1 /* Serpent.java -- 2 Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc. 3 4 This file is a part of GNU Classpath. 5 6 GNU Classpath is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2 of the License, or (at 9 your option) any later version. 10 11 GNU Classpath is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with GNU Classpath; if not, write to the Free Software 18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 19 USA 20 21 Linking this library statically or dynamically with other modules is 22 making a combined work based on this library. Thus, the terms and 23 conditions of the GNU General Public License cover the whole 24 combination. 25 26 As a special exception, the copyright holders of this library give you 27 permission to link this library with independent modules to produce an 28 executable, regardless of the license terms of these independent 29 modules, and to copy and distribute the resulting executable under 30 terms of your choice, provided that you also meet, for each linked 31 independent module, the terms and conditions of the license of that 32 module. An independent module is a module which is not derived from 33 or based on this library. If you modify this library, you may extend 34 this exception to your version of the library, but you are not 35 obligated to do so. If you do not wish to do so, delete this 36 exception statement from your version. */ 37 38 39 package gnu.javax.crypto.cipher; 40 41 import gnu.java.security.Registry; 42 import gnu.java.security.util.Util; 43 44 import java.security.InvalidKeyException; 45 import java.util.ArrayList; 46 import java.util.Collections; 47 import java.util.Iterator; 48 49 /** 50 * Serpent is a 32-round substitution-permutation network block cipher, 51 * operating on 128-bit blocks and accepting keys of 128, 192, and 256 bits in 52 * length. At each round the plaintext is XORed with a 128 bit portion of the 53 * session key -- a 4224 bit key computed from the input key -- then one of 54 * eight S-boxes are applied, and finally a simple linear transformation is 55 * done. Decryption does the exact same thing in reverse order, and using the 56 * eight inverses of the S-boxes. 57 * <p> 58 * Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen as a 59 * proposed cipher for the Advanced Encryption Standard. 60 * <p> 61 * Serpent can be sped up greatly by replacing S-box substitution with a 62 * sequence of binary operations, and the optimal implementation depends upon 63 * finding the fastest sequence of binary operations that reproduce this 64 * substitution. This implementation uses the S-boxes discovered by <a 65 * href="http://www.ii.uib.no/~osvik/">Dag Arne Osvik</a>, which are optimized 66 * for the Pentium family of processors. 67 * <p> 68 * References: 69 * <ol> 70 * <li><a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">Serpent: A 71 * Candidate Block Cipher for the Advanced Encryption Standard.</a></li> 72 * </ol> 73 */ 74 public class Serpent 75 extends BaseCipher 76 { 77 private static final int DEFAULT_KEY_SIZE = 16; 78 private static final int DEFAULT_BLOCK_SIZE = 16; 79 private static final int ROUNDS = 32; 80 /** The fractional part of the golden ratio, (sqrt(5)+1)/2. */ 81 private static final int PHI = 0x9e3779b9; 82 /** 83 * KAT vector (from ecb_vk): I=9 84 * KEY=008000000000000000000000000000000000000000000000 85 * CT=5587B5BCB9EE5A28BA2BACC418005240 86 */ 87 private static final byte[] KAT_KEY = Util.toReversedBytesFromString( 88 "008000000000000000000000000000000000000000000000"); 89 private static final byte[] KAT_CT = 90 Util.toReversedBytesFromString("5587B5BCB9EE5A28BA2BACC418005240"); 91 /** caches the result of the correctness test, once executed. */ 92 private static Boolean valid; 93 private int x0, x1, x2, x3, x4; 94 95 /** Trivial zero-argument constructor. */ Serpent()96 public Serpent() 97 { 98 super(Registry.SERPENT_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); 99 } 100 clone()101 public Object clone() 102 { 103 Serpent result = new Serpent(); 104 result.currentBlockSize = this.currentBlockSize; 105 return result; 106 } 107 blockSizes()108 public Iterator blockSizes() 109 { 110 return Collections.singleton(Integer.valueOf(DEFAULT_BLOCK_SIZE)).iterator(); 111 } 112 keySizes()113 public Iterator keySizes() 114 { 115 ArrayList keySizes = new ArrayList(); 116 keySizes.add(Integer.valueOf(16)); 117 keySizes.add(Integer.valueOf(24)); 118 keySizes.add(Integer.valueOf(32)); 119 return Collections.unmodifiableList(keySizes).iterator(); 120 } 121 makeKey(byte[] kb, int blockSize)122 public Object makeKey(byte[] kb, int blockSize) throws InvalidKeyException 123 { 124 // Not strictly true, but here to conform with the AES proposal. 125 // This restriction can be removed if deemed necessary. 126 if (kb.length != 16 && kb.length != 24 && kb.length != 32) 127 throw new InvalidKeyException("Key length is not 16, 24, or 32 bytes"); 128 Key key = new Key(); 129 // Here w is our "pre-key". 130 int[] w = new int[4 * (ROUNDS + 1)]; 131 int i, j; 132 for (i = 0, j = 0; i < 8 && j < kb.length; i++) 133 w[i] = (kb[j++] & 0xff) 134 | (kb[j++] & 0xff) << 8 135 | (kb[j++] & 0xff) << 16 136 | (kb[j++] & 0xff) << 24; 137 // Pad key if < 256 bits. 138 if (i != 8) 139 w[i] = 1; 140 // Transform using w_i-8 ... w_i-1 141 for (i = 8, j = 0; i < 16; i++) 142 { 143 int t = w[j] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ j++; 144 w[i] = t << 11 | t >>> 21; 145 } 146 // Translate by 8. 147 for (i = 0; i < 8; i++) 148 w[i] = w[i + 8]; 149 // Transform the rest of the key. 150 for (; i < w.length; i++) 151 { 152 int t = w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i; 153 w[i] = t << 11 | t >>> 21; 154 } 155 // After these s-boxes the pre-key (w, above) will become the 156 // session key (key, below). 157 sbox3(w[0], w[1], w[2], w[3]); 158 key.k0 = x0; 159 key.k1 = x1; 160 key.k2 = x2; 161 key.k3 = x3; 162 sbox2(w[4], w[5], w[6], w[7]); 163 key.k4 = x0; 164 key.k5 = x1; 165 key.k6 = x2; 166 key.k7 = x3; 167 sbox1(w[8], w[9], w[10], w[11]); 168 key.k8 = x0; 169 key.k9 = x1; 170 key.k10 = x2; 171 key.k11 = x3; 172 sbox0(w[12], w[13], w[14], w[15]); 173 key.k12 = x0; 174 key.k13 = x1; 175 key.k14 = x2; 176 key.k15 = x3; 177 sbox7(w[16], w[17], w[18], w[19]); 178 key.k16 = x0; 179 key.k17 = x1; 180 key.k18 = x2; 181 key.k19 = x3; 182 sbox6(w[20], w[21], w[22], w[23]); 183 key.k20 = x0; 184 key.k21 = x1; 185 key.k22 = x2; 186 key.k23 = x3; 187 sbox5(w[24], w[25], w[26], w[27]); 188 key.k24 = x0; 189 key.k25 = x1; 190 key.k26 = x2; 191 key.k27 = x3; 192 sbox4(w[28], w[29], w[30], w[31]); 193 key.k28 = x0; 194 key.k29 = x1; 195 key.k30 = x2; 196 key.k31 = x3; 197 sbox3(w[32], w[33], w[34], w[35]); 198 key.k32 = x0; 199 key.k33 = x1; 200 key.k34 = x2; 201 key.k35 = x3; 202 sbox2(w[36], w[37], w[38], w[39]); 203 key.k36 = x0; 204 key.k37 = x1; 205 key.k38 = x2; 206 key.k39 = x3; 207 sbox1(w[40], w[41], w[42], w[43]); 208 key.k40 = x0; 209 key.k41 = x1; 210 key.k42 = x2; 211 key.k43 = x3; 212 sbox0(w[44], w[45], w[46], w[47]); 213 key.k44 = x0; 214 key.k45 = x1; 215 key.k46 = x2; 216 key.k47 = x3; 217 sbox7(w[48], w[49], w[50], w[51]); 218 key.k48 = x0; 219 key.k49 = x1; 220 key.k50 = x2; 221 key.k51 = x3; 222 sbox6(w[52], w[53], w[54], w[55]); 223 key.k52 = x0; 224 key.k53 = x1; 225 key.k54 = x2; 226 key.k55 = x3; 227 sbox5(w[56], w[57], w[58], w[59]); 228 key.k56 = x0; 229 key.k57 = x1; 230 key.k58 = x2; 231 key.k59 = x3; 232 sbox4(w[60], w[61], w[62], w[63]); 233 key.k60 = x0; 234 key.k61 = x1; 235 key.k62 = x2; 236 key.k63 = x3; 237 sbox3(w[64], w[65], w[66], w[67]); 238 key.k64 = x0; 239 key.k65 = x1; 240 key.k66 = x2; 241 key.k67 = x3; 242 sbox2(w[68], w[69], w[70], w[71]); 243 key.k68 = x0; 244 key.k69 = x1; 245 key.k70 = x2; 246 key.k71 = x3; 247 sbox1(w[72], w[73], w[74], w[75]); 248 key.k72 = x0; 249 key.k73 = x1; 250 key.k74 = x2; 251 key.k75 = x3; 252 sbox0(w[76], w[77], w[78], w[79]); 253 key.k76 = x0; 254 key.k77 = x1; 255 key.k78 = x2; 256 key.k79 = x3; 257 sbox7(w[80], w[81], w[82], w[83]); 258 key.k80 = x0; 259 key.k81 = x1; 260 key.k82 = x2; 261 key.k83 = x3; 262 sbox6(w[84], w[85], w[86], w[87]); 263 key.k84 = x0; 264 key.k85 = x1; 265 key.k86 = x2; 266 key.k87 = x3; 267 sbox5(w[88], w[89], w[90], w[91]); 268 key.k88 = x0; 269 key.k89 = x1; 270 key.k90 = x2; 271 key.k91 = x3; 272 sbox4(w[92], w[93], w[94], w[95]); 273 key.k92 = x0; 274 key.k93 = x1; 275 key.k94 = x2; 276 key.k95 = x3; 277 sbox3(w[96], w[97], w[98], w[99]); 278 key.k96 = x0; 279 key.k97 = x1; 280 key.k98 = x2; 281 key.k99 = x3; 282 sbox2(w[100], w[101], w[102], w[103]); 283 key.k100 = x0; 284 key.k101 = x1; 285 key.k102 = x2; 286 key.k103 = x3; 287 sbox1(w[104], w[105], w[106], w[107]); 288 key.k104 = x0; 289 key.k105 = x1; 290 key.k106 = x2; 291 key.k107 = x3; 292 sbox0(w[108], w[109], w[110], w[111]); 293 key.k108 = x0; 294 key.k109 = x1; 295 key.k110 = x2; 296 key.k111 = x3; 297 sbox7(w[112], w[113], w[114], w[115]); 298 key.k112 = x0; 299 key.k113 = x1; 300 key.k114 = x2; 301 key.k115 = x3; 302 sbox6(w[116], w[117], w[118], w[119]); 303 key.k116 = x0; 304 key.k117 = x1; 305 key.k118 = x2; 306 key.k119 = x3; 307 sbox5(w[120], w[121], w[122], w[123]); 308 key.k120 = x0; 309 key.k121 = x1; 310 key.k122 = x2; 311 key.k123 = x3; 312 sbox4(w[124], w[125], w[126], w[127]); 313 key.k124 = x0; 314 key.k125 = x1; 315 key.k126 = x2; 316 key.k127 = x3; 317 sbox3(w[128], w[129], w[130], w[131]); 318 key.k128 = x0; 319 key.k129 = x1; 320 key.k130 = x2; 321 key.k131 = x3; 322 return key; 323 } 324 encrypt(byte[] in, int i, byte[] out, int o, Object K, int bs)325 public synchronized void encrypt(byte[] in, int i, byte[] out, int o, 326 Object K, int bs) 327 { 328 Key key = (Key) K; 329 x0 = (in[i ] & 0xff) 330 | (in[i + 1] & 0xff) << 8 331 | (in[i + 2] & 0xff) << 16 332 | (in[i + 3] & 0xff) << 24; 333 x1 = (in[i + 4] & 0xff) 334 | (in[i + 5] & 0xff) << 8 335 | (in[i + 6] & 0xff) << 16 336 | (in[i + 7] & 0xff) << 24; 337 x2 = (in[i + 8] & 0xff) 338 | (in[i + 9] & 0xff) << 8 339 | (in[i + 10] & 0xff) << 16 340 | (in[i + 11] & 0xff) << 24; 341 x3 = (in[i + 12] & 0xff) 342 | (in[i + 13] & 0xff) << 8 343 | (in[i + 14] & 0xff) << 16 344 | (in[i + 15] & 0xff) << 24; 345 x0 ^= key.k0; 346 x1 ^= key.k1; 347 x2 ^= key.k2; 348 x3 ^= key.k3; 349 sbox0(); 350 x1 ^= key.k4; 351 x4 ^= key.k5; 352 x2 ^= key.k6; 353 x0 ^= key.k7; 354 sbox1(); 355 x0 ^= key.k8; 356 x4 ^= key.k9; 357 x2 ^= key.k10; 358 x1 ^= key.k11; 359 sbox2(); 360 x2 ^= key.k12; 361 x1 ^= key.k13; 362 x4 ^= key.k14; 363 x3 ^= key.k15; 364 sbox3(); 365 x1 ^= key.k16; 366 x4 ^= key.k17; 367 x3 ^= key.k18; 368 x0 ^= key.k19; 369 sbox4(); 370 x4 ^= key.k20; 371 x2 ^= key.k21; 372 x1 ^= key.k22; 373 x0 ^= key.k23; 374 sbox5(); 375 x2 ^= key.k24; 376 x0 ^= key.k25; 377 x4 ^= key.k26; 378 x1 ^= key.k27; 379 sbox6(); 380 x2 ^= key.k28; 381 x0 ^= key.k29; 382 x3 ^= key.k30; 383 x4 ^= key.k31; 384 sbox7(); 385 x0 = x3; 386 x3 = x2; 387 x2 = x4; 388 x0 ^= key.k32; 389 x1 ^= key.k33; 390 x2 ^= key.k34; 391 x3 ^= key.k35; 392 sbox0(); 393 x1 ^= key.k36; 394 x4 ^= key.k37; 395 x2 ^= key.k38; 396 x0 ^= key.k39; 397 sbox1(); 398 x0 ^= key.k40; 399 x4 ^= key.k41; 400 x2 ^= key.k42; 401 x1 ^= key.k43; 402 sbox2(); 403 x2 ^= key.k44; 404 x1 ^= key.k45; 405 x4 ^= key.k46; 406 x3 ^= key.k47; 407 sbox3(); 408 x1 ^= key.k48; 409 x4 ^= key.k49; 410 x3 ^= key.k50; 411 x0 ^= key.k51; 412 sbox4(); 413 x4 ^= key.k52; 414 x2 ^= key.k53; 415 x1 ^= key.k54; 416 x0 ^= key.k55; 417 sbox5(); 418 x2 ^= key.k56; 419 x0 ^= key.k57; 420 x4 ^= key.k58; 421 x1 ^= key.k59; 422 sbox6(); 423 x2 ^= key.k60; 424 x0 ^= key.k61; 425 x3 ^= key.k62; 426 x4 ^= key.k63; 427 sbox7(); 428 x0 = x3; 429 x3 = x2; 430 x2 = x4; 431 x0 ^= key.k64; 432 x1 ^= key.k65; 433 x2 ^= key.k66; 434 x3 ^= key.k67; 435 sbox0(); 436 x1 ^= key.k68; 437 x4 ^= key.k69; 438 x2 ^= key.k70; 439 x0 ^= key.k71; 440 sbox1(); 441 x0 ^= key.k72; 442 x4 ^= key.k73; 443 x2 ^= key.k74; 444 x1 ^= key.k75; 445 sbox2(); 446 x2 ^= key.k76; 447 x1 ^= key.k77; 448 x4 ^= key.k78; 449 x3 ^= key.k79; 450 sbox3(); 451 x1 ^= key.k80; 452 x4 ^= key.k81; 453 x3 ^= key.k82; 454 x0 ^= key.k83; 455 sbox4(); 456 x4 ^= key.k84; 457 x2 ^= key.k85; 458 x1 ^= key.k86; 459 x0 ^= key.k87; 460 sbox5(); 461 x2 ^= key.k88; 462 x0 ^= key.k89; 463 x4 ^= key.k90; 464 x1 ^= key.k91; 465 sbox6(); 466 x2 ^= key.k92; 467 x0 ^= key.k93; 468 x3 ^= key.k94; 469 x4 ^= key.k95; 470 sbox7(); 471 x0 = x3; 472 x3 = x2; 473 x2 = x4; 474 x0 ^= key.k96; 475 x1 ^= key.k97; 476 x2 ^= key.k98; 477 x3 ^= key.k99; 478 sbox0(); 479 x1 ^= key.k100; 480 x4 ^= key.k101; 481 x2 ^= key.k102; 482 x0 ^= key.k103; 483 sbox1(); 484 x0 ^= key.k104; 485 x4 ^= key.k105; 486 x2 ^= key.k106; 487 x1 ^= key.k107; 488 sbox2(); 489 x2 ^= key.k108; 490 x1 ^= key.k109; 491 x4 ^= key.k110; 492 x3 ^= key.k111; 493 sbox3(); 494 x1 ^= key.k112; 495 x4 ^= key.k113; 496 x3 ^= key.k114; 497 x0 ^= key.k115; 498 sbox4(); 499 x4 ^= key.k116; 500 x2 ^= key.k117; 501 x1 ^= key.k118; 502 x0 ^= key.k119; 503 sbox5(); 504 x2 ^= key.k120; 505 x0 ^= key.k121; 506 x4 ^= key.k122; 507 x1 ^= key.k123; 508 sbox6(); 509 x2 ^= key.k124; 510 x0 ^= key.k125; 511 x3 ^= key.k126; 512 x4 ^= key.k127; 513 sbox7noLT(); 514 x0 = x3; 515 x3 = x2; 516 x2 = x4; 517 x0 ^= key.k128; 518 x1 ^= key.k129; 519 x2 ^= key.k130; 520 x3 ^= key.k131; 521 out[o ] = (byte) x0; 522 out[o + 1] = (byte)(x0 >>> 8); 523 out[o + 2] = (byte)(x0 >>> 16); 524 out[o + 3] = (byte)(x0 >>> 24); 525 out[o + 4] = (byte) x1; 526 out[o + 5] = (byte)(x1 >>> 8); 527 out[o + 6] = (byte)(x1 >>> 16); 528 out[o + 7] = (byte)(x1 >>> 24); 529 out[o + 8] = (byte) x2; 530 out[o + 9] = (byte)(x2 >>> 8); 531 out[o + 10] = (byte)(x2 >>> 16); 532 out[o + 11] = (byte)(x2 >>> 24); 533 out[o + 12] = (byte) x3; 534 out[o + 13] = (byte)(x3 >>> 8); 535 out[o + 14] = (byte)(x3 >>> 16); 536 out[o + 15] = (byte)(x3 >>> 24); 537 } 538 decrypt(byte[] in, int i, byte[] out, int o, Object K, int bs)539 public synchronized void decrypt(byte[] in, int i, byte[] out, int o, 540 Object K, int bs) 541 { 542 Key key = (Key) K; 543 x0 = (in[i ] & 0xff) 544 | (in[i + 1] & 0xff) << 8 545 | (in[i + 2] & 0xff) << 16 546 | (in[i + 3] & 0xff) << 24; 547 x1 = (in[i + 4] & 0xff) 548 | (in[i + 5] & 0xff) << 8 549 | (in[i + 6] & 0xff) << 16 550 | (in[i + 7] & 0xff) << 24; 551 x2 = (in[i + 8] & 0xff) 552 | (in[i + 9] & 0xff) << 8 553 | (in[i + 10] & 0xff) << 16 554 | (in[i + 11] & 0xff) << 24; 555 x3 = (in[i + 12] & 0xff) 556 | (in[i + 13] & 0xff) << 8 557 | (in[i + 14] & 0xff) << 16 558 | (in[i + 15] & 0xff) << 24; 559 x0 ^= key.k128; 560 x1 ^= key.k129; 561 x2 ^= key.k130; 562 x3 ^= key.k131; 563 sboxI7noLT(); 564 x3 ^= key.k124; 565 x0 ^= key.k125; 566 x1 ^= key.k126; 567 x4 ^= key.k127; 568 sboxI6(); 569 x0 ^= key.k120; 570 x1 ^= key.k121; 571 x2 ^= key.k122; 572 x4 ^= key.k123; 573 sboxI5(); 574 x1 ^= key.k116; 575 x3 ^= key.k117; 576 x4 ^= key.k118; 577 x2 ^= key.k119; 578 sboxI4(); 579 x1 ^= key.k112; 580 x2 ^= key.k113; 581 x4 ^= key.k114; 582 x0 ^= key.k115; 583 sboxI3(); 584 x0 ^= key.k108; 585 x1 ^= key.k109; 586 x4 ^= key.k110; 587 x2 ^= key.k111; 588 sboxI2(); 589 x1 ^= key.k104; 590 x3 ^= key.k105; 591 x4 ^= key.k106; 592 x2 ^= key.k107; 593 sboxI1(); 594 x0 ^= key.k100; 595 x1 ^= key.k101; 596 x2 ^= key.k102; 597 x4 ^= key.k103; 598 sboxI0(); 599 x0 ^= key.k96; 600 x3 ^= key.k97; 601 x1 ^= key.k98; 602 x4 ^= key.k99; 603 sboxI7(); 604 x1 = x3; 605 x3 = x4; 606 x4 = x2; 607 x3 ^= key.k92; 608 x0 ^= key.k93; 609 x1 ^= key.k94; 610 x4 ^= key.k95; 611 sboxI6(); 612 x0 ^= key.k88; 613 x1 ^= key.k89; 614 x2 ^= key.k90; 615 x4 ^= key.k91; 616 sboxI5(); 617 x1 ^= key.k84; 618 x3 ^= key.k85; 619 x4 ^= key.k86; 620 x2 ^= key.k87; 621 sboxI4(); 622 x1 ^= key.k80; 623 x2 ^= key.k81; 624 x4 ^= key.k82; 625 x0 ^= key.k83; 626 sboxI3(); 627 x0 ^= key.k76; 628 x1 ^= key.k77; 629 x4 ^= key.k78; 630 x2 ^= key.k79; 631 sboxI2(); 632 x1 ^= key.k72; 633 x3 ^= key.k73; 634 x4 ^= key.k74; 635 x2 ^= key.k75; 636 sboxI1(); 637 x0 ^= key.k68; 638 x1 ^= key.k69; 639 x2 ^= key.k70; 640 x4 ^= key.k71; 641 sboxI0(); 642 x0 ^= key.k64; 643 x3 ^= key.k65; 644 x1 ^= key.k66; 645 x4 ^= key.k67; 646 sboxI7(); 647 x1 = x3; 648 x3 = x4; 649 x4 = x2; 650 x3 ^= key.k60; 651 x0 ^= key.k61; 652 x1 ^= key.k62; 653 x4 ^= key.k63; 654 sboxI6(); 655 x0 ^= key.k56; 656 x1 ^= key.k57; 657 x2 ^= key.k58; 658 x4 ^= key.k59; 659 sboxI5(); 660 x1 ^= key.k52; 661 x3 ^= key.k53; 662 x4 ^= key.k54; 663 x2 ^= key.k55; 664 sboxI4(); 665 x1 ^= key.k48; 666 x2 ^= key.k49; 667 x4 ^= key.k50; 668 x0 ^= key.k51; 669 sboxI3(); 670 x0 ^= key.k44; 671 x1 ^= key.k45; 672 x4 ^= key.k46; 673 x2 ^= key.k47; 674 sboxI2(); 675 x1 ^= key.k40; 676 x3 ^= key.k41; 677 x4 ^= key.k42; 678 x2 ^= key.k43; 679 sboxI1(); 680 x0 ^= key.k36; 681 x1 ^= key.k37; 682 x2 ^= key.k38; 683 x4 ^= key.k39; 684 sboxI0(); 685 x0 ^= key.k32; 686 x3 ^= key.k33; 687 x1 ^= key.k34; 688 x4 ^= key.k35; 689 sboxI7(); 690 x1 = x3; 691 x3 = x4; 692 x4 = x2; 693 x3 ^= key.k28; 694 x0 ^= key.k29; 695 x1 ^= key.k30; 696 x4 ^= key.k31; 697 sboxI6(); 698 x0 ^= key.k24; 699 x1 ^= key.k25; 700 x2 ^= key.k26; 701 x4 ^= key.k27; 702 sboxI5(); 703 x1 ^= key.k20; 704 x3 ^= key.k21; 705 x4 ^= key.k22; 706 x2 ^= key.k23; 707 sboxI4(); 708 x1 ^= key.k16; 709 x2 ^= key.k17; 710 x4 ^= key.k18; 711 x0 ^= key.k19; 712 sboxI3(); 713 x0 ^= key.k12; 714 x1 ^= key.k13; 715 x4 ^= key.k14; 716 x2 ^= key.k15; 717 sboxI2(); 718 x1 ^= key.k8; 719 x3 ^= key.k9; 720 x4 ^= key.k10; 721 x2 ^= key.k11; 722 sboxI1(); 723 x0 ^= key.k4; 724 x1 ^= key.k5; 725 x2 ^= key.k6; 726 x4 ^= key.k7; 727 sboxI0(); 728 x2 = x1; 729 x1 = x3; 730 x3 = x4; 731 x0 ^= key.k0; 732 x1 ^= key.k1; 733 x2 ^= key.k2; 734 x3 ^= key.k3; 735 out[o ] = (byte) x0; 736 out[o + 1] = (byte)(x0 >>> 8); 737 out[o + 2] = (byte)(x0 >>> 16); 738 out[o + 3] = (byte)(x0 >>> 24); 739 out[o + 4] = (byte) x1; 740 out[o + 5] = (byte)(x1 >>> 8); 741 out[o + 6] = (byte)(x1 >>> 16); 742 out[o + 7] = (byte)(x1 >>> 24); 743 out[o + 8] = (byte) x2; 744 out[o + 9] = (byte)(x2 >>> 8); 745 out[o + 10] = (byte)(x2 >>> 16); 746 out[o + 11] = (byte)(x2 >>> 24); 747 out[o + 12] = (byte) x3; 748 out[o + 13] = (byte)(x3 >>> 8); 749 out[o + 14] = (byte)(x3 >>> 16); 750 out[o + 15] = (byte)(x3 >>> 24); 751 } 752 selfTest()753 public boolean selfTest() 754 { 755 if (valid == null) 756 { 757 boolean result = super.selfTest(); // do symmetry tests 758 if (result) 759 result = testKat(KAT_KEY, KAT_CT); 760 valid = Boolean.valueOf(result); 761 } 762 return valid.booleanValue(); 763 } 764 765 // These first few S-boxes operate directly on the "registers", 766 // x0..x4, and perform the linear transform. sbox0()767 private void sbox0() 768 { 769 x3 ^= x0; 770 x4 = x1; 771 x1 &= x3; 772 x4 ^= x2; 773 x1 ^= x0; 774 x0 |= x3; 775 x0 ^= x4; 776 x4 ^= x3; 777 x3 ^= x2; 778 x2 |= x1; 779 x2 ^= x4; 780 x4 ^= -1; 781 x4 |= x1; 782 x1 ^= x3; 783 x1 ^= x4; 784 x3 |= x0; 785 x1 ^= x3; 786 x4 ^= x3; 787 788 x1 = (x1 << 13) | (x1 >>> 19); 789 x4 ^= x1; 790 x3 = x1 << 3; 791 x2 = (x2 << 3) | (x2 >>> 29); 792 x4 ^= x2; 793 x0 ^= x2; 794 x4 = (x4 << 1) | (x4 >>> 31); 795 x0 ^= x3; 796 x0 = (x0 << 7) | (x0 >>> 25); 797 x3 = x4; 798 x1 ^= x4; 799 x3 <<= 7; 800 x1 ^= x0; 801 x2 ^= x0; 802 x2 ^= x3; 803 x1 = (x1 << 5) | (x1 >>> 27); 804 x2 = (x2 << 22) | (x2 >>> 10); 805 } 806 sbox1()807 private void sbox1() 808 { 809 x4 = ~x4; 810 x3 = x1; 811 x1 ^= x4; 812 x3 |= x4; 813 x3 ^= x0; 814 x0 &= x1; 815 x2 ^= x3; 816 x0 ^= x4; 817 x0 |= x2; 818 x1 ^= x3; 819 x0 ^= x1; 820 x4 &= x2; 821 x1 |= x4; 822 x4 ^= x3; 823 x1 ^= x2; 824 x3 |= x0; 825 x1 ^= x3; 826 x3 = ~x3; 827 x4 ^= x0; 828 x3 &= x2; 829 x4 = ~x4; 830 x3 ^= x1; 831 x4 ^= x3; 832 833 x0 = (x0 << 13) | (x0 >>> 19); 834 x4 ^= x0; 835 x3 = x0 << 3; 836 x2 = (x2 << 3) | (x2 >>> 29); 837 x4 ^= x2; 838 x1 ^= x2; 839 x4 = (x4 << 1) | (x4 >>> 31); 840 x1 ^= x3; 841 x1 = (x1 << 7) | (x1 >>> 25); 842 x3 = x4; 843 x0 ^= x4; 844 x3 <<= 7; 845 x0 ^= x1; 846 x2 ^= x1; 847 x2 ^= x3; 848 x0 = (x0 << 5) | (x0 >>> 27); 849 x2 = (x2 << 22) | (x2 >>> 10); 850 } 851 sbox2()852 private void sbox2() 853 { 854 x3 = x0; 855 x0 = x0 & x2; 856 x0 = x0 ^ x1; 857 x2 = x2 ^ x4; 858 x2 = x2 ^ x0; 859 x1 = x1 | x3; 860 x1 = x1 ^ x4; 861 x3 = x3 ^ x2; 862 x4 = x1; 863 x1 = x1 | x3; 864 x1 = x1 ^ x0; 865 x0 = x0 & x4; 866 x3 = x3 ^ x0; 867 x4 = x4 ^ x1; 868 x4 = x4 ^ x3; 869 x3 = ~x3; 870 871 x2 = (x2 << 13) | (x2 >>> 19); 872 x1 ^= x2; 873 x0 = x2 << 3; 874 x4 = (x4 << 3) | (x4 >>> 29); 875 x1 ^= x4; 876 x3 ^= x4; 877 x1 = (x1 << 1) | (x1 >>> 31); 878 x3 ^= x0; 879 x3 = (x3 << 7) | (x3 >>> 25); 880 x0 = x1; 881 x2 ^= x1; 882 x0 <<= 7; 883 x2 ^= x3; 884 x4 ^= x3; 885 x4 ^= x0; 886 x2 = (x2 << 5) | (x2 >>> 27); 887 x4 = (x4 << 22) | (x4 >>> 10); 888 } 889 sbox3()890 private void sbox3() 891 { 892 x0 = x2; 893 x2 = x2 | x3; 894 x3 = x3 ^ x1; 895 x1 = x1 & x0; 896 x0 = x0 ^ x4; 897 x4 = x4 ^ x3; 898 x3 = x3 & x2; 899 x0 = x0 | x1; 900 x3 = x3 ^ x0; 901 x2 = x2 ^ x1; 902 x0 = x0 & x2; 903 x1 = x1 ^ x3; 904 x0 = x0 ^ x4; 905 x1 = x1 | x2; 906 x1 = x1 ^ x4; 907 x2 = x2 ^ x3; 908 x4 = x1; 909 x1 = x1 | x3; 910 x1 = x1 ^ x2; 911 912 x1 = (x1 << 13) | (x1 >>> 19); 913 x4 ^= x1; 914 x2 = x1 << 3; 915 x3 = (x3 << 3) | (x3 >>> 29); 916 x4 ^= x3; 917 x0 ^= x3; 918 x4 = (x4 << 1) | (x4 >>> 31); 919 x0 ^= x2; 920 x0 = (x0 << 7) | (x0 >>> 25); 921 x2 = x4; 922 x1 ^= x4; 923 x2 <<= 7; 924 x1 ^= x0; 925 x3 ^= x0; 926 x3 ^= x2; 927 x1 = (x1 << 5) | (x1 >>> 27); 928 x3 = (x3 << 22) | (x3 >>> 10); 929 } 930 sbox4()931 private void sbox4() 932 { 933 x4 = x4 ^ x0; 934 x0 = ~x0; 935 x3 = x3 ^ x0; 936 x0 = x0 ^ x1; 937 x2 = x4; 938 x4 = x4 & x0; 939 x4 = x4 ^ x3; 940 x2 = x2 ^ x0; 941 x1 = x1 ^ x2; 942 x3 = x3 & x2; 943 x3 = x3 ^ x1; 944 x1 = x1 & x4; 945 x0 = x0 ^ x1; 946 x2 = x2 | x4; 947 x2 = x2 ^ x1; 948 x1 = x1 | x0; 949 x1 = x1 ^ x3; 950 x3 = x3 & x0; 951 x1 = ~x1; 952 x2 = x2 ^ x3; 953 954 x4 = (x4 << 13) | (x4 >>> 19); 955 x2 ^= x4; 956 x3 = x4 << 3; 957 x1 = (x1 << 3) | (x1 >>> 29); 958 x2 ^= x1; 959 x0 ^= x1; 960 x2 = (x2 << 1) | (x2 >>> 31); 961 x0 ^= x3; 962 x0 = (x0 << 7) | (x0 >>> 25); 963 x3 = x2; 964 x4 ^= x2; 965 x3 <<= 7; 966 x4 ^= x0; 967 x1 ^= x0; 968 x1 ^= x3; 969 x4 = (x4 << 5) | (x4 >>> 27); 970 x1 = (x1 << 22) | (x1 >>> 10); 971 } 972 sbox5()973 private void sbox5() 974 { 975 x4 = x4 ^ x2; 976 x2 = x2 ^ x0; 977 x0 = ~x0; 978 x3 = x2; 979 x2 = x2 & x4; 980 x1 = x1 ^ x0; 981 x2 = x2 ^ x1; 982 x1 = x1 | x3; 983 x3 = x3 ^ x0; 984 x0 = x0 & x2; 985 x0 = x0 ^ x4; 986 x3 = x3 ^ x2; 987 x3 = x3 ^ x1; 988 x1 = x1 ^ x4; 989 x4 = x4 & x0; 990 x1 = ~x1; 991 x4 = x4 ^ x3; 992 x3 = x3 | x0; 993 x1 = x1 ^ x3; 994 995 x2 = (x2 << 13) | (x2 >>> 19); 996 x0 ^= x2; 997 x3 = x2 << 3; 998 x4 = (x4 << 3) | (x4 >>> 29); 999 x0 ^= x4; 1000 x1 ^= x4; 1001 x0 = (x0 << 1) | (x0 >>> 31); 1002 x1 ^= x3; 1003 x1 = (x1 << 7) | (x1 >>> 25); 1004 x3 = x0; 1005 x2 ^= x0; 1006 x3 <<= 7; 1007 x2 ^= x1; 1008 x4 ^= x1; 1009 x4 ^= x3; 1010 x2 = (x2 << 5) | (x2 >>> 27); 1011 x4 = (x4 << 22) | (x4 >>> 10); 1012 } 1013 sbox6()1014 private void sbox6() 1015 { 1016 x4 = ~x4; 1017 x3 = x1; 1018 x1 = x1 & x2; 1019 x2 = x2 ^ x3; 1020 x1 = x1 ^ x4; 1021 x4 = x4 | x3; 1022 x0 = x0 ^ x1; 1023 x4 = x4 ^ x2; 1024 x2 = x2 | x0; 1025 x4 = x4 ^ x0; 1026 x3 = x3 ^ x2; 1027 x2 = x2 | x1; 1028 x2 = x2 ^ x4; 1029 x3 = x3 ^ x1; 1030 x3 = x3 ^ x2; 1031 x1 = ~x1; 1032 x4 = x4 & x3; 1033 x4 = x4 ^ x1; 1034 x2 = (x2 << 13) | (x2 >>> 19); 1035 x0 ^= x2; 1036 x1 = x2 << 3; 1037 x3 = (x3 << 3) | (x3 >>> 29); 1038 x0 ^= x3; 1039 x4 ^= x3; 1040 x0 = (x0 << 1) | (x0 >>> 31); 1041 x4 ^= x1; 1042 x4 = (x4 << 7) | (x4 >>> 25); 1043 x1 = x0; 1044 x2 ^= x0; 1045 x1 <<= 7; 1046 x2 ^= x4; 1047 x3 ^= x4; 1048 x3 ^= x1; 1049 x2 = (x2 << 5) | (x2 >>> 27); 1050 x3 = (x3 << 22) | (x3 >>> 10); 1051 } 1052 sbox7()1053 private void sbox7() 1054 { 1055 x1 = x3; 1056 x3 = x3 & x0; 1057 x3 = x3 ^ x4; 1058 x4 = x4 & x0; 1059 x1 = x1 ^ x3; 1060 x3 = x3 ^ x0; 1061 x0 = x0 ^ x2; 1062 x2 = x2 | x1; 1063 x2 = x2 ^ x3; 1064 x4 = x4 ^ x0; 1065 x3 = x3 ^ x4; 1066 x4 = x4 & x2; 1067 x4 = x4 ^ x1; 1068 x1 = x1 ^ x3; 1069 x3 = x3 & x2; 1070 x1 = ~x1; 1071 x3 = x3 ^ x1; 1072 x1 = x1 & x2; 1073 x0 = x0 ^ x4; 1074 x1 = x1 ^ x0; 1075 x3 = (x3 << 13) | (x3 >>> 19); 1076 x1 ^= x3; 1077 x0 = x3 << 3; 1078 x4 = (x4 << 3) | (x4 >>> 29); 1079 x1 ^= x4; 1080 x2 ^= x4; 1081 x1 = (x1 << 1) | (x1 >>> 31); 1082 x2 ^= x0; 1083 x2 = (x2 << 7) | (x2 >>> 25); 1084 x0 = x1; 1085 x3 ^= x1; 1086 x0 <<= 7; 1087 x3 ^= x2; 1088 x4 ^= x2; 1089 x4 ^= x0; 1090 x3 = (x3 << 5) | (x3 >>> 27); 1091 x4 = (x4 << 22) | (x4 >>> 10); 1092 } 1093 1094 /** The final S-box, with no transform. */ sbox7noLT()1095 private void sbox7noLT() 1096 { 1097 x1 = x3; 1098 x3 = x3 & x0; 1099 x3 = x3 ^ x4; 1100 x4 = x4 & x0; 1101 x1 = x1 ^ x3; 1102 x3 = x3 ^ x0; 1103 x0 = x0 ^ x2; 1104 x2 = x2 | x1; 1105 x2 = x2 ^ x3; 1106 x4 = x4 ^ x0; 1107 x3 = x3 ^ x4; 1108 x4 = x4 & x2; 1109 x4 = x4 ^ x1; 1110 x1 = x1 ^ x3; 1111 x3 = x3 & x2; 1112 x1 = ~x1; 1113 x3 = x3 ^ x1; 1114 x1 = x1 & x2; 1115 x0 = x0 ^ x4; 1116 x1 = x1 ^ x0; 1117 } 1118 sboxI7noLT()1119 private void sboxI7noLT() 1120 { 1121 x4 = x2; 1122 x2 ^= x0; 1123 x0 &= x3; 1124 x2 = ~x2; 1125 x4 |= x3; 1126 x3 ^= x1; 1127 x1 |= x0; 1128 x0 ^= x2; 1129 x2 &= x4; 1130 x1 ^= x2; 1131 x2 ^= x0; 1132 x0 |= x2; 1133 x3 &= x4; 1134 x0 ^= x3; 1135 x4 ^= x1; 1136 x3 ^= x4; 1137 x4 |= x0; 1138 x3 ^= x2; 1139 x4 ^= x2; 1140 } 1141 sboxI6()1142 private void sboxI6() 1143 { 1144 x1 = (x1 >>> 22) | (x1 << 10); 1145 x3 = (x3 >>> 5) | (x3 << 27); 1146 x2 = x0; 1147 x1 ^= x4; 1148 x2 <<= 7; 1149 x3 ^= x4; 1150 x1 ^= x2; 1151 x3 ^= x0; 1152 x4 = (x4 >>> 7) | (x4 << 25); 1153 x0 = (x0 >>> 1) | (x0 << 31); 1154 x0 ^= x3; 1155 x2 = x3 << 3; 1156 x4 ^= x2; 1157 x3 = (x3 >>> 13) | (x3 << 19); 1158 x0 ^= x1; 1159 x4 ^= x1; 1160 x1 = (x1 >>> 3) | (x1 << 29); 1161 x3 ^= x1; 1162 x2 = x1; 1163 x1 &= x3; 1164 x2 ^= x4; 1165 x1 = ~x1; 1166 x4 ^= x0; 1167 x1 ^= x4; 1168 x2 |= x3; 1169 x3 ^= x1; 1170 x4 ^= x2; 1171 x2 ^= x0; 1172 x0 &= x4; 1173 x0 ^= x3; 1174 x3 ^= x4; 1175 x3 |= x1; 1176 x4 ^= x0; 1177 x2 ^= x3; 1178 } 1179 sboxI5()1180 private void sboxI5() 1181 { 1182 x2 = (x2 >>> 22) | (x2 << 10); 1183 x0 = (x0 >>> 5) | (x0 << 27); 1184 x3 = x1; 1185 x2 ^= x4; 1186 x3 <<= 7; 1187 x0 ^= x4; 1188 x2 ^= x3; 1189 x0 ^= x1; 1190 x4 = (x4 >>> 7) | (x4 << 25); 1191 x1 = (x1 >>> 1) | (x1 << 31); 1192 x1 ^= x0; 1193 x3 = x0 << 3; 1194 x4 ^= x3; 1195 x0 = (x0 >>> 13) | (x0 << 19); 1196 x1 ^= x2; 1197 x4 ^= x2; 1198 x2 = (x2 >>> 3) | (x2 << 29); 1199 x1 = ~x1; 1200 x3 = x4; 1201 x2 ^= x1; 1202 x4 |= x0; 1203 x4 ^= x2; 1204 x2 |= x1; 1205 x2 &= x0; 1206 x3 ^= x4; 1207 x2 ^= x3; 1208 x3 |= x0; 1209 x3 ^= x1; 1210 x1 &= x2; 1211 x1 ^= x4; 1212 x3 ^= x2; 1213 x4 &= x3; 1214 x3 ^= x1; 1215 x4 ^= x0; 1216 x4 ^= x3; 1217 x3 = ~x3; 1218 } 1219 sboxI4()1220 private void sboxI4() 1221 { 1222 x4 = (x4 >>> 22) | (x4 << 10); 1223 x1 = (x1 >>> 5) | (x1 << 27); 1224 x0 = x3; 1225 x4 ^= x2; 1226 x0 <<= 7; 1227 x1 ^= x2; 1228 x4 ^= x0; 1229 x1 ^= x3; 1230 x2 = (x2 >>> 7) | (x2 << 25); 1231 x3 = (x3 >>> 1) | (x3 << 31); 1232 x3 ^= x1; 1233 x0 = x1 << 3; 1234 x2 ^= x0; 1235 x1 = (x1 >>> 13) | (x1 << 19); 1236 x3 ^= x4; 1237 x2 ^= x4; 1238 x4 = (x4 >>> 3) | (x4 << 29); 1239 x0 = x4; 1240 x4 &= x2; 1241 x4 ^= x3; 1242 x3 |= x2; 1243 x3 &= x1; 1244 x0 ^= x4; 1245 x0 ^= x3; 1246 x3 &= x4; 1247 x1 = ~x1; 1248 x2 ^= x0; 1249 x3 ^= x2; 1250 x2 &= x1; 1251 x2 ^= x4; 1252 x1 ^= x3; 1253 x4 &= x1; 1254 x2 ^= x1; 1255 x4 ^= x0; 1256 x4 |= x2; 1257 x2 ^= x1; 1258 x4 ^= x3; 1259 } 1260 sboxI3()1261 private void sboxI3() 1262 { 1263 x4 = (x4 >>> 22) | (x4 << 10); 1264 x1 = (x1 >>> 5) | (x1 << 27); 1265 x3 = x2; 1266 x4 ^= x0; 1267 x3 <<= 7; 1268 x1 ^= x0; 1269 x4 ^= x3; 1270 x1 ^= x2; 1271 x0 = (x0 >>> 7) | (x0 << 25); 1272 x2 = (x2 >>> 1) | (x2 << 31); 1273 x2 ^= x1; 1274 x3 = x1 << 3; 1275 x0 ^= x3; 1276 x1 = (x1 >>> 13) | (x1 << 19); 1277 x2 ^= x4; 1278 x0 ^= x4; 1279 x4 = (x4 >>> 3) | (x4 << 29); 1280 x3 = x4; 1281 x4 ^= x2; 1282 x2 &= x4; 1283 x2 ^= x1; 1284 x1 &= x3; 1285 x3 ^= x0; 1286 x0 |= x2; 1287 x0 ^= x4; 1288 x1 ^= x3; 1289 x4 ^= x1; 1290 x1 |= x0; 1291 x1 ^= x2; 1292 x3 ^= x4; 1293 x4 &= x0; 1294 x2 |= x0; 1295 x2 ^= x4; 1296 x3 ^= x1; 1297 x4 ^= x3; 1298 } 1299 sboxI2()1300 private void sboxI2() 1301 { 1302 x4 = (x4 >>> 22) | (x4 << 10); 1303 x0 = (x0 >>> 5) | (x0 << 27); 1304 x3 = x1; 1305 x4 ^= x2; 1306 x3 <<= 7; 1307 x0 ^= x2; 1308 x4 ^= x3; 1309 x0 ^= x1; 1310 x2 = (x2 >>> 7) | (x2 << 25); 1311 x1 = (x1 >>> 1) | (x1 << 31); 1312 x1 ^= x0; 1313 x3 = x0 << 3; 1314 x2 ^= x3; 1315 x0 = (x0 >>> 13) | (x0 << 19); 1316 x1 ^= x4; 1317 x2 ^= x4; 1318 x4 = (x4 >>> 3) | (x4 << 29); 1319 x4 ^= x2; 1320 x2 ^= x0; 1321 x3 = x2; 1322 x2 &= x4; 1323 x2 ^= x1; 1324 x1 |= x4; 1325 x1 ^= x3; 1326 x3 &= x2; 1327 x4 ^= x2; 1328 x3 &= x0; 1329 x3 ^= x4; 1330 x4 &= x1; 1331 x4 |= x0; 1332 x2 = ~x2; 1333 x4 ^= x2; 1334 x0 ^= x2; 1335 x0 &= x1; 1336 x2 ^= x3; 1337 x2 ^= x0; 1338 } 1339 sboxI1()1340 private void sboxI1() 1341 { 1342 x4 = (x4 >>> 22) | (x4 << 10); 1343 x1 = (x1 >>> 5) | (x1 << 27); 1344 x0 = x3; 1345 x4 ^= x2; 1346 x0 <<= 7; 1347 x1 ^= x2; 1348 x4 ^= x0; 1349 x1 ^= x3; 1350 x2 = (x2 >>> 7) | (x2 << 25); 1351 x3 = (x3 >>> 1) | (x3 << 31); 1352 x3 ^= x1; 1353 x0 = x1 << 3; 1354 x2 ^= x0; 1355 x1 = (x1 >>> 13) | (x1 << 19); 1356 x3 ^= x4; 1357 x2 ^= x4; 1358 x4 = (x4 >>> 3) | (x4 << 29); 1359 x0 = x3; 1360 x3 ^= x2; 1361 x2 &= x3; 1362 x0 ^= x4; 1363 x2 ^= x1; 1364 x1 |= x3; 1365 x4 ^= x2; 1366 x1 ^= x0; 1367 x1 |= x4; 1368 x3 ^= x2; 1369 x1 ^= x3; 1370 x3 |= x2; 1371 x3 ^= x1; 1372 x0 = ~x0; 1373 x0 ^= x3; 1374 x3 |= x1; 1375 x3 ^= x1; 1376 x3 |= x0; 1377 x2 ^= x3; 1378 } 1379 sboxI0()1380 private void sboxI0() 1381 { 1382 x2 = (x2 >>> 22) | (x2 << 10); 1383 x0 = (x0 >>> 5) | (x0 << 27); 1384 x3 = x1; 1385 x2 ^= x4; 1386 x3 <<= 7; 1387 x0 ^= x4; 1388 x2 ^= x3; 1389 x0 ^= x1; 1390 x4 = (x4 >>> 7) | (x4 << 25); 1391 x1 = (x1 >>> 1) | (x1 << 31); 1392 x1 ^= x0; 1393 x3 = x0 << 3; 1394 x4 ^= x3; 1395 x0 = (x0 >>> 13) | (x0 << 19); 1396 x1 ^= x2; 1397 x4 ^= x2; 1398 x2 = (x2 >>> 3) | (x2 << 29); 1399 x2 = ~x2; 1400 x3 = x1; 1401 x1 |= x0; 1402 x3 = ~x3; 1403 x1 ^= x2; 1404 x2 |= x3; 1405 x1 ^= x4; 1406 x0 ^= x3; 1407 x2 ^= x0; 1408 x0 &= x4; 1409 x3 ^= x0; 1410 x0 |= x1; 1411 x0 ^= x2; 1412 x4 ^= x3; 1413 x2 ^= x1; 1414 x4 ^= x0; 1415 x4 ^= x1; 1416 x2 &= x4; 1417 x3 ^= x2; 1418 } 1419 sboxI7()1420 private void sboxI7() 1421 { 1422 x1 = (x1 >>> 22) | (x1 << 10); 1423 x0 = (x0 >>> 5) | (x0 << 27); 1424 x2 = x3; 1425 x1 ^= x4; 1426 x2 <<= 7; 1427 x0 ^= x4; 1428 x1 ^= x2; 1429 x0 ^= x3; 1430 x4 = (x4 >>> 7) | (x4 << 25); 1431 x3 = (x3 >>> 1) | (x3 << 31); 1432 x3 ^= x0; 1433 x2 = x0 << 3; 1434 x4 ^= x2; 1435 x0 = (x0 >>> 13) | (x0 << 19); 1436 x3 ^= x1; 1437 x4 ^= x1; 1438 x1 = (x1 >>> 3) | (x1 << 29); 1439 x2 = x1; 1440 x1 ^= x0; 1441 x0 &= x4; 1442 x1 = ~x1; 1443 x2 |= x4; 1444 x4 ^= x3; 1445 x3 |= x0; 1446 x0 ^= x1; 1447 x1 &= x2; 1448 x3 ^= x1; 1449 x1 ^= x0; 1450 x0 |= x1; 1451 x4 &= x2; 1452 x0 ^= x4; 1453 x2 ^= x3; 1454 x4 ^= x2; 1455 x2 |= x0; 1456 x4 ^= x1; 1457 x2 ^= x1; 1458 } 1459 1460 /** S-Box 0. */ sbox0(int r0, int r1, int r2, int r3)1461 private void sbox0(int r0, int r1, int r2, int r3) 1462 { 1463 int r4 = r1 ^ r2; 1464 r3 ^= r0; 1465 r1 = r1 & r3 ^ r0; 1466 r0 = (r0 | r3) ^ r4; 1467 r4 ^= r3; 1468 r3 ^= r2; 1469 r2 = (r2 | r1) ^ r4; 1470 r4 = ~r4 | r1; 1471 r1 ^= r3 ^ r4; 1472 r3 |= r0; 1473 x0 = r1 ^ r3; 1474 x1 = r4 ^ r3; 1475 x2 = r2; 1476 x3 = r0; 1477 } 1478 1479 /** S-Box 1. */ sbox1(int r0, int r1, int r2, int r3)1480 private void sbox1(int r0, int r1, int r2, int r3) 1481 { 1482 r0 = ~r0; 1483 int r4 = r0; 1484 r2 = ~r2; 1485 r0 &= r1; 1486 r2 ^= r0; 1487 r0 |= r3; 1488 r3 ^= r2; 1489 r1 ^= r0; 1490 r0 ^= r4; 1491 r4 |= r1; 1492 r1 ^= r3; 1493 r2 = (r2 | r0) & r4; 1494 r0 ^= r1; 1495 x0 = r2; 1496 x1 = r0 & r2 ^ r4; 1497 x2 = r3; 1498 x3 = r1 & r2 ^ r0; 1499 } 1500 1501 /** S-Box 2. */ sbox2(int r0, int r1, int r2, int r3)1502 private void sbox2(int r0, int r1, int r2, int r3) 1503 { 1504 int r4 = r0; 1505 r0 = r0 & r2 ^ r3; 1506 r2 = r2 ^ r1 ^ r0; 1507 r3 = (r3 | r4) ^ r1; 1508 r4 ^= r2; 1509 r1 = r3; 1510 r3 = (r3 | r4) ^ r0; 1511 r0 &= r1; 1512 r4 ^= r0; 1513 x0 = r2; 1514 x1 = r3; 1515 x2 = r1 ^ r3 ^ r4; 1516 x3 = ~r4; 1517 } 1518 1519 /** S-Box 3. */ sbox3(int r0, int r1, int r2, int r3)1520 private void sbox3(int r0, int r1, int r2, int r3) 1521 { 1522 int r4 = r0; 1523 r0 |= r3; 1524 r3 ^= r1; 1525 r1 &= r4; 1526 r4 = r4 ^ r2 | r1; 1527 r2 ^= r3; 1528 r3 = r3 & r0 ^ r4; 1529 r0 ^= r1; 1530 r4 = r4 & r0 ^ r2; 1531 r1 = (r1 ^ r3 | r0) ^ r2; 1532 r0 ^= r3; 1533 x0 = (r1 | r3) ^ r0; 1534 x1 = r1; 1535 x2 = r3; 1536 x3 = r4; 1537 } 1538 1539 /** S-Box 4. */ sbox4(int r0, int r1, int r2, int r3)1540 private void sbox4(int r0, int r1, int r2, int r3) 1541 { 1542 r1 ^= r3; 1543 int r4 = r1; 1544 r3 = ~r3; 1545 r2 ^= r3; 1546 r3 ^= r0; 1547 r1 = r1 & r3 ^ r2; 1548 r4 ^= r3; 1549 r0 ^= r4; 1550 r2 = r2 & r4 ^ r0; 1551 r0 &= r1; 1552 r3 ^= r0; 1553 r4 = (r4 | r1) ^ r0; 1554 x0 = r1; 1555 x1 = r4 ^ (r2 & r3); 1556 x2 = ~((r0 | r3) ^ r2); 1557 x3 = r3; 1558 } 1559 1560 /** S-Box 5. */ sbox5(int r0, int r1, int r2, int r3)1561 private void sbox5(int r0, int r1, int r2, int r3) 1562 { 1563 r0 ^= r1; 1564 r1 ^= r3; 1565 int r4 = r1; 1566 r3 = ~r3; 1567 r1 &= r0; 1568 r2 ^= r3; 1569 r1 ^= r2; 1570 r2 |= r4; 1571 r4 ^= r3; 1572 r3 = r3 & r1 ^ r0; 1573 r4 = r4 ^ r1 ^ r2; 1574 x0 = r1; 1575 x1 = r3; 1576 x2 = r0 & r3 ^ r4; 1577 x3 = ~(r2 ^ r0) ^ (r4 | r3); 1578 } 1579 1580 /** S-Box 6. */ sbox6(int r0, int r1, int r2, int r3)1581 private void sbox6(int r0, int r1, int r2, int r3) 1582 { 1583 int r4 = r3; 1584 r2 = ~r2; 1585 r3 = r3 & r0 ^ r2; 1586 r0 ^= r4; 1587 r2 = (r2 | r4) ^ r0; 1588 r1 ^= r3; 1589 r0 |= r1; 1590 r2 ^= r1; 1591 r4 ^= r0; 1592 r0 = (r0 | r3) ^ r2; 1593 r4 = r4 ^ r3 ^ r0; 1594 x0 = r0; 1595 x1 = r1; 1596 x2 = r4; 1597 x3 = r2 & r4 ^ ~r3; 1598 } 1599 1600 /** S-Box 7. */ sbox7(int r0, int r1, int r2, int r3)1601 private void sbox7(int r0, int r1, int r2, int r3) 1602 { 1603 int r4 = r1; 1604 r1 = (r1 | r2) ^ r3; 1605 r4 ^= r2; 1606 r2 ^= r1; 1607 r3 = (r3 | r4) & r0; 1608 r4 ^= r2; 1609 r3 ^= r1; 1610 r1 = (r1 | r4) ^ r0; 1611 r0 = (r0 | r4) ^ r2; 1612 r1 ^= r4; 1613 r2 ^= r1; 1614 x0 = r4 ^ (~r2 | r0); 1615 x1 = r3; 1616 x2 = r1 & r0 ^ r4; 1617 x3 = r0; 1618 } 1619 1620 private class Key 1621 implements Cloneable 1622 { 1623 int k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, k10, k11, k12, k13, k14, k15, 1624 k16, k17, k18, k19, k20, k21, k22, k23, k24, k25, k26, k27, k28, k29, 1625 k30, k31, k32, k33, k34, k35, k36, k37, k38, k39, k40, k41, k42, k43, 1626 k44, k45, k46, k47, k48, k49, k50, k51, k52, k53, k54, k55, k56, k57, 1627 k58, k59, k60, k61, k62, k63, k64, k65, k66, k67, k68, k69, k70, k71, 1628 k72, k73, k74, k75, k76, k77, k78, k79, k80, k81, k82, k83, k84, k85, 1629 k86, k87, k88, k89, k90, k91, k92, k93, k94, k95, k96, k97, k98, k99, 1630 k100, k101, k102, k103, k104, k105, k106, k107, k108, k109, k110, k111, 1631 k112, k113, k114, k115, k116, k117, k118, k119, k120, k121, k122, k123, 1632 k124, k125, k126, k127, k128, k129, k130, k131; 1633 1634 /** Trivial 0-arguments constructor. */ Key()1635 Key() 1636 { 1637 } 1638 1639 /** Cloning constructor. */ Key(Key that)1640 private Key(Key that) 1641 { 1642 this.k0 = that.k0; 1643 this.k1 = that.k1; 1644 this.k2 = that.k2; 1645 this.k3 = that.k3; 1646 this.k4 = that.k4; 1647 this.k5 = that.k5; 1648 this.k6 = that.k6; 1649 this.k7 = that.k7; 1650 this.k8 = that.k8; 1651 this.k9 = that.k9; 1652 this.k10 = that.k10; 1653 this.k11 = that.k11; 1654 this.k12 = that.k12; 1655 this.k13 = that.k13; 1656 this.k14 = that.k14; 1657 this.k15 = that.k15; 1658 this.k16 = that.k16; 1659 this.k17 = that.k17; 1660 this.k18 = that.k18; 1661 this.k19 = that.k19; 1662 this.k20 = that.k20; 1663 this.k21 = that.k21; 1664 this.k22 = that.k22; 1665 this.k23 = that.k23; 1666 this.k24 = that.k24; 1667 this.k25 = that.k25; 1668 this.k26 = that.k26; 1669 this.k27 = that.k27; 1670 this.k28 = that.k28; 1671 this.k29 = that.k29; 1672 this.k30 = that.k30; 1673 this.k31 = that.k31; 1674 this.k32 = that.k32; 1675 this.k33 = that.k33; 1676 this.k34 = that.k34; 1677 this.k35 = that.k35; 1678 this.k36 = that.k36; 1679 this.k37 = that.k37; 1680 this.k38 = that.k38; 1681 this.k39 = that.k39; 1682 this.k40 = that.k40; 1683 this.k41 = that.k41; 1684 this.k42 = that.k42; 1685 this.k43 = that.k43; 1686 this.k44 = that.k44; 1687 this.k45 = that.k45; 1688 this.k46 = that.k46; 1689 this.k47 = that.k47; 1690 this.k48 = that.k48; 1691 this.k49 = that.k49; 1692 this.k50 = that.k50; 1693 this.k51 = that.k51; 1694 this.k52 = that.k52; 1695 this.k53 = that.k53; 1696 this.k54 = that.k54; 1697 this.k55 = that.k55; 1698 this.k56 = that.k56; 1699 this.k57 = that.k57; 1700 this.k58 = that.k58; 1701 this.k59 = that.k59; 1702 this.k60 = that.k60; 1703 this.k61 = that.k61; 1704 this.k62 = that.k62; 1705 this.k63 = that.k63; 1706 this.k64 = that.k64; 1707 this.k65 = that.k65; 1708 this.k66 = that.k66; 1709 this.k67 = that.k67; 1710 this.k68 = that.k68; 1711 this.k69 = that.k69; 1712 this.k70 = that.k70; 1713 this.k71 = that.k71; 1714 this.k72 = that.k72; 1715 this.k73 = that.k73; 1716 this.k74 = that.k74; 1717 this.k75 = that.k75; 1718 this.k76 = that.k76; 1719 this.k77 = that.k77; 1720 this.k78 = that.k78; 1721 this.k79 = that.k79; 1722 this.k80 = that.k80; 1723 this.k81 = that.k81; 1724 this.k82 = that.k82; 1725 this.k83 = that.k83; 1726 this.k84 = that.k84; 1727 this.k85 = that.k85; 1728 this.k86 = that.k86; 1729 this.k87 = that.k87; 1730 this.k88 = that.k88; 1731 this.k89 = that.k89; 1732 this.k90 = that.k90; 1733 this.k91 = that.k91; 1734 this.k92 = that.k92; 1735 this.k93 = that.k93; 1736 this.k94 = that.k94; 1737 this.k95 = that.k95; 1738 this.k96 = that.k96; 1739 this.k97 = that.k97; 1740 this.k98 = that.k98; 1741 this.k99 = that.k99; 1742 this.k100 = that.k100; 1743 this.k101 = that.k101; 1744 this.k102 = that.k102; 1745 this.k103 = that.k103; 1746 this.k104 = that.k104; 1747 this.k105 = that.k105; 1748 this.k106 = that.k106; 1749 this.k107 = that.k107; 1750 this.k108 = that.k108; 1751 this.k109 = that.k109; 1752 this.k110 = that.k110; 1753 this.k111 = that.k111; 1754 this.k112 = that.k112; 1755 this.k113 = that.k113; 1756 this.k114 = that.k114; 1757 this.k115 = that.k115; 1758 this.k116 = that.k116; 1759 this.k117 = that.k117; 1760 this.k118 = that.k118; 1761 this.k119 = that.k119; 1762 this.k120 = that.k120; 1763 this.k121 = that.k121; 1764 this.k122 = that.k122; 1765 this.k123 = that.k123; 1766 this.k124 = that.k124; 1767 this.k125 = that.k125; 1768 this.k126 = that.k126; 1769 this.k127 = that.k127; 1770 this.k128 = that.k128; 1771 this.k129 = that.k129; 1772 this.k130 = that.k130; 1773 this.k131 = that.k131; 1774 } 1775 clone()1776 public Object clone() 1777 { 1778 return new Key(this); 1779 } 1780 } 1781 } 1782