serpentp.h

00001 // private header for Serpent and Sosemanuk
00002 
00003 NAMESPACE_BEGIN(CryptoPP)
00004 
00005 // linear transformation
00006 #define LT(i,a,b,c,d,e) {\
00007         a = rotlFixed(a, 13);   \
00008         c = rotlFixed(c, 3);    \
00009         d = rotlFixed(d ^ c ^ (a << 3), 7);     \
00010         b = rotlFixed(b ^ a ^ c, 1);    \
00011         a = rotlFixed(a ^ b ^ d, 5);            \
00012         c = rotlFixed(c ^ d ^ (b << 7), 22);}
00013 
00014 // inverse linear transformation
00015 #define ILT(i,a,b,c,d,e)        {\
00016         c = rotrFixed(c, 22);   \
00017         a = rotrFixed(a, 5);    \
00018         c ^= d ^ (b << 7);      \
00019         a ^= b ^ d;             \
00020         b = rotrFixed(b, 1);    \
00021         d = rotrFixed(d, 7) ^ c ^ (a << 3);     \
00022         b ^= a ^ c;             \
00023         c = rotrFixed(c, 3);    \
00024         a = rotrFixed(a, 13);}
00025 
00026 // order of output from S-box functions
00027 #define beforeS0(f) f(0,a,b,c,d,e)
00028 #define afterS0(f) f(1,b,e,c,a,d)
00029 #define afterS1(f) f(2,c,b,a,e,d)
00030 #define afterS2(f) f(3,a,e,b,d,c)
00031 #define afterS3(f) f(4,e,b,d,c,a)
00032 #define afterS4(f) f(5,b,a,e,c,d)
00033 #define afterS5(f) f(6,a,c,b,e,d)
00034 #define afterS6(f) f(7,a,c,d,b,e)
00035 #define afterS7(f) f(8,d,e,b,a,c)
00036 
00037 // order of output from inverse S-box functions
00038 #define beforeI7(f) f(8,a,b,c,d,e)
00039 #define afterI7(f) f(7,d,a,b,e,c)
00040 #define afterI6(f) f(6,a,b,c,e,d)
00041 #define afterI5(f) f(5,b,d,e,c,a)
00042 #define afterI4(f) f(4,b,c,e,a,d)
00043 #define afterI3(f) f(3,a,b,e,c,d)
00044 #define afterI2(f) f(2,b,d,e,c,a)
00045 #define afterI1(f) f(1,a,b,c,e,d)
00046 #define afterI0(f) f(0,a,d,b,e,c)
00047 
00048 // The instruction sequences for the S-box functions 
00049 // come from Dag Arne Osvik's paper "Speeding up Serpent".
00050 
00051 #define S0(i, r0, r1, r2, r3, r4) \
00052        {           \
00053     r3 ^= r0;   \
00054     r4 = r1;   \
00055     r1 &= r3;   \
00056     r4 ^= r2;   \
00057     r1 ^= r0;   \
00058     r0 |= r3;   \
00059     r0 ^= r4;   \
00060     r4 ^= r3;   \
00061     r3 ^= r2;   \
00062     r2 |= r1;   \
00063     r2 ^= r4;   \
00064     r4 = ~r4;      \
00065     r4 |= r1;   \
00066     r1 ^= r3;   \
00067     r1 ^= r4;   \
00068     r3 |= r0;   \
00069     r1 ^= r3;   \
00070     r4 ^= r3;   \
00071             }
00072 
00073 #define I0(i, r0, r1, r2, r3, r4) \
00074        {           \
00075     r2 = ~r2;      \
00076     r4 = r1;   \
00077     r1 |= r0;   \
00078     r4 = ~r4;      \
00079     r1 ^= r2;   \
00080     r2 |= r4;   \
00081     r1 ^= r3;   \
00082     r0 ^= r4;   \
00083     r2 ^= r0;   \
00084     r0 &= r3;   \
00085     r4 ^= r0;   \
00086     r0 |= r1;   \
00087     r0 ^= r2;   \
00088     r3 ^= r4;   \
00089     r2 ^= r1;   \
00090     r3 ^= r0;   \
00091     r3 ^= r1;   \
00092     r2 &= r3;   \
00093     r4 ^= r2;   \
00094             }
00095 
00096 #define S1(i, r0, r1, r2, r3, r4) \
00097        {           \
00098     r0 = ~r0;      \
00099     r2 = ~r2;      \
00100     r4 = r0;   \
00101     r0 &= r1;   \
00102     r2 ^= r0;   \
00103     r0 |= r3;   \
00104     r3 ^= r2;   \
00105     r1 ^= r0;   \
00106     r0 ^= r4;   \
00107     r4 |= r1;   \
00108     r1 ^= r3;   \
00109     r2 |= r0;   \
00110     r2 &= r4;   \
00111     r0 ^= r1;   \
00112     r1 &= r2;   \
00113     r1 ^= r0;   \
00114     r0 &= r2;   \
00115     r0 ^= r4;   \
00116             }
00117 
00118 #define I1(i, r0, r1, r2, r3, r4) \
00119        {           \
00120     r4 = r1;   \
00121     r1 ^= r3;   \
00122     r3 &= r1;   \
00123     r4 ^= r2;   \
00124     r3 ^= r0;   \
00125     r0 |= r1;   \
00126     r2 ^= r3;   \
00127     r0 ^= r4;   \
00128     r0 |= r2;   \
00129     r1 ^= r3;   \
00130     r0 ^= r1;   \
00131     r1 |= r3;   \
00132     r1 ^= r0;   \
00133     r4 = ~r4;      \
00134     r4 ^= r1;   \
00135     r1 |= r0;   \
00136     r1 ^= r0;   \
00137     r1 |= r4;   \
00138     r3 ^= r1;   \
00139             }
00140 
00141 #define S2(i, r0, r1, r2, r3, r4) \
00142        {           \
00143     r4 = r0;   \
00144     r0 &= r2;   \
00145     r0 ^= r3;   \
00146     r2 ^= r1;   \
00147     r2 ^= r0;   \
00148     r3 |= r4;   \
00149     r3 ^= r1;   \
00150     r4 ^= r2;   \
00151     r1 = r3;   \
00152     r3 |= r4;   \
00153     r3 ^= r0;   \
00154     r0 &= r1;   \
00155     r4 ^= r0;   \
00156     r1 ^= r3;   \
00157     r1 ^= r4;   \
00158     r4 = ~r4;      \
00159             }
00160 
00161 #define I2(i, r0, r1, r2, r3, r4) \
00162        {           \
00163     r2 ^= r3;   \
00164     r3 ^= r0;   \
00165     r4 = r3;   \
00166     r3 &= r2;   \
00167     r3 ^= r1;   \
00168     r1 |= r2;   \
00169     r1 ^= r4;   \
00170     r4 &= r3;   \
00171     r2 ^= r3;   \
00172     r4 &= r0;   \
00173     r4 ^= r2;   \
00174     r2 &= r1;   \
00175     r2 |= r0;   \
00176     r3 = ~r3;      \
00177     r2 ^= r3;   \
00178     r0 ^= r3;   \
00179     r0 &= r1;   \
00180     r3 ^= r4;   \
00181     r3 ^= r0;   \
00182             }
00183 
00184 #define S3(i, r0, r1, r2, r3, r4) \
00185        {           \
00186     r4 = r0;   \
00187     r0 |= r3;   \
00188     r3 ^= r1;   \
00189     r1 &= r4;   \
00190     r4 ^= r2;   \
00191     r2 ^= r3;   \
00192     r3 &= r0;   \
00193     r4 |= r1;   \
00194     r3 ^= r4;   \
00195     r0 ^= r1;   \
00196     r4 &= r0;   \
00197     r1 ^= r3;   \
00198     r4 ^= r2;   \
00199     r1 |= r0;   \
00200     r1 ^= r2;   \
00201     r0 ^= r3;   \
00202     r2 = r1;   \
00203     r1 |= r3;   \
00204     r1 ^= r0;   \
00205             }
00206 
00207 #define I3(i, r0, r1, r2, r3, r4) \
00208        {           \
00209     r4 = r2;   \
00210     r2 ^= r1;   \
00211     r1 &= r2;   \
00212     r1 ^= r0;   \
00213     r0 &= r4;   \
00214     r4 ^= r3;   \
00215     r3 |= r1;   \
00216     r3 ^= r2;   \
00217     r0 ^= r4;   \
00218     r2 ^= r0;   \
00219     r0 |= r3;   \
00220     r0 ^= r1;   \
00221     r4 ^= r2;   \
00222     r2 &= r3;   \
00223     r1 |= r3;   \
00224     r1 ^= r2;   \
00225     r4 ^= r0;   \
00226     r2 ^= r4;   \
00227             }
00228 
00229 #define S4(i, r0, r1, r2, r3, r4) \
00230        {           \
00231     r1 ^= r3;   \
00232     r3 = ~r3;      \
00233     r2 ^= r3;   \
00234     r3 ^= r0;   \
00235     r4 = r1;   \
00236     r1 &= r3;   \
00237     r1 ^= r2;   \
00238     r4 ^= r3;   \
00239     r0 ^= r4;   \
00240     r2 &= r4;   \
00241     r2 ^= r0;   \
00242     r0 &= r1;   \
00243     r3 ^= r0;   \
00244     r4 |= r1;   \
00245     r4 ^= r0;   \
00246     r0 |= r3;   \
00247     r0 ^= r2;   \
00248     r2 &= r3;   \
00249     r0 = ~r0;      \
00250     r4 ^= r2;   \
00251             }
00252 
00253 #define I4(i, r0, r1, r2, r3, r4) \
00254        {           \
00255     r4 = r2;   \
00256     r2 &= r3;   \
00257     r2 ^= r1;   \
00258     r1 |= r3;   \
00259     r1 &= r0;   \
00260     r4 ^= r2;   \
00261     r4 ^= r1;   \
00262     r1 &= r2;   \
00263     r0 = ~r0;      \
00264     r3 ^= r4;   \
00265     r1 ^= r3;   \
00266     r3 &= r0;   \
00267     r3 ^= r2;   \
00268     r0 ^= r1;   \
00269     r2 &= r0;   \
00270     r3 ^= r0;   \
00271     r2 ^= r4;   \
00272     r2 |= r3;   \
00273     r3 ^= r0;   \
00274     r2 ^= r1;   \
00275             }
00276 
00277 #define S5(i, r0, r1, r2, r3, r4) \
00278        {           \
00279     r0 ^= r1;   \
00280     r1 ^= r3;   \
00281     r3 = ~r3;      \
00282     r4 = r1;   \
00283     r1 &= r0;   \
00284     r2 ^= r3;   \
00285     r1 ^= r2;   \
00286     r2 |= r4;   \
00287     r4 ^= r3;   \
00288     r3 &= r1;   \
00289     r3 ^= r0;   \
00290     r4 ^= r1;   \
00291     r4 ^= r2;   \
00292     r2 ^= r0;   \
00293     r0 &= r3;   \
00294     r2 = ~r2;      \
00295     r0 ^= r4;   \
00296     r4 |= r3;   \
00297     r2 ^= r4;   \
00298             }
00299 
00300 #define I5(i, r0, r1, r2, r3, r4) \
00301        {           \
00302     r1 = ~r1;      \
00303     r4 = r3;   \
00304     r2 ^= r1;   \
00305     r3 |= r0;   \
00306     r3 ^= r2;   \
00307     r2 |= r1;   \
00308     r2 &= r0;   \
00309     r4 ^= r3;   \
00310     r2 ^= r4;   \
00311     r4 |= r0;   \
00312     r4 ^= r1;   \
00313     r1 &= r2;   \
00314     r1 ^= r3;   \
00315     r4 ^= r2;   \
00316     r3 &= r4;   \
00317     r4 ^= r1;   \
00318     r3 ^= r0;   \
00319     r3 ^= r4;   \
00320     r4 = ~r4;      \
00321             }
00322 
00323 #define S6(i, r0, r1, r2, r3, r4) \
00324        {           \
00325     r2 = ~r2;      \
00326     r4 = r3;   \
00327     r3 &= r0;   \
00328     r0 ^= r4;   \
00329     r3 ^= r2;   \
00330     r2 |= r4;   \
00331     r1 ^= r3;   \
00332     r2 ^= r0;   \
00333     r0 |= r1;   \
00334     r2 ^= r1;   \
00335     r4 ^= r0;   \
00336     r0 |= r3;   \
00337     r0 ^= r2;   \
00338     r4 ^= r3;   \
00339     r4 ^= r0;   \
00340     r3 = ~r3;      \
00341     r2 &= r4;   \
00342     r2 ^= r3;   \
00343             }
00344 
00345 #define I6(i, r0, r1, r2, r3, r4) \
00346        {           \
00347     r0 ^= r2;   \
00348     r4 = r2;   \
00349     r2 &= r0;   \
00350     r4 ^= r3;   \
00351     r2 = ~r2;      \
00352     r3 ^= r1;   \
00353     r2 ^= r3;   \
00354     r4 |= r0;   \
00355     r0 ^= r2;   \
00356     r3 ^= r4;   \
00357     r4 ^= r1;   \
00358     r1 &= r3;   \
00359     r1 ^= r0;   \
00360     r0 ^= r3;   \
00361     r0 |= r2;   \
00362     r3 ^= r1;   \
00363     r4 ^= r0;   \
00364             }
00365 
00366 #define S7(i, r0, r1, r2, r3, r4) \
00367        {           \
00368     r4 = r2;   \
00369     r2 &= r1;   \
00370     r2 ^= r3;   \
00371     r3 &= r1;   \
00372     r4 ^= r2;   \
00373     r2 ^= r1;   \
00374     r1 ^= r0;   \
00375     r0 |= r4;   \
00376     r0 ^= r2;   \
00377     r3 ^= r1;   \
00378     r2 ^= r3;   \
00379     r3 &= r0;   \
00380     r3 ^= r4;   \
00381     r4 ^= r2;   \
00382     r2 &= r0;   \
00383     r4 = ~r4;      \
00384     r2 ^= r4;   \
00385     r4 &= r0;   \
00386     r1 ^= r3;   \
00387     r4 ^= r1;   \
00388             }
00389 
00390 #define I7(i, r0, r1, r2, r3, r4) \
00391        {           \
00392     r4 = r2;   \
00393     r2 ^= r0;   \
00394     r0 &= r3;   \
00395     r2 = ~r2;      \
00396     r4 |= r3;   \
00397     r3 ^= r1;   \
00398     r1 |= r0;   \
00399     r0 ^= r2;   \
00400     r2 &= r4;   \
00401     r1 ^= r2;   \
00402     r2 ^= r0;   \
00403     r0 |= r2;   \
00404     r3 &= r4;   \
00405     r0 ^= r3;   \
00406     r4 ^= r1;   \
00407     r3 ^= r4;   \
00408     r4 |= r0;   \
00409     r3 ^= r2;   \
00410     r4 ^= r2;   \
00411             }
00412 
00413 // key xor
00414 #define KX(r, a, b, c, d, e)    {\
00415         a ^= k[4 * r + 0]; \
00416         b ^= k[4 * r + 1]; \
00417         c ^= k[4 * r + 2]; \
00418         d ^= k[4 * r + 3];}
00419 
00420 #define LK(r, a, b, c, d, e)    {\
00421         a = k[(8-r)*4 + 0];             \
00422         b = k[(8-r)*4 + 1];             \
00423         c = k[(8-r)*4 + 2];             \
00424         d = k[(8-r)*4 + 3];}
00425 
00426 #define SK(r, a, b, c, d, e)    {\
00427         k[(8-r)*4 + 4] = a;             \
00428         k[(8-r)*4 + 5] = b;             \
00429         k[(8-r)*4 + 6] = c;             \
00430         k[(8-r)*4 + 7] = d;}
00431 
00432 void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen);
00433 
00434 NAMESPACE_END
Generated on Fri Jun 1 11:11:24 2007 for Crypto++ by  doxygen 1.5.2