OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libjava/] [classpath/] [gnu/] [javax/] [crypto/] [cipher/] [Serpent.java] - Blame information for rev 769

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 769 jeremybenn
/* Serpent.java --
2
   Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
3
 
4
This file is a part of GNU Classpath.
5
 
6
GNU Classpath is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or (at
9
your option) any later version.
10
 
11
GNU Classpath is distributed in the hope that it will be useful, but
12
WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14
General Public License for more details.
15
 
16
You should have received a copy of the GNU General Public License
17
along with GNU Classpath; if not, write to the Free Software
18
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
19
USA
20
 
21
Linking this library statically or dynamically with other modules is
22
making a combined work based on this library.  Thus, the terms and
23
conditions of the GNU General Public License cover the whole
24
combination.
25
 
26
As a special exception, the copyright holders of this library give you
27
permission to link this library with independent modules to produce an
28
executable, regardless of the license terms of these independent
29
modules, and to copy and distribute the resulting executable under
30
terms of your choice, provided that you also meet, for each linked
31
independent module, the terms and conditions of the license of that
32
module.  An independent module is a module which is not derived from
33
or based on this library.  If you modify this library, you may extend
34
this exception to your version of the library, but you are not
35
obligated to do so.  If you do not wish to do so, delete this
36
exception statement from your version.  */
37
 
38
 
39
package gnu.javax.crypto.cipher;
40
 
41
import gnu.java.security.Registry;
42
import gnu.java.security.util.Util;
43
 
44
import java.security.InvalidKeyException;
45
import java.util.ArrayList;
46
import java.util.Collections;
47
import java.util.Iterator;
48
 
49
/**
50
 * Serpent is a 32-round substitution-permutation network block cipher,
51
 * operating on 128-bit blocks and accepting keys of 128, 192, and 256 bits in
52
 * length. At each round the plaintext is XORed with a 128 bit portion of the
53
 * session key -- a 4224 bit key computed from the input key -- then one of
54
 * eight S-boxes are applied, and finally a simple linear transformation is
55
 * done. Decryption does the exact same thing in reverse order, and using the
56
 * eight inverses of the S-boxes.
57
 * <p>
58
 * Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen as a
59
 * proposed cipher for the Advanced Encryption Standard.
60
 * <p>
61
 * Serpent can be sped up greatly by replacing S-box substitution with a
62
 * sequence of binary operations, and the optimal implementation depends upon
63
 * finding the fastest sequence of binary operations that reproduce this
64
 * substitution. This implementation uses the S-boxes discovered by <a
65
 * href="http://www.ii.uib.no/~osvik/">Dag Arne Osvik</a>, which are optimized
66
 * for the Pentium family of processors.
67
 * <p>
68
 * References:
69
 * <ol>
70
 * <li><a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">Serpent: A
71
 * Candidate Block Cipher for the Advanced Encryption Standard.</a></li>
72
 * </ol>
73
 */
74
public class Serpent
75
    extends BaseCipher
76
{
77
  private static final int DEFAULT_KEY_SIZE = 16;
78
  private static final int DEFAULT_BLOCK_SIZE = 16;
79
  private static final int ROUNDS = 32;
80
  /** The fractional part of the golden ratio, (sqrt(5)+1)/2. */
81
  private static final int PHI = 0x9e3779b9;
82
  /**
83
   * KAT vector (from ecb_vk): I=9
84
   * KEY=008000000000000000000000000000000000000000000000
85
   * CT=5587B5BCB9EE5A28BA2BACC418005240
86
   */
87
  private static final byte[] KAT_KEY = Util.toReversedBytesFromString(
88
      "008000000000000000000000000000000000000000000000");
89
  private static final byte[] KAT_CT =
90
      Util.toReversedBytesFromString("5587B5BCB9EE5A28BA2BACC418005240");
91
  /** caches the result of the correctness test, once executed. */
92
  private static Boolean valid;
93
  private int x0, x1, x2, x3, x4;
94
 
95
  /** Trivial zero-argument constructor. */
96
  public Serpent()
97
  {
98
    super(Registry.SERPENT_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
99
  }
100
 
101
  public Object clone()
102
  {
103
    Serpent result = new Serpent();
104
    result.currentBlockSize = this.currentBlockSize;
105
    return result;
106
  }
107
 
108
  public Iterator blockSizes()
109
  {
110
    return Collections.singleton(Integer.valueOf(DEFAULT_BLOCK_SIZE)).iterator();
111
  }
112
 
113
  public Iterator keySizes()
114
  {
115
    ArrayList keySizes = new ArrayList();
116
    keySizes.add(Integer.valueOf(16));
117
    keySizes.add(Integer.valueOf(24));
118
    keySizes.add(Integer.valueOf(32));
119
    return Collections.unmodifiableList(keySizes).iterator();
120
  }
121
 
122
  public Object makeKey(byte[] kb, int blockSize) throws InvalidKeyException
123
  {
124
    // Not strictly true, but here to conform with the AES proposal.
125
    // This restriction can be removed if deemed necessary.
126
    if (kb.length != 16 && kb.length != 24 && kb.length != 32)
127
      throw new InvalidKeyException("Key length is not 16, 24, or 32 bytes");
128
    Key key = new Key();
129
    // Here w is our "pre-key".
130
    int[] w = new int[4 * (ROUNDS + 1)];
131
    int i, j;
132
    for (i = 0, j = 0; i < 8 && j < kb.length; i++)
133
      w[i] = (kb[j++] & 0xff)
134
           | (kb[j++] & 0xff) << 8
135
           | (kb[j++] & 0xff) << 16
136
           | (kb[j++] & 0xff) << 24;
137
    // Pad key if < 256 bits.
138
    if (i != 8)
139
      w[i] = 1;
140
    // Transform using w_i-8 ... w_i-1
141
    for (i = 8, j = 0; i < 16; i++)
142
      {
143
        int t = w[j] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ j++;
144
        w[i] = t << 11 | t >>> 21;
145
      }
146
    // Translate by 8.
147
    for (i = 0; i < 8; i++)
148
      w[i] = w[i + 8];
149
    // Transform the rest of the key.
150
    for (; i < w.length; i++)
151
      {
152
        int t = w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i;
153
        w[i] = t << 11 | t >>> 21;
154
      }
155
    // After these s-boxes the pre-key (w, above) will become the
156
    // session key (key, below).
157
    sbox3(w[0], w[1], w[2], w[3]);
158
    key.k0 = x0;
159
    key.k1 = x1;
160
    key.k2 = x2;
161
    key.k3 = x3;
162
    sbox2(w[4], w[5], w[6], w[7]);
163
    key.k4 = x0;
164
    key.k5 = x1;
165
    key.k6 = x2;
166
    key.k7 = x3;
167
    sbox1(w[8], w[9], w[10], w[11]);
168
    key.k8 = x0;
169
    key.k9 = x1;
170
    key.k10 = x2;
171
    key.k11 = x3;
172
    sbox0(w[12], w[13], w[14], w[15]);
173
    key.k12 = x0;
174
    key.k13 = x1;
175
    key.k14 = x2;
176
    key.k15 = x3;
177
    sbox7(w[16], w[17], w[18], w[19]);
178
    key.k16 = x0;
179
    key.k17 = x1;
180
    key.k18 = x2;
181
    key.k19 = x3;
182
    sbox6(w[20], w[21], w[22], w[23]);
183
    key.k20 = x0;
184
    key.k21 = x1;
185
    key.k22 = x2;
186
    key.k23 = x3;
187
    sbox5(w[24], w[25], w[26], w[27]);
188
    key.k24 = x0;
189
    key.k25 = x1;
190
    key.k26 = x2;
191
    key.k27 = x3;
192
    sbox4(w[28], w[29], w[30], w[31]);
193
    key.k28 = x0;
194
    key.k29 = x1;
195
    key.k30 = x2;
196
    key.k31 = x3;
197
    sbox3(w[32], w[33], w[34], w[35]);
198
    key.k32 = x0;
199
    key.k33 = x1;
200
    key.k34 = x2;
201
    key.k35 = x3;
202
    sbox2(w[36], w[37], w[38], w[39]);
203
    key.k36 = x0;
204
    key.k37 = x1;
205
    key.k38 = x2;
206
    key.k39 = x3;
207
    sbox1(w[40], w[41], w[42], w[43]);
208
    key.k40 = x0;
209
    key.k41 = x1;
210
    key.k42 = x2;
211
    key.k43 = x3;
212
    sbox0(w[44], w[45], w[46], w[47]);
213
    key.k44 = x0;
214
    key.k45 = x1;
215
    key.k46 = x2;
216
    key.k47 = x3;
217
    sbox7(w[48], w[49], w[50], w[51]);
218
    key.k48 = x0;
219
    key.k49 = x1;
220
    key.k50 = x2;
221
    key.k51 = x3;
222
    sbox6(w[52], w[53], w[54], w[55]);
223
    key.k52 = x0;
224
    key.k53 = x1;
225
    key.k54 = x2;
226
    key.k55 = x3;
227
    sbox5(w[56], w[57], w[58], w[59]);
228
    key.k56 = x0;
229
    key.k57 = x1;
230
    key.k58 = x2;
231
    key.k59 = x3;
232
    sbox4(w[60], w[61], w[62], w[63]);
233
    key.k60 = x0;
234
    key.k61 = x1;
235
    key.k62 = x2;
236
    key.k63 = x3;
237
    sbox3(w[64], w[65], w[66], w[67]);
238
    key.k64 = x0;
239
    key.k65 = x1;
240
    key.k66 = x2;
241
    key.k67 = x3;
242
    sbox2(w[68], w[69], w[70], w[71]);
243
    key.k68 = x0;
244
    key.k69 = x1;
245
    key.k70 = x2;
246
    key.k71 = x3;
247
    sbox1(w[72], w[73], w[74], w[75]);
248
    key.k72 = x0;
249
    key.k73 = x1;
250
    key.k74 = x2;
251
    key.k75 = x3;
252
    sbox0(w[76], w[77], w[78], w[79]);
253
    key.k76 = x0;
254
    key.k77 = x1;
255
    key.k78 = x2;
256
    key.k79 = x3;
257
    sbox7(w[80], w[81], w[82], w[83]);
258
    key.k80 = x0;
259
    key.k81 = x1;
260
    key.k82 = x2;
261
    key.k83 = x3;
262
    sbox6(w[84], w[85], w[86], w[87]);
263
    key.k84 = x0;
264
    key.k85 = x1;
265
    key.k86 = x2;
266
    key.k87 = x3;
267
    sbox5(w[88], w[89], w[90], w[91]);
268
    key.k88 = x0;
269
    key.k89 = x1;
270
    key.k90 = x2;
271
    key.k91 = x3;
272
    sbox4(w[92], w[93], w[94], w[95]);
273
    key.k92 = x0;
274
    key.k93 = x1;
275
    key.k94 = x2;
276
    key.k95 = x3;
277
    sbox3(w[96], w[97], w[98], w[99]);
278
    key.k96 = x0;
279
    key.k97 = x1;
280
    key.k98 = x2;
281
    key.k99 = x3;
282
    sbox2(w[100], w[101], w[102], w[103]);
283
    key.k100 = x0;
284
    key.k101 = x1;
285
    key.k102 = x2;
286
    key.k103 = x3;
287
    sbox1(w[104], w[105], w[106], w[107]);
288
    key.k104 = x0;
289
    key.k105 = x1;
290
    key.k106 = x2;
291
    key.k107 = x3;
292
    sbox0(w[108], w[109], w[110], w[111]);
293
    key.k108 = x0;
294
    key.k109 = x1;
295
    key.k110 = x2;
296
    key.k111 = x3;
297
    sbox7(w[112], w[113], w[114], w[115]);
298
    key.k112 = x0;
299
    key.k113 = x1;
300
    key.k114 = x2;
301
    key.k115 = x3;
302
    sbox6(w[116], w[117], w[118], w[119]);
303
    key.k116 = x0;
304
    key.k117 = x1;
305
    key.k118 = x2;
306
    key.k119 = x3;
307
    sbox5(w[120], w[121], w[122], w[123]);
308
    key.k120 = x0;
309
    key.k121 = x1;
310
    key.k122 = x2;
311
    key.k123 = x3;
312
    sbox4(w[124], w[125], w[126], w[127]);
313
    key.k124 = x0;
314
    key.k125 = x1;
315
    key.k126 = x2;
316
    key.k127 = x3;
317
    sbox3(w[128], w[129], w[130], w[131]);
318
    key.k128 = x0;
319
    key.k129 = x1;
320
    key.k130 = x2;
321
    key.k131 = x3;
322
    return key;
323
  }
324
 
325
  public synchronized void encrypt(byte[] in, int i, byte[] out, int o,
326
                                   Object K, int bs)
327
  {
328
    Key key = (Key) K;
329
    x0 = (in[i     ] & 0xff)
330
       | (in[i +  1] & 0xff) << 8
331
       | (in[i +  2] & 0xff) << 16
332
       | (in[i +  3] & 0xff) << 24;
333
    x1 = (in[i +  4] & 0xff)
334
       | (in[i +  5] & 0xff) << 8
335
       | (in[i +  6] & 0xff) << 16
336
       | (in[i +  7] & 0xff) << 24;
337
    x2 = (in[i +  8] & 0xff)
338
       | (in[i +  9] & 0xff) << 8
339
       | (in[i + 10] & 0xff) << 16
340
       | (in[i + 11] & 0xff) << 24;
341
    x3 = (in[i + 12] & 0xff)
342
       | (in[i + 13] & 0xff) << 8
343
       | (in[i + 14] & 0xff) << 16
344
       | (in[i + 15] & 0xff) << 24;
345
    x0 ^= key.k0;
346
    x1 ^= key.k1;
347
    x2 ^= key.k2;
348
    x3 ^= key.k3;
349
    sbox0();
350
    x1 ^= key.k4;
351
    x4 ^= key.k5;
352
    x2 ^= key.k6;
353
    x0 ^= key.k7;
354
    sbox1();
355
    x0 ^= key.k8;
356
    x4 ^= key.k9;
357
    x2 ^= key.k10;
358
    x1 ^= key.k11;
359
    sbox2();
360
    x2 ^= key.k12;
361
    x1 ^= key.k13;
362
    x4 ^= key.k14;
363
    x3 ^= key.k15;
364
    sbox3();
365
    x1 ^= key.k16;
366
    x4 ^= key.k17;
367
    x3 ^= key.k18;
368
    x0 ^= key.k19;
369
    sbox4();
370
    x4 ^= key.k20;
371
    x2 ^= key.k21;
372
    x1 ^= key.k22;
373
    x0 ^= key.k23;
374
    sbox5();
375
    x2 ^= key.k24;
376
    x0 ^= key.k25;
377
    x4 ^= key.k26;
378
    x1 ^= key.k27;
379
    sbox6();
380
    x2 ^= key.k28;
381
    x0 ^= key.k29;
382
    x3 ^= key.k30;
383
    x4 ^= key.k31;
384
    sbox7();
385
    x0 = x3;
386
    x3 = x2;
387
    x2 = x4;
388
    x0 ^= key.k32;
389
    x1 ^= key.k33;
390
    x2 ^= key.k34;
391
    x3 ^= key.k35;
392
    sbox0();
393
    x1 ^= key.k36;
394
    x4 ^= key.k37;
395
    x2 ^= key.k38;
396
    x0 ^= key.k39;
397
    sbox1();
398
    x0 ^= key.k40;
399
    x4 ^= key.k41;
400
    x2 ^= key.k42;
401
    x1 ^= key.k43;
402
    sbox2();
403
    x2 ^= key.k44;
404
    x1 ^= key.k45;
405
    x4 ^= key.k46;
406
    x3 ^= key.k47;
407
    sbox3();
408
    x1 ^= key.k48;
409
    x4 ^= key.k49;
410
    x3 ^= key.k50;
411
    x0 ^= key.k51;
412
    sbox4();
413
    x4 ^= key.k52;
414
    x2 ^= key.k53;
415
    x1 ^= key.k54;
416
    x0 ^= key.k55;
417
    sbox5();
418
    x2 ^= key.k56;
419
    x0 ^= key.k57;
420
    x4 ^= key.k58;
421
    x1 ^= key.k59;
422
    sbox6();
423
    x2 ^= key.k60;
424
    x0 ^= key.k61;
425
    x3 ^= key.k62;
426
    x4 ^= key.k63;
427
    sbox7();
428
    x0 = x3;
429
    x3 = x2;
430
    x2 = x4;
431
    x0 ^= key.k64;
432
    x1 ^= key.k65;
433
    x2 ^= key.k66;
434
    x3 ^= key.k67;
435
    sbox0();
436
    x1 ^= key.k68;
437
    x4 ^= key.k69;
438
    x2 ^= key.k70;
439
    x0 ^= key.k71;
440
    sbox1();
441
    x0 ^= key.k72;
442
    x4 ^= key.k73;
443
    x2 ^= key.k74;
444
    x1 ^= key.k75;
445
    sbox2();
446
    x2 ^= key.k76;
447
    x1 ^= key.k77;
448
    x4 ^= key.k78;
449
    x3 ^= key.k79;
450
    sbox3();
451
    x1 ^= key.k80;
452
    x4 ^= key.k81;
453
    x3 ^= key.k82;
454
    x0 ^= key.k83;
455
    sbox4();
456
    x4 ^= key.k84;
457
    x2 ^= key.k85;
458
    x1 ^= key.k86;
459
    x0 ^= key.k87;
460
    sbox5();
461
    x2 ^= key.k88;
462
    x0 ^= key.k89;
463
    x4 ^= key.k90;
464
    x1 ^= key.k91;
465
    sbox6();
466
    x2 ^= key.k92;
467
    x0 ^= key.k93;
468
    x3 ^= key.k94;
469
    x4 ^= key.k95;
470
    sbox7();
471
    x0 = x3;
472
    x3 = x2;
473
    x2 = x4;
474
    x0 ^= key.k96;
475
    x1 ^= key.k97;
476
    x2 ^= key.k98;
477
    x3 ^= key.k99;
478
    sbox0();
479
    x1 ^= key.k100;
480
    x4 ^= key.k101;
481
    x2 ^= key.k102;
482
    x0 ^= key.k103;
483
    sbox1();
484
    x0 ^= key.k104;
485
    x4 ^= key.k105;
486
    x2 ^= key.k106;
487
    x1 ^= key.k107;
488
    sbox2();
489
    x2 ^= key.k108;
490
    x1 ^= key.k109;
491
    x4 ^= key.k110;
492
    x3 ^= key.k111;
493
    sbox3();
494
    x1 ^= key.k112;
495
    x4 ^= key.k113;
496
    x3 ^= key.k114;
497
    x0 ^= key.k115;
498
    sbox4();
499
    x4 ^= key.k116;
500
    x2 ^= key.k117;
501
    x1 ^= key.k118;
502
    x0 ^= key.k119;
503
    sbox5();
504
    x2 ^= key.k120;
505
    x0 ^= key.k121;
506
    x4 ^= key.k122;
507
    x1 ^= key.k123;
508
    sbox6();
509
    x2 ^= key.k124;
510
    x0 ^= key.k125;
511
    x3 ^= key.k126;
512
    x4 ^= key.k127;
513
    sbox7noLT();
514
    x0 = x3;
515
    x3 = x2;
516
    x2 = x4;
517
    x0 ^= key.k128;
518
    x1 ^= key.k129;
519
    x2 ^= key.k130;
520
    x3 ^= key.k131;
521
    out[o     ] = (byte) x0;
522
    out[o +  1] = (byte)(x0 >>> 8);
523
    out[o +  2] = (byte)(x0 >>> 16);
524
    out[o +  3] = (byte)(x0 >>> 24);
525
    out[o +  4] = (byte) x1;
526
    out[o +  5] = (byte)(x1 >>> 8);
527
    out[o +  6] = (byte)(x1 >>> 16);
528
    out[o +  7] = (byte)(x1 >>> 24);
529
    out[o +  8] = (byte) x2;
530
    out[o +  9] = (byte)(x2 >>> 8);
531
    out[o + 10] = (byte)(x2 >>> 16);
532
    out[o + 11] = (byte)(x2 >>> 24);
533
    out[o + 12] = (byte) x3;
534
    out[o + 13] = (byte)(x3 >>> 8);
535
    out[o + 14] = (byte)(x3 >>> 16);
536
    out[o + 15] = (byte)(x3 >>> 24);
537
  }
538
 
539
  public synchronized void decrypt(byte[] in, int i, byte[] out, int o,
540
                                   Object K, int bs)
541
  {
542
    Key key = (Key) K;
543
    x0 = (in[i     ] & 0xff)
544
       | (in[i +  1] & 0xff) << 8
545
       | (in[i +  2] & 0xff) << 16
546
       | (in[i +  3] & 0xff) << 24;
547
    x1 = (in[i +  4] & 0xff)
548
       | (in[i +  5] & 0xff) << 8
549
       | (in[i +  6] & 0xff) << 16
550
       | (in[i +  7] & 0xff) << 24;
551
    x2 = (in[i +  8] & 0xff)
552
       | (in[i +  9] & 0xff) << 8
553
       | (in[i + 10] & 0xff) << 16
554
       | (in[i + 11] & 0xff) << 24;
555
    x3 = (in[i + 12] & 0xff)
556
       | (in[i + 13] & 0xff) << 8
557
       | (in[i + 14] & 0xff) << 16
558
       | (in[i + 15] & 0xff) << 24;
559
    x0 ^= key.k128;
560
    x1 ^= key.k129;
561
    x2 ^= key.k130;
562
    x3 ^= key.k131;
563
    sboxI7noLT();
564
    x3 ^= key.k124;
565
    x0 ^= key.k125;
566
    x1 ^= key.k126;
567
    x4 ^= key.k127;
568
    sboxI6();
569
    x0 ^= key.k120;
570
    x1 ^= key.k121;
571
    x2 ^= key.k122;
572
    x4 ^= key.k123;
573
    sboxI5();
574
    x1 ^= key.k116;
575
    x3 ^= key.k117;
576
    x4 ^= key.k118;
577
    x2 ^= key.k119;
578
    sboxI4();
579
    x1 ^= key.k112;
580
    x2 ^= key.k113;
581
    x4 ^= key.k114;
582
    x0 ^= key.k115;
583
    sboxI3();
584
    x0 ^= key.k108;
585
    x1 ^= key.k109;
586
    x4 ^= key.k110;
587
    x2 ^= key.k111;
588
    sboxI2();
589
    x1 ^= key.k104;
590
    x3 ^= key.k105;
591
    x4 ^= key.k106;
592
    x2 ^= key.k107;
593
    sboxI1();
594
    x0 ^= key.k100;
595
    x1 ^= key.k101;
596
    x2 ^= key.k102;
597
    x4 ^= key.k103;
598
    sboxI0();
599
    x0 ^= key.k96;
600
    x3 ^= key.k97;
601
    x1 ^= key.k98;
602
    x4 ^= key.k99;
603
    sboxI7();
604
    x1 = x3;
605
    x3 = x4;
606
    x4 = x2;
607
    x3 ^= key.k92;
608
    x0 ^= key.k93;
609
    x1 ^= key.k94;
610
    x4 ^= key.k95;
611
    sboxI6();
612
    x0 ^= key.k88;
613
    x1 ^= key.k89;
614
    x2 ^= key.k90;
615
    x4 ^= key.k91;
616
    sboxI5();
617
    x1 ^= key.k84;
618
    x3 ^= key.k85;
619
    x4 ^= key.k86;
620
    x2 ^= key.k87;
621
    sboxI4();
622
    x1 ^= key.k80;
623
    x2 ^= key.k81;
624
    x4 ^= key.k82;
625
    x0 ^= key.k83;
626
    sboxI3();
627
    x0 ^= key.k76;
628
    x1 ^= key.k77;
629
    x4 ^= key.k78;
630
    x2 ^= key.k79;
631
    sboxI2();
632
    x1 ^= key.k72;
633
    x3 ^= key.k73;
634
    x4 ^= key.k74;
635
    x2 ^= key.k75;
636
    sboxI1();
637
    x0 ^= key.k68;
638
    x1 ^= key.k69;
639
    x2 ^= key.k70;
640
    x4 ^= key.k71;
641
    sboxI0();
642
    x0 ^= key.k64;
643
    x3 ^= key.k65;
644
    x1 ^= key.k66;
645
    x4 ^= key.k67;
646
    sboxI7();
647
    x1 = x3;
648
    x3 = x4;
649
    x4 = x2;
650
    x3 ^= key.k60;
651
    x0 ^= key.k61;
652
    x1 ^= key.k62;
653
    x4 ^= key.k63;
654
    sboxI6();
655
    x0 ^= key.k56;
656
    x1 ^= key.k57;
657
    x2 ^= key.k58;
658
    x4 ^= key.k59;
659
    sboxI5();
660
    x1 ^= key.k52;
661
    x3 ^= key.k53;
662
    x4 ^= key.k54;
663
    x2 ^= key.k55;
664
    sboxI4();
665
    x1 ^= key.k48;
666
    x2 ^= key.k49;
667
    x4 ^= key.k50;
668
    x0 ^= key.k51;
669
    sboxI3();
670
    x0 ^= key.k44;
671
    x1 ^= key.k45;
672
    x4 ^= key.k46;
673
    x2 ^= key.k47;
674
    sboxI2();
675
    x1 ^= key.k40;
676
    x3 ^= key.k41;
677
    x4 ^= key.k42;
678
    x2 ^= key.k43;
679
    sboxI1();
680
    x0 ^= key.k36;
681
    x1 ^= key.k37;
682
    x2 ^= key.k38;
683
    x4 ^= key.k39;
684
    sboxI0();
685
    x0 ^= key.k32;
686
    x3 ^= key.k33;
687
    x1 ^= key.k34;
688
    x4 ^= key.k35;
689
    sboxI7();
690
    x1 = x3;
691
    x3 = x4;
692
    x4 = x2;
693
    x3 ^= key.k28;
694
    x0 ^= key.k29;
695
    x1 ^= key.k30;
696
    x4 ^= key.k31;
697
    sboxI6();
698
    x0 ^= key.k24;
699
    x1 ^= key.k25;
700
    x2 ^= key.k26;
701
    x4 ^= key.k27;
702
    sboxI5();
703
    x1 ^= key.k20;
704
    x3 ^= key.k21;
705
    x4 ^= key.k22;
706
    x2 ^= key.k23;
707
    sboxI4();
708
    x1 ^= key.k16;
709
    x2 ^= key.k17;
710
    x4 ^= key.k18;
711
    x0 ^= key.k19;
712
    sboxI3();
713
    x0 ^= key.k12;
714
    x1 ^= key.k13;
715
    x4 ^= key.k14;
716
    x2 ^= key.k15;
717
    sboxI2();
718
    x1 ^= key.k8;
719
    x3 ^= key.k9;
720
    x4 ^= key.k10;
721
    x2 ^= key.k11;
722
    sboxI1();
723
    x0 ^= key.k4;
724
    x1 ^= key.k5;
725
    x2 ^= key.k6;
726
    x4 ^= key.k7;
727
    sboxI0();
728
    x2 = x1;
729
    x1 = x3;
730
    x3 = x4;
731
    x0 ^= key.k0;
732
    x1 ^= key.k1;
733
    x2 ^= key.k2;
734
    x3 ^= key.k3;
735
    out[o     ] = (byte) x0;
736
    out[o +  1] = (byte)(x0 >>> 8);
737
    out[o +  2] = (byte)(x0 >>> 16);
738
    out[o +  3] = (byte)(x0 >>> 24);
739
    out[o +  4] = (byte) x1;
740
    out[o +  5] = (byte)(x1 >>> 8);
741
    out[o +  6] = (byte)(x1 >>> 16);
742
    out[o +  7] = (byte)(x1 >>> 24);
743
    out[o +  8] = (byte) x2;
744
    out[o +  9] = (byte)(x2 >>> 8);
745
    out[o + 10] = (byte)(x2 >>> 16);
746
    out[o + 11] = (byte)(x2 >>> 24);
747
    out[o + 12] = (byte) x3;
748
    out[o + 13] = (byte)(x3 >>> 8);
749
    out[o + 14] = (byte)(x3 >>> 16);
750
    out[o + 15] = (byte)(x3 >>> 24);
751
  }
752
 
753
  public boolean selfTest()
754
  {
755
    if (valid == null)
756
      {
757
        boolean result = super.selfTest(); // do symmetry tests
758
        if (result)
759
          result = testKat(KAT_KEY, KAT_CT);
760
        valid = Boolean.valueOf(result);
761
      }
762
    return valid.booleanValue();
763
  }
764
 
765
  // These first few S-boxes operate directly on the "registers",
766
  // x0..x4, and perform the linear transform.
767
  private void sbox0()
768
  {
769
    x3 ^= x0;
770
    x4 = x1;
771
    x1 &= x3;
772
    x4 ^= x2;
773
    x1 ^= x0;
774
    x0 |= x3;
775
    x0 ^= x4;
776
    x4 ^= x3;
777
    x3 ^= x2;
778
    x2 |= x1;
779
    x2 ^= x4;
780
    x4 ^= -1;
781
    x4 |= x1;
782
    x1 ^= x3;
783
    x1 ^= x4;
784
    x3 |= x0;
785
    x1 ^= x3;
786
    x4 ^= x3;
787
 
788
    x1 = (x1 << 13) | (x1 >>> 19);
789
    x4 ^= x1;
790
    x3 = x1 << 3;
791
    x2 = (x2 << 3) | (x2 >>> 29);
792
    x4 ^= x2;
793
    x0 ^= x2;
794
    x4 = (x4 << 1) | (x4 >>> 31);
795
    x0 ^= x3;
796
    x0 = (x0 << 7) | (x0 >>> 25);
797
    x3 = x4;
798
    x1 ^= x4;
799
    x3 <<= 7;
800
    x1 ^= x0;
801
    x2 ^= x0;
802
    x2 ^= x3;
803
    x1 = (x1 << 5) | (x1 >>> 27);
804
    x2 = (x2 << 22) | (x2 >>> 10);
805
  }
806
 
807
  private void sbox1()
808
  {
809
    x4 = ~x4;
810
    x3 = x1;
811
    x1 ^= x4;
812
    x3 |= x4;
813
    x3 ^= x0;
814
    x0 &= x1;
815
    x2 ^= x3;
816
    x0 ^= x4;
817
    x0 |= x2;
818
    x1 ^= x3;
819
    x0 ^= x1;
820
    x4 &= x2;
821
    x1 |= x4;
822
    x4 ^= x3;
823
    x1 ^= x2;
824
    x3 |= x0;
825
    x1 ^= x3;
826
    x3 = ~x3;
827
    x4 ^= x0;
828
    x3 &= x2;
829
    x4 = ~x4;
830
    x3 ^= x1;
831
    x4 ^= x3;
832
 
833
    x0 = (x0 << 13) | (x0 >>> 19);
834
    x4 ^= x0;
835
    x3 = x0 << 3;
836
    x2 = (x2 << 3) | (x2 >>> 29);
837
    x4 ^= x2;
838
    x1 ^= x2;
839
    x4 = (x4 << 1) | (x4 >>> 31);
840
    x1 ^= x3;
841
    x1 = (x1 << 7) | (x1 >>> 25);
842
    x3 = x4;
843
    x0 ^= x4;
844
    x3 <<= 7;
845
    x0 ^= x1;
846
    x2 ^= x1;
847
    x2 ^= x3;
848
    x0 = (x0 << 5) | (x0 >>> 27);
849
    x2 = (x2 << 22) | (x2 >>> 10);
850
  }
851
 
852
  private void sbox2()
853
  {
854
    x3 = x0;
855
    x0 = x0 & x2;
856
    x0 = x0 ^ x1;
857
    x2 = x2 ^ x4;
858
    x2 = x2 ^ x0;
859
    x1 = x1 | x3;
860
    x1 = x1 ^ x4;
861
    x3 = x3 ^ x2;
862
    x4 = x1;
863
    x1 = x1 | x3;
864
    x1 = x1 ^ x0;
865
    x0 = x0 & x4;
866
    x3 = x3 ^ x0;
867
    x4 = x4 ^ x1;
868
    x4 = x4 ^ x3;
869
    x3 = ~x3;
870
 
871
    x2 = (x2 << 13) | (x2 >>> 19);
872
    x1 ^= x2;
873
    x0 = x2 << 3;
874
    x4 = (x4 << 3) | (x4 >>> 29);
875
    x1 ^= x4;
876
    x3 ^= x4;
877
    x1 = (x1 << 1) | (x1 >>> 31);
878
    x3 ^= x0;
879
    x3 = (x3 << 7) | (x3 >>> 25);
880
    x0 = x1;
881
    x2 ^= x1;
882
    x0 <<= 7;
883
    x2 ^= x3;
884
    x4 ^= x3;
885
    x4 ^= x0;
886
    x2 = (x2 << 5) | (x2 >>> 27);
887
    x4 = (x4 << 22) | (x4 >>> 10);
888
  }
889
 
890
  private void sbox3()
891
  {
892
    x0 = x2;
893
    x2 = x2 | x3;
894
    x3 = x3 ^ x1;
895
    x1 = x1 & x0;
896
    x0 = x0 ^ x4;
897
    x4 = x4 ^ x3;
898
    x3 = x3 & x2;
899
    x0 = x0 | x1;
900
    x3 = x3 ^ x0;
901
    x2 = x2 ^ x1;
902
    x0 = x0 & x2;
903
    x1 = x1 ^ x3;
904
    x0 = x0 ^ x4;
905
    x1 = x1 | x2;
906
    x1 = x1 ^ x4;
907
    x2 = x2 ^ x3;
908
    x4 = x1;
909
    x1 = x1 | x3;
910
    x1 = x1 ^ x2;
911
 
912
    x1 = (x1 << 13) | (x1 >>> 19);
913
    x4 ^= x1;
914
    x2 = x1 << 3;
915
    x3 = (x3 << 3) | (x3 >>> 29);
916
    x4 ^= x3;
917
    x0 ^= x3;
918
    x4 = (x4 << 1) | (x4 >>> 31);
919
    x0 ^= x2;
920
    x0 = (x0 << 7) | (x0 >>> 25);
921
    x2 = x4;
922
    x1 ^= x4;
923
    x2 <<= 7;
924
    x1 ^= x0;
925
    x3 ^= x0;
926
    x3 ^= x2;
927
    x1 = (x1 << 5) | (x1 >>> 27);
928
    x3 = (x3 << 22) | (x3 >>> 10);
929
  }
930
 
931
  private void sbox4()
932
  {
933
    x4 = x4 ^ x0;
934
    x0 = ~x0;
935
    x3 = x3 ^ x0;
936
    x0 = x0 ^ x1;
937
    x2 = x4;
938
    x4 = x4 & x0;
939
    x4 = x4 ^ x3;
940
    x2 = x2 ^ x0;
941
    x1 = x1 ^ x2;
942
    x3 = x3 & x2;
943
    x3 = x3 ^ x1;
944
    x1 = x1 & x4;
945
    x0 = x0 ^ x1;
946
    x2 = x2 | x4;
947
    x2 = x2 ^ x1;
948
    x1 = x1 | x0;
949
    x1 = x1 ^ x3;
950
    x3 = x3 & x0;
951
    x1 = ~x1;
952
    x2 = x2 ^ x3;
953
 
954
    x4 = (x4 << 13) | (x4 >>> 19);
955
    x2 ^= x4;
956
    x3 = x4 << 3;
957
    x1 = (x1 << 3) | (x1 >>> 29);
958
    x2 ^= x1;
959
    x0 ^= x1;
960
    x2 = (x2 << 1) | (x2 >>> 31);
961
    x0 ^= x3;
962
    x0 = (x0 << 7) | (x0 >>> 25);
963
    x3 = x2;
964
    x4 ^= x2;
965
    x3 <<= 7;
966
    x4 ^= x0;
967
    x1 ^= x0;
968
    x1 ^= x3;
969
    x4 = (x4 << 5) | (x4 >>> 27);
970
    x1 = (x1 << 22) | (x1 >>> 10);
971
  }
972
 
973
  private void sbox5()
974
  {
975
    x4 = x4 ^ x2;
976
    x2 = x2 ^ x0;
977
    x0 = ~x0;
978
    x3 = x2;
979
    x2 = x2 & x4;
980
    x1 = x1 ^ x0;
981
    x2 = x2 ^ x1;
982
    x1 = x1 | x3;
983
    x3 = x3 ^ x0;
984
    x0 = x0 & x2;
985
    x0 = x0 ^ x4;
986
    x3 = x3 ^ x2;
987
    x3 = x3 ^ x1;
988
    x1 = x1 ^ x4;
989
    x4 = x4 & x0;
990
    x1 = ~x1;
991
    x4 = x4 ^ x3;
992
    x3 = x3 | x0;
993
    x1 = x1 ^ x3;
994
 
995
    x2 = (x2 << 13) | (x2 >>> 19);
996
    x0 ^= x2;
997
    x3 = x2 << 3;
998
    x4 = (x4 << 3) | (x4 >>> 29);
999
    x0 ^= x4;
1000
    x1 ^= x4;
1001
    x0 = (x0 << 1) | (x0 >>> 31);
1002
    x1 ^= x3;
1003
    x1 = (x1 << 7) | (x1 >>> 25);
1004
    x3 = x0;
1005
    x2 ^= x0;
1006
    x3 <<= 7;
1007
    x2 ^= x1;
1008
    x4 ^= x1;
1009
    x4 ^= x3;
1010
    x2 = (x2 << 5) | (x2 >>> 27);
1011
    x4 = (x4 << 22) | (x4 >>> 10);
1012
  }
1013
 
1014
  private void sbox6()
1015
  {
1016
    x4 = ~x4;
1017
    x3 = x1;
1018
    x1 = x1 & x2;
1019
    x2 = x2 ^ x3;
1020
    x1 = x1 ^ x4;
1021
    x4 = x4 | x3;
1022
    x0 = x0 ^ x1;
1023
    x4 = x4 ^ x2;
1024
    x2 = x2 | x0;
1025
    x4 = x4 ^ x0;
1026
    x3 = x3 ^ x2;
1027
    x2 = x2 | x1;
1028
    x2 = x2 ^ x4;
1029
    x3 = x3 ^ x1;
1030
    x3 = x3 ^ x2;
1031
    x1 = ~x1;
1032
    x4 = x4 & x3;
1033
    x4 = x4 ^ x1;
1034
    x2 = (x2 << 13) | (x2 >>> 19);
1035
    x0 ^= x2;
1036
    x1 = x2 << 3;
1037
    x3 = (x3 << 3) | (x3 >>> 29);
1038
    x0 ^= x3;
1039
    x4 ^= x3;
1040
    x0 = (x0 << 1) | (x0 >>> 31);
1041
    x4 ^= x1;
1042
    x4 = (x4 << 7) | (x4 >>> 25);
1043
    x1 = x0;
1044
    x2 ^= x0;
1045
    x1 <<= 7;
1046
    x2 ^= x4;
1047
    x3 ^= x4;
1048
    x3 ^= x1;
1049
    x2 = (x2 << 5) | (x2 >>> 27);
1050
    x3 = (x3 << 22) | (x3 >>> 10);
1051
  }
1052
 
1053
  private void sbox7()
1054
  {
1055
    x1 = x3;
1056
    x3 = x3 & x0;
1057
    x3 = x3 ^ x4;
1058
    x4 = x4 & x0;
1059
    x1 = x1 ^ x3;
1060
    x3 = x3 ^ x0;
1061
    x0 = x0 ^ x2;
1062
    x2 = x2 | x1;
1063
    x2 = x2 ^ x3;
1064
    x4 = x4 ^ x0;
1065
    x3 = x3 ^ x4;
1066
    x4 = x4 & x2;
1067
    x4 = x4 ^ x1;
1068
    x1 = x1 ^ x3;
1069
    x3 = x3 & x2;
1070
    x1 = ~x1;
1071
    x3 = x3 ^ x1;
1072
    x1 = x1 & x2;
1073
    x0 = x0 ^ x4;
1074
    x1 = x1 ^ x0;
1075
    x3 = (x3 << 13) | (x3 >>> 19);
1076
    x1 ^= x3;
1077
    x0 = x3 << 3;
1078
    x4 = (x4 << 3) | (x4 >>> 29);
1079
    x1 ^= x4;
1080
    x2 ^= x4;
1081
    x1 = (x1 << 1) | (x1 >>> 31);
1082
    x2 ^= x0;
1083
    x2 = (x2 << 7) | (x2 >>> 25);
1084
    x0 = x1;
1085
    x3 ^= x1;
1086
    x0 <<= 7;
1087
    x3 ^= x2;
1088
    x4 ^= x2;
1089
    x4 ^= x0;
1090
    x3 = (x3 << 5) | (x3 >>> 27);
1091
    x4 = (x4 << 22) | (x4 >>> 10);
1092
  }
1093
 
1094
  /** The final S-box, with no transform. */
1095
  private void sbox7noLT()
1096
  {
1097
    x1 = x3;
1098
    x3 = x3 & x0;
1099
    x3 = x3 ^ x4;
1100
    x4 = x4 & x0;
1101
    x1 = x1 ^ x3;
1102
    x3 = x3 ^ x0;
1103
    x0 = x0 ^ x2;
1104
    x2 = x2 | x1;
1105
    x2 = x2 ^ x3;
1106
    x4 = x4 ^ x0;
1107
    x3 = x3 ^ x4;
1108
    x4 = x4 & x2;
1109
    x4 = x4 ^ x1;
1110
    x1 = x1 ^ x3;
1111
    x3 = x3 & x2;
1112
    x1 = ~x1;
1113
    x3 = x3 ^ x1;
1114
    x1 = x1 & x2;
1115
    x0 = x0 ^ x4;
1116
    x1 = x1 ^ x0;
1117
  }
1118
 
1119
  private void sboxI7noLT()
1120
  {
1121
    x4 = x2;
1122
    x2 ^= x0;
1123
    x0 &= x3;
1124
    x2 = ~x2;
1125
    x4 |= x3;
1126
    x3 ^= x1;
1127
    x1 |= x0;
1128
    x0 ^= x2;
1129
    x2 &= x4;
1130
    x1 ^= x2;
1131
    x2 ^= x0;
1132
    x0 |= x2;
1133
    x3 &= x4;
1134
    x0 ^= x3;
1135
    x4 ^= x1;
1136
    x3 ^= x4;
1137
    x4 |= x0;
1138
    x3 ^= x2;
1139
    x4 ^= x2;
1140
  }
1141
 
1142
  private void sboxI6()
1143
  {
1144
    x1 = (x1 >>> 22) | (x1 << 10);
1145
    x3 = (x3 >>> 5) | (x3 << 27);
1146
    x2 = x0;
1147
    x1 ^= x4;
1148
    x2 <<= 7;
1149
    x3 ^= x4;
1150
    x1 ^= x2;
1151
    x3 ^= x0;
1152
    x4 = (x4 >>> 7) | (x4 << 25);
1153
    x0 = (x0 >>> 1) | (x0 << 31);
1154
    x0 ^= x3;
1155
    x2 = x3 << 3;
1156
    x4 ^= x2;
1157
    x3 = (x3 >>> 13) | (x3 << 19);
1158
    x0 ^= x1;
1159
    x4 ^= x1;
1160
    x1 = (x1 >>> 3) | (x1 << 29);
1161
    x3 ^= x1;
1162
    x2 = x1;
1163
    x1 &= x3;
1164
    x2 ^= x4;
1165
    x1 = ~x1;
1166
    x4 ^= x0;
1167
    x1 ^= x4;
1168
    x2 |= x3;
1169
    x3 ^= x1;
1170
    x4 ^= x2;
1171
    x2 ^= x0;
1172
    x0 &= x4;
1173
    x0 ^= x3;
1174
    x3 ^= x4;
1175
    x3 |= x1;
1176
    x4 ^= x0;
1177
    x2 ^= x3;
1178
  }
1179
 
1180
  private void sboxI5()
1181
  {
1182
    x2 = (x2 >>> 22) | (x2 << 10);
1183
    x0 = (x0 >>> 5) | (x0 << 27);
1184
    x3 = x1;
1185
    x2 ^= x4;
1186
    x3 <<= 7;
1187
    x0 ^= x4;
1188
    x2 ^= x3;
1189
    x0 ^= x1;
1190
    x4 = (x4 >>> 7) | (x4 << 25);
1191
    x1 = (x1 >>> 1) | (x1 << 31);
1192
    x1 ^= x0;
1193
    x3 = x0 << 3;
1194
    x4 ^= x3;
1195
    x0 = (x0 >>> 13) | (x0 << 19);
1196
    x1 ^= x2;
1197
    x4 ^= x2;
1198
    x2 = (x2 >>> 3) | (x2 << 29);
1199
    x1 = ~x1;
1200
    x3 = x4;
1201
    x2 ^= x1;
1202
    x4 |= x0;
1203
    x4 ^= x2;
1204
    x2 |= x1;
1205
    x2 &= x0;
1206
    x3 ^= x4;
1207
    x2 ^= x3;
1208
    x3 |= x0;
1209
    x3 ^= x1;
1210
    x1 &= x2;
1211
    x1 ^= x4;
1212
    x3 ^= x2;
1213
    x4 &= x3;
1214
    x3 ^= x1;
1215
    x4 ^= x0;
1216
    x4 ^= x3;
1217
    x3 = ~x3;
1218
  }
1219
 
1220
  private void sboxI4()
1221
  {
1222
    x4 = (x4 >>> 22) | (x4 << 10);
1223
    x1 = (x1 >>> 5) | (x1 << 27);
1224
    x0 = x3;
1225
    x4 ^= x2;
1226
    x0 <<= 7;
1227
    x1 ^= x2;
1228
    x4 ^= x0;
1229
    x1 ^= x3;
1230
    x2 = (x2 >>> 7) | (x2 << 25);
1231
    x3 = (x3 >>> 1) | (x3 << 31);
1232
    x3 ^= x1;
1233
    x0 = x1 << 3;
1234
    x2 ^= x0;
1235
    x1 = (x1 >>> 13) | (x1 << 19);
1236
    x3 ^= x4;
1237
    x2 ^= x4;
1238
    x4 = (x4 >>> 3) | (x4 << 29);
1239
    x0 = x4;
1240
    x4 &= x2;
1241
    x4 ^= x3;
1242
    x3 |= x2;
1243
    x3 &= x1;
1244
    x0 ^= x4;
1245
    x0 ^= x3;
1246
    x3 &= x4;
1247
    x1 = ~x1;
1248
    x2 ^= x0;
1249
    x3 ^= x2;
1250
    x2 &= x1;
1251
    x2 ^= x4;
1252
    x1 ^= x3;
1253
    x4 &= x1;
1254
    x2 ^= x1;
1255
    x4 ^= x0;
1256
    x4 |= x2;
1257
    x2 ^= x1;
1258
    x4 ^= x3;
1259
  }
1260
 
1261
  private void sboxI3()
1262
  {
1263
    x4 = (x4 >>> 22) | (x4 << 10);
1264
    x1 = (x1 >>> 5) | (x1 << 27);
1265
    x3 = x2;
1266
    x4 ^= x0;
1267
    x3 <<= 7;
1268
    x1 ^= x0;
1269
    x4 ^= x3;
1270
    x1 ^= x2;
1271
    x0 = (x0 >>> 7) | (x0 << 25);
1272
    x2 = (x2 >>> 1) | (x2 << 31);
1273
    x2 ^= x1;
1274
    x3 = x1 << 3;
1275
    x0 ^= x3;
1276
    x1 = (x1 >>> 13) | (x1 << 19);
1277
    x2 ^= x4;
1278
    x0 ^= x4;
1279
    x4 = (x4 >>> 3) | (x4 << 29);
1280
    x3 = x4;
1281
    x4 ^= x2;
1282
    x2 &= x4;
1283
    x2 ^= x1;
1284
    x1 &= x3;
1285
    x3 ^= x0;
1286
    x0 |= x2;
1287
    x0 ^= x4;
1288
    x1 ^= x3;
1289
    x4 ^= x1;
1290
    x1 |= x0;
1291
    x1 ^= x2;
1292
    x3 ^= x4;
1293
    x4 &= x0;
1294
    x2 |= x0;
1295
    x2 ^= x4;
1296
    x3 ^= x1;
1297
    x4 ^= x3;
1298
  }
1299
 
1300
  private void sboxI2()
1301
  {
1302
    x4 = (x4 >>> 22) | (x4 << 10);
1303
    x0 = (x0 >>> 5) | (x0 << 27);
1304
    x3 = x1;
1305
    x4 ^= x2;
1306
    x3 <<= 7;
1307
    x0 ^= x2;
1308
    x4 ^= x3;
1309
    x0 ^= x1;
1310
    x2 = (x2 >>> 7) | (x2 << 25);
1311
    x1 = (x1 >>> 1) | (x1 << 31);
1312
    x1 ^= x0;
1313
    x3 = x0 << 3;
1314
    x2 ^= x3;
1315
    x0 = (x0 >>> 13) | (x0 << 19);
1316
    x1 ^= x4;
1317
    x2 ^= x4;
1318
    x4 = (x4 >>> 3) | (x4 << 29);
1319
    x4 ^= x2;
1320
    x2 ^= x0;
1321
    x3 = x2;
1322
    x2 &= x4;
1323
    x2 ^= x1;
1324
    x1 |= x4;
1325
    x1 ^= x3;
1326
    x3 &= x2;
1327
    x4 ^= x2;
1328
    x3 &= x0;
1329
    x3 ^= x4;
1330
    x4 &= x1;
1331
    x4 |= x0;
1332
    x2 = ~x2;
1333
    x4 ^= x2;
1334
    x0 ^= x2;
1335
    x0 &= x1;
1336
    x2 ^= x3;
1337
    x2 ^= x0;
1338
  }
1339
 
1340
  private void sboxI1()
1341
  {
1342
    x4 = (x4 >>> 22) | (x4 << 10);
1343
    x1 = (x1 >>> 5) | (x1 << 27);
1344
    x0 = x3;
1345
    x4 ^= x2;
1346
    x0 <<= 7;
1347
    x1 ^= x2;
1348
    x4 ^= x0;
1349
    x1 ^= x3;
1350
    x2 = (x2 >>> 7) | (x2 << 25);
1351
    x3 = (x3 >>> 1) | (x3 << 31);
1352
    x3 ^= x1;
1353
    x0 = x1 << 3;
1354
    x2 ^= x0;
1355
    x1 = (x1 >>> 13) | (x1 << 19);
1356
    x3 ^= x4;
1357
    x2 ^= x4;
1358
    x4 = (x4 >>> 3) | (x4 << 29);
1359
    x0 = x3;
1360
    x3 ^= x2;
1361
    x2 &= x3;
1362
    x0 ^= x4;
1363
    x2 ^= x1;
1364
    x1 |= x3;
1365
    x4 ^= x2;
1366
    x1 ^= x0;
1367
    x1 |= x4;
1368
    x3 ^= x2;
1369
    x1 ^= x3;
1370
    x3 |= x2;
1371
    x3 ^= x1;
1372
    x0 = ~x0;
1373
    x0 ^= x3;
1374
    x3 |= x1;
1375
    x3 ^= x1;
1376
    x3 |= x0;
1377
    x2 ^= x3;
1378
  }
1379
 
1380
  private void sboxI0()
1381
  {
1382
    x2 = (x2 >>> 22) | (x2 << 10);
1383
    x0 = (x0 >>> 5) | (x0 << 27);
1384
    x3 = x1;
1385
    x2 ^= x4;
1386
    x3 <<= 7;
1387
    x0 ^= x4;
1388
    x2 ^= x3;
1389
    x0 ^= x1;
1390
    x4 = (x4 >>> 7) | (x4 << 25);
1391
    x1 = (x1 >>> 1) | (x1 << 31);
1392
    x1 ^= x0;
1393
    x3 = x0 << 3;
1394
    x4 ^= x3;
1395
    x0 = (x0 >>> 13) | (x0 << 19);
1396
    x1 ^= x2;
1397
    x4 ^= x2;
1398
    x2 = (x2 >>> 3) | (x2 << 29);
1399
    x2 = ~x2;
1400
    x3 = x1;
1401
    x1 |= x0;
1402
    x3 = ~x3;
1403
    x1 ^= x2;
1404
    x2 |= x3;
1405
    x1 ^= x4;
1406
    x0 ^= x3;
1407
    x2 ^= x0;
1408
    x0 &= x4;
1409
    x3 ^= x0;
1410
    x0 |= x1;
1411
    x0 ^= x2;
1412
    x4 ^= x3;
1413
    x2 ^= x1;
1414
    x4 ^= x0;
1415
    x4 ^= x1;
1416
    x2 &= x4;
1417
    x3 ^= x2;
1418
  }
1419
 
1420
  private void sboxI7()
1421
  {
1422
    x1 = (x1 >>> 22) | (x1 << 10);
1423
    x0 = (x0 >>> 5) | (x0 << 27);
1424
    x2 = x3;
1425
    x1 ^= x4;
1426
    x2 <<= 7;
1427
    x0 ^= x4;
1428
    x1 ^= x2;
1429
    x0 ^= x3;
1430
    x4 = (x4 >>> 7) | (x4 << 25);
1431
    x3 = (x3 >>> 1) | (x3 << 31);
1432
    x3 ^= x0;
1433
    x2 = x0 << 3;
1434
    x4 ^= x2;
1435
    x0 = (x0 >>> 13) | (x0 << 19);
1436
    x3 ^= x1;
1437
    x4 ^= x1;
1438
    x1 = (x1 >>> 3) | (x1 << 29);
1439
    x2 = x1;
1440
    x1 ^= x0;
1441
    x0 &= x4;
1442
    x1 = ~x1;
1443
    x2 |= x4;
1444
    x4 ^= x3;
1445
    x3 |= x0;
1446
    x0 ^= x1;
1447
    x1 &= x2;
1448
    x3 ^= x1;
1449
    x1 ^= x0;
1450
    x0 |= x1;
1451
    x4 &= x2;
1452
    x0 ^= x4;
1453
    x2 ^= x3;
1454
    x4 ^= x2;
1455
    x2 |= x0;
1456
    x4 ^= x1;
1457
    x2 ^= x1;
1458
  }
1459
 
1460
  /** S-Box 0. */
1461
  private void sbox0(int r0, int r1, int r2, int r3)
1462
  {
1463
    int r4 = r1 ^ r2;
1464
    r3 ^= r0;
1465
    r1 = r1 & r3 ^ r0;
1466
    r0 = (r0 | r3) ^ r4;
1467
    r4 ^= r3;
1468
    r3 ^= r2;
1469
    r2 = (r2 | r1) ^ r4;
1470
    r4 = ~r4 | r1;
1471
    r1 ^= r3 ^ r4;
1472
    r3 |= r0;
1473
    x0 = r1 ^ r3;
1474
    x1 = r4 ^ r3;
1475
    x2 = r2;
1476
    x3 = r0;
1477
  }
1478
 
1479
  /** S-Box 1. */
1480
  private void sbox1(int r0, int r1, int r2, int r3)
1481
  {
1482
    r0 = ~r0;
1483
    int r4 = r0;
1484
    r2 = ~r2;
1485
    r0 &= r1;
1486
    r2 ^= r0;
1487
    r0 |= r3;
1488
    r3 ^= r2;
1489
    r1 ^= r0;
1490
    r0 ^= r4;
1491
    r4 |= r1;
1492
    r1 ^= r3;
1493
    r2 = (r2 | r0) & r4;
1494
    r0 ^= r1;
1495
    x0 = r2;
1496
    x1 = r0 & r2 ^ r4;
1497
    x2 = r3;
1498
    x3 = r1 & r2 ^ r0;
1499
  }
1500
 
1501
  /** S-Box 2. */
1502
  private void sbox2(int r0, int r1, int r2, int r3)
1503
  {
1504
    int r4 = r0;
1505
    r0 = r0 & r2 ^ r3;
1506
    r2 = r2 ^ r1 ^ r0;
1507
    r3 = (r3 | r4) ^ r1;
1508
    r4 ^= r2;
1509
    r1 = r3;
1510
    r3 = (r3 | r4) ^ r0;
1511
    r0 &= r1;
1512
    r4 ^= r0;
1513
    x0 = r2;
1514
    x1 = r3;
1515
    x2 = r1 ^ r3 ^ r4;
1516
    x3 = ~r4;
1517
  }
1518
 
1519
  /** S-Box 3. */
1520
  private void sbox3(int r0, int r1, int r2, int r3)
1521
  {
1522
    int r4 = r0;
1523
    r0 |= r3;
1524
    r3 ^= r1;
1525
    r1 &= r4;
1526
    r4 = r4 ^ r2 | r1;
1527
    r2 ^= r3;
1528
    r3 = r3 & r0 ^ r4;
1529
    r0 ^= r1;
1530
    r4 = r4 & r0 ^ r2;
1531
    r1 = (r1 ^ r3 | r0) ^ r2;
1532
    r0 ^= r3;
1533
    x0 = (r1 | r3) ^ r0;
1534
    x1 = r1;
1535
    x2 = r3;
1536
    x3 = r4;
1537
  }
1538
 
1539
  /** S-Box 4. */
1540
  private void sbox4(int r0, int r1, int r2, int r3)
1541
  {
1542
    r1 ^= r3;
1543
    int r4 = r1;
1544
    r3 = ~r3;
1545
    r2 ^= r3;
1546
    r3 ^= r0;
1547
    r1 = r1 & r3 ^ r2;
1548
    r4 ^= r3;
1549
    r0 ^= r4;
1550
    r2 = r2 & r4 ^ r0;
1551
    r0 &= r1;
1552
    r3 ^= r0;
1553
    r4 = (r4 | r1) ^ r0;
1554
    x0 = r1;
1555
    x1 = r4 ^ (r2 & r3);
1556
    x2 = ~((r0 | r3) ^ r2);
1557
    x3 = r3;
1558
  }
1559
 
1560
  /** S-Box 5. */
1561
  private void sbox5(int r0, int r1, int r2, int r3)
1562
  {
1563
    r0 ^= r1;
1564
    r1 ^= r3;
1565
    int r4 = r1;
1566
    r3 = ~r3;
1567
    r1 &= r0;
1568
    r2 ^= r3;
1569
    r1 ^= r2;
1570
    r2 |= r4;
1571
    r4 ^= r3;
1572
    r3 = r3 & r1 ^ r0;
1573
    r4 = r4 ^ r1 ^ r2;
1574
    x0 = r1;
1575
    x1 = r3;
1576
    x2 = r0 & r3 ^ r4;
1577
    x3 = ~(r2 ^ r0) ^ (r4 | r3);
1578
  }
1579
 
1580
  /** S-Box 6. */
1581
  private void sbox6(int r0, int r1, int r2, int r3)
1582
  {
1583
    int r4 = r3;
1584
    r2 = ~r2;
1585
    r3 = r3 & r0 ^ r2;
1586
    r0 ^= r4;
1587
    r2 = (r2 | r4) ^ r0;
1588
    r1 ^= r3;
1589
    r0 |= r1;
1590
    r2 ^= r1;
1591
    r4 ^= r0;
1592
    r0 = (r0 | r3) ^ r2;
1593
    r4 = r4 ^ r3 ^ r0;
1594
    x0 = r0;
1595
    x1 = r1;
1596
    x2 = r4;
1597
    x3 = r2 & r4 ^ ~r3;
1598
  }
1599
 
1600
  /** S-Box 7. */
1601
  private void sbox7(int r0, int r1, int r2, int r3)
1602
  {
1603
    int r4 = r1;
1604
    r1 = (r1 | r2) ^ r3;
1605
    r4 ^= r2;
1606
    r2 ^= r1;
1607
    r3 = (r3 | r4) & r0;
1608
    r4 ^= r2;
1609
    r3 ^= r1;
1610
    r1 = (r1 | r4) ^ r0;
1611
    r0 = (r0 | r4) ^ r2;
1612
    r1 ^= r4;
1613
    r2 ^= r1;
1614
    x0 = r4 ^ (~r2 | r0);
1615
    x1 = r3;
1616
    x2 = r1 & r0 ^ r4;
1617
    x3 = r0;
1618
  }
1619
 
1620
  private class Key
1621
      implements Cloneable
1622
  {
1623
    int k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, k10, k11, k12, k13, k14, k15,
1624
        k16, k17, k18, k19, k20, k21, k22, k23, k24, k25, k26, k27, k28, k29,
1625
        k30, k31, k32, k33, k34, k35, k36, k37, k38, k39, k40, k41, k42, k43,
1626
        k44, k45, k46, k47, k48, k49, k50, k51, k52, k53, k54, k55, k56, k57,
1627
        k58, k59, k60, k61, k62, k63, k64, k65, k66, k67, k68, k69, k70, k71,
1628
        k72, k73, k74, k75, k76, k77, k78, k79, k80, k81, k82, k83, k84, k85,
1629
        k86, k87, k88, k89, k90, k91, k92, k93, k94, k95, k96, k97, k98, k99,
1630
        k100, k101, k102, k103, k104, k105, k106, k107, k108, k109, k110, k111,
1631
        k112, k113, k114, k115, k116, k117, k118, k119, k120, k121, k122, k123,
1632
        k124, k125, k126, k127, k128, k129, k130, k131;
1633
 
1634
    /** Trivial 0-arguments constructor. */
1635
    Key()
1636
    {
1637
    }
1638
 
1639
    /** Cloning constructor. */
1640
    private Key(Key that)
1641
    {
1642
      this.k0 = that.k0;
1643
      this.k1 = that.k1;
1644
      this.k2 = that.k2;
1645
      this.k3 = that.k3;
1646
      this.k4 = that.k4;
1647
      this.k5 = that.k5;
1648
      this.k6 = that.k6;
1649
      this.k7 = that.k7;
1650
      this.k8 = that.k8;
1651
      this.k9 = that.k9;
1652
      this.k10 = that.k10;
1653
      this.k11 = that.k11;
1654
      this.k12 = that.k12;
1655
      this.k13 = that.k13;
1656
      this.k14 = that.k14;
1657
      this.k15 = that.k15;
1658
      this.k16 = that.k16;
1659
      this.k17 = that.k17;
1660
      this.k18 = that.k18;
1661
      this.k19 = that.k19;
1662
      this.k20 = that.k20;
1663
      this.k21 = that.k21;
1664
      this.k22 = that.k22;
1665
      this.k23 = that.k23;
1666
      this.k24 = that.k24;
1667
      this.k25 = that.k25;
1668
      this.k26 = that.k26;
1669
      this.k27 = that.k27;
1670
      this.k28 = that.k28;
1671
      this.k29 = that.k29;
1672
      this.k30 = that.k30;
1673
      this.k31 = that.k31;
1674
      this.k32 = that.k32;
1675
      this.k33 = that.k33;
1676
      this.k34 = that.k34;
1677
      this.k35 = that.k35;
1678
      this.k36 = that.k36;
1679
      this.k37 = that.k37;
1680
      this.k38 = that.k38;
1681
      this.k39 = that.k39;
1682
      this.k40 = that.k40;
1683
      this.k41 = that.k41;
1684
      this.k42 = that.k42;
1685
      this.k43 = that.k43;
1686
      this.k44 = that.k44;
1687
      this.k45 = that.k45;
1688
      this.k46 = that.k46;
1689
      this.k47 = that.k47;
1690
      this.k48 = that.k48;
1691
      this.k49 = that.k49;
1692
      this.k50 = that.k50;
1693
      this.k51 = that.k51;
1694
      this.k52 = that.k52;
1695
      this.k53 = that.k53;
1696
      this.k54 = that.k54;
1697
      this.k55 = that.k55;
1698
      this.k56 = that.k56;
1699
      this.k57 = that.k57;
1700
      this.k58 = that.k58;
1701
      this.k59 = that.k59;
1702
      this.k60 = that.k60;
1703
      this.k61 = that.k61;
1704
      this.k62 = that.k62;
1705
      this.k63 = that.k63;
1706
      this.k64 = that.k64;
1707
      this.k65 = that.k65;
1708
      this.k66 = that.k66;
1709
      this.k67 = that.k67;
1710
      this.k68 = that.k68;
1711
      this.k69 = that.k69;
1712
      this.k70 = that.k70;
1713
      this.k71 = that.k71;
1714
      this.k72 = that.k72;
1715
      this.k73 = that.k73;
1716
      this.k74 = that.k74;
1717
      this.k75 = that.k75;
1718
      this.k76 = that.k76;
1719
      this.k77 = that.k77;
1720
      this.k78 = that.k78;
1721
      this.k79 = that.k79;
1722
      this.k80 = that.k80;
1723
      this.k81 = that.k81;
1724
      this.k82 = that.k82;
1725
      this.k83 = that.k83;
1726
      this.k84 = that.k84;
1727
      this.k85 = that.k85;
1728
      this.k86 = that.k86;
1729
      this.k87 = that.k87;
1730
      this.k88 = that.k88;
1731
      this.k89 = that.k89;
1732
      this.k90 = that.k90;
1733
      this.k91 = that.k91;
1734
      this.k92 = that.k92;
1735
      this.k93 = that.k93;
1736
      this.k94 = that.k94;
1737
      this.k95 = that.k95;
1738
      this.k96 = that.k96;
1739
      this.k97 = that.k97;
1740
      this.k98 = that.k98;
1741
      this.k99 = that.k99;
1742
      this.k100 = that.k100;
1743
      this.k101 = that.k101;
1744
      this.k102 = that.k102;
1745
      this.k103 = that.k103;
1746
      this.k104 = that.k104;
1747
      this.k105 = that.k105;
1748
      this.k106 = that.k106;
1749
      this.k107 = that.k107;
1750
      this.k108 = that.k108;
1751
      this.k109 = that.k109;
1752
      this.k110 = that.k110;
1753
      this.k111 = that.k111;
1754
      this.k112 = that.k112;
1755
      this.k113 = that.k113;
1756
      this.k114 = that.k114;
1757
      this.k115 = that.k115;
1758
      this.k116 = that.k116;
1759
      this.k117 = that.k117;
1760
      this.k118 = that.k118;
1761
      this.k119 = that.k119;
1762
      this.k120 = that.k120;
1763
      this.k121 = that.k121;
1764
      this.k122 = that.k122;
1765
      this.k123 = that.k123;
1766
      this.k124 = that.k124;
1767
      this.k125 = that.k125;
1768
      this.k126 = that.k126;
1769
      this.k127 = that.k127;
1770
      this.k128 = that.k128;
1771
      this.k129 = that.k129;
1772
      this.k130 = that.k130;
1773
      this.k131 = that.k131;
1774
    }
1775
 
1776
    public Object clone()
1777
    {
1778
      return new Key(this);
1779
    }
1780
  }
1781
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.