-EN <= ' 1 ' ; 
hen others => 

DATA <= (others => 'Z'); 

READ-EN <= '0 1 ; 
a s e ; 
ss; 



-DAT 
nd B 



A < = 
EH; 



DATA-BAK 



ibrary ieee; 

ise IEEE. std-Logic-1 164. aL L; 
ise IEEE. std-logic-arith. all ; 
ise I EEE . s t d- log i c-uns i gned . a I I 
ise ieee. std-logic-textio. all; 
ise std.textio.all; 



entity DES-CTL 
port ( • ■ CLK • • 

RST-N 

START 

DECR • 

DONE • 

READ-EN 

DATA • • 



i n 
i n 
i n 
i n 
out 
out 
i nou t 



std-logi c; 

std-logi c; 

std-logic; 

std-logic; 

* std-logi c; 

•std-logic; 

std- log i c-vec tor (31 downto 0) 



end DES-CTL 



architecture beh of DES-CTL is 



component DES 
port( • • CLK • 

RST-N 

START 

DECR 



: i n 

: i n 

: i n 

: i n 



std-logi c; 
std-logi c; 
std-logi c; 
std-logic; 



6-14 



Chapter 6: Chip Source Code 



4c0d 001891 375c380030003 Page 3 of des-ctl.vhd 



e60995 
b5604f 
389930 
4a3f e1 
43737c 
14af 5a 
cae2 c6 
9caf 5a 
89c2b6 
2ae c7a 
322e77 
b4d3de 
19bd37 
5f 5dd7 
c9b4b9 
51 52ad 
35e72f 
4606d7 
e2b5fb 
f f6cd6 
0f737c 
b2e2c6 
6ea f 5a 
e11578 
cc4d61 
2af 53c 
3c9af 4 
0e7f d8 
33af 5a 
adc009 
800f89 
1daf 5a 
688c8c 
58d9d1 
01d07d 
182dd5 
d4a453 
836338 
60f b6c 
df f 105 
e8de19 
9f f 5f 9 
3e6275 
8caf 5a 
0bbe8d 
c215ed 
f 5a06a 
2dc2f f 
c1276c 
9fd1 15 
1a0875 
a721c4 
7bef90 
cf 2a60 
2f2a6a 
c950dc 
e5737c 
06af 5a 
89b08a 



MESSAGE 
KEY 

DONE • • 
DES-OUT 



end component; 



component CTL 
port( • - CLK ■ 



RST-N • • • 
START • • • 

DECR 

DES-OUT • 
DECR-INT 
READ-EN • 
START-INT 
MESSAGE • 

KEY 

DATA 



) ; 



end component; 

signal START-INT 

signal DECR-INT 

signa I MESSAGE • 

signa I KEY 

signa I DES-OUT • 



in -•■•std-logic-vector(63 downto 0); 
in ■•-•std-logic-vector(55 downto 0); 
out •••■std-logic; 
out - • • s t d- I og i c-ve c t o r ( 63 downto 0) 



i n 
i n 
i n 
i n 
i n 
out 
out 
out 
out 
out 
i nou t 



std-logic; 

s t d - I o g i c; 

std-logic; 

s t d - I o g i c; 

s t d- log i c-ve c tor ( 63 downto 

std-logic; 

s t d - I o g i c; 

s t d - I o g i c; 

s t d- I og i c-vec t o r ( 63 downto 

s t d u I og i c-ve c t o r ( 5 5 downto 

s td- log i c-vector ( 31 downto 



); 



s t d - I o g i c; 
s t d - I o g i c; 

std-logic-vector(63 downto 0); 
std-logic-vector(55 downto 0); 
std-logic-vector(63 downto 0); 



begin 

DES-CTL1 : 
port map ( • 
CLK 



DES 



RST-N • 
START ■ 
DECR ■ • 
MESSAGE 
KEY 

DONE ■ • 
DES-OUT 



>; 



DES-CTL2 : CTL 
port map ( • • C LK 
RST-N • 



> t> 



START > > 
DECR > > 
DES-0UT>> 
DECR-INT> 
READ-EN>t> 
START-INTo 
MESSAGE t> 
KEYi> > 
DATAi> > 



CLK, 

RST-N, 

START-INT 

DECR-INT, 

MESSAGE, 

KEY, 

DONE, 

DES-OUT 



CLK, 

RST-N, 

START, 

DECR, 

DES-OUT, 

DECR-INT, 

READ-EN, 

START-INT, 

MESSAGE, 

KEY, 

DATA 



end b e h ; 



Chapter 6: Chip Source Code 



6-15 



6dad 001 b55b5c0880030004 Page 1 of e x . v h d 



bb997d 
aa533a 
bf 8d0a 
b4d6cd 
a5625a 
aa7f a f 
5211e9 
cada83 
77e105 
05af 5a 
59af 5a 
7b625a 
a6c076 
59af 5a 
3714be 
ebba80 
be7fd5 
6c737c 
06af 5a 
6851d9 
b0af 5a 
08625a 
c32a2a 
0e625a 
41a039 
ed005c 
a 1 a f 5a 
42f2e2 
f7af 5a 
090f 89 
e0af 5a 
1b7095 
f87e8b 
523799 
8d4bab 
d21f04 
01424a 
275e35 
392f 5c 
dbaf 5a 
6ea f 5a 
f7625a 
e0c809 
cd625a 
2a0f89 
3bf616 
af78b9 
b38a2a 
f d2a0c 
90625a 
c1b08a 
b5625a 



Author 

Date 

Descriptiono 



Tom Vu 

09/27/97 

Left and Right 32-bit registers 



Library ieee; 

use IEEE. std-logic-1164. all; 
use IEEE. std-logic-arith. all ; 
use IEEE.std-logic-unsigned.all; 



entity EX is 

port ( • * 

EX-IN 

i>EX-0UT 



••••); 
end EX; 



in > std-logic-vector(31 downto 0); 
out * * • s t d- I og i c-ve c t o r ( 47 downto 0) 



architecture beh of EX is 



subtype small-integer is INTEGER range to 31; 
type EX-TYPE is array(0 to 47) of small-integer 

signal EX-TABLE : EX-TYPE; 

begi n 

EX-TABLE <= 



(31, 


0, 


1 , 


2, 


3, 


4, 


'3, 


4, 


5, 


6, 


7, 


8, 


• 7, 


8, 


9, 


10, 


11 r 


12, 


11 , 


12, 


13, 


14, 


15, 


16, 


15, 


16, 


17, 


18, 


19, 


20, 


19, 


20, 


21 , 


22, 


23, 


24, 


23, 


24, 


25, 


26, 


27, 


28, 


27, 


28, 


29, 


30, 


31, 


0) 



EX-PR: process(EX-IN, EX-TABLE) 

begin 

•t> for i in to 47 loop 

•> • • • • EX-0UT(i ) <= EX-IN(EX-TABLE(i ) ) 

*i> end loop; 

end process EX-PR; 



end beh 



6-16 



Chapter 6: Chip Source Code 



8e68 00126a906e980030005 Page 1 of fp.vhd 



bb997d 
aa 533a 
bf 8d0a 
b4d6cd 
a5625a 
aa7f a f 
5211e9 
cada83 
77e105 
05af 5a 
59af 5a 
7b625a 
98af 5a 
0b625a 
14962b 
87af 5a 
b6cc6d 
9a41a9 
b43f 8e 
3d737c 
31af 5a 
a7b2d6 
b2af 5a 
79625a 
8e7c77 
70625a 
7f7bd6 
6b698c 
52af 5a 
53dabe 
62af 5a 
800f89 
21af 5a 
ed66e c 
fa1781 
7bf 5f f 
f2d9a6 
84783c 
795d3b 
9abf45 
36e3e3 
f 0af 5a 
fdaf 5a 
71625a 
3c3f d4 
fb625a 
dc0f89 
623e98 
964718 
9636d5 
3ea33a 
61625a 
70b08a 
26af 5a 



Author 

Date 

Descriptions 



Tom Vu 

09/27/97 

Left and Right 32-bit rei 



Library ieee; 

use IEEE. std-logic-1164. all; 
use IEEE. std-logic-arith. all; 
use IEEE. std-logic_unsigned. all; 



entity FP is 
por t ( 



-•••); 
end F P ; 



FP_IN 
FP-OUT 



i n 
out 



s td- I og i c-vec t or ( 63 downto 0) 
s td- log i c-vec tor ( 63 downto 0) 



architecture beh of FP is 



subtype small-integer is INTEGER range to 63; 
type FP-TYPE is array(0 to 63) of small-integer, 

signal FP-TABLE : FP-TYPE; 



begin 
FP-TABLE <= 



(57,49,41 ,33,25,17, 

• 59,51,43,35,27,19,1 
•61,53,45,37,29,21,1 

■ 63,55,47,39,31,23,1 

• 56,48,40,32,24,16, 

• 58,50,42,34,26,18,1 

■ 60,52,44,36,28,20,1 

• 62,54,46,38,30,22,1 



1 , 
3, 
5, 
7, 
0, 
2, 
4, 
6) 



FP-PR: process(FP-TABLE,FP-IN) 

begin 

for i in to 63 loop 

FP_OUT(FP_TABLE(i)) 

end loop; 

end process FP-PR; 



FP_IN( i ) 



end beh 



Chapter 6: Chip Source Code 6-1 7 



--69ed 001 1 bd4de4480030006 Page 1 of ip.vhd 

bb997d | j | ! | | — 

aa533a -- Author : -Tom Vu 

bf8d0a — Date : -09/27/97 

b4d6cd -- Description!) •-•: -Left and Right 32-bit registers 

a5625a -- 

aa7faf library ieee; 

5211e9 use I EEE . s t d- L og i c_1 1 64 . a L L ; 

cada83 use IEEE. std-logic-arith. all; 

77e105 use IEEE. std-Logi c-unsigned. all; 

05af 5a 

59af 5a 

7b62 5a -- 

e 1 a ba 2 entity IP is 

72af 5a 

c2cc6d por t ( 

669c71 > IP-IN ••••> : in • • • • s t d- I og i c-ve c t o r ( 63 downto 0) 

02b42e HP-OUT ••> : out • ■ ■ s t d- I og i c-ve c t or ( 63 downto 0) 

37737c ■■■■); 
89af 5a 

2a002f end IP; 
eea f 5a 

7962 5a -- 

ab41fe architecture beh of IP is 

51625a -- 

c37bd6 subtype small^integer is INTEGER range to 63; 

dfd216 type IP-TYPE is array(0 to 63) of small-integer; 
91af 5a 

a18ac0 signal IP-TABLE : IP-TYPE; 
5aa f 5a 

760f89 begin 
a8af 5a 

8483b9 IP-TABLE <= > (39, 7,47,15,55,23,63,31, 

4f63cb > t> -38, 6,46,14,54,22,62,30, 

305108 > > -37, 5,45,13,53,21,61,29, 

401bb2 > > -36, 4,44,12,52,20,60,28, 

2656f9 > > -35, 3,43,11,51,19,59,27, 

601c43 > > -34, 2,42,10,50,18,58,26, 

e53413 o > -33, 1,41, 9,49,17,57,25, 

ce37fe > > -32, 0,40, 8, 48, 1 6, 56, 24 ) ; > 

8faf 5a 

1662 5a -- 

3f96cf IP-PR: p r o c e s s ( I P-T ABLE , I P-I N ) 

40625a — 

310f89 begin 

8c77f0 > for i in to 63 loop 

5d4d4d > • • • • IP-OUT(IP-TABLE(i ) ) <= IP-IN(i); 

6b7aa9 t> end loop; 

42bace end process IP-PR; 

89625a -- 

4bb08a end beh; 

1b62 5a -- 



6-18 



Chapter 6: Chip Source Code 



c4cf 000de4ae31 780030007 Page 1 of key-gen . vhd 



bb997d 
d8b1e9 
8f 8d0a 
e66b31 
da47f 7 
0ef b57 
37625a 
ae7f af 
c111e9 
d4da83 
e6e105 
1 f af 5a 
aea f 5a 
de625a 
9e1267 
20af 5a 
1284ad 
13ea26 
5f772c 
5f9a4d 
2dba1 f 
190f 7f 
a2970a 
1 f e70b 
6c737c 
cca f 5a 
adf875 
20af 5a 
af625a 
667811 
fb625a 
c6a f 5a 
2f801d 
d114be 
a5ba1 f 
33e01d 
7d737c 
a6e2 c6 
f baf 5a 
ac71c8 
bf 14be 
b5ba1 f 
b4e70b 
b7737c 
20e2c6 
1baf 5a 
dd4405 
66f 2bc 
9f f 549 
07d6e6 
742b5d 
5e08f 2 
3c2ca8 
a9c0ab 
27af 5a 
3baf 5a 
5d0f 89 
f 3af 5a 
86625a 
d088e6 
16625a 
20af 5a 
82d755 
e7af 5a 
9e625a 
f2d32d 
6b625a 
590f 89 
040e58 
884cd9 
571758 
de7aa9 



Author 

Date 

Description 
Functions 



Tom Vu 

09/27/97 

Generate Schedule Keys to be used by F funtion 
2 rings of 28 bits each will shift Left or right 
2 positions depends on ENCR/DECR and counter16 



by 1 o r 



Library ieee; 

use IEEE. std-logic-1164. all; 
use IEEE. std-logic-arith. all; 
use I EEE . s t d- L og i c-un s i gned . a L L ; 



entity KEY-GEN is 

port ( • • CLK • t> 

RST-N ■ > 

STARTt> 

— 1> DECR> 
t> KEY-IN 
> DONEc 

CNT • - • 

t>KEY-OUT 

■■■•); 

end KEY-GEN; 



i n 
i n 
i n 
i n 
i n 
out 
out 
out 



std-Logi c; 

std-Logi c; 

std-Logi c; 

std-Logi c; 

s t d- L og i c-ve c t o r ( 5 5 downto 0) 

std-Logi c; 

s td- Log i c-vec tor ( 4 -downto 0) 

s td- Log i c-vec tor ( 47 downto 0) 



architecture beh of KEY-GEN is 



component PC 1 ■ 
por t ( 

> KEY-IN 

^KEY-OUT 

•••■); 

end component; 

component PC2 
por t ( ■ • 

> KEY-IN 

>KEY-OUT 

....); 

end component; 



: i n 
: out 



: l n 
: out 



s td- Log i c-vec t or ( 5 5 downto 
s t d- Log i c-vec t or ( 5 5 downto 



s td- L og i c-vec tor ( 55 downto 
std- Log i c-vec tor ( 47 downto 



signal cnt16 : std-Logic-vector(4 downto 0); 



signal PC1-KEY 

signal PC1-KEY-C 

signal PC1-KEY-D 

signal KEY-REG-C 

signal KEY-REG-D 

signal KEY-REG ■ 

signa I SHIFT1 • • 



s t d- L og i c-vec to r ( 5 5 downto 

s t d- L og i c-vec t o r ( 27 downto 

s t d- L og i c-vec t o r ( 27 downto 

std- Log i c-vec tor ( 27 downto 

s td_ I og i c.vec to r ( 27 downto 

s td- L og i c-vec to r ( 55 downto 
std-Logi c; 



begin 

-- Permutation Choice #1 



PC-1: PC1 port map(KEY-IN => KE Y-I N, KEY-OUT => PC1-KEY); 



Split-to-C-and-D: process(PCI-KEY) 

begin 

for i in to 27 loop 

■ • • • PC1-KEY-D(i ) <= PC1-KEY(i); 

• • • • PC1-KEY-C(i ) <= PC1-KEY(i+28) 

> end Loop; 



Chapter 6: Chip Source Code 



6-19 



•-172b 000f d12a9a780030007 Page 2 of key-gen. vhd 



325890 
bc625a 
f 9a60c 
50625a 
190f 89 
614864 
6472de 
e997e5 
b2bdcf 
5a0175 
9607cc 
46e192 
f41b77 
36d0c1 
79af 5a 
617b70 
49ed6a 
C69236 
96e62e 
99d0c1 
ea570d 
255890 
c1625a 
9bbc40 
0c625a 
140f 89 
534864 
6dc840 
23bdcf 
d76769 
f 30000 
65e192 
6365a7 
06d0c1 
50570d 
c15890 
05625a 
442b00 
85625a 
a60f89 
85af 5a 
b8def 7 
bbd4da 
ed927a 
8f a644 
4b1780 
71a735 
b94049 
5c49cf 
d55710 
4d4742 
734ec4 
6ed797 
613fd0 
c747c3 
9b0b0e 
a97edc 
df73f 5 
686d58 
47d271 
713c58 
c6e09e 
a31e3f 
a97e34 
87e192 
77ee00 
710558 
72d0b6 
a1d0c1 
0394c3 
705175 
fdaf 5a 



end process; 

DONE-P: process(CLK,RST-N) 



begin 



f RST-N = '0' then 
DONE •<= '0'; 
SHI FT 1 •<= ' 0'; 
Lsif CLK'event and CLK = '1' then 

if CNT16 = 15 and START = '0 1 then 

DONE <= ' 1 ' ; 
else 

DONE - < = ' ' ; 
end if; 



if START = 
SHIFT1 

else- 

SHIFT1 
end if; 

t> end if; 
end process; 



or CNT16 
1 ' ; 



CNT16= 14 then 



C0UNTER16-P: p ro c e s s ( C LK, RST-N ) • 

begin 

> i f RST-N = ' ' then 

> > CNT16<= (others =>'0'); 

> elsif CLK'event and CLK = '1' then 

> •■•■if START = '1' -then 

> > CNT16 <= "00001"; 

> ••'•else 

> > CNT16<=CNT16+1; 

> end if; 

t> end if; 

end process; 



KEY-GEN-REG-P: process(CLK,RST_N) 



begin 



i f RST 
KE 
KE 

elsif 

f 



else 



> em 
end if 



-N = 
Y-RE 
Y„RE 
CLK' 
DEC 
i f 



el 



el 



i f 



G-C 

G-D 

even 

R = 
STA 
KE 
KE 

si f 
KE 
KE 

se 
KE 
KE 

d if 

STA 
KE 
KE 
sif 



then 
<= (o 
<= (o 
t and 
'0' t 
RT = 
Y-REG 
Y-REG 
SHIFT 
Y-REG 
Y-REG 



= > ' 0'); 

=> ' 0'); 
1 1 ' then 



then 

then 

CLK 

hen 

'1' then -- Load and Shift by 1 from external key 

-C 

„D 

1 ■■ 

-C 

_D 



:= PC1-KEY-C(26 downto 
:= PC1-KEY-D(26 downto 



then 



:= KEY-REG-CC26 downto 
:= KEY-REG-DC26 downto 



Shift Left by 1 for 1st key 



REG-C 
REG-D 



KEY-REG_C(25 downto 
KEY„REG-D(25 downto 



& PC1-KEY-CC27); 
& PC1-KEY-D(27); 



8 KEY-REG-CC27); 
S KEY„REG-D(27); 



& KEY-REG-C(27 downto 26) 
& KEY-REG-D(27 downto 26) 



- Last key was used in Encr 



else 



KE 

KE 

d if 



RT = ' 1 ' then 
Y-REG-C <= PC1-KEY-C, 
Y-REG-D <= PC1-KEY-D; 
SHI FT1 = ' 1 ' then 

Shift Right by 1 when cnt16 =1,8,15 
Y-REG-C <= KEY„REG-C(0) & KEY-REG_C(27 downto 1); 
Y-REG-D <= KEY„REG-D(0) & KEY-REG-D(27 downto 1); 

Shift Right by 2 when cnt16=others 
Y^REG-C <= KEY-REG-C<1 downto 0) & KEY-REG-C(27 downto 2) 
Y-REG-D <= KEY-REG-DC1 downto 0) & KEY-REG-D(27 downto 2) 



6-20 Chapter 6: Chip Source Code 



--2e6c 001 be95937580030007 Page 3 of key-gen. vhd 

325890 end process; 

bc625a -- 

4 4 e 5 4 6 -- Combine final C and D to KEY^REG 

cf625a -- 

782776 > KEY-REG <= KEY-REG-CC27 downto 0) 8 KEY-REG-DC27 downto 0); 

02625a -- 

b8a28e -- Permutation Choice #2 

a 262 5 a -- 

e5af 5a 

d4105b > PC-2: PC2 port map (KEY-IN => KEY-REG, KEY-OUT => KEY-OUT); 

2daf 5a 

1a 62 5 a -- 

8dd318 CNT <= CNT16; 

10b08a end ben; 

be625a -- 



Chapter 6: Chip Source Code 



6-21 



•a64d 0007ec2795380030008 Page 1 of mux256.vhd 



bb997d 
aa 533a 
3a917e 
36d3c8 
a35356 
657f af 
f311e9 
dbda83 
3ee105 
345356 
ae040a 
29af 5a 
3314be 
eca f 5a 
1ab249 
5b809f 
2af 4b0 
09737c 
96af 5a 
4eaf 5a 
645168 
73af 5a 
335356 
323cf3 
dd5356 
b0af 5a 
1faf 5a 
910f89 
0a5356 
4f29b4 
f f5356 
da 2da a 
650f89 
aa688f 
4ef f8f 
bd7180 
ee4dc8 
ec0910 
363558 
2eaf 5a 
9180a0 
f cbce8 
26f830 
0cc478 
c6af 5a 
ca9bd1 
16a799 
86dc35 
3205ba 
88af 5a 
62673a 
99beb5 
28a23a 
887bb5 
daa f 5a 
411935 
19c0ba 
de202b 
00f 9a4 
5baf 5a 
5a585f 
5d81d0 
a4e350 
b43adf 
7baf 5a 
e02650 
bSffdf 
959d5f 
6044d0 
d4af 5a 
45a441 
7e7dce 



Author • ■ • • 

Date 

Description 



Tom Vu 
09/07/97 • • 

Search Unit 



24 search units per ASIC 



Library ieee; 

use IEEE. std-logic-1164. all; 
use IEEE. std-logic-arith. all; 
use IEEE. std-logic-unsigned. all; 



entity MUX256 is 



port ( 



SHIFT-OUT 
PT-VECTOR 
BIT-MUX > 



std-logic-vector(7 downto ) ; 
s td-log i c-vec tor ( 25 5 downto 0) 
• stdw log i c 



end MUX2 56; 



architecture beh of MUX256 is 



begin 



DECODER-PR: process(SHIFT-OUT, PT-VECTOR) 



variable 
begin 



i i t> 




i 


iteger; 


nv-i n 


teger(SHIFT-OU 


1 s • 








when 


• 


= > 


BIT-MUX 


when 


• 1 


= > 


BIT-MUX 


when 


•2 


= > 


BIT-MUX 


when 


• 3 


= > 


BIT-MUX 


when 


■ 4 


= > 


BIT-MUX 


when 


• 5 


= > 


BIT-MUX 


when 


• 6 


= > 


BIT-MUX 


when 


■ 7 


= > 


BIT-MUX 


when 


• 8 


= > 


BIT-MUX 


when 


• 9 


= > 


BIT-MUX 


when 


10 


= > 


BIT-MUX 


when 


11 


= > 


BIT-MUX 


when 


12 


= > 


BIT-MUX 


when 


13 


= > 


BIT-MUX 


when 


14 


= > 


BIT-MUX 


when 


15 


= > 


BIT-MUX 


when 


16 


= > 


BIT-MUX 


when 


17 


= > 


BIT-MUX 


when 


18 


= > 


BIT-MUX 


when 


19 


= > 


BIT-MUX 


when 


20 


= > 


BIT-MUX 


when 


21 


= > 


BIT-MUX 


when 


22 


= > 


BIT-MUX 


when 


23 


= > 


BIT-MUX 


when 


24 


= > 


BIT-MUX 


when 


25 


= > 


BIT-MUX 


when 


26 


= > 


BIT-MUX 


when 


27 


= > 


BIT-MUX 


when 


28 


= > 


BIT-MUX 


when 


29 


= > 


BIT-MUX 



<= PT-VECTORC0); 

<= PT-VECT0RC1 ); 

<= PT-VECT0R(2); 

<= PT-VECT0RC3); 

<= PT-VECT0R(4); 

<= PT-VECT0RC5); 

<= PT-VECT0R(6); 

<= PT-VECT0R(7); 

<= PT-VECT0RC8); 

<= PT-VECT0RC9); 

<= PT-VECTORM0) 

<= PT-VECT0R(1 1 ) 

<= PT-VECT0R(12) 

<= PT-VECT0RM3) 

<= PT-VECT0R(14) 

<= PT-VECT0R(15) 

<= PT-VECT0R(16) 

<= PT-VECT0R(17) 

<= PT-VECT0R(18) 

<= PT-VECT0R(19) 

<= PT-VECTOR(20) 

<= PT-VECT0R(21 ) 

<= PT-VECT0R(22) 

<= PT-VECT0R(23) 

<= PT-VECT0R(24) 

<= PT-VECTOR(25) 

<= PT-VECT0R(26) 

<= PT-VECT0R(27) 

<= PT-VECT0R(28) 

<= PT-VECT0R(29) 



6-22 



Chapter 6: Chip Source Code 



e5c6 



I4c47201 180030008 Page 2 of mux256.vhd 



292479 > 


when 


30 


= > 


BIT_MUX 


< = 


PT_VECTOR(30); 


25fdf6 > 


when 


31 


= > 


BIT-MUX 


< = 


PT-VECT0R(31 ); 


069f76 


when 


32 


= > 


BIT_MUX 


< = 


PT_VECT0R(32); 


a046f9 


when 


33 


= > 


BIT_MUX 


< = 


PT-VECT0RC33); 


be5a76 > 


when 


34 


= > 


BIT_MUX 


< = 


PT-VECT0RC34); 


5983f9 


when 


35 


= > 


BIT-MUX 


< = 


PT-VECT0RC35); 


3ee179 


when 


36 


= > 


BIT-MUX 


< = 


PT-VECT0RC36); 


aa38f6 l 


when 


37 


= > 


BIT-MUX 


< = 


PT-VECT0RC37); 


6ad867 > 


when 


38 


= > 


BIT-MUX 


< = 


PT-VECT0RC38); 


a101e8 : 


when 


39 


= > 


BIT-MUX 


< = 


PT_VECT0R(39); 


1b589a 


when 


40 


= > 


BIT-MUX 


< = 


PT_VECTOR(40); 


a08115 > 


when 


41 


= > 


BIT-MUX 


< = 


PT-VECT0RC41); 


a9e395 > 


when 


42 


= > 


BIT-MUX 


< = 


PT_VECT0R(42); 


be3a1 a 


when 


43 


= > 


BIT-MUX 


< = 


PT_VECT0R(43); 


872695 > 


when 


44 


= > 


BIT-MUX 


< = 


PT-VECT0RC44); 


d0ff1a > 


when 


45 


= > 


BIT-MUX 


< = 


PT_VECT0R(45); 


569d9a > 


when 


46 


= > 


BIT-MUX 


< = 


PT-VECT0RC46); 


5e4415 > 


when 


47 


= > 


BIT-MUX 


< = 


PT-VECT0RC47); 


d5a484 > 


when 


48 


= > 


BIT-MUX 


< = 


PT_VECT0R(48); 


ed7d0b t> 


when 


49 


= > 


BIT.MUX 


< = 


PT_VECT0R(49); 


4e24bc > 


when 


50 


= > 


BIT-MUX 


< = 


PT-VECTOR(50); 


63fd33 > 


when 


51 


= > 


BIT-MUX 


< = 


PT_VECT0R(51 ); 


3e9fb3 > 


when 


52 


= > 


BIT-MUX 


< = 


PT_VECTOR(52); 


da463c > 


when 


53 


= > 


BIT-MUX 


< = 


PT-VECT0RC53); 


cc5ab3 > 


when 


54 


= > 


BIT-MUX 


< = 


PT-VECT0R(54); 


8d833c t> 


when 


55 


= > 


BIT-MUX 


< = 


PT-VECTOR(55); 


42e1bc > 


when 


56 


= > 


BIT-MUX 


< = 


PT-VECT0R(56); 


193833 > 


when 


57 


= > 


BIT-MUX 


< = 


PT_VECT0R(57); 


5 7 d 8 a 2 > 


when 


58 


= > 


BIT-MUX 


< = 


PT-VECT0R(58); 


21 01 2d > 


when 


59 


= > 


BIT-MUX 


< = 


PT_VECT0R(59); 


fea0d6 > 


when 


60 


= > 


BIT-MUX 


< = 


PT-VECTORC60); 


727959 > 


when 


61 


= > 


BIT-MUX 


< = 


PT_VECT0R(61 ); 


7e1bd9 > 


when 


62 


= > 


BIT-MUX 


< = 


PT-VECT0RC62); 


96c256 » 


when 


63 


= > 


BIT-MUX 


< = 


PT-VECT0RC63); 


e7ded9 > 


when 


64 


= > 


BIT-MUX 


< = 


PT-VECT0RC64); 


210756 > 


when 


65 


= > 


BIT-MUX 


< = 


PT-VECT0RC65); 


0c65d6 > 


when 


66 


= > 


BIT-MUX 


< = 


PT-VECT0RC66); 


9fbc59 > 


when 


67 


= > 


BIT-MUX 


< = 


PT-VECT0RC67); 


985cc8 > 


when 


68 


= > 


BIT-MUX 


< = 


PT-VECT0RC68); 


598547 > 


when 


69 


= > 


BIT-MUX 


< = 


PT-VECT0RC69); 


bcdcf0 > 


when 


70 


= > 


BIT-MUX 


< = 


PT-VECTORC70); 


5b057f > 


when 


71 


= > 


BIT-MUX 


< = 


PT_VECT0R(71 ); 


dd67ff > 


when 


72 


= > 


BIT-MUX 


< = 


PT_VECT0R(72); 


49be70 > 


when 


73 


= > 


BIT-MUX 


< = 


PT_VECT0R(73); 


bea2ff > 


when 


74 


= > 


BIT-MUX 


< = 


PT_VECT0R(74); 


b 7 b 7 > 


when 


75 


= > 


BIT-MUX 


< = 


PT-VECT0R(75); 


3a19f0 > 


when 


76 


= > 


BIT-MUX 


< = 


PT_VECT0R(76); 


62c07f > 


when 


77 


= > 


BIT-MUX 


< = 


PT-VECT0R(77); 


e1 20ee > 


when 


78 


= > 


BIT-MUX 


< = 


PT-VECT0RC78); 


b2f961 > 


when 


79 


= > 


BIT-MUX 


< = 


PT-VECT0RC79); 


b0591 


when 


80 


=> 


BIT-MUX 


< = 


PT_VECTOR(80); 


56809f > 


when 


81 


= > 


BIT-MUX 


< = 


PT_VECT0R(81 ); 


95e21f > 


when 


82 


= > 


BIT-MUX 


< = 


PT-VECT0RC82); 


ca3b90 > 


when 


83 


= > 


BIT-MUX 


< = 


PT-VECT0RC83); 


a4271f > 


when 


84 


= > 


BIT-MUX 


< = 


PT_VECT0R(84); 


a0fe90 > 


when 


85 


= > 


BIT-MUX 


< = 


PT-VECT0R(85); 


ea9c1 > 


when 


86 


= > 


BIT-MUX 


< = 


PT-VECT0R(86); 


79459f 


when 


87 


= > 


BIT-MUX 


< = 


PT_VECT0R(87); 


79a50e > 


when 


88 


= > 


BIT-MUX 


< = 


PT-VECT0R(88); 


207c81 > 


when 


89 


= > 


BIT-MUX 


< = 


PT_VECT0R(89); 


b22536 > 


when 


90 


= > 


BIT-MUX 


< = 


PT-VECTORC90); 


c6fcb9 > 


when 


91 


= > 


BIT-MUX 


< = 


PT_VECT0R(91); 


929e39 > 


when 


92 


= > 


BIT-MUX 


< = 


PT-VECT0RC92); 


a247b6 > 


when 


93 


= > 


BIT-MUX 


< = 


PT_VECT0R(93); 


ca5b39 > 


when 


94 


= > 


BIT-MUX 


< = 


PT_VECT0R(94); 


9682b6 > 


when 


95 


= > 


BIT-MUX 


< = 


PT_VECT0R(95); 


24e036 > 


when 


96 


= > 


BIT-MUX 


< = 


PT-VECT0R(96); 


2939b9 > 


when 


97 


= > 


BIT-MUX 


< = 


PT-VECT0RC97); 


87d928 


when 


98 


= > 


BIT-MUX 


< = 


PT-VECT0R(98); 


db00a7 > 


when 


99 


= > 


BIT_MUX 


< = 


PT_VECT0R(99); 


70af 5a 














4c64b8 > 


when 


100 


= > 


BIT-MUX 


< = 


PT_VECTOR(100) 



Chapter 6: Chip Source Code 



6-23 



--ac24 


000bc20cea880030008 


Page 3 of mux256.vhd 


f b0f61 


> 


when 


01 


= > 


BIT-MUX 


< = 


PT-VECTOR(101); 


eab30a 


> 


when 


02 


= > 


BIT-MUX 


< = 


PT-VECTOR(102); 


a3d8d3 


> 


when 


03 


= > 


BIT-MUX 


< = 


PT-VECT0R( 103); 


2ac3cd 


> 


when 


04 


= > 


BIT-MUX 


< = 


PT-VECTORC104); 


c6a814 


> 


when 


05 


= > 


BIT-MUX 


< = 


PT-VECTOR(105); 


8b147f 


> 


when 


06 


= > 


BIT-MUX 


< = 


PT-VECTOR(106); 


8d7fa6 


> 


when 


07 


= > 


BIT-MUX 


< = 


PT-VECTOR(107); 


dd2243 


> 


when 


08 


= > 


BIT-MUX 


< = 


PT-VECTOR(108); 


5f 499a 


> 


when 


09 


= > 


BIT-MUX 


< = 


PT-VECTOR(109); 


8c2f9f 


> 


when 


10 


= > 


BIT-MUX 


< = 


PT-VECT0R(1 10); 


904446 


> 


when 


11 


= > 


BIT-MUX 


< = 


PT-VECT0R(111); 


1df82d 


> 


when 


12 


= > 


BIT-MUX 


< = 


PT-VECT0R(112); 


5793f 4 


> 


when 


13 


= > 


BIT-MUX 


< = 


PT-VECT0R(113); 


c088ea 


c> 


when 


14 


= > 


BIT-MUX 


< = 


PT-VECT0R(114); 


f f e333 


> 


when 


15 


= > 


BIT-MUX 


< = 


PT-VECT0R(115); 


305f 58 


> 


when 


16 


= > 


BIT-MUX 


< = 


PT-VECT0R(116); 


133481 


> 


when 


17 


= > 


BIT-MUX 


< = 


PT-VECT0R(117); 


5d6964 


> 


when 


18 


= > 


BIT-MUX 


< = 


PT-VECTORU 18); 


7302bd 


> 


when 


19 


= > 


BIT-MUX 


< = 


PT-VECT0R(1 19); 


4cf 2f6 


> 


when 


20 


= > 


BIT-MUX 


< = 


PT-VECTOR(120); 


5f992f 


> 


when 


21 


= > 


BIT-MUX 


< = 


PT-VECT0R(121 ); 


532544 


> 


when 


22 


= > 


BIT-MUX 


< = 


PT-VECT0R(122); 


3c4e9d 


> 


when 


23 


= > 


BIT-MUX 


< = 


PT-VECT0R(123); 


8d5583 


> 


when 


24 


= > 


BIT-MUX 


< = 


PT-VECT0R(124); 


d83e5a 


> 


when 


25 


= > 


BIT-MUX 


< = 


PT-VECT0R(125); 


a78231 


> 


when 


26 


= > 


BIT-MUX 


< = 


PT-VECT0R(126); 


6de9e8 


> 


when 


27 


= > 


BIT-MUX 


< = 


PT-VECT0R(127); 


46b40d 


> 


when 


28 


= > 


BIT-MUX 


< = 


PT-VECT0RC128); 


a5dfd4 


> 


when 


29 


= > 


BIT-MUX 


< = 


PT-VECT0R<129); 


d6b9d1 


> 


when 


30 


= > 


BIT-MUX 


< = 


PT-VECTORC130); 


b7d208 


> 


when 


31 


= > 


BIT-MUX 


< = 


PT-VECT0RC131 >; 


d36e63 


> 


when 


32 


= > 


BIT-MUX 


< = 


PT-VECT0R(132); 


6505ba 


> 


when 


33 


= > 


BIT-MUX 


< = 


PT-VECT0RC133); 


bb1ea4 


> 


when 


34 


= > 


BIT-MUX 


< = 


PT-VECT0RM34); 


f a757d 


> 


when 


35 


= > 


BIT-MUX 


< = 


PT-VECT0R(135); 


ddc916 


> 


when 


36 


= > 


BIT-MUX 


< = 


PT-VECT0R(136); 


02a2cf 


> 


when 


37 


= > 


BIT-MUX 


< = 


PT-VECT0RC137); 


d6f f2a 


> 


when 


38 


= > 


BIT-MUX 


< = 


PT-VECT0R(138); 


1694f3 


t> 


when 


39 


= > 


BIT-MUX 


< = 


PT-VECT0R(139); 


cd4035 


> 


when 


40 


= > 


BIT-MUX 


< = 


PT_VECTOR(140); 


1e2bec 


> 


when 


41 


= > 


BIT-MUX 


< = 


PT-VECT0R(141 ); 


2a9787 


t> 


when 


42 


= > 


BIT-MUX 


< = 


PT-VECT0R(142); 


3ef c5e 


> 


when 


43 


= > 


BIT-MUX 


< = 


PT-VECT0R(143); 


b4e740 


> 


when 


44 


= > 


BIT-MUX 


< = 


PT-VECT0R(144); 


138c99 


> 


when 


45 


= > 


BIT-MUX 


< = 


PT-VECT0R(145); 


8330f 2 


> 


when 


46 


= > 


BIT-MUX 


< = 


PT-VECT0R(146); 


815b2b 


> 


when 


47 


= > 


BIT-MUX 


< = 


PT-VECT0R(147); 


a 1 06ce 


> 


when 


48 


= > 


BIT-MUX 


< = 


PT-VECT0R(148); 


a66d17 


> 


when 


49 


= > 


BIT-MUX 


< = 


PT-VECT0R(149); 


f 30b12 


> 


when 


50 


= > 


BIT-MUX 


< = 


PT-VECTOR(150); 


0160cb 


> 


when 


51 


= > 


BIT-MUX 


< = 


PT-VECT0R(151 ); 


64dca0 


> 


when 


52 


= > 


BIT-MUX 


< = 


PT-VECTORd 52); 


1cb779 


> 


when 


53 


= > 


BIT-MUX 


< = 


PT-VECT0R(1 53); 


eba c67 


> 


when 


I54 


= > 


BIT-MUX 


< = 


PT-VECTOR(1 54); 


12c7be 


> 


when 


55 


= > 


BIT-MUX 


< = 


PT-VECT0R(1 55); 


f 17bd5 


> 


when 


56 


= > 


BIT-MUX 


< = 


PT-VECT0R(156); 


13100c 


t> 


when 


I57 


= > 


BIT-MUX 


< = 


PT-VECTOR(1 57); 


254de9 


> 


when 


158 


= > 


BIT-MUX 


< = 


PT-VECT0R(1 58); 


9b2630 


> 


when 


I59 


= > 


BIT-MUX 


< = 


PT-VECT0R( 159); 


e7d67b 


> 


when 


I60 


= > 


BIT-MUX 


< = 


PT-VECTOR(160); 


e1bda2 


> 


when 


161 


= > 


BIT-MUX 


< = 


PT-VECT0R(161 ); 


0d01 c9 


> 


when 


162 


= > 


BIT-MUX 


< = 


PT-VECT0R(162); 


0f 6a10 


t> 


when 


163 


= > 


BIT-MUX 


< = 


PT-VECT0R(163); 


6e710e 


> 


when 


164 


= > 


BIT-MUX 


< = 


PT-VECT0RU64); 


431ad7 


> 


when 


165 


= > 


BIT-MUX 


< = 


PT-VECT0R(165); 


f f a6bc 


> 


when 


166 


= > 


BIT-MUX 


< = 


PT-VECT0RC166); 


85cd65 


> 


when 


167 


= > 


BIT-MUX 


< = 


PT-VECT0R(167); 


ba9080 


> 


when 


168 


= > 


BIT-MUX 


< = 


PT-VECT0R(168); 


eefb59 


> 


when 


169 


= > 


BIT-MUX 


< = 


PT-VECT0R(169); 


539d5c 


> 


when 


170 


= > 


BIT-MUX 


< = 


PT-VECTOR(170); 


a3f685 


> 


when 


171 


= > 


BIT-MUX 


< = 


PT-VECT0R( 171); 


bc4aee 


> 


when 


172 


= > 


BIT-MUX 


< = 


PT-VECT0RC1 72); 



6-24 



Chapter 6: Chip Source Code 



--98f 5 


0005771 


e94c80030008 


Page 4 of mux256.vhd 


5b2137 


> 


when 


173 


= > 


BIT.MUX 


< = 


PT_VECT0R(173); 


f e3a29 


> 


when 


174 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(174); 


9651f0 


> 


when 


175 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(175); 


f aed9b 


t> 


when 


176 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(176); 


058642 


t> 


when 


177 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(177); 


33dba7 


t> 


when 


178 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(178); 


3eb07e 


t> 


when 


179 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(179); 


152da2 


> 


when 


180 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(180); 


10467b 


> 


when 


181 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(181 >; 


bdfa10 





when 


182 


= > 


BIT_MUX 


< = 


PT_VECT0R(182) ; 


2191c9 


> 


when 


183 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(183); 


808ad7 


> 


when 


184 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(184); 


64e1 0e 


> 


when 


185 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(185); 


7c5d65 


t> 


when 


186 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(186); 


2f36bc 


> 


when 


187 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(187); 


f06b59 


t> 


when 


188 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(188); 


420080 


t> 


when 


189 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(189); 


2e6685 


> 


when 


190 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(190); 


330d5c 


> 


when 


191 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(191); 


92b137 


> 


when 


192 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(192); 


4ada ee 


t> 


when 


193 


= > 


BIT_MUX 


< = 


PT_VECT0R(193); 


49c1f0 


t> 


when 


194 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(194); 


20aa29 


> 


when 


195 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(195); 


181642 


> 


when 


196 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(196); 


bf 7d9b 


t> 


when 


197 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(197); 


b5207e 


> 


when 


198 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(198) ; 


e84ba7 


> 


when 


199 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(199); 


d3af 5a 


















2b9aa2 


t> 


when 


200 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(200); 


dcf 17b 


> 


when 


201 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(201 ); 


f 94d10 


t> 


when 


202 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(202); 


c126c9 


t> 


when 


203 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(203); 


bf 3dd7 


t> 


when 


204 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(204); 


db560e 


> 


when 


205 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(205); 


f4ea65 


> 


when 


206 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(206); 


7381bc 


t> 


when 


207 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(207) ; 


6f dc59 


> 


when 


208 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(208); 


4f b780 


> 


when 


209 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(209); 


0bd185 


> 


when 


210 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(210); 


1eba5c 


t> 


when 


211 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(21 1 ); 


240637 


> 


when 


212 


= > 


BIT_MUX 


< = 


PT_VECT0R(212); 


ed6dee 


t> 


when 


213 


= > 


BIT. 


.MUX 


< = 


PT-VECT0RC213); 


e276f0 


> 


when 


214 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(214); 


601d29 


> 


when 


215 


= > 


BIT. 


-MUX 


< = 


PT_VECTOR(215); 


d7a142 


D> 


when 


216 


= > 


BIT. 


.MUX 


< = 


PT-VECT0RC216); 


5dca9b 


t> 


when 


217 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(217); 


4c977e 


I> 


when 


218 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(218); 


e7f ca7 


> 


when 


219 


= > 


BIT. 


.MUX 


< = 


PT-VECT0RC219); 


350cec 


> 


when 


220 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(220); 


446735 


> 


when 


221 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(221 ); 


03db5e 


> 


when 


222 


= > 


BIT. 


.MUX 


< = 


PT-VECT0RC222); 


48b087 


> 


when 


223 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(223); 


b7ab99 


> 


when 


224 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(224); 


aec040 


> 


when 


225 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(225); 


f 27c2b 


C> 


when 


226 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(226); 


3317f2 


> 


when 


227 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(227); 


db4a17 


t> 


when 


228 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(228); 


9721ce 


> 


when 


229 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(229); 


0947cb 


> 


when 


230 


= > 


BIT. 


.MUX 


< = 


PT_VECTOR(230); 


8e2c12 


> 


when 


231 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(231); 


cc9079 


> 


when 


232 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(232); 


68f ba0 


> 


when 


233 


= > 


BIT. 


.MUX 


< = 


PT_VECT0R(233); 


d0e0be 


t> 


when 


234 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(234); 


748b67 


t> 


when 


235 


= > 


BIT_MUX 


< = 


PT_VECT0R(235); 


7a370c 


> 


when 


236 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(236); 


915cd5 


> 


when 


237 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(237); 


900130 


> 


when 


238 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(238) ; 


e16ae9 


> 


when 


239 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(239) ; 


3abe2f 


> 


when 


240 


= > 


BIT 


.MUX 


< = 


PT_VECTOR(240); 


6dd5f6 


> 


when 


241 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(241 >; 


1d699d 


> 


when 


242 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(242); 


570244 


> 


when 


243 


= > 


BIT 


.MUX 


< = 


PT_VECT0R(243); 



Chapter 6: Chip Source Code 



6-25 



--e4a5 001 5 c0b772 1 80030008 Page 5 of mux256.vhd 



89195a > 

d87283 t> 

e2cee8 > 

eca531 c> 

f8f8d4 > 

8c930d > 

acf508 > 

4a9ed1 > 

8b22ba > 

c64963 > 

6c527d > 

7439a4 > 
8eaf 5a 

4f4575 > 

4f3387 -end 
08af 5a 

9db4f6 end p 
88af 5a 

105356 

28b08a end b 

b85356 

5caf 5a 



when 244 => 

when 245 => 

when 246 => 

when 247 => 

when 248 => 

when 249 => 

when 250 => 

when 251 => 

when 252 => 

when 253 => 

when 254 => 

when 255 => 

when others 

case; 



BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 



rocess DECODER-PR 



PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 



(244) 
(245) 
(246) 
(247) 
(248) 
(249) 
(250) 
(251 ) 
(252) 
(253) 
(254) 
(255) 



= > BIT-MUX <: 



eh; 



6-26 Chapter 6: Chip Source Code 



--1b70 0013488c39280030009 Page 1 of p.vhd 

bb99 7d | | | ! | 

aa533a -- Author : -Tom Vu 

cbb51f -- Date : -09/27/98 

ecd6cd -- Descriptions •■•: -Left and Right 32-bit registers 

038b7f -- FILENAME : -p.vhd 

e3cf 72 

f8625a -- 

c57faf Library ieee; 

4011e9 use I E E E . s t d_ I og i c_1 1 64 . a I I ; 

8eda83 use IEEE.std_Logic_arith.aLL; 

b2e105 use IEEE.std_Logic_unsigned.aLL; 

b4af 5a 

bea f 5a 

2e625a -- 



d07bea 


entity 


P is 


daf 5a 






8ccc6d 


port( 




0cb3bd 




P_IN 


a1 586a 




>P_OUT 


fa737c 


••••); 




c9af 5a 






b09776 


end P ; 




4daf 5a 







: in ■ • ■ * s td_ L og i c_ve c t or ( 31 downto 0) 
: out • - - s t d_ L og i c_ve c t o r ( 3 1 downto 0) 



1b625a -- 

d341d7 architecture beh of P is 

e3625a -- 

60a039 subtype smaLL_integer is INTEGER range to 31; 

8aa364 type P-TYPE is array(0 to 31) of small-integer; 

b6af 5a 

d649f0 signal P_TABLE : P_TYPE; 

c ca f 5a 

4c0f89 begin 

cf a f 5a 

1d4bdd P.TABLE <= > (11,17, 5,27,25,10,20, 0, 

436dcf > -13,21, 3,28,29, 7,18,24, 

d85d3e > -31,22,12, 6,26, 2,16, 8, 

3887c6 > -14,30, 4,19, 1, 9,15,23); > 

a 5a f 5a 

52625a -- 

1e3e5a P_PR: p roces s ( P_TABLE , P_I N ) 

c8625a -- 

3e0f89 begin 

0cd72a for i in to 31 loop 

a6408d > • • • * P_OUT(P_TABLE( i ) ) <= P_IN(i); 

a77aa9 > end Loop; 

c4a57c end process P_PR; 

fb625a -- 

40b08a end beh; 

34625a -- 






Chapter 6: Chip Source Code 6-27 



344c 001ea7d76d38003000a Page 1 of pd.vhd 



bb997d | j j ! ! ! 

d8b1e9 -- Author : -Tom Vu 

4a0864 — Date : -10/02/97 

04f701 -- Description!) *••: -Generate Permutation Choice #1 

dfc137 -- Functions •-•: -Array has the table which tells the mapping 

83625a -- 

0e7faf library ieee; 

e811e9 use I EE E . s t d- I og i c-1 1 64 . a I I ; 

99da83 use IEEE. std-logic-arith. all; 

19e105 use IEEE. std-logic-unsigned. all; 

00af 5a 

47af 5a 

6d625a -- 

941237 entity PC1 is 

33af 5a 

951 4be port ( 

5 1 b a 1 f o KEY-IN ----: in ••■-std-logic-vector(55 downto 0); 

8fe01d c>KEY-0UT •-■: out - - ■ s t d- I og i c-ve c t o r ( 5 5 downto 0) 

5a737c ••-•); 

37a9e7 end PC1; 

68625a -- 

ee8a34 architecture beh of PC1 is 

86625a -- 

1888c2 subtype smal ^integer is INTEGER range to 55; 

f92fa8 type P C 1 - T Y P E is array(0 to 55) of small-integer; 

5f77c7 signal PC1-TABLE : PC1-TYPE; 

b0af 5a 

710f89 begin 

6aa f 5a 

d4058b PC1-TABLE <= > (27,19,11,31,39,47,55, 

32b8bd o > -26,18,10,30,38,46,54, 

c84e55 > > -25,17, 9,29,37,45,5 3, 

b95fab > > -24,16, 8,28,36,44,52, 

258218 > > -23,15, 7, 3,35,43,51, 

0f93e6 > > -22,14, 6, 2,34,42,50, 

190a6f > > -21,13, 5, 1,33,41,49, 

337b37 > » -20,12, 4, 0, 32 , 40, 48 ) ; > 

95625a -- 

94c9d0 Permutat i on-choi ce-1 : p rocess ( KEY-I N , PC 1 -TABLE ) 

d8625a -- 

330f89 begin 

a1a5ed t> for i in to 55 loop 

5fee97 > •--- KEY-OUT ( PC 1 -TABLE ( i ) ) <= KEY-IN(i); 

657aa9 > end loop; 

fb5890 end process; 

c2625a -- 

2ab08a end beh; 

ea62 5a -- 



6-28 Chapter 6: Chip Source Code 



--fb57 001701367ee8003000b Page 1 of pc2.vhd 

bb99 7d | | | i | | 

025f32 -- Author : -Tom Vu- 

d00864 -- Date : -10/02/97 

85dd69 -- Descriptions •-•: -Generate Permutation Choice #2 

69c137 -- Functions ••*: -Array has the table which tells the mapping 

64625a -- 

fb7faf library ieee; 

4011e9 use I E E E . s t d_ I og i c_1 1 64 . a I I ; 

63da83 use IEEE. std_logic_arith. all; 

30e105 use IEEE. std_logic_unsigned. all; 

33af 5a 

78af 5a 

8 f 62 5 a -- 

cd0f f b entity PC2 i s 

49af 5a 

c81 4be port ( 

b b b a 1 f > KEY_IN ••••: in ••••std_logic_vector(55 downto ) ; 

9ae70b t>KEY_0UT ••-: out - - - s t d_ I og i c_ve c t o r ( 47 downto 0) 

c a 7 3 7 c ■•••); 
60af 5a 

214683 end PC2; 
85af 5a 

59625a -- 

3197f8 architecture beh of PC2 is 

2 762 5a -- 

3888c2 subtype small-integer is INTEGER range to 55; 

2c5861 type PC2-TYPE is array(0 to 47) of small-integer; 

9494fc signal PC2-TABLE : PC2-TYPE; 
a 5a f 5a 

620f89 begin 
a8af 5a 

7b87fd PC2_TABLE<= > (24,27,20, 6,14,10, 3,22, 

bcb0d3 > > --0,17, 7,12, 8,23,11, 5, 

eda82a > > -16,26, 1, 9,19,25, 4,15, 

60e6d1 > > -54,43,36,29,49,40,48,30, 

f07eaa > •> -52,44,37,33,46,35,50,41, 

f9c953 o > -28,53,51,55,32,45,39,42); 

44625a -- 

9e1c95 Permutation_choi ce-2: p ro c es s ( KE Y_ I N , PC 2-T ABLE ) 

34625a -- 

f30f89 begin 

d813e9 t> for i in to 47 loop 

35f552 > ----KEY-OUT(i) <= KEY-IN(PC2-TABLE(i)); 

9f7aa9 > end loop; 

925890 end process; 

a 962 5 a -- 

5bb08a end beh; 

70625a -- 



Chapter 6: Chip Source Code 



6-29 



--0a1e 000f 30f 0bc98003000c Page 1 of reg-rdwr.vhd 



bb997d 
aa533a 
f06e63 
704774 
b65356 
407faf 
6411e9 
b3da83 
a0e1 05 
325356 
b678aa 
dlaf 5a 
6bcba7 
6a2d12 
fa7852 
dc61d0 
d73455 
35c402 
3400c5 
90f f 5d 
86a88e 
ee8827 
dcb08d 
e3f 5bb 
d96e10 
e2af 5a 
e50f 19 
1cb93c 
5d77f 
a46aef 
d3a049 
2b57ed 
1346a7 
787409 
739c20 
b15335 
8d7bf e 
145cbe 
b9737c 
c8af 5a 
2aa f 5a 
642639 
73af 5a 
1d5356 
1f6e71 
335356 
f 35b70 
b9e3bf 
dlaf 5a 
2d0342 
cda f 5a 
1271b6 
f2e6ea 
d2b737 
f7af 5a 
8eaf 5a 
282682 
398ba7 
7502ae 
e517a8 
a1738b 
b32985 
f 3ca5d 
7daf 5a 
090f89 
b510c0 
a ca f 5a 
455356 
47d4cd 
645356 
609ebc 
f 33dcd 



Author 

Date 

Description 



Tom Vu 

09/19/97 

UProcessor interface 



Library ieee; 

use IEEE. std-logic-1164. all; 
use IEEE. std-logic-arith. all; 
use I EEE . s t d- log i c-uns i gned . a I I 



entity REG-RDWR is 



po r t ( 



RST-N 
BOARD-EN • 

ALE 

ADDSEL1 • • 

WRB 

RDB 

ADDSEL2 • • 

AA-IN 

ADDR 

CHIP-ID • • 
SEARCH-OUT 
SELECT-ONE 
SEARCH-IN 



CHIP-EN • • • 
AA-OUT 
CHIP-AA-OUT 
EXTRA-XOR • 
USE-CBC • • • 
PT-XOR-MASK 
PT-BYTE-MASK • > : 

PT-VECTOR > : 

C0 > : 

C1 > : 

DATAI t> : 

DATAO > : 



> : 



out 
: out 
: out 

• : out 

• : out 
> : out 

out 
out 
out 
out 



i n 



); 



std-logic; 

std-logi c ; 

std-logi c; 

std-logic; 

std-logic; 

std-logic; 

std-logic; 

std-logi c; 

std-logic-vector(7 downto ) ; 

s t d- I og i c-vec t or ( 7 downto 0); 

s t d- I og i c-vec t or ( 23 downto 0); 

std-logic-vector(23 downto ) ; 

• std- logi c-vec tor ( 23 downto 0) 

std-logic; 

std-logic; 

std-logic; 

std-logic; 

std-logi c; 

s t d- I og i c-vec t or ( 63 downto 0); 

std-logic-vector(7 downto ) ; 

std-log i c-vec tor ( 255 downto 0) 

std-logic-vector(63 downto 0); 

std-logic-vector(63 downto ) ; 

std-logi c-vector(7 downto 0); 

s t d- I og i c-ve c t or ( 7 downto 0) 



end REG-RDWR, 



architecture beh of REG-RDWR is 



type DATA32-ARRAY is array(31 downto 0) of s t d- I og i c-ve c t o r ( 7 downto 0) 
type DATA8-ARRAY -is array(7 -downto 0) of s t d- I og i c-ve c t o r ( 7 downto 0) 



signal PT-VECTOR-REG 



signal PT-XOR-MASK-REG 

signal CIPHER0 I 

si gna I CIPHER1 I 



DATA32-ARRAY 

DATA8-ARRAY; 
DATA8-ARRAY; 
DATA8-ARRAY; 



signal SEARCH-INFO-REG c>: std-logic-vector(7 -downto ) ; 

signal PT-B YTE-MASK-REG t> : s t d- I og i c-ve c t o r ( 7 -downto 0); 

signal CHIP-REG c> : s t d- I og i c-ve c t o r ( 7 -downto 0); 

signal CHIP-EN-BAKt> : std-logic; 

signal ALL-ACTIVE > : std-logic; 

signal BAA-EN > : std-logic; 

signal AA-OUT-BAK > : std-logic; 



begin 
CHIP-EN-BAK 



when ((CHIP-ID 



CHIP-REG) and BOARD-EN 



) else 



CHIP-ID-REG-PR 



process(RST-N, ALE) 
) then 



begin • • 
if (RST-N 



6-30 



Chapter 6: Chip Source Code 



--9b90 00080b9f f a88l 



Page 2 of reg-rdwr.vhd 



a4a147 
8eb4c0 
63af 5a 
f f 2241 
da905d 
7c62af 
2962af 
39d83c 
10abb9 
f 4af 5a 
cb5356 
f a ceba 
07acbc 
8d8679 
70735f 
4e5356 
a49ebc 
64643c 
40bac7 
98af 5a 
f 95f ed 
050335 
903746 
766b9e 
9d2038 
607ce0 
7b4893 
93144b 
0a167a 
7e4aa2 
b28a59 
aec73f 
921259 
185f 3f 
3e54f a 
1c199c 
2cdc6d 
67910b 
2d7f 16 
5c3270 
9f 2674 
f f6b12 
1e123b 
905f 5d 
904288 
1 40f ee 
a876c7 
763ba1 
9379f3 
713495 
0c9a56 
94d730 
64af 5a 
5c6da3 
cd7c21 
78f 89a 
a9e918 
a4a510 
6bb492 
9f3029 
ae2 1 ab 
c8af 5a 
e552d5 
c21c26 
3ca5bd 
85eb4e 
54d908 
0e97f b 
ca2e60 
c86093 
68af 5a 
80b339 



CHIP_REG <= (others => '0'); 
eLsif (ALE'event and ALE= 'V) then 

if ((BOARD-EN = '1') and (ADDSEL1 = '1')) then 

CHIP-REG <= ADDR; 

end if; • 
end if; • 

end process CHIP-ID-REG-PR ; 



READ-PR: p r o c e s s ( PT_ V E C TO R_R EG , PT-X R_M A S K-R EG , 

PT-BYTE-MASK-REG, S E A R C H- I N F 0_R EG , CIPHER0, CIPHER 
SEARCH-IN, SELECT-ONE, ALL-ACTIVE, AA-OUT-BAK, 
CHIP-EN-BAK, ADDSEL2, RDB, ADDR, BAA-EN) 



begin 

if ((CHIP-EN. 

> case 

> when 

> when 
when 

> when 

> when 
when 

t> when 
when 
when 

t> when 

> when 
t> when 

when 
when 

> when 

> when 
t> when 

when 
c> when 
when 
when 
when 
when 
t> when 

> when 

> when 

> when 
when 

> when 
when 
when 

> when 

> when 
when 

> when 
when 
when 

> when 
when 

> when 

when 
when 
when 
when 
when 

> when 

> when 
when 



BAK = 
ADDR 



1 ' ) and (ADDSEL2 = 



000001 

00001 

00001 1 

0001 00 

0001 01 

0001 1 

0001 1 1 

001 000 

001 001 
001 01 
001011 

001 1 00 

001 101 
001 1 10 
001 1 1 1 
01 0000 
010001 
010010 
010011 
010100 
010101 
0101 10 
0101 1 1 
011000 
01 1001 
01 1010 
01 101 1 

01 1 100 

01 1 101 
011110 
011111 



1 00001 
100010 
100011 
100100 
100101 

1001 10 

1001 1 1 



) and (RDB 



TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 



DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 

DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 



PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 



CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 



R E G ( ) ; 
,REG(1 ); 
R E G ( 2 ) ; 
REG(3); 
, R E G ( 4 ) ; 
,REG(5); 
R E G ( 6 ) ; 
,REG(7); 
R E G ( 8 ) ; 
, R E G ( 9 ) ; 
REG(10) 
,REG(11 ) 
,REG(12) 
,REG(13) 
,REG(14) 
,REG(15) 
,REG(16) 
,REG(17) 
,REG(18) 
REG(19) 
REG(20) 
REG(21 ) 
,REG(22) 
,REG(23) 
,REG(24) 
REG(25) 
,REG(26) 
,REG(27) 
REG(28) 
REG(29) 
REG(30) 
REG(31 ) 



PT-XOR-MASK-REG(0) 
PT-XOR-MASK_REG(1 ) 
PT-X0R_MASK_REG(2) 
PT-XOR_MASK_REG(3) 
PT-X0R_MASK-REG(4) 
PT-XOR-MASK-REG(5) 
PT-X0R-MASK-REG(6) 
PT-X0R-MASK-REG(7) 



CIPH 
CIPH 
CIPH 
CIPH 
CIPH 
CIPH 
CIPH 
CIPH 



ER0 
ER0 
ER0 
ER0 
ER0 
ER0 
ER0 
ER0 



(0) 

(1 ); 

(2) 

(3); 

(4) 

(5) 

(6); 

(7) 



) ) then 



when "0011 



> DATAO <= CIPHER1 (0); 



Chapter 6: Chip Source Code 



6-31 



■4711 000c5 caea668003000c Page 3 of reg-rdwr.vhd 



95fdca 
e64451 
dd0aa2 
7038e4 
a17617 
10cf8c 
a2817f 
16af 5a 
D74798 
1ba7e9 
d268c2 
f faf 5a 
06548f 
63e0de 
b0a4d4 
461085 
2dd7fe 
3c63af 
e327a5 
4493f 4 
9d13d9 
22a788 
942170 
a89d0d 
46a860 
1 31 41 d 
a9a4da 
3718a7 
35d7bf 
4b6bc2 
52f40b 
b64876 
3899a6 
8525db 
c2829b 
023ee6 
7f7aab 
07af 5a 
d492b5 
56523c 
a35d06 
8adf 0b 
6b2c2b 
4d5356 
f9ab46 
795356 
c29ebc 
9f3dcd 
9bd72a 
193d94 
4b7aa9 
1faf 5a 
a8df7d 
bd359a 
5fdf 54 
6adb2f 
a37aa9 
3faf 5a 
40889f 
f 15de2 
f 7af 5a 
f 9ae0d 
6faf 5a 
32e1c4 
48bac7 
51ebd1 
94ae1f 
69b156 
86f498 
cef 05c 
82b592 
c 5aadb 



when 
when 
when 
when 
when 
when 
when 

when 
when 



when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 



'00110001" => 

'00110010" => 

'00110011" => 

'00110100" => 

'00110101" => 

'00110110" => 

'00110111" => 

'00111000" => 

'001 11111" => 

AA-OUT-BAK 

01000111" => 

01001111" => 

01010111" => 

01011111" => 

01100111" => 

01101111" => 

01110111" => 

01111111" => 

10000111" => 

10001111" => 

10010111" => 

10011 111" => 

10100111" => 

10101111 " => 

10110111" => 

10111111 " => 

1 10001 11" => 

1 1001 111" => 

11010111 " => 

11011111 " => 

1 1 1001 11" => 

11101111" => 

11110111" => 

11111111 " => 
others ••••=> 



DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 



CIPHER1 (1 ) 
CIPHER1 (2) 
CIPHER1 (3) 
CIPHER1 (4) 
CIPHER1 (5) 
CIPHER1 (6) 
CIPHER1 (7) 



DATAO 

DATAO <= "00 

& ALL-ACTIVE 



PT-BYTE-MASK-REG; 
"000" & BAA-EN &• 
SEARCH-INFO. 



REG ( 1 downto ) 



DATAO <= "000000" & SELECT-ONE(0) 

DATAO <= "000000" & SELECT-ONEd ) 

DATAO <= "000000" & SELECT-0NE(2) 

DATAO <= "000000" & SELECT-0NE(3) 

DATAO <= "000000" & SELECT-0NE(4) 

DATAO •<= "000000" & SELECT-0NE(5) 

DATAO <= "000000" & SELECT-0NE(6) 

DATAO <= "000000" & SELECT-0NE(7) 

DATAO <= "000000" & SELECT-0NE(8) 

DATAO • <= "000000" S SELECT-0NE(9) 

DATAO •<= "000000" & SELECT-ONE(10) 

DATAO •<= "000000" & SELECT-ONEd 1 ) 

DATAO •<= "000000" & SELECT-0NE(12) 

DATAO •<= "000000" & SELECT-0NE(13) 

DATAO -<= "000000" & SELECT-0NE(14) 

DATAO ■<= "000000" & SELECT-ONEd 5) 

DATAO •<= "000000" S SELECT-0NE(16> 

DATAO •<= "000000" & SELECT-0NE(17) 

DATAO ■<= "000000" S SELECT-0NE(18) 

DATAO •<= "000000" & SELECT-0NE(19) 

DATAO •<= "000000" & SELECT-ONE(20) 

DATAO •<= "000000" & SELECT-0NE(21 ) 

DATAO • <= "000000" & SELECT-0NE(22) 

DATAO •<= "000000" S SELECT-0NE(23) 

DATAO <= (others => ' Z ' ) ; 



SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 



I N ( ) ; 
I N (1 ) ; 
I N ( 2 ) ; 
I N ( 3 ) ; 
I N ( 4 ) ; 
I N ( 5 ) ; 
I N ( 6 ) ; 
I N ( 7 ) ; 
I N ( 8 ) ; 
I N ( 9 ) ; 
IN(10) 
INC 1 1 ) 
INC 1 2) 
INC13) 
INC14) 
INC15) 
INC16) 
INC17) 
INC 1 8) 
INC19) 
INC20) 
INC21 ) 
INC22) 
INC23) 



d ca 
se 



d if 

d pr 



se; 



DATAO <= (others => ' Z ' ) ; 
ocess READ-PR ; 
TOR-PR: processCRST-N, WRB) 



g i n 
CRS 



T-N = ' ' ) then 

for i in to 31 Loop 

> PT-VECTOR-REGCi ) <= (others => 

> end loop; 

> fori in to 7 loop 

> PT-XOR-MASK-REGC i ) <= (others = 

> CIPHER0(i) <= (others => ' ' ) ; 
CIPHERKi) <= (others => '0'); 

> end loop; 

PT-BYTE-MASK-REG <= (others => 

> SEARCH-INFO-REG <= (others => 

elsif (WRB'event and WRB= '1') then 

if ( (CHIP-EN-BAK = '1') and (ADDSEL2 = 



) ) then 



case 
when 
when 
when 
when 
when 
when 
when 



ADDR is 
"00000000' 
"00000001 ' 
"0000001 0' 
"0000001 1 ' 
"000001 00' 
"000001 01 ' 
"000001 1 0' 



PT-VECTOR-REG(0) <= DATAI 

PT-VECT0R-REG(1 ) <= DATAI 

PT-VECT0R-REG(2) <= DATAI 

PT-VECT0R-REG(3) <= DATAI 

PT-VECT0R-REG(4) <= DATAI 

PT-VECT0R-REG(5) <= DATAI 

PT-VECT0R-REG(6) <= DATAI 



6-32 



Chapter 6: Chip Source Code 



f423 000420f b0478003000c Page 4 of r eg-rdw r . vhd 



47ef 15 
df6af6 
142f38 
409fd3 
a f c ba 3 
b035f f 
d3618f 
512528 
8e7158 
e39f93 
a 1 cbe3 
1fa22c 
4af65c 
1 5ad0c 
15f 97c 
cbab6f 
a9f f 1f 
17ada8 
28f9d8 
a7abcb 
17f fbb 
803a3b 
916e4b 
f c6480 
7d30f 
cea f 5a 
bc692a 
6261be 
abce3f 
8dc6ab 
d1 c5d 
b2cd55 
4262d4 
116a40 
4a a f 5 a 
8bb54a 
abe2a f 
ed700e 
2027eb 
f65acf 
180d2a 
379f8b 
9ac86e 
69af 5a 
bd18a7 
ea4f 42 
58dde3 
f 48a06 
0f f722 
86a0c7 
ef3266 
f 56583 
1daf 5a 
7202f9 
16af 5a 
1a1063 
70af 5a 
7aa f 5a 
27af 5a 
324c29 
a38259 
d262af 
cf62af 
3ed83c 
2f96ba 
0cd83c 
5a63e0 
f 70f c6 
2f41de 
0878f 6 
3433f8 
4255e6 



when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 
when 

when 

when 



10001 1 1 
1001000 
1001001 
1001010 
100101 1 
1001 100 
1001 101 
1001 1 10 
1001 1 1 1 
1010000 
1010001 
1010010 
101001 1 
1010100 
1010101 
10101 10 
10101 1 1 
101 1000 
1011001 
101 1010 
1011011 
101 1 100 
101 1 101 
101 1 1 10 
1011 1 11 

1100000 
1100001 
M00010 
110001 1 
M00100 
M00101 
11001 10 
11001 1 1 

1101000 
M01001 
M01010 
1101011 
M01100 
1101 101 
1101110 
1101111 

M10000 
1110001 
11 10010 
11 1001 1 
11 10100 
1110101 
1110110 
1110111 

11 1 1000 

1111111 



PT. 
PT\ 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 



VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 



,REG(7) 
REG(8) 
REG(9) 
REGC10 
,REG(11 
REGC12 
,REG(13 
REGC14 
,REG(15 
,REG(16 
REGC17 
,REG(18 
,REG(19 
,REG(20 
,REG(21 
,REG(22 
,REG(23 
,REG(24 
,REG(25 
,REG(26 
,REG(27 
,REG(28 
REGC29 
,REG(30 
,REG(31 



= DA 
:= DA 
:= DA 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 

<= D 



PT-XOR-MASK-REG(0) 
PT-X0R-MASK-REG(1 ) 



TAI; 

TAI; 

TAI; 

ATAI 

A T A I ; 

ATAI; 

ATAI 

A T A I ; 

ATAI 

ATAI; 

ATAI 

ATAI 

ATAI; 

ATAI 

ATAI; 

ATAI 

ATAI 

ATAI; 

ATAI 

ATAI; 

ATAI 

ATAI 

ATAI 

ATAI 

ATAI; 

DATAI 
DATAI 



=> PT-X0R-MASK-REG(2) <= DATAI 

=> PT„X0R-MASK~REG(3) <= DATAI 

= > PT^,X0R-MASK-REG(4) <= DATAI 

=> PT~X0R-MASK-REG(5) <= DATAI; 

=> PT-X0R-MASK-REG(6) <= DATAI 

=> PT-X0R-MASK-REG(7) <= DATAI 



CIPHER0C0) 
CIPHER0C1 ) 



DATAI 
DATAI; 



=> CIPHER0(2) <= DATAI 



CIPHER0C3) 
CIPHER0C4) 
CIPHER0C5) 
CIPHER0C6) 
CIPHER0(7) 

CIPHER1 (0) 
CIPHER1 (1 ) 
CIPHER1 (2) 
CIPHER1 (3) 
CIPHER1 (4) 
CIPHER1 (5) 
CIPHER1 (6) 
CIPHER1 (7) 



DATAI 

DATAI 

DATAI 

DATAI; 

DATAI 

DATAI 

DATAI 

DATAI 

DATAI 

DATAI; 

DATAI 

DATAI; 

DATAI 



=> PT^BYTE-MASK-REG <= DATAI; 
=> SEARCH^INFO^REG • <= DATAI; 



end i f ; 
end if; 



•when others => null 
end case; 



end process PT^VECTOR-PR ; 

PT-VECTOR <= • • • PT-VECT0R-REGC31 ) & PT-V E C TO R-R EG ( 30 ) & PT^ VE C TOR-R EG ( 29 ) & PT-1 
VECTOR-REGC28) & 

> PT^VECTOR-REG(27) & PT-V E C TO R-R EG ( 26 ) 8 PT- V E C TO R-R E G ( 2 5 ) & PT-I 
VECT0R-REGC24) S 

> PT_VECT0R-REG(23) & PT_V E CTO R-R EG ( 2 2 ) & PT-V E C TO R-R EG ( 2 1 ) & PT-I 
VECTOR-REGC20) S 



Chapter 6: Chip Source Code 6-33 



--88e5 001 f 556d3e88003000c Page 5 of reg-rdw r . vhd 

048028 » > PT-VECT0R-REG(19) & PT-VE C TOR-R EG ( 1 8 ) 8 PT-VE CTOR-R EG ( 1 7 ) 8 PT-I 

216203 VECT0R-REGC16) 8 

f87f6b > > PT-VECT0R-REG(1 5) 8 PT-VE C TOR-R EG ( 1 4 ) 8 PT-VE CTOR-R EG ( 1 3 ) 8 PT-I 

474f13 VECT0R-REGC12) 8 

d3dced t> > PT-VE CTOR-R EG ( 1 1 ) 8 PT-V E C TOR-R EG ( 1 ) 8 PT-VE C TO R-R EG ( 9 ) -8 PT-I 

400ee7 VECTOR-REG ( 8 ) 8 

d19f75 > > PT-VECT0R-REG(7) -8 PT-V E C TOR-R EG ( 6 ) -8 PT-V E CTO R-R EG ( 5 ) -8 PT-I 

8679d7 VECTOR-REGC4) 8 

fadb33 > > PT-VECTOR-REG ( 3 ) -8 PT-V E CTOR-R EG ( 2 ) -8 PT-VE CTO R-R EG ( 1 ) -8 PT-I 

ab712e VECTOR-REG ( ) ; 

9daf 5a 

f79fa6 PT-XOR-MASK <= • PT-XO R-M A SK-R E G ( 7 ) 8 PT-XOR-M A S K-R EG ( 6 ) 8 PT-XOR-M ASK-R EG ( 5 ) 81 

f47e06 • PT-X0R-MASK-REG(4) 8- 

9332e5 PT-XOR-MASK-R EG ( 3 ) 8 PT-XOR-M A S K-R EG ( 2 ) 8 PT-XOR-M A SK-R EG ( 1 ) 81 

708f30 • PT-XOR-MASK-REGC0) ; 

c6a f 5a 

bce0a8 C1 <= -CIPHER1C7) 8 CIPHER1C6) 8 CIPHER1C5) 8 CIPHERK4) 8- 

163040 CIPHERK3) 8 CIPHER1(2) 8 C I P H E R 1 ( 1 ) 8 CIPHER1C0) ; 

1d1a2d C0 *<= -CIPHER0C7) 8 CIPHER0C6) 8 CIPHER0C5) 8 CIPHER0(4) 8- 

71bfc6 CIPHER0(3) 8 CIPHER0C2) 8 CIPHER0(1) 8 CIPHER0C0) ; 

58af 5a 

b05 3 56 

aed83c • 
dea f 5a 

8 5 53 56 

54960e PT-BYTE-MASK > <= PT-B YT E-M A SK-R EG ; 

38b8c9 USE-CBC > <= S E AR C Hw I N FO-R EG ( ) ; 

a1a0c4 EXTRA-XOR > <= S E ARC H- I N FO-R EG ( 1 ) ; 

12bd48 BAA-EN >> <= S E ARC H- I N FO-R EG ( 4 ) ; 

3075ee AA-OUT-BAKc> <= AA-IN and ALL-ACTIVE when (BAA-EN = '1') else AA-IN; 

5d2bdd AA-OUT >> <= AA-OUT-BAK ; 

9aaf 5a 

be35fc ALL-ACTIVEt> <= ( S E A R C H-OUT ( 2 3 ) and S E ARC H-OUT ( 2 2 ) and S E ARC H-OUT ( 2 1 ) and SI 

9c2c82 EARCH-OUT(20) and 

1e4820 SEARCH-OUT( 1 9) and S E AR C H-OUT ( 1 8 ) and S E ARC H-OUT ( 1 7 ) and SI 

cefe9f EARCH-OUTC16) and 

ceb3bf SEARCH-OUT(1 5) and SEARCH-OUT ( 1 4 ) and S E AR C H-OUT ( 1 3 ) and SI 

4291e9 EARCH-OUTC12) and 

d7794d SEARCH-OUTd 1 ) and S E ARC H-OUT ( 1 ) and S E ARC H-OUT ( 9 ) -and -I 

68357c SEARCH-0UT(8) and 

8630b9 SEARCH-0UT(7) -and S E AR C H-OUT ( 6 ) -and S E AR C H-OUT ( 5 ) -and •■ 

3584e6 S E A R C H-OUT ( 4 ) and 

b68753 SEARCH-OUT(3) -and S E AR C H-OUT ( 2 ) -and SEARCH-OUTd) -and •■ 

0b76b6 SEARCH-OUTC0) ); 

aaf17f CHIP-AA-OUT t> <= -ALL-ACTIVE; 

8827f3 CHIP-EN > <= CHIP-EN-BAK; 

c 45356 

32b08a end ben; 

59 53 56 

f 5af 5a 



6-34 



Chapter 6: Chip Source Code 



•068f 000b046c2498003000d Page 1 of s-table.vhd 



bb997d 
d8b1e9 
4a0864 
dc5b64 
41 5e67 
829e89 
9b625a 
3c7f af 
2011e9 
95da83 
b1e105 
ea6414 
bea f 5a 
f 4af 5a 
22625a 
d8c826 
82af 5a 
7896b5 
5c0d73 
00737c 
40af 5a 
56a64c 
15af 5a 
95625a 
72a250 
2a625a 
09f a2e 
cee268 
35af 5a 
ac5dd3 
6dc7f2 
4e49e2 
ebf ba1 
4275b1 
57ef 90 
986180 
5a8307 
a 5a f 5a 
74625a 
1ba248 
652795 
87af 5a 
5e4d3e 
00af 5a 
e46717 
c6691 1 
0f 40ce 
324c51 
6166ad 
f6af 5a 
3f 0f 89 
f daf 5a 
dddf 25 
a6524a 
af9742 
9ae23b 
41af 5a 
87e25b 
39af 5a 
7214bd 
e4af 5a 
980C01 
36625a 
330f89 
30625a 
f 7af 5a 
0671a2 
d8e826 
08aaee 
1dac76 
dbaf 5a 
b0f c37 



Author 

Date 

Descriptions 
Functions 



Tom Vu 

10/02/97 

Create table for Lookup values of S function 

6 inputs are used to lookup in the table and produce 

4 ouputs. -There are a total of 8 tables 



library ieee; 

use IEEE. std-logic-1164. all; 

use IEEE. std_logic_arith. all ; 

use IEEE. std-logic-unsigned. all; 

use ieee.std_logic-arith.conv_stdwlogic_vector; 



entity S-TABLE i s 



portC -KEY - 
S-OUT 



end S-TABLE; 



i n 
out 



s t d- I og i cvector ( 47 downto 0) 
s td- I og i c-vec t or ( 31 downto 0) 



architecture beh of S-TABLE is 



subtype small-integer is INTEGER range to 15; 
type TABLE-TYPE is array(0 to 63) of small-intege 



signal S1 

signal S2 

signal S3 

signal S4 

signal S 5 

signal S6 

signal S7 

si gna I S8 



TABLE-TYPE 

TABLE-TYPE 

TABLE-TYPE 

TABLE-TYPE 

TABLE-TYPE; 

TABLE-TYPE 

TABLE-TYPE; 

TABLE-TYPE 



function lookup(signal table: in TABLE-TYPE; 

> > signal key: in std_logic-vector(5 downto 0)) 



•return s t d- I og i c_ve c t o r is 



variable row 

variable col 

vari able addr • 

variable index 

variable result 

begin 



s t d_ log i c_vec t or ( 3 downto 0) 

s t d- I og i c_vec tor ( 1 downto 0) 

s td_ log i c-vec t or ( 5 downto 0) 

integer; 

s td- log i c-vec t or ( 3 downto 0) 



col:= key(5) 8 key(0); 

row:= key(4 downto 1); 

••••addr:= col & row; 

■ ■ ■ • index:= CONV-INTEGER(key); 

• • • • result:= C0NV_STD-L0GIC_VECT0R(table(index),4); 

••••return result; 

end ■ lookup; 

begin 



S1 



S2 



(13, 1, 2,1 5, 8,13, 4, 8 

• 10,12, 9, 5, 3, 6,14,11 

• -7, 2,11, 1, 4,14, 1, 7. 

• -0,15, 6,12,10, 9,13, 0,15 



( 4,13,1 1 



2,11,14, 7,15 



6,10,1 5, 3,11, 7, 1, 4, 

5, 0, 0,14,12, 9, 7, 2, 

9, 4,12,10,14, 8, 2,13, 

3, 3, 5, 5, 6, 8,11) 

4, 0, 9, 8, 1,13,10, 



Chapter 6: Chip Source Code 



6-35 



— 1b4d 00142225b498003000d Page 2 of s-table.vhd 

68af27 t> > --3,14,12, 3, 9, 5, 7,12, 5, 2,10,15, 6, 8, 1, 6, 

dfeb0f > > --1, 6, 4,11,11,13,13, 8,12, 1, 3, 4, 7,10,14, 7, 

088e69 > > -10, 9,15, 5, 6, 0, 8,15, 0,14, 5, 2, 9, 3, 2,12) 

62af 5a 

4ad185 S3 > <=> (12,10, 1,15,10, 4,15, 2, 9, 7, 2,12, 6, 9, 8, 5, 

b53629 > > --0, 6,13, 1, 3,13, 4,14,14, 0, 7,11, 5, 3,11, 8, 

de712b > > --9, 4,14, 3,15, 2, 5,12, 2, 9, 8, 5,12,15, 3,10, 

37d78f t> > - -7,11, 0,14, 4, 1,10, 7, 1, 6,13, 0,11, 8, 6,13) 

27af 5a 

c63d3c S4 t> <=t> ( 2,14,12,11, 4, 2, 1,12, 7, 4,10, 7,11,13, 6, 1, 

d80ade > > --8, 5, 5, 0, 3,15,15,10,13, 3, 0, 9,14, 8, 9, 6, 

e1d008 > > --4,11, 2, 8, 1,12,11, 7,10, 1,13,14, 7, 2, 8,13, 

84f6fa > > -15, 6, 9,15,12, 0, 5, 9, 6,10, 3, 4, 0, 5,14, 3) 

aea f 5a 

bf6361 S5 > <=> ( 7,13,13, 8,14,11, 3, 5, 0, 6, 6,15, 9, 0,10, 3, 

f08223 > > --1, 4, 2, 7, 8, 2, 5,12,11, 1,12,10, 4,14,15, 9, 

a72f41 > > -10, 3, 6,15, 9, 0, 0, 6,12,10,11, 1, 7,13,13, 8, 

9492e5 t> > -15, 9, 1, 4, 3, 5,14,11, 5,12, 2, 7, 8, 2, 4,14) 

30af 5a 

e251c8 S6 > <=t> (10,13, 0, 7, 9, 0,14, 9, 6, 3, 3, 4,15, 6, 5,10, 

08bf4f > > --1, 2,13, 8,12, 5, 7,14,11,12, 4,11, 2,15, 8, 1, 

faa01f > > -13, 1, 6,10, 4,13, 9, 0, 8, 6,15, 9, 3, 8, 0, 7, 

d2f2c2 > > -11, 4, 1,15, 2,14,12, 3, 5,11,10, 5,14, 2, 7,12) 

49af 5a 

b6d92c S7 > <=> (15, 3, 1,13, 8, 4,14, 7, 6,15,11, 2, 3, 8, 4,14, 

b6f59b > > --9,12, 7, 0, 2, 1,13,10,12, 6, 0, 9, 5,11,10, 5, 

8c0ccc > > --0,13,14, 8, 7,10,11, 1,10, 3, 4,15,13, 4, 1, 2, 

fa311b > > --5,11, 8, 6,12, 7, 6,12, 9, 0, 3, 5, 2,14,15, 9) 

d6af 5a 

b0ba0a S8 > <=> (14, 0, 4,15,13, 7, 1, 4, 2,14,15, 2,11,13, 8, 1, 

2ac15d > > --3,10,10, 6, 6,12,12,11, 5, 9, 9, 5, 0, 3, 7, 8, 

54bf1e > > --4,15, 1,12,14, 8, 8, 2,13, 4, 6, 9, 2, 1,11, 7, 

834ce4 > > -15, 5,12,11, 9, 3, 7,14, 3,10,10, 0, 5, 6, 0,13) 

25af 5a 

bd8694 S^OUT > <= > L oo kup ( S8 , KE Y ( 47 downto 42)) 8 

553b55 t> Lookup(S7,KEY(41 downto 36)) 8 

54f229 > Lookup(S6,KEY(35 downto 30)) S 

dd87b3 > Lookup(S5,KEY(29 downto 24)) 8 

acd315 > Lookup(S4,KEY(23 downto 18)) 8 

9d4724 > Lookup(S3,KEY(17 downto 12)) 8 

4a3cc2 > Lookup(S2,KEY(1 1 downto -6)) 8 

b5a317 > Lookup(S1 ,KEY( 5 downto -0)) ; 

daa f 5a 

9 562 5a -- 

bcb08a end beh; 

42625a -- 



6-36 



Chapter 6: Chip Source Code 



4fac 00050e451 e1 8003000e Page 1 of search. vhd 



bb997d 
a a 5 33a 
3a917e 
857268 
2d5356 
037faf 
d811e9 
e3da83 
a0e105 
585356 
53cbd6 
72af 5a 
8dec7a 
f f2e77 
3d6737 
779760 
f 8baaa 
65a2a9 
39dbdf 
dd2913 
28af 5a 
4f fddd 
39e965 
07b25c 
0d809f 
8f f 8de 
2c37cb 
ab6756 
aea74a 
4f7098 
26f d4f 
ce4b50 
6013c4 
45a552 
f2737c 
31af 5a 
9faf 5a 
983e22 
13af 5a 
195356 
8ca c3e 
f c5356 
8f 0e4c 
50af 5a 
65a690 
f a39ea 
1d2c74 
d77087 
ae1589 
227ca3 
f b8eac 
d9e79c 
660e7b 
6b7f 7a 
e1b61d 
c07eb2 
7a44e0 
d20d93 
0e18c7 
ae027a 
ecaec6 
4676b8 
73eb38 
bc3de8 
7c5403 
d48b55 
7b8fe9 
0d1d38 
126abc 
6dc677 
e0af 9c 
50cc54 



Author 

Date 

Descriptions 



• Tom Vu • • ■ ■ 
•09/07/97 ■ - 
•Search Unit 



Library ieee; 

use IEEE.std-Logic-1164.aLL; 
use IEEE.std-Logic-arith.aLL; 
use I EEE . s td- L og i c-uns i gned . a L L 



entity SEARCH-UNIT is 



por t ( 



CLK 

RST-N • • • 

WRB 

RDB 

SEARCH • • 
EXTRA-XOR 
USE-CBC • 
ADDR-KEY 



DATAI 

PT-BYTE-MASK 

PT-XOR-MASK 

PT-VECTOR 

C0 

C1 

KEY-OUT • • 
DES-OUTPUT 
•MATCH-OUT > 
SELECT-ONE > 
SEARCH-OUT > 
CLEAR-SEARCH 
DATAO 



l n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 

i n 
i n 
i n 
i n 
i n 
i n 
out 
out 
out 
out 
out 
out 
out 



>; 



s td- Log 

std- Log 

std-Logi c; 

std-Logi c; 

std- Log 

std-Log 

std- Log 

s td- Logi c-vec tor ( 6 -downto 

std-Logi c-vector(7 downto 0) 

std- Log i c-vec tor ( 7 downto 0) 

std- Log i c-vec tor ( 63 downto 

s t d- L og i c-ve c t or ( 2 5 5 downto 

s t d- L og i c-ve c t or ( 63 downto 

s td- L og i c-vec tor ( 63 downto 

• std- Log i c-vec tor ( 5 5 downto 

• s td- Log i c_vec tor ( 63 downto 

•std-Logic; 

• std-Logi c; 

• std-Logi c; 

•std-Logic; 

s td- L og i c-vec tor ( 7 downto 0) 



end SEARCH-UNIT 



architecture beh of SEARCH-UNIT is 



type DATA8-ARRAY is array(7 downto 0) of s t d- L og i c-ve c t o r ( 7 downto 0) 



s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 
s i gna 



MESSA 

IP-KE 

DES-0 

EXTRA 

SHI FT 

KEY > 

D-KEY 

MESG- 

CNTo 

BIT-S 

TEMP- 

WR1B 

WR-ST 

DONE 

START 

MATCH 

MATCH 

MATCH 

FALSE 

SEARC 

SEARC 

SEARC 

SEARC 

SEARC 

LOAD 

FIRST 

FIRST 

FIRST 



GE • • > 
Y • • > 
UT • • > 
-XOR-OUT 
-REG • • > 



LEFT > 

> 
H I F T - R E G > 
VECTOR > 
> > 
ROBEBt- 
o > 
DES o 
> > 
-DLY-CYCLE1 > 
-DLY-CYCLE20 
-MATCHo 
H-DLY1 t> 
H-DLY2 > 
H-DLY3 > 
HING 
HING_DLY o 



.TIME1 
.TIME2 
.LOAD 



std-Log 
std-Log 
std-Log 
std-Log 
DATA8-A 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 



-ve 
-ve 
_ve 
-ve 
AY; 
-ve 
-ve 
-ve 
-ve 
-ve 
_ve 



ctor(63 downto 

c t or ( 63 downto 

ctor(63 downto 

c tor ( 63 downto 

c t or ( 5 5 downto 
c tor ( 31 downto 
c t or ( 31 downto 
ctor(4 downto I 
ctor(7 -downto 
ctor(3 -downto 



Chapter 6: Chip Source Code 



6-37 



■ac0f 0005aea51 1 08003000e Page 2 of search. vhd 



720e91 
c99f2f 
339514 
dd4a26 
98ae92 
c89aa4 
0c0f 34 
f a2d2c 
48bee1 
78525d 
b3d57b 
571491 
6948e5 
91a51e 
f70775 
dlaf 5a 
60185d 
eba f 5a 
bebef 1 
23af 5a 
326ad1 
baec7a 
792e77 
61d3de 
370995 
2b604f 
919930 
ef fe96 
b93050 
3c737c 
cde2 c6 
77af 5a 
bbaf 5a 
925282 
b314be 
e5af 5a 
6cc584 
61809f 
d0a4d5 
5e737c 
13e2c6 
f f af 5a 
270f89 
dd20f2 
da2410 
9e877a 
78715f 
96737c 
a7a f 5a 
c90b40 
9bc589 
4c283b 
ee5a cf 
833479 
87bbda 
56184c 
4e3203 
a4f b8c 
cb737c 
ae4320 
5b5356 
1ec753 
f85356 
8a9ebc 
cd6118 
481a15 
066e7c 
ce380c 
4e4c65 
556042 
addf 7d 
5a3d5f 



gnal SELECT1 >> 

gnal S E LE CT 1 -D L Y > 

gnal KE YwODDwDLYI > 

gnal KE YwODDwDLY2 > 

gnal C H E CKwS AMEwKE Y i> 

gnal KEYwINCRt>> 

gnal KEY-DECRt>> 

gnal PRE-D0NE>> 

gnal CNTwEQw1>> 

gnal CNTwGTw10o 

gnal CNT-EQ-100 

gnal CNT„LEw10i> 

gnal FIRSTwDESt> 

gnal R E S ETwS E A R C H I NG > 

gnal C LE AR-S EARC H-BAK 



signal EXTRA-S ELECT > 
signal BITwMUXt> > 



component DES 



port C • • CLK 

RSTwN • 
START • 
MESSAGE 

KEY 

DONE ■ • 

CNT 

DES-OUT 

end component; 



component MUX256 
port ( • • 

SHIFT-OUT 

PTwVECTOR 

BIT-MUX • 

) ; 

end component; 

begin 

M256: MUX256 

port map ( * * 



s t dw I og i c; 

std-logi c; 

s tdw I og i c wvec to r ( 1 -downto 0) 

s t dw I og i c-vec to r ( 1 -downto 0) 

std-logi c; 

stdwlogi c; 

std-logi c; 

std-logi c; 

stdwlogi c; 

std-logi c; 

std-logi c; 

std-logi c; 

stdwlogi c; 

stdwlogi c; 

••: stdwlogic; 



s tdw log i CwVec tor ( 2 downto 0) 
stdwlogi c; 



i n 
i n 
i n 
i n 
i n 
out 
out 
out 



i n 
i n 
out 



stdwlogic; 

stdwlogic; 

stdwlogic; 

s t dw I og i CwVec to r ( 63 downto 0) 

s t dw I og i Cwvec to r ( 5 5 downto 0) 

•stdwlogic; 

• stdw logi CwVector ( 4 downto 0) 

s t dw I og i CwVec to r ( 63 downto 0) 



stdwlogiCwVector(7 downto 0); 
stdw log i Cwvec tor ( 255 downto 0) 
•stdwlogic 



SHI FTwOUT 
PTwVECTOR 
BITwMUX • 



> SHIFTwREG(7), 

> PTwVECTOR, 
■■> BITwMUX 



DES1 : DES 
port map( 



MESSAGE > 



CLK => CLK, 

RSTwN => RSTwN, 

START => STARTDES, 

MESSAGE => MESSAGE, 

KEY => KEY, 

DONE => DONE, 

CNT > => CNT, 

DES-OUT => DESwOUT 

<= C0 when (SELECT1 = 



) else C1 



PCSETSEARCHwPR: process(RSTwN,CLK) 



begin 

i f RSTwN = '0' then 

FIRSTwTIMEl < = 

FIRSTwTIME2 < = 

SEARCHwDLYI < = 

SEARCH-DLY2 < = 

SEARCHwDLY3 <- 

t> foriin0to7 
SHIFTwREGCi ) < = 



loop 
(others 



6-38 



Chapter 6: Chip Source Code 



d38f 0001 47baec08003000e Page 3 of search. vhd 



1e7aa9 
5484bd 
c4af 5a 
8b67c5 
ddf62d 
90f778 
e7af 5a 
469339 
f f379e 
e3124d 
caa f 5a 
1c1f25 
59cf 68 
9579ec 
78570d 
1f3044 
283e1b 
4e4037 
2f 075a 
931200 
7b9e12 
81026f 
f4dcb8 
f f2343 
75f 52f 
0f f 4ba 
e566d9 
b12966 
a0570d 
0262af 
35d83c 
951258 
30af 5a 
43af 5a 
635356 
b24d11 
C17216 
7a5356 
6a a f 5a 
d8af 5a 
517400 
da5356 
d00f89 
2b6118 
0e33cd 
a284bd 
14af 5a 
21 f6a6 
564a26 
df f4ba 
62bed3 
7a2966 
7611d6 
70570d 
44880d 
61df 0b 
5b960a 
1daf 5a 
415356 
556d3a 
725356 
960f89 
3561 18 
679f c5 
0ac778 
ecb31 1 
b6f02a 
332854 
9484bd 
6472b3 
3253d 
149f 48 



> end loop; 

elsif CLK'event and CLK = '1' then 



FIRST-TIME2 <= FIRST-TIME1 
i f (DONE = ■ 1 ■ ) then 



i f (SEARCH = '1 
FIRST-TIME1 <= 
end if: 



) then 
1 ' ; 



SEARCH 
SEARCH 
SEARCH 
end if 
if (CN 



-DLY1 <= SEARCH; 

-DLY2 <= SEARCH-DLY1 ; 

-DLY3 <= SEARCH-DLY2 ; 

T-EQ-1 = ' 1 ' ) then 

SHIFT-REG(7) <= E XT R A-XO R-OU T ( 63 downto 



SHIFT-REG(6) 
SHIFT-REG(5) 
SHI FT-REG(4) 
SHIFT-REG(3) 



EXTRA-XOR-OUT(55 downto 

EXTRA-X0R-0UT(47 downto 

EXTRA-X0R-0UT(39 downto 

EXTRA-X0R-0UT(31 downto 



SHIFT-REG(2) <= E XT R A-X R-OUT ( 2 3 downto 



SHIFT-REGd ) 



EXTRA-X0R-0UT(15 downto 



> 
else 



end if 



SHIFT-REG(0) <= EXTRA-X0R-0UT( 7 downto 

for i in to 6 Loop 

SHIFT-REG( i+1 ) <= SHIFT-REGd ); >> 

end loop; 



56) 

48); 

40) 

32) 

24) 

16) 

•8); 

- 0) 



end if; 



end process PCSETSEARCH-PR; 



Use to clear away invalid matches before PC loads 

FIRST-LOAD <= FIRST-TIME1 and not ( F I RST-T I ME2 ) ; 



BIT-SHIFT-PR: p ro c e s s ( RS T-N , C LK ) 

begin 

i f RST-N = '0' then 

> BIT-SHIFT-REG <= (others =: 

elsif CLK'event and CLK = '1' then 



1 ' ) 



SHIFT 

i f (CNT-LE-10 = ' 1 ' ) then 

> for i in to 6 loop 
BIT-SHIFT-REG(i + 1 ) <= B I T-S H I F T-R EG ( i ) ; > > 

> end loop; 

t> BIT-SHIFT-REG(0) <= BIT-MUX; 
end if; 



end if; 

end process BIT-SHIFT-PR; 



MATCH-PR: p r o c e s s ( R S T-N , C LK ) 



begin 

if RST-N 



elsif 



' then 
• • MATCH <= '0' ; 

MATCH-DLY-CYCLE1 

MATCH-DLY-CYCLE2 

KEY-0DD-DLY1 • • • 

KEY-0DD-DLY2 • • • 
CLK'event and CLK = '1' then 

i f (CNT = 10) then 

> if ( (BIT-SHIFT-REG(O) 

> (BIT-SHIFT-REGd ) 



< = 



< = 



1 ' or (PT-BYTE-MASK(0) 
1 ' or (PT-BYTE-MASK(1 ) 



1 ' )) and 
1 ' )) and 






Chapter 6: Chip Source Code 



6-39 



--9c5f 00039b83bb58003000e Page 4 of search, vhd 



7aec 5e 
053aa3 
ac0a72 
fddc8f 
08af99 
49dbf9 
44af 5a 
94087d 
9d0601 
5914c6 
f4124d 
2e570d 
289cf c 
75406a 
2e14c6 
a4570d 
029cf c 
ee72b3 
34c66f 
814dc2 
8f 570d 
d39cf c 
9c2e23 
b6b05a 
dd4a58 
9c570d 
79df0b 
cb400f 
e6a f 5a 
2e5356 
4c503c 
645356 
890f89 
df6118 
a6b9e5 
e68ae4 
e084bd 
ad4c03 
362ccf 
2bdf0b 
74a3db 
4daf 5a 
525356 
C33157 
775356 
930f89 
391ce4 
C56889 
6684bd 
c66a63 
9591ac 
baca4b 
c4ca28 
a3b985 
c368d3 
fb2249 
af95f6 
b2ca4b 
5718d4 
3f b985 
3868d3 
0ef a37 
8cec8a 
24ca4b 
e55971 
49b985 
6668d3 
76b21d 
b82429 
e4ca4b 
a6e0f 1 
39b985 



(BIT-SHI FT-REG(2 ) 
( B I T - S H I F T - R E G ( 3 ) 
(BIT-SHIFT-REG(4) 
(BIT-SHIFT-REG(5) 
(BIT-SHIFT-REG(6) 
(BIT-SHIFT-REG(7) 



or (PT-BYTE-MASK(2) 

or (PT-BYTE-MASK(3) 

or (PT-BYTE-MASK(4) 

or (PT-BYTE-MASK(5) 

or ( PT-BYTE-MASK(6) 

or ( PT-BYTE-MASK(7) 



) and 
) and 
) and 
) and 
) and 
) ) then 



MATCH < = 
else 
MATCH <: 
end if; 



end if; 



if (FIRST-LOAD 
> MATCH ■ 
end if; 



1 ' ) then 



i f (CNT = 10) then 

> MATCH-DLY-CYCLE2 <= M AT C H-D L Y-C Y C LE 1 

> MATCH-DLY-CYCLE1 <= MATCH ; 
end if; 



end 
end 



i f (PRE-DONE = ' 1 ' ) then 

• > KEY-0DD-DLY2 -•■■<= KE Y-0 D D-D L Y 1 ; 

> KEY-0DD-DLY1 ••••<= KEY(1 downto 0) 

end if; 
i f ; 
process MATCH-PR; 



WRITE-STROBE-PR: process(RST-N,CLK) 



begin 

if RST-N = '0' then 

WR1B <= ' 1 ' ; 

WR-STROBEB <= "1 '; 

elsif CLK'event and CLK = '1' then 

WR-STROBEB <= WR1B; 

WR1 B <= WRB; 

end if; 

end process WRITE-STROBE-PR; 



KEY-PR: process(RST-N,CLK) 



begin 
i f (RST 



-N = ' ' ) then 

• KEY <= (others => '0 1 ); 

LK'event and CLK = '1' then 

■if (WR1B = '0'and ADDR-KEY(0) = '1') then 

KEY(7 -downto -0) <= DATAI; 

• elsi f (PRE-DONE = ' 1 • ) then 

KEY(7 -downto 0) <= D-KEY(7 -downto 0) 

-end i f ; 



if (WR1B = '0'and ADDR-KEYd) = '1') then 

KEY(15 downto -8) <= DATAI; 

elsi f (PRE-DONE = ' 1 ' ) then 

KEY(15 downto -8) <= D-KEY(15 downto -8) 

end i f ; 

if (WR1B = '©'and ADDR-KEY(2) = '1') then 

KEY(23 downto 16) <= DATAI; 

elsif (PRE-DONE = ' 1 ' ) then 

KEY(23 downto 16) <= D-KEY(23 downto 16) 

end if; 

if (WR1B = '0'and ADDR-KEY(3) = '1') then 

KEY(31 downto 24) <= DATAI; 

elsif (PRE-DONE = '1') then 

KEY(31 downto 24) <= D-KEY(31 downto 24) 

end if; 



6-40 Chapter 6: Chip Source Code 



--a17f 00076022f 608003000e Page 5 of search. vhd 

2068d3 

e442da if (WR1B = '0'and ADDR-KEY(4) = '1') then 

072921 KEY(39 downto 32) <= DATAI; 

59b985 end i f; 

ba68d3 

c40af0 if (WR1B = '0'and ADDR-KEY(5) = '1') then 

7598b8 KEY(47 downto 40) <= DATAI; 

4db985 end i f ; 

9868d3 

5fd28e if (WR1B = '0'and ADDR-KEY(6) = '1') then 

78f517 KEY(55 downto 48) <= DATAI; 

b2b985 end if; 

1faf 5a 

1baf 5a 

f 6af 5a 

26df0b end if; 

b7b3ce end process KEY^PR; 

3ea f 5a 

a65356 

f46a76 READ-KEY-PR: p roces s ( A D D R-KE Y , RDB, KEY) 

fd5356 

de0f89 begin 

da4f 55 i f (RDB = '0' ) then 

18af5a 

677d5c t> if (ADDR-KEY(0) = '1') then 

85bd50 o DATAO <= KEY(7 -downto -0) ; 

57df62 > eLsif (ADDR-KEYd) = '1') then 

c639da > DATAO <= KEY(15 downto -8) ; 

46071c t> eLsif (ADDR-KEY(2) = '1') then 

9e67f6 t> DATAO <= KEY(23 downto 16) ; 

634f36 o eLsif (ADDR-KEY(3) = '1') then 

a66347 > DATAO <= KEY(31 downto 24) ; 

5fbff1 t> eLsif (ADDR-KEY(4) = '1') then 

830d86 t> DATAO <= KEY(39 downto 32) ; 

03f7db o eLsif (ADDR-KEY(5) = '1') then 

185c03 > DATAO <= KEYC47 downto 40) ; 

8c2fa5 > eLsif (ADDR-KEY(6) = '1') then 

7c1867 o DATAO <= KEY(55 downto 48) ; 

44f52f > else 

3e8b86 > DATAO <= (others • => 'Z'); 

0b570dt> end if; 

b4523c else 

968b86 o DATAO <= (others • => 'Z'); 

1bdf0b end if; 

c5a5d7 end process READ-KEY-PR; 

5caf 5a 

36af 5a 

92 5356 

6ada3c KEY-ALU-PR: p roc es s ( KEY-DEC R, KEY-I NC R, KEY ) 

ad5356 ■ 

8c0f89 begin 

f baf 5a 

70af 5a 

96fbc9 if (KEY-INCR = '1') and (KEY-DECR = '0')then 

ef0742 > D-KEY <= KEY(31 downto 0) + 1; 

af672e eLsif (KEY-DECR = '1') -and (KEY-INCR = '0') then 

df3cda > D-KEY <= KEY(31 downto 0) - 1; 

a3523c else 

2da1d0 i> D-KEY <= KEY(31 downto 0); 

a1df0b end if; 

5 a a f 5 a 

95eaaa end process KEY-ALU-PR ; 

e8af 5a 

f 45356 

1ba4fa EXTRA-XOR-PR : p roc e s s ( PT-XOR-MASK, EXTR A-S E LE C T, DES-OUT, C0) 

0e5356 

680f89 begin 

dd0898 case EXTRA-SELECT is 

1e78af when "000" =>• 

58585d EXTRA-XOR-OUT <= DES-OUT xor PT-XOR-MASK; 

17e77a when "001" =>■ 

76585d EXTRA-XOR-OUT <= DES-OUT xor PT-XOR-MASK; 






Chapter 6: Chip Source Code 6-41 



--de52 000e582f cf c8003000e Page 6 of search. vhd 

1ef910 when "010" =>• 

db72de EXTR A-XOR-OUT <= ((DES-0UT(63 downto 56) -xor DES-0UT(31 downto 24)) & 

ddf11d > > > • • ( DES-0UT( 55 downto 48) -xor DES-0UT(23 downto 16)) & 

6356d8 t> t> > ■ • ( DES-0UT(47 downto 40) -xor DES-0UT(15 downto -8)) & 

a0d1e7 t> > > • ■ ( D ES-OUT ( 39 downto 32) -xor DES-0UT( 7 downto -0)) & 

bd7630 > > > • • ■ DES-0UT(31 downto -0)) xor PT-XO R-M A S K; - 

f bcd5e 

e4aa87 when "101" =>• 

b8c89f EXTRA-XOR-OUT <= D E S - U T xor C ; 

71b4ed when "110" =>• 

561724 EXTRA-XOR-OUT <= (DES-0UT(63 downto 56) xor DES-0UT(31 downto 24)) & 

01c057 > > > -(DES-OUT(55 downto 48) xor DES-0UT(23 downto 16)) S 

5eaac9 t> > t> -(DES-0UT(47 downto 40) xor DES-0UT(15 downto -8)) & 

444d11 > > t> -(DES-0UT(39 downto 32) xor DES_0UT( 7 downto -0)) & 

7c4bb5 > > > -DES-0UT(31 downto -0) ;• 

5 ca f 5a 

df af 5a 

cc6f48 when others =>• 

0aabcd > EXTR A-XOR-OUT <= DES-OUT; 

7caf 5a 

7b92b5 end case; 

bc11f0 end process EXTRA-XOR-PR; 

c96a82 EXTRA-SELECT <= SELECT1-DLY S EXTRA-XOR S USE-CBC; 

f3309b — EXTRA-SELECT <= SELECT1 S EXTRA-XOR & USE-CBC; 

5 5 53 56 

7f774c STARTDES-PR: p ro c e s s ( R ST-N , C LK ) 

ca53 56 

610f89 begin 

ec61 18 if RST-N = '0' then 

bf83ec > STARTDES <= ' ' ; 

8084bd elsif CLK'event and CLK = '1' then 

a25435 — 1> STARTDES <= DONE or LOAD; -17 clocks 

fabe3f > STARTDES <= PRE-DONE or LOAD; -16 clocks 

6baf 5a 

f2df0b end if; 

7d3b06 end process STARTDES-PR; 

f3af 5a 

905 356 

14d499 KEY-INCR-DECR-PR: p r oc e s s ( RS T-N , C LK ) 

a 15356 

750f89 begin 

236118 if RST-N = '0' then 

e500ed t> KEY-INCR <= '0'; 

28b39e t> KEY-DECR <= *0'; 

b784bd elsif CLK'event and CLK = '1' then 

c7c055 -- 

472b5c KEY-INCR ■ <= -(CNT-GT-10 and not(DONE) and S E A R C H I NG-D L Y ) and ( 

935a62 t> not(MATCH) -or • normal case 

6f7d3b > SELECT1 or - t> false match 

7dc579 o FIRST-DES); 

db4587 KEY-DECR <= > (CNT-GT-10 and not(DONE) and S E AR C H I NG_ D L Y ) and timing 

73bc59 > t> (MATCH and not ( SELECT1 ) ) only backup if match on C0 

55d0e4 > > and not(FIRST-DES); • 

69af 5a 

86df0b end if; 

0a0e68 end process KEY-INCR-DECR-PR; 

a ca f 5a 

589268 FALSE-MATCH <= '1' when ( MAT C H-D L Y-C Y C LE2 = '1') and (MATCH = '0') and (SEARCHl 

94bed5 ING-DLY = '1 ' ) 

e 1 4 7 6 1 > > > e I s e ' ' ; 

942 b60 

fc4e98 timing block, sensitive to START ■ 

bf2b6 

22f539 PRE-DONE <= '1' when (CNT = "01111") else '0'; 

e07bdd RESET-SEARCHING <= '1' when (CNT = "01100") else '0'; 

f baf 5a 

7b9367 CNT-EQ-1 •■ 

684cb0 CNT-LE-10 <= '1' when (CNT > 1 and CNT < 10) else 



1 ' 


when 


(CNT 


= 1 ) else 


1 • 


when 


(CNT 


> 1 and CNT 


1 • 


when 


(CNT 


= 10) else 


1 ' 


when 


(CNT 


> 10) else 



563699 CNT-EQ-10 

9328ae CNT-GT-10 

a 85 35 6 

e5c874 SEARCHING-PR: p roc e s s ( RST-N , C LK ) 



6-42 



Chapter 6: Chip Source Code 



--9006 0016131d0b28003000e Page 7 of search. vhd 



b65356 
bf 0f 89 
2861 18 
5a14d7 
4e3178 
289c7f 
3b84bd 
d5b815 
c8af 5a 
61fa1b 
42dc18 
1d1 5d2 
82570d 
19af 5a 
09b5f d 
561061 
e00969 
b9570d 
f eaf 5a 
80f 3b4 
f 52661 
c0df 0b 
69d83c 
b2650d 
5a053c 
74af 5a 
b85356 
5c5406 
b45356 
db0f89 
b761 18 
633057 
4384bd 
79af 5a 
1358c1 
3654be 
50ed0d 
16570d 
78af 5a 
365ec8 
e56df 5 
5861ba 
9df 1b6 
3a570d 
f 5f 3b4 
7e2e23 
41 0eef 
bf 570d 
7fdf0b 
7dd83c 
355784 
f f 5356 
559ec2 
9acf cc 
18880e 
a1188e 
070e22 
ad8de4 
5ebdd4 
9aaf 5a 
a358f e 
dadf 1 1 
545f f8 
0f628a 
925356 
3f b08a 
5a5356 
61af 5a 



begin 

if RST-N = '0' then 

SEARCHING < = '0'; 

SEARCHING-DLY <= '0'; 

CLEAR-SEARCH <= '0'; 

elsif CLK'event and CLK = '1' then 
SEARCHING-DLY <= SEARCHING; 



search active 

if ((LOAD = '1') or (SEARCHING = '1')) then 

SEARCHING •<= ■ 1 • ; 
end if; 



found C1 

if (CLEAR-SEARCH-BAK 
SEARCHING - <= 
end if; 



1 ' ) then 



CLEAR-SEARCH <= CLEAR-SEARCH-BAK; 



end if 



end process SEARCHING-PR; 
o CHECK-SAME-KEY <= 



when (KEY(1 downto 0) = KE Y_0D D-D L Y2 ) else 



SELECT1-PR: p ro c e s s ( R S T-N , C LK ) 



begin 

if RST-N = '0' then 

SELECT1 <= ' 1 ' ; 

elsif CLK'event and CLK = '1' then 



found C0, look for C1 • 

if ((MATCH = '1') and (SELECT1 = '0') and (PRE-DONE = "I")) -then 
> SELECT1 ■ <= ' 1 ' ; 
end if; 



Restart by PC or C1 is not a match 

if (LOAD = ' 1 ' ) -or • 

((SELECT1 = '1') and (PRE-DONE = '1') and ( S E AR C H I NG-D L Y = '1')) then 
> SELECT1 <= '0'; 
end if; 



i f (PRE_D0NE = ' 1 ' ) then 

SELECT1-DLY <= SELECT1 
end i f ; 



end i f ; 

end process SELECT1~PR; 



SEARCH-OUT > <= SEARCHING; 

LOAD > > <= SEARCH-DLY1 and PRE-DONE and no t ( S EARC H-D L Y2 ) ; — 17 clocks 

FIRST-DES > <= SEARCH-DLY2 and no t ( S E ARCH-D L Y3 ) ; ■ 

CLEAR-SEARCH-BAK > <=• 

•1' when ((MATCH = '1') and (SELECT1 = 'O')- 

and (SELECT1-DLY = '1') and (RESET-SEARCHING = '1')- 

> > and (SEARCHING = ■ 1 ' ) ) else '0 1 ; 



SELECT 
• KEY-0 
- DES-0 
-- MAT 



-0NE> 
UT > 
U T P U T : 
CH-OUT 



<= SELECT1, 

<= KEY; 

<= DES-OUT, 

<= MATCH; 



end b e h ; 



Chapter 6: Chip Source Code 



6-43 



— ed38 000a88f c9858003000f Page 1 of start-re. vhd 



bb997d 
aa533a 
f06e63 
704774 
b65356 
407f af 
6411e9 
b3da83 
a0e105 
325356 
ba69f6 
c2a f 5a 
69cba7 
83c75f 
2c3455 
ae00c5 
27a88e 
d381d2 
b2af 5a 
a71892 
7419f8 
c4737c 
a7a f 5a 
9aaf 5a 
77b995 
43af 5a 
f f 5356 
c401be 
ca5356 
2caf 5a 
d6af 5a 
4be6ee 
bc4c76 
6c5c79 
386c68 
7a7c67 
c40c4a 
7d1c45 
a42c54 
6a3c5b 
e8c c0e 
01dc01 
6b9f 5a 
2e1 14a 
ad8b6b 
4c057b 
69b738 
913928 
66a309 
322d19 
cf cf9e 
f0418e 
26af 4b 
4b215b 
ccbb7a 
d1356a 
deaf 5a 
b10f89 
aea f 5a 
df 5356 
09905b 
5b5356 
e09ebc 
a 1 a8c8 
c0f ed4 
1d5a3e 
d9ae0d 
07e982 
a6766d 
5f 523c 
cedec9 
a862af 



Author 

Date 

Description> 



• Tom Vu • • • 
•09/19/97 • 
• UProcessor 



interface 



Library ieee; 

use IEEE. std-Logi c-1164.aL I; 
use IEEE.std-Logic-arith.aLL; 
use I EEE . s td- Logi c-uns i gned . a L L 



entity START-REG is 



por t ( 



• RST-N 

• CHIP-EN 

• WRB 

■ ADDSEL2 

• ADDR > 

- CLEAR-SEARCH 



SEARCH-IN 
DATAI 



i n 
i n 
i n 
i n 
i n 
i n 

OUT 
i n 



std-Logi c ; 
std-Logi c ; 
std-Logi c ; 
std-Logi c; 

std-Logic-vector(7 downto ) ; 
std-Logic-vector(23 downto ) ; 

■ s t d- L og i c-vec t o r ( 23 downto 0) 
s t d- Log i c-vec to r ( 7 downto 0) 



end START-REG, 



architecture beh of START-REG is 



s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 
s i gna L 

begin 



SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 



IN-REG t> 

RST-N-0 

RST-N-1 

RST-N-2 

RST-N-3 

RST-N-4 

RST-N-5 

RST-N-6 

RST-N-7 

RST-N-8 

RST-N-9 

RST-N-10 

RST-N-1 1 

RST-N-12 

RST-N-13 

RST-N-14 

RST-N-15 

RST-N-16 

RST-N-1 7 

RST-N-1 8 

RST-N-19 

RST-N-20 

RST-N-21 

RST-N-22 

RST-N-23 



std-Logi c-vector(23 
std-Logi c ; 
std-Logi c ; 
std-Logi c ; 
std-Logi c ; 
std-Logi c; 
std-Logi c; 
std-Logi c ; 
std-Logi c ; 
std-Logi c ; 
std-Logi c ; 
std-Logi c; 
std-Logi c ; 
std-Logi c; 
std-Logi c; 
std-Logi c ; 
std-Logi c; 
std-Logi c; 
std-Logi c; 
std-Logi c; 
std-Logi c ; 
std-Logi c ; 
std-Logi c; 
std-Logi c ; 
std-Logi c ; 



downto ) 



SEARCH-IN0-PR: p ro c e s s ( S E A RC H-R S T-N-0, WRB) 
begin • • 

if (SEARCH-RST-N-0 = '0 1 ) then 

> SEARCH-IN-REGC0) <= '0'; 
eLsif (WRB'event and WRB= '1') then 

if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR 

> SEARCH-IN-REG(0) <= DATAK0); 
e L se 

> SEARCH-IN-REG(0) <= S E A R C H- I N-R EG ( ) ; 
end if; - 



111")) then 



6-44 Chapter 6: Chip Source Code 



--7851 000ad1683558003000f Page 2 of start-re.vhd 

5562af end if; • 

7da8c8 

eb2dfd end process SEARCH-IN0-PR; 

295356 

aflcdd SEARCH-IN1-PR: p r oc es s ( S E AR C H-RST-N-1 , WRB) 

a45356 

e89ebc begin 

26803e if ( S EARC H-R ST-N-1 = '0') then 

890faf > SEARCH-IN-REGd ) <= '0'; 

aeae0d eLsif (WRB'event and WRB = '1') then 

8eec2f if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "01001111")) then 

34f87d t> SEARCH-IN-REGd) <= DATAM0); 

5462af end if; • 

6462af end if; • 

91a8c8 

ee29d6 end process SEARCH-IN1-PR; 

f c5356 

a58146 SEARCH-IN2-PR: p ro c e s s ( S E A R C H-R S T-N-2 , WRB) 

795 3 56 

b59ebc begin •■ 

a40300 if (SEARCH-RST-N-2 = '0') then 

ccf11c > SEARCH-IN-REG(2) <= '0'; 

17ae0d eLsif (WRB'event and WRB = '1') then 

119768 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "01010111")) then 

76625c > SEARCH-IN-REG(2) <= DATAK0); 

2d62af end if; • 

8c62af end if; • 

daa8c8 

0725ab end process SEARCH-IN2-PR; 

9f 5356 

fc0dc0 SEARCH-IN3-PR: p ro c e s s ( S E A R C H-R S T-N-3 , WRB) 

6b5356 

2d9ebc begin •• 

f47dea if ( S E ARC H-RST-N-3 = '0') then 

aea48d > S E AR CH-I N-REG ( 3 ) <= '0'; 

21ae0d eLsif (WRB'event and WRB= '1') then 

5092c5 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "01011111")) then 

7cec4c > SEARCH-IN-REG(3) <= DATAK0); 

b462af end if; • 

4362af end if; • 

2ba8c8 

1e2180 end process S EARC H- I N3-PR ; 

c 3 53 5 6 

7eb261 SEARCH-IN4-PR: p roc e s s ( S EARC H-RST-N-4, WRB) 

b2 5356 

af9ebc begin •• 

750d6d if (SEARCH-RST-N-4 = '0') then 

dc046b \> SEARCH -IN-REG(4) <= '0'; 

2dae0d eLsif (WRB'event and WRB= '1') then 

2fa1a8 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "01100111")) then 

cb5e0f > SEARCH-IN-REG(4) <= DATAIC0); 

e162af end if; • 

5462af end if; • 

99a8c8 

133d51 end process SEARCH-IN4-PR; 

595 356 

123ee7 S E ARC H- I N5-PR : process ( S EARCH-RST-N-5 , WRB) 

0d5356 

e19ebc begin •■ 

0a7387 if ( S EARCH-RST-N-5 = '0') then 

6051fa t> SEARCH_IN-REG(5) <= '0'; 

96ae0d eLsif (WRB'event and WRB= '1') then 

7da405 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "01101111")) then 

a2d01f > SEARCH-IN-REG(5) <= DATAK0); 

1362af end if; - 

ab62af end if; * 

3ea8c8 

1d397a end process SE ARC H-I N5-PR ; 

a45356 

53a37c S E ARC H- I N6-PR : p r o c e s s ( S E A R C H-R S T-N-6 , WRB) 

845356 

ad9ebc begin ■ ■ 



Chapter 6: Chip Source Code 6-45 



--a70b 000bb004f d08003000f Page 3 of start-re.vhd 

84f0b9 if (SEARCH-RST-N-6 = '0') then 

5eaf49 > SE ARC H U I N-REG ( 6 ) <= '0'; 

4aae0d elsif (WRB'event and WRB= '1') then 

a0df42 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "01110111")) then 

084a3e c> SE ARCH-I N-REG ( 6 ) <= DATAK0); 

9562af end if; • 

b362af end if; - 

15a8c8 

ef3507 end process SE ARCH-I N6-PR; 

de5 35 6 

082ffa SEARCH-IN7-PR: p roc e s s ( S E ARC H-R ST-N-7, WRB) 

65 5356 

2a9ebc begin • * 

fa8e53 if ( S E ARCH-RST-N-7 = '0') then 

d0fad8 > SEARCH-IN-REG(7) <= '0'; 

e3ae0d elsif (WRB'event and WRB= '1') then 

b5daef if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "01111111")) then 

7bc42e > S EARCH-I N-REG ( 7 ) <= DATAK0); 

4562af end if; ■ 

9a62af end if; ■ 

cba8c8 

eb312c end process S EARCH-I N7-PR; 

84 5 3 56 

68d42f SEARCH-IN8-PR: p ro c e s s ( S E ARC H-R ST-N-8 , WRB) 

f 75356 

829ebc begi n • • 

f 81 1 b7 if (SEARCH-RST-N-8 = '0') then 

9ee694 t> S E ARCH- I N-REG ( 8 ) <= '0'; 

0dae0d elsif (WRB'event and WRB= '1') then 

ef779d if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10000111")) then 

bc26a9 o S E ARCH-I N-REG ( 8 ) <= DATAK0); 

e962af end if; ■ 

d562af end if; • 

3ca8c8 

920ca5 end process SEARCH-IN8-PR; 

765 3 56 

0b58a9 SEARCH-IN9-PR: p ro c e s s ( S E ARC H-RST-N-9 , WRB) 

2753 56 

8a9ebc begin 

016f5d if (SEARCH-RST-N-9 = '0') then 

d0b305 > SEARCH-IN-REG(9) <= '0'; 

58ae0d elsif (WRB'event and WRB= '1') then 

057230 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10001111")) then 

44a8b9 t> SEARCH-IN-REG(9) <= D A T A I ( ) ; 

e062af end if; - 

ae62af end if; • 

36a8c8 

7a088e end process SEARCH-IN9-PR; 

0f 5356 

dabff6 SEARCH-IN10-PR: p roc e s s ( S E A R C H-RS T-N- 1 , WRB) 

9b5 35 6 

e89ebc begin 

c5b8e4 if ( S E ARCH-RST-N-1 = '0') then 

e109db t> SEARCH-IN-REG(10) <= '0'; 

7bae0d elsif (WRB'event and WRB= '1') then 

350977 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10010111")) then 

fe8b04 > SEARCH-IN-REG(10) <= DATAK0); 

5962af end if; - 

da62af end if; • 

f 6a8c8 

b6c353 end process S E ARCH- I N 1 0-PR; 

f e5356 

C59206 SEARCH-IN11-PR: p r oc e s s ( S E A R C H-R S T-N-1 1 , WRB) 

52 5356 

3a9ebc begin 

28c60e if (SEARCH-RST-N-1 1 = '0') then 

e15c4a > SEARCH-IN-REG(11) <= '0'; 

5bae0d elsif (WRB'event and WRB= '1') then 

350cda if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10011111")) then 

410514 > SEARCH-IN-REG(1 1 ) <= DATAK0); 

0c62af end if; - 

bb62af end if; • 



6-46 Chapter 6: Chip Source Code 



--6b0b 000e1 be5cae8003000f Page 4 of start-re. vhd 

80a8c8 

8bc778 end process S E AR CH- I N 1 1 -PR ; 

355356 

8fe416 SEARCH-IN1 2-PR: p ro c e s s ( S E A R C H-R ST-N-1 2 , WRB) 

fb5 356 

119ebc begin 

754530 if (SEARCH-RST-N-12 = '0') then 

46a2f9 > SEARCH-IN-REG(12) <= '0'; 

f1ae0d eLsif (WRB'event and WRB= '1') then 

373fb7 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10100111")) then 

759f35 t> SEARCH-IN-REG(12) <= D A T A I ( ) ; 

4262af end if; ■ 

8e62af end if; • 

92a 8 c8 

80cb05 end process SEARCH-IN12-PR; 

1d5356 

05c9e6 SEARCH-IN13-PR: p roc e s s ( S E ARC H-RST-N-1 3 , WRB) 

915 356 

a89ebc begin •* 

d73bda if ( S EAR C H-RST-N-1 3 = '0') then 

ccf768 t- SEARCH-IN-REG(13) <= '0'; 

aeae0d eLsif (WRB'event and WRB= '1') then 

943a1a if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10101111")) then 

321125 > SEARCH-IN-REG(13) <= DATAK0); 

ba62af end if; * 

2a62af end if; * 

8ca8c8 

c3cf2e end process SEARCH-IN13-PR; 

145356 

C00836 SEARCH-IN14-PR: p ro c e s s ( S E A R C H-R S T-N-1 4 , WRB) 

9a 5356 

cb9ebc begin * * 

af4b5d if ( S E ARC H-RST-N-1 4 = '0') then 

31578e > SEARCH-IN-REG(14) <= '0'; 

fbae0d eLsif (WRB'event and WRB= '1') then 

17415d if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10110111")) then 

c2a366 > S E ARC H-I N-REG ( 1 4 ) <= DATAK0); 

4862af end if; ■ 

f462af end if; • 

30a8c8 

78d3ff end process SEARCH-IN14-PR; 

d85 35 6 

a225c6 S E ARC H-I N1 5-PR : p roces s ( S E ARC H-RST-N-1 5 , WRB) 

815 356 

699ebc begi n • • 

a735b7 if ( S E A R C H-RST-N-1 5 = '0') then 

5e021f > SEARCH-IN-REGd 5) <= '0'; 

e0ae0d eLsif (WRB'event and WRB= '1') then 

8444f0 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "10111111")) then 

492d76 > SEARCH-IN-REG(1 5) <= DATAK0); 

db62af end if; ■ 

0d62af end if; • 

f7a8c8 

9ad7d4 end process SEARCH-IN15-PR; 

195 356 

5753d6 SEARCH-IN16-PR: p ro ce s s ( S E A RC H-RST-N-1 6, WRB) 

d2 5 356 

f19ebc begin 

5db689 if ( S E ARC H-RST-N-1 6 = '0') then 

10fcac o SEARCH-IN-REG(16) <= '0'; 

69ae0d eLsif (WRB'event and WRB= '1') then 

9bf98d if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "11000111")) then 

5fb757 > SEARCH-IN-REG(16) <= DATAK0); 

dd62af end if; ■ 

a262af end if; • 

d2a8c8 

8bdba9 end process SEARCH-IN16-PR; 

375 356 

c77e26 S E ARCH-I N 1 7-PR : p r o c e s s ( S E A R C H-R S T-N-1 7 , WRB) 

325356 

e39ebc begin • • 

e1c863 if ( S E AR C H-R ST-N-1 7 = '0') then 



Chapter 6: Chip Source Code 6-47 



--8e92 00090f 533f a8003000f Page 5 of start-re. vhd 

7da93d > SEARCH-IN-REGM7) <= ' ' ; 

a4ae0d eLsif (WRB'event and WRB= '1') then 

01fc20 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "11001111")) then 

6b3947 > SEARCH-IN-REGM7) <= DATAK0); 

8e62af end if; ■ 

9b62af end if; • 

60a8c8 

8adf82 end process S EARC H- I N1 7-PR; 

7d5 3 56 

1fd867 SEARCH-IN18-PR: p ro c e s s ( S E A R C H-RST-N-1 8, WRB) 

6d5 3 56 

91 9ebc begi n • • 

335787 if ( S E A R C H-R ST-N- 1 8 = '0') then 

bcb571 o SEARCH-IN-REG(18) <= '0'; 

aeae0d elsif (WRB'event and WRB = '1') then 

ac8767 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "11010111")) then 

8adbc0 o S E ARC H-I N-R EG ( 1 8 ) <= DATAK0); 

2962af end if; • 

7962af end if; ■ 

01a8c8 

83e20b end process SEARCH- I N 1 8-PR; 

f c5356 

7df597 SEARCH-IN19-PR: p ro c e s s ( S E A R C H-RS T-N-1 9, WRB) 

3e5356 

cc9ebc begin 

87296d if ( S E ARC H-RST-N-1 9 = '0') then 

3fe0e0 > SEARCH-IN-REGU9) <= '0'; 

35ae0d eLsif (WRB'event and WRB= '1') then 

1b82ca if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "11011111")) then 

3655d0 > SEARCH-IN-REG(19) <= DATAK0); 

ff62af end if; • 

8862af end if; • 

efa8c8 

54e620 end process S E ARCH- I N 1 9-PR; 

f 6 53 5 6 

a5af01 SEARCH-IN20-PR: p roc e s s ( S E A R C H-RST-N-2 , WRB) 

86 5 3 56 

6c9ebc begin 

af609a if ( S EARC H-RST-N-20 = '0') then 

248e35 t> S E ARCH- I N-REG ( 20 ) <= '0'; 

c4ae0d eLsif (WRB'event and WRB= '1') then 

98b1a7 if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "11100111")) then 

aebb15 > S EARCH-I N-REG ( 20 ) <= DATAK0); 

5062af end if; « 

0762af end if; - 

fca8c8 

1a6b3d end process SEARCH-IN20-PR; 

be 53 56 

ef82f1 SEARCH-IN21-PR: p r o c e s s ( S E A R C H-R S T-N-2 1 , WRB) 

065356 

ff9ebc begin * * 

b21e70 if ( SE AR C H-R ST-N-2 1 = '0') then 

80dba4 > S E ARC H-I N-R EG ( 2 1 ) <= '0'; 

c0ae0d eLsif (WRB'event and WRB= '1') then 

c2b40a if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "11101111")) then 

4e3505 > SEARCH-I N-REG ( 21 ) <= DATAK0); 

9d62af end if; - 

b262af end if; • 

04a8c8 

126f16 end process SEARCH-IN21-PR; 

4c 5356 

5ef4e1 S EARCH-I N22-PR : p ro c e s s ( S EARC H-R ST-N-2 2 , WRB) 

be 5356 

9e9ebc begin 

2c9d4e if ( S E A RC H-RST-N-2 2 = '0') then 

012517 > SEARCH-IN-REG(22) <= '0'; 

9fae0d eLsif (WRB'event and WRB= '1') then 

52cf4d if ((CHIP-EN = '1') and (ADDSEL2 = '0') and (ADDR = "11110111")) then 

38af24 > SEARCH-IN-REG(22) <= DATAK0); 

9362af end if; - 

5d62af end if; • 

90a8c8 



6-48 



Chapter 6: Chip Source Code 



— f 1 1 c 001 f 74f a4a58003000f Page 6 of s t a r t _ r e . vhd 



c1636b 
ec5356 
81d911 
245356 
519ebc 
54e3a4 
127086 
c cae0d 
61 cae0 
bb2134 
4962af 
8262af 
f 8a8c8 
586740 
8ca8c8 
c4af 5a 
b435b2 
0a943e 
0b7ebb 
4adf37 
bf a3a0 
f c022c 
34e8a9 
d34925 
01 1187 
a1b00b 
b5e1a0 
83402c 
1 f aaa9 
940b25 
0e77b2 
06d63e 
e33cbb 
4a9d37 
0ec595 
f b6419 
f 332ef 
ae9363 
8c79e6 
bed86a 
0ad83c 
b47227 
bbaf 5a 
875356 
19b08a 
2d5356 
f7af 5a 



end process SEARCH-IN22-PR; 

SEARCH-IN23-PR: p roce s s ( S E ARC H-R ST-N-23 , WRB) 



begin 
if (S 



elsif 
if ( ( 



end 
end 



EARCH_RST-N_23 = '0') then 
SEARCH-IN-REG(23) <= ' ' ; 
(WRB'event and WRB= '1') then 

CHIP-EN = "I") and (ADDSEL2 = '0 
SEARCH-IN-REG(23) <= DATAK0) 

f; • 
f ; ■ 



) and (ADDR = "11111111")) then 



end process SEARCH-IN23-PR; 



SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 



RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 



N-0 

N-1 

N-2 

N„3 

N-4 

N-5 

N-6 

N-7 

N-8 

N-9 

N-10 

N-11 

N-12 

N-13 

N-14 

N-15 

N-16 

N_17 

N-18 

N-19 

N-20 

N_21 

N-22 

N-23 



RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST, 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 



,N and 

,N and 

.N and 

,N and 

.N and 

.N and 

.N and 

,N and 

,N and 

.N and 

,N and 

.N and 

.N and 

,N and 

.N and 

,N and 

.N and 

.N and 

,N and 

,N and 

.N and 

,N and 

.N and 

,N and 



not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 



(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 



SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 



H ( ) ) ; 
H ( 1 ) ) ; 
H ( 2 ) ) ; 
H ( 3 ) ) ; 
H(4)); 
H(5>); 
H ( 6 ) ) ; 
H ( 7 ) ) ; 
H ( 8 ) ) ; 
H ( 9 ) ) ; 
H(10) ) 
H C 1 1 )) 
H(12)) 
H(13)) 
H(14)) 
H(15)) 
H(16)) 
H(17)) 
H(18)) 
H(19)) 
H(20)) 
H(21 )) 
H(22)) 
H(23)) 



SEARCH-IN » 



<= SEARCH-IN-REG, 



end b e h ; 



Chapter 6: Chip Source Code 



6-49 



— 205d 00068e4609b80030010 Page 1 of top.vhd 



bb997d 
aa 533a 
3a917e 
5eef f 
845356 
737faf 
7511e9 
4cda83 
b0e105 
cb5356 
f fe642 
84af 5a 
c0ec7a 
712e77 
c71a55 
d52b30 
375697 
476737 
939760 
f93782 
9b4c8d 
35b47e 
696ad7 
08ea5e 
0f f367 
4ee24e 
ac737c 
1faf 5a 
abaf 5a 
d24c52 
2baf 5a 
d05356 
657e41 
bd5356 
240e4c 
9cda9c 
27af 5a 
501589 
5d81c4 
787bfe 
66da4d 
a918df 
f7e4a1 
d936e3 
ac9da4 
675681 
f78a11 
44af 5a 
a ca1 05 
21672b 
ac8b87 
a27ca3 
677a3e 
ad639f 
304718 
e3af 5a 
0da322 
8cec7a 
272e77 
a16737 
349760 
02ba aa 
d19ea8 
cc58af 
012913 
830925 
92c9d3 
d4af 5a 
a fa f 5a 
ab4d79 
ed809f 
68f8de 



Author 

Date 

Description 



Tom Vu 

09/07/97 

TOP Level for DES KEY Search array 



Library ieee; 

use IEEE.std-Logic-1164.aLL; 
use IEEE.std-Logic-arith.aLL; 
use I EEE . s t d- L og i c-uns i gned . a L L 



entity TOP i s 



port ( 



CLK 

RST-N 

BOARD-EN -• 

ALE 

ADDSEL1 • • • 

WRB 

RDB 

ADDSEL2 • ■ • 

AA-IN 

ADDR 

CHIP-ID • • • 
AA-OUT 
CHIP-AA-OUT 
DATA 



in • • ■ • s td- Logi c; 

in ■••■std-Logic; 

in ••••std-Logic; 

in ••••std-Logic; 

in ••••std-Logic; 

in ••■■std-Logic; 

in ••••std-Logic; 

in ••••std-Logic; 

in ••••std-Logic; 

in • * • • s t d- L og i c-ve c t or ( 7 downto 

in • • * ' s t d- L og i c-ve c t or ( 7 downto 

out •• -std-Logic; 

out --'Std-Logic; 

inoutt> s t d- L og i c-ve c t or ( 7 downto 



end TOP; 



architecture beh of TOP is 



type DATA8-ARRAY is array(7 downto 0) of std-Logic-vector(7 downto 0); 
type DATA7-ARRAY is array(23 downto 0) of s t d- L og i c-ve c t o r ( 6 downto 0) 



si gna L SHI FT-REG • • i 

signaL SELECT-ONE > 

signaL SEARCH-IN > 

signaL SEARCH-OUT o 

signaL CLEAR-SEARCH 

signaL PT-XOR-MASK 

signaL PT-BYTE-MASK 

signaL PT-VECTOR ■ ■ 

signaL C0 ■ 

signaL C1 •• ■ 



signaL USE-CBC > > 
signaL EXTRA-XOR> 
signaL TEMPS > > 
signaL KEY > > 
•signaL DATAOt> > 
• signaL DATAI > > 
signaL ADDR-KEY>> 

component SEARCH-UNIT 

port( - - CLK 

RST-N 

WRB 

RDB 

SEARCH 

PT-BYTE-MASK 

PT-XOR-MASK • 

ADDR-KEY • • ■ ■ 

EXTRA-XOR - • • 

USE-CBC 



DATA8-ARRAY; 

: s t d- L og i c-ve c t or ( 23 downto 0) 
std-Logic-vector(23 downto 0); 
std-Logic-vector(23 downto 0); 
std-Logic-vector(23 downto 0); 
: std-Logic-vector(63 downto 0); 
std-Logic-vector(7 downto 0); 
std-Logic-vector(255 downto 0); 
std-Logic-vector(63 downto ) ; 
std-Logic-vector(63 downto 0); 

std-Logi c; 

std-Logi c; 

std-Logi c; 

std-Logic-vector(55 downto 0); 

s t d- L og i c-vec t or ( 7 downto 0); 

s t d- Log i c-vec t or ( 7 downto 0); 

DATA7-ARRAY; 



DATAI 

PT-VECTOR 

C0 



i n 

i n 

i n 

i n 

i n 

i n 

i n 

i n 
i n 
i n 



std-Logi c; 

std-Logi c; 

std-Logi c; 

std-Logi c; 

std-Logi c; 

std-Logic-vector(7 downto 0); 

s t d- Log i c-vec to r ( 63 downto 0) 

s t d- L og i c-vec to r ( 6 -downto 0) 

•std-Logic; 

• std-Logic ; 



std-Logic-vector(7 downto 0); 
std- Logi c-vec tor ( 255 downto 0) 
std-Logic-vector(63 downto 0); 



6-50 



Chapter 6: Chip Source Code 



--acfd 0006a1a758a80030010 Page 2 of top.vhd 



e637cb 
c c33a4 
706b53 
cf c5f c 
1e60f9 
47737c 
6daf 5a 
cf e2c6 
8daf 5a 
62af 5a 
D76102 
3ccba7 
e51a55 
3a2b30 
485697 
a26737 
d09760 
c13782 
e64c8d 
c3b47e 
976ad7 
3d053a 
1 1 8f 32 
42be0c 
7a8f 53 
9e6aef 
96a049 
b5f 367 
4bea5e 
2aa f 5a 
03af 5a 
60596c 
84a457 
46e186 
d4f 79c 
dc3889 
63ec cb 
6da1b1 
f7763f 
d03b45 
9bd132 
2b9c48 
b94bc6 
8f06bc 
e59739 
0dda43 
1057bd 
765102 
555ac3 
3d5c7c 
874d41 
7b4bf e 
b0403f 
4d4680 
986245 
4664f a 
438033 
89868c 
1 f 8d4d 
f08bf2 
81ac07 
88a365 
61737c 
0aaf 5a 
bee2 c6 
79af 5a 
aa0f 89 
b291 14 
f34a4b 
432dd5 
33c652 
6aed26 



C1 


* : in 


SEARCH-OUT 


• : out 


CLEAR-SEARCH • • 


- - - > 


SELECT-ONE * • > 
DATAO 


: out 
■ : out 



•••■); 

end component 



component UPI 
port( --RST-N 



s t d- Log i c-vec tor ( 63 downto 0) 
•std-Logic; 

out '••■std-logic; 
•std-logic; 
s t d- L og i c-vec t or ( 7 downto 0) 



BOARD-EN : 

ALE : 

ADDSEL1 : 

WRB : 

RDB : 

ADDSEL2 : 

AA-IN : 

ADDR : 

CHIP-ID : 

SELECT-ONE : 

SEARCH-IN : 

SEARCH-OUT : 

CLEAR-SEARCH • • > : 

EXTRA-XOR : 

USE-CBC : 

CHIP-AA-OUT • • • > : 
AA-OUT : 



.XOR-MASK 

.BYTE-MASK 

.VECTOR 



DR-KEY0 

DR-KEY1 

DR-KEY2 

DR-KEY3 

DR-KEY4 

DR-KEY5 

DR-KEY6 

DR-KEY7 

DR-KEY8 

DR-KEY9 

DR-KEY10 

DR-KEY11 

DR-KEY12 

DR-KEY13 

DR-KEY14 

DR-KEY1 5 

DR-KEY16 

DR-KEY17 

DR-KEY18 

DR-KEY19 

DR-KEY20 

DR-KEY21 

DR-KEY22 

DR-KEY23 

TAI 

TAO 



end component; 

begin 
UPI0: UPI 
port map ( 

RST-N • • 

BOARD-EN 

ALE 



1 n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
OUT 
i n 
i n 
out 
out 
out 
out 



out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

i n 

out 



std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 



s t 
s t 

St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
S t 
St 
St 
St 

s t 

St 
St 
St 

std-L 
• std- 



ogu; 

ogic; 

ogi c; 

ogi c; 

ogic; 

ogi c; 

ogic; 

ogi c ; 

ogi c-vector(7 

ogic-vector(7 

ogi c-vector(23 

og i c-vec tor ( 23 

ogi c-vec tor ( 23 

ogi c-vec tor ( 23 

ogic; 

ogic; 

ogic; 

ogic; 



downto I 
downto I 
downto 
downto 
downto 
downto 



); 

); 

0); 

0); 

0); 

0); 



Logic 



i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c-vec 
i c_vec 
i c-vec 
i c-vec 
i c_vec 
i c-vec 
i c-vec 
i c-vec 
vector 
-vec to 



tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

(7 d 

r(7 



63 down 
7 down t 
255 dow 
63 down 
63 down 

• down 

• down 

- down 

• down 

• down 

■ down 

• down 

• down 

- down 

• down 
-down 

■ down 

• down 

• down 

■ down 

• down 

• down 

• down 

• down 

• down 

- down 

■ down 

• down 

■ down 
own to 
downto 



to 
o 0) 
n t o 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
to 
); 
0) 



> RST-N, 

> BOARD-EN 

> ALE, 



Chapter 6: Chip Source Code 6-51 



--45ab 0005d8a996b8003001 Page 3 of top.vhd 

a9d50f ADDSEL1 => ADDSEL1, 

1b14b5 WRB => WRB, 

b07402 RDB => RDB, 

0aa93e ADDSEL2 => ADDSEL2, 

2e9c40 ADDR => ADDR, 

a39156 CHIP-ID => CHIP-ID, 

a3b23e SEARCH-IN ■■■■> => SEARCH-IN, 

ed0bbe SELECT-ONE •> => SELECT-ONE, 

32c3de SEARCH-OUT •-••>=> SEARCH-OUT, 

657dc4 EXTRA-XOR > => EXTRA-XOR, 

2d4a03 USE-CBC • •••> => USE-CBC, 

a80130 CLEAR-SEARCH • - • => CLEAR-SEARCH, 

244f03 AA-IN ••••> => AA-IN, 

772945 AA-OUT > => AA-OUT, 

014dfc CHIP-AA-OUT •••>=> CHIP-AA-OUT, 

59af 5a 

0a0949 PT-XOR-MASK -••-=> PT-XOR-MASK, 

ea084d PT-BYTE-MASK => PT-B YT E-M A S K, 

1e415b PT-VECTOR => PT-VECTOR, 

15cc6e C0 => C0, 

463f ef C1 => C1 , 

f36a1c ADDR-KEY0 => ADDR_KEY(0) , 

9b6523 ADDR-KEY1 => ADDR-KEYd) , 

d67462 ADDR-KEY2 => ADDR-KEYC2) , 

437b5d ADDR-KEY3 => ADDR-KEY(3) , 

e356e0 ADDR-KEY4 => ADDR-KEY(4) , 

f259df ADDR-KEY5 => ADDR_KEY(5) , 

a6489e ADDR-KEY6 => ADDR-KEY(6) , 

9947a1 ADDR-KEY7 => ADDR-KEY(7) , 

1013e4 ADDR-KEY8 => ADDR-KEY(8) , 

1b1cdb ADDR-KEY9 => ADDR-KEY(9) , 

d0f618 ADDR-KEY10 => A D D R-KE Y ( 1 ) , 

bab1e7 ADDR-KEY11 => A D D R-KE Y ( 1 1 ) , 

f979e6 ADDR-KEY12 => A D D R-KE Y ( 1 2 ) , 

aa3e19 ADDR-KEY13 => AD D R-KE Y ( 1 3 ) , 

dce1f5 ADDR-KEY14 => A D D R-KE Y ( 1 4 ) , 

a8a60a ADDR-KEY15 => A D D R-KE Y ( 1 5 ) , 

d06e0b ADDR-KEY16 => A D D R-KE Y ( 1 6 ) , 

8e29f4 ADDR-KEY17 => A D D R-KE Y ( 1 7 ) , 

e6d9c2 ADDR-KEY18 => A D D R-KE Y ( 1 8 ) , 

8b9e3d ADDR-KEY19 => A D D R-KE Y ( 1 9 ) , 

96e759 ADDR-KEY20 => A D D R-KE Y ( 20 ) , 

bfa0a6 ADDR-KEY21 => A D D R-KE Y ( 2 1 ) , 

4168a7 ADDR-KEY22 => AD D R-KE Y ( 22 ) , 

e12f58 ADDR-KEY23 => A D D R-KE Y ( 23 ) , 

a70cd DATAI => DATAI, 

e15edf DATAO => DATAO 

0f 737c ); 

a3a f 5a 

2b5 3 56 

fa1c46 gen0: for i in to 23 generate 
3601bf SEARCH-UNITX: SEARCH-UNIT 

c72b2b port map(CLK => CLK, 

57a41e RST-N => RST-N, 

528a27 WRB = > WRB, 

b87e43 RDB => RDB, 

0aba0c PT-BYTE-MASK ••••=> PT-BYTE-MASK, 

ecda55 PT-XOR-MASK => PT-XOR-MASK, 

17b2a2 SEARCH => S E A R C H- I N ( i ) , 

a8e424 SELECT-ONE => S E LE C T-ON E ( i ) , 

c964e3 ADDR-KEY => ADDR-KEY(i), 

2ff394 EXTRA-XOR t> => EXTRA-XOR, 

7b93d0 USE-CBC > => USE-CBC, 

62d83c • 

4b0cc1 DATAI => DATAI, 

6bc7fa PT-VECTOR => PT-VECTOR, 

408f81 C0 => C0, 

eb5c94 C1 => C1, 

fd082a SEARCH-OUT => S E ARC H-OUT ( i ) , 

d7b652 CLEAR-SEARCH • • • • => C L E AR-S E A R C H ( i ) 

2e5edf DATAO => DATAO 

5d737c ••••); 



6-52 Chapter 6: Chip Source Code 



— 6a27 0012f356e1 f 80030010 Page 4 of top.vhd 

fc7522 end generate ; 

75 5 356 

722595 • DATAI <= DATA; 

6b598a -DATA <= DATAO when (RDB = '0' and ADDSEL2 = '0') else (others => 'Z'); 

92b08a end beh; 

f 05 3 56 

17af5a 
5aa f 5a 
2f af 5a 



Chapter 6: Chip Source Code 



6-53 



f1c1 00070f ef 0C68003001 1 Page 1 of upi.vhd 



bb997d 
aa533a 
f06e63 
704774 
b65356 
407f af 
6411e9 
b3da83 
a0e1 05 
325356 
4be38a 
0eaf 5a 
31cba7 
392d12 
227852 
3a61d0 
3a3455 
44c402 
f 200c5 
69f f 5d 
37a88e 
ec8827 
70b08d 
30c3c4 
5bf 5bb 
c9af 5a 
68b93c 
6977f0 
896aef 
09a049 
121892 
dd57ed 
c346a7 
077409 
ca9c20 
a15335 
0ae24a 
78af 30 
ef78be 
4935c4 
b9df b3 
f692c9 
164547 
e9083d 
4299b8 
dad4c2 
b9593c 
7e5f83 
5b5442 
3252fd 
9343c0 
b2457f 
934ebe 
344801 
1c6cc4 
956a7b 
ab8eb2 
3c880d 
2c83cc 
218573 
477bf e 
555cbe 
c3737c 
4f af 5a 
a0af 5a 
782f c5 
08af 5a 
f35356 
d17b89 
605356 
94af 5a 
70af 5a 



Author • • • • • 

Date 

Descriptioni 



Tom Vu 
09/19/97 • 

UProcessor 



interface 



Library ieee; 

use IEEE. std-logic-1164. all; 
use IEEE. std-logic-arith. all; 
use I EEE . s t d- I og i c-un s i gned . a I I 



entity UPI is 



port( 



RST-N 

BOARD-EN • • • 

ALE 

ADDSEL1 

WRB 

RDB 

ADDSEL2 

AA-IN 

ADDR > 

CHIP-ID 
SEARCH-OUT ■ 
CLEAR-SEARCH 
SELECT-ONE • 



^ n 
i n 
i n 
i n 
i n 
i n 



i n 



AA- 

CHI 

EXT 

USE 

SEA 

PT- 

PT- 

PT- 

C0 

C1 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

DAT 

DAT 



OUT 

P-AA-OUT 
RA-XOR • • 

-CBC 

RCH-IN - - 
XOR-MASK 
BYTE-MASK 
VECTOR ■ • 



R-KEY0 

R-KEY1 

R-KEY2 

R-KEY3 

R-KEY4 

R-KEY5 

R-KEY6 

R-KEY7 

R-KEY8 

R-KEY9 

R-KEY10 

R-KEY11 

R-KEY12 

R-KEY13 

R-KEY14 

R-KEY1 5 

R-KEY16 

R-KEY17 

R-KEY18 

R-KEY19 

R-KEY20 

R-KEY21 

R-KEY22 

R-KEY23 

AI 

AO 



out 

out 

out 

out 

OUT 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

i n 

out 



• ) 



end UPI; 



std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 

i n 
std- 

std- 
std- 
std- 
std- 
■ std 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 



ogi 
ogi 
og i 
og i 
og i 
ogi 
ogi 
og i 
og i 
og i 
ogi 

og i 



-vector(7 downto 0); 
-vector(7 downto 0); 
-vector(23 downto 0); 
td- log i c-vector ( 23 downto 0) 
-vector(23 downto 0); 



ogi c 
ogi c 
ogi c 
og i c 
I og i 
og i c 
ogi c 
ogi c 
og i c 
og i c 
ogi c 
ogi c 
ogi c 
og i c 
ogi c 
ogi c 
ogi c 
ogi c 
og i c 
og i c 
ogi c 
ogi c 
og i c 
og i c 
og i c 
ogi c 
ogi c 
og i c 
og i c 
og i c 
ogi c 
ogi c 
ogi c 
og i c 
og i c 
og i c 



c-vec t o 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 



r(23 
63 d 
7 do 
255 
63 d 
63 
6 



downto 
own to 
wn to ) 
downto 
own to 
own to 
own to 
own to 
own to 
ownto 
ownt o 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
wn t o ) 
wn t o ) 



architecture beh of UPI is 



6-54 



Chapter 6: Chip Source Code 



9953 00085f 7c1db80030011 Page 2 of upi.vhd 



b1 1 f 14 
cf 1b46 
a9af 5a 
c00c34 
2b14be 
943782 
d5748f 
3eb47e 
c8af 5a 
83eccb 
c9a1b1 
59763f 
903b45 
7bd132 
449c48 
684bc6 
9506bc 
2c9739 
58da43 
b157bd 
0a5102 
645ac3 
785c7c 
844d41 
a34bf e 
ab403f 
2b4680 
446245 
5164f a 
378033 
02868c 
128d4d 
08a27f 
85737c 
3ae2c6 
a4d83c 
94af 5a 
5323a1 
3dcba7 
be1a55 
502b30 
d55697 
0d6737 
f 19760 
213782 
d14c8d 
d5b47e 
8b6ad7 
9bbe0c 
f 3053a 
bdf c73 
9f af 5a 
25bcc9 
b9ea5e 
dec420 
606aef 
43a049 
b3596c 
a1a457 
a8e186 
37f 79c 
2d3889 
774d79 
8660f 9 
5c737c 
15e2c6 
35af 5a 
23d83c 
b4af 5a 
6d9b9d 
be c ba 7 
85748f 



signal S E ARC H- I N-BAK 
signal CHIP-EN >> 

component ADDR-KEY 
por t ( • • 

ADDSEL2 

CHIP-EN 

ADDR ■ 



std. 
std. 



log i c-vec tor ( 23 -downto 0) 
I o g i c ; 



ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

end componen 



-KEY0 

-KEY1 

-KEY2 

-KEY3 

-KEY4 

-KEY5 

-KEY6 

-KEY7 

-KEY8 

-KEY9 

-KEY10 

-KEY1 1 

-KEY12 

-KEY13 

-KEY14 

-KEY1 5 

-KEY16 

-KEY17 

-KEY18 

-KEY19 

-KEY20 

-KEY21 

-KEY22 

-KEY23 

t ; 



component REG-RDWR 

port( ■ • RST-N 

BOARD-EN • 

ALE 

ADDSEL1 • • 

WRB 

RDB 

ADDSEL2 • • 

AA-IN 

ADDR 

CHIP-ID • • 

SEARCH-OUT 

SELECT-ONE 

SEARCH-IN 



CHIP-EN 

AA-OUT 

CHIP-AA-OUT 
EXTRA-XOR • - 

USE-CBC 

PT-XOR-MASK 
PT-BYTE-MASK 
PT-VECTOR • ■ 

C0 

C1 

DATAI 

DATAO 



) ; 



end component 



component -START-REG 

port ( • - RST-N 

CHIP-EN 



i n ■ 






std-logic; 




i n • 






std-logi c ; 




i n • 






s t d- I og i c-vec t or ( 7 downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vec tor (6 


downto ) ; 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto ) ; 


out 






std-logi c-vector(6 


downto ) ; 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto ) ; 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto 0); 


out 






std-logi c-vector(6 


downto ) 



i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 
i n 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

i n 

out 



std-logi c; 

std-logi c; 

std-logi c; 

std-logi c ; 

std-logi c ; 

std-logi c; 

std-logi c ; 

std-logic; 

std-logic-vector(7 downto ) ; 

std- log i c-vec tor ( 7 downto 0); 

std-logic-vector(23 downto ) ; 

std-logic-vector(23 downto ) ; 

• s t d_ I og i c_ve c t o r ( 23 downto 0) 

std-logi c; 
std-logi c; 
std-logi c; 
std-logi c; 
std-logi c; 

std-logic-vector(63 downto 0); 
std-logic-vector(7 downto 0); 
std- log i c-vec tor ( 255 downto 0) 
std-logic-vector(63 downto 0); 
s t d- I og i c-vec t or ( 63 downto 0); 
s t d- I og i c-vec t o r ( 7 downto 0); 
std- log i c-vec tor ( 7 downto 0) 



std-logi c; 
std-logi c; 



Chapter 6: Chip Source Code 6-55 



— 5396 0005b5219318003001 1 Page 3 of upi.vhd 

5 d 6 7 3 7 WRB : in ••••std-logic; 

dd3782 ADDSEL2 : in - • • • s t d- I og i c ; 

5cb47e ADDR : in ■ • ■ • std-Logic-vector(7 downto 0); 

5981d2 CLEAR-SEARCH •••: in ••••std-logic-vector(23 downto ) ; 

baaf 5a 

b58af1 SEARCH-IN : OUT - - • • s t d- L og i c-ve c t o r ( 2 3 downto 0) 

1b25bf DATAI : in std-logi c-vector(7 downto 0) 

ca737c ••••); 
01e2c6 end component; 
89af 5a 
3b0f89 begin 

37 5 3 56 

81e5b8 ADDR-KEYX : ADDR-KEY 
1 04a4b port map( 

4dc99d ADDSEL2 => ADDSEL2, 

341404 CHIP-EN => CHIP-EN, 

639c40 ADDR => ADDR, 

88af 5a 

e7bffa ADDR-KEY0 => ADDR-KEY0, 

2b4c7b ADDR-KEY1 => ADDR-KEY1, 

8650e9 ADDR-KEY2 => ADDR-KEY2, 

bda368 ADDR-KEY3 => ADDR-KEY3, 

1d69cd ADDR-KEY4 => ADDR-KEY4, 

cf9a4c ADDR-KEY5 => ADDR-KEY5, 

f386de ADDR-KEY6 => ADDR-KEY6, 

b3755f ADDR-KEY7 => ADDR-KEY7, 

C01b85 ADDR-KEY8 => ADDR-KEY8, 

94e804 ADDR-KEY9 => ADDR-KEY9, 

db75b1 ADDR-KEY10 => ADDR-KEY10, 

028630 ADDR-KEY11 => ADDR-KEY11, 

239aa2 ADDR-KEY12 => ADDR-KEY12, 

C76923 ADDR-KEY13 => ADDR-KEY13, 

f1a386 ADDR-KEY14 => ADDR-KEY14, 

125007 ADDR-KEY15 => ADDR-KEY15, 

0a4c95 ADDR-KEY16 => ADDR-KEY16, 

bbbf14 ADDR-KEY17 => ADDR-KEY17, 

a3d1ce ADDR-KEY18 => ADDR-KEY18, 

de224f ADDR-KEY19 => ADDR-KEY19, 

12c236 ADDR-KEY20 => ADDR-KEY20, 

6b31b7 ADDR-KEY21 => ADDR-KEY21, 

e42d25 ADDR-KEY22 => ADDR-KEY22, 

792d66 ADDR-KEY23 => ADDR-KEY23 

30a8ec > ); 

41af 5a 

130fd0 REG-RDWRX : REG-RDWR 

c3b1c0 port map(RST-N => RST-N, 

c4c652 BOARD-EN => BOARD-EN, 

8fed26 ALE => ALE, 

53d50f ADDSEL1 => ADDSEL1, 

bb14b5 WRB => WRB, 

0c7402 RDB => RDB, 

79c99d ADDSEL2 => ADDSEL2, 

98c77b AA-IN => AA-IN, 

479c40 ADDR => ADDR, 

639156 CHIP-ID => CHIP-ID, 

59f877 SEARCH-OUT => SEARCH-OUT, 

5e4270 SELECT-ONE => SELECT-ONE, 

381fc9 SEARCH-IN => S E A R C H- I N-B AK, 

19af 5a 

301404 CHIP-EN => CHIP-EN, 

f3e285 AA-OUT => AA-OUT, 

11750c CHIP-AA-OUT ■•-•=> CHIP-AA-OUT, 

272b3b EXTRA-XOR => EXTRA-XOR, 

89b843 USE-CBC => USE-CBC, 

320949 PT-XOR-MASK •••-=> PT-XOR-MASK, 

25084d PT-BYTE-MASK • • • => PT-B YT E-M AS K, 

f4415b PT-VECTOR => PT-VECTOR, 

accc6e C0 => C0, 

313fef C1 => C1, 

7ef6a8 DATAI => DATAI, 

6a8c67 DATAO => DATAO 

5b737c •••■); 



6-56 Chapter 6: Chip Source Code 



--25a4 001321 1398f 8003001 1 Page 4 of upi.vhd 

789938 START-REGX : -START-REG 

6cb1c0 port map(RST-N => RST-N, 

7d1404 CHIP-EN => CHIP-EN, 

0414b5 WRB => WRB, 

f1c99d ADDSEL2 => ADDSEL2, 

bd9c40 ADDR => ADDR, 

600130 CLEAR-SEARCH • • • => CLEAR-SEARCH, 

38af 5a 

b71fc9 SEARCH-IN => S E A R C H- I N-B A K, 

2a6bdf DATAI => DATAI 

d 7 7 3 7 c ■•••); 

e689ea SEARCH-IN <= SEARCH-IN-BAK; 

ecb08a end ben; 

c 95 356 

32af 5a 




Chip Simulator Source Code 



This chapter contains C-language software that simulates the operation of the cus- 
tom DES Cracker chip. This software is useful for showing people how the chip 
works, and to make test-vectors to let machines determine whether chips are 
properly fabricated. 

We wrote this simulator before the chip was designed, to explore different design 
ideas. It should produce results identical to the final chips. We designed it for clar- 
ity of description, and flexibility in trying out new ideas, rather than speed. If you 
don't understand how the chip works, you can try some experiments by building 
this software on an ordinary PC or Unix machine with an ordinary C compiler, 
such as Borland C++ 3.1. 

Building physical chips is an error-prone process. Each chip might be contami- 
nated by dust or flaws in the silicon materials. There's no way to tell whether a 
given chip will work or not, without trying it out. So chip-building companies 
require that when you design a chip, you also provide test vectors. These list the 
voltages to put on each input pin on the chip, and how the chip-testing machine 
should vary them over time. The vectors also specify exactly what output signals 
the chip-tester should be able to measure on the chip's output pins. If the chip 
tester feeds all the input signals to the chip, step by step, and sees all the corre- 
sponding output signals, the chip "passes" the test. If any output signals differ 
from the specification, the chip "fails" the test and is discarded. 

Passing such a test doesn't prove that a chip has been fabricated correctly. It only 
proves that the chip can run the small set of tests that the designer provided. Cre- 
ating test vectors which verify all parts of a chip is an art. The expense of testing a 
chip is proportional to the size of the tests, so they are usually short and direct. 
Thus, they also act as small examples that you can use to explore your under- 
standing of how the chip works. 

Chapter 4, Scanning the Source Code, explains how to read or scan in these docu- 
ments. 



7-1 



7-2 Chapter 7: Chip Simulator Source Code 



— 9a44 0014b4364e180040001 Page 1 of MANIFEST 

7bf681 1 MANIFEST 

63b635 2 README 

476ecc 3 blaze. scr 

8a49aa 4 cbd . sc r 

581046 5 cbc2 . scr 

Ifeade 6 cbc3.scr 

868e30 7 des.c 

f3db2a 8 des.h 

bbf 31 a 9 ecb. scr 

039f 0d 10 mini.scr 

02ce39 11 mi sc . c 

60fc96 12 mi sc . h 

b5 1 b5d 13 random .scr 

c f b60c 14 ref . c 

aa84bd 15 sim.c 

0beac5 16 sim.h 

4b2104 17 testvec.c 



Chapter 7: Chip Simulator Source Code 7-3 



--926a 0011 c402f 8d80040002 Page 1 of README 

e0af 5a 

3f1c37 testvec.c (compile with sim.c and des.c): -Generates and runs test 

9a0001 vectors. -This program will both run existing input vectors, or- 

08239f generate new ones (either randomly or from a script). 'When compiled 

c43481 under DOS, it can either produce Unix (LF only) or DOS (CR/LF) 

37d2c3 output files (select with the RAW parameter) 

a1 af 5a 

26a7b8 To run the ecb.scr sample script and: 

473eef --Store test vectors which go to the chip in TOCHIP.EXT 

5b66ea -Store test vectors received from the chip in FROMCH I P . EXT, 

0763b5 • ■ Produce Unix-style output (LF only) 

9e1741 --Store debugging output in debug. out. 

10af 5a 

f 46e57 • • - - rm *. EXT 

a1f54e •■■•testvec TOCHIP.EXT FROMCHIP.EXT RAW < ecb.scr > debug. out 

c7ed9a 

1ff74b If TOCHIP.EXE already exists when the program is run, it will 

917018 read it (instead of expecting a script from stdin). 

60af 5a 

b4a916 Use the script random. scr to produce a random test vector, e.g.: 

b7bdcd ••••testvec TOCHIP.EXT FROMCHIP.EXT RAW < random. scr > debug. out 

52af 5a 

d7ecf1 

b3af 5a 

4eaf 5a 

b0a8a2 ref.c (compile with des.c misc.c): -Runs test scripts (.scr files) 

0b7e68 and prints any keys that match. -This is basically a stripped-down 

abd9fb test vector generator for debugging purposes. -(It doesn't make any 

9749f1 attempt to match timings.) 

2caf 5a 

1 ca f 5a 



7A 



Chapter ": Chip Simulator Source Code 



--a854 001 ab3b1 25780040003 Page 1 of blaze. scr 



95a107 
2e79b3 
1 59ec4 
7e10d0 
690908 
9cb374 
ebed5e 
72af 2d 
a25b0d 
f a2f cc 
2b6f6b 
f 8af 5a 
49af 5a 
29c4d8 
84c98d 
b1422d 
89c4e2 
f 7e1db 
58e46f 
f f0795 
505b42 
7f a3b9 
f6f 44d 
ea8b9b 
aba f 5a 



1 02 03 04 05 06 07 10 11 12 13 14 15 16 1720 21 22 23 24 25 26 2730 31 32 I 



33 34 35 36 3740 41 



3456789ABCDEF0 
3456789ABCDEF0 



1 

1 

01020304050607 
8000 



42 43 44 45 46 4750 51 52 53 54 55 56 57 

1 XOR MASK 

1 Ciphertext 

1 Cipher-text 1 

1 Plaintext byte mask 

1 use CBC 

1 extra XOR 

1 don't seed PRNG (use this input file) 

1 starting key 

1 number of clocks 



d6 e9 89 fa ■ ' D E S_D E C R Y PT ( k = D02 03040 5 06 1 2 , c = 1 2 34 5 6789 AB C D E F0 ) =B8 C0 1B 3E 35 I 

DB 2F DE 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 I 

15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 21 
F30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 I 
4A 4B 4C 4D 4E 4F50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 641 
-65 66 67 68 69 6A 6B 6C 6D 6E 6F70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 71 
F 80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F90 91 92 93 94 95 96 97 98 99 I 
9A 9B 9C 9D 9E 9F -A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AFB0 B1 B2 B3 Bl 
4 B5 B6 B7 B8 B9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CEI 
■CFD0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 El 
9 EA EB EC ED EE EFF0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE- 



Chapter 7: Chip Simulator Source Code 



7-5 



— a728 0015c860f 9980040004 Page 1 of cbd.scr 



00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 11 
A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34I 
•35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E I 
bc6d97 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 61 
a1cb67 9 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 83I 
84 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B #9C 9DI 
9E 9F A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 I 



f64ce1 
b53734 
5f0653 



b32164 
d8a908 



babb7d B8 B9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 Dl 



54b467 

c890fe 

2f281f 37393b51def84190 

1810d0 123456789ABCDEF0 

596a3f 0102030405060708 



2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB ECI 
•ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF 

XOR MASK 

Ciphertext 

Ciphertext 1 

Plaintext byte mask 

use CBC 

extra XOR 

don't seed PRNG (use this input file) 

starting key 

number of clocks 



b98c19 00 

56cdad 1 

b0d84f 

095b0d 1 

322fcc 01020304050607 

359df9 10000 

5caf 5a 



7-6 



Chapter 7: Chip Simulator Source Code 



~a112 00101ebc6db8( 



5 Page 1 of cbc2.scr 



00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 11 
A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 341 
•35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E I 
bc6d97 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 61 
a1cb67 9 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 831 
237dda -84 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D I 
23435f 9E 9F A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 Bl 
1ce1f9 8 B9 BA # BB BC BD BE BF C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 I 
80796d D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB El 
0b8b2a C ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF 



f 64ce1 
b53734 
5f 0653 



56ac5f 423412341234123F 
0b327c 0000000000000000 
1578345691832465 

04 

1 



ee53f 1 
23e767 
20cdad 
00d84f 
795b0d 
12de95 
309df9 
01af 5a 



FFFFFFFFFFFFFi 

1 0000 



XOR MASK 

Ciphertext 

Ciphertext 1 

Plaintext byte mask 

use CBC 

extra XOR 

don't seed PRNG (use this input file) 

starting key 

number of clocks 



Chapter 7: Chip Simulator Source Code 



7-7 



3fb8 001348ab9e680040006 Page 1 of cbc3.scr 



2c9f3b 
bd57bd 
1b6f b2 
6e57e8 
753dfa 
958c0a 
09fa11 
473f 52 
638b27 
3745a7 
1d2ba4 
d6b12c 
72cdad 
37d84f 
e85b0d 
afa481 
e49df9 
34af 5a 



00 01 02 03 04 05 07 08 09 0D 0E 0F 10 11 12 14 15 17 1A 1B 1C 1D 1F 20 21 24 21 
5 28 29 2A 2B 2C 2E 30 31 32 35 36 37 39 3A 3C 3D 3E 40 42 43 44 45 48 49 4A 4BI 
•4C 4F 50 51 53 54 56 57 58 59 5C 5D 5F 61 62 63 64 66 67 69 6B 6C 6D 6F 70 71 I 
72 73 77 78 7A 7B 70 7E 7F 80 82 86 87 89 8A 8B 8C 8D 8E 90 92 93 94 95 97 98 91 
9 9A 9B 9E 9F A0 A2 A3 A4 A5 A6 A8 AA AC AD AE AF B0 B1 B3 B4 B7 B8 B9 F8 F9 FAl 
• FB FC FD FF BB BC BD BE C0 C1 C3 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 I 
D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 ft E5 E6 E7 E8 E9 EA EB EC EDI 
•EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF 



0124801248012480 
FFFFFFFFFFFFFFFF 



XOR MASK 

Ciphertext 

Ciphertext 1 

Plaintext byte mask 

use CBC 

extra XOR 

don't seed PRNG (use this input file) 

starting key 

numbe r of clocks 



7-8 



Chapter 7: Chip Simulator Source Code 



Software Model of ASIC DES Implementation. * 

* 

Written by Paul Kocher, Tel: 415-397-0111, Email: pauiacryptography.com ■* 
* 

***************************************************************** 



IMPLEMENTATION NOTES 



This DES implementation adheres to the FIPS PUB 46 spec and produces 
standard output. -The internal operation of the algorithm is quite • 
different from the FIPS. -For example, bit orderings are reversed ■■ 
(the right-hand bit is now labelled as bit 0), the S tables have ••■ 
rearranged to simplify implementation, and several permutations have 
been inverted. -No performance optimizations were attempted. 



REVISION HISTORY 



* ■ -Version 1.0: 

* ■ -Version 1.1: 

* • -Version 1.2: 

******•**********: 



#include <stdio.h> 
//include <stdlib.h> 
//include <string.h> 
//include "des.h" 



b787 000d22ad6f 780040007 Page 1 of des.c 



8d2d03 
d729eb 
b2074d 
4a29eb 
9f 9048 
ce29eb 
e7489b 
de29eb 
c515cb 
3429eb 
987602 
a90da9 
9a876e 
a41be6 
06b9c7 
44966d 
1829eb 
3e489b 
aa29eb 
496eef 
ba29eb 
0bc443 
d7b74c 
fa5c27 
e0d8c3 
9aaf 5a 
a8af 5a 
00f eb2 
a3bea3 
94324c 
e92bac 
f baf 5a 
f 77461 
6d84a3 
57ccf a 
741 504 
1 c07da 
f e017b 
ef94f e 
7f 7f ae 
25abe7 
fdfd9c 
662f 30 
ad43bc 
39af 5a 
ef c223 
f 5af 5a 
7caf 5a 
84af 5a 
d84d6c 
a5c68f 
033c1a 
14c68f 
264d6c 
6faf 5a 
76af 5a 
8838e5 
aa 5 56a 
30495d 
09c166 
829d69 
10c827 
4b38ae 
2b6de0 
f 5b247 
c7e709 
28829e 
481 1 f f 
2882f 7 
39af 5a 
95af 5a 
d238e5 



*************•**: 



************** 



Initial release •-- PCK. 

Altered DecryptDES exchanges to match EncryptDES 
Minor edits and bea u t i f i c a t i ons . • -- PCK 

************************************************* 



— PCK 



*/ 



stat i 
stati 
sta t i 
stati 
stati 
stati 
stati 
stati 
stati 
stati 
stati 
stati 



void 
void 
void 
voi d 
voi d 
voi d 
voi d 
vo i d 
void 
voi d 
void 
void 



ComputeRoundKeyCbool roundKeyC56D, bool keyL"56]); 
RotateRoundKeyLeftCbool roundKey[56D); 
RotateRoundKeyRightCbool roundKeyC56]); 
ComputelPCbool LC32], bool R L" 3 2 ] , bool i n B I k L" 6 4 II ) ; 
ComputeFPCbool outBlk[64], bool LC32D, bool R C 3 2 ] ) ; 
ComputeF (boo I foutC32D, bool RC323, bool roundKey C 56] ) 
ComputeP(bool outputC32], bool inputC32]); 
ComputeS_Lookup(int k, bool outputC4], bool inputC6]); 
ComputePC2(bool subkeyC48], bool roundKeyC56]); 
ComputeExpansionE(bool expandedBlockC48], bool R C 3 2 ] ) ; 
DumpBin(char *str, bool *b, int bits); 
Exchange_L_and_R(bool LC32], bool RC32]); 



int E na b I e D umpB i n = 



/ 
sta 



************************************************************* 



DES TABLES 



IP: Output bit tab I e_DES_I PC i ] equals input bit 



tic int 


tab I 


;_DES_IP 


164] 


= -c 




■39, -7, 


47, 


15, 55, 


23, 


63, 


31, 


■38, -6, 


46, 


14, 54, 


22, 


62, 


30, 


• 37, • 5, 


45, 


13, 53, 


21, 


61, 


29, 


•36, -4, 


44, 


12, 52, 


20, 


60, 


28, 


•35, -3, 


43, 


11, 51, 


19, 


59, 


27, 


•34, -2, 


42, 


10, 50, 


18, 


58, 


26, 


• 33, ■ 1, 


41, 


•9, 49, 


17, 


57, 


25, 


•32, -0, 


40, 


•8, 48, 


16, 


56, 


24 



Chapter 7: Chip Simulator Source Code 



7-9 



-43e9 000e1 22426b80040007 Page 2 of des.c 



ac48ca 
c0495d 
2ddd2a 
675b71 
768cd9 
b79996 
93b571 
040e3f 
62d997 
f 5ccd8 
664da9 
2d82f7 
7baf 5a 
b0af 5a 
0f38e5 
85da05 
da495d 
a40c38 
0db89e 
bb28e4 
cf8d2c 
ce1d56 
62bf91 
d72f eb 
b491e6 
b0d02f 
1782f7 
67af 5a 
16af 5a 
b638e5 
2af37a 
89495d 
097f cf 
e98889 
1b30a5 
893fa5 
dee272 
566356 
ab7786 
2a82f7 
11af 5a 
c0a f 5a 
2238e5 
9adb31 
35495d 
846a87 
78e6fb 
fa2634 
16d06b 
117fa0 
184d0d 
139708 
8a82f7 
79af 5a 
cda f 5a 
a738e5 
69c34a 
ea495d 
745137 
aaf612 
3fb9f8 
8f cde3 
d560a7 
8482f7 
79af 5a 
8eaf 5a 
d038e5 
2b6f34 
d2495d 
b71e19 
8bd69a 
e1846d 



/ 
stat 



FP: Output bit t ab I e_DE S- FP[ i 1 equals input bit 



ic int table^DES^FPC64] 



57, 
59, 
61, 
63, 



49 
51. 
53, 
55, 



43 
45 
47 
56, 48, 40 
58, 50, 42 
60, 52, 44 



41, 33, 25, 17, -9, 

35, 27, 19, 11 
37, 29, 21, 13 
39, 31. 
32, 24, 
34, 26, 

36, 28. 



62, 54, 46, 38, 30, 



23 

16 
18 
20 
22 



/ 
sta 



PC1 : Permutation choice 1, used to pre-process the key 



ti c 

• 27, 
' 26, 
' 25, 

• 24, 
•23, 
•22, 
•21, 
■ 20, 



int table^DES„PC1 [56D = -C 

19, 11, 31, 39, 47, 55, 

18, 10, 30, 38, 46, 54, 

17, -9, 29, 37, 45, 53, 

16, -8, 28, 36, 44, 52, 

15, -7, -3, 35, 43, 51, 

14, -6, -2, 34, 42, 50, 

13, -5, -1, 33, 41, 49, 

12, -4, -0, 32, 40, 48 



>/ 



/ 
sta 



>; 



/ 
static int t ab L e-DES-E C48 ] = { 



•PC2: Map 56-bit round key to a 48-bit subkey 

tic int tabLe-DES-PC2C48: = -C 

■24, 27, 20, -6, 14, 10, -3, 22, 

12, -8, 23, 

•9, 19, 25, 

29, 49, 40, 

33, 46, 35, 

55, 32, 45, 



E: Expand 32-bit R to 48 bits. 



• 0, 


17, 


•7 


16, 


26, 


■ 1 


54, 


43, 


36 


52, 


44, 


37 


28, 


53, 


51 



11, 


•5, 


' 4, 


15, 


48, 


30, 


50, 


41, 


39, 


42 



}; 



• 6, 
12. 
16. 
22, 



•1, '2. 

•7, -8, 

11, 12. 

17, 18, 



•3, 
■7, 
13, 
19, 



■ 4 

14. 

20. 



■ 3 
• 9 
15, 
19, 



23, 24, 23, 24, 25, 



28, 27, 28, 29, 30, 31, 



• 4, 
10, 
16, 
20, 
26, 



•* -P: Permutation of S table outputs 

• */ 

static int t ab I e^DES-PC 32 ] = -C 

11, 17, - 5, 27, 25, 10, 20, -0, 

13, 21, -3, 28, 29, -7, 18, 24, 
31, 22, 12, -6, 26, -2, 16, -8, 

14, 30, -4, 19, -1, -9, 15, 23 
>; 



■* -S Tables: Introduce nonlinearity and avalanche 

■ */ 

static int t ab I e-OES.S C8 ] [ 64] = { 

•-■■/* table SC0D */ 

-C --13, -1, -2, 15, -8, 13, -4, -8, 



10, 15 



1 1 



7-10 



Chapter 7: Chip Simulator Source Code 



•1 f 22 000be80f 13a80040007 Page 3 of des.c 



f 065af 
12d5b0 
5a3ee1 
d0d2b1 
8b4b6a 
0cdf 4d 
8bf 575 
cf 6234 
38decc 
7df 108 
a3d582 
fd0bbf 
137505 
9f dae7 
f35c4d 
2c01 56 
def 5dc 
62d332 
97c636 
d74850 
aef 1 a6 
5af 43f 
87d830 
f bc21d 
e2ea9b 
35bd2c 
55d567 
9b8261 
09ce60 
f ea636 
baa c1 c 
677311 
f8b1aa 
dca4b 
e8cf66 
e3aa cb 
f a2f 45 
252777 
0d82f7 
44af 5a 
88af 5a 
leaf 5a 
51af 5a 
be4d6c 
25c68f 
4e c a bf 
77c68f 
494d6c 
e8af 5a 
8aaf 5a 
9138e5 
1 1b080 
65770b 
1e495d 
5a5620 
d72b1 c 
3a9aa1 
1cbf af 
24af 5a 
eb94e2 
ebcb2a 
558f b2 
bc0a8e 
8a5585 
eea f 5a 
f4dbe 
53b264 
86af 5a 
6795d4 
070a5f 
09af 5a 
be1 340 



tab 



tab 
{ 



tab 
{ 



tab 
{ 



Le 



le 



Le 



Le 



table 



table 



tab 



0, 12, • 9, 


5, 


- 3, 


' 6, 


14, 


1 1, 


• 5, 


• 0, 


0, 


14, 


12, 


• 9, 


■ 7, 


• 2, 




7, - 2, 11, 


1 , 


•4, 


14, 


• 1 , 


• 7, 


• 9, 


' 4, 


2, 


10, 


14, 


' 8, 


• 2, 


13, 




0, 15, • 6, 


2, 


10, 


• 9, 


13, 


' 0, 


15, 


• 3, 


3, 


- 5, 


• 5, 


• 6, 


•8, 


1 1 


>, 


sen */ 






























4, 13, 11, 


0, 


■ 2, 


1 1 , 


14, 


- 7, 


15, 


• 4, 


0, 


•9, 


•8, 


- 1 , 


13, 


10, 




3, 14, 12, 


3, 


•9, 


- 5, 


• 7, 


12, 


■ 5, 


■ 2, 


0, 


15, 


• 6, 


■8, 


- 1, 


■ 6, 




1 , -6, -4, 


1, 


11, 


13, 


13, 


■8, 


12, 


• 1, 


3, 


• 4, 


• 7, 


10, 


14, 


• 7, 




0, -9, 15, 


5, 


•6, 


•0, 


•8, 


15, 


- 0, 


14, 


5, 


• 2, 


• 9, 


- 3, 


•2, 


12 


>, 


SC2D */ 






























2, 10, -1, 


5, 


10, 


• 4, 


1 5, 


- 2, 


■ 9, 


• 7, 


2, 


12, 


■ 6, 


•9, 


• 8, 


• 5, 




0, -6, 13, 


1 , 


• 3, 


13, 


• 4, 


14, 


14, 


• 0, 


7, 


1 1 , 


- 5, 


•3, 


11, 


■ 8, 




9, -4, 14, 


3, 


15, 


■2, 


•5, 


12, 


• 2, 


• 9, 


8, 


• 5, 


12, 


15, 


•3, 


10, 




7, 11, -0, 


4, 


•4, 


•1, 


10, 


-7, 


• 1, 


• 6, 


3, 


- 0, 


1 1 , 


• 8, 


"6, 


13 


>, 


SC33 */ 






























2, 14, 12, 


1 , 


■ 4, 


■ 2, 


• 1 , 


12, 


■ 7, 


• 4, 


0, 


• 7, 


1 1 , 


13, 


• 6, 


• 1, 




8, -5, • 5, 


0, 


• 3, 


1 5, 


1 5, 


10, 


13, 


■ 3, 


0, 


• 9, 


14, 


• 8, 


•9, 


• 6, 




4, 11, -2, 


8, 


• 1, 


12, 


11, 


- 7, 


10, 


■ 1, 


3, 


14, 


- 7, 


•2, 


•8, 


13, 




5, -6, -9, 


5, 


12, 


•0, 


•5, 


■9, 


' 6, 


10, 


3, 


' 4, 


•0, 


• 5 , 


14, 


• 3 


>, 


SC4] */ 






























7, 13, 13, 


8, 


14, 


1 1 , 


■ 3, 


- 5, 


•0, 


• 6, 


6, 


15, 


•9, 


■0, 


10, 


• 3, 




1 , -4, - 2, 


7, 


' 8, 


• 2, 


• 5, 


12, 


11, 


• 1 , 


2, 


10, 


•4, 


14, 


15, 


■9, 




0, -3, • 6, 


5, 


• 9, 


• 0, 


• 0, 


' 6, 


12, 


10, 


1 , 


• 1 , 


■ 7, 


13, 


13, 


•8, 




5, -9, -1, 


4, 


•3, 


■5, 


14, 


1 1 , 


• 5, 


12, 


2, 


. 7 f 


• 8, 


• 2, 


■ 4, 


14 


>, 


SC5] */ 






























0, 13, -0, 


7, 


• 9, 


•0, 


14, 


•9, 


•6, 


•3, 


3, 


■4, 


15, 


' 6, 


• 5, 


10, 




1, "2, 13, 


8, 


12, 


• 5, 


•7, 


14, 


11, 


12, 


4, 


1 1 , 


•2, 


15, 


- 8, 


• 1, 




3, ■ 1 , -6, 


0, 


■ 4, 


13, 


• 9, 


' 0, 


• 8, 


•6, 


5, 


• 9, 


• 3, 


•8, 


•0, 


■7, 




1, -4, • 1 , 


5, 


• 2, 


14, 


12, 


■ 3, 


• 5, 


11, 


0, 


• 5, 


14, 


• 2, 


•7, 


12 


>, 


SC6] */ 






























5, -3, -1, 


3, 


•8, 


•4, 


14, 


•7, 


' 6, 


15, 


1 , 


■2, 


•3, 


•8, 


• 4, 


14, 




9, 12, -7, 


0, 


'2, 


•1, 


13, 


10, 


12, 


•6, 


0, 


•9, 


•5, 


1 1 , 


10, 


•5, 




0, 13, 14, 


8, 


■ 7, 


10, 


1 1 , 


• 1 , 


10, 


• 3, 


4, 


15, 


13, 


•4, 


• 1, 


•2, 




5, 11, -8, 


6, 


12, 


■ 7, 


• 6, 


12, 


■ 9, 


• 0, 


3, 


- 5, 


- 2, 


14, 


15, 


• 9 


>, 


SH7] */ 






























4, -0, • 4, 


5, 


13, 


• 7, 


• 1 , 


■ 4, 


• 2, 


14, 


5, 


• 2, 


1 1 , 


13, 


• 8, 


■ 1 , 




3, 10, 10, 


6, 


• 6, 


12, 


12, 


1 1 , 


- 5, 


• 9, 


9, 


'5, 


• 0, 


• 3, 


• 7, 


• 8, 




4, 15, ■ 1 , 


2, 


14, 


■8, 


'8, 


■ 2, 


13, 


* 4, 


6, 


•9, 


•2, 


■ 1, 


11, 


•7, 




5, -5, 12, 


1, 


'9, 


•3, 


•7, 


14, 


•3, 


10, 


0, 


• 0, 


•5, 


•6, 


•0, 


13 


} 



**************: 



******************* 



DES CODE 



******* 



********** 



EncryptDES: Encrypt a block using DES. Set verbose for debugging info. 
(This loop does both loops on the "DES Encryption" page of the flowchart.) 

void Enc rypt DES ( boo I keyC56D, bool ou t B I kL~ 64 ] , bool inBlkL64], int verbose) { 
int i, round; 

bool RC32], L[32], foutC32]; 
bool roundKeyC563; 



EnableDumpBin = verbose; /* set debugging on/off flag */ 

DumpBin("input(left)", inBlk+32, 32); 
DumpBin("input(right)", inBlk, 32); 
DumpBin("raw key (Left )", key+28, 28); 
DumpBinC'raw key(right)", key, 28); 

/* Compute the first roundkey by performing PC1 */ 
ComputeRoundKey(roundKey, key); 

DumpBin("roundKey(D", roundKey + 28, 28); 
DumpBin("roundKey(R)", roundKey, 28); 

/* Compute the initial permutation and divide the result into L and R */ 



Chapter 7: Chip Simulator Source Code 



7-11 



— e2ca 0004f 895f ba80040007 Page 4 of des.c 



d8d1a8 
c8af 5a 
b277ba 
4b7699 
56af 5a 
44f 437 
d221bf 
5f91a0 
aa8034 
ec8117 
d8af 5a 
f27f c3 
3ec8ba 
031467 
9650e7 
dd3cd7 
3f 1bd4 
8baf 5a 
2a033b 
73d969 
1054e7 
834739 
eaa9e6 
a ca 5a b 
92af 5a 
8f68b4 
c2af 5a 
a5a140 
9da063 
0c21bf 
ee4514 
bedf 1c 
39af 5a 
f08e68 
7baf 5a 
a7370b 
e3cf94 
668b91 
a4f675 
f fefe6 
bbaf 5a 
64af 5a 
1faf 5a 
2638e5 
c19b68 
83a5c7 
7e495d 
c36de8 
c02b1 c 
a89aa1 
52bfaf 
87af 5a 
6e94e2 
e2cb2a 
ef8fb2 
340a8e 
ed5585 
9faf 5a 
3ac1be 
20b264 
a fa f 5a 
c595d4 
c90a5f 
f4af 5a 
311340 
03d1a8 
a8af 5a 
c277ba 
2f7699 
a6a f 5a 
1bf437 
4f21bf 



ComputeIP(L, R, inBlk); 

DumpBinC after IP(D" 
DumpBinC after IP(R)" 



32); 
32); 



for (round = 0; round < 16; round + +) -C 
if (verbose) 

•*printf(" BEGIN ENCRYPT ROUND %d 

DumpBin(" round start(L)", L, 32); 
DumpBin(" round start(R)", R, 32); 



\n", round) 



/* Rotate roundKey halves Left once or twice (depending on round) 

RotateRoundKeyLeft ( roundKey ) ; 

if (round != && round != 1 && round != 8 && round != 15) 

• • RotateRoundKeyLeft(roundKey); 

DumpBinC roundKey(L)", roundKey+28, 28); 

DumpBin("roundKey(R)", roundKey, 28); 

/* Compute f(R, roundKey) and excLusive-OR onto the value in L */ 

ComputeF(fout, R , roundKey); 

DumpBin("f(R,key)", fout, 32); 

for (i = 0; i < 32; i++) 

• • L [ i ] A = foutCi]; 

DumpBin("L A f (R,key)", L, 32); 



Exchange-L_and-R(L,R); 

DumpBin(" round end(D", L, 
DumpBin(" round end(R)", R 
if (verbose) 



p r i n t f ( 



Exchange_L_and_R(L,R) 



32); 
32); 

END ROUND Xd 



round ) 



/* Combine L and R then compute the final permutation */ 

ComputeFP(outBlk,L,R); 

DumpBinC FP out( left)", outBlk+32, 32); 

DumpBinC FP out(right)", out B Ik, 32); 



/ 

voi 
i 

b 
b 

E 
D 
D 
D 
D 

/ 

C 

D 
D 

/ 

C 

D 
D 



•DecryptDES: Decrypt a block using DES. Set verbose for debugging info. 
•(This loop does both loops on the "DES Decryption" page of the flowchart.) 

d Dec rypt DES(boo I keyC56], bool ou t B I k [ 64 ] , bool inBlkE64], int verbose) { 

nt i , round; 

ool Rr.32], LH32], foutC32]; 

ool roundKeyC56H; 



nableDumpBin = verbose; 

umpBinCinput(left)", inBlk + 32, 32); 
umpBinCinput(right)", inBlk, 32); 
umpBin("raw key (left )", key+28, 28); 
umpBin("raw key(right)", key, 28); 

* Compute the first roundkey by performing PC1 */ 
omputeRoundKey(roundKey, key); 



set debugging on/off flag 



umpBinCroundKey(L) 
umpBin("roundKey(R) 



roundKey+28, 28); 
roundKey, 28); 



* Compute the initial permutation and divide the result into L and R */ 
omputeIP(L, R, inBlk) ; 



umpBinC after IP(L) 
umpBi n ( "after IP(R) 



L, 32); 
R, 32); 



or (round = 0; round < 16; round + + ) -C 
•if (verbose) 



7-12 



Chapter 7: Chip Simulator Source Code 



4cd6 000642b0cd1 80040007 Page 5 of des.c 



db2cb4 
908034 
a48117 
c5af 5a 
3d033b 
b5d969 
5d54e7 
C84739 
d5a9e6 
5ba5ab 
b2af 5a 
f a68b4 
18af 5a 
f 3c90d 
6e48f 3 
7f 1bd4 
90f 5db 
871 Iff 
ba7c23 
5baf 5a 
69a140 
c6a063 
f621bf 
784514 
23df 1c 
30af 5a 
ec8e68 
f 5af 5a 
f 5370b 
f 5cf94 
8d8b91 
94f675 
e f e f e6 
3daf 5a 
dea f 5a 
41af 5a 
f c38e5 
4b8d8b 
c1495d 
3e988e 
9e17e0 
60af 5a 
f9815b 
70d64b 
54ef e6 
24af 5a 
8caf 5a 
daa f 5a 
1b38e5 
8155cb 
44495d 
737d60 
cf483e 
7217e0 
c7af 5a 
0f f 689 
83f e1b 
9c300b 
95575a 
0b3242 
aadf 1 c 
bc7b9f 
b3cf9d 
51ef e6 
f baf 5a 
5 ca f 5a 
51af 5a 
0c38e5 
3bc6ad 
87495d 
57b26c 
64483e 



■■ppintfC BEGIN DECRYPT ROUND %d 

DumpBinC "round startCD", L, 32); 
DumpBinC "round start(R)", R, 32); 



\n", round) 



/* Compute fCR, roundKey) and excLusive-OR onto the value in L */ 

ComputeFCfout, R , roundKey); 

DumpBinC "fCR, key)", fout, 32); 

for (i = 0; i < 32; i++) 

• • L C i ] A = foutCi]; 

DumpBinC "L A fCR, key)", L, 32); 

Exchange-L_and_RCL,R); 

/* Rotate roundKey halves right once or twice (depending on round) */ 

DumpBinC "roundKey(L)", roundKey+28, 28); •/* show keys before shift */ 

DumpBinC "roundKeyCR)", roundKey, 28); 

RotateRoundKeyRightCroundKey); 

if (round != SS round != 7 && round != 14 && round != 15) 

■ ■ RotateRoundKeyRightCroundKey); 



DumpBinC "round end CD" 
DumpBinC "round endCR)" 
if (verbose) 
- • pr i n t f C " 



32); 
32); 

END ROUND %d 



round ) 



Exchange-L_and_R(L,R); 

/* Combine L and R then compute the final permutation */ 

ComputeFPCoutBlk,L,R); 

DumpBinC'FP out( left)", outBlk+32, 32); 

DumpBinC "FP outCright)", outBlk, 32); 



•* • Compu t eRoundKey : Compute PC1 on the key and store the result in roundKey 

• */ 

static void Compu t e RoundKey C boo I roundKey I 5 6 ] , bool keyC56D) -C 

■ • i n t i ; 

-•for Ci = 0; i < 56; i++) 
••••roundKeyHtable-DES-PCIIIiin = keyCiH; 



• Rot a t eRoundKey Lef t : Rotate each of the halves of roundKey left one bit 
I 

static void Rot a t eRoundKey Le f t C boo I roundKey C 56 ] ) i 
boo I t empl , t emp2; 
i n t i ; 

tempi = roundKeyC27D; 

temp2 = roundKeyC55D; 

for Ci = 27; i >= 1; i--) C 

••roundKeytiD = roundKeyti-1]; 

- ■ roundKey[i+28] = roundKey C i +28-1 ] ; 

} 

roundKeyC 0] = tempi; 

roundKeyC28] = temp2; 



•* • Rota t eRoundKeyRi gh t : Rotate each of the halves of roundKey right one bit 

• */ 

static void Rot a t e RoundKey R i g h t C boo I roundKey C 56 1 ) { 

••bool tempi, temp2; 



Chapter 7: Chip Simulator Source Code 



7-13 



20a0 000e89a59d480040007 Page 6 of des.c 



eb17e0 
71af 5a 
085025 
754548 
78e568 
806cc2 
fd09da 
ddf 1c 
d5a88d 
365d11 
29ef e6 
5daf 5a 
45af 5a 
d8af 5a 
2f 38e5 
022903 
f b495d 
f ca c44 
826085 
f917e0 
bdaf 5a 
81 aeaf 
71f9a6 
466406 
a8c750 
0aaf 5a 
af0318 
54f9a6 
b8ba85 
5b0368 
67f 2b8 
50842c 
7970b5 
22df 1c 
04ef e6 
46af 5a 
c0af 5a 
96af 5a 
6a38e5 
d84f f e 
65495d 
9893a5 
ee42e9 
0b17e0 
0f af 5a 
056c41 
30f9a6 
836406 
5a8397 
4caf 5a 
97aeaf 
1cf9a6 
e16406 
f be116 
c4ef e6 
3baf 5a 
13af 5a 
b9af 5a 
a438e5 
33810f 
14495d 
af2720 
a9f6a2 
51bbe6 
23af 5a 
291a04 
a599d7 
f 1f0ba 
81af 5a 
7c93f f 
f 17840 
e8d717 



i n t i ; 

tempi = roundKeyC0]; 

temp2 = roundKeyC28]; 

for (i = 0; i < 27; i++) { 

••roundKeyCi] = roundKeyCi+1]; 

• • roundKeyCi+28] = roundKeyC i +28+1 1 

> 

roundKeyC27] = tempi; 

roundKeyC55] = t e m p 2 ; 



ComputelP: Compute the initial permutation and split into L and R halves. 

static void Compu t e I P ( boo I LC32], bool RC32], bool inBlkC64]) { 
bool outputC64]; 
i n t i ; 

/ * Permute 

■ */ 

for (i = 63; i >= 0; i — ) 
••outputCtable-DES-IPCi]] = i n B I k C i ] ; 

/* Split into R and L. -Bits 63.-32 go in L , bits 31. .0 go in R. 

■ */ 

for (i = 63; i >= 0; i — ) { 

- • if (i >= 32) 

• L C i - 3 2 D = outputCi] ; 

• -else 

• • - • R C i ] = outputCi]; 
> 



ComputeFP: Combine the L and R halves and do the final permutation 

static void Compu t e FP ( boo I outBlkC64], bool LC32], bool RC32]) -C 
bool inputC64]; 
i n t i ; 

/* Combine L and R into inputC64] 

■ */ 

for (i = 63; i >= 0; i — ) 

••inputCi] = (i >= 32) ? LUi - 32] : RCi]; 

/* Permute 

• */ 

for (i = 63; i >= 0; i--) 

••outBlkCtable-DES-FPM]] = inputCi]; 



■ComputeF: Compute the DES f function and store the result in fout 

static void Compu t e F ( boo I foutC32], bool RC32], bool roundKeyC 56] ) i 
bool expandedBlockC48], subkeyC48], soutC32]; 
i n t i , k ; 

/* Expand R into 48 bits using the E expansion */ 
ComputeExpansionE(expandedBlock, R); 
DumpBinC" expanded E", expandedBlock, 48); 

/* Convert the roundKey into the subkey using PC2 */ 
ComputePC2(subkey, roundKey); 
DumpBinC "subkey", subkey, 48); 



7-14 



Chapter 7: Chip Simulator Source Code 



--4509 0001 cf 13c2680040007 Page 7 of des.c 



e0a f 5a 
c3154c 
adf cab 
4f 651 2 
c0af 5a 
870740 
1d25c6 
6585c7 
f 8af 5a 
b3f d35 
e92d52 
deefe6 
3baf 5a 
25af 5a 
0f af 5a 
8438e5 
00913f 
25495d 
0bf 410 
5a17e0 
b6af 5a 
95339a 
347688 
57ef e6 
80af 5a 
67af 5a 
75af 5a 
e638e5 
2a859b 
2e495d 
59a67e 
d0f 3da 
3daf5a 
261a9e 
e2f ccb 
468c1a 
1 caf 5a 
a64a3e 
a2b706 
eea f 5a 
df 8aed 
529a60 
2c6ae c 
a4f487 
208c7f 
27ef e6 
dca f 5a 
d8af 5a 
f4af 5a 
5938e5 
9781cc 
a8495d 
07796f 
ea17e0 
2faf 5a 
64f cab 
c3c8bc 
f 8ef e6 
89af 5a 
4eaf 5a 
8eaf 5a 
3b38e5 
7a459d 
89495d 
89b46d 
bf 17e0 
94af 5a 
79f cab 
d9b971 
8f ef e6 
9daf 5a 
1caf5a 



/* XOR the subkey onto the expanded block */ 
for (i = 0; i < 48; i++) 
-•expandedBlockCi] A = subkeyCi]; 

/* Divide expandedB I o c k into 6-bit chunks and do S table Lookups */ 

for (k = 0; k < 8; k++) 

■ ■ ComputeS-Lookup(k, sout+4*k, expandedBLock+6*k); 

/* To complete the f() calculation, do permutation P on the S table output */ 
ComputeP(fout, sout); 



•* • ComputeP: Compute the P permutation on the S table outputs 

• */ 

static void Compu t eP ( boo I outputC32H, bool inputC32]) i 

• - i n t i ; 



for (i = 0; i < 32; i++) 
- - output Utable-DES-PCiD] 



inputCi]; 



•Look up a 6-bit input in S table k and store the result as a 4-bit output 
I 

static void Compu t eS-Loo kup ( i n t k, bool outputL"4D, bool inputL"6]) { 
int inputValue, outputValue; 

/* Convert the input bits into an integer */ 

inputValue = inputC0] + 2*inputC1] + 4*input[2D + 8*inputC3] + 

16*inputE4D + 32*inputC5]; 



/* Do the S table lookup */ 

outputValue = table-DES-SEkDCinputValue]; 

/* Convert the result into binary form */ 

output[0] = (outputValue & 1) ? 1 

outputd] = (outputValue & 2) ? 1 

outputC2] = (outputValue 8 4) ? 1 

outputC3] = (outputValue & 8) ? 1 



/* 



ComputePC2: Map a 56-bit round key onto a 48-bit subkey 



static void Compu t ePC 2 ( boo I s ub key [ 48 ] , bool roundKey L" 56 1 ) { 
••int i ; 

••for (i = 0; i < 48; i++) 

••••subkeyCi] = roundKeyCtable^DES^PC2Ci]]; 



•* • Compu t eExpans i onE : Compute the E expansion to prepare to use S tables 
■ */ 

static void Compu t e Expa ns i on E ( boo I expa ndedB I o c k L" 48 ] , bool RC32]) -C 
•■int i ; 

••for (i = 0; i < 48; i++) 
••••expandedBlockCi] = RCtable-DES^ECi]]; 



Chapter 7: Chip Simulator Source Code 



7-15 



— bb13 0016ae66eb080040007 Page 8 of des.c 



e0af 5a 
d338e5 
4cf923 
ba495d 
f 195d1 
3f 17e0 
c2af 5a 
74339a 
19f e8b 
3cefe6 
4f af 5a 
72af 5a 
f eaf 5a 
a438e5 
439231 
52495d 
9cdbd9 
0217e0 
80af 5a 
c98af7 
17b2e5 
4b646c 
a6df 1c 
ada f 5a 
783332 
35f079 
1ac8c3 
1c5f c3 
56eac8 
22de5b 
123177 
9c821f 
72c8c3 
d86b57 
9105d7 
c6f78c 
89fa6f 
e4df 1 c 
56ef e6 
6aa f 5a 



** • Exchange-L-and-R: -Swap L and R 

• */ 

static void Exc hange^L-and^R ( boo L LC32], booL RC32]) i 

' ' i n t i ; 



for (i = 0; i < 32; i++) 

• ■ LCi ] A = RCi ] A = LCi ] A = RCi] 



exchanges LCi] and RCi] 



/ 
sta 



•DumpBin: Display intermediate values if ema b I e DumpB i n is set. 

tic void DumpBinCchar *str, bool *b, int bits) { 
nt i ; 

f ((bits % 4)!=0 J! bits>48) { 

•printf("Bad call to DumpBin (bits > 48 or bit len not a multiple of 4\n") 

• e x i t ( 1 ) ; 



f ( Enab I eDumpBi n ) { 
for (i = strlen(str); i < 14; i++) 

• • p r i n t f ( " " ) ; 
printf("%s: ", str); 

for (i = bits-1; i >= 0; i--) 

• • printf ("%d", bCi]); 

p r i n t f ( " " ) ; 

for (i = bits; i < 48; i++) 

• • p r i n t f ( " " ) ; 
p r i n t f ( " ( " ) ; 

for (i = bits-4; i >= 0; i-=4) 

••printf("%X", bCi]+2*bCi+1]+4*bCi+2]+8*bCi+3]) 

printf(")\n"); 



7-16 Chapter 7: Chip Simulator Source Code 



--e8aa 001 7 f 449f e1 80040008 Page 1 of des.h 

3008c5 typedef char bool; 

d29629 void Enc ry p t DES ( boo I keyE56], boot ou t B I k[64 I! , boot i nB I k£ 64 ] , int verbose) 

2e8db3 void De c ry p t D E S ( boo L keyC56D, boot outBLkC64], boot i nB I kC64 ] , int verbose) 
7f af 5a 



Chapter 7: Chip Simulator Source Code 



7-17 



842b 001 c97af a9d80040009 Page 1 of ecb.scr 



f64ce1 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 11 
fdb9bc A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F30 31 32 33 34 I 
b5f9a7 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 41 
4c9b42 F50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 69 I 
6A 6B 6C 6D 6E 6F70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 83 84I 
•85 86 87 88 89 8A 8B 8C 8D 8E 8F90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 91 
F # A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AFB0 B1 B2 B3 B4 B5 B6 B7 B8 Bl 
9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CFD0 D1 D2 D3 I 
D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED El 
E EFF0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF 
XOR MASK 
Cipher text 
Ciphertext 1 
Plaintext byte mask 
use CBC 
extra XOR 

don't seed PRNG (use this input file) 
starting key 
number of clocks 



57b101 
5c2c39 
4a1c73 
36f c0a 
5b5b61 
ea9439 
829ec4 
b745a7 
642ba4 
658c19 
aa cdad 
f fd84f 
f b5b0d 
332f cc 
769df9 
c9af 5a 



FFFFFFFFFFFFFFFF 



01020304050607 
1 0000 



7-18 



Chapter 7: Chip Simulator Source Code 



--cc30 001 d5e0f 0268004000a Page 1 of mini .scr 



d6f4f1 5 

8ec7a2 8 

f39ec4 

fc10d0 1 

2e6a3f 

8b8c19 

a 1 ed5e 

89d84f 

ad5b0d 1 
6eabc7 
80d03f 
d5af 5a 



C416114B9D1D2D9B2550DF690FA75E798CC26203B1D79EB346229EDADE314B483321AA44BA4233I 
899568FDF85C1A9DEF1DE864EB2EAB4E52D7E075ADAA992D85DBAC85DD3A9A32 
000000000000000 • • • • XOR MASK 

' Ciphertext 

1 Ciphertext 1 

' Plaintext byte mask 

' use CBC 

■ extra XOR 

1 don't seed PRNG (use this input file) 

1 starting key 

•' number of clocks 



23456789ABCDEF0 
102030405060708 



010203040505D5 



Chapter 7: Chip Simulator Source Code 



7-19 



1b19 000748214c28004000b Page 1 of misc.c 



56feb2 
a1 bea3 
a9c737 
79324c 
242bac 
3da50a 
f eaf 5a 
985854 
69af 5a 
1ac502 
d257e7 
1 391 Of 
5e446e 
0ee00d 
2b0986 
5fb70b 
61 f 31 4 
f 5a5c5 
29708e 
f 1560a 
87af 5a 
f3af 5a 
56c502 
6e57e7 
d31f a8 
ad446e 
7c3170 
970e71 
8cc6d6 
ea17e0 
b8af 5a 
f f4264 
18659f 
657454 
89766e 
30b72a 
b053dd 
bc112c 
141bcb 
55f 545 
4a0422 
46af 5a 
f74264 
92ee8b 
267454 
7d766e 
ecb72a 
a11856 
9ea670 
11b657 
8caf 5a 
0d4264 
3c3a0c 
9c7454 
91766e 
34b72a 
211856 
adcf62 
6398f3 
2baf 5a 
cd4264 
31a5d9 
797454 
a6766e 
52b72a 
301856 
eccb49 
b11da6 
05af 5a 
184264 
f5d221 
747454 



//include <stdio.h> 

//include <std I i b . h> 

//include <memory.h> 

//include <string.h> 

# include "des.h" 

//include "misc.h" 

//define VERBOSE 

void Ge t Use r I n f o ( uns i gned char p I a i n t ex t Ve c t o r C 32 ] , • 

unsigned char p I a i n t e x t Xo rMa s k Z 8] , • 

unsigned char c i phe r t ex t 0C8 ] , unsigned char c i phe r t ex t C8] , 

unsigned char *p I a i n t ex t By t eMa s k, int *useCBC, int *extraXor, 

int *quickStart, unsigned char startKeyC7], long *numClocks); 

void i n c remen t 32 ( uns i gned char *v); 

void decrement32(unsigned char * v ) ; 

void desDecrypt (unsigned char mC8D, unsigned char cC8H, unsigned char kC7D) 

void printHexString(char *tag, unsigned char *data, int I e n ) ; 

static void EXIT-ERR(char *s) { fprintf(stderr, s); exitd); > 

int hex2bin(char *hex, unsigned char * b i n ) ; 

void Get Use r Info ( uns i gned char p I a i n t ex t Vec t o r C 32 1 , ■ 

unsigned char p I a i n t ex t XorMa s kC8] , * 

unsigned char c i phe r t ex 1 0E 8H , unsigned char c i phe r t ex t 1 £8 3 , 

unsigned char *p I a i n t ex t By t eMa s k, int *useCBC, int *extraXor, 

int *quickStart, unsigned char startKeyC7], long *numClocks) { 

f f e r C 1 2 4 ] ; 

d char tmpC5123; 



char bu 

unsignei 
int i ; 



//ifdef VERBOSE 

-•printf(" Enter plaintextVector values: "); 

//endi f 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i <= !| i >= 256) 

• • EXIT-ERR ( "Must have at least 1 plaintextVector entry and at most 255. \n") 

memset(plaintextVector, 0, 3 2); 

while ( i -- ) 

'•plaintextVectorCtmpCi]/8] j= (128 >> ( t m p [ i ] % 8)); 



/Hfdef VERBOSE 
•■printf(" **■ 
//endi f 

ge t s ( bu 

i = hex 

i f (i ! 

• ■ EXIT- 

memcpy ( 



Enter plaintext xor mask: ") 



f f e r ) ; 

2bin(buffer, tmp); 

= 8) 

ERR("Must have 8 plaintext xor mask bytes."); 

plaintextXorMask, tmp, 8); 



#ifdef VERBOSE 
■•printf(" ••* 
#endi f 

ge t s ( bu 

i = hex 

if (i ! 

• • EXIT- 

memcpy ( 



//ifdef VE 
• • pr i n t f ( 
//endif 
get s ( bu 
i = hex 
if (i ! 
■ • EXIT- 
memcpy ( 



Enter ciphertext 0: "); 



f f e r ) ; 

2bin(buffer, tmp); 

= 8) 

ERRC'Must have 8 bytes in ciphertext 0.") 

ciphertext0, tmp, 8); 



Enter ciphertext 1: ") 



//ifdef VE 
■ - p r i n t f ( 
//endi f 



f f e r ) ; 

2bin(buffer, tmp); 

= 8) 

ERR("Must have 8 bytes in ciphertext 1."); 

ciphertextl, tmp, 8); 

RBOSE 

" • -Enter plaintext byte mask: "); 



7-20 



Chapter 7: Chip Simulator Source Code 



9cbe 0004b9f 4b098004000b Page 2 of misc.c 



74766e 
82b72a 
8a8448 
b7f706 
6bc2b5 
7a a f 5a 
9d4264 
7d1b21 
f 57454 
56766e 
ea b72 a 
e51 5b9 
b819c6 
68e2c1 
37af 5a 
264264 
7bf965 
887454 
4e766e 
61b72a 
7e15b9 
776c75 
522353 
29af 5a 
a04264 
a7e0e1 
757454 
ce766e 
19b72a 
a015b9 
b12f69 
83bd7b 
91af 5a 
0eaf 5a 
514264 
02c8bf 
187454 
d3766e 
08e684 
f6a5e4 
130ed3 
86af 5a 
5f 4264 
43f4f6 
1c7454 
6f766e 
c677e8 
4b8b81 
d6b093 
6daf 5a 
134264 
db186d 
a4a738 
5df f c6 
b93b57 
99dd31 
72e15b 
2b2f 30 
6817dc 
5f 1535 
157214 
517454 
ebe f e6 
7caf 5a 
25af 5a 
020b42 
f ae2f 8 
c7ab75 
74b31a 
584058 
9bef e6 
4baf 5a 



gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i != 1 ) 

••EXIT-ERR(" Plaintext byte mask is 1 byte long."); 

*plaintextByteMask = t m p C ] ; 



Enter useCBC (0 or 1) 



#ifdef VERBOSE 
• • p r i n t f ( " • - • 
#endi f 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i != 1 | | tmp[0] > 1 ) 

• • EXIT-ERRC'Must enter or 1 for useCBC 

*useCBC = tmpC0]; 



#ifdef VERBOSE 

••printf(" *'*'Enter extraXor ( 

#endif 

gets(buffer); 

i = h ex2b i n ( bu f f e r , tmp); 

if (i != 1 | | tmpC0] > 1 ) 

- • EXIT-ERR("Must enter or 1 

*extraXor = t m p C ] ; 



1 ) 



for extraXor."); 



#ifdef VERBOSE 

• ■ printf (" --Enter quickStart (0 or 1): "); 

#endi f 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if ( i ! = 1 | | tmpC0] > 1 ) 

••EXIT~ERR("Must enter or 1 for quickStart\n"); 

*quickStart = t m p [ II ; 



Enter starting key 



); 



#ifdef VERBOSE 

--printfC" 

#endi f 

* * gets(buffer); 

•■if ( hex2b i n ( bu f f e r , tmp) != 7) 

• ■ • • EXIT^ERR( "Must enter 7 hex bytes as the key.Xn") 

••memcpy(startKey, tmp, 7); 



#ifdef VERBOSE 

**printf(" Enter number of clocks: "); 

#endi f 

••gets(buffer); 

• • sscanf (buffer, "%ld", numClocks); 

■•if (*numClocks < 1 || *numClocks > 1000000000L) 

•••■EXIT-ERRC'Must have between 1 and 1 billion clocks. \n") 



//ifdef VERBOSE 

printHexString("\n -PtxtVector 

pri ntHexSt r i ng ( " PtxtXorMask = 

printHexString("Ciphertext = 

printHexString("Ciphertext 1 = 

pri ntHexS t ri ng ( "PtxtBy t eMask = 

printfC " useCBC = 

printfC " '-'extraXor = 

printf( " -quickStart = 

printHexString(" Starting key = 

printfC "Total clocks = 

#endif 

} 



= ", plaintext 
" , plaintextXo 
", ciphertext0 
", ciphertextl 
" , plaintext By 
%d\n", *useCBC 
%d\n", *extraX 
%d\n", *quickS 
", startKey, 7 
%ld\n\n", *num 



Vector, 


32) 


rflask. 


8) ; 


, 8); 




, 8); 




teMask, 


1 ); 


); 




or); 




tart); 




); 




Clocks) 


; 



void i nc remen t 32 ( un s i gned char *v) 
■ • if ((++(vC3D)) == 0) 
- • • • if ((++(vC2D)) == 0) 

if ((++(vC*m> == 0) 

+ + v C D ; 

} 



Chapter 7: Chip Simulator Source Code 



7-21 



■0a18 0005d5aab61 8004000b Page 3 of misc.c 



e45411 
0dc266 
b2dbd7 
f033f c 
2a3c05 
d8ef e6 
ada f 5a 
e6bc23 
15f65b 
f d17e0 
68af 5a 
54ec0c 
4cf 514 
f8af 5a 
13815b 
ae9345 
f 35c33 
1 0e5ed 
eac59d 
5b1f76 
6f452e 
f 55c33 
fa7511 
59f e29 
f 2af 5a 
04641 f 
b8af 5a 
43ef e6 
17af 5a 
e5af 5a 
30c2bf 
bc53c4 
1603d6 
8d8db1 
480ada 
3449e3 
28a66f 
c712d4 
2eef e6 
85af 5a 
46af 5a 
ed4579 
53c22f 
876a41 
efaf 5a 
598ef6 
b08b28 
c252e6 
1ba3ed 
7760d1 
e7a6e 5 
7c2462 
aba f 5a 
5a1 f 4a 
6a8e69 
f ed278 
09df 1c 
4baf 5a 
4f 1f4a 
d f 5b0 
2f 5f6a 
26643e 
567935 
dbc028 
195f6a 
8b6fe7 
3fe16f 
a78539 
ea6fe7 
efdf 1c 
68c1d2 
5def e6 



void dec rement 32 ( uns i gned char *v) { 

• - if (((vC3D>— -> == 0) 

• ■ • • if C((vC23) — ) == 0) 

if (((vUIl)--) == 0) 

vC0] — ; 



void 
• • boo 
■ • i nt 



for 
• ■ k 
for 



Dec 
for 



for 
* • i 



des 
I k 

i ; 

r i n 

rin 

(i 
eyC 

(i 
ess 
ryp 

(i 
Ci] 

(i 
f ( 
■mC 



De c rypt ( un s i gned char mC8], unsigned char cL"8D, unsigned char k C 7 H ) { 
e y [ 5 6 ] , messageC64D; 



tf ("DES~DECRYPT(k = ") 
tf(", c="); for (i=0 



for (i=0; i<7;i++) pr i n t f ( " %02X " , kC i 1 ) ; •//!!! 
i<8;i++) printf ("%02X",cCi]>; //!!! 



= 0; i < 56; i++) 
55-i] = ((kCi/8D << (i & 7)) & 128) ? 1 

= 0; i < 64; i++) 
age[63-i] = ((cCi/8] << (i S 7)) 8 128) 
tDESCkey, message, message, ) ; 

= 0; i < 8; i++) 



= 0; i < 64; i++) 
message C63-i ] ) 
i/83 |= 128 >> <i%8); 



printf( ") = "); for (i 



i<8;i++) printf ("%02X",m:i 3); pr i n t f ( " \ n " ) ; //!!! 



nt unhex(char c) -C 
if (c >= '0 ' i 
••return (c - 
if ( c >= ' a ' ! 
••return (c - 
if (c >= 'A' I 
••return (c - 
return ( - 1 ) ; 



,8 c <= '9' ) 

* ' ) ; 
,8 c <= ' f ' ) 

' a ' + 10); 



C < = 



F' ) 



+ 10); 



hex2bin(char *hex, unsigned char *bin) { 
nt i = 0; 
nt j = 0; 

* Trim string if comments present */ 

f (strchr(hex, ' tt • ) != NULL) 

•*strchr(hex, '#') = 0; 

f (strchr(hex, ■*•) != NULL) 

•*strchr(hex, '*') = 0; 

f (strchr(hex, ' \ ■ ■ ) != NULL) 

•*strchr(hex, ' \ ' • ) = 0; 

or (i = 0; i < strlen(hex); i++) { 

•if (hexCi] >= '0' 88 unhex ( hex C i ] ) < 0) 

•••EXIT„ERR("Bad hex digit encountered. \n") 



or (i = 0; i < strlen(hex); i + + ) { 
if (hexCi D < '0 1 ) 

• • continue; 

if (hexCiD >= '0' 88 hexCi+1] >= '0') { 
• • bi nC j ++] = unhex ( hexC i ] )*1 6+unhex( hexC i +1 ] ) 
••i++; •••// skip one 

• • continue; 
> 

if (hexCi] >= '0' ) { 
••binCj++] = unhex ( hexC i D ) ; 
> 

> 

return (j); 



7-22 Chapter 7: Chip Simulator Source Code 



--3c7b 001 4804ceb88004000b Page 4 of misc.c 

e0a f 5a 

1 aa f 5a 

027b71 void p r i n t Hex S t r i ng ( c ha r *tag, unsigned char *data, int Len) { 

aa17e0 --int i ; 

20af 5a 

469650 •■printf("%s", tag); 

526c12 • -for (i = 0; i < Len; i++) 

21cd57 •-••printf("%02X", dataCi]); 

bafee8 ••printf("\n"); 

b6efe6 > 

48af 5a 



Chapter 7: Chip Simulator Source Code 7-23 



--77c4 001029468f d8004000c Page 1 of m i s c . h 

e0af 5a 

32c502 void Ge t U s e r I n f o ( un s i gned char p I a i n t ex t Vec t o r C 32 ] , * 

6657e7 unsigned char p I a i n t ex t Xo rMa s k C8] , * 

e5910f unsigned char c i phe r t ex 1 0C8D , unsigned char c i phe r t ex t C 81 , 

4c446e unsigned char *p L a i n t ex t By t eMa s k, int *useCBC, int *extraXor, 

25e00d int *quickStart, unsigned char startKeyC7D, Long *numCLocks); 

560986 void increment32(unsigned char *v); 

edb70b void decrement32(unsigned char *v); 

4cf314 void de s De c ry p t ( un s i gned char mC8], unsigned char cC8], unsigned char kC7D) 

fea5c5 void printHexString(char *tag, unsigned char *data, int Len); 

f9560a int hex2bin(char *hex, unsigned char *bin); 

02af 5a 



7-24 



Chapter 7: Chip Simulator Source Code 



•91c4 001 d95d620a8004000d Page 1 of random. scr 



1b9f 56 
4e9ec4 
c4327c 
892ba4 
918c19 
05ed5e 
37d84f 
260627 
63a481 
8bd03f 
d9af 5a 



XOR MASK 
Ciphertext 
Cipher-text 1 
Plaintext byte mask 
use CBC 
extra XOR 

random vector (0=seed with timer, 1=use input, 
starting key 
number of clocks 



>1=seed) 






Chapter 7: Chip Simulator Source Code 



7-25 



--0289 00031 7 f 1 1 1 e8004000e Page 1 of ref.c 



56feb2 
a 1 bea 3 
a9c737 
79324c 
242bac 
3da50a 
f eaf 5a 
e7f8b5 
d8af 5a 
7a4525 
c46e85 
8787d4 
4357e7 
d31f a8 
7d5e1b 
64af 5a 
57a2c4 
2b7ab8 
776f32 
01ed17 
52e93c 
37b1b4 
36c9d8 
38e13a 
948520 
ac5ec8 
d7af 5a 
8a50e3 
8fd756 
47ab3c 
2aa f 5a 
7f ee44 
dea2d3 
22beb4 
08c578 
ab91 ec 
5320a7 
3e6f e7 
71ddad 
96df 1c 
a ee f e6 
8caf 5a 
00af 5a 
d287d4 
5c57e7 
381fa8 
5f4479 
3c0a0b 
1417e0 
d4af 5a 
a4f 09d 
26835d 
188cf0 
d849c7 
24667c 
0bd985 
db406b 
f2e248 
607ba6 
7cdf 1c 
bb1f76 
45e88c 
17af 5a 
c64534 
b53498 
96553a 
6dda88 
ead221 
37952a 
af 2ad3 
b6b33d 
31111e 



//include <stdi o . h> 

#inc Lude <std L i b . h> 

//include <memory.h> 

//include <string.h> 

//include "des.h" 

//include "misc.h" 

//define C LOCKS-PER-DES 18 

int p la i ntex tMa t ch ( uns i gned char p I a i n t ex t Vec to r C32 ] , unsigned char mC8], 

unsigned char plaintextByteMask, int ciphertext, unsigned char key£7D) 

void chec kKey ( uns i gned char keyC7], unsigned char p I a i n t ex t Vec t o r C 32 ] , • 

unsigned char p I a i n t ex t Xo rMa s kC8] , - 

unsigned char c i phe r t ex 1 0C 8 ] , unsigned char c i phe r t ex 1 1 C8 ] , 

unsigned char plaintextByteMask, int useCBC, int extraXor); 

void main(void) { 

unsigned char startKeyC7], plaintextVector[32]; 

unsigned char plaintextXorMaskC8]; 

unsigned char ciphertext0C8]; 

unsigned char ciphertextl C8D; 

unsigned char plaintextByteMask; 

int useCBC, extraXor, quickStart; 

int i , j ; 

long numClocks; 

unsigned char k e y C 7 D ; 

Ge tUse r Inf o ( p I a i n t ex t Vec tor , p I a i n t ex t Xo rMa s k, ciphertext0, c i phe r t ex 1 1 , * 

Sp la i ntextBy teMask, &useCBC, SextraXor, SquickStart, startKey, 

SnumClocks); 



for (i = 0; i < numClocks; i += C LOCKS-PE R-DES ) { 
for (j = 0; j < 24; j++) { 
memcpyCkey, startKey, 8 ) ; 
keyC0] += j; 

c he c kKey ( key , p I a i n t e x t Ve c t o r , p la i n t ex t Xo rMa s k, ciphertext0, 
••••ciphertextl, plaintextByteMask, useCBC, extraXor); 



increment32(startKey+3); 



d c hec kKey ( uns i gned char keyC7], unsigned char p I a i n t ex t Ve c t or C 32 1 , 

unsigned char p I a i n t ex t Xo r Ma s kC8 ] , • 

unsigned char c i phe r t ex 1 0C8D , unsigned char c i phe r t ex 1 1 C8 ] , 

unsigned char plaintextByteMask, int useCBC, int extraXor) -C 

unsigned char mC8D; 
int i ; 



des 
pri 
pri 
pri 

f 



} 

for 



Decrypt(m, ciphertext0, key); 
ntf ("DES-decrypt (K="); for (i 



ntf(", C0=" 
ntf(") -> " 
(extraXor) 
[0] A = mC4: 

m: A = m:5: 

C2] A = mlI6] 
C3] A = mlI7] 



for 
for 



(i = 
(i = 



= 0; i < 7; i++) pr i n t f ( " %02X" , keyCi]); 
8; i++) printf("%02X", ciphertext0Ci]); 
8; i++) printf("%02X", mCi]); printf("\n 



(i = 
Hi] A = 



I ; i < 8 ; i + + ) 
plaintextXorMaskM ], 



f (plaintextMatch(plaintextVector, 
desDecrypt(m, ciphertextl, key); 
pr i nt f ( "DES_dec rypt (K=" ) ; for (i 



p r i n t f ( " , C 1 =" ) ; 

printfC) -> "); 
if (extraXor) { 
••mC0] A = mC4], 
• -mClD A = m:5], 
• -m[2] A = mC6:, 



for (i 
for (i 



plaintextByteMask, 0, key)) i 

; i < 7; i++) pr i n t f ( " %02X" , keyCi]); 
i++) printf("%02X", ciphertextlCiD); 
i++) printf("%02X", mCill); printf("\n' 



7-26 



Chapter 7: Chip Simulator Source Code 



— 62a0 01 

4c88f 
5b6f e7 
5b662a 
429494 
e1 f3f9 
2b6f e7 
10e5be 
5246f f 
059a8a 
c22526 
3f 44d0 
0f 5501 
736f el 
6adf 1 c 
19ef e6 
81af 5a 
01af 5a 
004525 
8aa762 
b817e0 
f Oaf 5a 
068715 
c585ef 
388e03 
b98ec8 
d65f6a 
854210 
13df1c 
cea f 5a 
957381 
2daec4 
80dac3 
b461e2 
021f76 
6511eb 
b7fee8 
93af 5a 
35ec77 
bdaec4 
5f edd0 
d29064 
371f76 
d7651e 
96c77e 
10af 5a 
e0d4d1 
d9ef e6 
a1 af 5a 
8aaf 5a 



8ac4c1 498004000e Page 2 of ref.c 
mC3D A = mC71; 



f (useCBC) { 

•for (i = 0; i < 8; i++) 

• • • m L" i ] A = ciphertextOCi]; 

f ( p La i nt ext Ma t ch ( p I a i n t ex t Vec to r, m, p I a i n t ex t By t eMa s k, 1, key)) { 

printfC VALID MATCH \ n " ) ; 

fprintf(stderr, "Match found at key ="); 
for (i = 0; i < 7; i++) 
••fprintf(stderr, " % 2 X " , k e y [ i ] ) ; 
fprintf(stderr, " \ n " ) ; 



nt p L a i n t ex t Ma t ch ( uns i gned char p I a i n t ex t Ve c t o r L" 32 ] , unsigned char mC8], 

unsigned char p I a i n t ex t By t eMa s k, int ciphertext, unsigned char keyC7]) { 

i n t i ; 

for (i = 0; i < 8; i++) { 

if ( (pLaintextByteMask S (128>>i)) == 1) 

••continue; ••/* this byte is skipped */ 

if (plaintextVectortmCi 1/82 & (128 >> ( mL" i : %8 ) ) ) 

• • continue; 

return (0); /* no match */ 

} 

printf (" Match of C%d with key ", ciphertext); 

for ( i = ; i < 7 ; i + + ) 

••printf("%02X", keyCi]); 

p r i n t f ( " = " ) ; 

for (i = 0; i < 8; i++) 

• • pri ntf ("%02X" , mM 3); 

printfC" \n"); 

fprintf(stderr, "Match of C%d with key " , ciphertext); 

for (i = 0; i < 7; i++) 

••fprintf(stderr, "%02X", keyCi]); 

fprintf(stderr, " = "); 

for (i = 0; i < 8; i++) 

••fprintf(stderr, "%02X", m C i ] ) ; 

f printf (stderr, "\n"); 

••return (1); 

> 



Chapter 7: Chip Simulator Source Code 



7-27 



c93c 000f 4b51 cf 08004000f Page 1 of sim.c 



8d2d03 
0833b1 
b33dcc 
6a29eb 
4509f c 
5f8aaf 
38caeb 
f74992 
c129eb 
66c755 
8129eb 
f b489b 
a729eb 
126eef 
e329eb 
d97744 
4fbaf4 
6ce429 
3a29eb 
74d8c3 
9daf 5a 
33feb2 
b5bea3 
b8c737 
80324c 
e72bac 
2f bd71 
0aaf 5a 
b051c3 
d6af 5a 
67a99d 
54b42e 
1d7608 
2aa f 5a 
28708e 
62725e 
7f8541 
a060c4 
bb79bd 
9bf453 
f9d39e 
753286 
a 2a c ca 
91cc8b 
b8b1ae 
31af 5a 
34ec7c 
0df ec4 
40af 5a 
6ee4e3 
41e3e4 
710ab3 
cc8af 3 
0c913b 
538181 
c053df 
daa765 
533efd 
4 ce4be 
689e18 
24f67e 
d35f 18 
1 d 1b6 
cb8c2d 
3300ab 
17c6c2 
23af 5a 
11af 5a 
dlaf 5a 
b1a885 
1 aab8b 
f46530 



Software Simulator for DES keysearch ASIC 



•■Written 1998 by Cryptography Research (http://www.cryptography.com) 

and Paul Kocher for the Electronic Frontier Foundation (EFF). ••• 

Placed in the public domain by Cryptography Research and EFF. ••• 

THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK 



IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM 



************: 



******** 



***********; 



******* 



REVISION HISTORY 



Version 1.0: 
Version 1.1: 



Initial version. 

Initial release by Cryptography Research to EFF. 
(Fixed byte/bit ordering notation to match VHDL.) 



******** 



********* 



//include <stdio.h> 

//i nc lude <s td I i b . h> 

//include <memory.h> 

//include <string.h> 

//include "des.h" 

//include "sim.h" 

//define DEBUG 

long getClockCounter(void); 

int peekState(int addr); 

int RunChip(char * i n p u t , FILE *outfile, int useRaw); 

static void EXIT_ERR(char *s) { fprintf(stderr, s); e x i t ( 1 ) 



int *reset, int *boardEn, int *ale, 
*rdb, int *adrsel2, int *allactln, 
* d a t a ) ; 



static void pa rse I npu t ( c ha r *input, 

int *adrsel1, int *web, int 

int *addr, int *chipld, int 

static int unhex(char c ) ; 

static void RunClock(void); 

static void desDe c ry pt ( un s i gned char mE8D, unsigned char cC8], 

unsigned char k [ 7 ] ) ; 

static void increment32(unsigned char * n u m ) ; 
static void decrement32(unsigned char *num); 
static void pr i n t Key I nf o ( F I LE *outDev, char ♦preamble, int searchUnit) 



static unsigned char ALLACTIVE-IN = 1 
unsigned char ALLACTIVE-OUT = 0; 



/* not held between calls */ 



unsigned 
unsigned 



unsigned 

unsigned 

unsigned 

int 

unsigned 

unsigned 



char 
char 
long 
• i nt 
char 
char 
char 



1 ; 



unsigned 
unsigned 



unsigned 



char 
char 
• i nt 
char 
char 
i nt 
i nt 
i nt 
char 



STATEC256D; 
SELECTED-CHIP; 
CLOCK-COUNTER 
DES-POSITION; 

W0RKING-CTXTC24*8D; 

W0RKING-PTXTC24*8H; 

RAW-DES-0UTC24*8D; 

W0RKING-KDELTAC24D; 

W0RKING-LAST-SELECT0RC24]; 
W0RKING_NEXT-SELECT0R[24D; 

STARTUP-DELAYC24:; 

THIS-KEYC24*7]; 

NEXT-KEYC24*7]; 

PENDING-UPDATE-ADDR1 = -1 , 
PENDING-UPDATE-ADDR2 = -1, 



PENDING-UPDATE-ADDR3 
MATCHC24D; 



••/* last DES input 

••/* last DES out (for ptxt check) 

••/* raw DES outputs 

••/* key delta (-1, 0, or +1) ■■■• 
••/* last ciphertext selector •■•• 
••/* next ciphertext selector ■•-• 

••/* startup delay ••* •-• 

• • /* current DES key 

• • /* next DES key 

PENDING-UPDATE-DATA1 = -1; 
PENDING-UPDATE-DATA2 = -1; 



1, PENDING-UPDATE-DATA3 



1 ; 



static void rese t C h i p ( vo i d ) i 

■ ■ memset(STATE, 0, s i z eo f ( ST ATE ) ) 

■•SELECTED-CHIP = 0; 



/* RESET 



7-28 



Chapter 7: Chip Simulator Source Code 



•ba12 0009cc27d6a8004000f Page 2 of s i m . c 



417126 
9f a8d9 
e2ae80 
b5af b1 
677ba0 
d e6c6 
c48102 
699bcb 
8f3fe2 
849161 
850ce5 
c98635 
28078a 
4f 19ae 
49efe6 
52af 5a 
04af 5a 
51a5b0 
8eb11d 
7eef e6 
85af 5a 
98af 5a 
5f22bd 
c69e96 
78efe6 
c0a f 5a 
7caf 5a 
66664b 
686c17 
ef86d5 
41e13a 
6ea f 5a 
75261a 
29b7df 
4e7493 
30af 5a 
183f 21 
9d58d6 
54b64f 
a281d3 
129df f 
5581d3 
3cbc66 
0081d3 
f a6af 8 
bb80de 
90842c 
21294b 
7302c3 
8781d3 
66d581 
df 81d3 
ebb10b 
7b50c6 
3bda60 
b64b08 
2b22f c 
33d675 
f805d7 
c78561 
44c934 
b2a6a3 
59e0f6 
143237 
545d8e 
977454 
be7fb0 
7342cc 
056a79 
a6b05a 
f 5da60 
9c6fe7 



DES-POSITION = 13; 

memset(WORKING-CTXT, 0, sizeof(WORKING-CTXT)); 

memset ( WORKI NG-PTXT , 0, s i zeof ( WORKI NG-PTXT ) ) ; 

memset ( R A W-D ES-OUT, 0, s i zeof ( R AW-D E S-OUT ) ) ; 

memset(WORKING-KDELTA, 0, sizeof(WORKING-KDELTA)); 

memset (WORKING-LAST-SELECTOR, 1, s i z eo f ( WO RKI NG-L A S T-S E L E C TO R ) ) 

memset (WORKING-NEXT-SELECTOR, 1, s i z eof ( WORKI NG-NEXT-SE LECTOR ) ) 

memset (STARTUP-DELAY, 0, s i z eo f ( ST ARTU P-D E LA Y ) ) ; 

memset(THIS-KEY, 0, s i zeo f ( TH I S-KE Y ) ) ; 

memset (NEXT-KEY, 0, s i z eof ( N E XT-KE Y ) ) ; 

PENDING-UPDATE-ADDR1 = - 1 ; 

PENDING-UPDATE-ADDR2 = - 1 ; 

PENDING-UPDATE-ADDR3 = -1; 

memset(MATCH, 0, sizeof(MATCH)); 



Long ge t C L oc kCoun t e r ( vo i d ) i 
•■return (CLOCK- COUNTER); 

> 



int pee kS t a t e ( i n t addr) { 
• • return ( STATE C add r ]) ; 
> 



nt RunChip(char *input, FILE *outfile, int useRaw) { 
int reset, boardEn, ale, adrseH, web, rdb,adrsel2,allactiveln, addr, chipld, data; 
int dataOut; 
int i , j ; 

pa rse I nput ( i nput , &reset, &boardEn, Sale, BadrseM, &web, 8rdb, 8adrseL2, 

Sallactiveln, Saddr, &chipld, & d a t a ) ; 

ALLACTIVE-IN = (unsigned char)allactiveln; 

dataOut = data; /* default */ 

f (reset == 0) { /* reset? */ 

resetChip(); 
RunClock(); 

> else if (boardEn == 0) i /* board disabled? */ 

R u n C I o c k ( ) ; 

> else if (ale == 1) i /* select chip/board */ 

RunClock(); 

if (adrseH == 1 > 

■■SELECTED-CHIP = (unsigned char)addr; 

else 

••{ /* board select done off-chip */ > 

} else if (chipld != SELECTED-CHIP) { /* chipld not ours? */ 

RunClock( ); 

> else if (web == 0) { /* writing register? */ 

R u n C I o c k ( ) ; 

f (addr >= R EG-S E ARC H-KE Y ( ) ) { 

PENDING-UPDATE-ADDR2 = addr; /* key */ 

PENDING-UPDATE-DATA2 = data; 
f (((addr & 7) == 7) && (data S 1) && ( ( ST ATE C add r ] & 1) == 0)) { 

f (CLOCK-COUNTER < 750) 

• STARTUP-DELAYlKaddr - 0x47) / 83 = 21; /* adjust? */ 

Ise { 

■ STARTUP-DELAYlKaddr - 0x47) / 8] = 2* C LOCKS-PER-D E S - D E S-POS I T I ON ; 

■ i f (DES-POSITION >= 15) 

■• -STARTUP- DELAYL"(addr - 0x47) / 8] += CLOCKS-PER-DES; 

/* uncomment for debugging message on halts */ 

•fprintf(stderr," Startup with DES-P0SITI0N=%d in unit %d, delay=%d\n", 

DES-POSITION, (addr-0x47)/8, STARTUP-D E LA Y C ( add r - 0x47) / 8D); 



//end 



else ( 

PENDING-UPDATE-ADDR2 = addr; 

PENDING-UPDATE-DATA2 = data; 



/* other reg */ 






Chapter 7: Chip Simulator Source Code 



7-29 



eb12 000b9c238be8004000f Page 3 of s i m . c 



5be4b8 
e34a99 
2e81d3 
1249d8 
8981d3 
fadf 1c 
eaa f 5a 
671c5c 
123cea 
e1a3f4 
9c6a79 
f e2044 
e9f86f 
01457c 
31e69a 
f f 590a 
91798f 
35555b 
78dc93 
f e00e6 
3054ea 
8305d7 
a8dcd6 
5cad27 
387f b0 
9978b2 
c42b60 
451685 
4515b3 
c2132c 
a6ab83 
ad7fb0 
b67454 
2ca770 
a32b60 
c51f c2 
2c5bf8 
298e7e 
1a4ad8 
8f 7f b0 
017454 
3767a5 
6a42 c c 
22b96e 
e86f e7 
23df 1c 
a3755d 
f 75593 
0cef e6 
d7af 5a 
e7af5a 
d4725e 
ce8541 
746a3d 
a1 17e0 
47af 5a 
c69eb9 
ccda15 
558715 
dc3f7 
93b045 
ddf 1c 
38b959 
70bbf9 
6401b9 
78422f 
fddf 1c 
d4af 5a 
958f 00 
4a25a2 
7c660a 
b92df a 



} else i 

• - da t aOu 

• • RunC Lo 
} else { 

■ • RunCLockC); 
> 



f (rdb == 0) { 
t = STATECaddr], 
c k ( ) ; 



read a register 



if (CLOC 
••if (us 

• • • • f p r i 

• • > else 
• • • • f pr i 



K-CO 
eRa w 
ntf < 

{ 
ntf ( 



R >= 2) { 



for 
• • fo 



(i = 
r (J 
f p r i 
r i nt 
(CL 
f p r i 
se i 
f p r i 
se i 
for 
• -fp 



UNTEI 

) c 

outfile, "%02X %d\n", dataOut, ALLACT I VE-OUT ) ; 

out file, " (Addr: %02X) -(Exp: 00) (Get: %02X) at Cycle: % I d \ n " 
addr, dataOut, CLOCK-COUNTER); 

0; i < 24; i++) { 

= 6; j >= 0; j — ) 
ntf(outfile, "%02X", STATEHREG-SEARCH-KEY(i) + j:]); 
f (out file, " "); 
OCK-COUNTER < 22) 

ntf(outfi le, "0000000000000000"); 
f (CLOCK-COUNTER <= 37) 
ntf(outfile, "094CCE83D677160F"); 

(j = 7; j >= 0; j — ) 

rintf (outf i le, "%02X", R AW-DES-OUT C 8* i + j ] ) ; 



#if 



/* uncomment to print information about the MATCH */ 



static int I a t ch [ 24 ] = -C0, 0, 0, 0, 0, 0, 0, , 0, , 0, 0, ! 

0,0,0,0,0,0,0,0,0,0}; 

N = = 1 ) I a t c h C i 3 = MATCHMH; 
" %d", latchCi]); 



if ( 
f pr i 



DES- 
ntf ( 



POSITI 
ou t f i I 



//end i f 
#i f 



uncomment to print information about NEXT-SELECTOR */ 



#endi f 



static int I a t c h C 24 ] = { 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 1 , 

1, 1,1, 1,1, 1,1, 1,1, 1 > ; 

if (DES-P0SITI0N==1 5) LatchCiD = WO RK I NG-N E XT-S E LE C TOR L" i D ; 
fprintf(outfile, "%d", LatchCi]); 



• -fp 

> 

f pr i 



CLOCK-CO 
return ( 



rintf(outfile, " : Unit%d\n", i) 
ntf(outfile, "\n" >; 



UNTER++; 
dataOut) 



static void pa rse I npu t ( c ha r *input, int *reset, int *boardEn, int *ale 

int *adrsel1, int *web, int *rdb, int *adrsel2, int *allactln, 

int *addr, int *chipld, int *data) -C 

nt i ; 



f (strlen(input) < 17 |j i npu t [ 8 D ! = ' ' jj i npu t C 1 1 1 ! = ' ' | ', 
••EXIT-ERR("Bad input. \n"); 
for (i = 0; i < 8; i++) { 
•if (inputCi] != '0' && inputCi] != '1') 
••* EXIT-ERR ( "Bad input (first 8 digits must be binary. )\n") 

f ( unhex ( i nput C9D ) < jj unhex ( i npu t C 1 ] ) < [j 

unhex( i nput C 1 21 ) < jj unhex ( i npu t C 1 3 D ) < jj 

unhex ( i nput C1 5 ] ) < jj unhex ( i npu t C 1 6] ) < 0) i 

•EXIT-ERR("Bad input (addr, chipld, data must be hex)"); 



inputC14D 



* re se t 
*boa rdEn 
*ale 
*adrse 1 1 



= i nput [0] 

= i nput M ] 

= inputC2] 

= i nput C3H 



7-30 



Chapter 7: Chip Simulator Source Code 



9ad7 00064eb0a748004000f Page 4 of sim.c 



481 1 1b 
71de77 
060751 
dd2b3 
449a0b 
3842c3 
2d9e2a 
0f ef e6 
c0a f 5a 
0caf 5a 
62d93f 
8d8462 
6b53c4 
f 203d6 
2f8db1 
3f 0ada 
a149e3 
86a66f 
0f 12d4 
95efe6 
f4af 5a 
7baf 5a 
1baf 5a 
4f 38e5 
dea850 
89495d 
4442ee 
5c6275 
dd470b 
77af 5a 
9c9101 
84543c 
604f 54 
3a4600 
340ea6 
8e6fe7 
76df 1c 
14af 5a 
586df4 
e94ae1 
8e23cf 
c6d1d 
bd642b 
a0178a 
c9fb5d 
c e346 c 
1e359e 
f40eb7 
a042cc 
f83f33 
b11a90 
f 1af 5a 
dd663d 
b9b83a 
e3472c 
df e9d7 
0f 373c 
4b09f e 
28e722 
3da57c 
a05af 3 
701df 
8bb30b 
cad29b 
de670b 
ee2 e47 
9b3369 
2869ea 
d2b8e7 
ced05d 
4ae9d7 
648f35 



*web = inputC4H- 

*rdb = inputC5D- 

*adrsel2 •= inputC6D- 

*a L Lact In = i nput C7]- 

* a d d r ••••= 16*unhex(inputC9]) + unhex(inputC10D); 

*chipld ■•= 1 6*unhex ( i nput C 1 2D ) + unhex ( i npu t C 1 3 ] ) 

*data ••••= 1 6*unhex ( i nput C 1 5 3 ) + unhex ( i npu t C 1 6 ] ) 



/* 
sta 



Decodes 
tic i n t 
f (c > = 
■ return 
f (c > = 

• return 
f (c > = 

• return 



a hex char or returns 
unhex ( cha r c) -C 



1 if bad 



' f ' ) 
10); 

' F' ) 
10); 



return (-1 ) 



Run the system for one clock cycle and update the state. 

void RunC I oc k ( vo i d ) i 
int i ,j,k,b; 
unsigned char k e y C 7 ] , m [ 8 ] , c £ 8 ] ; 

for (i = 0; i < 24; i++) { 

if (STARTUP-DELAYCi ] > 0) { 

• • STARTUP-DELAYHi ] — ; 

■•if (STARTUP-DELAYCi 1 == 0) 

■•••STARTUP-DELAYCi] = -1; 

> 
> 



/* prevent stop if 1st C0=match 



/* DES CLOCK 5: Plaintext vector result from last DES is ready. */ 
f (DES-POSITION == 5) { 

for (i = 0; i < 24; i++) -C / 

k = ; / 

for (j = 0; j < 8; j++) i / 

b = W0RKING_PTXTC8*i + j]; / 

if (STATECb/8: & (1 << (b%8))) / 

• • k = (k >> 1 ) | 128; / 

else / 

• • k = (k >> 1 ) ! 0; / 



i = search engine 

k = result of byte lookups 

j = byte idx 

b = byte value 

check plaintext vector •-■ 
-■match = load 1 in k msb 



no match 



load into k 



*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 



k |= STATECREG-PTXT-BYTE-MASK]; /* 

MATCHCi] = (unsigned char)((k == 255) ? 1 



set bits where bytemask=1 
: 0); 



|! STARTUP-DELAYCi ] > 0) 
and do C0 next */ 



f ( (STATECREG-SEARCH_STATUS( i )] S 1) = = 
/* If search not active, key delta = 
WORKING-KDELTAti] = 0; 
WORKING-NEXT-SELECTORM] = 1; 
else if (k != 0xFF || ( STAT E C REG-S E ARC H-STATUS ( i ) 1 S 2) || 

STARTUP-DELAYCi ] < 0) { 

/* If no match or CURRENTLY doing C1 or first DES result, 

•* * * • • key delta = 1 and do C0 next. 

■ */ 

WORKING-KDELTACi] = 1; 

WORKING-NEXT-SELECTORCi] = 0; 

if (k==0xFF) 

••printKeyInfo(stderr, "ALERT: Skip match while doing C1 ", i); 

if (k == 0xFF && STARTUP-DELAYCi ] < 0) 

••printKeylnfoCstderr, "ALERT: •••(C1 above is startup phantom.) 

else if (WORKING-LAST-SELECTORCi ] == 0) { 

/* If doing C0 and got a match from C0, back up and do C1 */ 

WORKING-KDELTACi] = -1; 

WORKING^NEXT-SELECTORHi: = 1; 

printKeyInfo(stderr, "ALERT: Match C0; will backup for C1 ", i); 



i >; 






Chapter 7: Chip Simulator Source Code 



7-31 



0c27 000479329b38004000f Page 5 of sim.c 



6c c f c7 
8a2ce9 
b22aaa 
62472c 
1be9d7 
dd98d4 
ea42 c c 
8eb3e1 
5ece10 
326f e7 
cedf 1 c 
aea f 5 a 
C03071 
fa2135 
ccc53f 
ef7e92 
136fe7 
8adf 1c 
d0af 5a 
018f cd 
77ea42 
6b2135 
7aa f 5a 
d9c284 
8502ce 
9e22c0 
77b37c 
a3c c f b 
0d481 f 
481503 
7d3bd1 
a60d03 
b042cc 
20af 5a 
84b9ef 
025020 
f e6d21 
ceada9 
6615de 
1542cc 
ea89a7 
cd6b8a 
265511 
6800b2 
78cbdc 
3aabf 4 
36609a 
353539 
5f3c97 
4d5d4c 
9af c9c 
b784fd 
8c4de8 
3605d1 
dcc5c9 
8995a3 
6c55bb 
81 1d82 
33dd9a 
637fb0 
e942cc 
1 aa f 5a 
e370b8 
569701 
5ad73b 
25abd6 
8e98a9 
206f e7 
1ddf 1c 
a1 a f 5a 
80cda8 
473b35 



} else { 

/* If doing C0 and got a match from C1, halt */ 
STATE[REG-SEARCH_STATUS(i )3 8= (255-1); 
WORKING-KDELTACi] = ; 
WORKING-NEXT-SELECTORCi 3 = 1; 

printKeylnfoCstderr, "ALERT: Matched CI; halting 
} 

(STARTUP-DELAYM ] < 0) 
ITARTUP-DELAYCi 3++; 



f (DES-POSITION == 15) { 

•for (i = 0; i < 24; i++) { 

• • • memcpy(THIS-KEY+i*7, N EXT-KE Y+ i *7 , 7); 

• • ■ memcpy(NEXT~KEY + i*7, S T AT E + R EG-S E A R C H_KE Y ( i ) , 7); 

• } 
> 

/* END OF DES CYCLE: Extract results */ 
f (DES-POSITION == CLOCKS-PER-DES-1 ) { 
•for (i = 0; i < 24; i++) { 



/* Do the DES decryption */ 

for (j = 0; j < 7; j++) 

--keyCj] = THIS-KEYCi*7+(6-j)], 

for (j = 0; j < 8; j++) 

••cllj3 = W0RKING-CTXTH8*i+7-j 3, 

desDecryptCm, c , key); 

for (j = 0; j < 8; j++) i 

• • W0RKING-PTXTlI8*i+7-j 3 = m [ j 3 , 

■■RAW-DES^OUTC8*i+7-j3 = m C j 3 ; 

} 



f (STA 
• WORKI 
• WORKI 
■ WORKI 
• WORKI 

f ((ST 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
else 
f (S 

■ WOR 

• WOR 

• WOR 

■ WOR 

• WOR 

■ WOR 

• WOR 

• WOR 



TEHREG-SEARCHINF03 & 2) i 

NG_PTXTC8*i+43 A = WO RK I NG-PTXT [ 8* i +0 3 ; 
NG-PTXTC8*i+53 A = WO RK I NG-PTXT C 8* i +1 3 ; 
NG^PTXTC8*i+63 A = WO RK I NG-PTXT [ 8* i +2 3 ; 
NG^PTXTC8*i+73 A = W0RKING-PTXT[8*i+33; 

ATECREG-SEARCH^STATUS( i )3 & 2) == 0) { 



NG-PTXTC8*i+03 
NG-PTXT[8*i+1 3 
N G ~ P T X T [ 8 * i + 2 3 
NG^PTXTC8*i+33 
NG-PTXT[8*i+43 
NG-PTXT[8*i+53 
NG-PTXT[8*i+63 
NG^PTXTC8*i+73 

{ 

TATECREG-SEARCHINF03 & 



1 ) { 



KING-PTXTL8*i+03 
KING-PTXTH8*i+1 3 
KING-PTXT[8*i+23 
KING-PTXTC8*i+33 
KING_PTXTC8*i+43 
K I N G - P T X T C 8 * i + 5 3 
KING-PTXT[I8*i+63 
KING_PTXT[8*i+73 



STATEHREG..CIPHERTEXT0 + 03; 
STATE[REG^CIPHERTEXT0+13; 
STATECREG-CIPHERTEXT0+23; 
STATECREG-CIPHERTEXT0+33; 
STATECREG-CIPHERTEXT0+43; 
STATECREG^CIPHERTEXT0+53; 
STATECREG-CIPHERTEXT0+63; 
STATEHREG-CIPHERTEXT0+73; 



/* Update ciphertext selector (state S last) */ 
WORKING^LAST-SELECTORCi 3 = ( ST AT E [ 0x47+8* i 3 8 2) 

STATEC0x47+8*i 3 8= 0xFD; /* 

if (WORKING-NEXT^SELECTORHi 3) /* 

••STATE[0x47 + 8*i3 j= 2; /* 



/* LAST DES CLOCK: Load in the updated key */ 
if (DES-POSITION == 14) { 



/* if extraXOR 

/* ■ • ■ L = L xo 

/* " 

/* " 

/■* " - ■ • • 



/ 

STATECREG-PTXT-XOR-MASK+03; •/ 

STATECREG-PTXT-XOR-MASK+1 3; •/ 

STATECREG-PTXT-XOR-MASK+23; •/ 

STATECREG_PTXT_XOR_MASK+33; •/ 

STATECREG-PTXT-XOR-MASK+43; •/ 

STATECREG-.PTXT-XOR-MASK + 53; •/ 

STATECREGwPTXT^XOR^MASK+63; •/ 
STATECREG-PTXT-XOR..MASK + 73; 



i f c0, 

do ptxtXorMsk 



if d 

if useCBC 

xor with 



*/ 

*/ 
*/ 
*/ 
*/ 

*/ 
*/ 

*/ 
*/ 
*/ 

*/ 
*/ 
*/ 

*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 



select ciphertext •■*/ 
... unless we want d */ 
. . . then select d */ 



7-32 



Chapter 7: Chip Simulator Source Code 



■4c9a 0007dd476568004000f Page 6 of sim.c 



e02135 
b45d9d 
635981 
4242cc 
a6f8e9 
e80a03 
0a42cc 
406f e7 
dedf 1c 
dlaf 5a 
a964de 
5c6cb5 
f 70d66 
34dbbd 
d38aeb 
b7afe2 
f 13dfa 
4f f6ee 
1a6f e7 
eedf 1c 
0faf 5a 
c82d95 
57519a 
a763d6 
bd9656 
455974 
f ef e54 
e632f7 
95fdfb 
3b3c9d 
051bd0 
b33a4d 
045e2a 
5c7b9a 
71af 5a 
b34cd8 
52cfb8 
f286c6 
023f74 
c854a4 
9e3a49 
6a5199 
9f078a 
6cc7f8 
8eef e6 
c9af 5a 
a4a f 5a 
34d39e 
cc0b79 
77f 65b 
5717e0 
16af 5a 
2dd545 
e060e0 
75e4d8 
ad7454 
20af 5a 
9f815b 
6e9345 
8f 5c33 
0de5ed 
c3c59d 
be1f76 
4d452e 
c35c33 
9d7511 
42fe29 
45af 5a 
72d545 
ea47c0 
3d17d3 
7dcdbd 



for (i = 0; i < 24; i++) i 

f (WORKING-KDELTAHi ] == 1) { 

•increment32(STATE+REG-SEARCH-KEY(i)) 



f (WORKING-KDELTAHi ] == -1) { 

•decrement32(STATE+REG-SEARCH-KEY(i)); 



- i f key delta = 1 
i f key delta = -1 



* DES CLOCK 0: Latch in new working keys and working ciphertexts */ 
f (DES-POSITION == 0) { 
for (i = 0; i < 24; i++) -C /* i = search engine 

/* pick between ctxt and ctxt 1? */ 

if ((STATE[REG-SEARCH-STATUS(i )] & 2) == 88 ST A RTU P-D E L A Y [ i ] == 0) 

• -niemcpy(W0RKING-CTXT + 8*i, STATE+REG-C I PH ERTEXT0, 8); /* copy c0 

else 

• • memcpy(W0RKING-CTXT+8*i, STATE + R EG-C I PH E RTEXT1 , 8); /* copy d 



• Up 
= 1 

or ( 
•J & 
= ( 
TATE 
TATE 
f (( 

• ALL 
Ise 

• ALL 
TATE 
TATE 



date C h i pA I I Ac t i ve , board all active 

i = 0; i < 24; i++) 
= STATEC0x47+i*8]; 
j 8 1 ) ? 1 : ; 

CREG-SEARCHINFO] 8 = (255-4); , 

CREG-SEARCHINFO] |= (4*j); , 

STATECREGwSEARCHINFO: 8 16) == 0) •-, 
ACTIVE-OUT = ALLACTIVE-IN; 



set ChipAllActive 



If board all active enable = 



ACTIVE-OUT = ALLACTIVE-IN 8 j; 

CREG-SEARCHINFO] 8= (255-8); 

CREG-SEARCHINFO] j= ( 8* A LL A C T I V E-OUT ) ; 



/* set board al 
/* set board al 



I active 
I active 



*/ 
*/ 
*/ 



* Do any pending updates and update DES cycle position */ 
f (PENDING-UPDATE-ADDR1 >= 0) 

• STATECPENDING-UPDATE-ADDR1 ] = PEN D I NG-U PD AT E-D AT A 1 ; 
ENDING-UPDATE-ADDR1 = PEN D I NG-U PD AT E- A D D R2 ; 
ENDING-UPDATE-DATA1 = PENDING-UPDATE-DATA2; 
ENDING-UPDATE-ADDR2 = PEN D I NG-U PD AT E-A D DR3 ; 
ENDINGwUPDATE„DATA2 = PEN D I NG-U PD AT E-D AT A3 ; 
ENDING-UPDATE-ADDR3 = -1; 

ES-POSITION = (DES-POSITION + 1) % CLOCKS-PER-DES; 



static void de s Dec ryp t ( uns i gned char mC8D, unsigned char cC8], 
unsigned char kC7]) < 

• * b o o I keyC56], messageC64]; 

• * i n t i ; 

flifdef DEBUG 

• • printf <"DES-DECRYPT(k="); for (i=0; i<7;i++) p r i n t f ( " %02X " , k C i ] ) 
••printfC, c = "); for (i=0; i<8;i++) p r i n t f ( " %02X" , c C i ] ) ; 

#end i f 

for (i = 0; i < 56; i++) 

••keyr.55-i: = ((k[i/8D << (i & 7)) 8 128) ? 1 : 0; 

for (i = 0; i < 64; i++) 

• •messageC63-i] = ((cCi/8] << (i 8 7)) 8 128) ? 1 : 0; 

DecryptDES(key, message, message, 0); 

for (i = 0; i < 8; i++) 

■ ■ m I i J = ; 

for (i = 0; i < 64; i++) 

••if ( mes sage£63-i ] ) 

• • • • mCi/8] |= 128 >> (i%8); 

fdef DEBUG 

p r i n t f (") = ") ; 

for (i=0; i < 8 ; i + + ) 

• •printf("%02X" ,mCi]); 









Chapter 7: Chip Simulator Source Code 7-33 



--a790 001 522c46c68004000f Page 7 of s i m . c 

3bfeb7 ■ * prlntf <", c I k=% I d \ n ", C LOCK-COUNTER ) ; 

b87454 #endif 

leaf 5a 

87efe6 > 

97af 5a 

26af 5a 

e3af 5a 

2eaf 5a 

dba6b0 static void pr i n tKey I nf o ( F I LE *outDev, char ♦preamble, int searchUnit) i 

eac359 --fprintf(outDev, preamble); 

b97d84 • • f printf (outDev, " ( K=%02X%02X%02X%02X%02X%02X%02X, clk=%ld, s ea r c hUn i t = %d ) \ n ' 

d06867 STATEC0x40 + 8*searchUnit + 6:,STATEC0x40 + 8*searchUnit + 5:, 

9fa184 STATE[0x40 + 8*searchUnit + 4D,STATEi:0x40 + 8*searchUnit + 3], 

3b1668 STATE[0x40 + 8*searchUnit + 2D,STATE:0x40 + 8*searchUnit + 1D, 

10ceed STATE[0x40 + 8*searchUnit + 0], CLOCK- COUNTER, searchUnit); 

b3af 5a 

607332 ••printf(preamble); 

b7f622 -• printf ("(K = %02X%02X%02X%02X%02X%02X%02X, clk=%ld, s ea r c h Un i t = %d ) \ n " , 

e66867 STATEC0x40+8*sea rchUn i t + 6] , STATEC 0x40 + 8*sea rchUn i t + 5 ] , 

f6a184 STATEC0x40 + 8*searchUnit + 4],STATEC0x40 + 8*searchUnit + 3:, 

ba1668 STATE[0x40 + 8*searchUnit + 2:,STATEC0x40 + 8*searchUnit + 1D, 

abceed STATE [ 0x40 + 8*sea rchUn i t + 0] , CLOCK-COUNTER, searchUnit); 

ada f 5a 

58efe6 > 

c0a f 5a 

e6a f 5a 

67838f static void i nc remen t 32 ( uns i gned char *num) { 

68708d --if ((++(numC0])> == 0) 

f2c3c0 ••■■if (<++(numC1D)) == 0) 

0949d0 if ((++(numC23)) == 0) 

7754ed ++(numC3D); 

e7efe6 } 

b8af 5a 

f 5af 5a 

1fd062 static void de c remen t 32 ( uns i gned char *num) { 

ded7cb --if (((numC0D) — ) == 0) 

8334ba ••■■if ( < <numC1 1 > — ) == 0) 

654eee if ( ( ( numC 2 ] ) -- ) == 0) 

251e5b (numC33) — ; 

a0efe6 > 
44af 5a 
52af 5a 



7-34 Chapter 7: Chip Simulator Source Code 



--6ca6 001 1 93e4aa68004001 Page 1 of s i m . h 

8d2d03 /********************************************************************** 

516967 •* sim.h * 

8c93bc •* Header file for sim.c * 

d629eb ■* * 

dd09fc •* --'Written 1998 by Cryptography Research (http://www.cryptography.com) ■-•* 

708aaf •* and PauL Kocher for the Electronic Frontier Foundation (EFF). * 

20caeb •* Placed in the public domain by Cryptography Research and EFF. * 

784992 •* -THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. -* 

c329eb - * * 

afc755 •* -IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. •* 

0629eb •* * 

eb489b .***************************************************************************** 

4629eb •* * 

726eef •* --REVISION HISTORY: * 

6829eb •* * 

8628d9 •* --Version 1.0: -Initial release by Cryptography Research to EFF. * 

6129eb -* * 

75d8c3 .*****************************************************************************/ 
a 1 a f 5a 
2 a a f 5 a 

1ac928 //define REG_PTXT_VECTOR (0x00) 

f821cd //define REG_PTXT_XOR_MASK ••■(0x20) 

75b3c1 //define REG_C I PH E RT EXT0 (0x28) 

5a1752 //define REG-C I PH E RT E XT1 (0x30) 

74db81 //define REG_PTXT_B YT E_MASK --(0x38) 

39107b //define REG_S E A R CH I N FO (0x3F) 

b2b9aa //define REG-S E AR CH_KE Y ( x ) ---(0x40 + 8*(x)) 

86701d //define REG_S E A RCH_ST ATUS ( x ) (0x47 + 8*(x)) 

1d60ef //define C LOCKS_PER_D ES 16 

e ba f 5 a 

bd7608 int RunChip(char * i n p u t , FILE *outfile, int useRaw); 

7da99d long getClockCounter(void); 

5273d4 int peekState(int reg); /* runs chip & returns DATA value */ 

19af 5a 



Chapter 7: Chip Simulator Source Code 7-35 



— dfa5 000a2c967de8004001 1 Page 1 of testvec.c 

8d2d03 /***************************************************************************** 

a1132a •* testvec.c * 

8bd58f •* DES ASIC SimLator, Test Vector Generation Program * 

9429eb ■* * 

5409fc -* ■••Written 1998 by Cryptography Research (http://www.cryptography.com) •••* 

058aaf •* and Paul Kocher for the Electronic Frontier Foundation (EFF). * 

71caeb •* Placed in the public domain by Cryptography Research and EFF. * 

5e4992 •* -THIS IS UNSUPPORTED FREE SOFTWARE. USE AND DISTRIBUTE AT YOUR OWN RISK. •* 

9529eb - * * 

15c755 •* -IMPORTANT: U.S. LAW MAY REGULATE THE USE AND/OR EXPORT OF THIS PROGRAM. •* 

5a29eb •* * 

6 5 489b .***************************************************** ****^ 

b629eb -* * 

d815cb ■* •• IMPLEMENTATION NOTES: * 

8829eb •* * 

53a8b8 •* --This program automatically determines the configuration of a search •••■* 

521db9 ** --array. -Additional diagnostic code should be added to detect common ••••* 

9a87f9 •* --chip failures (once these are known). * 

e029eb •* * 

76489b -a*************************************************** *******^ 

6329eb -* * 

566eef -* --REVISION HISTORY: * 

ba29eb •* * 

a028d9 •* --Version 1.0: -Initial release by Cryptography Research to EFF. * 

5b29eb -* * 

a a d 8 c 3 ■*****************************************************************************/ 

a8af 5a 

d6feb2 ^include <stdio.h> 

63bea3 ^include <stdlib.h> 

9fc737 Sinclude <memory.h> 

93324c ^include <string.h> 

1a0a8b //include <time.h> 

1 1 bd 7 1 //include "sim.h" 

9aaf 5a 

31decb int USE-RAW-IO = 0; 

b0a91d FILE * F I LE-TO C H I P , * F I L E_ F ROM C H I P; /* TOCHIP can be input *or* output */ 

4fca8d int • C RE AT I NG-VECTOR ; /* reading vs writing TOCHIP file */ 

3e98dc unsigned char HARDWIRED^CHIP-ID •= 0x3 A; 
e0af 5a 

7f583a int ALLACTIVE-IN = 1 ; /* gets toggled randomly * / 

2ce03a int BOARD-ENu-IN •= 1; /* input value for run-set/check */ 

13b9cd int ADRSEL1-IN •-= 1; 

36af 5a 

60af 5a 

e17897 void Ge t Us e r I n f o ( un s i gned char p I a i n t ex t Vec t o r C32 ] , 

302461 unsigned char p I a i n t ex t Xo rMa s k C 8 ] , 

90910f unsigned char c i phe r t ex 1 C 8 D , unsigned char c i phe r t ex t L81 , 

b5446e unsigned char *p I a i nt ex t By t eMa s k, int *useCBC, int *extraXor, 

7bc016 int * randomVe c t o r , unsigned char s t a r t Key C 7 ] , long * t o t a I C I o c ks ) ; 

cd1884 void Loads t a t e ( uns i gned char p I a i n t ex t Ve c t or C32 ] , 

fb2461 unsigned char p I a i n t ex t Xo r Ma s k [8] , 

481fa8 unsigned char c i phe r t ex 1 0C8] , unsigned char c i phe r t ex 1 1 C8] , 

d0a024 unsigned char p I a i n t ex t By t eMa s k , int useCBC, int extraXor, 

c80ccc unsigned char startKeyC7H); 

511a5e void RunSimulator^SetRegister(int addr, int data); 

8b5fd9 unsigned char RunSimulator-CheckRegister(int addr); 

80703f void RunSimulator_.DummyIO(void); 

94708e static void EXIT„ERR(char * s ) -C f printf (stderr, s); exitd); > 

eba f 5a 

d6f314 void desDecrypt(unsigned char m C 8 ] , unsigned char cC8D, unsigned char kC7D); 

6eabe4 void increment32(unsigned char *num); 

42cba5 void decrement32(unsigned char *num); 

2d560a int hex2bin(char *hex, unsigned char *bin); 

77a5c5 void printHexString(char *tag, unsigned char *data, int len); 

33f163 void OpenFi les(char *toChipFilename, char *f ronChipFi lename, int useRaw); 

b2bd55 void printKeyInfo(FILE *outDev, char *preamble, int searchUnit); 

65a99d long getClockCounter(void); 

8b3363 void proceedNormal(long totalClocks); 

c7a6a5 void proceedRandom(void); 

caa f 5a 

11af 5a 

a238e5 /* 



7-36 



Chapter 7: Chip Simulator Source Code 



-8051 0009399d7c48004001 1 Page 2 of testvec 



4f 775e 
ac775e 
0f f 92c 
5b775e 
9a775e 
81775e 
2d495d 
b6af 5a 
6daf 5a 
b179bf 
5a7ab8 
736f 32 
aded17 
f ce93c 
81b1b4 
5bcc34 
b9f 974 
ac92d0 
1 aaf 5a 
0796ed 
c0795d 
5626d6 
8134ad 
1 1 4f 39 
67803c 
703172 
8b646c 
37df 1 c 
16af 5a 
026000 
802ba4 
3369bb 
cf df 37 
7f bbb4 
def9a6 
18bbf9 
a3a f 5 a 
97ee0b 
ac50a4 
e6eb83 
66b843 
a52d5f 
01563f 
1a2d5f 
97f 0ee 
b86f e7 
4a49d8 
89ae2b 
08828a 
f 497e4 
ac3a38 
f635be 
b694d0 
95c26c 
717a5a 
a 1 a0a2 
e16a79 
5ac986 
cf ccdd 
91c26c 
456f e7 
33af 5a 
21f70d 
a00659 
5c55a3 
3d55a3 
cd55a3 
7655a3 
62a71b 
9f f 16b 
1eb67c 
93084e 



THESE FUNCTIONS CREATE AND MANAGE THE TEST VECTORS. 



void main(int argc, char **argv) -C 

unsigned char s t a r t Key C 7] , p I a i n t ex t Ve c t o r L 32 ] 

unsigned char pLaintextXorMaskC8D; 

unsigned char ciphertext0C8]; 

unsigned char ciphertext1C8]; 

unsigned char p L a i n t ex t By t eMa s k ; 

int useCBC, extraXor, randomVector; 

long totalClocks; 

char buf ferC512II; 



f (argc 



fprintf(stderr, 
fprintf(stderr, 
fprintf (stderr, 
f p r i nt f ( s tde r r, 
fprintf(stderr, 
f pr i nt f ( s tde r r , 
e x i t ( 1 ) ; 



3 &8 argc != 4) i 



'Command Line: TO-CHIP.OUT F ROM-C H I P . OUT [RAW3\n">; 

TO-CHIP.OUT File for data going to chip\n"); 

(If this file exists, it will be simulated. \n 

Otherwise, a new file will be created. )\n"); 

FROM-CHIP.OUT -—File for chip's output\n" ); 

RAW Gives unix CRLFs & no header. \n"); 



>; 



/* 



* Open files and set C RE AT I NG-V ECTOR to 

* • • • • = reading TOCHIP file, 

* 1=create TOCHIP from user input, 

* 2=create random vector 



Open F i I es ( a rgvC 1 ] , argvf.2], (argc 



4) 



f (CREATING-VECTOR == 0) { 
fprintf(stderr, "Using input vector from file.Nn"); 
whi le (1 ) { 

if (f gets(buf f er, 500, FILE-TOCHIP) == NULL) 

• • break; 

if (strlen(buffer) < 10) 

• - break; 

RunChip(buf f er, F I LE- F ROMC H I P, USE-RAW-IO); 
> 

else { 
Ge t Use r I n f o ( p I a i n t ex t Ve c t o r , p I a i n t ex t Xo rMa s k, ciphertext0, ciphertextl 

8p la i nt ex t By t eMa s k, SuseCBC, &extraXor, & randomVe c t o r , startKey 

&totalClocks); 

if (randomVector == 0) { 

•■fprintf(stderr, "Seed=random (time-based)\n M ); 

••srand((unsigned) time(NULD); 

••HARDWIRED-CHIP-ID = (unsigned char)(rand() S 255); 

> else if (randomVector == 1) -C 
••fprintf(stderr, "Using user params.\n"); 

> else { 

••fprintf(stderr, "Seed=%d\n", randomVector); 

• • srand(randomVector); 

••HARDWIRED-CHIP-ID = (unsigned char)(rand() & 255); 

> 

/* Reset chip and set the chip ID */ 



spr i n t f ( buffer, 
RunCh i p ( buffer, 
RunChi p ( buffer, 
RunChi p( buffer, 
RunChi p( buf f er, 
sprintf(buffer, 

HARDWIRED-CHI P- ID); 

RunChip(buf f er, F I LE- F ROMC H I P 
fputs(buffer, FILE-TOCHIP); 



"01011111 00 %02X 00\n", HARDWIRED-CHIP-ID); 
FILE-FROMCHIP, USE-RAW-IO); f pu t s ( bu f f e r , FILE-TOCHIP); 

USE-RAW-IO); f put s < buf f e r , FILE-TOCHIP); 

USE-RAW-IO); f put s < buf f er, FILE-TOCHIP); 

USE-RAW-IO); f put s < buf f er, FILE-TOCHIP); 

%02X 00\n", HARDWIRED-CHIP-ID, 



FILE-FROMCHIP, 
FILE-FROMCHIP, 
FILE-FROMCHIP, 
"11011111 %02X 



USE-RAW-IO) 



Chapter 7: Chip Simulator Source Code 



7-37 



--02cc 00029e33ba58004001 1 Page 3 of testvec.c 



ba5b1f 
34b67c 
7a084e 
ce47a4 
e3b67c 
80084e 
b0af 5a 
fd317c 
971b90 
4b91ef 
6d3cb4 
916a79 
92057c 
7f6fe7 
4bdf 1c 
a7a f 5a 
a46b7f 
fd9918 
a9650b 
0def e6 
b7af 5a 
b4af 5a 
b3bbdb 
3be2b8 
341614 
0b929f 
80af 5a 
27a415 
a40a43 
021f4e 
e8b4b9 
318957 
325f6a 
9b6f e7 
442135 
9ab4ea 
d7bdac 
3ca6a b 
b9f e40 
d4f e40 
f f 42cc 
c7d86b 
7e760d 
598b76 
4c6426 
c910b2 
2cb297 
91b4ef 
1b5bbf 
1a2f 2b 
f baf 5a 
abf636 
b15425 
64677e 
652f98 
1d7e87 
9e7fb0 
0de535 
e10493 
db75ed 
6a f e40 
e336e c 
4242cc 
dd6f e7 
06df 1c 
f 1efe6 
ada f 5a 
0baf 5a 
d31874 
840515 
74a4ed 
29e13a 



buffer: 2] = ■ 1 '; 

RunChip(buffer, FILE-FROMCHIP, USE^.RAW-10); 

f puts(buf f er, F I LE-TOCH I P ) ; 

buffer^] = ' ' ; 

RunChip(buffer, FILE-FROMCHIP, USE_RAW_I0); 

fputs(buffer, FILE-TOCHIP); 

if ( randomVec tor == 1) -C 

• * Loads t a t e ( p L a i n t ex t Vec t or, p L a i n t ex t Xo rMa s k, ciphertextl 
plaintextByteMask, useCBC, extraXor, startKey); 

- -proceedNormal(totalClocks); 
> else { 

• • proceedRandomO; 
> 



ciphertextl 



/* Clean up a bit (doesn't really matter 

fclose(FILE-FROMCHIP); 

f close( FILE-TOCHIP); 



void proceedNorma I ( long totalClocks) -C 
long numClocks = getClockCounter(); 
unsigned char goodKeyC8]; 
i n t i , j , r ; 



- this is test code 



while ( 
r = R 

if (r 

• - f p r 

• - Run 
■ • con 
} 
for ( 

/* 
if 

• • R 

• • R 

• • R 



++numClocks < totalClocks) i 

unSimulator-CheckRegister(REG-SEARCHINFO); 
8 4) { 

intf (stderr, " Idle \n"); 

Simulator_DummyIO( ); 
tinue; 

i = 0; i < 24; i++) { 

If we're going to see a stall, give some settling time */ 

( (peekState(REG-SEARCH_STATUS(i ) ) S 1) == 0) i /* stalled? */ 

unSimulator_DummyIO(); /* wait before read */ 

unSimulator-DummyIO( ) ; 
unSimulator_DummyIO(); 



RunSimulator_CheckRegister(REG_SEARCH_STATUS(i)); 

((r 8 1) == 0) { /* stalled 

oodKey[6] = RunS i mu I a t o r-C hec kReg i s t e r ( REG~S E ARC H^KE Y ( i ) +0 ) ; 
oodKeyC5] = RunS i mu I a to r-Chec kReg i s t e r ( REG-S EARCH-KE Y ( i ) + 1 ) ; 
oodKey[4: = Run S i mu I a t o r_C h e c kReg i s t e r ( R EG-S E A RC H_KE Y ( i ) + 2 ) 
oodKey[3D = RunS i mu I a to r„C hec kReg i s t e r ( REG-S EARC H-KE Y ( i ) + 3 ) 
oodKey[2D = RunS i mu I a t o r_C hec kReg i s t e r ( REG-S EARC H-KE Y ( i ) + 4 ) 
oodKeyMD = RunS i mu I a t o r_C hec kReg i s t e r ( REG-S EARC H_KE Y ( i ) + 5 ) 
oodKey[0D = RunS i mu I a t o r-C hec kReg i s t e r ( REG-S EARC H-KE Y ( i ) + 6 ) 



*/ 



rintf (stderr, "ALERT: Full match in unit %d; extracted k 
intf (" ALERT: Full match in unit %d; extracted k = ", i); 
r (j = 0; j < 7; j++) i 
fprintf(stderr, "%02X" , goodKeyCjD); 
printf("%02X", goodKeyCj]); 



i >; 



rintf (stderr, "\n"); 
i n t f ( " \ n " ) ; 

nSimulator„DummyIO(); 

nSimulator-DummyIO( ); 
nSimulator-SetRegister(REG-SEARCH„STATUS(i) 



Settling time 



void p roceedRandom ( vo i d ) { 
•-unsigned char readoutC256]; 
•■unsigned char goodKeyC7]; 
• • i n t i , j ; 



7-38 



Chapter 7: Chip Simulator Source Code 



a796 0002667342680040011 Page 4 of testvec.c 



4af e41 
14d1fd 
23af 5a 
6c852a 
73af 5a 
42c34a 
ae477e 
70a328 
0d13b4 
926486 
21e479 
54e749 
52079a 
2f 6f e7 
dcdf 1c 
84af 5a 
68fd4c 
03339a 
579479 
c61 f 76 
d332be 
671f76 
c c e0be 
631 f 76 
7849e3 
e1 c5ca 
c99aac 
0bf 2a6 
02b125 
040688 
891 cca 
0b98b9 
ecf dd9 
98df 1c 
daa f 5 a 
8ea083 
df 1999 
6b1901 
d59097 
219101 
385173 
3d6ca2 
65571a 
51 df 1c 
b31dc8 
632004 
1 51901 
8c809e 
539101 
f 12abb 
97e66a 
b1093a 
217dae 
d2df8b 
cfd9f3 
1536a3 
3b4237 
1d0767 
8436ec 
53ca8d 
02b8df 
8a3d3b 
b905c9 
8642cc 
c65501 
de6f e7 
cbdf 1 c 
f baf 5a 
ab917c 
3f ef 47 
308260 
2621 f f 



unsigned char plaintextVectorL~32D; 
char buf ferC256:; 

/* chip has already been set and the chip ID has been Loaded */ 

/* Create plaintext vector with 181 bits set */ 
memsetCplaintextVector, 0, sizeof(plaintextVector)); 
i = 0; 
while (i < 181 ) { 

j = randO & 25 5; 

if ( (plaintextVectorC j /8H & (1 << (j % 8))) == 0) { 

••plaintext Vector[j/8] |= (1 << (j % 8)>; 

• • i + + ; 

> 
> 



plaintextVectorti D ) 
randO & 2 5 5); 



/* Load state */ 

for (i = 0; i < 32; i++) 

RunSi mu I a t o r-Se t Reg i ster ( R EG-PTXT-VECTOR + i 
for (i = 0; i < 8; i++) 

RunSimulator-SetRegister(REG^PTXT^XOR^MASK + i 
for (i = 0; i < 8; i++) 

RunSimulatorwSetRegister(REG-CIPHERTEXT0 + i, randO & 255); 
for (i = 0; i < 8; i++) 

RunSimulatorwSetRegister(REG-CIPHERTEXT1 + i , randO & 255); 
RunSimulator-SetRegister(REG-PTXT^BYTE-MASK, 1 << (randO & 7)); 

= (randO % 3) + (randO 8 16); •/* 0/1/2 for CBC & extraXor. 16 = activ0n 

fprintf(stderr, "Using mode %d with ActiveOn=%d.\n", (i&3), i/16); 

RunSimulator-SetRegister(REG^SEARCHINFO, i ); 
for (i = 0; i < 24; i++) { /* for each engine 

for (j = 0; j < 7; j++) /* set random start key 

••RunSimulator^SetRegister(REG-SEARCH-KEY(i)+j, randO S 255); 

RunSimulator-SetRegisterCREG-SEARCH-STATUS(i), 1); 



> 

/* 
for 



/* 
for 



> 

/* 

for 

• • r 

/* 

for 



Read out all registers (real and not) except for ptxt vector */ 

(i = 255; i >= 32; i--) 
eadoutCi] = RunSimulator^CheckRegisterCi); 
Change the key in any stopped units */ 

( i = ; i < 2 4; i + + ) i 

f ( (readoutCREG-SEARCH-STATUSCi )] S 1) == 0) 

•RunSimulator^SetRegister(REG-SEARCH-KEYCi), 

readoutCREG-SEARCH^KEY(i): A 0x08); 



/* sta I led? 
• /* fix key 



Read out ptxt vector */ 

(i = 31; i >= 0; -j--) 
eadoutCi] = RunS i mu I a t o r-C h e c kReg i s 
scan stopped units */ 
■ ' ) 



t e r ( i ) ; 




fprintf(stderr, "%02X", goodKeyCj]); 
» B ;-f*Pi»«5vN goodKeytj]); 



printf<"%02X' 



fprintf(stderr, "\n"); 



/* pick a different chip, read/write some registers, and reset chip id */ 
do { i = randO & 255; > while (i == H AR DW I R E D^C H I P-I D ) ; 
sprintf (buf f er, "11011111 %02X %02X 00\n", i, H A RD W I R E D^C H I P„I D ) ; 
RunChip(buffer, FILE^FROMCHIP, USE^RAW-IO); 



Chapter 7: Chip Simulator Source Code 



7-39 



•5543 0004f 8897348004001 1 Page 5 of testvec.c 



477f 59 
146c5f 
8921 f f 
527f 59 
0f 70e4 
a421f f 
b07f 59 
6b1f76 
feca76 
161 f 76 
46b8cf 
6615e8 
04867c 
5b21 f f 
a57f 59 
836c5f 
ed21f f 
If 7f 59 
c c70e4 
7b21f f 
1c7f 59 
9daf 5a 
3074d9 
234255 
71cb06 
732414 
42ca76 
0e2414 
0fb8cf 
594255 
9891da 
241 f 76 
71ca76 
7b1f 76 
54b8cf 
2c1889 
f bcb06 
dalf 76 
a eca76 
e41 f 76 
b8b8cf 
f81889 
1491da 
4caf 5a 
8ce7e0 
99741b 
771901 
7e809e 
199101 
b02abb 
76e66a 
c2093a 
287dae 
96df8b 
43d9f3 
eb36a3 
c34237 
9bc697 
5aca8d 
34b8df 
883d3b 
f c05c9 
f742cc 
d85501 
a56f e7 
04df 1c 
81ef e6 
b2af 5a 
8baf 5a 
dbaf 5a 
be7897 
4f 2461 



f put 
buff 
RunC 
f put 
buff 
RunC 
f put 
for 

• • Ru 
for 

• • Ru 
spri 

RunC 
f put 
buff 
RunC 
f put 
buff 
RunC 
f put 

/* T 
BOAR 
ADRS 
for 

• - Ru 
for 

- • Ru 
BOAR 
ADRS 
for 

- - Ru 
for 

■ ■ Ru 
BOAR 
ADRS 
for 

■ - Ru 
for 

■ • Ru 
BOAR 
ADRS 



s(buf f e 
er[2] = 
h i p ( bu f 
s(buf f e 
er[2] = 
h i p ( bu f 
s(buf f e 
( i = ; 
nSimula 
( i = ; 
nS i mu I a 
ntf (buf 
• • • ■ HAR 
h i p ( bu f 
s(buf f e 
er[2] = 
h i p ( bu f 
s(buf f e 
er[2] = 
h i p ( bu f 
s(buf f e 

est boa 
D-EN-IN 
EL1-IN 
( i = ; 
nS i mu L a 
( i = ; 
nS i mu L a 
D-EN-IN 
EL1-IN 
( i = ; 
nS i mu L a 
( i = ; 
nS i mu L a 
D-EN-IN 
EL1-IN 
( i = ; 
nS i mu L a 
( i = ; 
nSi mu L a 
D-EN-IN 
EL1-IN 



FILE-TOCHIP) 



1 1 
f e r 
r , 

'0 
fer 
r , 

i 
tor 

i 
tor 
fer 
DWI 
fer 
r , 

' 1 
fer 
r, 

'0 
fer 
r , 



, FI 
FILE 

/ FI 

FILE 

< 8; 
-Set 

< 8; 
-Che 
r "1 
RED- 
, FI 
FILE 

/fi 

FILE 

,' FI 
FILE 



LE-FR 
-TOCH 

LE-FR 
-TOCH 

i++) 
Regi s 

i++) 
ckReg 
10111 
CHIP- 
LE-FR 
-TOCH 

LE-FR 
-TOCH 

LE-FR 
-TOCH 



OMCHIP, USE-RAW-IO) ; 
IP); 

OMCHIP, USE-RAW-IO); 
IP); 

ter(randC) 8 255, randO & 255); 

ister(randC) 8 255); 

11 %02X %02X 00\n", HARDWIRED-CHIP-ID, 

ID); 

OMCHIP, USE-RAW-IO); 

IP); 

OMCHIP, USE-RAW-IO); 
IP); 



OMCHIP, USE-RAW-IO) 
IP); 



rd enable and ADRSEL1 */ 



i < 4 ; i + + ) 
tor-SetRegister(rand() 8 255, randO 8 255); 

i < 4 ; i + + ) 
tor_CheckRegister(rand() 8 255); 



i < 8 ; i + + ) 
tor-SetRegister(rand() 8 255, randO 8 255); 

i < 8 ; i + + ) 
tor-CheckRegister(randC) 8 255); 

= 1; 
= 0; 

i < 8 ; i + + ) 
tor-SetRegister(rand() 8 255, randO 8 255); 

i < 8 ; i + + ) 
tor-CheckRegister(rand() 8 255); 

= 1; 
= 1 ; 



/* Make a final pass reading all the registers */ 

for (i = 255; i >= 0; i — ) 

••readoutCi] = RunSimulator-CheckRegister(i); 

/* scan stopped units */ 

for (i = 0; i < 24; i++) { 

f ( ( readoutCREG-SEARCH-STATUS( i )] 8 1) == 0) { 

goodKey[63 = RunS i mu I a t o r-Chec kReg i s t e r ( REG-S E ARC H-KE Y ( i ) + 
goodKey[5D = RunSimulator-CheckRegister(REG-SEARCH-KEY(i)+1); 
goodKeyC4: = RunSimulator-CheckRegister(REG-SEARCH-KEY(i)+2); 
goodKeyC3D = RunS i mu I a t o r-C h e c kReg i s t e r ( R EG-S E A R C H-KE Y ( i ) +3 ) 
goodKeyC2] = Run S i mu I a t o r-C h e c kR eg i s t e r ( R E G-S E A R C H-KE Y ( i ) + 4 ) 
goodKeyCID = RunS i mu I a t or-Chec kReg i s t e r ( R EG-S E ARC H-KE Y ( i ) + 5 ) 
goodKeyHOD = Ru nS i mu I a t o r-C h e c kReg i s t e r ( R EG-S E A R C H-KE Y ( i ) +6 ) 

RunSimulator-SetRegister(REG-SEARCH-STATUS(i), 1); 

fprintf (stderr, "****** Full match in unit %d; extracted k = 
for (j = 0; j < 7; j++) -C 
■•fprintfCstderr, "%02X", goodKeytj]); 
■ ■printf("%02X", goodKeyCj]); 
> 

fprintfCstderr, " \ n " ) ; 
} 



void Ge t Use r I nf o ( uns i gned char p I a i n t ex t Ve c t o r C 32 ] , 
unsigned char p I a i n t ex t Xo rMa s kC8 ] , 



/* stalled? */ 
); 



restart 

i ); 



7-40 



Chapter 7: Chip Simulator Source Code 



--53eb 

261fa8 
49446e 
8b9f 02 
ef 0e71 
98c6d6 
f e17e0 
b5af 5a 
77659f 
10766e 
13b72a 
4953dd 
b0112c 
481bcb 
83f 545 
24f3bf 
9aaf 5a 
51ee8b 
14766e 
2db72a 
aa1856 
fba670 
91b657 
b9af 5a 
b83a0c 
b6766e 
67b72a 
a21856 
c0cf 62 
2998f 3 
16af 5a 
e9a5d9 
eb766e 
26b72a 
c41856 
21 cb49 
1e1da6 
51af 5a 
f ed221 
9f766e 
b5b72a 
968448 
69f706 
1dc2b5 
93af 5a 
a51b21 
72766e 
1bb72a 
a415b9 
1519c6 
cde2d 
7ca f 5a 
bdf 965 
28766e 
3ab72a 
e915b9 
7a6c75 
8e2353 
92af 5a 
2e04d5 
35766e 
3eb72a 
a68448 
6f bb66 
9db530 
d4af 5a 
40c8bf 
a2766e 
07e684 
c3a5e4 
f 30ed3 
6ca f 5a 
af f 4f 6 



0af 645a688004001 1 Page 6 of testvec.c 

unsigned char c i phe r t ex t C 8] , unsigned char c i phe r t ex 1 1 C8 1 , 

unsigned char *p I a i n t ex t By t eMa s k, int *useCBC, int *extraXor, 

int * randomVec to r, unsigned char startKey[7], Long *t ot a L C L oc ks ) i 

char buf ferC1024D; 
unsigned char tmp[512D; 
int i ; 

printf(" Enter plaintextVector values: "); 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i <= j | i >= 256) 

• • EXIT^ERR( "Must have at Least 1 p L a i n t ex t Vec t o r entry and at most 255. \n"> 

memsetCplaintextVector, 0, 3 2); 

whi Le Ci — ) 

••pLaintextVectorCtmpCi]/8D | = (1 << (tmpCi] % 8 ) ) ; 

printfC" ---Enter plaintext xor mask: "); 

gets(buffer); 

i = hex2bin(buffer, trap); 

if (i != 8) 

••EXIT_ERR("Must have 8 plaintext xor mask bytes."); 

memcpy ( p I a i n t ex t Xo rMa s k, tmp, 8); 



Enter ciphertext 



>; 



printfC" 

gets(buffer); 

i = hex2bin(buffer, trap); 

if (i != 8) 

— EXIT-ERRC'Must have 8 bytes in ciphertext 0."); 

memcpy ( c i phe r text 0, tmp, 8); 

printfC" Enter ciphertext 1 : "); 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i != 8) 

••EXIT-ERR("Must have 8 bytes in ciphertext 1."); 

memcpy(ciphertext1, tmp, 8); 

printfC" • -Enter plaintext byte mask: "); 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i != 1 ) 

•■EXIT_ERR(" Plaintext byte mask is 1 byte Long."); 

*plaintextByteMask = t m p C ] ; 

printfC" Enter useCBC (0 or 1): "); 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i != 1 | | tmpC0] > 1) 

• • EXIT-ERR("Must enter or 1 for useCBC."); 

*useCBC = tmp[0]; 

printf(" Enter extraXor (0 or 1): "); 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if (i != 1 | | tmpC0] > 1 ) 

•■EXIT_ERR("Must enter or 1 for extraXor."); 

*extraXor = t m p C D ; 

printf(" Enter randomVector (0=randomize, 1=user input, >1=seed): "); 

gets(buffer); 

i = hex2bin(buffer, tmp); 

if ( i ! = 1 ) 

• • EXIT..ERR ( "Mus t enter = randomize 1=use input, >1=vaLue for prng seed).") 

♦randomVector = t m p C ] ; 

printfC" Enter starting key: "); 

gets(buffer); 

if (hex2bi n(buf f er, tmp) != 7) 

■■EXIT^ERRC'Must enter 7 hex bytes as the key.\n"); 

memcpy(startKey, tmp, 7); 



p r i n t f ( 



Enter number of clocks 



" ) 



Chapter 7: Chip Simulator Source Code 



7-41 



•5aef 000e933bd7d8004001 1 Page 7 of testvec 



74766e 
775582 
0f9780 
e4b093 
33af 5a 
62186d 
5aa738 
44f f c6 
913b57 
83dd31 
37e15b 
012f30 
bbe751 
b81535 
bed787 
e2e f e6 
e0af 5a 
daaf 5a 
711884 
182461 
541fa8 
e3a024 
40e619 
c917e0 
0baf 5a 
af 339a 
a19479 
371f76 
c0a554 
1 31 f 76 
6d2b06 
031f 76 
02abab 
05ea2e 
5b35f 1 
7e824a 
9d0688 
C40441 
da0982 
d432d7 
751204 
a3696d 
b864ae 
4d13e5 
e7fdd9 
8adf 1c 
54ef e6 
15af 5a 
5daf 5a 
ada f 5a 
8b5194 
abdlfd 
f8af 5a 
3c9186 
d25f05 
a f a8dd 
7721ff 
047f 59 
dlaf 5a 
6ecb50 
93a8dd 
c621f f 
3d7f 59 
44af 5a 
bb5f05 
cda8dd 
8821f f 
b57f 59 
6faf 5a 
073db7 
1debd9 
e9ef e6 



gets(buffer); 

sscanf (buffer, "%ld", totalClocks); 

if (*tota LC locks < 1 |j *totaLCLocks > 1000000000L) 

••EXIT-ERR("Must have between 1 and 1 billion clocks. \n") 



printHexString( 
printHexString( 
printHexString( 
printHexString( 
pr i nt HexS t r i ng ( 

printf( 

printf( 

printf( 

printHexString( 
printf( 



'\n • PtxtVector 

■ PtxtXorMask = 
'Ciphertext = 
'Cipher-text 1 = 
'PtxtByteMask = 

■ useCBC = 

' * * • ext raXor = 

' ra ndomVe ctor = 

"Starting key = 

'Total clocks = 



', p la i n text Vector, 32) 

plaintextXorMask, 8 ) ; 

ciphertext0, 8 ) ; 

ciphertextl, 8 ) ; 

plaintextByteMask, 1 ) ; 
% d \ n " , * u s e C B C ) ; 
%d\n" , *extraXor); 
%x\n", *randomVector); 

startKey, 7 ) ; 
% I d \ n \ n " , *totalClocks); 



void LoadS t a t e ( uns i gned char p I a i n t ex t Vec t o r C32 ] , 

unsigned char p I a i n t ex t XorMa s kC8] , 

unsigned char c i phe r t ex 1 0C 8] , unsigned char c i phe r t ex 1 1 C 8] , 

unsigned char plaintextByteMask, int useCBC, int extraXor, 

unsigned char startKeyC7]) i 

int i ; 



for 

• • Ru 
for 

- - Ru 
for 

• • Ru 
for 

■ • Ru 
RunS 
RunS 



or 

• Ru 

• Ru 

• Ru 

• Ru 
■ Ru 

• Ru 

• Ru 

• Ru 



(i = 
nSinu 
(i = 
nS i mu 
(i = 
nS i mu 
(i = 
nS i mu 
i mu I a 
i mu I a 
( 

(i = 
nS i mu 
nS i mu 
nS i mu 
nS i mu 
nS i mu 
nS i mu 
nS i mu 
nS i mu 



i < 3 
tor-Se 

i < 8 
torwSe 

i < 8 
tor-Se 

i < 8 
tor-Se 
r-SetR 
r-SetR 
traXor 

i < 2 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 



2; 

tRe 



tRe 

; i 

tRe 

eg i 

eg i 

?2: 

4; 

tRe 

tRe 

tRe 

tRe 

tRe 

tRe 

tRe 

tRe 



+ ) 

ster(REG-PTXT-VECTOR + 

) 

ster(REG-PTXT-XOR-MASK 

) 

ster(REG-CIPHERTEXT0 + 

) 

st 

e r 

e r 



plaintextVectorCi ]); 

, plaintextXorMaskC7-i]); 

ciphertext0C7-i]); 



er (REG-CIPHERTEXT1 + i, c i ph e r t ex t 1 C 7- i 1 ) ; 

(REG-PTXT-BYTE-MASK, plaintextByteMask); 

(REG-SEARCHINFO, ( useCBC ?1 : > | 

| 16); /* enable board active */ 

+ ) -C /* for each engine */ 

ster(REGwSEARCH-KEY(i)+0, startKeyC6]); 
ster(REG-SEARCH-KEY(i>+1, startKeyCS]); 
ster(REG-SEARCH-KEY(i)+2, startKeyC4]); 
ster(REG-SEARCH„KEY(i)+3, startKeyC3]); 
ster(REG^SEARCH^KEY(i)+4, startKeyC2]); 
ster(REG-SEARCH-KEY(i)+5, s t a rtKeyC 1 ] ) ; 
ster(REG-SEARCH„KEY(i )+6, (startKeyC0] + i) S 255); 
ster(REG-SEARCH-STATUS(i ), 1); 



void RunS i mu I a t o r-Se t Reg i s t e r ( i n t addr, int data) { 
■ ■ char buf ferC2563; 

/* RESET, BOARD-EN, ALE, ADRSEL1,WRB,RDB,ADRSEL2,ALLACT^IN, ADDR, CHIP- ID, DATA */ 
sprintf (buf f er, "1%d0%d110%d %02x %02x %02x\n", BOARD-EN-IN, ADRSEL1-IN, 

ALLACTIVE-IN, addr, H AR DW I R E D-C H I P„I D , data); 

RunChip(buffer, FILE-FROMCHIP, USE-RAW-IO); 
f puts(buf f er, F I LE-TOCH I P ) ; 

sprintf (buf fer, "1%d0%d010%d %02x %02x %02x\n", BOARD-EN-IN, ADRSEL1-IN, 

ALLACTIVE-IN, addr, HARDWIRED-CHIP-ID, data); 

RunChip(buf f er, F I LE- FROMCH I P, USE-RAW-IO); 
f puts(buf f er, F I LE-TOCH I P ) ; 

sprintf (buf fer, "1%d0%d110%d %02x %02x %02x\n", BOARD-EN-IN, ADRSEL1-IN, 

ALLACTIVE-IN, addr, HARDWIRED-CHIP-ID, data); 

RunChip(buf f er, F I LE- F ROMC H I P , USE-RAW-IO); 
f puts(buf f er, F I LE-TOCH I P ) ; 

if ((randO 8 31 ) == 0) 

— ALLACTIVE-IN = 1 -A LL AC T I V E- I N ; 



7-42 



Chapter 7: Chip Simulator Source Code 



0bd8 000b2bfff 268004001 1 Page 8 of testvec 



e0a f 5a 
1 aa f 5a 
562371 
5fd1 fd 
dd5f f c 
f0af 5a 
bbb5a8 
6df 7c5 
7c7b22 
b40f 2c 
1 16e4c 
58d814 
34b67c 
e1 084e 
b7b67c 
4a084e 
dea7f 6 
26b67c 
7d084e 
e2b67c 
b2084e 
0cdda8 
d9b67c 
a3084e 
dbb67c 
d1084e 
64b67c 
53084e 
1149d8 
1ad2a6 
6cd137 
73f 0ee 
3ad7ef 
0e6f e7 
98df 1 c 
f 8ef e6 
50af 5a 
55af 5a 
4caf 5a 
abal 66 
9299d0 
d7d1 f d 
72af 5a 
229186 
f bac2d 
e0278e 
41 21 f f 
317f 59 
09af 5a 
0f aa92 
35278e 
cf 49f a 
dc7f 59 
dea f 5a 
a2234b 
ac278e 
0321 f f 
b77f 59 
cba f 5a 
2076c9 
c6ef e6 
36af 5a 
ada f 5a 
4bc2bf 
af 53c4 
f 203d6 
618db1 
1 80ada 
e449e3 
d7a66f 
9912d4 
b2ef e6 



d RunS i mu L a t or-Dummy I ( voi d ) { 
har bufferC256D; 
nt i, b, addr, chip; 



f ( ( 
add 
chi 
b = 
/*R 
spr 
Run 
f pu 
Run 
f pu 
spr 
Run 
f pu 
Run 
f pu 
spr 
Run 
f pu 
Run 
f pu 
Run 
f pu 
els 
spr 
for 

• • R 

• . f 
> 



rand ( 
r = r 
P = < 

(ran 
ESET, 
intf ( 
Chip( 
ts (bu 
Chip( 
ts (bu 
intf ( 
Chip( 
ts (bu 
Chip( 
ts (bu 
intf ( 
Chip( 
ts (bu 
Chip( 
ts (bu 
Chip( 
ts (bu 
e { 
intf ( 

(i = 
unChi 
pu t s ( 



) 8 3) > 0) { 

and() 8 25 5; 

randO 8 7)? H A R DW I RE D-C H I P- I D : (randO 8 255) 

d ( ) 8 7 ) ? 1 : ; 

BOARD-EN, ALE, ADRSEL1,WRB,RDB,ADRSEL2,ALLACT-IN, ADDR, CHIP-ID, DATA 



buffer, " 1 %d01 1 1 0%d %02x %02x 00\n" 

buffer, FILE-FROMCHIP, U S E-R A W- I ) ; 

ffer, FILE-TOCHIP); 

buffer, FILE-FROMCHIP, USE-RAW-IO); 

ffer, FILE-TOCHIP); 

buffer, "1%d01100%d %02x %02x 00\n" 

buffer, FILE-FROMCHIP, USE-RAW-IO); 

ffer, FILE-TOCHIP); 

buffer, FILE-FROMCHIP, USE-RAW-IO); 

ffer, FILE-TOCHIP); 

buffer, " 1 %d01 1 1 1 %d %02x %02x 00\n" 

buffer, FILE-FROMCHIP, USE-RAW-IO); 

ffer, FILE-TOCHIP); 

buffer, FILE-FROMCHIP, USE-RAW-IO); 

ffer, FILE-TOCHIP); 

buffer, FILE-FROMCHIP, USE-RAW-IO); 

ffer, FILE-TOCHIP); 



/ 
b, ALLACTIVE-IN, addr, chip); 



ALLACTIVE-IN, addr, chip); 



ALLACTIVE-IN, addr, chip); 



buffer, "1101111%d FF %02x FF\n 

randO 8 7; i > 0; i — ) { 
p(buffer, FILE-FROMCHIP, USE-RAW-IO); 
buffer, FILE-TOCHIP); 



ALLACTIVE-IN, H A R D W I R E D-C H I P- I D ) 



unsigned char Run S i mu I a t o r-C he c kReg i s t e r ( i n t addr) { 
unsigned char rval; 
char bufferC256]; 

/* RESET, BOARD-EN, ALE, ADRSEL1,WRB,RDB,ADRSEL2,ALLACT-IN, ADDR, CHIP- ID, DATA */ 
sprintf(buffer, "1%d0%d110%d %02x %02x 00\n", BOARD-EN-IN, ADRSEL1-IN, 

ALLACTIVE-IN, addr, H A R D W I R E D-C H I P- I D /*no data*/); 

RunChip(buf f er, F I LE- F ROMC H I P, USE_RAW-I0); 
f puts(buf f er, F I LE-TOC H I P ) ; 

sprintf(buffer, " 1%d0%d100%d %02x %02x 00\n", BOARD-EN-IN, ADRSEL1-IN, 

ALLACTIVE-IN, addr, H A R D W I R E D-C H I P- I D /*no data*/); 

rvaL = (unsigned c ha r ) RunC h i p ( bu f f e r , FILE-FROMCHIP, USE-RAW-IO); 
fputsCbuffer, FILE-TOCHIP); 

spri ntf (buf f er, "1%d0%d111%d %02x %02x 00\n", BOARD-EN-IN, ADRSEL1-IN, 

ALLACTIVE-IN, addr, H AR DW I R E D-C H I P- I D /*no data*/); 

RunChip(buffer, FILE-FROMCHIP, USE-RAW_I0); 
f puts(buf f er, F I LE-TOCH I P ) ; 

return (rval); 



nt unhex(char c) { 
if (c >= '0' 88 c 
•■return (c - '0' 
if ( c >= ' a ' 88 c 
••return (c - 
if (c >= 'A' I 
••return (c - 
return ( - 1 ) ; 



9' ) 



f • ) 



' a ' + 10); 
8 c <= ' F' ) 
'A' + 10); 



Chapter 7: Chip Simulator Source Code 



7-43 



--3d19 000c2e47631 8004001 1 Page 9 of testvec.c 



e0a f 5a 
1 aa f 5a 
4c4579 
dcc22f 
a66a41 
66af 5a 
688ef6 
078b28 
a052e6 
d8a3ed 
2560d1 
d8a6e5 
762462 
6ca f 5a 
9447de 
d28e69 
d3d278 
81df 1c 
27af 5a 
1b47de 
34f 5b0 
875f6a 
51643e 
57f2a4 
0039d3 
245f6a 
ab6fe7 
a3e16f 
339eae 
3d6fe7 
5fdf 1c 
ebc1d2 
8cef e6 
c2af 5a 
f2af 5a 
847b71 
3d17e0 
dbaf 5a 
449650 
f c6c12 
20cd57 
8af ee8 
eaef e6 
8aaf 5a 
24af 5a 
18bb19 
e27959 
C0f096 
9d1260 
6449d8 
335ef f 
c5d318 
445716 
e4c1d2 
d56f e7 
0c48bc 
69df 1c 
eba f 5a 
7da670 
8d870f 
9842e1 
25646c 
fddf 1c 
7baf 5a 
d359dc 
7dc563 
4e14f a 
e382e3 
4d7cf 5 
d6f02c 
da1 1 1 1 
c287b0 



nt 
i n 



hex2bi n ( cha r *hex, unsigned char *bin) -C 
t i = 0; 
t j = 0; 

Trim string if comments present */ 

(strchr(hex, ' # ' ) != NULL) 
*strchr(hex, ' # ' ) = ; 

(strchr(hex, '*') != NULL) 
*strchr(hex, •*') = ; 

(strchr(hex, ' \ ' ' ) != NULL) 
*strchr(hex, ' \ ' ' ) = ; 

r (i = 0; i < (int)strlen(hex); i++) { 
if (hexCi] >= '0' && unhex ( hex C i 3 ) < 0) 
••EXIT-ERR("Bad hex digit encountered. \n"); 

r (i = 0; i < (int)strlen(hex); i++) { 
i f (hexCi ] < , 0' ) 

• continue; 

f (hexCU >= '0' && hexCi+1] >= '0') { 

*binCj++] = (unsigned char)(unhex(hexEiD)*16+unhex(hexCi+1])); 

•i+ + ; /* skip one */ 

* continue; 

f (hexM ] >= '0' ) { 

*binCj++] = (unsigned charMunhex(hexCiD)); 

turn (j); 



void p r i n t HexS t r i ng ( c ha r *tag, unsigned char *data, int Len) -C 

• • i n t i ; 

••printf("%s", tag); 

••for (i = 0; i < Len; i++) 

• • • • p r i n t f ( " % 2 X " , d a t a C i ] ) ; 

• • p r i n t f ( " \ n " ) ; 



void Open F i L e s ( c ha r * t o C h i p F i L ename , char * f r omC h i p F i I ename , int useRaw) i 
FILE„TOCHIP = fopen(toChipFilename, useRaw ? "rb" : "r"); 
if (FILE^TOCHIP != NULL) { 
• • CREATING-VECTOR = 0; 
} else { 

FILE^TOCHIP = f open( toChi pFi Lename, 
if ( FILE-TOCHIP == NULL) { 
• ■ fprintf (stderr, "Can't open \"s\" 
e x i t ( 1 ) ; 



useRaw 



"wb" 



for toChip file\n", t oC h i p F i L ename ) 



} 
CREATING-VECTOR 



1 ; 



FIL 
if 

• • f 

• • e 
> 

USE 
f 

f 
f 
f 
f 
f 
f 



"wb' 



") 



E-FROMCHIP = f open ( f romCh i p F i L ename, useRaw 

( FILE-FROMCHIP == NULL) { 

printf (stderr, "Can't open \"s\" for fromChip file\n", f romChipFi lename); 

x i t ( 1 ) ; 

-RAW-IO = useRaw; 

/* Activate this to add column descriptors in the output */ 

( ! useRaw ) { 

printf(FILE-TOCHIP, "RESETXn"); 

printf(FILE-TOCHIP, "|B0ARD_EN\n"); 

printf(FILE-TOCHIP, "| jALEXn"); 

printf(FILE-TOCHIP, "| | jADRSEL1\n"); 

printf(FILE-TOCHIP, "j j j jWRB\n"); 



7-44 



Chapter 7: Chip Simulator Source Code 



-c2ba 001 857f f 29a8004001 1 Page 10 of testvec.c 



93a32c 
71b3bd 
d017df 
6bed08 
173c97 
f 1 102a 
4aea2f 
e1 e4e9 
541499 
4dc3ec 
a6df 1 c 
187454 
217c65 
1 a e f e6 
85af 5a 



} 

#en 
• • f 

> 



f pr i nt f 
f pri nt f 
f p r i n t f 
f pri nt f 
f p r i nt f 
f p r i nt f 
f p r i n t f 
f p r i n t f 
f pr i nt f 
f pr i nt f 



FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-FROMCHIP, 

FILE-FROMCHIP, 

FILE-FROMCHIP, 



dif 

printf ( FILE-FROMCHIP 



R D B \ n " ) ; 
ADRSEL2\n"); 
ALLACTIVE_IN\n"); 
A D D R \ n " ) ; 
l\\ CHIP_ID\n"); 
/\\ DATAXn"); 
! ! I\\ ALLACTIVE-OUT\n"); 



' DATA\n") 

'l\\ ALLACTIVE-OUT\n"); 

' ! ! ! /-- IsActi ve I . .23] 



\\\n") 



"KEY DES-OUT MATCH & S ELECT1 : \n" ) 



In This chapter: 

• Board Schematics 

• Sun-4/470 backplane 
modifications 

• PC Interfaces 

• Errata 




Hardware Board Schematics 



This chapter contains schematic diagrams of the printed-circuit boards that we 
designed and built for the DES Cracker. It also includes a few other details about 
the hardware. 

Each hardware board holds 64 DES Cracker chips. In this schematic, we only 
show how 8 of the chips are wired. The rest are wired almost identically. Each "All 
Active Out" pin is daisy-chained to the next "All Active In" pin. The "Chip ID" pins 
on each chip are connected directly to either ground or power, to tell the chip its 
binary chip number among all the chips on the board. If you examine these pins 
for the eight chips shown, you'll see how they change. 

The boards fit into card-cages which are connected to each other and to the host 
computer by a 50-pin ribbon cable. The card-cages are modified Sun-4/470 server 
card cages. The modifications we made to their backplanes are detailed toward 
the end of the chapter. 

Board Schematics 

The schematics begin on the next page. 



8-1 



8-2 



Chapter 8: Hardware Board Schematics 



H^Hi' 



1 7> 4 J 



\t 8 



iM» 




S§ "3 



i& 



& 



¥ 






ft 



Iff 



Board Schematics 



8-3 



i ffltitiilfflffifflffliffliffffil n 



- 1 



tiliiftiffifflffiilffiltiffiffi 






I I 



8-4 



Chapter 8: Hardware Board Schematics 




Board Schematics 



8-5 




8-6 



Chapter 8: Hardware Board Schematics 




Board Schematics 



8-7 




8-8 



Chapter 8: Hardware Board Schematics 




Board Schematics 



8-9 




8-10 



Chapter 8: Hardware Board Schematics 



Sun-4/470 backplane modifications 

The first DES Cracker uses several chassis recycled from Sun-4/470 servers to hold 
its boards. Each chassis contains a card cage, power supplies, fans, and covers. In 
the card cage there is a backplane, which is a printed circuit board that holds the 
connectors for each board that can be plugged into the card cage. Each row has 
connectors for 12 slots numbered from 1 to 12. The card cage is sized for "9U" 
VMEbus boards, each of which has three large 96-pin connectors. Therefore, the 
backplane also has three 96-pin connectors per board, called PI, P2. and P3. Each 
of these 96-pin connectors has three rows of 32 pins inside it, called Rows A, B, 
and C. 

We modified the backplane as follows: 

Top Row (PI): No modification. We just use this as a board holder. There is no 
signal from our boards to these connectors. 

Middle Row (P2): No modification. We just use this as a board holder. There is no 
signal from our boards to these connectors. 

Bottom Row (P3): Power and signaling for the DES Cracker boards, as follows: 

Table 8-1: Signal assignments on bottom connectors 



Row A 


Original Assigment 


New Assigment 


Pin 1 to 25 


+5 Volts 


Supply voltage for DES Cracker chips 


Pin 26 to 27 


+ 12 Volts 


Not used 


Pins 28 to 29 


-12 Volts 


Not used 


Pins 30 to 32 


-5 Volts 


Not used 


RowB 


Original Assigment 


New Assigment 


Pin 1 


Reserved 


Not used 


Pin 2 


Reserved 


Not used 


Pin 3 


Reserved 


Reset (C_RST) 


Pin 4 


Reserved 


Read Strobe (C_RDB) 


Pin 5 


Reserved 


Write Strobe (C_WRB) 


Pin 6 


Reserved 


Address Latch Enable (C_AEN) 


Pin 7 


Reserved 


Control_l (C_CNT1) or C_ADRSELB 


Pin 8 


Reserved 


Control_2 (C_CNT2) or C_CSB 


Pin 9 


Reserved 


Data 7 (C_D7) 


Pin 10 


Reserved 


Data 6 (C_D6) 


Pin 11 


Reserved 


Data 5 (C_D5) 


Pin 12 


Reserved 


Data 4 (C_D4) 


Pin 13 


Reserved 


Data 3 (C_D3) 


Pin 14 


Reserved 


Data 2 (C_D2) 


Pin 15 


Reserved 


Data 1 (C_D1) 



Sun-4/470 backplane modifications 



8-11 



Table 8-1: Signal assignments on bottom connectors (continued) 



Pin 16 


Reserved 


Data (C_D0) 


Pin 17 


Reserved 


Address 7 (C_A7) 


Pin 18 


Reserved 


Address 6 (C_A6) 


Pin 19 


Reserved 


Address 5 (C_A5) 


Pin 20 


Reserved 


Address 4 (C_A4) 


Pin 21 


Reserved 


Address 3 (C_A3) 


Pin 22 


Reserved 


Address 2 (C_A2) 


Pin 23 


Reserved 


Address 1 (C_A1) 


Pin 24 


Reserved 


Address (C_A0) 


Pin 25 


Reserved 


GND 


Pin 26 


Reserved 


GND 


Pin 27 


Reserved 


GND 


Pin 28 


Reserved 


GND 


Pin 29 


Reserved 


GND 


Pin 30 


Reserved 


GND 


Pin 31 


Reserved 


+5 V supply to all Interface ICs 


Pin 32 


Reserved 


+5 V supply to all Interface ICs 


Row C 


Original Assigment 


New Assignment 


Pins 1 to 25 


GND 


GND 


Pins 26 to 27 


+ 12 Volts 


Not used 


Pins 28 to 29 


-12 Volts 


Not used 


Pins 30 to 32 


-5 Volts 


Not used 



Row A, pins 1-25 provide the supply voltage for the DES Cracker chips. The sup- 
ply is normally +5 Volts. 

The chips can be run on a lower voltage, to reduce power consumption and heat 
generation. In that case, two voltages must be supplied. The lower voltage for the 
DES Cracker chips is supplied on Row A, pins 1-25. +5 volts is supplied to the 
interface circuitry on Row B, pins 31 and 32. In low voltage operation, Jumper JP1 
on each of the DES boards must be removed. If the DES chips are using +5 Volts, 
then no external power connects to Row B, pins 31 and 32, and Jumper JP1 on 
each of the DES boards is connected. 



Physical Modifications on P3 Bus (Bottom Row) 

The P3 bus (bottom row) of the backplane has 12 slots. Some of these slots are 
wired to their neighboring slots, forming a bus. In its original Sun configuration, 
the P3 bus was mainly used for a high-speed memory bus between the CPU board 
and the memory boards. It was divided into 4 independent groups: 

Group 1 

This group has 7 slots (from 1 to 7) which have their Row B's bussed together. 



8-12 Chapter 8: Hardware Board Schematics 

Group 2 

This has only slot 8. Its Row B did not connect to any other. 

Group 3 

This has only slot 9. Its Row B did not connect to any other. 

Group 4 

This group has 3 slots (from 10 to 12) which have their Row B's bussed 
together. 

We modified the backplane to connect each of these four groups together, so that 
P3 Row B connects from slot to slot along the whole backplane. 

On both slot 1 and slot 12 we added a dual-row header to the P3 connector, Rows 
B and C (signals and grounds), so that a 50-pin ribbon cable can connect to the 
bus. These headers allow each chassis to be cabled to the next chassis, and also 
allow the first chassis to be cabled to a general purpose computer, where the soft- 
ware that controls the DES Cracker runs. 

On slot 11, we also added a dual-row header to the P3 connector, Rows A and B 
(Supply voltage and signals), to let us install termination resistors when no ribbon 
cable is attached to Slot 12. These protect the integrity of the signals on the bus. 



PC Interfaces 



The first chassis connects to the controlling computer via a ribbon cable, which 
attaches to the dual-row header installed on Slot 1. This cable leads to a plug-in 
hardware card which provides three parallel I/O ports. The software talks to this 
card, causing it to write commands to the ribbon cable, or read results back from 
the ribbon cable. The software runs in an ordinary IBM PC, and could be ported 
to other general purpose computers. 

Our project used either of two interface cards. Both are from National Instruments 
Corporation of Austin, Texas, reachable at http://www.natinst.com or +1 
512 794 0100. Their PC-AT bus interface card is called the PC-DIO-24, order num- 
ber 777368-01. For laptops, a "PC card" (PCMCIA) interface is also available, the 
DAQCard-DIO-24, order number 776912-01. This card requires the PSH27-50F-D1 
cable, with order number 776989-01. 

Other parallel interface cards that provide 24 bit I/O could also be made to work. 



Errata 8-13 

Errata 

This page contains notes about errors detected late in the hardware or software 
published herein. 

Chip select for reading 

The DES Cracker chips do not properly tristate their data buffers. When any chip 
on any board is reading, every other DES Cracker chip drives garbage onto its data 
pins. The buffer enables were not qualified by the Board Enable and Chip Enable 
signals. The initial hardware boards were modified to circumvent this by providing 
individual RDB signals to each chip, qualifying them externally with an FPGA. The 
correct fix is in top.vhd in the chip VHDL; near the last line, change: 

DATA <= DATAO when (RDB = '0' and ADDSEL2 = '0') else (others => ' Z ' ) ; 

to: 

DATA <= DATAO when (RDB = '0' and ADDSEL2 = '0' and CHIP_EN = '1') 
else (others => 'Z'); 

This also involves adding CHIP_EN as an output of upi.vhd. 




In This chapter: 

• Abstract 

• Introduction 

• The basic idea 

• Details of such a 
machine 

• Obtained results and 
re m a rks 

. conclusion Breaking One Million 

• Acknowledgement 

DES Keys 
by Yvo Desmedt 

This paper was presented at Eurocrypt 1987 by Yvo Desmedt and Jean-Jacques 
Quisquater, under the title "An Exhaustive Key Search Machine Breaking One Mil- 
lion DES Keys". We publish it here for the first time, since no proceedings were 
made. It points out some research directions in parallel brute force codebreaking 
that are still useful today. 

Abstract 

The DES is in the commercial and industrial world the most used cryptoalgorithm. 
A realistic exhaustive key search machine will be proposed which breaks thou- 
sands of keys each hour, when DES is used in its standard 8 byte modes to protect 
privacy. Also authenticity protection with DES is sometimes insecure. 

Introduction 

The DES is the NBS* and ANSIt standard for encryption. It has been proposed to 
become an ISO* standard, under the name DEAL From the beginning Diffie and 
Hellman mentioned that one DES key could be broken under a known plaintext 
attack using an exhaustive keysearch machine^ However the design was criticized 
because practical problems as size and power dissipation were not taken into 



* "Data Encryption Standard", FIPS (National Bureau of Standards Federal Information Processing Stan- 
dards Publ.), no. 46, Washington D.C., January 1977 

f "Data Encryption Algorithm", ANSI X3. 92-1981, (American National Standards Institute), New York, 
December 31, 1980 

% "Data Encipherment, Specification of Algorithm DEA1", ISO/DP 8227 (Draft Proposal), 1983 

§ Diffie, W., and Hellman, M.E.: "Exhaustive cryptanalysis of the NBS Data Encryption Standard", Com- 
puter, vol. 10, no. 6, pp. 74 - 84, June 1977 



9-1 



9-2 Chapter 9: Breaking One Million DES Keys by Yvo Desmedt 

consideration. Hoornaert* proposed last year a realistic exhaustive keysearch 
machine, which solved all practical problems. Instead of breaking DES in half a 
day (as in the Diffie-Hellman machine), the cheap version ($ 1 million) needs 
maximum 4 weeks to find the key. In practice however companies or secret agen- 
cies want to break several keys at once. Indeed for doing industrial espionage, 
companies want to break as many communications as possible of their main com- 
petitors. Secret agencies want to be able to eavesdrop all communications and to 
follow up industrial developments in other countries which may be used for mili- 
tary purposes. The above machine is unpractical or expensive for this purpose. 
Instead of using thousands of machines for breaking thousands of keys, one modi- 
fied machine is enough. 

The basic idea 

At first sight if one wants to break one million keys with an exhaustive machine 
one needs one million pairs (plaintext, ciphertext)= (Mi, Ci) and do the job for each 
different pair. If all these pairs have the same plaintext M, the exhaustive machine 
can do the same job by breaking all these one million ciphertexts, as in the case it 
had only to break one. This assumption is very realistic, indeed in letters some 
pattern as e.g. "Yours Sincerely" are common. For all standardt 8 bytes modes a 
partially known plaintext attack is sufficient. In the case of ECB a ciphertext only 
attack is sufficient. Indeed the most frequent combination of 8 bytes can easily be 
detected and used. Evidently more machines can handle more different plaintext 
patterns. So, a few machines can break millions of keys. The number of different 
patterns can be reduced by using a chosen plaintext attack! 



Details of such a machine 



Although we did not built it, in this section sufficient details are given to show that 
such a machine is feasible. The machine will be based on a small extension of the 
DES chips used in Hoornaert's machine. We will call the ciphertexts for which one 
wants to break the key: "desired" ciphertexts. In one machine, each of the (e.g.) 
25 thousand DES chips will calculate ciphertexts for variable keys starting from the 
same 8 byte "plaintext" pattern. The machine has to verify if such a ciphertext is 
the same as some "desired" ciphertext. If so, it has to communicate the corre- 
sponding key to the Key Handling Machine (KHM) and the "number" of the 
"desired" ciphertext. However each used DES chip generates each second about 



* Hoornaert, K, Goubert, J., and Desmedt, Y.: "Efficient hardware implementations of the DES", 
Advances in Cryptology, Proceedings of Crypto 84, Santa Barbara, August 1984 (Lecture Notes in Com- 
puter Science, Springer-Verlag, Berlin, 1985), pp. 147-173 

t "DES modes of operation", FIPS (NBS Federal Information Processing Standards Publ.), no. 81, Wash- 
ington D.C., December 2, 1980 



Details of such a machine 9-3 

one million pairs (ciphertext, key). This gives a major communication problem. 
Indeed all this information (about 110Mbit/sec.= (56 key bits + 64 ciphertext bits) 
x 1M DES/sec.) cannot be communicated constantly outside the chip. To avoid this 
communication problem, the chip will internally exclude ciphertexts which cer- 
tainly are not equal to a "desired" ciphertext. So only a fraction has to be commu- 
nicated to the outside world. Hereto the "desired" ciphertexts were previously 
ordered based on their first 20 bits, which are used as address of the desired 
ciphertexts. If more than one of these "desired" ciphertexts have the same 20 first 
bits then one of them will later be transfered to the exhaustive machine. The oth- 
ers will be put on a waiting list. In the exhaustive machine bits of the desired 
ciphertexts are spread in RAMs, as explained later, using the 20 first bits as 
address. Each extended DES chip is put on a hybrid circuit together with 4 RAMs 
of 1Mbit and a refresh controller (see also fig. 1). For each enumerated key the 
DES chip communicates the 20 first bits of the corresponding generated ciphertext 
to the RAMs as address. The 4 bits information stored in the RAMs correspond to 
the next 4 bits of the desired ciphertexts. The RAMs communicate to the modified 
DES chip these 4 bits. Only if these 4 bits are equal to the corresponding ones in 
the generated ciphertext, the generated pair (ciphertext, key) is communicated 
outside the DES chip to a local bus (see fig. 1). So in average the communication 
rate is reduced, by excluding the ciphertexts which are certainly not desired. 
About 10 of these hybrids are put on a small PCB. A custom designed chip checks 
the next 10 bits (the bits 25 till 34) of the ciphertexts using the same idea as for 
the 4 bits (the bits 21 till 24). Hereto 10 RAMs each of 1Mbit are used, the address 
is again the first 20 bits of the generated ciphertext. Only if the check succeeds the 
pair (ciphertext, key) is communicated to the outside world via a global bus. This 
reduces the communication between the local bus and the global bus with a factor 
1000. About 2500 similar PCBs are put in the machine. The last 30 bits of the 
ciphertext are checked further on. Hereto similar hardware controls several PCBs. 
Finally a small machine can do the final check. The machine KHM checks the cor- 
rectness of the key on other (plaintext, ciphertext) pairs or on the redundancy in 
the language. Once each (e.g.) hour the machine KHM will update the broken 
keys and put the ones which are on the waiting list into the exhaustive machine (if 
possible). Suppose that one hybrid cost $80, then the price of $3 million (25,000 x 
hybrid + custom chips + PCBs + etc) for this machine is realistic. 



9-4 Chapter 9: Breaking One Million DES Keys by Yvo Desmedt 

Obtained results and remarks 

The described machine breaks about one million keys in 4 weeks, or in average 
about 3000 keys each hour. By updating the broken keys better results can be 
obtained.* Practical problems as buffering, synchronization, MTBF, power dissipa- 
tion, size, reloading of the RAMs and so on are solved by the author. Optimiza- 
tions under several circumstances and variants of the machine are possible. In 
view of the existing rumors that a trapdoor was built in DES by NSA, the feasibility 
of this machine shows that a trapdoor was not needed in order to break it. Old 
RAM technology allowed to design similar (or larger) machines which break less 
keys (e.g. thirtytwo thousand keys). This attack can be avoided if the users of DES 
use the CFB one byte mode appropriately, or use new modes, t or triple encryption 
with two different keys. DES-like algorithms can be designed which are more 
secure against the described attack and which use a key of only 48 bit, and which 
have the same encryption/decryption speed as DES (if used with fixed key).* The 
protection of the authenticity of (e.g. short) messages with DES is sometimes 
insecure. § These results combined with the above one, shows that the authentica- 
tion of standardized messages with DES may be worthless. Remark finally that the 
DES chip used in this machine does not use the state of the an of VLSI. Indeed 
about only 10,000 transistors are used in it. Megabits RAMs are easily available. 

Conclusion 

Every important company or secret agency over the world can easily build such a 
machine. Because it is not excluded that such machines are already in use by 
these organizations, the author advises the users to be careful using DES. Because 
the most used modes are breakable, the users have to modify their hard- or soft- 
ware in a mode which avoids this attack. Meanwhile only low-sensitive informa- 
tion can be transmitted with DES. If the authenticity of the messages is protected 
with DES under its standardized use, short messages have to be enlarged. 



* Desmedt, Y., "Optimizations and variants of exhaustive key search machines breaking millions of 
DES keys and their consequences on the security of privacy and authenticity with DES", Internal 
Report, ESAT Laboratory, Katholieke Universiteit Leuven, in preparation. 

f Quisquater, J.-J., Philips Research Laboratory, Brussels, paper in preparation. 

% Quisquater, J.-J., Desmedt, Y., and Davio, M.: "A secure DES* scheme with < 48 bit keys", presented 
at the rump session at Crypto '85, Santa Barbara, August, 1985 

§ Desmedt, Y: "Unconditionally secure authentication schemes and practical and theoretical conse- 
quences", presented at Crypto '85, Santa Barbara, August, 1985, to appear in the proceedings: Advances 
in Cryptology ( Springer- Verlag, Berlin, 1986). 



Acknowledgement 9-5 



Acknowledgement 



The author is sponsored by the Belgian NFWO. The author is very grateful to F. 
Hoornaert, IMEC-ESAT, Leuven, and J. -J. Quisquater, Philips Research Laboratory, 
Brussels, for many suggestions and improvements. 

Y.Desmedt 
ESAT Laboratory 
Katholieke Universiteit Leuven 
Kard. Mercierlaan 94 
B-3030 Heverlee, Belgium 



In This chapter: 

• Abstract 

• Introduction 

• Motivation 

• Related work 

• Technical Approach 

• Design and Analysis 

• Future work 

• Conclusions 

• Acknowledgements 

• Availability 

• References 




Architectural 

Considerations for 

Cryptanalytic 

Hardware 



Ian Goldberg and David Wagner 

[ iang, daw] @cs . berkeley . edu 

This paper was written in Spring 1996. Its performance numbers are several years 
out of date, and it used what hardware was handy, rather than the best possible 
hardware for its time. Still, results based on actually building working devices are 
preferable to much better theories about reality. 



Abstract 

We examine issues in high-performance cryptanalysis, focusing on the use of pro- 
grammable logic. Several standard techniques from computer architecture are 
adapted and applied to this application. We present performance measurements 
for RC4, A5, DES, and CDMF; these measurements were taken from actual imple- 
mentations. We conclude by estimating the resources needed to break these 
encryption algorithms. 

Introduction 

Large-scale open electronic communications networks are spreading: for example, 
mobile computing is on the rise, the Internet is experiencing exponential growth, 
and electronic commence is a hot topic. With these advances comes a need for 
robust security mechanisms, and they in turn depend critically on cryptographic 
protection. At the same time, computer power has been growing at dizzying rates, 



10-1 



10-2 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

matching or exceeding Moore's Law. Therefore, in this rapidly changing environ- 
ment, it is important to assess the strength of deployed encryption algorithms 
against the tremendous computational power available to potential adversaries. 

The best attacks on today's symmetric-key encryption algorithms simply apply 
massive computing resources to break their security by pure brute force. If a cryp- 
tographic algorithm is secure, it will be far too expensive for an attacker to gather 
the processing power necessary for such a brute-force cryptanalytic attack to suc- 
ceed. Assessing the security of a cryptographic algorithm against this threat, then, 
involves surveying the state of the art in cryptanalytic computational power and 
estimating the investment required to mount this type of attack. 

This paper explores the use of programmable logic hardware devices in cryptana- 
lytic applications. Programmable logic attempts to provide much of the premier 
performance available from custom hardware, while partially retaining the recon- 
figurability and ease of development benefits found in software. 

Our research draws heavily on the computer architecture field. Surprisingly, many 
techniques, tools, and models for the design of general-purpose processors also 
proved useful in the specialized domain of cryptanalytic hardware. We investigate 
the benefits of various forms of parallelism, including pipelining and superscalar 
architectures. We also examine and identify critical structural hazards and data haz- 
ards, as well as the crucial performance bottlenecks. This paper focuses especially 
on an analogue of the central "CPU time" formula from [20]. By framing the prob- 
lem from the perspective of system architects, we were able to take advantage of 
the extensive knowledge base available in the architecture literature. 

This paper is organized as follows. The section "Motivation" elaborates on the 
need for estimates of the performance of cryptanalytic hardware, and the section 
"Related Work" lists previous work which touches on this project and influenced 
our approach. Next, the the section "Technical Approach" introduces our experi- 
mental methodology and goals. The section "Design and Analysis" describes our 
design, implementation, and data in depth, providing a detailed technical analysis. 
Finally, the section "Future" briefly identifies some areas for future research, and 
the "Conclusion" concludes the paper. 

Motivation 

There is currently a strong need for a solid assessment of the resources required to 
break the common cryptographic algorithms. This information is a crucial data 
point for system designers — they need this information to determine which 
encryption algorithm is appropriate for their system. The need is only intensifying: 
weak encryption is becoming the norm, earlier assessments are either incomplete 



Motivation 10-3 

or out-of-date, and steady increases in computing power are threatening the viabil- 
ity of these weak encryption systems. 

Security is little more than economics. A cryptographic system is secure when it 
costs more to break it than the data it is protecting is worth. Accordingly, deter- 
mining the strength of an encryption algorithm comes down to measuring the cost 
of the cryptanalytic resources needed to break the system. That explains the basic 
need for an evaluation of the cryptanalytic performance possible today. 

In fact, several recent factors make the need more urgent. Weak encryption is 
being widely deployed. SSL with 40-bit RC4 is becoming a de facto standard for 
secure Web channels, largely because of Netscape's support. GSM, a European 
mobile telephony system, depends for its link-layer security on A5, an apparently 
weakened algorithm. Export restrictions are largely to blame for the recent pre- 
ponderance of weak encryption algorithms; they are an unfortunate fact of life at 
the moment. This intensifies the need for accurate estimates of the true protection 
these cryptographic algorithms offer. For extremely strong algorithms, it is suffi- 
cient to provide order-of-magnitude estimates to show that breaking these algo- 
rithms requires absurd collections of resources; but when it is feasible (or barely 
feasible) to break an encryption algorithm, it becomes extremely important to pin- 
point the cost of cryptanalysis accurately. 

The section entitled "Related Work" lists several earlier algorithm assessments. DES 
has received by far the most attention, but we are also greatly interested in the 
(today all-too-common) case of exportable encryption algorithms. Most of the 
experience with weak encryption systems has been with software cryptanalysis; 
yet programmable logic may be the most cost-effective method of assembling 
computational power for this problem. A recent paper [4] did briefly address the 
cost-effectiveness of programmable logic, but their estimate appears to be based 
on flawed assumptions. The one work which investigated the problem most 
closely [22] was a good start, but it didn't go far enough: their estimates were 
based on theoretical calculations, instead of real implementations and measure- 
ments. 

Therefore, there is new ground to cover, and previous work to validate. We will 
explore the applicability and performance of programmable logic to cryptanalysis 
of A5, DES, CDMF, and RC4. This paper attempts to provide a solid, rigorous 
assessment of the economics of cryptanalysis, relying on actual implementations 
and experimental measurements. 



10-4 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

Related work 

Previous exploration into exhaustive keysearch has tended to concentrate on 
either software implementations or custom hardware designs; not much has been 
reported on FPGA (programmable logic) architectures. We will survey the results 
available in the open literature. 

The first public brute-force cryptanalysis of 40-bit exportable RC4 appeared from 
the Internet cypher punks community. (The NSA (National Security Agency) had 
almost certainly mounted an exhaustive 40-bit search of RC4 long before that, but 
they're playing their cards close to their chest.) The cypherpunks are a loose- 
knit community dedicated to exploring the social ramifications of cryptography. To 
demonstrate the need for more secure encryption, Hal Finney challenged his fel- 
low cypherpunks to break 40-bit RC4 [16]. Soon Adam Back, David Byers, and 
Eric Young announced [31 that they had successfully searched the 40-bit keyspace 
with a software implementation running on the idle cycles of several workstations. 
At the same time, Damien Doligez had also independently finished a succesful 
sweep of the RC4 40-bit keys [12], with the same software implementation. Not 
long later, Piete Brooks, Adam Back, Andrew Roos, and Andy Brown organized a 
distributed effort [51 which used donated idle cycles from many machines across 
the Internet to finish a second challenge in 31 hours, again using a similar soft- 
ware implementation. The cypherpunks efforts gave us a fairly accurate estimate 
of the complexity of exhaustively searching the RC4 40-bit keyspace in software. 

There have been no reports of any experience with exhaustive keysearch of A5 in 
the open literature. The details of the A5 algorithm were only recently revealed to 
the public [1], so it is perhaps not surprising that it has received less attention. Sev- 
eral cryptographers' initial reaction was that there must be a trivial brute-force 
attack on A5 requiring 2 40 operations [26], [[11 No such attack ever materialized, and 
it became clear that the matter was not so trivial as initially imagined [26], [2]. The 
current consensus appears to be that A5's strength is possibly somewhat more 
than a 40-bit cipher but less than its 64-bit key might indicate. 

There have not been any reports on CDMF exhaustive keysearch in the literature, 
either. On the other hand, CDMF is very similar to DES — it is essentially DES with 
a reduced 40-bit keylength — so all the research into understanding DES keysearch 
will apply immediately to CDMF. As we shall see, there has been extensive work 
examining DES brute-force cryptanalysis. 

There have been many studies into the economics of a DES keysearch implemen- 
tation in custom hardware. (No one has seriously proposed breaking DES via soft- 
ware, as general-purpose computers are orders of magnitude slower at this task 
than specialized hardware.) The earliest estimate came not long after DES was rati- 
fied as a national standard. Whit Diffie and Martin Hellman designed a system 



Related work 10-5 

containing a large number of custom-designed chips [11]. They estimated that their 
$20 million architecture could recover a DES key each day. After their paper 
appeared, great controversy ensued. Some argued that the mean time between 
failures would be inherently so small that the machine could never work; Diffie 
and Hellman refuted these objections, although they also increased their cost esti- 
mate somewhat [27], p. 283. After the controversy died down, the final estimate 
was that DES would be insecure by the year 1990 [19]. A later paper suggested that 
a $1 million custom-designed hardware architecture could break DES in 9 days 
with technology forecasted to be available by 1995 [18]. Another more recent esti- 
mate took advantage of an extremely fast DES chip (designed for normal crypto- 
graphic use, not cryptanalysis), concluding that a $1 million assembly could search 
the DES key space in 8 days [31], [13], [14]. Yet another study examined the feasibil- 
ity of using existing general-purpose content-addressable processors, and con- 
cluded that a DES keysearch would take 30 days on them with a $1 million 
investment [30] Even more writing on the subject of hardware DES keysearch can 
be found in [25], and some issues in DES chip design can be found in [21, [15], [6]. 

All these estimates were superseded by a compelling 1993 paper [31] from Michael 
Wiener. He went to the effort of assembling a very comprehensive design (extend- 
ing for a hefty 42 pages!) of a custom-hardware DES keysearch machine, including 
low-level chip schematics as well as detailed plans for controllers and shelving. 
After a $0.5 million investment to design the machine and $1 million to build it, a 
DES key could be recovered each 3-5 hours, he argued. (Note the large develop- 
ment cost. This is a unique attribute of custom hardware designs.) His work has 
remained the definitive estimate of DES keysearch cost since then. On the other 
hand, we have seen 3 years of steady progress in chip performance and cost since 
then, and Moore's law remains as true as ever, so Wiener's figures should be 
adjusted downward accordingly. 

This year an ad-hoc group of experts was convened to recommend appropriate 
cryptographic key lengths for corporate security; their report [4] was very influen- 
tial. In this larger context, they very briefly surveyed the application of software, 
reconfigurable logic, and custom hardware to the brute-force cryptanalysis of 
40-bit RC4 and (56-bit) DES. We are a bit skeptical about the precise performance 
predicted for an RC4-cracking chip: they claimed that a single $400 FPGA ought to 
be able to recover a 40-bit RC4 key in five hours. (Amortizing this over many key- 
searchs, they determined that each keysearch would cost $0.08, causing some to 
refer to 40-bit RC4 as "8-cent encryption".) This estimate seems extremely opti- 
mistic, as it would require 30 million key trials per second; RC4 key setup requires 
at least 1024 serialized operations (256 iterations of a loop, with 4 memory 
accesses and calculations per iteration), so this would represent a throughput of 30 
billion operations per second. Even with a dozen parallel independent keysearch 



10-6 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

engines operating on the chip (which would require serious hardware resources), 
this would imply clock rates measured in Gigahertz — a rather unlikely scenario! 
Accordingly, our skepticism helped motivate us to attempt an independent investi- 
gation of these issues. 

At the other extreme, we are also concerned about gross overestimates of the 
security of RC4. After several cypherpunks folks demonstrated how easy it is to 
cryptanalyze RC4 with the idle cycles of general-purpose computers, Netscape had 
to respond. Their note made several good points — for instance, that export con- 
trols were to blame, leaving them no choice but to use weak encryption — but 
their estimate of the cost of breaking 40-bit RC4 was greatly flawed. The first suc- 
cessful keysearch used idle cycles on 120 workstations for 8 days. Netscape 
claimed that this was $10,000 worth of computing power, concluding that mes- 
sages worth less than $10,000 can be safely protected with 40-bit RC4 encryption 
[91. Exposing the invalidity of this estimate was another motivating force for us. 

One unpublished work [22] has studied in depth the relevance of reconfigurable 
logic to cryptologic applications. They assessed the complexity of a keysearch of 
DES and RC4 (as well as many other non-cryptanalytic problems). The main weak- 
ness of this aspect of their survey is that several of the estimates relied on theoreti- 
cal predictions instead of real implementations and experimental measurements. In 
this paper, we attempt to give more rigorous estimates, paying attention to the 
architectural and economic issues facing these cryptanalytic applications. 

Technical Approach 

Workloads and Architectures 

As we have explained earlier, there is much interest in the security of crypto- 
graphic algorithms. The algorithms with short keys (such as A5, RC4, CDMF, and 
DES) are the most interesting to examine, as their security depends intimately on 
the state-of-the-art in high-performance computing. Therefore, we concentrate on 
algorithms to break A5, RC4, CDMF, and DES. 

Software implementations running on general-purpose microcomputers have 
received perhaps the most attention [31, [12], [5]. To achieve maximum performance, 
though, we must also consider the tradeoffs associated with customizable hard- 
ware. We will focus mainly on hardware implementations of cryptanalytic algo- 
rithms; we then compare the tradeoffs between the hardware and software 
approaches. 

The most specialized approach involves using ASICs: custom-designed hardware, 
specially tailored to one particular cryptanalytic application. They require a signifi- 
cant initial investment for design and testing; they also must be produced in mass 



Technical Approach 10-7 

quantity for them to be economical. Therefore, while probably the most efficient 
approach for a dedicated cryptanalytic application, ASICs require such a large 
investment that they are probably only of interest to small governments or large 
corporations — they are certainly not within reach for a class project! 

Fortunately, there is a middle ground between ASICs and software. CPLDs (Com- 
plex Programmable Logic Devices) provide reconfigurable logic; they are commer- 
cially available at low prices. They provide the performance benefits of 
customizable hardware in small volume at a more reasonable price. We obtained 
access to a set of Altera FLEX8000 series programmable logic devices — more 
specifically, 81188GC232 chips.* These are mounted on a RIPP10 board, which can 
accomodate up to eight FLEX8000 chips and four 128KB SRAM memory chips. 

Therefore, the primary platform of interest was the RIPP10 board with FLEX8000 
chips; for comparison purposes, we also investigated several other programmable 
logic devices, as well as software-driven implementations. The workload consisted 
of brute-force cryptanalytic applications for RC4, A5, DES, and CDMF. 

The Figure of Merit 

It is important to keep in mind what quantities we are trying to measure. Regard- 
less of whether the methodology involves real implementations or synthetic simu- 
lations, the ultimate figure of merit is the performance-cost ratio. 

Why is the performance-cost ratio the relevant quantity? In general, our cryptana- 
lytic applications are characterized by extreme suitability to parallelization: the 
process of exhaustive search over many keys can be broken into many indepen- 
dent small computations without penalty. One fast machine will finish the compu- 
tation in exactly the same time as two machines which are twice as slow. 
Therefore, the relevant criterion is the "bang-to-buck" ratio, or more precisely, the 
numbers of trial keys searched per second per dollar. 

Methodology 

We used several methods to understand the architectural tradeoffs and their effect 
on cryptanalytic applications. We first implemented a few sample cryptanalytic 
algorithms and directly measured their performance on real workloads and actual 
architectures. Direct measurement is obviously the most desirable experimental 
technique; unfortunately, we do not have access to every system in existence. 
Therefore, to forecast the behavior on other platforms, we also used several simu- 
lation tools. In both cases, we examine actual applications and real systems. 



* We greatly appreciate the kind support of Bruce Koball and Eric Hughes! 



10-8 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

Direct measurement 

Doing direct measurements on real systems running real applications is conceptu- 
ally straightforward (but still labor-intensive in practice!). First, we directly imple- 
mented the relevant cryptanalytic algorithms for the Altera FLEX8000 platform. 
Once this is done, it is easy to do several small time trials to measure performance. 
Finally, we used technical data sheets [8] and price lists [7], [24] from Altera to 
assess the cost of the system. 

We also implemented the applications in software. Measuring performance is easy; 
fixing a price on the computation is a bit less straightforward, and we will address 
that in a later section. 

Simulations 

It would be valuable to obtain measurements for a variety of CPLD architectures. 
As we only have access to the Altera RIPP10 board and FLEX8000 81188GC232 
chips, the experimental procedure becomes a bit more involved. Fortunately, our 
development environment offers compilation, simulation, and timing analysis tools 
for several programmable logic devices. We therefore compiled the applications 
for several other chips and calculated predicted performance estimates with the 
simulation tools. 

An important step for any simulation technique is to validate the simulation pro- 
cess. Accordingly, we applied the same simulation and timing analysis procedure 
to our applications for the FLEX8000 81188GC232; comparing the performance 
estimates from the simulation with the direct measurements lets us validate our 
experimental methodology. 

Design and Analysis 

Overview 

We begin by setting up a model for analysis and describing several design issues 
that are common to all cryptanalytic hardware. 

For this project, we are assuming the "known plaintext" model of cryptanalysis. In 
this model, an adversary has an encrypted message (the ciphertext), and also a 
small amount of the original message (the known plaintext) . He also knows what 
part of the ciphertext corresponds to the known plaintext. The goal of the adver- 
sary 7 is to determine the key necessary to decrypt the ciphertext into the known 
plaintext. He can then use this key to decrypt the rest of the encrypted message. 

Other models of cryptanalysis, such as "ciphertext only" or "probabilistic plaintext" 
[291 are more complicated to use, but do not require an adversary to have specific 



Design and Analysis 10-9 

knowledge of part of the original message. However, as most messages have some 
well-known parts (a From header in a mail message, for example), the known 
plaintext model turns out to be applicable to almost all situations. 

For a cryptographic algorithm to be considered secure, there must be no way to 
determine the decryption key which is faster than just trying every possible key, 
and seeing which one works (note that this is a necessary, but not sufficient, con- 
dition). This method is called brute force. 

Breaking a cryptographic algorithm by brute force involves the following steps: 

For each key in the keyspace 

• Perform key setup 

• Decrypt the ciphertext and compare it to the known plaintext 

As will be seen below, different algorithms spend different amounts of time in the 
two steps. (For instance, stream ciphers — which generate output one bit at a 
time — allow us to prune incorrect key guesses very rapidly — while block 
ciphers — which operate on a block at a time — require us to generate the entire 
output block before any comparison is possible. DES and CDMF are block ciphers; 
A5 and RC4 are stream ciphers.) 

We measure the expected number of cycles for each of the two steps for each key, 
and add them to determine a Cycles per Key, or CPK value for the algorithm. 

Similar to the formula for CPU time found in [20]: 

CPU time = Instruction Count x CPI x Clock cycle time 

we have a formula for brute-force searching a keyspace: 

Search time = Keys to check x CPK x Clock cycle time 

As with the [20] equation, we ignore CPU time. This is valid because we take care 
to avoid I/O as much as possible. Cryptanalytic applications are typically compute- 
bound, so this is an important optimization. 

In the above formula, "Keys to check" indicates the number of keys to search; this 
can simply be the total number of keys that can be used with the algorithm, or, in 
the event that many chips are being used to simultaneously search the keyspace, it 
can be some fraction thereof. 

"CPK", as described above, is defined to be "KeySetup + Comparison". "KeySetup" 
is the number of cycles required to load a key into the algorithm's internal data 
structures, so that the key search engine is ready to produce output. "Comparison" 
is the expected number of cycles required for the algorithm to produce enough 
output so that it can be determined whether the key is the correct one. Note that 



10-10 



Chapter 10: Architectural Considerations for Cryptanalytic Hardware 



different algorithms divide their time differently between these two parts, as will 
be seen in more detail below. 

"Clock cycle time" is exactly what one would expect; algorithms that attempt to do 
more complicated work in one cycle will tend to have a higher clock cycle time. 
This is also the factor that will vary most when using different models of hard- 
ware, as faster (more expensive?) chips have smaller gate delays. One important 
design feature common to all brute-forcing algorithms also affects this factor: how 
does one cycle through all of the keys in the keyspace? The obvious solution (to 
simply start at 0, and increment until the correct key is found) turns out to be a 
bad one, as incrementing a number of even 8 bits causes unacceptably large gate 
delays in propagating the carry. Tricks such as carry-save arithmetic [20] are usu- 
ally not useful here, because keys are usually not used by the encryption algo- 
rithms as numbers, but rather, as bit strings. 

A better solution [31], which uses the fact that the keys need not be checked in 
sequential order, is to use a linear feedback shift register [27], or LFSR. An LFSR is a 
register that can either be loaded (to set the register's value), or have its existing 
value shifted (in order to output 1 bit, and to change the register's value). Of the 
two styles of LFSR, the usual style is called a Fibonacci LFSR. To shift a Fibonacci 
LFSR, simply copy each bit to its neighbor on the right. The original rightmost bit 
is considered the output. The bit that is shifted in at the left is the parity of some 
specific subset of the bits (the taps) of the register (see Figure 10-1. 



r\ r\ r\ r\ r\ r\ r\ 



® — e 



& 



Output 



Figure 10-1: Fibonacci LFSR 



The most important properties of an LFSR are that it has a low (constant) gate 
delay, and more importantly, if the taps are chosen properly, repeated shifting 
(starting with any non-zero value) will cycle through every possible non-zero 
value of the register. 

The other style of LFSR is called a Galois LFSR, which has the same properties as 
the Fibonacci LFSR, but is shifted differently. To shift a Galois LFSR, copy each bit 
to its neighbor on the right, except for the taps, for which the rightmost bit of the 
register is XOR'd in before the copy is done. The bit that is shifted in at the left is 
the original rightmost bit, which is also considered the output (see Figure 10-2). 
The advantage of a Galois LFSR over a Fibonacci LFSR when being implemented 
in hardware is that a Galois LFSR usually has an even lower gate delay than a 



Design and Analysis 



10-11 



W W W W W W W 



Output 



Figure 10-2: Galois LFSR 

Fibonacci LFSR, resulting in a potentially lower clock cycle time. For this reason, 
Galois LFSRs are usually used to cycle through the list of possible keys. 

In order to take advantage of parallelism, one must be able to distribute the 
keyspace equitably among the multiple hardware devices. Standard mathematical 
techniques allow us to easily calculate the value of the shift register after any given 
number of shifts. From this, we can determine evenly separated starting positions 
for each device in the search engine. 

We will now describe the design issues and analysis that were performed when 
we implemented various encryption algorithms in programmable logic. 



A5 

A 5 [1] is the encryption algorithm used in GSM, the European standard for digital 
cellular telephones. It consists of three Fibonacci LFSRs of sizes 19, 22, and 23 
respectively, which are initially loaded with the contents of the 64-bit key. The 
middle bits of all three LFSRs are examined at each clock cycle to determine which 
registers shift and which do not (at least two of the three registers shift in each 
clock cycle). The parity of the high bits of the LFSRs is output after each shift, and 
this output bitstream is XOR'd with the ciphertext to recover the original message. 

This algorithm is quite well-suited for implementation in hardware due to the sim- 
plicity of LFSRs; given that it was designed for use in cellular phones, in which 
limited resources are available, this should not be surprising. The simplicity of the 
algorithm leaves almost no room for creativity to the implementer. 

The resource requirements for A5 are quite minimal; they consist mainly of the 64 
flipflops that make up the three LFSRs. In this algorithm, the key setup time is triv- 
ial (a single cycle to load the LFSRs with their initial state); the majority of the 
algorithm consists of comparing the output of the generator (which comes out at a 
rate of 1 bit per cycle) to the expected output. Since incorrect keys produce essen- 
tially random data, the expected number of bits we need to check before rejecting 
a key is 2. Thus, the total number of cycles per key for A 5 is CPK = KeySetup + 
Comparison =1 + 2 = 3. 



10-12 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 



RC4 

RC4 [27] is the encryption algorithm used in, among other things, the Secure Sock- 
ets Layer (SSL) protocol [17] used by Netscape and other World Wide Web 
browsers to transmit encrypted information (such as banking transactions) over the 
Internet. RC4 is quite a simple algorithm; start with a 256-byte read-only array K 
that stores the key (repeat the key as often as necessary to fill K), a 256-byte ran- 
dom-access array S, and two 8-bit registers i and j . 

To do key setup, start with j =0, and do: 

for i = to 255: 

S[i] = i 
for i = to 255: 

j = (j + S[i] + K[i] ) mod 2 56 

swap S [ i ] and S [ j ] 

Once the key setup is complete, set i = j =0, and to generate each byte, do: 

i = (i + 1) mod 2 56 

j = ( j + S [ i ] ) mod 2 5 6 

swap S [ i ] and S [ j ] 

output S[(S[i] + S[j]) mod 256] 

The sequence of bytes outputted is XOR'd with the ciphertext to recover the origi- 
nal message. 

SSL, one common system that uses RC4, has a small added complexity. Instead of 
the key being copied into the array K, as described above, it is first processed by 
the MD5 hash function; the result of the MD5 computation is then copied into K. 
Our design and analysis does not include MD5, which is quite large, complicated, 
and includes many 32-bit additions, so readers hoping to break SSL should keep in 
mind that their performance will be substantially worse than that determined 
below. 

The resource requirements for RC4 are considerable. Most notably, it requires 258 
bytes of state (compare 8 bytes of state for A5), 256 bytes of which need to be 
accessed randomly. Such resources were beyond the capabilities of the pro- 
grammable logic chips we had available, but fortunately the board on which the 
logic chips were mounted had 128KB of SRAM accessible to the logic chips via a 
bus; we stored the array S in this SRAM. Note that the key array K is accessed in a 
predictable order, so it was not necessary to store it in the SRAM. 

Unfortunately, when trying to produce intstruction-level parallelism in the algo- 
rithm, the single port to the SRAM becomes a structural hazard. For this reason, it 
was necessary to serialize accesses to this SRAM. Initially, we expected that going 
off-chip to access the SRAM would be the bottleneck that determined the mini- 



Design and A nalysis 10-13 

mum clock cycle time; the section entitled "Analysis" below shows that we were 
incorrect. 

We now calculate the "Cycles per Key" value for RC4. Examining the key setup 
code, it is clear that the first loop requires 1 cycle to initialize i to 0, and 256 
cycles to complete, and each iteration of the second loop requires 4 cycles (1 each 
to read and write S [ i ] and S [ j ] ), for a total key setup time of 1281 cycles. 

Similarly, each byte of output requires 5 cycles to produce (1 each to read and 
write S [ i ] and S [ j ] , and 1 to read S[(S[i] + S [ j ] ) mod 2 5 6]. The 
expected number of bytes needed to determine whether the guessed key is correct 
is: 

(l-^)-'< 1.004 

so the value of "Comparison" is very near 5. Thus we calculate the total Cycles per 
Key to be CPK = KeySetup + Comparison = 1281 + 5 = 1286. 

DES and CDMF 

DES is the national Data Encryption Standard; it enjoys widespread use by the 
banking industry, as well as being one of the preferred algorithms for securing 
electronic communications. DES transforms a 64 bit input block into a 64 bit out- 
put by a reversible function which depends on the 56 bit key in a highly non-lin- 
ear way. 

The DES algorithm was designed primarily for efficiency in hardware, and thus has 
several distinguishing features worth noting. It consists of an initial and final per- 
mutation and 16 rounds of main processing, with each round transforming the 
input bits via a "mix-and-mash" process. Bit permutations are used extensively; of 
course, they are trivial to do in hardware by simply reordering wires. Each round 
also contains 8 different "Substitution" boxes (or S-boxes for short); the S-boxes 
are non-linear functions which map 6 input bits to 4 output bits. S-boxes are not 
very resource-intensive in hardware: they can be implemented as four 6-input 
boolean functions, and their small size keeps the gate count reasonable. The key 
is stored in a shift register, rotated before each round, and exclusive-or-ed into the 
block during each round. This is also straightforward to implement in hardware. 

CDMF (Commercial Data Masking Facility) [231 is a related algorithm which uses 
DES as the underlying transformation; the only difference is that it weakens the 
key to meet US export restrictions. CDMF has an effective 40-bit keylength, which 
is then expanded to a 56 bit DES key by using another DES transformation. Load- 
ing a CDMF key requires one initial DES operation, and transforming each 64 bit 
block requires one DES operation. Therefore an implementation of a DES key- 



10-14 Chapter 1 0: A rchitectural Considerations for Cryptanalytic Hardware 

search application leads easily to a CDMF keysearch engine with half the search 
rate. 

Our DES implementation was forced to be rather minimal to fit in the limited 
resources available on our chip. We implemented one round of DES, with the 
appropriate S-boxes and bit permutations. Some extra flip-flops and a state 
machine allow us to iterate the round function 16 times; there was not sufficient 
space (i.e. logic gates) available to implement 16 instantiations of each S-box. 

The S-boxes are perhaps the most critical component, and we tried several differ- 
ent implementation approaches for them. One natural way to describe each S-box 
is as a 64-entry lookup table containing 4 bit entries. This might be a good choice 
if the chip had contained some user-configurable ROM; ours didn't. A similar 
approach takes advantage of the compiler support for "case" statements, which 
gets translated into a hardware structure containing a 64-line demultiplexor and or 
gates expressing the relevant minterms. This structure minimizes gate delay at the 
expense of space resources. In fact, this structure increased the gate requirements 
significantly, to the point where the 8 S-boxes alone required more hardware 
resources than our overworked chip had to offer. The compiler was not particu- 
larly helpful at doing space-time tradeoffs to minimize the space requirements, so 
we ended up optimizing the S-box functions by hand. 

The manual optimization we settled on can be viewed as a form of speculative 
execution. First, note that it suffices to describe how to compute the 6-bit to 1-bit 
boolean function that calculates one output bit of some S-box. Since the S-boxes 
behave roughly like they were chosen at random, we don't expect to find any 
structure in the outputs — i.e. each output will be an uncorrelated non-linear func- 
tion of the inputs — so this is roughly optimal. To compute such a 6-to-l function, 
we first isolate 2 of the 6 input bits as control bits. We do speculative execution 
with four functional cells; each cell computes the output of the 6-to-l function 
under a speculative assumption about the 2 control bits. As there are four possible 
values of the control bits, the four functional cells enumerate all possibilities. At 
the same time the functional cells are computing their 4-to-l function, a multi- 
plexor unit concurrently selects one of the functional cells. The calculation of the 
6-to-l function via speculative execution is depicted in Figure 10-3. This choice of 
S-box implementation structure is tailored to our Altera FLEX8000 chips: these 
chips are organized as an array of logic cells, where each logic cell can compute 
an arbitrary (configurable) 4-to-l boolean function. For chips with a different orga- 
nization, some other manual optimization might be more appropriate. 

The "Search time" equation for our CDMF implementation is not hard to analyze. 
One can easily count the CPK by direct inspection of our implementation. We 
have a finite state machine with 4 states, labelled from a to d. The cycle-by-cycle 
breakdown of the "KeySetup" time for one CDMF encryption is as follows: 



Design and Analysis 



10-15 



o 

0. 
00 



N 

© 



N 

o" 



£~ ^ *~ & 

Figure 10-3: Calculation of a boolean function with 6 inputs 



a. 1 cycle to increment the key and load in the 40-bit CDMF trial key 

b. 1 cycle to perform the DES input permutation 

c. 16 cycles to perform 16 rounds of encryption 



10-16 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

cl. 1 cycle to perform the DES final permutation and load in the 64 bit plaintext 
block 

We can see that the "KeySetup" time is 19 cycles. An enumeration of the output 
generation and comparison stage yields 

a. 1 cycle to perform the DES input permutation 

b. 16 cycles to perform 16 rounds of encryption 

c. 1 cycle to perform the DES final permutation, compare the ciphertext block to 
the expected value, and return to state a if this trial key was incorrect 

This means that the "Comparison" time is 18 cycles, so the total CPK is 19+18 = 37. 
Note that DES encrypts the entire 64 bit block at once, unlike a stream cipher, so 
we check all of the output bits in parallel. 

The hardware resources required by CDMF are reasonable but non-negligible for 
commercial CPLDs. Our minimal implementation required (the equivalent of) 
roughly 10000 gates. This is certainly within reach for many newer commercial 
CPLDs, although there are also many older or less expensive CPLDs which cannot 
handle the requirements. It is important to keep the entire keysearch engine on 
one chip; otherwise, inter-chip I/O will severely limit performance. 

Analysis 

We cross-compiled our cryptanalysis implementations for many different Altera 
CPLDs, and ran a simulation and timing analysis to measure the maximum applica- 
ble clock cycle time. The results are plotted in Figure 10-4 for CDMF, Figure 10-5 
for A5, and Figure 10-6 for RC4. Some explanation is in order, as there are a lot of 
data summarized there. The chip specification (e.g. 81188GC232-3) can be dis- 
sected as follows: the 81188 refers to the general family, the 232 specifies a 
232-pin package, and the -3 refers to the speed grade (lower numbers are faster). 
The 81500 is the top of the line Altera FLEX8000 device; the 81188 is a bit less 
powerful. Chips without the "A" designation were fabricated with an older .8 
micron process; the "A" indicates chips that were manufactured with a newer, 
faster .6 micron process. The figure shows throughput graphed against the initial 
investment required; the chips with the best performance-to-cost (Y/X) ratio are 
the best buy. The prices are taken from a very recent Altera price list [7], [24]. As 
there are discounts in large quantities, we have plotted price points for small 
quantities with a red line and for large batches with a blue line. 

We also measured the performance for the 81188GC232-3 chip directly — it is the 
only one we had access to. Our measurements agreed closely with the simulated 
timing analysis, confirming the validity of our experimental methodology. 



Design and Analysis 



10-17 



Measurements for DES are not listed. Nonetheless, they track the CDMF perfor- 
mance figures very closely. CDMF consists of two DES encryptions — one for key 
setup, and one for output generation — with very little overhead. The DES key- 
search rates can be derived from Figure 10-4 by simply doubling the CDMF rate. 
Also, remember that the DES keyspace is 2 16 times as large. Our data indicate that 
if one wanted a machine which could perform a DES keysearch in a year on aver- 
age, it would suffice to spend $45,000 to buy 600 of the Altera 81500ARC240-4 
CPLDs. (This is a very rough estimate, which does not include overhead such as 
mounting shelves, etc.) 



100 



200 300 

Cost (dollars per chip) 



400 





' 


' 


I I 

small quantities, 81 1 88AQC208 family o 


0.7 






small quantities, 811 88ARC240 family ■+-- " 

small quantities, 81 1 88GC232 family - d - - 

small quantities, 81500ARC240 family -*-- 

small quantities, half 81 500ARC240 family -a--- 


0.6 






500+, 811 88AQC208 family -«-- - 
500+, 811 88ARC240 family -+-- 




A 6 


.o„+x 


x + 500+, 811 88GC232 family -a— 




/ / 


500+, 81 500ARC240 family -x— 


0.5 


,-'' 


...-'' 500+ ; half_81500ARC240 family -a— _ 




/ .^' 








/ ,JT x 


'_..-- + '' 




0.4 






- 


0.3 


~~~+ 


'"■A 






+ 


+' 


__- ~-e ....-a 
B""" a-'"' 


0.2 






- 


0.1 
n 




I 


- 



500 



Figure 10-4: CDMF cryptanalysis economics 



One can note several interesting things from the graph. First, examine the peculiar 
zig-zag nature of the 81188ARC240 lines. The points are plotted in order of the 
chip's rated speed grade, from A-6 on the bottom to A-2 on the top. The strange 
"zag" occurs because the price for a faster A-4 chip drops significantly below the 
price for the slower A-5. Altera specifies the A-4, A-3, and A-2 as their "preferred" 
grades for that chip, presumably because there is more sales volume for those 
speed grades. If you were to build a keysearch engine out of 81188ARC240 chips, 
you should try to be right at the "hump" — the A-4 speed grade is the best buy for 
that chip. 



10-18 



Chapter 10: Architectural Considerations for Cryptanalytic Hardware 



15 



14 



12 



10 



4 - 



2 - 



^ . .*" 



small quantities. 81 1 88AQC208 family o 

small quantities. 81 188ARC240 family - 

small quantities. 81 1 88GC232 family u 

small quantities. 81 500ARC240 family x 

small quantities. half_81500ARC240 family ----- 

500*. 811 88AQC208 family -©- 

500+. 811 88ARC240 family — 

500+. 811 88GC232 family -b- 

500+. 81 500ARC240 family -x- 

500+. half_81 500ARC240 family -a- 



,;7 



100 



200 300 

Cost (dollars per chip) 



400 



500 



Figure 10-5: A5 Cryptanalysis Economics 



We have not yet explained the two leftmost dotted lines. The 81500 line of chips 
contains more hardware resources than the 81188 — 1296 instead of 1008 "logic 
elements" — and this extra space should be taken into account when comparing 
hardware devices. With our A5 and CDMF implementations, there is quite a bit of 
space left over on the 81500 chip, as it turns out. Therefore, it is nauiral to ask 
whether two independent key trial engines might fit on the same chip. We believe 
(from close examination of the resource usage) that, with A5 and CDMF. there are 
sufficient hardware resources on the 81500 to support two superscalar keysearch 
operations. (It would admittedly be a tight fit.) Because of time pressures, we have 
not actually implemented this. RC4 requires, it seems, too many resources f mainly 
flip-flops for internal state) to use this strategy. There would be other difficulties 
with RC-t. anyhow — one would probably need a dual-ported SRAM, or two SRAM 
chips attached to the CPLD (as discussed below). 

One might wonder why we proposed taking advantage of extra hardware 
resources with a multiple-issue architecture, instead of using (say) advanced 
pipelining techniques. It is worthwhile to recall why advanced pipelining tech- 
niques were developed. On a traditional general-purpose computer, programs are 
typically serialized so highly that if one were to implement several independent 
simple processors on the same chip, there simply would not be enough tasks to 



Design and Analysis 



10-19 



0.018 
0.016 


o ,o,+x 


small quantities, 81 1 88AQC208 family o- 

small quantities, 81 188ARC240 family ■ + -- 

small quantities, 81 188GC232 family -a- 

small quantities, 81500ARC240 family x- 

x + 500+, 811 88AQC208 family -«-- 

500+, 811 88ARC240 family -+-- 

500+, 811 88GC232 family -a~ 

500+, 81 500ARC240 family -x~ 


- 


0.014 








0.012 


/ ,'f ■'' .--■' 

>&^>( +'-'... 




" 


0.01 


"""-,+ ""■-H 




" 


0.008 


+' +' 


,'Q .-Q 


" 


0.006 




B'' B'' 


- 


0.004 






" 


0.002 
n 






- 



100 



200 300 

Cost (dollars per chip) 



400 



500 



Figure 10-6: RC4 Cryptanalysis economics 



keep the co-processors busy with useful work. Architects have been blessed with 
plentiful hardware resources and cursed with the need to speed up single-instruc- 
tion-stream uniprocessors; this explains the proliferation of sophisticated pipelin- 
ing methods. (Of course, pipelining does not provide linear speedup with linear 
increases in hardware resources, like parallelism would, but it is better than noth- 
ing!) We are faced with an entirely different situation here. Our cryptanalytic appli- 
cations encourage virtually unlimited parallelism, so there is no need to look to 
sophisticated caching schemes for speeds. Achieving parallelism via a superscalar 
architecture is both simpler and more effective for our purposes. 

The projected performance for parallelized 81500 A5 and CDMF keysearch is indi- 
cated on the plots with a green and block dotted line, labelled u half_81500ARC240 
family", with the unit price halved to indicate its factor-of-two multiple-issue 
nature. (We could have doubled the performance instead, but that would have 
made the graph harder to read, so for ease of comprehension and comparison we 
chose to halve the cost instead.) 

We discussed in class why the future of high-performance computing lies in mas- 
sively-parallel collections of low-end processors (say, Pentiums), instead of in spe- 
cialized advanced CPUs. One major reason is that Pentium processors are sold in 
such large quantities that tremendous economies of scale apply, and specialized 



10-20 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

processors simply cannot compete with the low-end's ever-increasing perfor- 
mance-cost ratio. We can see that an analogous situation applies here as well. The 
graphs show that, for our applications, upgrading to a higher speed grade is 
almost never worth the increased cost. (Two notable exceptions — the "hump" in 
the 81188ARC240 plot, and the benefits of using a 81500 with enough hardware 
resources to implement two keysearch engines on-chip — have already been dis- 
cussed.) Within each family, the least expensive chip turns out to yield the best 
performance-to-cost ratio; spending twice as much money on a higher-grade chip 
in the family never results in twice the performance. On the other hand, upgrading 
to a more recent "A" designated family — one fabricated with a newer .6 micron 
process — is a worthwhile move. Altera has listed the "A" chips as their preferred 
technology, and presumably there is more sales volume for devices on their pre- 
ferred list (though it might be hard to separate cause from effect here). These 
charts don't tell the whole story. Altera is as we write starting to release a new 
advanced line of reconfigurable logic devices, the FLEX10K architecture. In recom- 
mending the 81188 and 81500 devices, we gain extra price-performance benefits 
by staying a bit behind behind the bleeding edge. Exploiting parallelism with low- 
end devices is a win for our applications. 

We have not yet discussed the impact of software in relation to the hardware per- 
formance measurements. Software is a bit trickier to evaluate and compare to the 
other measurements, as it is not clear how to compare the price of a software 
solution to a hardware approach. While hardware devices would typically be pur- 
chased with one application in mind, often a certain amount of idle cycles on gen- 
eral-purpose computers is available "for free". Nonetheless, software and hardware 
approaches typically won't be in serious competition: the extra expense of hard- 
ware is usually not justified until "free" software implementations on general-pur- 
pose computers are unacceptably slow. 

Table 10-1: Typical software performance on cryptanalytic applications 

Algorithm Keys searched per second 

RC4 21900 

CDMF 29800 

DES 41300 

A5 355000 

Table 10-1 lists the performance of brute-force keysearch applications, as mea- 
sured on a Pentium PI 00 machine. Of course these figures will vary widely from 
computer to computer. For example, we estimate that we could perform a dis- 
tributed RC4 40-bit keysearch in a weekend or so, and a CDMF 40-bit keysearch in 
about a night or two, by using idle cycles on the hundreds of general-purpose 
computers we have access to as Berkeley computer science graduate students. 



Design and A nalysis 1 0-2 1 

Many other organizations also have large numbers of computers which are idle 
much of the time. Many employees and students thus have access to spare compu- 
tational power which may be harnessed for cryptanalysis, at essentially zero cost. 
Compare this to Netscape's estimate that amassing enough processing power to 
break 40-bit RC4 would cost roughly $10,000. For much less than this, one could 
probably convince a starving graduate student to lend out access to the necessary 
computer account. In any event, if Netscape were willing to pay $10,000 for the 
amount of computing power required to break 40-bit RC4, some enterprising stu- 
dent could easily form a extremely profitable business model. 

Given a distributed system of general-purpose computers, one can easily compute 
the maximum rate of 40-bit keysearching possible in idle cycles by assuming that 
most machines are idle at least half of the time and using estimates such as those 
in Table 10-1; achieving better performance than this calls for hardware. We can 
see from Table 10-1 that our hardware implementations of CDMF, DES, and A5 
keysearch are orders of magnitude faster than software; this is not surprising, as 
these encryption algorithms were designed for efficiency in hardware. 

RC4, by contrast, was designed to run efficiently in software, and indeed, as can 
be seen by comparing Figure 10-6 and Table 10-1, RC4 performs about twice as 
well in software than on programmable logic. The primary reasons for the large 
search time on programmable logic are that RC4 has a large "Cycles per Key" 
value, and a large "Clock cycle time" value: as seen above, the total CPK for the 
RC4 algorithm is 1286; far larger than the 3 for A5 or the 37 for CDMF. The large 
clock cycle time stems from the fact that the algorithm contains a number of regis- 
ter additions; as discussed above, these can produce very large gate delays. Unfor- 
tunately, changing the additions to LFSRs (as was done above), or using tricks 
such as carry-save arithmetic, is not appropriate for RC4, as can be seen by exam- 
ining the algorithm. 

Another blow to implementing RC4 efficiently was the particular hardware archi- 
tecture we had. The programmable logic devices we used were not large enough 
to store the necessary 256-byte state array on-chip, so we were forced to store 
them in the external SRAM. However, the algorithm utilizes the SRAM every cycle, 
so the number of simultaneous RC4 trials we can compute is limited by the num- 
ber of ports to SRAM that we have available. Unfortunately, on the RIPP10 pro- 
gramming board, not only is the SRAM single-ported, but each SRAM is shared by 
two logic chips. Thus on a fully-populated board with eight logic chips and four 
SRAMs, we can only perform four simultaneous RC4 trials. Redesigning the pro- 
gramming board to include a port to SRAM for each simultaneous RC4 trial would 
save some overhead (wasted space on the board), but would not increase the rela- 
tively poor performance to cost ratio shown above. 



10-22 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

One advantage of software is that the development process is significantly easier. 
By reusing code (from cryptographic libraries available on the Internet, for exam- 
ple), we prototyped RC4, A5, CDMF, and DES software keysearch applications in a 
total time of under an hour. In contrast, our programmable logic design and imple- 
mentation effort took roughly 4 weeks to complete. 

Programmable logic has similar advantages over custom-hardware. Development 
and design would be still more time-consuming and costly for a custom-hardware 
approach, such as an ASIC. Furthermore, such an ASIC can only be used for one 
limited algorithm. Programmable logic is more flexible — the hardware devices can 
be reused for cryptanalysis of many different encryption algorithms with little extra 
effort. Apparently AccessData, a business that specializes in recovering lost data 
(i.e. cryptanalysis) for the corporate and law enforcement industries, prefers pro- 
grammable logic over custom hardware for exactly these reasons [28]. 

Let us summarize what the charts recommend to one in need of cryptanalytic com- 
putational power. RC4 keysearches appear to be most efficiently performed in 
general-purpose distributed systems. Performing a single isolated 40-bit CDMF 
keysearch is perhaps best done with distributed software, if time is not of the 
essence and there are sufficient general-purpose computational resources easily 
available. For CDMF and A5 keysearch in anything more than that extremely mini- 
mal setting, though, reconfigurable logic is the most appropriate solution of the 
technologies that we examined. Of the devices we surveyed, the Altera 
81500ARC240-4 device is the most appropriate and economical choice for cryptan- 
alytic applications; for instance, a $15,000 initial investment buys about 200 of 
these chips, allowing one to perform on average one CDMF keysearch every hour. 
The cost scales linearly, requiring approximately 10 8 dollar-seconds for a complete 
CDMF keysearch; that is, an initial investment of X dollars allows one to search the 
entire CDMF keyspace in 10 8/x seconds, while the average time to find a key is 
half that. In addition, we provisionally estimate that about $45,000 of CPLD hard- 
ware could perform a DES keysearch in a year, as calculated above. Table 10-2 
summarizes some of these calculations. It takes into account the economies of 
scale associated with buying many logic devices, and is based on the average-case 
(not worst-case) search time; the worst-case figure would be twice as large. No fig- 
ures for A5 are included, because at the moment, there is no consensus among 
cryptographers as to the size of the keyspace [261. 



Conclusions 



10-23 



Table 10-2: Estimating the cost of cryptanalysis: a summary 



Algorithm 


Investment for average keysearch time of 


Architecture components 




1 year 


1 week 


1 day 


1 hour 




RC4 


$0 


$0 


- 


- 


100 general-purpose computers 


CDMF 


$0 


$0 


- 


- 


100 general-purpose computers 


CDMF 


$93 


$93 


$745 


$15,000 


Altera 81500ARC240-4 CPLDs 


DES 


$45,000 


- 


- 


- 


Altera 81500ARC240-4 CPLDs 



Future work 

Due to time and resource limitations, we were only able to examine the Altera 
FLEX8000 series of programmable logic devices. An obvious extension of this 
work would be to examine other kinds of devices, such as the new Altera 
FLEX10K series, or devices from other vendors such as Xylinx. Additionally, it 
would be worthwhile to examine the technology trends in programmable logic, to 
determine how they compare to those for general-purpose hardware. 

We leave it as an open problem to the reader to actually construct a fully opera- 
tional DES keysearch engine. 



Conclusions 

We found that RC4 cryptanalysis is most effectively implemented in software. Since 
RC4 was specifically designed for efficiency on general-purpose computers, it is 
not entirely surprising that programmable logic fares so poorly. We showed that 
the estimate in [4] (which inspired the term u 8-cent encryption" for 40-bit RC4) is 
over-optimistic and unrealistic. On the other hand, Netscape's $10,000 estimate 
was far too large. 

Programmable logic devices are very efficient at CDMF cryptanalysis. We estimate 
that an initial investment of $745 buys enough programmable logic to recover one 
CDMF key each day; this shows that CDMF is practical to break. Moreover, DES is 
nearly practical to break; a cryptanalytic engine to do a DES keysearch each year 
can be built with roughly $45,000 of programmable logic. 

Several architectural techniques from the design of general-purpose processors 
were useful in this project. Adding parallelism, identifying structural and data haz- 
ards, identifying performance bottlenecks, and other techniques helped maximize 
the performance of our design. The cryptanalytic analogue to the "CPU time" 
equation from [20] was surprisingly useful, lending structure to our analysis. 

We also identified several important aspects found only with cryptanalytic applica- 
tions on programmable logic. In this application, superscalar parallelism is more 



10-24 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

effective than pipelining. Also, register additions can often be a limiting bottleneck 
for programmable logic — we avoided them where possible, and suffered large 
performance hits elsewhere. 

By considering architectural issues both common to general-purpose processors 
and unique to programmable logic, we examined the feasability of using commod- 
ity logic devices for cryptanalytic applications. 



Acknowledgements 



This work would not have been possible without the assistance of a number of 
people. We would like to thank Eric Hughes and Bruce Koball for providing the 
hardware and software. We would also like to thank Clive McCarthy and Stephen 
Smith, both of Altera, for their generous support. 



Availability 



This paper, and other related materials, are available on the World Wide Web at 

http: //www. cs . berkeley . edu/~iang/isaac /hardware/. 



References 



[1] Ross Anderson, A5, June, 1994 

Post to sci. crypt newsgroup. Available on the Internet as 

http: //chem. leeds . ac .uk/ICAMS /people/ jon/a5 .html}, 

[2] Ross Anderson, personal communication, April, 1996 

[31 Adam Back, Another SSL breakage . . . , August, 1995 

Post to cypherpunks mailing list. Available on the Internet as 

http: //dcs . ex.ac . uk/~aba/ssl/ . 

[4] Matt Blaze and Whitfield Diffie and Ronald L. Rivest and Bruce Schneier and 
Tsutomu Shimomura and Eric Thompson and Michael Wiener, Minimal key lengths 
for symmetric ciphers to provide adequate commercial security: A report by an ad 
hoc group of cryptographers and computer scientists, Business Software Alliance, 
January, 1996 

Available on the Internet as http://www.bsa.org/policy/encryption/ 
cryptographers . html 

[5] Piete Brooks, Hal's second challenge, August, 1995 

Available on the Internet as http: //www. brute . cl . cam.ac . uk/brute/. 

[6] Albert G. Broscius and Jonathan M. Smith, "Exploiting Parallelism in Hardware 
Implementation of the DES," in Advances in Cryptology: Proceedings of CRYPTO 



References 10-25 

91, Springer- Verlag, 1992, pages 367-376 

[7] Altera Corporation, Altera components North America price list, May, 1996 

[8] Altera Corporation, Altera home page, 1996 

Available on the Internet as http: //www. altera . com/ 

[91 Netscape Communications Corporation, Key Challenge, 1995 

Available on the Internet as http://www.netscape.com/newsref/std/ 

key_challenge .html 

[10] Wei Dai, Speed benchmarks, 1996 

Post to cypherpunks mailing list. Available on the Internet as 

http: //www. eskimo . com/ ~ we i da i /benchmarks . txt 

[11] Whitfield Diffie and Martin E. Hellman, "Exhaustive Cryptanalysis of the NBS 
Data Encryption Standard, Computer 10:6, June, 1997, pages 74-84. 

[12] Damien Doligez, SSL challenge — broken, August, 1995 

Post to cypherpunks mailing list. Available on the Internet as http: //pauil- 

lac.inria.fr/~doligez/ssl/, 

[13] H. Eberle and C. P. Thacker, "A 1 Gbit/second GaAs DES Chip," in Proceed- 
ings of the IEEE 1992 Custom Integrated Circuits Conference, IEEE, May, 1992, 
pages 19.7/1 — 4. 

[14] Hans Eberle, A High-Speed DES Implementation for Network Applications, 
Technical Report 90, DEC SRC, September 1992. 

[151 R. C. Fairfield and A. Matusevich and J. Plany, "An LSI Digital Encryption Pro- 
cessor (DEP)," in Advances in Cryptology: Proceedings of CRYPTO '84, 1985, 
Springer- Verlag, pages 115 — 143 

[16] Hal Finney, SSL RC4 Challenge, July, 1995 

Post to cypherpunks mailing list. Available on the Internet as 

http: //www. rain. org/ ~hal/sslchal long .html 

[17] A.O. Freier and P. Karlton and PC. Kocher, SSL Version 3.0, 1995 
Internet-Draft draft-freier-ssl-version3-00.txt, work in progress 

[18] Gilles Garon and Richard Outerbridge, "DES Watch: An Examination of the 
Sufficiency of the Data Encryption Standard for Financial Institution Information 
Security in the 1990's," Cryptologia XV(3), July, 1991, pages 177-193- 

[19] Martin E. Hellman, "DES will be totally insecure within ten years," IEEE} Spec- 
trum, 16:7, July 1979, pages 32-39 

[20] John L. Hennessy and David A. Patterson, Computer Architecture: A Quantita- 
tive Approach, Morgan Kaufmann Publishers, Inc., San Francisco, 1996, 2nd edition 



10-26 Chapter 10: Architectural Considerations for Cryptanalytic Hardware 

[21] Frank Hoornaert, Jo Goubert, and Yvo Desmedt, "Efficient hardware imple- 
mentation of the DES," in Advances in Cryptology: Proceedings of CRYPTO '84, 
1985, Springer- Verlag, pages 147-173 

[22] Eric Hughes and Bruce Koball, "Cryptography and the Altera FLEX 81188," 
Unpublished manuscript, December, 1994 

[231 D.B. Johnson, Sm.M. Matyas, A.V. Le, and J.D. Wilkins, "Design of the Com- 
mercial Data Masking Facility Data Privacy Algorithm," in 1st ACM Conference on 
Computer and Communications Security, ACM Press, 1993, pages 93-96 

[24] Clive McCarthy, Personal communication, April, 1996 

[25] Robert McLaughlin, "Yet Another Machine to Break DES," Cryptologia XVI: 2, 
April, 1992, pages 136-144 

[26] Michael Roe, Personal communication, April, 1996 

[27] Bruce Schneier, Applied Cryptography, John Wiley and Sons, New York, 1994, 
2nd edition 

[28] Bruce Schneier, Personal communication, April, 1996 

[29] David Wagner and Steven M. Bellovin, "A probable plaintext recognizer," 
Unpublished manuscript, September, 1994 

[30] Peter C. Wayner, "Content-Addressable Search Engines and DES-like Systems, 
in Advances in Cryptology: Proceedings of CRYPTO '92, 1993, Springer- Verlag, 
pages 575-586, 

[31] Michael J. Wiener, "Efficient DES Key Search," in Advances in Cryptology: Pro- 
ceedings of CRYPTO '93, Santa Barbara, CA, 1994, Springer- Verlag. 



In This chapter: 

• Advancing 
Technology 

• Programmable 
Hardware 

• Conclusion 




Efficient DES 

Key Search — An Update 

by Michael J. Wiener 



An exciting moment in the history of DES was reached in June 1997 when a group 
coordinated by Rocke Verser solved RSA Data Security's DES challenge by exhaus- 
tive key search on a large number of computers. This result was useful because it 
served to underscore in a public way how vulnerable DES has become. However, 
it may also have left the false impression that one cannot do much better than 
attacking DES in software with a large distributed effort. The design of DES is such 
that it is fairly slow in software, but is compact and fast when implemented in 
hardware. As a result, using software to attack DES gives poor performance com- 
pared to what can be achieved in hardware. This applies not only to DES, but also 
to most other block ciphers, attacks on hash functions, and attacks on elliptic 
curve cryptosystems. Avoiding efficient hardware- based attacks requires the use of 
algorithms with sufficiently long keys, such as triple-DES, 128-bit RC5,* and 
CAST-128.t 

In this article we assess the cost of DES key search using hardware methods and 
examine the effectiveness of some proposed methods for thwarting attacks on 
DES. 



Michael J. Wiener, Entrust Technologies, 750 Heron Road, Suite E08, Ottawa, Ontario, Canada K1V 1A7 

This article first appeared in RSA Laboratories' Autumn 1997 Cryptobytes newsletter; it is reprinted with 
permission from the author and RSA Data Security, Inc. 

* R. Rivest, "The RC5 Encryption Algorithm", Fast Software Encryption — Lecture Notes in Computer 
Science (1008), pp. 86-96, Springer, 1995. 

f C. Adams, "Constructing Symmetric Ciphers Using the CAST Design Procedure", Designs, Codes and 
Cryptography, vol. 12, no. 3, pp. 283-316, Nov. 1997. Also available as "The CAST-128 Encryption Algo- 
rithm", RFC 2144, May 1997. 



11-1 



/ 1-2 Chapter 1 1: Efficient DES Key Search —An Update by Michael J. Wiener 



Advancing Technology 



The best known way to attack DES is to simply try all of the possible 56-bit keys 
until the correct key is found. On average, one expects to go through about half of 
the key space. In 1993, a design for an exhaustive DES key search machine includ- 
ing a detailed chip design was published.* A $1 million version of this machine 
used 57600 key search chips, each capable of testing 50 million keys per second. 
Overall, the machine could find a DES key in, on average, three and a half hours. 

About four and a half years have passed since this design was completed, and 
according to Moore's Law, processing speeds should have doubled three times in 
that period. Of course, estimating in this fashion is a poor substitute for the careful 
analysis and design effort that went into the earlier design. The original chip 
design was done in a 0.8 micron CMOS process, and with the geometries available 
today, it is possible to fit four instances of the original design into the same silicon 
area. In keeping with the conservative approach to estimates in the 1993 paper, 
we assume here that the updated key search chip's clock speed would increase to 
only 75 MHz from the original 50 MHz, making the modern version of the chip six 
times faster for the same cost. It is interesting to note that just 21 of these chips 
would give the same key searching power as the entire set of computers used by 
the team who solved the DES challenge. 

Today's version of the $1 million machine could find a DES key in, on average, 
about 35 minutes (one-sixth of 3.5 hours). This time scales linearly with the 
amount of money spent as shown in the following table. 



Key Search Machine Cost 


Expected Search Time 


$10,000 


2.5 days 


$100,000 


6 hours 


$1,000,000 


35 minutes 


$10,000,000 


3.5 minutes 



Note that the costs listed in the table do not include the cost to design the chip 
and boards for the machine. Because the one-time costs could be as high as half a 
million dollars, it does not make much sense to build the cheaper versions of the 
machine, unless several are built for different customers. 

This key search engine is designed to recover a DES key given a plaintext-cipher- 
text pair for the standard electronic-codebook (ECB) mode of DES. However, the 
machine can also handle the following modes without modification: cipher-block 



* M. Wiener, "Efficient DES Key Search", presented at the Rump session of Crypto '93- Reprinted in 
Practical Cryptography for Data Internetworks, W. Stallings, editor, IEEE Computer Society Press, pp. 
31-79 (1996). Currently available at ftp://ripem.msu.edu/pub/crypt/docs/des-key- 
search.ps. 



Programmable Hardware 11-3 

chaining (CBC), 64-bit cipher feedback (CFB), and 64- bit output feedback (OFB). 
In the case of OFB, two consecutive plaintexts are needed. The chip design can 
be modified to handle two other popular modes of DES, 1-bit and 8-bit CFB, at the 
cost of a slightly more expensive chip. Fewer chips could be purchased for a $1 
million machine causing the expected key search time to go up to 40 minutes for 
all modes, except 1-bit CFB, which would take 80 minutes, on average. 



Programmable Hardware 



The costs associated with chip design can present a significant barrier to small- 
time attackers and hobbyists. An alternative which has much lower start-up costs is 
the use of programmable hardware. One such type of technology is the Field Pro- 
grammable Gate Array (FPGA). One can design a circuit on a PC and download it 
to a board holding FPGAs for execution. In a report in early 1996,* it was esti- 
mated that $50000 worth of FPGAs could recover a DES key in, on average, four 
months. This is considerably slower than what can be achieved with a chip design, 
but is much more accessible to those who are not well funded. 

Another promising form of programmable hardware is the Complex Programmable 
Logic Device (CPLD). CPLDs offer less design freedom and tend to be cheaper 
than FPGAs, but the nature of key search designs seems to make them suitable for 
CPLDs. Further research is needed to assess whether CPLDs are useful for DES key 
search. 

Avoiding Known Plaintext 

The designs described to this point have relied on the attacker having some 
known plaintext. Usually, a single 8-byte block is sufficient. One method of pre- 
venting attacks that has been suggested is to avoid having any known plaintext. 
This can be quite difficult to achieve. Frequently, data begins with fixed headers. 
For example, each version of Microsoft Word seems to have a fixed string of bytes 
that each file begins with. 

For those cases where a full block of known plaintext is not available, it is possi- 
ble to adapt the key search design. Suppose that information about plaintext is 
available (e.g., ASCII character coding is used), but no full block is known. Then 
instead of repeatedly encrypting a known plaintext and comparing the result to a 
ciphertext, we repeatedly decrypt the ciphertext and test the candidate plaintexts 
against our expectations. In the example where we expect 7-bit ASCII plaintext, 
only about 1 in 256 keys will give a plaintext which has the correct form. These 



* M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener, "Minimal Key 
Lengths for Symmetric Ciphers to Provide Adequate Commercial Security", currently available at 

http: //www.bsa . org /policy /encrypt ion /cryptographers .html. 



/ 1-4 Chapter 1 1: Efficient DES Key Search —An Update by Michael J. Wiener 

keys would have to be tried on another ciphertext block. The added logic to han- 
dle this would add just 10 to 20% to the cost of a key search chip. 

Even if we only know a single bit of redundancy in each block of plaintext, this is 
enough to cut the number of possible keys in half. About 56 such blocks are 
needed to uniquely identify the correct key. This does not mean that the run-time 
is 56 times greater than the known-plaintext case. On average, each key is elimi- 
nated with just two decryptions. Taking into account the cost of the added logic 
required makes the expected run-time for a $1 million machine about 2 hours in 
this case. 

Frequent Key Changes 

A commonly suggested way to avoid key search attacks is to change the DES key 
frequently. The assumption here is that the encrypted information is no longer 
useful after the key is changed, which is often an inappropriate assumption. If it 
takes 35 minutes to find a DES key, why not change keys every 5 minutes? The 
problem with this reasoning is that it does not take exactly 35 minutes to find a 
key. The actual time is uniformly distributed between and 70 minutes. We could 
get lucky and find the key almost right away, or we could be unlucky and take 
nearly 70 minutes. The attacker's probability of success in the 5-minute window is 
5/70 = 1/14. If after each key change the attacker gives up and starts on the next 
key, we expect success after 14 key changes or 70 minutes. In general, frequent 
key changes cost the attacker just a factor of two in expected run-time, and are a 
poor substitute for simply using a strong encryption algorithm with longer keys. 

Conclusion 

Using current technology, a DES key can be recovered with a custom-designed $1 
million machine in just 35 minutes. For attackers who lack the resources to design 
a chip and build such a machine, there are programmable forms of hardware such 
as FPGAs and CPLDs which can search the DES key space much faster than is pos- 
sible using software on PCs and workstations. Attempts to thwart key search 
attacks by avoiding known plaintext and changing keys frequently are largely inef- 
fective. The best course of action is to use a strong encryption algorithm with 
longer keys, such as triple-DES, 128-bit RC5, or CAST-128. 



In This chapter: 

• The Electronic 
Frontier Foundation 

• John Gilmore 

• Cryptography 
Research 

• Paul Kocher 

• Advanced Wireless 

Technologies AUWOTS 




The Electronic Frontier Foundation 

Electronic Frontier Foundation 
1550 Bryant Street, Suite 725 
San Francisco CA 94103 USA 
+1 415 436 9333 (voice) 
+1 415 436 9993 (fax) 
http: //www. ef f . org 
inf o@ef f .org 

The Electronic Frontier Foundation (EFF) is a nonprofit public-interest organization 
protecting rights and promoting liberty online. It was founded in 1990 by Mitchell 
Kapor, John Perry Barlow, and John Gilmore. 

The Foundation seeks to educate individuals, organizations, companies, and gov- 
ernments about the issues that arise when computer and communications tech- 
nologies change the world out from under the existing legal and social matrix. 

The Foundation has been working on cryptography policy for many years. It was 
a significant force in preventing the adoption of the "Clipper chip' 1 and its follow- 
on "key escrow" proposals, and continues to advocate for wide public availability 
and use of uncompromised and unbreakable encryption technology. EFF is back- 
ing the lawsuit in which Professor Daniel Bernstein seeks to overturn the United 
States export laws and regulations on cryptography, arguing that the First Amend- 
ment to the US Constitution protects his right to publish his cryptography research 
results online without first seeking government permission. EFF's research effort in 
creating this first publicly announced DES Cracker, and the publication of its full 
technical details, are part of EFF's ongoing campaign to understand, and educate 



12-1 



12-2 Chapter 12: Authors 

the public about, the social and technical implications of cryptographic technol- 
ogy. 

EFF encourages you to join us in exploring how our society can best respond to 
today's rapid technological change. Please become an EFF member; see 

http: //www. ef f . org/ join/. 



John Gilmore 



John Gilmore is an entrepreneur and civil libertarian. He was an early employee of 
Sun Microsystems, and co-founded Cygnus Solutions, the Electronic Frontier Foun- 
dation, the Cypherpunks, and the Internet's "alt" newsgroups. He has twenty-five 
years of experience in the computer industry, including programming, hardware 
and software design, and management. He is a significant contributor to the 
worldwide open sourceware (free software) development effort. His advocacy 
efforts on encryption policy aim to improve public understanding of this funda- 
mental technology for privacy and accountability in open societies. He is currently 
a board member of Moniker pty ltd, the Internet Society, and the Electronic Fron- 
tier Foundation. 

John leads the EFF's efforts on cryptography policy, managed the creation of the 
DES cracker, and wrote much of the text in this book. 

John can be reached at the email address gnu@des . toad, com; his home page is 

http : //www. cygnus . com/ ~ gnu/. 

Cryptography Research 

Cryptography Research 

870 Market Street, Suite 1088 

San Francisco, CA 94102 USA 

+1 415 397 0123 (voice) 

+1 415 397 0127 (fax) 

http : //www. cryptography . com 

Cryptography Research is Paul Kocher's San Francisco-based consulting company. 
Cryptography Research provides consulting, design, education, and analysis ser- 
vices to many leading firms and start-ups. Kocher and the company are widely 
known for their technical work and research, including the development of lead- 
ing cryptographic protocols (such as SSL 3.0), cryptanalytic work (including the 
discovery of timing attacks against RSA and other cryptosystems), and numerous 
presentations at major conferences. To reach Cryptography Research please write 
to info@cryptography.com. 



Advanced Wireless Technologies 12-3 

Cryptography Research managed the hardware and software design for the DES 
cracker, and wrote the chip simulator and the driver software. 

Paul Kocher, Josh Jaffe, and everyone else at Cryptography Research would like to 
thank John Gilmore and the EFF for funding this unique project, and AWT for their 
expert hardware work! 

Paul Kocher 

Paul Kocher is a cryptographer specializing in the practical art of building secure 
systems using cryptography. He currently serves jointly as President of Cryptogra- 
phy Research (http://www.cryptography.com) and Chief Scientist of ValiCert 
(http://www.valicert.com). Paul has worked on numerous software and hardware 
projects and has designed, implemented, and broken many cryptosy stems. Paul 
can be reached via e-mail at paul@cryptography.com. 

Advanced Wireless Technologies 

Advanced Wireless Technologies, Inc. 

3375 Scott Blvd, Suite 410 

Santa Clara, CA 95054 USA 

+1 408 727 5780 (voice) 

+1 408 727 8842 (fax) 

http : //www. awti . com 

Advanced Wireless Technologies, Inc. (AWT) is dedicated to providing Applica- 
tion-Specific Integrated Circuit (ASIC) and board level design solutions for high 
tech industries at highest quality and lowest cost. AWT's design philosophy is to 
reduce product development cost/risk and recurring cost. AWT employs a thor- 
ough design flow from system architecture to system integration and test. 

AWT was founded in 1993. Its engineering team is composed of a highly qualified, 
tenured employee base, including technical management staff. The employees are 
knowledgeable, motivated, highly competent, and have from 3 to 25 years of 
experience in system engineering, chip design, and complete subsystem design. 

AWT offers digital ASIC/Gate Array and Board design services to support cus- 
tomers' specific requirements. The company can participate in any development 
phase from specifications definition to design implementation and prototype test- 
ing. 

In addition to providing engineering services AWT has developed leading products 
for use in the communications industry. AWT's standard products include IP Cores, 



12-4 Chapter 12: Authors 

ASICs, and board level products in the fields of demodulation, forward error cor- 
rection, and encryption/decryption. 

AWT designed and built the hardware for the DES Cracker, including the custom 
ASIC, logic boards, and interface adapters. If you're interested in purchasing a DES 
Cracker unit, contact AWT. 

AWT invites you to visit at http: //www.awti .com or call +1 408 727 5780 for 
your specific engineering needs. 



Titles from O'Reilly 



WebProgramming 
Advanced Perl Programming 
Apache: The Definitive Guide 
Building Your Own Web Conferences 
Building Your Own Website™ 
CGI Programming 

for the World Wide Web 
Designing for the Web 
Dynamic HTML: 

The Complete Reference 
Frontier: The Definitive Guide 
HTML: The Definitive Guide, 

2nd Edition 
Information Architecture 

for the World Wide Web 
JavaScript: The Definitive Guide, 

2nd Edition 
Learning Perl, 2nd Edition 
Learning Perl for Win32 Systems 
Mastering Regular Expressions 
Netscape IFC in a Nutshell 
Perl5 Desktop Reference 
Perl Cookbook 
Perl in a Nutshell 
Perl Resource Kit— UNLX Edition 
Perl Resource Kit — Win32 Edition 
Programming Perl, 2nd Edition 
WebMaster in a Nutshell 
WebMaster in a Nutshell, 

Deluxe Edition 
Web Security & Commerce 
Web Client Programming with Perl 

Graphic Design 
Director in a Nutshell 
Photoshop in a Nutshell 
QuarkXPress in a Nutshell 

Java Series 

Database Programming with 

JDBC and Java 
Developing Java Beans 
Exploring Java, 2nd Edition 
Java AWT Reference 
Java Cryptography 
Java Distributed Computing 
Java Examples in a Nutshell 
Java Fundamental Classes Reference 
Java in a Nutshell, 2nd Edition 
Java in a Nutshell, Deluxe Edition 
Java Language Reference, 2nd Edition 
Java Native Methods 
Java Network Programming 
Java Security 
Java Threads 
Java Virtual Machine 

Songline Guides 

NetLaw NetResearch 

NetLearning NetSuccess 
NetLessons NetTravel 



System Administration 
Building Internet Firewalls 
Computer Crime: 

A Crimefighter's Handbook 
Computer Security Basics 
DNS and BIND, 2nd Edition 
Essential System Administration, 

2nd Edition 
Essential WindowsNT 

System Administration 
Getting Connected: 

The Internet at 56K and Up 
Linux Network Administrator's Guide 
Managing Internet Information 

Services, 2nd Edition 
Managing IP Networks 

with Cisco Routers 
Managing Mailing Lists 
Managing NFS and MS 
Managing the WinNT Registry 
Managing Usenet 
MCSE: The Core Exams in a Nutshell 
MCSE: The Electives in a Nutshell 
Networking Personal Computers 

with TCP/IP 
Palm Pilot: The Ultimate Guide 
Practical UNLX & Internet Security, 

2nd Edition 
PGP: Pretty Good Privacy 
Protecting Networks with SATAN 
sendmail, 2nd Edition 
sendmail Desktop Reference 
System Performance Tuning 
TCP/IP Network Administration, 

2nd Edition 
termcap & terminfo 
Using & Managing PPP 
Using & Managing UUCP 
Virtual Private Networks 
Volume 8: X Window System 

Administrator's Guide 
Web Security & Commerce 
WindowsNT Backup & Restore 
WindowsNT Desktop Reference 
WindowsNT in a Nutshell 
WindowsNT Server 4.0 

for Netware Administrators 
WindowsNT SNMP 
WindowsNT User Administration 

Web Review Studio Series 
Designing Sound for the Web 
Designing with Animation 
Designing with JavaScript 
Gif Animation Studio 
Photoshop for the Web 
Shockwave Studio 
Web Navigation: 
Designing the User Experience 



Unix 

Exploring Expect 

Learning VBScript 

Learning GNU Emacs, 2nd Edition 

Learning the bash Shell, 2nd Edition 

Learning the Korn Shell 

Learning the UNIX Operating System, 
4th Edition 

Learning the vi Editor, 5th Edition 

Linux Device Drivers 

Linux in a Nutshell 

Linux Multimedia Guide 

Running Linux, 2nd Edition 

SCO UNLX in a Nutshell 

sed & awk, 2nd Edition 

Tcl/Tk Tools 

UNLX in a Nutshell, Deluxe Edition 

UNLX in a Nutshell, System V Edition 

UNLX Power Tools, 2nd Edition 

Using csh & tsch 

What You Need To Know: 
When You Can't Find Your 
UNLX System Administrator 

Writing GNU Emacs Extensions 

Windows 

Access Database Design 

and Programming 
Developing Windows Error Messages 
Excel97 Annoyances 
Inside the Windows 95 File System 
Inside the Windows 95 Registry 
Office97 Annoyances 
VB/VBA in a Nutshell: The Languages 
Win32 Multithreaded Programming 
Windows95 in a Nutshell 
Windows97 Annoyances 
Windows NT File System Internals 
Windows NT in a Nutshell 
Word97 Annoyances 

Using the Internet 
AOL in a Nutshell 
Bandits on the Information 

Superhighway 
Internet in a Nutshell 
Smileys 

The Whole Internet for Windows95 
The Whole Internet: 

The Next Generation 
The Whole Internet 

User's Guide & Catalog 



Programming 
Advanced Oracle PL/SQL 

Programming with Packages 
Applying RCS and SCCS 
BE Developer's Guide 
BE Advanced Topics 
C++: The Core Language 
Checking C Programs with lint 
Encyclopedia of Graphics File 

Formats, 2nd Edition 
Guide to Writing DCE Applications 
lex & yacc, 2nd Edition 
Managing Projects with make 
Mastering Oracle Power Objects 
Oracle8 Design Tips 
Oracle Built-in Packages 
Oracle Design 
Oracle Performance Tuning, 

2nd Edition 
Oracle PL/SQL Programming, 

2nd Edition 
Oracle Scripts 
Porting UNLX Software 
POSLX Programmer's Guide 
POSLX.4: Programming 

for the Real World 
Power Programming with RPC 
Practical C Programming, 3rd Edition 
Practical C++ Programming 
Programming Python 
Programming with curses 
Programming with GNU Software 
Pthreads Programming 
Software Portability with imake, 

2nd Edition 
Understanding DCE 
UNLX Systems Programming for SVR4 

X Programming 

Vol. 0: X Protocol Reference Manual 
Vol. 1 : Xlib Programming Manual 
Vol. 2: Xlib Reference Manual 
Vol. 3M: X Window System User's 

Guide, Motif Edition 
Vol. 4M: X Toolkit Intrinsics 

Programming Manual, 

Motif Edition 
Vol. 5: X Toolkit Intrinsics Reference 

Manual 
Vol. 6A: Motif Programming Manual 
Vol. 6B: Motif Reference Manual 
Vol. 8: X Window System 

Administrator's Guide 

Software 

Building Your Own WebSite™ 

Building Your Own Web Conference 

WebBoard™ 3.0 

WebSite Professional™ 2.0 

PolyForm™ 



O'REILLY 



to order: 800-998-9938 • order@oreilly.com • http://www.oreilly.com/ 

Our products are a vailable a t a bookstore or software store near you. 
for information: 800-998-9938 • 707-829-0515 • info@oreilly.com 



International Distributors 



UK, Europe, Middle East and 
NORTHERN AFRICA (except France, Ger- 
many, Switzerland, & Austria) 

inquiries 

International Thomson Publishing Europe 

Berkshire House 

168-173 High Holborn 

London WC1V 7AA 

United Kingdom 

Telephone: 44-171-497-1422 

Fax: 44-171-497-1426 

Email: itpint@itps.co.uk 

ORDERS 

International Thomson Publishing Services, Ltd. 

Cheriton House, North Way 

Andover, Hampshire SP10 5BE 

United Kingdom 

Telephone: 44-264-342-832 (UK) 

Telephone: 44-264-342-806 (outside UK) 

Fax: 44-264-364418 (UK) 

Fax: 44-264-342761 (outside UK) 

UK & Eire orders: itpuk@itps.co.uk 

International orders: itpint@itps.co.uk 

France 

Editions Eyrolles 
61 bd Saint-Germain 
75240 Paris Cedex 05 
France 
Fax:33-01-44-41-11-44 

FRENCH LANGUAGE BOOKS 
All countries except Canada 
Telephone: 33-01-44-41-46-16 
Email: geodif@eyrolles.com 
English language books 
Telephone: 33-01-44-41-11-87 
Email: distribution@eyrolles.com 

Germany, Switzerland, and 
Austria 

INQUIRIES 

O'Reilly Verlag 

Balthasarstr. 81 

D-50670 Koln 

Germany 

Telephone: 49-221-97-31-60-0 

Fax: 49-221-97-31-60-8 

Email: anfragen@oreilly.de 

ORDERS 

International Thomson Publishing 
Konigswinterer Straise 418 
53227 Bonn, Germany 
Telephone: 49-228-97024 
Fax: 49-228-441342 
Email: order@oreilly.de 



Japan 

O'Reilly Japan, Inc. 
Kiyoshige Building 2F 
12-Banchi, Sanei-cho 
Shinjuku-ku 
Tokyo 160-0008 Japan 
Telephone: 81-3-3356-5227 
Fax: 81-3-3356-5261 
Email: kenji@oreilly.com 

India 

Computer Bookshop (India) PVT. Ltd. 

190 Dr. D.N. Road, Fort 

Bombay 400 001 India 

Telephone: 91-22-207-0989 

Fax: 91-22-262-3551 

Email: cbsbom@giasbm01.vsnl.net.in 

Hong Kong 

City Discount Subscription Service Ltd. 
Unit D, 3rd Floor, Yan's Tower 
27 Wong Chuk Hang Road 
Aberdeen, Hong Kong 
Telephone: 852-2580-3539 
Fax: 852-2580-6463 
Email: citydis@ppn.com.hk 

Korea 

Hanbit Media, Inc. 

Sonyoung Bldg. 202 

Yeksam-dong 736-36 

Kangnam-ku 

Seoul, Korea 

Telephone: 822-554-9610 

Fax: 822-556-0363 

Email: hant93@chollian.dacom.co.kr 

Singapore, Malaysia, 
And Thailand 

Addison Wesley Longman Singapore PTE Ltd. 

25 First Lok Yang Road 

Singapore 629734 

Telephone: 65-268-2666 

Fax: 65-268-7023 

Email: daniel@longman.com.sg 

Philippines 

Mutual Books, Inc. 

429-D Shaw Boulevard 

Mandaluyong City, Metro 

Manila, Philippines 

Telephone: 632-725-7538 

Fax:632-721-3056 

Email: mbikikog@mnl.sequel.net 



China 

Ron's DataCom Co., Ltd. 

79 Dongwu Avenue 

Dongxihu District 

Wuhan 430040 

China 

Telephone: 86-27-3892568 

Fax: 86-27-3222108 

Email: hongfeng@pubUc.wh.hb.cn 

All Other Asian Countries 

O'Reilly & Associates, Inc. 
101 Morris Street 
Sebastopol, CA 95472 USA 
Telephone: 707-829-0515 
Fax: 707-829-0104 
Email: order@oreilly.com 

Australia 

WoodsLane Pty. Ltd. 

7/5 Vuko Place, Warriewood NSW 2102 

P.O. Box 935 

Mona Vale NSW 2103 

Australia 

Telephone: 61-2-9970-5111 

Fax: 61-2-9970-5002 

Email: info@woodslane.com.au 

New Zealand 

Woodslane New Zealand Ltd. 
21 Cooks Street (P.O. Box 575) 
Waganui, New Zealand 
Telephone: 64-6-347-6543 
Fax: 64-6-345-4840 
Email: info@woodslane.com.au 

The Americas 

McGraw-Hill Interamericana Editores, 

S.A. de C.V. 

CedroNo. 512 

Col. Atlampa 06450 

Mexico, D.F. 

Telephone: 52-5-541-3155 

Fax: 52-5-541-4913 

Email: mcgraw-hill@infosel.net.mx 

South Africa 

International Thomson Publishing 

South Africa 

Building 18, Constantia Park 

138 Sixteenth Road 

P.O. Box 2459 

Halfway House, 1685 South Africa 

Telephone: 27-11-805-4819 

Fax:27-11-805-3648 



O'REILLY 



to order: 800-998-9938 • order@oreilly.com • http://www.oreilly.com/ 

Our products are a vailable at a bookstore or software store near you. 
for information: 800-998-9938 • 707-829-0515 • info@oreilly.com 




>-. 



o 



2 CN X 



o 



o3 ^ -3 8 

>> ^h a. oo 

£~ J 

O «J 



1 

o 

II- 

~ u 



§■ 




O'REILLY WOULD LIKE TO HEAR FROM YOL 



Which book did this card come from? 



Where did you buy this book? 

□ Bookstore □ Computer Store 

□ Direct from O'Reilly □ Class/seminar 

□ Bundled with hardware/software 

□ Other 

What operating system do you use? 

□ UNIX □ Macintosh 

□ Windows NT □ PC (Windows/DOS) 

□ Other 



What is your job description? 

□ System Administrator 

□ Network Administrator 

□ Web Developer 

□ Other 



□ Programmer 

□ Educator/Teacher 



□ Please send me O'Reilly's catalog, containing 
a complete listing of O'Reilly books and 
software. 



Name 




Company/Organization 




Address 


City 


State 


Zip/Postal Code 


Country 



Telephone 



Internet or other email address (specify network) 



Nineteenth century wood engraving 
of a bear from the O'Reilly & 
Associates Nutshell Handbook® 
Using & Managing UUCP. 




^*% 



PLACE 

STAMP 

HERE 



NO POSTAGE 
NECESSARY IF 
MAILED IN THE 
UNITED STATES 



BUSINESS REPLY MAIL 

FIRST CLASS MAIL PERMIT NO. 80 SEBASTOPOL CA 



Postage will be paid by addressee 

O'Reilly & Associates, Inc. 

101 Morris Street 
Sebastopol, CA 95472-9902 




II.I.mI.ImImII.mImI.II.LI.ImII 1. 1. .11. 1 



Computer Security 




Secrets of Encryption Research, Wiretap Politics & Chip Design 

Sometimes you have to do good engineering to straighten out twisted politics. The 
Electronic Frontier Foundation has done so by exploding the government-supported 
myth that the Data Encryption Standard (DES) has real security. 

National Security Agency and FBI officials say our civil liberties must be curtailed 
because the government can't crack the security of DES to wiretap bad guys. But some- 
how a tiny nonprofit has designed and built a $200,000 machine that cracks DES in a 
week. Who's lying, and why? 

For the first time, the book reveals full technical details on how researchers and data- 
recovery engineers can build a working DES Cracker. It includes design specifications 
and board schematics, as well as full source code for the custom chip, a chip simula- 
tor, and the software that drives the system. The US government makes it illegal to pub- 
lish these details on the Web, but they're printed here in a form that's easy to read and 
understand, legal to publish, and convenient for scanning into your computer. 

The Data Encryption Standard withstood the test of time for twenty years. This book 
shows exactly how it was brought down. Every cryptographer, security designer, and 
student of cryptography policy should read this book to understand how the world 
changed as it fell. 

"Beautifully milks many sacred cows of their crypto policy EFF exposes more of the 
emperor's new clothes, reaching new levels of truth." 

— Peter Neumann, Moderator of the Risks Forum 

"A very impressive piece of work. This book will change the history of cryptography." 

— Steve Bellovin, co-author of Firewalls and Internet Security 

"If the government was honest, the crypto debate would be over by now.EFF's research 
conclusively refutes their propaganda." 

— Bruce Schneier, President of Counterpane Systems 



ISBN 1-56592-520- 



US $29.95 
3 CAN $42.95 

90000 




781565 M 925205 



OTABIND* 



&k 



INTERNATIONAL 




Printed on 
Recycled Paper 



O'REILLY