search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Imported GNU Classpath 0.90
[official-gcc.git] / libjava / classpath / gnu / javax / crypto / cipher / Serpent.java
blobb323b5017b9952851edd45ca9ff265e21ee97e65
1 /* Serpent.java --
2 Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
3
4 This file is a part of GNU Classpath.
5
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or (at
9 your option) any later version.
10
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
19 USA
20
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
24 combination.
25
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
37
38
39 package gnu.javax.crypto.cipher;
40
41 import gnu.java.security.Registry;
42 import gnu.java.security.util.Util;
43
44 import java.security.InvalidKeyException;
45 import java.util.ArrayList;
46 import java.util.Collections;
47 import java.util.Iterator;
48
49 /**
50 * <p>Serpent is a 32-round substitution-permutation network block cipher,
51 * operating on 128-bit blocks and accepting keys of 128, 192, and 256 bits in
52 * length. At each round the plaintext is XORed with a 128 bit portion of the
53 * session key -- a 4224 bit key computed from the input key -- then one of
54 * eight S-boxes are applied, and finally a simple linear transformation is
55 * done. Decryption does the exact same thing in reverse order, and using the
56 * eight inverses of the S-boxes.</p>
57 *
58 * <p>Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen as a
59 * proposed cipher for the Advanced Encryption Standard.</p>
60 *
61 * <p>Serpent can be sped up greatly by replacing S-box substitution with a
62 * sequence of binary operations, and the optimal implementation depends
63 * upon finding the fastest sequence of binary operations that reproduce this
64 * substitution. This implementation uses the S-boxes discovered by
65 * <a href="http://www.ii.uib.no/~osvik/">Dag Arne Osvik</a>, which are
66 * optimized for the Pentium family of processors.</p>
67 *
68 * <p>References:</p>
69 *
70 * <ol>
71 * <li><a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">Serpent: A
72 * Candidate Block Cipher for the Advanced Encryption Standard.</a></li>
73 * </ol>
74 */
75 public class Serpent extends BaseCipher
76 {
77
78 // Constants and variables
79 // -------------------------------------------------------------------------
80
81 private static final int DEFAULT_KEY_SIZE = 16;
82
83 private static final int DEFAULT_BLOCK_SIZE = 16;
84
85 private static final int ROUNDS = 32;
86
87 /** The fractional part of the golden ratio, (sqrt(5)+1)/2. */
88 private static final int PHI = 0x9e3779b9;
89
90 /**
91 * KAT vector (from ecb_vk):
92 * I=9
93 * KEY=008000000000000000000000000000000000000000000000
94 * CT=5587B5BCB9EE5A28BA2BACC418005240
95 */
96 private static final byte[] KAT_KEY = Util.toReversedBytesFromString("008000000000000000000000000000000000000000000000");
97
98 private static final byte[] KAT_CT = Util.toReversedBytesFromString("5587B5BCB9EE5A28BA2BACC418005240");
99
100 /** caches the result of the correctness test, once executed. */
101 private static Boolean valid;
102
103 private int x0, x1, x2, x3, x4;
104
105 // Constructor(s)
106 // -------------------------------------------------------------------------
107
108 /** Trivial zero-argument constructor. */
109 public Serpent()
110 {
111 super(Registry.SERPENT_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
112 }
113
114 // Class methods
115 // -------------------------------------------------------------------------
116
117 // Instance methods
118 // -------------------------------------------------------------------------
119
120 // java.lang.Cloneable interface implementation ----------------------------
121
122 public Object clone()
123 {
124 Serpent result = new Serpent();
125 result.currentBlockSize = this.currentBlockSize;
126 return result;
127 }
128
129 // IBlockCipherSpi interface implementation --------------------------------
130
131 public Iterator blockSizes()
132 {
133 return Collections.singleton(new Integer(DEFAULT_BLOCK_SIZE)).iterator();
134 }
135
136 public Iterator keySizes()
137 {
138 ArrayList keySizes = new ArrayList();
139 keySizes.add(new Integer(16));
140 keySizes.add(new Integer(24));
141 keySizes.add(new Integer(32));
142
143 return Collections.unmodifiableList(keySizes).iterator();
144 }
145
146 public Object makeKey(byte[] kb, int blockSize) throws InvalidKeyException
147 {
148 // Not strictly true, but here to conform with the AES proposal.
149 // This restriction can be removed if deemed necessary.
150 if (kb.length != 16 && kb.length != 24 && kb.length != 32)
151 {
152 throw new InvalidKeyException("Key length is not 16, 24, or 32 bytes");
153 }
154 Key key = new Key();
155
156 // Here w is our "pre-key".
157 int[] w = new int[4 * (ROUNDS + 1)];
158 int i, j;
159 for (i = 0, j = 0; i < 8 && j < kb.length; i++)
160 {
161 w[i] = (kb[j++] & 0xff) | (kb[j++] & 0xff) << 8
162 | (kb[j++] & 0xff) << 16 | (kb[j++] & 0xff) << 24;
163 }
164 // Pad key if < 256 bits.
165 if (i != 8)
166 {
167 w[i] = 1;
168 }
169 // Transform using w_i-8 ... w_i-1
170 for (i = 8, j = 0; i < 16; i++)
171 {
172 int t = w[j] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ j++;
173 w[i] = t << 11 | t >>> 21;
174 }
175 // Translate by 8.
176 for (i = 0; i < 8; i++)
177 {
178 w[i] = w[i + 8];
179 }
180 // Transform the rest of the key.
181 for (; i < w.length; i++)
182 {
183 int t = w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i;
184 w[i] = t << 11 | t >>> 21;
185 }
186
187 // After these s-boxes the pre-key (w, above) will become the
188 // session key (key, below).
189 sbox3(w[0], w[1], w[2], w[3]);
190 key.k0 = x0;
191 key.k1 = x1;
192 key.k2 = x2;
193 key.k3 = x3;
194 sbox2(w[4], w[5], w[6], w[7]);
195 key.k4 = x0;
196 key.k5 = x1;
197 key.k6 = x2;
198 key.k7 = x3;
199 sbox1(w[8], w[9], w[10], w[11]);
200 key.k8 = x0;
201 key.k9 = x1;
202 key.k10 = x2;
203 key.k11 = x3;
204 sbox0(w[12], w[13], w[14], w[15]);
205 key.k12 = x0;
206 key.k13 = x1;
207 key.k14 = x2;
208 key.k15 = x3;
209 sbox7(w[16], w[17], w[18], w[19]);
210 key.k16 = x0;
211 key.k17 = x1;
212 key.k18 = x2;
213 key.k19 = x3;
214 sbox6(w[20], w[21], w[22], w[23]);
215 key.k20 = x0;
216 key.k21 = x1;
217 key.k22 = x2;
218 key.k23 = x3;
219 sbox5(w[24], w[25], w[26], w[27]);
220 key.k24 = x0;
221 key.k25 = x1;
222 key.k26 = x2;
223 key.k27 = x3;
224 sbox4(w[28], w[29], w[30], w[31]);
225 key.k28 = x0;
226 key.k29 = x1;
227 key.k30 = x2;
228 key.k31 = x3;
229 sbox3(w[32], w[33], w[34], w[35]);
230 key.k32 = x0;
231 key.k33 = x1;
232 key.k34 = x2;
233 key.k35 = x3;
234 sbox2(w[36], w[37], w[38], w[39]);
235 key.k36 = x0;
236 key.k37 = x1;
237 key.k38 = x2;
238 key.k39 = x3;
239 sbox1(w[40], w[41], w[42], w[43]);
240 key.k40 = x0;
241 key.k41 = x1;
242 key.k42 = x2;
243 key.k43 = x3;
244 sbox0(w[44], w[45], w[46], w[47]);
245 key.k44 = x0;
246 key.k45 = x1;
247 key.k46 = x2;
248 key.k47 = x3;
249 sbox7(w[48], w[49], w[50], w[51]);
250 key.k48 = x0;
251 key.k49 = x1;
252 key.k50 = x2;
253 key.k51 = x3;
254 sbox6(w[52], w[53], w[54], w[55]);
255 key.k52 = x0;
256 key.k53 = x1;
257 key.k54 = x2;
258 key.k55 = x3;
259 sbox5(w[56], w[57], w[58], w[59]);
260 key.k56 = x0;
261 key.k57 = x1;
262 key.k58 = x2;
263 key.k59 = x3;
264 sbox4(w[60], w[61], w[62], w[63]);
265 key.k60 = x0;
266 key.k61 = x1;
267 key.k62 = x2;
268 key.k63 = x3;
269 sbox3(w[64], w[65], w[66], w[67]);
270 key.k64 = x0;
271 key.k65 = x1;
272 key.k66 = x2;
273 key.k67 = x3;
274 sbox2(w[68], w[69], w[70], w[71]);
275 key.k68 = x0;
276 key.k69 = x1;
277 key.k70 = x2;
278 key.k71 = x3;
279 sbox1(w[72], w[73], w[74], w[75]);
280 key.k72 = x0;
281 key.k73 = x1;
282 key.k74 = x2;
283 key.k75 = x3;
284 sbox0(w[76], w[77], w[78], w[79]);
285 key.k76 = x0;
286 key.k77 = x1;
287 key.k78 = x2;
288 key.k79 = x3;
289 sbox7(w[80], w[81], w[82], w[83]);
290 key.k80 = x0;
291 key.k81 = x1;
292 key.k82 = x2;
293 key.k83 = x3;
294 sbox6(w[84], w[85], w[86], w[87]);
295 key.k84 = x0;
296 key.k85 = x1;
297 key.k86 = x2;
298 key.k87 = x3;
299 sbox5(w[88], w[89], w[90], w[91]);
300 key.k88 = x0;
301 key.k89 = x1;
302 key.k90 = x2;
303 key.k91 = x3;
304 sbox4(w[92], w[93], w[94], w[95]);
305 key.k92 = x0;
306 key.k93 = x1;
307 key.k94 = x2;
308 key.k95 = x3;
309 sbox3(w[96], w[97], w[98], w[99]);
310 key.k96 = x0;
311 key.k97 = x1;
312 key.k98 = x2;
313 key.k99 = x3;
314 sbox2(w[100], w[101], w[102], w[103]);
315 key.k100 = x0;
316 key.k101 = x1;
317 key.k102 = x2;
318 key.k103 = x3;
319 sbox1(w[104], w[105], w[106], w[107]);
320 key.k104 = x0;
321 key.k105 = x1;
322 key.k106 = x2;
323 key.k107 = x3;
324 sbox0(w[108], w[109], w[110], w[111]);
325 key.k108 = x0;
326 key.k109 = x1;
327 key.k110 = x2;
328 key.k111 = x3;
329 sbox7(w[112], w[113], w[114], w[115]);
330 key.k112 = x0;
331 key.k113 = x1;
332 key.k114 = x2;
333 key.k115 = x3;
334 sbox6(w[116], w[117], w[118], w[119]);
335 key.k116 = x0;
336 key.k117 = x1;
337 key.k118 = x2;
338 key.k119 = x3;
339 sbox5(w[120], w[121], w[122], w[123]);
340 key.k120 = x0;
341 key.k121 = x1;
342 key.k122 = x2;
343 key.k123 = x3;
344 sbox4(w[124], w[125], w[126], w[127]);
345 key.k124 = x0;
346 key.k125 = x1;
347 key.k126 = x2;
348 key.k127 = x3;
349 sbox3(w[128], w[129], w[130], w[131]);
350 key.k128 = x0;
351 key.k129 = x1;
352 key.k130 = x2;
353 key.k131 = x3;
354
355 return key;
356 }
357
358 public synchronized void encrypt(byte[] in, int i, byte[] out, int o,
359 Object K, int bs)
360 {
361 Key key = (Key) K;
362
363 x0 = (in[i] & 0xff) | (in[i + 1] & 0xff) << 8 | (in[i + 2] & 0xff) << 16
364 | (in[i + 3] & 0xff) << 24;
365 x1 = (in[i + 4] & 0xff) | (in[i + 5] & 0xff) << 8
366 | (in[i + 6] & 0xff) << 16 | (in[i + 7] & 0xff) << 24;
367 x2 = (in[i + 8] & 0xff) | (in[i + 9] & 0xff) << 8
368 | (in[i + 10] & 0xff) << 16 | (in[i + 11] & 0xff) << 24;
369 x3 = (in[i + 12] & 0xff) | (in[i + 13] & 0xff) << 8
370 | (in[i + 14] & 0xff) << 16 | (in[i + 15] & 0xff) << 24;
371
372 x0 ^= key.k0;
373 x1 ^= key.k1;
374 x2 ^= key.k2;
375 x3 ^= key.k3;
376 sbox0();
377 x1 ^= key.k4;
378 x4 ^= key.k5;
379 x2 ^= key.k6;
380 x0 ^= key.k7;
381 sbox1();
382 x0 ^= key.k8;
383 x4 ^= key.k9;
384 x2 ^= key.k10;
385 x1 ^= key.k11;
386 sbox2();
387 x2 ^= key.k12;
388 x1 ^= key.k13;
389 x4 ^= key.k14;
390 x3 ^= key.k15;
391 sbox3();
392 x1 ^= key.k16;
393 x4 ^= key.k17;
394 x3 ^= key.k18;
395 x0 ^= key.k19;
396 sbox4();
397 x4 ^= key.k20;
398 x2 ^= key.k21;
399 x1 ^= key.k22;
400 x0 ^= key.k23;
401 sbox5();
402 x2 ^= key.k24;
403 x0 ^= key.k25;
404 x4 ^= key.k26;
405 x1 ^= key.k27;
406 sbox6();
407 x2 ^= key.k28;
408 x0 ^= key.k29;
409 x3 ^= key.k30;
410 x4 ^= key.k31;
411 sbox7();
412 x0 = x3;
413 x3 = x2;
414 x2 = x4;
415
416 x0 ^= key.k32;
417 x1 ^= key.k33;
418 x2 ^= key.k34;
419 x3 ^= key.k35;
420 sbox0();
421 x1 ^= key.k36;
422 x4 ^= key.k37;
423 x2 ^= key.k38;
424 x0 ^= key.k39;
425 sbox1();
426 x0 ^= key.k40;
427 x4 ^= key.k41;
428 x2 ^= key.k42;
429 x1 ^= key.k43;
430 sbox2();
431 x2 ^= key.k44;
432 x1 ^= key.k45;
433 x4 ^= key.k46;
434 x3 ^= key.k47;
435 sbox3();
436 x1 ^= key.k48;
437 x4 ^= key.k49;
438 x3 ^= key.k50;
439 x0 ^= key.k51;
440 sbox4();
441 x4 ^= key.k52;
442 x2 ^= key.k53;
443 x1 ^= key.k54;
444 x0 ^= key.k55;
445 sbox5();
446 x2 ^= key.k56;
447 x0 ^= key.k57;
448 x4 ^= key.k58;
449 x1 ^= key.k59;
450 sbox6();
451 x2 ^= key.k60;
452 x0 ^= key.k61;
453 x3 ^= key.k62;
454 x4 ^= key.k63;
455 sbox7();
456 x0 = x3;
457 x3 = x2;
458 x2 = x4;
459
460 x0 ^= key.k64;
461 x1 ^= key.k65;
462 x2 ^= key.k66;
463 x3 ^= key.k67;
464 sbox0();
465 x1 ^= key.k68;
466 x4 ^= key.k69;
467 x2 ^= key.k70;
468 x0 ^= key.k71;
469 sbox1();
470 x0 ^= key.k72;
471 x4 ^= key.k73;
472 x2 ^= key.k74;
473 x1 ^= key.k75;
474 sbox2();
475 x2 ^= key.k76;
476 x1 ^= key.k77;
477 x4 ^= key.k78;
478 x3 ^= key.k79;
479 sbox3();
480 x1 ^= key.k80;
481 x4 ^= key.k81;
482 x3 ^= key.k82;
483 x0 ^= key.k83;
484 sbox4();
485 x4 ^= key.k84;
486 x2 ^= key.k85;
487 x1 ^= key.k86;
488 x0 ^= key.k87;
489 sbox5();
490 x2 ^= key.k88;
491 x0 ^= key.k89;
492 x4 ^= key.k90;
493 x1 ^= key.k91;
494 sbox6();
495 x2 ^= key.k92;
496 x0 ^= key.k93;
497 x3 ^= key.k94;
498 x4 ^= key.k95;
499 sbox7();
500 x0 = x3;
501 x3 = x2;
502 x2 = x4;
503
504 x0 ^= key.k96;
505 x1 ^= key.k97;
506 x2 ^= key.k98;
507 x3 ^= key.k99;
508 sbox0();
509 x1 ^= key.k100;
510 x4 ^= key.k101;
511 x2 ^= key.k102;
512 x0 ^= key.k103;
513 sbox1();
514 x0 ^= key.k104;
515 x4 ^= key.k105;
516 x2 ^= key.k106;
517 x1 ^= key.k107;
518 sbox2();
519 x2 ^= key.k108;
520 x1 ^= key.k109;
521 x4 ^= key.k110;
522 x3 ^= key.k111;
523 sbox3();
524 x1 ^= key.k112;
525 x4 ^= key.k113;
526 x3 ^= key.k114;
527 x0 ^= key.k115;
528 sbox4();
529 x4 ^= key.k116;
530 x2 ^= key.k117;
531 x1 ^= key.k118;
532 x0 ^= key.k119;
533 sbox5();
534 x2 ^= key.k120;
535 x0 ^= key.k121;
536 x4 ^= key.k122;
537 x1 ^= key.k123;
538 sbox6();
539 x2 ^= key.k124;
540 x0 ^= key.k125;
541 x3 ^= key.k126;
542 x4 ^= key.k127;
543 sbox7noLT();
544 x0 = x3;
545 x3 = x2;
546 x2 = x4;
547 x0 ^= key.k128;
548 x1 ^= key.k129;
549 x2 ^= key.k130;
550 x3 ^= key.k131;
551
552 out[o] = (byte) x0;
553 out[o + 1] = (byte) (x0 >>> 8);
554 out[o + 2] = (byte) (x0 >>> 16);
555 out[o + 3] = (byte) (x0 >>> 24);
556 out[o + 4] = (byte) x1;
557 out[o + 5] = (byte) (x1 >>> 8);
558 out[o + 6] = (byte) (x1 >>> 16);
559 out[o + 7] = (byte) (x1 >>> 24);
560 out[o + 8] = (byte) x2;
561 out[o + 9] = (byte) (x2 >>> 8);
562 out[o + 10] = (byte) (x2 >>> 16);
563 out[o + 11] = (byte) (x2 >>> 24);
564 out[o + 12] = (byte) x3;
565 out[o + 13] = (byte) (x3 >>> 8);
566 out[o + 14] = (byte) (x3 >>> 16);
567 out[o + 15] = (byte) (x3 >>> 24);
568 }
569
570 public synchronized void decrypt(byte[] in, int i, byte[] out, int o,
571 Object K, int bs)
572 {
573 Key key = (Key) K;
574
575 x0 = (in[i] & 0xff) | (in[i + 1] & 0xff) << 8 | (in[i + 2] & 0xff) << 16
576 | (in[i + 3] & 0xff) << 24;
577 x1 = (in[i + 4] & 0xff) | (in[i + 5] & 0xff) << 8
578 | (in[i + 6] & 0xff) << 16 | (in[i + 7] & 0xff) << 24;
579 x2 = (in[i + 8] & 0xff) | (in[i + 9] & 0xff) << 8
580 | (in[i + 10] & 0xff) << 16 | (in[i + 11] & 0xff) << 24;
581 x3 = (in[i + 12] & 0xff) | (in[i + 13] & 0xff) << 8
582 | (in[i + 14] & 0xff) << 16 | (in[i + 15] & 0xff) << 24;
583
584 x0 ^= key.k128;
585 x1 ^= key.k129;
586 x2 ^= key.k130;
587 x3 ^= key.k131;
588 sboxI7noLT();
589 x3 ^= key.k124;
590 x0 ^= key.k125;
591 x1 ^= key.k126;
592 x4 ^= key.k127;
593 sboxI6();
594 x0 ^= key.k120;
595 x1 ^= key.k121;
596 x2 ^= key.k122;
597 x4 ^= key.k123;
598 sboxI5();
599 x1 ^= key.k116;
600 x3 ^= key.k117;
601 x4 ^= key.k118;
602 x2 ^= key.k119;
603 sboxI4();
604 x1 ^= key.k112;
605 x2 ^= key.k113;
606 x4 ^= key.k114;
607 x0 ^= key.k115;
608 sboxI3();
609 x0 ^= key.k108;
610 x1 ^= key.k109;
611 x4 ^= key.k110;
612 x2 ^= key.k111;
613 sboxI2();
614 x1 ^= key.k104;
615 x3 ^= key.k105;
616 x4 ^= key.k106;
617 x2 ^= key.k107;
618 sboxI1();
619 x0 ^= key.k100;
620 x1 ^= key.k101;
621 x2 ^= key.k102;
622 x4 ^= key.k103;
623 sboxI0();
624 x0 ^= key.k96;
625 x3 ^= key.k97;
626 x1 ^= key.k98;
627 x4 ^= key.k99;
628 sboxI7();
629 x1 = x3;
630 x3 = x4;
631 x4 = x2;
632
633 x3 ^= key.k92;
634 x0 ^= key.k93;
635 x1 ^= key.k94;
636 x4 ^= key.k95;
637 sboxI6();
638 x0 ^= key.k88;
639 x1 ^= key.k89;
640 x2 ^= key.k90;
641 x4 ^= key.k91;
642 sboxI5();
643 x1 ^= key.k84;
644 x3 ^= key.k85;
645 x4 ^= key.k86;
646 x2 ^= key.k87;
647 sboxI4();
648 x1 ^= key.k80;
649 x2 ^= key.k81;
650 x4 ^= key.k82;
651 x0 ^= key.k83;
652 sboxI3();
653 x0 ^= key.k76;
654 x1 ^= key.k77;
655 x4 ^= key.k78;
656 x2 ^= key.k79;
657 sboxI2();
658 x1 ^= key.k72;
659 x3 ^= key.k73;
660 x4 ^= key.k74;
661 x2 ^= key.k75;
662 sboxI1();
663 x0 ^= key.k68;
664 x1 ^= key.k69;
665 x2 ^= key.k70;
666 x4 ^= key.k71;
667 sboxI0();
668 x0 ^= key.k64;
669 x3 ^= key.k65;
670 x1 ^= key.k66;
671 x4 ^= key.k67;
672 sboxI7();
673 x1 = x3;
674 x3 = x4;
675 x4 = x2;
676
677 x3 ^= key.k60;
678 x0 ^= key.k61;
679 x1 ^= key.k62;
680 x4 ^= key.k63;
681 sboxI6();
682 x0 ^= key.k56;
683 x1 ^= key.k57;
684 x2 ^= key.k58;
685 x4 ^= key.k59;
686 sboxI5();
687 x1 ^= key.k52;
688 x3 ^= key.k53;
689 x4 ^= key.k54;
690 x2 ^= key.k55;
691 sboxI4();
692 x1 ^= key.k48;
693 x2 ^= key.k49;
694 x4 ^= key.k50;
695 x0 ^= key.k51;
696 sboxI3();
697 x0 ^= key.k44;
698 x1 ^= key.k45;
699 x4 ^= key.k46;
700 x2 ^= key.k47;
701 sboxI2();
702 x1 ^= key.k40;
703 x3 ^= key.k41;
704 x4 ^= key.k42;
705 x2 ^= key.k43;
706 sboxI1();
707 x0 ^= key.k36;
708 x1 ^= key.k37;
709 x2 ^= key.k38;
710 x4 ^= key.k39;
711 sboxI0();
712 x0 ^= key.k32;
713 x3 ^= key.k33;
714 x1 ^= key.k34;
715 x4 ^= key.k35;
716 sboxI7();
717 x1 = x3;
718 x3 = x4;
719 x4 = x2;
720
721 x3 ^= key.k28;
722 x0 ^= key.k29;
723 x1 ^= key.k30;
724 x4 ^= key.k31;
725 sboxI6();
726 x0 ^= key.k24;
727 x1 ^= key.k25;
728 x2 ^= key.k26;
729 x4 ^= key.k27;
730 sboxI5();
731 x1 ^= key.k20;
732 x3 ^= key.k21;
733 x4 ^= key.k22;
734 x2 ^= key.k23;
735 sboxI4();
736 x1 ^= key.k16;
737 x2 ^= key.k17;
738 x4 ^= key.k18;
739 x0 ^= key.k19;
740 sboxI3();
741 x0 ^= key.k12;
742 x1 ^= key.k13;
743 x4 ^= key.k14;
744 x2 ^= key.k15;
745 sboxI2();
746 x1 ^= key.k8;
747 x3 ^= key.k9;
748 x4 ^= key.k10;
749 x2 ^= key.k11;
750 sboxI1();
751 x0 ^= key.k4;
752 x1 ^= key.k5;
753 x2 ^= key.k6;
754 x4 ^= key.k7;
755 sboxI0();
756 x2 = x1;
757 x1 = x3;
758 x3 = x4;
759
760 x0 ^= key.k0;
761 x1 ^= key.k1;
762 x2 ^= key.k2;
763 x3 ^= key.k3;
764
765 out[o] = (byte) x0;
766 out[o + 1] = (byte) (x0 >>> 8);
767 out[o + 2] = (byte) (x0 >>> 16);
768 out[o + 3] = (byte) (x0 >>> 24);
769 out[o + 4] = (byte) x1;
770 out[o + 5] = (byte) (x1 >>> 8);
771 out[o + 6] = (byte) (x1 >>> 16);
772 out[o + 7] = (byte) (x1 >>> 24);
773 out[o + 8] = (byte) x2;
774 out[o + 9] = (byte) (x2 >>> 8);
775 out[o + 10] = (byte) (x2 >>> 16);
776 out[o + 11] = (byte) (x2 >>> 24);
777 out[o + 12] = (byte) x3;
778 out[o + 13] = (byte) (x3 >>> 8);
779 out[o + 14] = (byte) (x3 >>> 16);
780 out[o + 15] = (byte) (x3 >>> 24);
781 }
782
783 public boolean selfTest()
784 {
785 if (valid == null)
786 {
787 boolean result = super.selfTest(); // do symmetry tests
788 if (result)
789 {
790 result = testKat(KAT_KEY, KAT_CT);
791 }
792 valid = new Boolean(result);
793 }
794 return valid.booleanValue();
795 }
796
797 // Own methods. ----------------------------------------------------------
798
799 // These first few S-boxes operate directly on the "registers",
800 // x0..x4, and perform the linear transform.
801
802 private void sbox0()
803 {
804 x3 ^= x0;
805 x4 = x1;
806 x1 &= x3;
807 x4 ^= x2;
808 x1 ^= x0;
809 x0 |= x3;
810 x0 ^= x4;
811 x4 ^= x3;
812 x3 ^= x2;
813 x2 |= x1;
814 x2 ^= x4;
815 x4 ^= -1;
816 x4 |= x1;
817 x1 ^= x3;
818 x1 ^= x4;
819 x3 |= x0;
820 x1 ^= x3;
821 x4 ^= x3;
822
823 x1 = (x1 << 13) | (x1 >>> 19);
824 x4 ^= x1;
825 x3 = x1 << 3;
826 x2 = (x2 << 3) | (x2 >>> 29);
827 x4 ^= x2;
828 x0 ^= x2;
829 x4 = (x4 << 1) | (x4 >>> 31);
830 x0 ^= x3;
831 x0 = (x0 << 7) | (x0 >>> 25);
832 x3 = x4;
833 x1 ^= x4;
834 x3 <<= 7;
835 x1 ^= x0;
836 x2 ^= x0;
837 x2 ^= x3;
838 x1 = (x1 << 5) | (x1 >>> 27);
839 x2 = (x2 << 22) | (x2 >>> 10);
840 }
841
842 private void sbox1()
843 {
844 x4 = ~x4;
845 x3 = x1;
846 x1 ^= x4;
847 x3 |= x4;
848 x3 ^= x0;
849 x0 &= x1;
850 x2 ^= x3;
851 x0 ^= x4;
852 x0 |= x2;
853 x1 ^= x3;
854 x0 ^= x1;
855 x4 &= x2;
856 x1 |= x4;
857 x4 ^= x3;
858 x1 ^= x2;
859 x3 |= x0;
860 x1 ^= x3;
861 x3 = ~x3;
862 x4 ^= x0;
863 x3 &= x2;
864 x4 = ~x4;
865 x3 ^= x1;
866 x4 ^= x3;
867
868 x0 = (x0 << 13) | (x0 >>> 19);
869 x4 ^= x0;
870 x3 = x0 << 3;
871 x2 = (x2 << 3) | (x2 >>> 29);
872 x4 ^= x2;
873 x1 ^= x2;
874 x4 = (x4 << 1) | (x4 >>> 31);
875 x1 ^= x3;
876 x1 = (x1 << 7) | (x1 >>> 25);
877 x3 = x4;
878 x0 ^= x4;
879 x3 <<= 7;
880 x0 ^= x1;
881 x2 ^= x1;
882 x2 ^= x3;
883 x0 = (x0 << 5) | (x0 >>> 27);
884 x2 = (x2 << 22) | (x2 >>> 10);
885 }
886
887 private void sbox2()
888 {
889 x3 = x0;
890 x0 = x0 & x2;
891 x0 = x0 ^ x1;
892 x2 = x2 ^ x4;
893 x2 = x2 ^ x0;
894 x1 = x1 | x3;
895 x1 = x1 ^ x4;
896 x3 = x3 ^ x2;
897 x4 = x1;
898 x1 = x1 | x3;
899 x1 = x1 ^ x0;
900 x0 = x0 & x4;
901 x3 = x3 ^ x0;
902 x4 = x4 ^ x1;
903 x4 = x4 ^ x3;
904 x3 = ~x3;
905
906 x2 = (x2 << 13) | (x2 >>> 19);
907 x1 ^= x2;
908 x0 = x2 << 3;
909 x4 = (x4 << 3) | (x4 >>> 29);
910 x1 ^= x4;
911 x3 ^= x4;
912 x1 = (x1 << 1) | (x1 >>> 31);
913 x3 ^= x0;
914 x3 = (x3 << 7) | (x3 >>> 25);
915 x0 = x1;
916 x2 ^= x1;
917 x0 <<= 7;
918 x2 ^= x3;
919 x4 ^= x3;
920 x4 ^= x0;
921 x2 = (x2 << 5) | (x2 >>> 27);
922 x4 = (x4 << 22) | (x4 >>> 10);
923 }
924
925 private void sbox3()
926 {
927 x0 = x2;
928 x2 = x2 | x3;
929 x3 = x3 ^ x1;
930 x1 = x1 & x0;
931 x0 = x0 ^ x4;
932 x4 = x4 ^ x3;
933 x3 = x3 & x2;
934 x0 = x0 | x1;
935 x3 = x3 ^ x0;
936 x2 = x2 ^ x1;
937 x0 = x0 & x2;
938 x1 = x1 ^ x3;
939 x0 = x0 ^ x4;
940 x1 = x1 | x2;
941 x1 = x1 ^ x4;
942 x2 = x2 ^ x3;
943 x4 = x1;
944 x1 = x1 | x3;
945 x1 = x1 ^ x2;
946
947 x1 = (x1 << 13) | (x1 >>> 19);
948 x4 ^= x1;
949 x2 = x1 << 3;
950 x3 = (x3 << 3) | (x3 >>> 29);
951 x4 ^= x3;
952 x0 ^= x3;
953 x4 = (x4 << 1) | (x4 >>> 31);
954 x0 ^= x2;
955 x0 = (x0 << 7) | (x0 >>> 25);
956 x2 = x4;
957 x1 ^= x4;
958 x2 <<= 7;
959 x1 ^= x0;
960 x3 ^= x0;
961 x3 ^= x2;
962 x1 = (x1 << 5) | (x1 >>> 27);
963 x3 = (x3 << 22) | (x3 >>> 10);
964 }
965
966 private void sbox4()
967 {
968 x4 = x4 ^ x0;
969 x0 = ~x0;
970 x3 = x3 ^ x0;
971 x0 = x0 ^ x1;
972 x2 = x4;
973 x4 = x4 & x0;
974 x4 = x4 ^ x3;
975 x2 = x2 ^ x0;
976 x1 = x1 ^ x2;
977 x3 = x3 & x2;
978 x3 = x3 ^ x1;
979 x1 = x1 & x4;
980 x0 = x0 ^ x1;
981 x2 = x2 | x4;
982 x2 = x2 ^ x1;
983 x1 = x1 | x0;
984 x1 = x1 ^ x3;
985 x3 = x3 & x0;
986 x1 = ~x1;
987 x2 = x2 ^ x3;
988
989 x4 = (x4 << 13) | (x4 >>> 19);
990 x2 ^= x4;
991 x3 = x4 << 3;
992 x1 = (x1 << 3) | (x1 >>> 29);
993 x2 ^= x1;
994 x0 ^= x1;
995 x2 = (x2 << 1) | (x2 >>> 31);
996 x0 ^= x3;
997 x0 = (x0 << 7) | (x0 >>> 25);
998 x3 = x2;
999 x4 ^= x2;
1000 x3 <<= 7;
1001 x4 ^= x0;
1002 x1 ^= x0;
1003 x1 ^= x3;
1004 x4 = (x4 << 5) | (x4 >>> 27);
1005 x1 = (x1 << 22) | (x1 >>> 10);
1006 }
1007
1008 private void sbox5()
1009 {
1010 x4 = x4 ^ x2;
1011 x2 = x2 ^ x0;
1012 x0 = ~x0;
1013 x3 = x2;
1014 x2 = x2 & x4;
1015 x1 = x1 ^ x0;
1016 x2 = x2 ^ x1;
1017 x1 = x1 | x3;
1018 x3 = x3 ^ x0;
1019 x0 = x0 & x2;
1020 x0 = x0 ^ x4;
1021 x3 = x3 ^ x2;
1022 x3 = x3 ^ x1;
1023 x1 = x1 ^ x4;
1024 x4 = x4 & x0;
1025 x1 = ~x1;
1026 x4 = x4 ^ x3;
1027 x3 = x3 | x0;
1028 x1 = x1 ^ x3;
1029
1030 x2 = (x2 << 13) | (x2 >>> 19);
1031 x0 ^= x2;
1032 x3 = x2 << 3;
1033 x4 = (x4 << 3) | (x4 >>> 29);
1034 x0 ^= x4;
1035 x1 ^= x4;
1036 x0 = (x0 << 1) | (x0 >>> 31);
1037 x1 ^= x3;
1038 x1 = (x1 << 7) | (x1 >>> 25);
1039 x3 = x0;
1040 x2 ^= x0;
1041 x3 <<= 7;
1042 x2 ^= x1;
1043 x4 ^= x1;
1044 x4 ^= x3;
1045 x2 = (x2 << 5) | (x2 >>> 27);
1046 x4 = (x4 << 22) | (x4 >>> 10);
1047 }
1048
1049 private void sbox6()
1050 {
1051 x4 = ~x4;
1052 x3 = x1;
1053 x1 = x1 & x2;
1054 x2 = x2 ^ x3;
1055 x1 = x1 ^ x4;
1056 x4 = x4 | x3;
1057 x0 = x0 ^ x1;
1058 x4 = x4 ^ x2;
1059 x2 = x2 | x0;
1060 x4 = x4 ^ x0;
1061 x3 = x3 ^ x2;
1062 x2 = x2 | x1;
1063 x2 = x2 ^ x4;
1064 x3 = x3 ^ x1;
1065 x3 = x3 ^ x2;
1066 x1 = ~x1;
1067 x4 = x4 & x3;
1068 x4 = x4 ^ x1;
1069 x2 = (x2 << 13) | (x2 >>> 19);
1070 x0 ^= x2;
1071 x1 = x2 << 3;
1072 x3 = (x3 << 3) | (x3 >>> 29);
1073 x0 ^= x3;
1074 x4 ^= x3;
1075 x0 = (x0 << 1) | (x0 >>> 31);
1076 x4 ^= x1;
1077 x4 = (x4 << 7) | (x4 >>> 25);
1078 x1 = x0;
1079 x2 ^= x0;
1080 x1 <<= 7;
1081 x2 ^= x4;
1082 x3 ^= x4;
1083 x3 ^= x1;
1084 x2 = (x2 << 5) | (x2 >>> 27);
1085 x3 = (x3 << 22) | (x3 >>> 10);
1086 }
1087
1088 private void sbox7()
1089 {
1090 x1 = x3;
1091 x3 = x3 & x0;
1092 x3 = x3 ^ x4;
1093 x4 = x4 & x0;
1094 x1 = x1 ^ x3;
1095 x3 = x3 ^ x0;
1096 x0 = x0 ^ x2;
1097 x2 = x2 | x1;
1098 x2 = x2 ^ x3;
1099 x4 = x4 ^ x0;
1100 x3 = x3 ^ x4;
1101 x4 = x4 & x2;
1102 x4 = x4 ^ x1;
1103 x1 = x1 ^ x3;
1104 x3 = x3 & x2;
1105 x1 = ~x1;
1106 x3 = x3 ^ x1;
1107 x1 = x1 & x2;
1108 x0 = x0 ^ x4;
1109 x1 = x1 ^ x0;
1110 x3 = (x3 << 13) | (x3 >>> 19);
1111 x1 ^= x3;
1112 x0 = x3 << 3;
1113 x4 = (x4 << 3) | (x4 >>> 29);
1114 x1 ^= x4;
1115 x2 ^= x4;
1116 x1 = (x1 << 1) | (x1 >>> 31);
1117 x2 ^= x0;
1118 x2 = (x2 << 7) | (x2 >>> 25);
1119 x0 = x1;
1120 x3 ^= x1;
1121 x0 <<= 7;
1122 x3 ^= x2;
1123 x4 ^= x2;
1124 x4 ^= x0;
1125 x3 = (x3 << 5) | (x3 >>> 27);
1126 x4 = (x4 << 22) | (x4 >>> 10);
1127 }
1128
1129 /** The final S-box, with no transform. */
1130 private void sbox7noLT()
1131 {
1132 x1 = x3;
1133 x3 = x3 & x0;
1134 x3 = x3 ^ x4;
1135 x4 = x4 & x0;
1136 x1 = x1 ^ x3;
1137 x3 = x3 ^ x0;
1138 x0 = x0 ^ x2;
1139 x2 = x2 | x1;
1140 x2 = x2 ^ x3;
1141 x4 = x4 ^ x0;
1142 x3 = x3 ^ x4;
1143 x4 = x4 & x2;
1144 x4 = x4 ^ x1;
1145 x1 = x1 ^ x3;
1146 x3 = x3 & x2;
1147 x1 = ~x1;
1148 x3 = x3 ^ x1;
1149 x1 = x1 & x2;
1150 x0 = x0 ^ x4;
1151 x1 = x1 ^ x0;
1152 }
1153
1154 private void sboxI7noLT()
1155 {
1156 x4 = x2;
1157 x2 ^= x0;
1158 x0 &= x3;
1159 x2 = ~x2;
1160 x4 |= x3;
1161 x3 ^= x1;
1162 x1 |= x0;
1163 x0 ^= x2;
1164 x2 &= x4;
1165 x1 ^= x2;
1166 x2 ^= x0;
1167 x0 |= x2;
1168 x3 &= x4;
1169 x0 ^= x3;
1170 x4 ^= x1;
1171 x3 ^= x4;
1172 x4 |= x0;
1173 x3 ^= x2;
1174 x4 ^= x2;
1175 }
1176
1177 private void sboxI6()
1178 {
1179 x1 = (x1 >>> 22) | (x1 << 10);
1180 x3 = (x3 >>> 5) | (x3 << 27);
1181 x2 = x0;
1182 x1 ^= x4;
1183 x2 <<= 7;
1184 x3 ^= x4;
1185 x1 ^= x2;
1186 x3 ^= x0;
1187 x4 = (x4 >>> 7) | (x4 << 25);
1188 x0 = (x0 >>> 1) | (x0 << 31);
1189 x0 ^= x3;
1190 x2 = x3 << 3;
1191 x4 ^= x2;
1192 x3 = (x3 >>> 13) | (x3 << 19);
1193 x0 ^= x1;
1194 x4 ^= x1;
1195 x1 = (x1 >>> 3) | (x1 << 29);
1196 x3 ^= x1;
1197 x2 = x1;
1198 x1 &= x3;
1199 x2 ^= x4;
1200 x1 = ~x1;
1201 x4 ^= x0;
1202 x1 ^= x4;
1203 x2 |= x3;
1204 x3 ^= x1;
1205 x4 ^= x2;
1206 x2 ^= x0;
1207 x0 &= x4;
1208 x0 ^= x3;
1209 x3 ^= x4;
1210 x3 |= x1;
1211 x4 ^= x0;
1212 x2 ^= x3;
1213 }
1214
1215 private void sboxI5()
1216 {
1217 x2 = (x2 >>> 22) | (x2 << 10);
1218 x0 = (x0 >>> 5) | (x0 << 27);
1219 x3 = x1;
1220 x2 ^= x4;
1221 x3 <<= 7;
1222 x0 ^= x4;
1223 x2 ^= x3;
1224 x0 ^= x1;
1225 x4 = (x4 >>> 7) | (x4 << 25);
1226 x1 = (x1 >>> 1) | (x1 << 31);
1227 x1 ^= x0;
1228 x3 = x0 << 3;
1229 x4 ^= x3;
1230 x0 = (x0 >>> 13) | (x0 << 19);
1231 x1 ^= x2;
1232 x4 ^= x2;
1233 x2 = (x2 >>> 3) | (x2 << 29);
1234 x1 = ~x1;
1235 x3 = x4;
1236 x2 ^= x1;
1237 x4 |= x0;
1238 x4 ^= x2;
1239 x2 |= x1;
1240 x2 &= x0;
1241 x3 ^= x4;
1242 x2 ^= x3;
1243 x3 |= x0;
1244 x3 ^= x1;
1245 x1 &= x2;
1246 x1 ^= x4;
1247 x3 ^= x2;
1248 x4 &= x3;
1249 x3 ^= x1;
1250 x4 ^= x0;
1251 x4 ^= x3;
1252 x3 = ~x3;
1253 }
1254
1255 private void sboxI4()
1256 {
1257 x4 = (x4 >>> 22) | (x4 << 10);
1258 x1 = (x1 >>> 5) | (x1 << 27);
1259 x0 = x3;
1260 x4 ^= x2;
1261 x0 <<= 7;
1262 x1 ^= x2;
1263 x4 ^= x0;
1264 x1 ^= x3;
1265 x2 = (x2 >>> 7) | (x2 << 25);
1266 x3 = (x3 >>> 1) | (x3 << 31);
1267 x3 ^= x1;
1268 x0 = x1 << 3;
1269 x2 ^= x0;
1270 x1 = (x1 >>> 13) | (x1 << 19);
1271 x3 ^= x4;
1272 x2 ^= x4;
1273 x4 = (x4 >>> 3) | (x4 << 29);
1274 x0 = x4;
1275 x4 &= x2;
1276 x4 ^= x3;
1277 x3 |= x2;
1278 x3 &= x1;
1279 x0 ^= x4;
1280 x0 ^= x3;
1281 x3 &= x4;
1282 x1 = ~x1;
1283 x2 ^= x0;
1284 x3 ^= x2;
1285 x2 &= x1;
1286 x2 ^= x4;
1287 x1 ^= x3;
1288 x4 &= x1;
1289 x2 ^= x1;
1290 x4 ^= x0;
1291 x4 |= x2;
1292 x2 ^= x1;
1293 x4 ^= x3;
1294 }
1295
1296 private void sboxI3()
1297 {
1298 x4 = (x4 >>> 22) | (x4 << 10);
1299 x1 = (x1 >>> 5) | (x1 << 27);
1300 x3 = x2;
1301 x4 ^= x0;
1302 x3 <<= 7;
1303 x1 ^= x0;
1304 x4 ^= x3;
1305 x1 ^= x2;
1306 x0 = (x0 >>> 7) | (x0 << 25);
1307 x2 = (x2 >>> 1) | (x2 << 31);
1308 x2 ^= x1;
1309 x3 = x1 << 3;
1310 x0 ^= x3;
1311 x1 = (x1 >>> 13) | (x1 << 19);
1312 x2 ^= x4;
1313 x0 ^= x4;
1314 x4 = (x4 >>> 3) | (x4 << 29);
1315 x3 = x4;
1316 x4 ^= x2;
1317 x2 &= x4;
1318 x2 ^= x1;
1319 x1 &= x3;
1320 x3 ^= x0;
1321 x0 |= x2;
1322 x0 ^= x4;
1323 x1 ^= x3;
1324 x4 ^= x1;
1325 x1 |= x0;
1326 x1 ^= x2;
1327 x3 ^= x4;
1328 x4 &= x0;
1329 x2 |= x0;
1330 x2 ^= x4;
1331 x3 ^= x1;
1332 x4 ^= x3;
1333 }
1334
1335 private void sboxI2()
1336 {
1337 x4 = (x4 >>> 22) | (x4 << 10);
1338 x0 = (x0 >>> 5) | (x0 << 27);
1339 x3 = x1;
1340 x4 ^= x2;
1341 x3 <<= 7;
1342 x0 ^= x2;
1343 x4 ^= x3;
1344 x0 ^= x1;
1345 x2 = (x2 >>> 7) | (x2 << 25);
1346 x1 = (x1 >>> 1) | (x1 << 31);
1347 x1 ^= x0;
1348 x3 = x0 << 3;
1349 x2 ^= x3;
1350 x0 = (x0 >>> 13) | (x0 << 19);
1351 x1 ^= x4;
1352 x2 ^= x4;
1353 x4 = (x4 >>> 3) | (x4 << 29);
1354 x4 ^= x2;
1355 x2 ^= x0;
1356 x3 = x2;
1357 x2 &= x4;
1358 x2 ^= x1;
1359 x1 |= x4;
1360 x1 ^= x3;
1361 x3 &= x2;
1362 x4 ^= x2;
1363 x3 &= x0;
1364 x3 ^= x4;
1365 x4 &= x1;
1366 x4 |= x0;
1367 x2 = ~x2;
1368 x4 ^= x2;
1369 x0 ^= x2;
1370 x0 &= x1;
1371 x2 ^= x3;
1372 x2 ^= x0;
1373 }
1374
1375 private void sboxI1()
1376 {
1377 x4 = (x4 >>> 22) | (x4 << 10);
1378 x1 = (x1 >>> 5) | (x1 << 27);
1379 x0 = x3;
1380 x4 ^= x2;
1381 x0 <<= 7;
1382 x1 ^= x2;
1383 x4 ^= x0;
1384 x1 ^= x3;
1385 x2 = (x2 >>> 7) | (x2 << 25);
1386 x3 = (x3 >>> 1) | (x3 << 31);
1387 x3 ^= x1;
1388 x0 = x1 << 3;
1389 x2 ^= x0;
1390 x1 = (x1 >>> 13) | (x1 << 19);
1391 x3 ^= x4;
1392 x2 ^= x4;
1393 x4 = (x4 >>> 3) | (x4 << 29);
1394 x0 = x3;
1395 x3 ^= x2;
1396 x2 &= x3;
1397 x0 ^= x4;
1398 x2 ^= x1;
1399 x1 |= x3;
1400 x4 ^= x2;
1401 x1 ^= x0;
1402 x1 |= x4;
1403 x3 ^= x2;
1404 x1 ^= x3;
1405 x3 |= x2;
1406 x3 ^= x1;
1407 x0 = ~x0;
1408 x0 ^= x3;
1409 x3 |= x1;
1410 x3 ^= x1;
1411 x3 |= x0;
1412 x2 ^= x3;
1413 }
1414
1415 private void sboxI0()
1416 {
1417 x2 = (x2 >>> 22) | (x2 << 10);
1418 x0 = (x0 >>> 5) | (x0 << 27);
1419 x3 = x1;
1420 x2 ^= x4;
1421 x3 <<= 7;
1422 x0 ^= x4;
1423 x2 ^= x3;
1424 x0 ^= x1;
1425 x4 = (x4 >>> 7) | (x4 << 25);
1426 x1 = (x1 >>> 1) | (x1 << 31);
1427 x1 ^= x0;
1428 x3 = x0 << 3;
1429 x4 ^= x3;
1430 x0 = (x0 >>> 13) | (x0 << 19);
1431 x1 ^= x2;
1432 x4 ^= x2;
1433 x2 = (x2 >>> 3) | (x2 << 29);
1434 x2 = ~x2;
1435 x3 = x1;
1436 x1 |= x0;
1437 x3 = ~x3;
1438 x1 ^= x2;
1439 x2 |= x3;
1440 x1 ^= x4;
1441 x0 ^= x3;
1442 x2 ^= x0;
1443 x0 &= x4;
1444 x3 ^= x0;
1445 x0 |= x1;
1446 x0 ^= x2;
1447 x4 ^= x3;
1448 x2 ^= x1;
1449 x4 ^= x0;
1450 x4 ^= x1;
1451 x2 &= x4;
1452 x3 ^= x2;
1453 }
1454
1455 private void sboxI7()
1456 {
1457 x1 = (x1 >>> 22) | (x1 << 10);
1458 x0 = (x0 >>> 5) | (x0 << 27);
1459 x2 = x3;
1460 x1 ^= x4;
1461 x2 <<= 7;
1462 x0 ^= x4;
1463 x1 ^= x2;
1464 x0 ^= x3;
1465 x4 = (x4 >>> 7) | (x4 << 25);
1466 x3 = (x3 >>> 1) | (x3 << 31);
1467 x3 ^= x0;
1468 x2 = x0 << 3;
1469 x4 ^= x2;
1470 x0 = (x0 >>> 13) | (x0 << 19);
1471 x3 ^= x1;
1472 x4 ^= x1;
1473 x1 = (x1 >>> 3) | (x1 << 29);
1474 x2 = x1;
1475 x1 ^= x0;
1476 x0 &= x4;
1477 x1 = ~x1;
1478 x2 |= x4;
1479 x4 ^= x3;
1480 x3 |= x0;
1481 x0 ^= x1;
1482 x1 &= x2;
1483 x3 ^= x1;
1484 x1 ^= x0;
1485 x0 |= x1;
1486 x4 &= x2;
1487 x0 ^= x4;
1488 x2 ^= x3;
1489 x4 ^= x2;
1490 x2 |= x0;
1491 x4 ^= x1;
1492 x2 ^= x1;
1493 }
1494
1495 // These S-Box functions are used in the key setup.
1496
1497 /** S-Box 0. */
1498 private void sbox0(int r0, int r1, int r2, int r3)
1499 {
1500 int r4 = r1 ^ r2;
1501 r3 ^= r0;
1502 r1 = r1 & r3 ^ r0;
1503 r0 = (r0 | r3) ^ r4;
1504 r4 ^= r3;
1505 r3 ^= r2;
1506 r2 = (r2 | r1) ^ r4;
1507 r4 = ~r4 | r1;
1508 r1 ^= r3 ^ r4;
1509 r3 |= r0;
1510 x0 = r1 ^ r3;
1511 x1 = r4 ^ r3;
1512 x2 = r2;
1513 x3 = r0;
1514 }
1515
1516 /** S-Box 1. */
1517 private void sbox1(int r0, int r1, int r2, int r3)
1518 {
1519 r0 = ~r0;
1520 int r4 = r0;
1521 r2 = ~r2;
1522 r0 &= r1;
1523 r2 ^= r0;
1524 r0 |= r3;
1525 r3 ^= r2;
1526 r1 ^= r0;
1527 r0 ^= r4;
1528 r4 |= r1;
1529 r1 ^= r3;
1530 r2 = (r2 | r0) & r4;
1531 r0 ^= r1;
1532 x0 = r2;
1533 x1 = r0 & r2 ^ r4;
1534 x2 = r3;
1535 x3 = r1 & r2 ^ r0;
1536 }
1537
1538 /** S-Box 2. */
1539 private void sbox2(int r0, int r1, int r2, int r3)
1540 {
1541 int r4 = r0;
1542 r0 = r0 & r2 ^ r3;
1543 r2 = r2 ^ r1 ^ r0;
1544 r3 = (r3 | r4) ^ r1;
1545 r4 ^= r2;
1546 r1 = r3;
1547 r3 = (r3 | r4) ^ r0;
1548 r0 &= r1;
1549 r4 ^= r0;
1550 x0 = r2;
1551 x1 = r3;
1552 x2 = r1 ^ r3 ^ r4;
1553 x3 = ~r4;
1554 }
1555
1556 /** S-Box 3. */
1557 private void sbox3(int r0, int r1, int r2, int r3)
1558 {
1559 int r4 = r0;
1560 r0 |= r3;
1561 r3 ^= r1;
1562 r1 &= r4;
1563 r4 = r4 ^ r2 | r1;
1564 r2 ^= r3;
1565 r3 = r3 & r0 ^ r4;
1566 r0 ^= r1;
1567 r4 = r4 & r0 ^ r2;
1568 r1 = (r1 ^ r3 | r0) ^ r2;
1569 r0 ^= r3;
1570 x0 = (r1 | r3) ^ r0;
1571 x1 = r1;
1572 x2 = r3;
1573 x3 = r4;
1574 }
1575
1576 /** S-Box 4. */
1577 private void sbox4(int r0, int r1, int r2, int r3)
1578 {
1579 r1 ^= r3;
1580 int r4 = r1;
1581 r3 = ~r3;
1582 r2 ^= r3;
1583 r3 ^= r0;
1584 r1 = r1 & r3 ^ r2;
1585 r4 ^= r3;
1586 r0 ^= r4;
1587 r2 = r2 & r4 ^ r0;
1588 r0 &= r1;
1589 r3 ^= r0;
1590 r4 = (r4 | r1) ^ r0;
1591 x0 = r1;
1592 x1 = r4 ^ (r2 & r3);
1593 x2 = ~((r0 | r3) ^ r2);
1594 x3 = r3;
1595 }
1596
1597 /** S-Box 5. */
1598 private void sbox5(int r0, int r1, int r2, int r3)
1599 {
1600 r0 ^= r1;
1601 r1 ^= r3;
1602 int r4 = r1;
1603 r3 = ~r3;
1604 r1 &= r0;
1605 r2 ^= r3;
1606 r1 ^= r2;
1607 r2 |= r4;
1608 r4 ^= r3;
1609 r3 = r3 & r1 ^ r0;
1610 r4 = r4 ^ r1 ^ r2;
1611 x0 = r1;
1612 x1 = r3;
1613 x2 = r0 & r3 ^ r4;
1614 x3 = ~(r2 ^ r0) ^ (r4 | r3);
1615 }
1616
1617 /** S-Box 6. */
1618 private void sbox6(int r0, int r1, int r2, int r3)
1619 {
1620 int r4 = r3;
1621 r2 = ~r2;
1622 r3 = r3 & r0 ^ r2;
1623 r0 ^= r4;
1624 r2 = (r2 | r4) ^ r0;
1625 r1 ^= r3;
1626 r0 |= r1;
1627 r2 ^= r1;
1628 r4 ^= r0;
1629 r0 = (r0 | r3) ^ r2;
1630 r4 = r4 ^ r3 ^ r0;
1631 x0 = r0;
1632 x1 = r1;
1633 x2 = r4;
1634 x3 = r2 & r4 ^ ~r3;
1635 }
1636
1637 /** S-Box 7. */
1638 private void sbox7(int r0, int r1, int r2, int r3)
1639 {
1640 int r4 = r1;
1641 r1 = (r1 | r2) ^ r3;
1642 r4 ^= r2;
1643 r2 ^= r1;
1644 r3 = (r3 | r4) & r0;
1645 r4 ^= r2;
1646 r3 ^= r1;
1647 r1 = (r1 | r4) ^ r0;
1648 r0 = (r0 | r4) ^ r2;
1649 r1 ^= r4;
1650 r2 ^= r1;
1651 x0 = r4 ^ (~r2 | r0);
1652 x1 = r3;
1653 x2 = r1 & r0 ^ r4;
1654 x3 = r0;
1655 }
1656
1657 // Inner classes.
1658 // -----------------------------------------------------------------------
1659
1660 private class Key implements Cloneable
1661 {
1662
1663 // Constants and variables.
1664 // --------------------------------------------------------------------
1665
1666 int k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, k10, k11, k12, k13, k14, k15,
1667 k16, k17, k18, k19, k20, k21, k22, k23, k24, k25, k26, k27, k28, k29,
1668 k30, k31, k32, k33, k34, k35, k36, k37, k38, k39, k40, k41, k42, k43,
1669 k44, k45, k46, k47, k48, k49, k50, k51, k52, k53, k54, k55, k56, k57,
1670 k58, k59, k60, k61, k62, k63, k64, k65, k66, k67, k68, k69, k70, k71,
1671 k72, k73, k74, k75, k76, k77, k78, k79, k80, k81, k82, k83, k84, k85,
1672 k86, k87, k88, k89, k90, k91, k92, k93, k94, k95, k96, k97, k98, k99,
1673 k100, k101, k102, k103, k104, k105, k106, k107, k108, k109, k110, k111,
1674 k112, k113, k114, k115, k116, k117, k118, k119, k120, k121, k122, k123,
1675 k124, k125, k126, k127, k128, k129, k130, k131;
1676
1677 // Constructors.
1678 // --------------------------------------------------------------------
1679
1680 /** Trivial 0-arguments constructor. */
1681 Key()
1682 {
1683 }
1684
1685 /** Cloning constructor. */
1686 private Key(Key that)
1687 {
1688 this.k0 = that.k0;
1689 this.k1 = that.k1;
1690 this.k2 = that.k2;
1691 this.k3 = that.k3;
1692 this.k4 = that.k4;
1693 this.k5 = that.k5;
1694 this.k6 = that.k6;
1695 this.k7 = that.k7;
1696 this.k8 = that.k8;
1697 this.k9 = that.k9;
1698 this.k10 = that.k10;
1699 this.k11 = that.k11;
1700 this.k12 = that.k12;
1701 this.k13 = that.k13;
1702 this.k14 = that.k14;
1703 this.k15 = that.k15;
1704 this.k16 = that.k16;
1705 this.k17 = that.k17;
1706 this.k18 = that.k18;
1707 this.k19 = that.k19;
1708 this.k20 = that.k20;
1709 this.k21 = that.k21;
1710 this.k22 = that.k22;
1711 this.k23 = that.k23;
1712 this.k24 = that.k24;
1713 this.k25 = that.k25;
1714 this.k26 = that.k26;
1715 this.k27 = that.k27;
1716 this.k28 = that.k28;
1717 this.k29 = that.k29;
1718 this.k30 = that.k30;
1719 this.k31 = that.k31;
1720 this.k32 = that.k32;
1721 this.k33 = that.k33;
1722 this.k34 = that.k34;
1723 this.k35 = that.k35;
1724 this.k36 = that.k36;
1725 this.k37 = that.k37;
1726 this.k38 = that.k38;
1727 this.k39 = that.k39;
1728 this.k40 = that.k40;
1729 this.k41 = that.k41;
1730 this.k42 = that.k42;
1731 this.k43 = that.k43;
1732 this.k44 = that.k44;
1733 this.k45 = that.k45;
1734 this.k46 = that.k46;
1735 this.k47 = that.k47;
1736 this.k48 = that.k48;
1737 this.k49 = that.k49;
1738 this.k50 = that.k50;
1739 this.k51 = that.k51;
1740 this.k52 = that.k52;
1741 this.k53 = that.k53;
1742 this.k54 = that.k54;
1743 this.k55 = that.k55;
1744 this.k56 = that.k56;
1745 this.k57 = that.k57;
1746 this.k58 = that.k58;
1747 this.k59 = that.k59;
1748 this.k60 = that.k60;
1749 this.k61 = that.k61;
1750 this.k62 = that.k62;
1751 this.k63 = that.k63;
1752 this.k64 = that.k64;
1753 this.k65 = that.k65;
1754 this.k66 = that.k66;
1755 this.k67 = that.k67;
1756 this.k68 = that.k68;
1757 this.k69 = that.k69;
1758 this.k70 = that.k70;
1759 this.k71 = that.k71;
1760 this.k72 = that.k72;
1761 this.k73 = that.k73;
1762 this.k74 = that.k74;
1763 this.k75 = that.k75;
1764 this.k76 = that.k76;
1765 this.k77 = that.k77;
1766 this.k78 = that.k78;
1767 this.k79 = that.k79;
1768 this.k80 = that.k80;
1769 this.k81 = that.k81;
1770 this.k82 = that.k82;
1771 this.k83 = that.k83;
1772 this.k84 = that.k84;
1773 this.k85 = that.k85;
1774 this.k86 = that.k86;
1775 this.k87 = that.k87;
1776 this.k88 = that.k88;
1777 this.k89 = that.k89;
1778 this.k90 = that.k90;
1779 this.k91 = that.k91;
1780 this.k92 = that.k92;
1781 this.k93 = that.k93;
1782 this.k94 = that.k94;
1783 this.k95 = that.k95;
1784 this.k96 = that.k96;
1785 this.k97 = that.k97;
1786 this.k98 = that.k98;
1787 this.k99 = that.k99;
1788 this.k100 = that.k100;
1789 this.k101 = that.k101;
1790 this.k102 = that.k102;
1791 this.k103 = that.k103;
1792 this.k104 = that.k104;
1793 this.k105 = that.k105;
1794 this.k106 = that.k106;
1795 this.k107 = that.k107;
1796 this.k108 = that.k108;
1797 this.k109 = that.k109;
1798 this.k110 = that.k110;
1799 this.k111 = that.k111;
1800 this.k112 = that.k112;
1801 this.k113 = that.k113;
1802 this.k114 = that.k114;
1803 this.k115 = that.k115;
1804 this.k116 = that.k116;
1805 this.k117 = that.k117;
1806 this.k118 = that.k118;
1807 this.k119 = that.k119;
1808 this.k120 = that.k120;
1809 this.k121 = that.k121;
1810 this.k122 = that.k122;
1811 this.k123 = that.k123;
1812 this.k124 = that.k124;
1813 this.k125 = that.k125;
1814 this.k126 = that.k126;
1815 this.k127 = that.k127;
1816 this.k128 = that.k128;
1817 this.k129 = that.k129;
1818 this.k130 = that.k130;
1819 this.k131 = that.k131;
1820 }
1821
1822 // Cloneable interface implementation.
1823 // --------------------------------------------------------------------
1824
1825 public Object clone()
1826 {
1827 return new Key(this);
1828 }
1829 }
1830 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org