1 // private header for Serpent and Sosemanuk 2 3 #ifndef CRYPTOPP_SERPENTP_H 4 #define CRYPTOPP_SERPENTP_H 5 6 NAMESPACE_BEGIN(CryptoPP) 7 8 // linear transformation 9 #define LT(i,a,b,c,d,e) {\ 10 a = rotlConstant<13>(a); \ 11 c = rotlConstant<3>(c); \ 12 d = rotlConstant<7>(d ^ c ^ (a << 3)); \ 13 b = rotlConstant<1>(b ^ a ^ c); \ 14 a = rotlConstant<5>(a ^ b ^ d); \ 15 c = rotlConstant<22>(c ^ d ^ (b << 7));} 16 17 // inverse linear transformation 18 #define ILT(i,a,b,c,d,e) {\ 19 c = rotrConstant<22>(c); \ 20 a = rotrConstant<5>(a); \ 21 c ^= d ^ (b << 7); \ 22 a ^= b ^ d; \ 23 b = rotrConstant<1>(b); \ 24 d = rotrConstant<7>(d) ^ c ^ (a << 3); \ 25 b ^= a ^ c; \ 26 c = rotrConstant<3>(c); \ 27 a = rotrConstant<13>(a);} 28 29 // order of output from S-box functions 30 #define beforeS0(f) f(0,a,b,c,d,e) 31 #define afterS0(f) f(1,b,e,c,a,d) 32 #define afterS1(f) f(2,c,b,a,e,d) 33 #define afterS2(f) f(3,a,e,b,d,c) 34 #define afterS3(f) f(4,e,b,d,c,a) 35 #define afterS4(f) f(5,b,a,e,c,d) 36 #define afterS5(f) f(6,a,c,b,e,d) 37 #define afterS6(f) f(7,a,c,d,b,e) 38 #define afterS7(f) f(8,d,e,b,a,c) 39 40 // order of output from inverse S-box functions 41 #define beforeI7(f) f(8,a,b,c,d,e) 42 #define afterI7(f) f(7,d,a,b,e,c) 43 #define afterI6(f) f(6,a,b,c,e,d) 44 #define afterI5(f) f(5,b,d,e,c,a) 45 #define afterI4(f) f(4,b,c,e,a,d) 46 #define afterI3(f) f(3,a,b,e,c,d) 47 #define afterI2(f) f(2,b,d,e,c,a) 48 #define afterI1(f) f(1,a,b,c,e,d) 49 #define afterI0(f) f(0,a,d,b,e,c) 50 51 // The instruction sequences for the S-box functions 52 // come from Dag Arne Osvik's paper "Speeding up Serpent". 53 54 #define S0(i, r0, r1, r2, r3, r4) \ 55 { \ 56 r3 ^= r0; \ 57 r4 = r1; \ 58 r1 &= r3; \ 59 r4 ^= r2; \ 60 r1 ^= r0; \ 61 r0 |= r3; \ 62 r0 ^= r4; \ 63 r4 ^= r3; \ 64 r3 ^= r2; \ 65 r2 |= r1; \ 66 r2 ^= r4; \ 67 r4 = ~r4; \ 68 r4 |= r1; \ 69 r1 ^= r3; \ 70 r1 ^= r4; \ 71 r3 |= r0; \ 72 r1 ^= r3; \ 73 r4 ^= r3; \ 74 } 75 76 #define I0(i, r0, r1, r2, r3, r4) \ 77 { \ 78 r2 = ~r2; \ 79 r4 = r1; \ 80 r1 |= r0; \ 81 r4 = ~r4; \ 82 r1 ^= r2; \ 83 r2 |= r4; \ 84 r1 ^= r3; \ 85 r0 ^= r4; \ 86 r2 ^= r0; \ 87 r0 &= r3; \ 88 r4 ^= r0; \ 89 r0 |= r1; \ 90 r0 ^= r2; \ 91 r3 ^= r4; \ 92 r2 ^= r1; \ 93 r3 ^= r0; \ 94 r3 ^= r1; \ 95 r2 &= r3; \ 96 r4 ^= r2; \ 97 } 98 99 #define S1(i, r0, r1, r2, r3, r4) \ 100 { \ 101 r0 = ~r0; \ 102 r2 = ~r2; \ 103 r4 = r0; \ 104 r0 &= r1; \ 105 r2 ^= r0; \ 106 r0 |= r3; \ 107 r3 ^= r2; \ 108 r1 ^= r0; \ 109 r0 ^= r4; \ 110 r4 |= r1; \ 111 r1 ^= r3; \ 112 r2 |= r0; \ 113 r2 &= r4; \ 114 r0 ^= r1; \ 115 r1 &= r2; \ 116 r1 ^= r0; \ 117 r0 &= r2; \ 118 r0 ^= r4; \ 119 } 120 121 #define I1(i, r0, r1, r2, r3, r4) \ 122 { \ 123 r4 = r1; \ 124 r1 ^= r3; \ 125 r3 &= r1; \ 126 r4 ^= r2; \ 127 r3 ^= r0; \ 128 r0 |= r1; \ 129 r2 ^= r3; \ 130 r0 ^= r4; \ 131 r0 |= r2; \ 132 r1 ^= r3; \ 133 r0 ^= r1; \ 134 r1 |= r3; \ 135 r1 ^= r0; \ 136 r4 = ~r4; \ 137 r4 ^= r1; \ 138 r1 |= r0; \ 139 r1 ^= r0; \ 140 r1 |= r4; \ 141 r3 ^= r1; \ 142 } 143 144 #define S2(i, r0, r1, r2, r3, r4) \ 145 { \ 146 r4 = r0; \ 147 r0 &= r2; \ 148 r0 ^= r3; \ 149 r2 ^= r1; \ 150 r2 ^= r0; \ 151 r3 |= r4; \ 152 r3 ^= r1; \ 153 r4 ^= r2; \ 154 r1 = r3; \ 155 r3 |= r4; \ 156 r3 ^= r0; \ 157 r0 &= r1; \ 158 r4 ^= r0; \ 159 r1 ^= r3; \ 160 r1 ^= r4; \ 161 r4 = ~r4; \ 162 } 163 164 #define I2(i, r0, r1, r2, r3, r4) \ 165 { \ 166 r2 ^= r3; \ 167 r3 ^= r0; \ 168 r4 = r3; \ 169 r3 &= r2; \ 170 r3 ^= r1; \ 171 r1 |= r2; \ 172 r1 ^= r4; \ 173 r4 &= r3; \ 174 r2 ^= r3; \ 175 r4 &= r0; \ 176 r4 ^= r2; \ 177 r2 &= r1; \ 178 r2 |= r0; \ 179 r3 = ~r3; \ 180 r2 ^= r3; \ 181 r0 ^= r3; \ 182 r0 &= r1; \ 183 r3 ^= r4; \ 184 r3 ^= r0; \ 185 } 186 187 #define S3(i, r0, r1, r2, r3, r4) \ 188 { \ 189 r4 = r0; \ 190 r0 |= r3; \ 191 r3 ^= r1; \ 192 r1 &= r4; \ 193 r4 ^= r2; \ 194 r2 ^= r3; \ 195 r3 &= r0; \ 196 r4 |= r1; \ 197 r3 ^= r4; \ 198 r0 ^= r1; \ 199 r4 &= r0; \ 200 r1 ^= r3; \ 201 r4 ^= r2; \ 202 r1 |= r0; \ 203 r1 ^= r2; \ 204 r0 ^= r3; \ 205 r2 = r1; \ 206 r1 |= r3; \ 207 r1 ^= r0; \ 208 } 209 210 #define I3(i, r0, r1, r2, r3, r4) \ 211 { \ 212 r4 = r2; \ 213 r2 ^= r1; \ 214 r1 &= r2; \ 215 r1 ^= r0; \ 216 r0 &= r4; \ 217 r4 ^= r3; \ 218 r3 |= r1; \ 219 r3 ^= r2; \ 220 r0 ^= r4; \ 221 r2 ^= r0; \ 222 r0 |= r3; \ 223 r0 ^= r1; \ 224 r4 ^= r2; \ 225 r2 &= r3; \ 226 r1 |= r3; \ 227 r1 ^= r2; \ 228 r4 ^= r0; \ 229 r2 ^= r4; \ 230 } 231 232 #define S4(i, r0, r1, r2, r3, r4) \ 233 { \ 234 r1 ^= r3; \ 235 r3 = ~r3; \ 236 r2 ^= r3; \ 237 r3 ^= r0; \ 238 r4 = r1; \ 239 r1 &= r3; \ 240 r1 ^= r2; \ 241 r4 ^= r3; \ 242 r0 ^= r4; \ 243 r2 &= r4; \ 244 r2 ^= r0; \ 245 r0 &= r1; \ 246 r3 ^= r0; \ 247 r4 |= r1; \ 248 r4 ^= r0; \ 249 r0 |= r3; \ 250 r0 ^= r2; \ 251 r2 &= r3; \ 252 r0 = ~r0; \ 253 r4 ^= r2; \ 254 } 255 256 #define I4(i, r0, r1, r2, r3, r4) \ 257 { \ 258 r4 = r2; \ 259 r2 &= r3; \ 260 r2 ^= r1; \ 261 r1 |= r3; \ 262 r1 &= r0; \ 263 r4 ^= r2; \ 264 r4 ^= r1; \ 265 r1 &= r2; \ 266 r0 = ~r0; \ 267 r3 ^= r4; \ 268 r1 ^= r3; \ 269 r3 &= r0; \ 270 r3 ^= r2; \ 271 r0 ^= r1; \ 272 r2 &= r0; \ 273 r3 ^= r0; \ 274 r2 ^= r4; \ 275 r2 |= r3; \ 276 r3 ^= r0; \ 277 r2 ^= r1; \ 278 } 279 280 #define S5(i, r0, r1, r2, r3, r4) \ 281 { \ 282 r0 ^= r1; \ 283 r1 ^= r3; \ 284 r3 = ~r3; \ 285 r4 = r1; \ 286 r1 &= r0; \ 287 r2 ^= r3; \ 288 r1 ^= r2; \ 289 r2 |= r4; \ 290 r4 ^= r3; \ 291 r3 &= r1; \ 292 r3 ^= r0; \ 293 r4 ^= r1; \ 294 r4 ^= r2; \ 295 r2 ^= r0; \ 296 r0 &= r3; \ 297 r2 = ~r2; \ 298 r0 ^= r4; \ 299 r4 |= r3; \ 300 r2 ^= r4; \ 301 } 302 303 #define I5(i, r0, r1, r2, r3, r4) \ 304 { \ 305 r1 = ~r1; \ 306 r4 = r3; \ 307 r2 ^= r1; \ 308 r3 |= r0; \ 309 r3 ^= r2; \ 310 r2 |= r1; \ 311 r2 &= r0; \ 312 r4 ^= r3; \ 313 r2 ^= r4; \ 314 r4 |= r0; \ 315 r4 ^= r1; \ 316 r1 &= r2; \ 317 r1 ^= r3; \ 318 r4 ^= r2; \ 319 r3 &= r4; \ 320 r4 ^= r1; \ 321 r3 ^= r0; \ 322 r3 ^= r4; \ 323 r4 = ~r4; \ 324 } 325 326 #define S6(i, r0, r1, r2, r3, r4) \ 327 { \ 328 r2 = ~r2; \ 329 r4 = r3; \ 330 r3 &= r0; \ 331 r0 ^= r4; \ 332 r3 ^= r2; \ 333 r2 |= r4; \ 334 r1 ^= r3; \ 335 r2 ^= r0; \ 336 r0 |= r1; \ 337 r2 ^= r1; \ 338 r4 ^= r0; \ 339 r0 |= r3; \ 340 r0 ^= r2; \ 341 r4 ^= r3; \ 342 r4 ^= r0; \ 343 r3 = ~r3; \ 344 r2 &= r4; \ 345 r2 ^= r3; \ 346 } 347 348 #define I6(i, r0, r1, r2, r3, r4) \ 349 { \ 350 r0 ^= r2; \ 351 r4 = r2; \ 352 r2 &= r0; \ 353 r4 ^= r3; \ 354 r2 = ~r2; \ 355 r3 ^= r1; \ 356 r2 ^= r3; \ 357 r4 |= r0; \ 358 r0 ^= r2; \ 359 r3 ^= r4; \ 360 r4 ^= r1; \ 361 r1 &= r3; \ 362 r1 ^= r0; \ 363 r0 ^= r3; \ 364 r0 |= r2; \ 365 r3 ^= r1; \ 366 r4 ^= r0; \ 367 } 368 369 #define S7(i, r0, r1, r2, r3, r4) \ 370 { \ 371 r4 = r2; \ 372 r2 &= r1; \ 373 r2 ^= r3; \ 374 r3 &= r1; \ 375 r4 ^= r2; \ 376 r2 ^= r1; \ 377 r1 ^= r0; \ 378 r0 |= r4; \ 379 r0 ^= r2; \ 380 r3 ^= r1; \ 381 r2 ^= r3; \ 382 r3 &= r0; \ 383 r3 ^= r4; \ 384 r4 ^= r2; \ 385 r2 &= r0; \ 386 r4 = ~r4; \ 387 r2 ^= r4; \ 388 r4 &= r0; \ 389 r1 ^= r3; \ 390 r4 ^= r1; \ 391 } 392 393 #define I7(i, r0, r1, r2, r3, r4) \ 394 { \ 395 r4 = r2; \ 396 r2 ^= r0; \ 397 r0 &= r3; \ 398 r2 = ~r2; \ 399 r4 |= r3; \ 400 r3 ^= r1; \ 401 r1 |= r0; \ 402 r0 ^= r2; \ 403 r2 &= r4; \ 404 r1 ^= r2; \ 405 r2 ^= r0; \ 406 r0 |= r2; \ 407 r3 &= r4; \ 408 r0 ^= r3; \ 409 r4 ^= r1; \ 410 r3 ^= r4; \ 411 r4 |= r0; \ 412 r3 ^= r2; \ 413 r4 ^= r2; \ 414 } 415 416 // key xor 417 #define KX(r, a, b, c, d, e) {\ 418 a ^= k[4 * r + 0]; \ 419 b ^= k[4 * r + 1]; \ 420 c ^= k[4 * r + 2]; \ 421 d ^= k[4 * r + 3];} 422 423 #define LK(r, a, b, c, d, e) {\ 424 a = k[(8-r)*4 + 0]; \ 425 b = k[(8-r)*4 + 1]; \ 426 c = k[(8-r)*4 + 2]; \ 427 d = k[(8-r)*4 + 3];} 428 429 #define SK(r, a, b, c, d, e) {\ 430 k[(8-r)*4 + 4] = a; \ 431 k[(8-r)*4 + 5] = b; \ 432 k[(8-r)*4 + 6] = c; \ 433 k[(8-r)*4 + 7] = d;} 434 435 void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen); 436 437 NAMESPACE_END 438 439 #endif // CRYPTOPP_SERPENTP_H 440