// private header for Serpent and Sosemanuk #ifndef CRYPTOPP_SERPENTP_H #define CRYPTOPP_SERPENTP_H NAMESPACE_BEGIN(CryptoPP) // linear transformation #define LT(i,a,b,c,d,e) {\ a = rotlConstant<13>(a); \ c = rotlConstant<3>(c); \ d = rotlConstant<7>(d ^ c ^ (a << 3)); \ b = rotlConstant<1>(b ^ a ^ c); \ a = rotlConstant<5>(a ^ b ^ d); \ c = rotlConstant<22>(c ^ d ^ (b << 7));} // inverse linear transformation #define ILT(i,a,b,c,d,e) {\ c = rotrConstant<22>(c); \ a = rotrConstant<5>(a); \ c ^= d ^ (b << 7); \ a ^= b ^ d; \ b = rotrConstant<1>(b); \ d = rotrConstant<7>(d) ^ c ^ (a << 3); \ b ^= a ^ c; \ c = rotrConstant<3>(c); \ a = rotrConstant<13>(a);} // order of output from S-box functions #define beforeS0(f) f(0,a,b,c,d,e) #define afterS0(f) f(1,b,e,c,a,d) #define afterS1(f) f(2,c,b,a,e,d) #define afterS2(f) f(3,a,e,b,d,c) #define afterS3(f) f(4,e,b,d,c,a) #define afterS4(f) f(5,b,a,e,c,d) #define afterS5(f) f(6,a,c,b,e,d) #define afterS6(f) f(7,a,c,d,b,e) #define afterS7(f) f(8,d,e,b,a,c) // order of output from inverse S-box functions #define beforeI7(f) f(8,a,b,c,d,e) #define afterI7(f) f(7,d,a,b,e,c) #define afterI6(f) f(6,a,b,c,e,d) #define afterI5(f) f(5,b,d,e,c,a) #define afterI4(f) f(4,b,c,e,a,d) #define afterI3(f) f(3,a,b,e,c,d) #define afterI2(f) f(2,b,d,e,c,a) #define afterI1(f) f(1,a,b,c,e,d) #define afterI0(f) f(0,a,d,b,e,c) // The instruction sequences for the S-box functions // come from Dag Arne Osvik's paper "Speeding up Serpent". #define S0(i, r0, r1, r2, r3, r4) \ { \ r3 ^= r0; \ r4 = r1; \ r1 &= r3; \ r4 ^= r2; \ r1 ^= r0; \ r0 |= r3; \ r0 ^= r4; \ r4 ^= r3; \ r3 ^= r2; \ r2 |= r1; \ r2 ^= r4; \ r4 = ~r4; \ r4 |= r1; \ r1 ^= r3; \ r1 ^= r4; \ r3 |= r0; \ r1 ^= r3; \ r4 ^= r3; \ } #define I0(i, r0, r1, r2, r3, r4) \ { \ r2 = ~r2; \ r4 = r1; \ r1 |= r0; \ r4 = ~r4; \ r1 ^= r2; \ r2 |= r4; \ r1 ^= r3; \ r0 ^= r4; \ r2 ^= r0; \ r0 &= r3; \ r4 ^= r0; \ r0 |= r1; \ r0 ^= r2; \ r3 ^= r4; \ r2 ^= r1; \ r3 ^= r0; \ r3 ^= r1; \ r2 &= r3; \ r4 ^= r2; \ } #define S1(i, r0, r1, r2, r3, r4) \ { \ r0 = ~r0; \ r2 = ~r2; \ r4 = r0; \ r0 &= r1; \ r2 ^= r0; \ r0 |= r3; \ r3 ^= r2; \ r1 ^= r0; \ r0 ^= r4; \ r4 |= r1; \ r1 ^= r3; \ r2 |= r0; \ r2 &= r4; \ r0 ^= r1; \ r1 &= r2; \ r1 ^= r0; \ r0 &= r2; \ r0 ^= r4; \ } #define I1(i, r0, r1, r2, r3, r4) \ { \ r4 = r1; \ r1 ^= r3; \ r3 &= r1; \ r4 ^= r2; \ r3 ^= r0; \ r0 |= r1; \ r2 ^= r3; \ r0 ^= r4; \ r0 |= r2; \ r1 ^= r3; \ r0 ^= r1; \ r1 |= r3; \ r1 ^= r0; \ r4 = ~r4; \ r4 ^= r1; \ r1 |= r0; \ r1 ^= r0; \ r1 |= r4; \ r3 ^= r1; \ } #define S2(i, r0, r1, r2, r3, r4) \ { \ r4 = r0; \ r0 &= r2; \ r0 ^= r3; \ r2 ^= r1; \ r2 ^= r0; \ r3 |= r4; \ r3 ^= r1; \ r4 ^= r2; \ r1 = r3; \ r3 |= r4; \ r3 ^= r0; \ r0 &= r1; \ r4 ^= r0; \ r1 ^= r3; \ r1 ^= r4; \ r4 = ~r4; \ } #define I2(i, r0, r1, r2, r3, r4) \ { \ r2 ^= r3; \ r3 ^= r0; \ r4 = r3; \ r3 &= r2; \ r3 ^= r1; \ r1 |= r2; \ r1 ^= r4; \ r4 &= r3; \ r2 ^= r3; \ r4 &= r0; \ r4 ^= r2; \ r2 &= r1; \ r2 |= r0; \ r3 = ~r3; \ r2 ^= r3; \ r0 ^= r3; \ r0 &= r1; \ r3 ^= r4; \ r3 ^= r0; \ } #define S3(i, r0, r1, r2, r3, r4) \ { \ r4 = r0; \ r0 |= r3; \ r3 ^= r1; \ r1 &= r4; \ r4 ^= r2; \ r2 ^= r3; \ r3 &= r0; \ r4 |= r1; \ r3 ^= r4; \ r0 ^= r1; \ r4 &= r0; \ r1 ^= r3; \ r4 ^= r2; \ r1 |= r0; \ r1 ^= r2; \ r0 ^= r3; \ r2 = r1; \ r1 |= r3; \ r1 ^= r0; \ } #define I3(i, r0, r1, r2, r3, r4) \ { \ r4 = r2; \ r2 ^= r1; \ r1 &= r2; \ r1 ^= r0; \ r0 &= r4; \ r4 ^= r3; \ r3 |= r1; \ r3 ^= r2; \ r0 ^= r4; \ r2 ^= r0; \ r0 |= r3; \ r0 ^= r1; \ r4 ^= r2; \ r2 &= r3; \ r1 |= r3; \ r1 ^= r2; \ r4 ^= r0; \ r2 ^= r4; \ } #define S4(i, r0, r1, r2, r3, r4) \ { \ r1 ^= r3; \ r3 = ~r3; \ r2 ^= r3; \ r3 ^= r0; \ r4 = r1; \ r1 &= r3; \ r1 ^= r2; \ r4 ^= r3; \ r0 ^= r4; \ r2 &= r4; \ r2 ^= r0; \ r0 &= r1; \ r3 ^= r0; \ r4 |= r1; \ r4 ^= r0; \ r0 |= r3; \ r0 ^= r2; \ r2 &= r3; \ r0 = ~r0; \ r4 ^= r2; \ } #define I4(i, r0, r1, r2, r3, r4) \ { \ r4 = r2; \ r2 &= r3; \ r2 ^= r1; \ r1 |= r3; \ r1 &= r0; \ r4 ^= r2; \ r4 ^= r1; \ r1 &= r2; \ r0 = ~r0; \ r3 ^= r4; \ r1 ^= r3; \ r3 &= r0; \ r3 ^= r2; \ r0 ^= r1; \ r2 &= r0; \ r3 ^= r0; \ r2 ^= r4; \ r2 |= r3; \ r3 ^= r0; \ r2 ^= r1; \ } #define S5(i, r0, r1, r2, r3, r4) \ { \ r0 ^= r1; \ r1 ^= r3; \ r3 = ~r3; \ r4 = r1; \ r1 &= r0; \ r2 ^= r3; \ r1 ^= r2; \ r2 |= r4; \ r4 ^= r3; \ r3 &= r1; \ r3 ^= r0; \ r4 ^= r1; \ r4 ^= r2; \ r2 ^= r0; \ r0 &= r3; \ r2 = ~r2; \ r0 ^= r4; \ r4 |= r3; \ r2 ^= r4; \ } #define I5(i, r0, r1, r2, r3, r4) \ { \ r1 = ~r1; \ r4 = r3; \ r2 ^= r1; \ r3 |= r0; \ r3 ^= r2; \ r2 |= r1; \ r2 &= r0; \ r4 ^= r3; \ r2 ^= r4; \ r4 |= r0; \ r4 ^= r1; \ r1 &= r2; \ r1 ^= r3; \ r4 ^= r2; \ r3 &= r4; \ r4 ^= r1; \ r3 ^= r0; \ r3 ^= r4; \ r4 = ~r4; \ } #define S6(i, r0, r1, r2, r3, r4) \ { \ r2 = ~r2; \ r4 = r3; \ r3 &= r0; \ r0 ^= r4; \ r3 ^= r2; \ r2 |= r4; \ r1 ^= r3; \ r2 ^= r0; \ r0 |= r1; \ r2 ^= r1; \ r4 ^= r0; \ r0 |= r3; \ r0 ^= r2; \ r4 ^= r3; \ r4 ^= r0; \ r3 = ~r3; \ r2 &= r4; \ r2 ^= r3; \ } #define I6(i, r0, r1, r2, r3, r4) \ { \ r0 ^= r2; \ r4 = r2; \ r2 &= r0; \ r4 ^= r3; \ r2 = ~r2; \ r3 ^= r1; \ r2 ^= r3; \ r4 |= r0; \ r0 ^= r2; \ r3 ^= r4; \ r4 ^= r1; \ r1 &= r3; \ r1 ^= r0; \ r0 ^= r3; \ r0 |= r2; \ r3 ^= r1; \ r4 ^= r0; \ } #define S7(i, r0, r1, r2, r3, r4) \ { \ r4 = r2; \ r2 &= r1; \ r2 ^= r3; \ r3 &= r1; \ r4 ^= r2; \ r2 ^= r1; \ r1 ^= r0; \ r0 |= r4; \ r0 ^= r2; \ r3 ^= r1; \ r2 ^= r3; \ r3 &= r0; \ r3 ^= r4; \ r4 ^= r2; \ r2 &= r0; \ r4 = ~r4; \ r2 ^= r4; \ r4 &= r0; \ r1 ^= r3; \ r4 ^= r1; \ } #define I7(i, r0, r1, r2, r3, r4) \ { \ r4 = r2; \ r2 ^= r0; \ r0 &= r3; \ r2 = ~r2; \ r4 |= r3; \ r3 ^= r1; \ r1 |= r0; \ r0 ^= r2; \ r2 &= r4; \ r1 ^= r2; \ r2 ^= r0; \ r0 |= r2; \ r3 &= r4; \ r0 ^= r3; \ r4 ^= r1; \ r3 ^= r4; \ r4 |= r0; \ r3 ^= r2; \ r4 ^= r2; \ } // key xor #define KX(r, a, b, c, d, e) {\ a ^= k[4 * r + 0]; \ b ^= k[4 * r + 1]; \ c ^= k[4 * r + 2]; \ d ^= k[4 * r + 3];} #define LK(r, a, b, c, d, e) {\ a = k[(8-r)*4 + 0]; \ b = k[(8-r)*4 + 1]; \ c = k[(8-r)*4 + 2]; \ d = k[(8-r)*4 + 3];} #define SK(r, a, b, c, d, e) {\ k[(8-r)*4 + 4] = a; \ k[(8-r)*4 + 5] = b; \ k[(8-r)*4 + 6] = c; \ k[(8-r)*4 + 7] = d;} void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen); NAMESPACE_END #endif // CRYPTOPP_SERPENTP_H