Botan 3.0.0
Crypto and TLS for C&
serpent_sbox.h
Go to the documentation of this file.
1/*
2* (C) 1999-2007,2013 Jack Lloyd
3*
4* The sbox expressions used here were discovered by Dag Arne Osvik and
5* are described in his paper "Speeding Up Serpent".
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#ifndef BOTAN_SERPENT_FUNCS_H_
11#define BOTAN_SERPENT_FUNCS_H_
12
13#include <botan/build.h>
14
15namespace Botan::Serpent_F {
16
17template<typename T>
18BOTAN_FORCE_INLINE void SBoxE0(T& a, T& b, T& c, T& d)
19 {
20 d ^= a;
21 T t0 = b;
22 b &= d;
23 t0 ^= c;
24 b ^= a;
25 a |= d;
26 a ^= t0;
27 t0 ^= d;
28 d ^= c;
29 c |= b;
30 c ^= t0;
31 t0 = ~t0;
32 t0 |= b;
33 b ^= d;
34 b ^= t0;
35 d |= a;
36 b ^= d;
37 t0 ^= d;
38 d = a;
39 a = b;
40 b = t0;
41 }
42
43template<typename T>
44BOTAN_FORCE_INLINE void SBoxE1(T& a, T& b, T& c, T& d)
45 {
46 a = ~a;
47 c = ~c;
48 T t0 = a;
49 a &= b;
50 c ^= a;
51 a |= d;
52 d ^= c;
53 b ^= a;
54 a ^= t0;
55 t0 |= b;
56 b ^= d;
57 c |= a;
58 c &= t0;
59 a ^= b;
60 b &= c;
61 b ^= a;
62 a &= c;
63 t0 ^= a;
64 a = c;
65 c = d;
66 d = b;
67 b = t0;
68 }
69
70template<typename T>
71BOTAN_FORCE_INLINE void SBoxE2(T& a, T& b, T& c, T& d)
72 {
73 T t0 = a;
74 a &= c;
75 a ^= d;
76 c ^= b;
77 c ^= a;
78 d |= t0;
79 d ^= b;
80 t0 ^= c;
81 b = d;
82 d |= t0;
83 d ^= a;
84 a &= b;
85 t0 ^= a;
86 b ^= d;
87 b ^= t0;
88 a = c;
89 c = b;
90 b = d;
91 d = ~t0;
92 }
93
94template<typename T>
95BOTAN_FORCE_INLINE void SBoxE3(T& a, T& b, T& c, T& d)
96 {
97 T t0 = a;
98 a |= d;
99 d ^= b;
100 b &= t0;
101 t0 ^= c;
102 c ^= d;
103 d &= a;
104 t0 |= b;
105 d ^= t0;
106 a ^= b;
107 t0 &= a;
108 b ^= d;
109 t0 ^= c;
110 b |= a;
111 b ^= c;
112 a ^= d;
113 c = b;
114 b |= d;
115 a ^= b;
116 b = c;
117 c = d;
118 d = t0;
119 }
120
121template<typename T>
122BOTAN_FORCE_INLINE void SBoxE4(T& a, T& b, T& c, T& d)
123 {
124 b ^= d;
125 d = ~d;
126 c ^= d;
127 d ^= a;
128 T t0 = b;
129 b &= d;
130 b ^= c;
131 t0 ^= d;
132 a ^= t0;
133 c &= t0;
134 c ^= a;
135 a &= b;
136 d ^= a;
137 t0 |= b;
138 t0 ^= a;
139 a |= d;
140 a ^= c;
141 c &= d;
142 a = ~a;
143 t0 ^= c;
144 c = a;
145 a = b;
146 b = t0;
147 }
148
149template<typename T>
150BOTAN_FORCE_INLINE void SBoxE5(T& a, T& b, T& c, T& d)
151 {
152 a ^= b;
153 b ^= d;
154 d = ~d;
155 T t0 = b;
156 b &= a;
157 c ^= d;
158 b ^= c;
159 c |= t0;
160 t0 ^= d;
161 d &= b;
162 d ^= a;
163 t0 ^= b;
164 t0 ^= c;
165 c ^= a;
166 a &= d;
167 c = ~c;
168 a ^= t0;
169 t0 |= d;
170 t0 ^= c;
171 c = a;
172 a = b;
173 b = d;
174 d = t0;
175 }
176
177template<typename T>
178BOTAN_FORCE_INLINE void SBoxE6(T& a, T& b, T& c, T& d)
179 {
180 c = ~c;
181 T t0 = d;
182 d &= a;
183 a ^= t0;
184 d ^= c;
185 c |= t0;
186 b ^= d;
187 c ^= a;
188 a |= b;
189 c ^= b;
190 t0 ^= a;
191 a |= d;
192 a ^= c;
193 t0 ^= d;
194 t0 ^= a;
195 d = ~d;
196 c &= t0;
197 d ^= c;
198 c = t0;
199 }
200
201template<typename T>
202BOTAN_FORCE_INLINE void SBoxE7(T& a, T& b, T& c, T& d)
203 {
204 T t0 = b;
205 b |= c;
206 b ^= d;
207 t0 ^= c;
208 c ^= b;
209 d |= t0;
210 d &= a;
211 t0 ^= c;
212 d ^= b;
213 b |= t0;
214 b ^= a;
215 a |= t0;
216 a ^= c;
217 b ^= t0;
218 c ^= b;
219 b &= a;
220 b ^= t0;
221 c = ~c;
222 c |= a;
223 t0 ^= c;
224 c = b;
225 b = d;
226 d = a;
227 a = t0;
228 }
229
230template<typename T>
231BOTAN_FORCE_INLINE void SBoxD0(T& a, T& b, T& c, T& d)
232 {
233 c = ~c;
234 T t0 = b;
235 b |= a;
236 t0 = ~t0;
237 b ^= c;
238 c |= t0;
239 b ^= d;
240 a ^= t0;
241 c ^= a;
242 a &= d;
243 t0 ^= a;
244 a |= b;
245 a ^= c;
246 d ^= t0;
247 c ^= b;
248 d ^= a;
249 d ^= b;
250 c &= d;
251 t0 ^= c;
252 c = b;
253 b = t0;
254 }
255
256template<typename T>
257BOTAN_FORCE_INLINE void SBoxD1(T& a, T& b, T& c, T& d)
258 {
259 T t0 = b;
260 b ^= d;
261 d &= b;
262 t0 ^= c;
263 d ^= a;
264 a |= b;
265 c ^= d;
266 a ^= t0;
267 a |= c;
268 b ^= d;
269 a ^= b;
270 b |= d;
271 b ^= a;
272 t0 = ~t0;
273 t0 ^= b;
274 b |= a;
275 b ^= a;
276 b |= t0;
277 d ^= b;
278 b = a;
279 a = t0;
280 t0 = c;
281 c = d;
282 d = t0;
283 }
284
285template<typename T>
286BOTAN_FORCE_INLINE void SBoxD2(T& a, T& b, T& c, T& d)
287 {
288 c ^= d;
289 d ^= a;
290 T t0 = d;
291 d &= c;
292 d ^= b;
293 b |= c;
294 b ^= t0;
295 t0 &= d;
296 c ^= d;
297 t0 &= a;
298 t0 ^= c;
299 c &= b;
300 c |= a;
301 d = ~d;
302 c ^= d;
303 a ^= d;
304 a &= b;
305 d ^= t0;
306 d ^= a;
307 a = b;
308 b = t0;
309 }
310
311template<typename T>
312BOTAN_FORCE_INLINE void SBoxD3(T& a, T& b, T& c, T& d)
313 {
314 T t0 = c;
315 c ^= b;
316 a ^= c;
317 t0 &= c;
318 t0 ^= a;
319 a &= b;
320 b ^= d;
321 d |= t0;
322 c ^= d;
323 a ^= d;
324 b ^= t0;
325 d &= c;
326 d ^= b;
327 b ^= a;
328 b |= c;
329 a ^= d;
330 b ^= t0;
331 a ^= b;
332 t0 = a;
333 a = c;
334 c = d;
335 d = t0;
336 }
337
338template<typename T>
339BOTAN_FORCE_INLINE void SBoxD4(T& a, T& b, T& c, T& d)
340 {
341 T t0 = c;
342 c &= d;
343 c ^= b;
344 b |= d;
345 b &= a;
346 t0 ^= c;
347 t0 ^= b;
348 b &= c;
349 a = ~a;
350 d ^= t0;
351 b ^= d;
352 d &= a;
353 d ^= c;
354 a ^= b;
355 c &= a;
356 d ^= a;
357 c ^= t0;
358 c |= d;
359 d ^= a;
360 c ^= b;
361 b = d;
362 d = t0;
363 }
364
365template<typename T>
366BOTAN_FORCE_INLINE void SBoxD5(T& a, T& b, T& c, T& d)
367 {
368 b = ~b;
369 T t0 = d;
370 c ^= b;
371 d |= a;
372 d ^= c;
373 c |= b;
374 c &= a;
375 t0 ^= d;
376 c ^= t0;
377 t0 |= a;
378 t0 ^= b;
379 b &= c;
380 b ^= d;
381 t0 ^= c;
382 d &= t0;
383 t0 ^= b;
384 d ^= t0;
385 t0 = ~t0;
386 d ^= a;
387 a = b;
388 b = t0;
389 t0 = d;
390 d = c;
391 c = t0;
392 }
393
394template<typename T>
395BOTAN_FORCE_INLINE void SBoxD6(T& a, T& b, T& c, T& d)
396 {
397 a ^= c;
398 T t0 = c;
399 c &= a;
400 t0 ^= d;
401 c = ~c;
402 d ^= b;
403 c ^= d;
404 t0 |= a;
405 a ^= c;
406 d ^= t0;
407 t0 ^= b;
408 b &= d;
409 b ^= a;
410 a ^= d;
411 a |= c;
412 d ^= b;
413 t0 ^= a;
414 a = b;
415 b = c;
416 c = t0;
417 }
418
419template<typename T>
420BOTAN_FORCE_INLINE void SBoxD7(T& a, T& b, T& c, T& d)
421 {
422 T t0 = c;
423 c ^= a;
424 a &= d;
425 t0 |= d;
426 c = ~c;
427 d ^= b;
428 b |= a;
429 a ^= c;
430 c &= t0;
431 d &= t0;
432 b ^= c;
433 c ^= a;
434 a |= c;
435 t0 ^= b;
436 a ^= d;
437 d ^= t0;
438 t0 |= a;
439 d ^= c;
440 t0 ^= c;
441 c = b;
442 b = a;
443 a = d;
444 d = t0;
445 }
446
447template<size_t S>
448BOTAN_FORCE_INLINE uint32_t shl(uint32_t v)
449 {
450 return v << S;
451 }
452
453/*
454* Serpent's Linear Transform
455*/
456template<typename T>
457BOTAN_FORCE_INLINE void transform(T& B0, T& B1, T& B2, T& B3)
458 {
459 B0 = rotl<13>(B0);
460 B2 = rotl<3>(B2);
461 B1 ^= B0 ^ B2;
462 B3 ^= B2 ^ shl<3>(B0);
463 B1 = rotl<1>(B1);
464 B3 = rotl<7>(B3);
465 B0 ^= B1 ^ B3;
466 B2 ^= B3 ^ shl<7>(B1);
467 B0 = rotl<5>(B0);
468 B2 = rotl<22>(B2);
469 }
470
471/*
472* Serpent's Inverse Linear Transform
473*/
474template<typename T>
475BOTAN_FORCE_INLINE void i_transform(T& B0, T& B1, T& B2, T& B3)
476 {
477 B2 = rotr<22>(B2);
478 B0 = rotr<5>(B0);
479 B2 ^= B3 ^ shl<7>(B1);
480 B0 ^= B1 ^ B3;
481 B3 = rotr<7>(B3);
482 B1 = rotr<1>(B1);
483 B3 ^= B2 ^ shl<3>(B0);
484 B1 ^= B0 ^ B2;
485 B2 = rotr<3>(B2);
486 B0 = rotr<13>(B0);
487 }
488
489class Key_Inserter final
490 {
491 public:
492 Key_Inserter(const uint32_t* RK) : m_RK(RK) {}
493
494 template<typename T>
495 inline void operator()(size_t R, T& B0, T& B1, T& B2, T& B3) const
496 {
497 B0 ^= m_RK[4*R ];
498 B1 ^= m_RK[4*R+1];
499 B2 ^= m_RK[4*R+2];
500 B3 ^= m_RK[4*R+3];
501 }
502
503 private:
504 const uint32_t* m_RK;
505 };
506
507}
508
509#endif
Botan::Serpent_F::Key_Inserter
Definition: serpent_sbox.h:490
Botan::Serpent_F::Key_Inserter::Key_Inserter
Key_Inserter(const uint32_t *RK)
Definition: serpent_sbox.h:492
Botan::Serpent_F::Key_Inserter::operator()
void operator()(size_t R, T &B0, T &B1, T &B2, T &B3) const
Definition: serpent_sbox.h:495
final
int(* final)(unsigned char *, CTX *)
Definition: commoncrypto_hash.cpp:29
BOTAN_FORCE_INLINE
#define BOTAN_FORCE_INLINE
Definition: compiler.h:167
T
FE_25519 T
Definition: ge.cpp:36
Botan::Serpent_F
Definition: serpent_sbox.h:15
Botan::Serpent_F::transform
BOTAN_FORCE_INLINE void transform(T &B0, T &B1, T &B2, T &B3)
Definition: serpent_sbox.h:457
Botan::Serpent_F::SBoxD5
BOTAN_FORCE_INLINE void SBoxD5(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:366
Botan::Serpent_F::SBoxD4
BOTAN_FORCE_INLINE void SBoxD4(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:339
Botan::Serpent_F::SBoxE0
BOTAN_FORCE_INLINE void SBoxE0(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:18
Botan::Serpent_F::shl
BOTAN_FORCE_INLINE uint32_t shl(uint32_t v)
Definition: serpent_sbox.h:448
Botan::Serpent_F::SBoxE1
BOTAN_FORCE_INLINE void SBoxE1(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:44
Botan::Serpent_F::SBoxE3
BOTAN_FORCE_INLINE void SBoxE3(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:95
Botan::Serpent_F::SBoxD0
BOTAN_FORCE_INLINE void SBoxD0(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:231
Botan::Serpent_F::SBoxE5
BOTAN_FORCE_INLINE void SBoxE5(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:150
Botan::Serpent_F::SBoxD6
BOTAN_FORCE_INLINE void SBoxD6(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:395
Botan::Serpent_F::SBoxD3
BOTAN_FORCE_INLINE void SBoxD3(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:312
Botan::Serpent_F::i_transform
BOTAN_FORCE_INLINE void i_transform(T &B0, T &B1, T &B2, T &B3)
Definition: serpent_sbox.h:475
Botan::Serpent_F::SBoxD2
BOTAN_FORCE_INLINE void SBoxD2(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:286
Botan::Serpent_F::SBoxE6
BOTAN_FORCE_INLINE void SBoxE6(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:178
Botan::Serpent_F::SBoxE2
BOTAN_FORCE_INLINE void SBoxE2(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:71
Botan::Serpent_F::SBoxE4
BOTAN_FORCE_INLINE void SBoxE4(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:122
Botan::Serpent_F::SBoxD1
BOTAN_FORCE_INLINE void SBoxD1(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:257
Botan::Serpent_F::SBoxE7
BOTAN_FORCE_INLINE void SBoxE7(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:202
Botan::Serpent_F::SBoxD7
BOTAN_FORCE_INLINE void SBoxD7(T &a, T &b, T &c, T &d)
Definition: serpent_sbox.h:420
Generated by doxygen 1.9.6