search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Initial import of truecrypt cracking project.
[delutions.git] / tc / crypto / Serpent.c
blob7d1d0ad3af9b18e1578f0b077ac3b873aa6461d2
1 // serpent.cpp - written and placed in the public domain by Wei Dai
2
3 /* Adapted for TrueCrypt by the TrueCrypt Foundation */
4
5 #ifdef TC_WINDOWS_BOOT
6 #pragma optimize ("t", on)
7 #endif
8
9 #include "Serpent.h"
10 #include "Common/Endian.h"
11
12 #include <memory.h>
13
14 #if defined(_WIN32) && !defined(_DEBUG)
15 #include <stdlib.h>
16 #define rotlFixed _rotl
17 #define rotrFixed _rotr
18 #else
19 #define rotlFixed(x,n) (((x) << (n)) | ((x) >> (32 - (n))))
20 #define rotrFixed(x,n) (((x) >> (n)) | ((x) << (32 - (n))))
21 #endif
22
23 // linear transformation
24 #define LT(i,a,b,c,d,e) {\
25 a = rotlFixed(a, 13); \
26 c = rotlFixed(c, 3); \
27 d = rotlFixed(d ^ c ^ (a << 3), 7); \
28 b = rotlFixed(b ^ a ^ c, 1); \
29 a = rotlFixed(a ^ b ^ d, 5); \
30 c = rotlFixed(c ^ d ^ (b << 7), 22);}
31
32 // inverse linear transformation
33 #define ILT(i,a,b,c,d,e) {\
34 c = rotrFixed(c, 22); \
35 a = rotrFixed(a, 5); \
36 c ^= d ^ (b << 7); \
37 a ^= b ^ d; \
38 b = rotrFixed(b, 1); \
39 d = rotrFixed(d, 7) ^ c ^ (a << 3); \
40 b ^= a ^ c; \
41 c = rotrFixed(c, 3); \
42 a = rotrFixed(a, 13);}
43
44 // order of output from S-box functions
45 #define beforeS0(f) f(0,a,b,c,d,e)
46 #define afterS0(f) f(1,b,e,c,a,d)
47 #define afterS1(f) f(2,c,b,a,e,d)
48 #define afterS2(f) f(3,a,e,b,d,c)
49 #define afterS3(f) f(4,e,b,d,c,a)
50 #define afterS4(f) f(5,b,a,e,c,d)
51 #define afterS5(f) f(6,a,c,b,e,d)
52 #define afterS6(f) f(7,a,c,d,b,e)
53 #define afterS7(f) f(8,d,e,b,a,c)
54
55 // order of output from inverse S-box functions
56 #define beforeI7(f) f(8,a,b,c,d,e)
57 #define afterI7(f) f(7,d,a,b,e,c)
58 #define afterI6(f) f(6,a,b,c,e,d)
59 #define afterI5(f) f(5,b,d,e,c,a)
60 #define afterI4(f) f(4,b,c,e,a,d)
61 #define afterI3(f) f(3,a,b,e,c,d)
62 #define afterI2(f) f(2,b,d,e,c,a)
63 #define afterI1(f) f(1,a,b,c,e,d)
64 #define afterI0(f) f(0,a,d,b,e,c)
65
66 // The instruction sequences for the S-box functions
67 // come from Dag Arne Osvik's paper "Speeding up Serpent".
68
69 #define S0(i, r0, r1, r2, r3, r4) \
70 { \
71 r3 ^= r0; \
72 r4 = r1; \
73 r1 &= r3; \
74 r4 ^= r2; \
75 r1 ^= r0; \
76 r0 |= r3; \
77 r0 ^= r4; \
78 r4 ^= r3; \
79 r3 ^= r2; \
80 r2 |= r1; \
81 r2 ^= r4; \
82 r4 = ~r4; \
83 r4 |= r1; \
84 r1 ^= r3; \
85 r1 ^= r4; \
86 r3 |= r0; \
87 r1 ^= r3; \
88 r4 ^= r3; \
89 }
90
91 #define I0(i, r0, r1, r2, r3, r4) \
92 { \
93 r2 = ~r2; \
94 r4 = r1; \
95 r1 |= r0; \
96 r4 = ~r4; \
97 r1 ^= r2; \
98 r2 |= r4; \
99 r1 ^= r3; \
100 r0 ^= r4; \
101 r2 ^= r0; \
102 r0 &= r3; \
103 r4 ^= r0; \
104 r0 |= r1; \
105 r0 ^= r2; \
106 r3 ^= r4; \
107 r2 ^= r1; \
108 r3 ^= r0; \
109 r3 ^= r1; \
110 r2 &= r3; \
111 r4 ^= r2; \
112 }
113
114 #define S1(i, r0, r1, r2, r3, r4) \
115 { \
116 r0 = ~r0; \
117 r2 = ~r2; \
118 r4 = r0; \
119 r0 &= r1; \
120 r2 ^= r0; \
121 r0 |= r3; \
122 r3 ^= r2; \
123 r1 ^= r0; \
124 r0 ^= r4; \
125 r4 |= r1; \
126 r1 ^= r3; \
127 r2 |= r0; \
128 r2 &= r4; \
129 r0 ^= r1; \
130 r1 &= r2; \
131 r1 ^= r0; \
132 r0 &= r2; \
133 r0 ^= r4; \
134 }
135
136 #define I1(i, r0, r1, r2, r3, r4) \
137 { \
138 r4 = r1; \
139 r1 ^= r3; \
140 r3 &= r1; \
141 r4 ^= r2; \
142 r3 ^= r0; \
143 r0 |= r1; \
144 r2 ^= r3; \
145 r0 ^= r4; \
146 r0 |= r2; \
147 r1 ^= r3; \
148 r0 ^= r1; \
149 r1 |= r3; \
150 r1 ^= r0; \
151 r4 = ~r4; \
152 r4 ^= r1; \
153 r1 |= r0; \
154 r1 ^= r0; \
155 r1 |= r4; \
156 r3 ^= r1; \
157 }
158
159 #define S2(i, r0, r1, r2, r3, r4) \
160 { \
161 r4 = r0; \
162 r0 &= r2; \
163 r0 ^= r3; \
164 r2 ^= r1; \
165 r2 ^= r0; \
166 r3 |= r4; \
167 r3 ^= r1; \
168 r4 ^= r2; \
169 r1 = r3; \
170 r3 |= r4; \
171 r3 ^= r0; \
172 r0 &= r1; \
173 r4 ^= r0; \
174 r1 ^= r3; \
175 r1 ^= r4; \
176 r4 = ~r4; \
177 }
178
179 #define I2(i, r0, r1, r2, r3, r4) \
180 { \
181 r2 ^= r3; \
182 r3 ^= r0; \
183 r4 = r3; \
184 r3 &= r2; \
185 r3 ^= r1; \
186 r1 |= r2; \
187 r1 ^= r4; \
188 r4 &= r3; \
189 r2 ^= r3; \
190 r4 &= r0; \
191 r4 ^= r2; \
192 r2 &= r1; \
193 r2 |= r0; \
194 r3 = ~r3; \
195 r2 ^= r3; \
196 r0 ^= r3; \
197 r0 &= r1; \
198 r3 ^= r4; \
199 r3 ^= r0; \
200 }
201
202 #define S3(i, r0, r1, r2, r3, r4) \
203 { \
204 r4 = r0; \
205 r0 |= r3; \
206 r3 ^= r1; \
207 r1 &= r4; \
208 r4 ^= r2; \
209 r2 ^= r3; \
210 r3 &= r0; \
211 r4 |= r1; \
212 r3 ^= r4; \
213 r0 ^= r1; \
214 r4 &= r0; \
215 r1 ^= r3; \
216 r4 ^= r2; \
217 r1 |= r0; \
218 r1 ^= r2; \
219 r0 ^= r3; \
220 r2 = r1; \
221 r1 |= r3; \
222 r1 ^= r0; \
223 }
224
225 #define I3(i, r0, r1, r2, r3, r4) \
226 { \
227 r4 = r2; \
228 r2 ^= r1; \
229 r1 &= r2; \
230 r1 ^= r0; \
231 r0 &= r4; \
232 r4 ^= r3; \
233 r3 |= r1; \
234 r3 ^= r2; \
235 r0 ^= r4; \
236 r2 ^= r0; \
237 r0 |= r3; \
238 r0 ^= r1; \
239 r4 ^= r2; \
240 r2 &= r3; \
241 r1 |= r3; \
242 r1 ^= r2; \
243 r4 ^= r0; \
244 r2 ^= r4; \
245 }
246
247 #define S4(i, r0, r1, r2, r3, r4) \
248 { \
249 r1 ^= r3; \
250 r3 = ~r3; \
251 r2 ^= r3; \
252 r3 ^= r0; \
253 r4 = r1; \
254 r1 &= r3; \
255 r1 ^= r2; \
256 r4 ^= r3; \
257 r0 ^= r4; \
258 r2 &= r4; \
259 r2 ^= r0; \
260 r0 &= r1; \
261 r3 ^= r0; \
262 r4 |= r1; \
263 r4 ^= r0; \
264 r0 |= r3; \
265 r0 ^= r2; \
266 r2 &= r3; \
267 r0 = ~r0; \
268 r4 ^= r2; \
269 }
270
271 #define I4(i, r0, r1, r2, r3, r4) \
272 { \
273 r4 = r2; \
274 r2 &= r3; \
275 r2 ^= r1; \
276 r1 |= r3; \
277 r1 &= r0; \
278 r4 ^= r2; \
279 r4 ^= r1; \
280 r1 &= r2; \
281 r0 = ~r0; \
282 r3 ^= r4; \
283 r1 ^= r3; \
284 r3 &= r0; \
285 r3 ^= r2; \
286 r0 ^= r1; \
287 r2 &= r0; \
288 r3 ^= r0; \
289 r2 ^= r4; \
290 r2 |= r3; \
291 r3 ^= r0; \
292 r2 ^= r1; \
293 }
294
295 #define S5(i, r0, r1, r2, r3, r4) \
296 { \
297 r0 ^= r1; \
298 r1 ^= r3; \
299 r3 = ~r3; \
300 r4 = r1; \
301 r1 &= r0; \
302 r2 ^= r3; \
303 r1 ^= r2; \
304 r2 |= r4; \
305 r4 ^= r3; \
306 r3 &= r1; \
307 r3 ^= r0; \
308 r4 ^= r1; \
309 r4 ^= r2; \
310 r2 ^= r0; \
311 r0 &= r3; \
312 r2 = ~r2; \
313 r0 ^= r4; \
314 r4 |= r3; \
315 r2 ^= r4; \
316 }
317
318 #define I5(i, r0, r1, r2, r3, r4) \
319 { \
320 r1 = ~r1; \
321 r4 = r3; \
322 r2 ^= r1; \
323 r3 |= r0; \
324 r3 ^= r2; \
325 r2 |= r1; \
326 r2 &= r0; \
327 r4 ^= r3; \
328 r2 ^= r4; \
329 r4 |= r0; \
330 r4 ^= r1; \
331 r1 &= r2; \
332 r1 ^= r3; \
333 r4 ^= r2; \
334 r3 &= r4; \
335 r4 ^= r1; \
336 r3 ^= r0; \
337 r3 ^= r4; \
338 r4 = ~r4; \
339 }
340
341 #define S6(i, r0, r1, r2, r3, r4) \
342 { \
343 r2 = ~r2; \
344 r4 = r3; \
345 r3 &= r0; \
346 r0 ^= r4; \
347 r3 ^= r2; \
348 r2 |= r4; \
349 r1 ^= r3; \
350 r2 ^= r0; \
351 r0 |= r1; \
352 r2 ^= r1; \
353 r4 ^= r0; \
354 r0 |= r3; \
355 r0 ^= r2; \
356 r4 ^= r3; \
357 r4 ^= r0; \
358 r3 = ~r3; \
359 r2 &= r4; \
360 r2 ^= r3; \
361 }
362
363 #define I6(i, r0, r1, r2, r3, r4) \
364 { \
365 r0 ^= r2; \
366 r4 = r2; \
367 r2 &= r0; \
368 r4 ^= r3; \
369 r2 = ~r2; \
370 r3 ^= r1; \
371 r2 ^= r3; \
372 r4 |= r0; \
373 r0 ^= r2; \
374 r3 ^= r4; \
375 r4 ^= r1; \
376 r1 &= r3; \
377 r1 ^= r0; \
378 r0 ^= r3; \
379 r0 |= r2; \
380 r3 ^= r1; \
381 r4 ^= r0; \
382 }
383
384 #define S7(i, r0, r1, r2, r3, r4) \
385 { \
386 r4 = r2; \
387 r2 &= r1; \
388 r2 ^= r3; \
389 r3 &= r1; \
390 r4 ^= r2; \
391 r2 ^= r1; \
392 r1 ^= r0; \
393 r0 |= r4; \
394 r0 ^= r2; \
395 r3 ^= r1; \
396 r2 ^= r3; \
397 r3 &= r0; \
398 r3 ^= r4; \
399 r4 ^= r2; \
400 r2 &= r0; \
401 r4 = ~r4; \
402 r2 ^= r4; \
403 r4 &= r0; \
404 r1 ^= r3; \
405 r4 ^= r1; \
406 }
407
408 #define I7(i, r0, r1, r2, r3, r4) \
409 { \
410 r4 = r2; \
411 r2 ^= r0; \
412 r0 &= r3; \
413 r2 = ~r2; \
414 r4 |= r3; \
415 r3 ^= r1; \
416 r1 |= r0; \
417 r0 ^= r2; \
418 r2 &= r4; \
419 r1 ^= r2; \
420 r2 ^= r0; \
421 r0 |= r2; \
422 r3 &= r4; \
423 r0 ^= r3; \
424 r4 ^= r1; \
425 r3 ^= r4; \
426 r4 |= r0; \
427 r3 ^= r2; \
428 r4 ^= r2; \
429 }
430
431 // key xor
432 #define KX(r, a, b, c, d, e) {\
433 a ^= k[4 * r + 0]; \
434 b ^= k[4 * r + 1]; \
435 c ^= k[4 * r + 2]; \
436 d ^= k[4 * r + 3];}
437
438
439 #ifdef TC_MINIMIZE_CODE_SIZE
440
441 static void S0f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
442 {
443 *r3 ^= *r0;
444 *r4 = *r1;
445 *r1 &= *r3;
446 *r4 ^= *r2;
447 *r1 ^= *r0;
448 *r0 |= *r3;
449 *r0 ^= *r4;
450 *r4 ^= *r3;
451 *r3 ^= *r2;
452 *r2 |= *r1;
453 *r2 ^= *r4;
454 *r4 = ~*r4;
455 *r4 |= *r1;
456 *r1 ^= *r3;
457 *r1 ^= *r4;
458 *r3 |= *r0;
459 *r1 ^= *r3;
460 *r4 ^= *r3;
461 }
462
463 static void S1f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
464 {
465 *r0 = ~*r0;
466 *r2 = ~*r2;
467 *r4 = *r0;
468 *r0 &= *r1;
469 *r2 ^= *r0;
470 *r0 |= *r3;
471 *r3 ^= *r2;
472 *r1 ^= *r0;
473 *r0 ^= *r4;
474 *r4 |= *r1;
475 *r1 ^= *r3;
476 *r2 |= *r0;
477 *r2 &= *r4;
478 *r0 ^= *r1;
479 *r1 &= *r2;
480 *r1 ^= *r0;
481 *r0 &= *r2;
482 *r0 ^= *r4;
483 }
484
485 static void S2f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
486 {
487 *r4 = *r0;
488 *r0 &= *r2;
489 *r0 ^= *r3;
490 *r2 ^= *r1;
491 *r2 ^= *r0;
492 *r3 |= *r4;
493 *r3 ^= *r1;
494 *r4 ^= *r2;
495 *r1 = *r3;
496 *r3 |= *r4;
497 *r3 ^= *r0;
498 *r0 &= *r1;
499 *r4 ^= *r0;
500 *r1 ^= *r3;
501 *r1 ^= *r4;
502 *r4 = ~*r4;
503 }
504
505 static void S3f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
506 {
507 *r4 = *r0;
508 *r0 |= *r3;
509 *r3 ^= *r1;
510 *r1 &= *r4;
511 *r4 ^= *r2;
512 *r2 ^= *r3;
513 *r3 &= *r0;
514 *r4 |= *r1;
515 *r3 ^= *r4;
516 *r0 ^= *r1;
517 *r4 &= *r0;
518 *r1 ^= *r3;
519 *r4 ^= *r2;
520 *r1 |= *r0;
521 *r1 ^= *r2;
522 *r0 ^= *r3;
523 *r2 = *r1;
524 *r1 |= *r3;
525 *r1 ^= *r0;
526 }
527
528 static void S4f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
529 {
530 *r1 ^= *r3;
531 *r3 = ~*r3;
532 *r2 ^= *r3;
533 *r3 ^= *r0;
534 *r4 = *r1;
535 *r1 &= *r3;
536 *r1 ^= *r2;
537 *r4 ^= *r3;
538 *r0 ^= *r4;
539 *r2 &= *r4;
540 *r2 ^= *r0;
541 *r0 &= *r1;
542 *r3 ^= *r0;
543 *r4 |= *r1;
544 *r4 ^= *r0;
545 *r0 |= *r3;
546 *r0 ^= *r2;
547 *r2 &= *r3;
548 *r0 = ~*r0;
549 *r4 ^= *r2;
550 }
551
552 static void S5f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
553 {
554 *r0 ^= *r1;
555 *r1 ^= *r3;
556 *r3 = ~*r3;
557 *r4 = *r1;
558 *r1 &= *r0;
559 *r2 ^= *r3;
560 *r1 ^= *r2;
561 *r2 |= *r4;
562 *r4 ^= *r3;
563 *r3 &= *r1;
564 *r3 ^= *r0;
565 *r4 ^= *r1;
566 *r4 ^= *r2;
567 *r2 ^= *r0;
568 *r0 &= *r3;
569 *r2 = ~*r2;
570 *r0 ^= *r4;
571 *r4 |= *r3;
572 *r2 ^= *r4;
573 }
574
575 static void S6f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
576 {
577 *r2 = ~*r2;
578 *r4 = *r3;
579 *r3 &= *r0;
580 *r0 ^= *r4;
581 *r3 ^= *r2;
582 *r2 |= *r4;
583 *r1 ^= *r3;
584 *r2 ^= *r0;
585 *r0 |= *r1;
586 *r2 ^= *r1;
587 *r4 ^= *r0;
588 *r0 |= *r3;
589 *r0 ^= *r2;
590 *r4 ^= *r3;
591 *r4 ^= *r0;
592 *r3 = ~*r3;
593 *r2 &= *r4;
594 *r2 ^= *r3;
595 }
596
597 static void S7f (unsigned __int32 *r0, unsigned __int32 *r1, unsigned __int32 *r2, unsigned __int32 *r3, unsigned __int32 *r4)
598 {
599 *r4 = *r2;
600 *r2 &= *r1;
601 *r2 ^= *r3;
602 *r3 &= *r1;
603 *r4 ^= *r2;
604 *r2 ^= *r1;
605 *r1 ^= *r0;
606 *r0 |= *r4;
607 *r0 ^= *r2;
608 *r3 ^= *r1;
609 *r2 ^= *r3;
610 *r3 &= *r0;
611 *r3 ^= *r4;
612 *r4 ^= *r2;
613 *r2 &= *r0;
614 *r4 = ~*r4;
615 *r2 ^= *r4;
616 *r4 &= *r0;
617 *r1 ^= *r3;
618 *r4 ^= *r1;
619 }
620
621 static void KXf (const unsigned __int32 *k, unsigned int r, unsigned __int32 *a, unsigned __int32 *b, unsigned __int32 *c, unsigned __int32 *d)
622 {
623 *a ^= k[r];
624 *b ^= k[r + 1];
625 *c ^= k[r + 2];
626 *d ^= k[r + 3];
627 }
628
629 #endif // TC_MINIMIZE_CODE_SIZE
630
631 #ifndef TC_MINIMIZE_CODE_SIZE
632
633 void serpent_set_key(const unsigned __int8 userKey[], int keylen, unsigned __int8 *ks)
634 {
635 unsigned __int32 a,b,c,d,e;
636 unsigned __int32 *k = (unsigned __int32 *)ks;
637 unsigned __int32 t;
638 int i;
639
640 for (i = 0; i < keylen / (int)sizeof(__int32); i++)
641 k[i] = LE32(((unsigned __int32*)userKey)[i]);
642
643 if (keylen < 32)
644 k[keylen/4] |= (unsigned __int32)1 << ((keylen%4)*8);
645
646 k += 8;
647 t = k[-1];
648 for (i = 0; i < 132; ++i)
649 k[i] = t = rotlFixed(k[i-8] ^ k[i-5] ^ k[i-3] ^ t ^ 0x9e3779b9 ^ i, 11);
650 k -= 20;
651
652 #define LK(r, a, b, c, d, e) {\
653 a = k[(8-r)*4 + 0]; \
654 b = k[(8-r)*4 + 1]; \
655 c = k[(8-r)*4 + 2]; \
656 d = k[(8-r)*4 + 3];}
657
658 #define SK(r, a, b, c, d, e) {\
659 k[(8-r)*4 + 4] = a; \
660 k[(8-r)*4 + 5] = b; \
661 k[(8-r)*4 + 6] = c; \
662 k[(8-r)*4 + 7] = d;} \
663
664 for (i=0; i<4; i++)
665 {
666 afterS2(LK); afterS2(S3); afterS3(SK);
667 afterS1(LK); afterS1(S2); afterS2(SK);
668 afterS0(LK); afterS0(S1); afterS1(SK);
669 beforeS0(LK); beforeS0(S0); afterS0(SK);
670 k += 8*4;
671 afterS6(LK); afterS6(S7); afterS7(SK);
672 afterS5(LK); afterS5(S6); afterS6(SK);
673 afterS4(LK); afterS4(S5); afterS5(SK);
674 afterS3(LK); afterS3(S4); afterS4(SK);
675 }
676 afterS2(LK); afterS2(S3); afterS3(SK);
677 }
678
679 #else // TC_MINIMIZE_CODE_SIZE
680
681 static void LKf (unsigned __int32 *k, unsigned int r, unsigned __int32 *a, unsigned __int32 *b, unsigned __int32 *c, unsigned __int32 *d)
682 {
683 *a = k[r];
684 *b = k[r + 1];
685 *c = k[r + 2];
686 *d = k[r + 3];
687 }
688
689 static void SKf (unsigned __int32 *k, unsigned int r, unsigned __int32 *a, unsigned __int32 *b, unsigned __int32 *c, unsigned __int32 *d)
690 {
691 k[r + 4] = *a;
692 k[r + 5] = *b;
693 k[r + 6] = *c;
694 k[r + 7] = *d;
695 }
696
697 void serpent_set_key(const unsigned __int8 userKey[], int keylen, unsigned __int8 *ks)
698 {
699 unsigned __int32 a,b,c,d,e;
700 unsigned __int32 *k = (unsigned __int32 *)ks;
701 unsigned __int32 t;
702 int i;
703
704 for (i = 0; i < keylen / (int)sizeof(__int32); i++)
705 k[i] = LE32(((unsigned __int32*)userKey)[i]);
706
707 if (keylen < 32)
708 k[keylen/4] |= (unsigned __int32)1 << ((keylen%4)*8);
709
710 k += 8;
711 t = k[-1];
712 for (i = 0; i < 132; ++i)
713 k[i] = t = rotlFixed(k[i-8] ^ k[i-5] ^ k[i-3] ^ t ^ 0x9e3779b9 ^ i, 11);
714 k -= 20;
715
716 for (i=0; i<4; i++)
717 {
718 LKf (k, 20, &a, &e, &b, &d); S3f (&a, &e, &b, &d, &c); SKf (k, 16, &e, &b, &d, &c);
719 LKf (k, 24, &c, &b, &a, &e); S2f (&c, &b, &a, &e, &d); SKf (k, 20, &a, &e, &b, &d);
720 LKf (k, 28, &b, &e, &c, &a); S1f (&b, &e, &c, &a, &d); SKf (k, 24, &c, &b, &a, &e);
721 LKf (k, 32, &a, &b, &c, &d); S0f (&a, &b, &c, &d, &e); SKf (k, 28, &b, &e, &c, &a);
722 k += 8*4;
723 LKf (k, 4, &a, &c, &d, &b); S7f (&a, &c, &d, &b, &e); SKf (k, 0, &d, &e, &b, &a);
724 LKf (k, 8, &a, &c, &b, &e); S6f (&a, &c, &b, &e, &d); SKf (k, 4, &a, &c, &d, &b);
725 LKf (k, 12, &b, &a, &e, &c); S5f (&b, &a, &e, &c, &d); SKf (k, 8, &a, &c, &b, &e);
726 LKf (k, 16, &e, &b, &d, &c); S4f (&e, &b, &d, &c, &a); SKf (k, 12, &b, &a, &e, &c);
727 }
728 LKf (k, 20, &a, &e, &b, &d); S3f (&a, &e, &b, &d, &c); SKf (k, 16, &e, &b, &d, &c);
729 }
730
731 #endif // TC_MINIMIZE_CODE_SIZE
732
733
734 #ifndef TC_MINIMIZE_CODE_SIZE
735
736 void serpent_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks)
737 {
738 unsigned __int32 a, b, c, d, e;
739 unsigned int i=1;
740 const unsigned __int32 *k = (unsigned __int32 *)ks + 8;
741 unsigned __int32 *in = (unsigned __int32 *) inBlock;
742 unsigned __int32 *out = (unsigned __int32 *) outBlock;
743
744 a = LE32(in[0]);
745 b = LE32(in[1]);
746 c = LE32(in[2]);
747 d = LE32(in[3]);
748
749 do
750 {
751 beforeS0(KX); beforeS0(S0); afterS0(LT);
752 afterS0(KX); afterS0(S1); afterS1(LT);
753 afterS1(KX); afterS1(S2); afterS2(LT);
754 afterS2(KX); afterS2(S3); afterS3(LT);
755 afterS3(KX); afterS3(S4); afterS4(LT);
756 afterS4(KX); afterS4(S5); afterS5(LT);
757 afterS5(KX); afterS5(S6); afterS6(LT);
758 afterS6(KX); afterS6(S7);
759
760 if (i == 4)
761 break;
762
763 ++i;
764 c = b;
765 b = e;
766 e = d;
767 d = a;
768 a = e;
769 k += 32;
770 beforeS0(LT);
771 }
772 while (1);
773
774 afterS7(KX);
775
776 out[0] = LE32(d);
777 out[1] = LE32(e);
778 out[2] = LE32(b);
779 out[3] = LE32(a);
780 }
781
782 #else // TC_MINIMIZE_CODE_SIZE
783
784 typedef unsigned __int32 uint32;
785
786 static void LTf (uint32 *a, uint32 *b, uint32 *c, uint32 *d)
787 {
788 *a = rotlFixed(*a, 13);
789 *c = rotlFixed(*c, 3);
790 *d = rotlFixed(*d ^ *c ^ (*a << 3), 7);
791 *b = rotlFixed(*b ^ *a ^ *c, 1);
792 *a = rotlFixed(*a ^ *b ^ *d, 5);
793 *c = rotlFixed(*c ^ *d ^ (*b << 7), 22);
794 }
795
796 void serpent_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks)
797 {
798 unsigned __int32 a, b, c, d, e;
799 unsigned int i=1;
800 const unsigned __int32 *k = (unsigned __int32 *)ks + 8;
801 unsigned __int32 *in = (unsigned __int32 *) inBlock;
802 unsigned __int32 *out = (unsigned __int32 *) outBlock;
803
804 a = LE32(in[0]);
805 b = LE32(in[1]);
806 c = LE32(in[2]);
807 d = LE32(in[3]);
808
809 do
810 {
811 KXf (k, 0, &a, &b, &c, &d); S0f (&a, &b, &c, &d, &e); LTf (&b, &e, &c, &a);
812 KXf (k, 4, &b, &e, &c, &a); S1f (&b, &e, &c, &a, &d); LTf (&c, &b, &a, &e);
813 KXf (k, 8, &c, &b, &a, &e); S2f (&c, &b, &a, &e, &d); LTf (&a, &e, &b, &d);
814 KXf (k, 12, &a, &e, &b, &d); S3f (&a, &e, &b, &d, &c); LTf (&e, &b, &d, &c);
815 KXf (k, 16, &e, &b, &d, &c); S4f (&e, &b, &d, &c, &a); LTf (&b, &a, &e, &c);
816 KXf (k, 20, &b, &a, &e, &c); S5f (&b, &a, &e, &c, &d); LTf (&a, &c, &b, &e);
817 KXf (k, 24, &a, &c, &b, &e); S6f (&a, &c, &b, &e, &d); LTf (&a, &c, &d, &b);
818 KXf (k, 28, &a, &c, &d, &b); S7f (&a, &c, &d, &b, &e);
819
820 if (i == 4)
821 break;
822
823 ++i;
824 c = b;
825 b = e;
826 e = d;
827 d = a;
828 a = e;
829 k += 32;
830 LTf (&a,&b,&c,&d);
831 }
832 while (1);
833
834 KXf (k, 32, &d, &e, &b, &a);
835
836 out[0] = LE32(d);
837 out[1] = LE32(e);
838 out[2] = LE32(b);
839 out[3] = LE32(a);
840 }
841
842 #endif // TC_MINIMIZE_CODE_SIZE
843
844 #if !defined (TC_MINIMIZE_CODE_SIZE) || defined (TC_WINDOWS_BOOT_SERPENT)
845
846 void serpent_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks)
847 {
848 unsigned __int32 a, b, c, d, e;
849 const unsigned __int32 *k = (unsigned __int32 *)ks + 104;
850 unsigned int i=4;
851 unsigned __int32 *in = (unsigned __int32 *) inBlock;
852 unsigned __int32 *out = (unsigned __int32 *) outBlock;
853
854 a = LE32(in[0]);
855 b = LE32(in[1]);
856 c = LE32(in[2]);
857 d = LE32(in[3]);
858
859 beforeI7(KX);
860 goto start;
861
862 do
863 {
864 c = b;
865 b = d;
866 d = e;
867 k -= 32;
868 beforeI7(ILT);
869 start:
870 beforeI7(I7); afterI7(KX);
871 afterI7(ILT); afterI7(I6); afterI6(KX);
872 afterI6(ILT); afterI6(I5); afterI5(KX);
873 afterI5(ILT); afterI5(I4); afterI4(KX);
874 afterI4(ILT); afterI4(I3); afterI3(KX);
875 afterI3(ILT); afterI3(I2); afterI2(KX);
876 afterI2(ILT); afterI2(I1); afterI1(KX);
877 afterI1(ILT); afterI1(I0); afterI0(KX);
878 }
879 while (--i != 0);
880
881 out[0] = LE32(a);
882 out[1] = LE32(d);
883 out[2] = LE32(b);
884 out[3] = LE32(e);
885 }
886
887 #else // TC_MINIMIZE_CODE_SIZE && !TC_WINDOWS_BOOT_SERPENT
888
889 static void ILTf (uint32 *a, uint32 *b, uint32 *c, uint32 *d)
890 {
891 *c = rotrFixed(*c, 22);
892 *a = rotrFixed(*a, 5);
893 *c ^= *d ^ (*b << 7);
894 *a ^= *b ^ *d;
895 *b = rotrFixed(*b, 1);
896 *d = rotrFixed(*d, 7) ^ *c ^ (*a << 3);
897 *b ^= *a ^ *c;
898 *c = rotrFixed(*c, 3);
899 *a = rotrFixed(*a, 13);
900 }
901
902 void serpent_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks)
903 {
904 unsigned __int32 a, b, c, d, e;
905 const unsigned __int32 *k = (unsigned __int32 *)ks + 104;
906 unsigned int i=4;
907 unsigned __int32 *in = (unsigned __int32 *) inBlock;
908 unsigned __int32 *out = (unsigned __int32 *) outBlock;
909
910 a = LE32(in[0]);
911 b = LE32(in[1]);
912 c = LE32(in[2]);
913 d = LE32(in[3]);
914
915 KXf (k, 32, &a, &b, &c, &d);
916 goto start;
917
918 do
919 {
920 c = b;
921 b = d;
922 d = e;
923 k -= 32;
924 beforeI7(ILT);
925 start:
926 beforeI7(I7); KXf (k, 28, &d, &a, &b, &e);
927 ILTf (&d, &a, &b, &e); afterI7(I6); KXf (k, 24, &a, &b, &c, &e);
928 ILTf (&a, &b, &c, &e); afterI6(I5); KXf (k, 20, &b, &d, &e, &c);
929 ILTf (&b, &d, &e, &c); afterI5(I4); KXf (k, 16, &b, &c, &e, &a);
930 ILTf (&b, &c, &e, &a); afterI4(I3); KXf (k, 12, &a, &b, &e, &c);
931 ILTf (&a, &b, &e, &c); afterI3(I2); KXf (k, 8, &b, &d, &e, &c);
932 ILTf (&b, &d, &e, &c); afterI2(I1); KXf (k, 4, &a, &b, &c, &e);
933 ILTf (&a, &b, &c, &e); afterI1(I0); KXf (k, 0, &a, &d, &b, &e);
934 }
935 while (--i != 0);
936
937 out[0] = LE32(a);
938 out[1] = LE32(d);
939 out[2] = LE32(b);
940 out[3] = LE32(e);
941 }
942
943 #endif // TC_MINIMIZE_CODE_SIZE && !TC_WINDOWS_BOOT_SERPENT
Various Bits of Code