summaryrefslogtreecommitdiffabout
path: root/pwmanager/libcrypt
Unidiff
Diffstat (limited to 'pwmanager/libcrypt') (more/less context) (ignore whitespace changes)
-rw-r--r--pwmanager/libcrypt/cipher/serpent.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/pwmanager/libcrypt/cipher/serpent.c b/pwmanager/libcrypt/cipher/serpent.c
index d606d9f..fb5df20 100644
--- a/pwmanager/libcrypt/cipher/serpent.c
+++ b/pwmanager/libcrypt/cipher/serpent.c
@@ -1,979 +1,979 @@
1/* serpent.c - Implementation of the Serpent encryption algorithm. 1/* serpent.c - Implementation of the Serpent encryption algorithm.
2 *Copyright (C) 2003 Free Software Foundation, Inc. 2 *Copyright (C) 2003 Free Software Foundation, Inc.
3 * 3 *
4 * This file is part of Libgcrypt. 4 * This file is part of Libgcrypt.
5 * 5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify 6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as 7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of 8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version. 9 * the License, or (at your option) any later version.
10 * 10 *
11 * Libgcrypt is distributed in the hope that it will be useful, 11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details. 14 * GNU Lesser General Public License for more details.
15 * 15 *
16 * You should have received a copy of the GNU Lesser General Public 16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software 17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
19 * 02111-1307, USA. 19 * 02111-1307, USA.
20 */ 20 */
21 21
22#include <config.h> 22#include <config.h>
23 23
24#include <string.h> 24#include <string.h>
25#include <stdio.h> 25#include <stdio.h>
26 26
27#include "types.h" 27#include "types.h"
28#include "g10lib.h" 28#include "g10lib.h"
29#include "cipher.h" 29#include "cipher.h"
30#include "bithelp.h" 30#include "bithelp.h"
31 31
32/* Number of rounds per Serpent encrypt/decrypt operation. */ 32/* Number of rounds per Serpent encrypt/decrypt operation. */
33#define ROUNDS 32 33#define ROUNDS 32
34 34
35/* Magic number, used during generating of the subkeys. */ 35/* Magic number, used during generating of the subkeys. */
36#define PHI 0x9E3779B9 36#define PHI 0x9E3779B9
37 37
38/* Internal types. */ 38/* Internal types. */
39typedef byte byte_t; 39typedef byte byte_t;
40typedef u32 u32_t; 40typedef u32 u32_t;
41 41
42/* Serpent works on 128 bit blocks. */ 42/* Serpent works on 128 bit blocks. */
43typedef u32_t serpent_block_t[4]; 43typedef u32_t serpent_block_t[4];
44 44
45/* Serpent key, provided by the user. If the original key is shorter 45/* Serpent key, provided by the user. If the original key is shorter
46 than 256 bits, it is padded. */ 46 than 256 bits, it is padded. */
47typedef u32_t serpent_key_t[8]; 47typedef u32_t serpent_key_t[8];
48 48
49/* The key schedule consists of 33 128 bit subkeys. */ 49/* The key schedule consists of 33 128 bit subkeys. */
50typedef u32_t serpent_subkeys_t[ROUNDS + 1][4]; 50typedef u32_t serpent_subkeys_t[ROUNDS + 1][4];
51 51
52/* A Serpent context. */ 52/* A Serpent context. */
53typedef struct serpent_context 53typedef struct serpent_context
54{ 54{
55 serpent_subkeys_t keys;/* Generated subkeys. */ 55 serpent_subkeys_t keys;/* Generated subkeys. */
56} serpent_context_t; 56} serpent_context_t;
57 57
58#define byte_swap_32(x) \ 58#define byte_swap_32(x) \
59 (0 \ 59 (0 \
60 | (((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) \ 60 | (((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) \
61 | (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24)); 61 | (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24));
62 62
63/* These are the S-Boxes of Serpent. They are copied from Serpents 63/* These are the S-Boxes of Serpent. They are copied from Serpents
64 reference implementation (the optimized one, contained in 64 reference implementation (the optimized one, contained in
65 `floppy2') and are therefore: 65 `floppy2') and are therefore:
66 66
67 Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen. 67 Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
68 68
69 To quote the Serpent homepage 69 To quote the Serpent homepage
70 (http://www.cl.cam.ac.uk/~rja14/serpent.html): 70 (http://www.cl.cam.ac.uk/~rja14/serpent.html):
71 71
72 "Serpent is now completely in the public domain, and we impose no 72 "Serpent is now completely in the public domain, and we impose no
73 restrictions on its use. This was announced on the 21st August at 73 restrictions on its use. This was announced on the 21st August at
74 the First AES Candidate Conference. The optimised implementations 74 the First AES Candidate Conference. The optimised implementations
75 in the submission package are now under the GNU PUBLIC LICENSE 75 in the submission package are now under the GNU PUBLIC LICENSE
76 (GPL), although some comments in the code still say otherwise. You 76 (GPL), although some comments in the code still say otherwise. You
77 are welcome to use Serpent for any application." */ 77 are welcome to use Serpent for any application." */
78 78
79#define SBOX0(a, b, c, d, w, x, y, z) \ 79#define SBOX0(a, b, c, d, w, x, y, z) \
80 { \ 80 { \
81 register unsigned long t02, t03, t05, t06, t07, t08, t09; \ 81 register unsigned long t02, t03, t05, t06, t07, t08, t09; \
82 register unsigned long t11, t12, t13, t14, t15, t17, t01; \ 82 register unsigned long t11, t12, t13, t14, t15, t17, t01; \
83 t01 = b ^ c ; \ 83 t01 = b ^ c ; \
84 t02 = a | d ; \ 84 t02 = a | d ; \
85 t03 = a ^ b ; \ 85 t03 = a ^ b ; \
86 z = t02 ^ t01; \ 86 z = t02 ^ t01; \
87 t05 = c | z ; \ 87 t05 = c | z ; \
88 t06 = a ^ d ; \ 88 t06 = a ^ d ; \
89 t07 = b | c ; \ 89 t07 = b | c ; \
90 t08 = d & t05; \ 90 t08 = d & t05; \
91 t09 = t03 & t07; \ 91 t09 = t03 & t07; \
92 y = t09 ^ t08; \ 92 y = t09 ^ t08; \
93 t11 = t09 & y ; \ 93 t11 = t09 & y ; \
94 t12 = c ^ d ; \ 94 t12 = c ^ d ; \
95 t13 = t07 ^ t11; \ 95 t13 = t07 ^ t11; \
96 t14 = b & t06; \ 96 t14 = b & t06; \
97 t15 = t06 ^ t13; \ 97 t15 = t06 ^ t13; \
98 w = ~ t15; \ 98 w = ~ t15; \
99 t17 = w ^ t14; \ 99 t17 = w ^ t14; \
100 x = t12 ^ t17; \ 100 x = t12 ^ t17; \
101 } 101 }
102 102
103#define SBOX0_INVERSE(a, b, c, d, w, x, y, z) \ 103#define SBOX0_INVERSE(a, b, c, d, w, x, y, z) \
104 { \ 104 { \
105 register unsigned long t02, t03, t04, t05, t06, t08, t09, t10; \ 105 register unsigned long t02, t03, t04, t05, t06, t08, t09, t10; \
106 register unsigned long t12, t13, t14, t15, t17, t18, t01; \ 106 register unsigned long t12, t13, t14, t15, t17, t18, t01; \
107 t01 = c ^ d ; \ 107 t01 = c ^ d ; \
108 t02 = a | b ; \ 108 t02 = a | b ; \
109 t03 = b | c ; \ 109 t03 = b | c ; \
110 t04 = c & t01; \ 110 t04 = c & t01; \
111 t05 = t02 ^ t01; \ 111 t05 = t02 ^ t01; \
112 t06 = a | t04; \ 112 t06 = a | t04; \
113 y = ~ t05; \ 113 y = ~ t05; \
114 t08 = b ^ d ; \ 114 t08 = b ^ d ; \
115 t09 = t03 & t08; \ 115 t09 = t03 & t08; \
116 t10 = d | y ; \ 116 t10 = d | y ; \
117 x = t09 ^ t06; \ 117 x = t09 ^ t06; \
118 t12 = a | t05; \ 118 t12 = a | t05; \
119 t13 = x ^ t12; \ 119 t13 = x ^ t12; \
120 t14 = t03 ^ t10; \ 120 t14 = t03 ^ t10; \
121 t15 = a ^ c ; \ 121 t15 = a ^ c ; \
122 z = t14 ^ t13; \ 122 z = t14 ^ t13; \
123 t17 = t05 & t13; \ 123 t17 = t05 & t13; \
124 t18 = t14 | t17; \ 124 t18 = t14 | t17; \
125 w = t15 ^ t18; \ 125 w = t15 ^ t18; \
126 } 126 }
127 127
128#define SBOX1(a, b, c, d, w, x, y, z) \ 128#define SBOX1(a, b, c, d, w, x, y, z) \
129 { \ 129 { \
130 register unsigned long t02, t03, t04, t05, t06, t07, t08; \ 130 register unsigned long t02, t03, t04, t05, t06, t07, t08; \
131 register unsigned long t10, t11, t12, t13, t16, t17, t01; \ 131 register unsigned long t10, t11, t12, t13, t16, t17, t01; \
132 t01 = a | d ; \ 132 t01 = a | d ; \
133 t02 = c ^ d ; \ 133 t02 = c ^ d ; \
134 t03 = ~ b ; \ 134 t03 = ~ b ; \
135 t04 = a ^ c ; \ 135 t04 = a ^ c ; \
136 t05 = a | t03; \ 136 t05 = a | t03; \
137 t06 = d & t04; \ 137 t06 = d & t04; \
138 t07 = t01 & t02; \ 138 t07 = t01 & t02; \
139 t08 = b | t06; \ 139 t08 = b | t06; \
140 y = t02 ^ t05; \ 140 y = t02 ^ t05; \
141 t10 = t07 ^ t08; \ 141 t10 = t07 ^ t08; \
142 t11 = t01 ^ t10; \ 142 t11 = t01 ^ t10; \
143 t12 = y ^ t11; \ 143 t12 = y ^ t11; \
144 t13 = b & d ; \ 144 t13 = b & d ; \
145 z = ~ t10; \ 145 z = ~ t10; \
146 x = t13 ^ t12; \ 146 x = t13 ^ t12; \
147 t16 = t10 | x ; \ 147 t16 = t10 | x ; \
148 t17 = t05 & t16; \ 148 t17 = t05 & t16; \
149 w = c ^ t17; \ 149 w = c ^ t17; \
150 } 150 }
151 151
152#define SBOX1_INVERSE(a, b, c, d, w, x, y, z) \ 152#define SBOX1_INVERSE(a, b, c, d, w, x, y, z) \
153 { \ 153 { \
154 register unsigned long t02, t03, t04, t05, t06, t07, t08; \ 154 register unsigned long t02, t03, t04, t05, t06, t07, t08; \
155 register unsigned long t09, t10, t11, t14, t15, t17, t01; \ 155 register unsigned long t09, t10, t11, t14, t15, t17, t01; \
156 t01 = a ^ b ; \ 156 t01 = a ^ b ; \
157 t02 = b | d ; \ 157 t02 = b | d ; \
158 t03 = a & c ; \ 158 t03 = a & c ; \
159 t04 = c ^ t02; \ 159 t04 = c ^ t02; \
160 t05 = a | t04; \ 160 t05 = a | t04; \
161 t06 = t01 & t05; \ 161 t06 = t01 & t05; \
162 t07 = d | t03; \ 162 t07 = d | t03; \
163 t08 = b ^ t06; \ 163 t08 = b ^ t06; \
164 t09 = t07 ^ t06; \ 164 t09 = t07 ^ t06; \
165 t10 = t04 | t03; \ 165 t10 = t04 | t03; \
166 t11 = d & t08; \ 166 t11 = d & t08; \
167 y = ~ t09; \ 167 y = ~ t09; \
168 x = t10 ^ t11; \ 168 x = t10 ^ t11; \
169 t14 = a | y ; \ 169 t14 = a | y ; \
170 t15 = t06 ^ x ; \ 170 t15 = t06 ^ x ; \
171 z = t01 ^ t04; \ 171 z = t01 ^ t04; \
172 t17 = c ^ t15; \ 172 t17 = c ^ t15; \
173 w = t14 ^ t17; \ 173 w = t14 ^ t17; \
174 } 174 }
175 175
176#define SBOX2(a, b, c, d, w, x, y, z) \ 176#define SBOX2(a, b, c, d, w, x, y, z) \
177 { \ 177 { \
178 register unsigned long t02, t03, t05, t06, t07, t08; \ 178 register unsigned long t02, t03, t05, t06, t07, t08; \
179 register unsigned long t09, t10, t12, t13, t14, t01; \ 179 register unsigned long t09, t10, t12, t13, t14, t01; \
180 t01 = a | c ; \ 180 t01 = a | c ; \
181 t02 = a ^ b ; \ 181 t02 = a ^ b ; \
182 t03 = d ^ t01; \ 182 t03 = d ^ t01; \
183 w = t02 ^ t03; \ 183 w = t02 ^ t03; \
184 t05 = c ^ w ; \ 184 t05 = c ^ w ; \
185 t06 = b ^ t05; \ 185 t06 = b ^ t05; \
186 t07 = b | t05; \ 186 t07 = b | t05; \
187 t08 = t01 & t06; \ 187 t08 = t01 & t06; \
188 t09 = t03 ^ t07; \ 188 t09 = t03 ^ t07; \
189 t10 = t02 | t09; \ 189 t10 = t02 | t09; \
190 x = t10 ^ t08; \ 190 x = t10 ^ t08; \
191 t12 = a | d ; \ 191 t12 = a | d ; \
192 t13 = t09 ^ x ; \ 192 t13 = t09 ^ x ; \
193 t14 = b ^ t13; \ 193 t14 = b ^ t13; \
194 z = ~ t09; \ 194 z = ~ t09; \
195 y = t12 ^ t14; \ 195 y = t12 ^ t14; \
196 } 196 }
197 197
198#define SBOX2_INVERSE(a, b, c, d, w, x, y, z) \ 198#define SBOX2_INVERSE(a, b, c, d, w, x, y, z) \
199 { \ 199 { \
200 register unsigned long t02, t03, t04, t06, t07, t08, t09; \ 200 register unsigned long t02, t03, t04, t06, t07, t08, t09; \
201 register unsigned long t10, t11, t12, t15, t16, t17, t01; \ 201 register unsigned long t10, t11, t12, t15, t16, t17, t01; \
202 t01 = a ^ d ; \ 202 t01 = a ^ d ; \
203 t02 = c ^ d ; \ 203 t02 = c ^ d ; \
204 t03 = a & c ; \ 204 t03 = a & c ; \
205 t04 = b | t02; \ 205 t04 = b | t02; \
206 w = t01 ^ t04; \ 206 w = t01 ^ t04; \
207 t06 = a | c ; \ 207 t06 = a | c ; \
208 t07 = d | w ; \ 208 t07 = d | w ; \
209 t08 = ~ d ; \ 209 t08 = ~ d ; \
210 t09 = b & t06; \ 210 t09 = b & t06; \
211 t10 = t08 | t03; \ 211 t10 = t08 | t03; \
212 t11 = b & t07; \ 212 t11 = b & t07; \
213 t12 = t06 & t02; \ 213 t12 = t06 & t02; \
214 z = t09 ^ t10; \ 214 z = t09 ^ t10; \
215 x = t12 ^ t11; \ 215 x = t12 ^ t11; \
216 t15 = c & z ; \ 216 t15 = c & z ; \
217 t16 = w ^ x ; \ 217 t16 = w ^ x ; \
218 t17 = t10 ^ t15; \ 218 t17 = t10 ^ t15; \
219 y = t16 ^ t17; \ 219 y = t16 ^ t17; \
220 } 220 }
221 221
222#define SBOX3(a, b, c, d, w, x, y, z) \ 222#define SBOX3(a, b, c, d, w, x, y, z) \
223 { \ 223 { \
224 register unsigned long t02, t03, t04, t05, t06, t07, t08; \ 224 register unsigned long t02, t03, t04, t05, t06, t07, t08; \
225 register unsigned long t09, t10, t11, t13, t14, t15, t01; \ 225 register unsigned long t09, t10, t11, t13, t14, t15, t01; \
226 t01 = a ^ c ; \ 226 t01 = a ^ c ; \
227 t02 = a | d ; \ 227 t02 = a | d ; \
228 t03 = a & d ; \ 228 t03 = a & d ; \
229 t04 = t01 & t02; \ 229 t04 = t01 & t02; \
230 t05 = b | t03; \ 230 t05 = b | t03; \
231 t06 = a & b ; \ 231 t06 = a & b ; \
232 t07 = d ^ t04; \ 232 t07 = d ^ t04; \
233 t08 = c | t06; \ 233 t08 = c | t06; \
234 t09 = b ^ t07; \ 234 t09 = b ^ t07; \
235 t10 = d & t05; \ 235 t10 = d & t05; \
236 t11 = t02 ^ t10; \ 236 t11 = t02 ^ t10; \
237 z = t08 ^ t09; \ 237 z = t08 ^ t09; \
238 t13 = d | z ; \ 238 t13 = d | z ; \
239 t14 = a | t07; \ 239 t14 = a | t07; \
240 t15 = b & t13; \ 240 t15 = b & t13; \
241 y = t08 ^ t11; \ 241 y = t08 ^ t11; \
242 w = t14 ^ t15; \ 242 w = t14 ^ t15; \
243 x = t05 ^ t04; \ 243 x = t05 ^ t04; \
244 } 244 }
245 245
246#define SBOX3_INVERSE(a, b, c, d, w, x, y, z) \ 246#define SBOX3_INVERSE(a, b, c, d, w, x, y, z) \
247 { \ 247 { \
248 register unsigned long t02, t03, t04, t05, t06, t07, t09; \ 248 register unsigned long t02, t03, t04, t05, t06, t07, t09; \
249 register unsigned long t11, t12, t13, t14, t16, t01; \ 249 register unsigned long t11, t12, t13, t14, t16, t01; \
250 t01 = c | d ; \ 250 t01 = c | d ; \
251 t02 = a | d ; \ 251 t02 = a | d ; \
252 t03 = c ^ t02; \ 252 t03 = c ^ t02; \
253 t04 = b ^ t02; \ 253 t04 = b ^ t02; \
254 t05 = a ^ d ; \ 254 t05 = a ^ d ; \
255 t06 = t04 & t03; \ 255 t06 = t04 & t03; \
256 t07 = b & t01; \ 256 t07 = b & t01; \
257 y = t05 ^ t06; \ 257 y = t05 ^ t06; \
258 t09 = a ^ t03; \ 258 t09 = a ^ t03; \
259 w = t07 ^ t03; \ 259 w = t07 ^ t03; \
260 t11 = w | t05; \ 260 t11 = w | t05; \
261 t12 = t09 & t11; \ 261 t12 = t09 & t11; \
262 t13 = a & y ; \ 262 t13 = a & y ; \
263 t14 = t01 ^ t05; \ 263 t14 = t01 ^ t05; \
264 x = b ^ t12; \ 264 x = b ^ t12; \
265 t16 = b | t13; \ 265 t16 = b | t13; \
266 z = t14 ^ t16; \ 266 z = t14 ^ t16; \
267 } 267 }
268 268
269#define SBOX4(a, b, c, d, w, x, y, z) \ 269#define SBOX4(a, b, c, d, w, x, y, z) \
270 { \ 270 { \
271 register unsigned long t02, t03, t04, t05, t06, t08, t09; \ 271 register unsigned long t02, t03, t04, t05, t06, t08, t09; \
272 register unsigned long t10, t11, t12, t13, t14, t15, t16, t01; \ 272 register unsigned long t10, t11, t12, t13, t14, t15, t16, t01; \
273 t01 = a | b ; \ 273 t01 = a | b ; \
274 t02 = b | c ; \ 274 t02 = b | c ; \
275 t03 = a ^ t02; \ 275 t03 = a ^ t02; \
276 t04 = b ^ d ; \ 276 t04 = b ^ d ; \
277 t05 = d | t03; \ 277 t05 = d | t03; \
278 t06 = d & t01; \ 278 t06 = d & t01; \
279 z = t03 ^ t06; \ 279 z = t03 ^ t06; \
280 t08 = z & t04; \ 280 t08 = z & t04; \
281 t09 = t04 & t05; \ 281 t09 = t04 & t05; \
282 t10 = c ^ t06; \ 282 t10 = c ^ t06; \
283 t11 = b & c ; \ 283 t11 = b & c ; \
284 t12 = t04 ^ t08; \ 284 t12 = t04 ^ t08; \
285 t13 = t11 | t03; \ 285 t13 = t11 | t03; \
286 t14 = t10 ^ t09; \ 286 t14 = t10 ^ t09; \
287 t15 = a & t05; \ 287 t15 = a & t05; \
288 t16 = t11 | t12; \ 288 t16 = t11 | t12; \
289 y = t13 ^ t08; \ 289 y = t13 ^ t08; \
290 x = t15 ^ t16; \ 290 x = t15 ^ t16; \
291 w = ~ t14; \ 291 w = ~ t14; \
292 } 292 }
293 293
294#define SBOX4_INVERSE(a, b, c, d, w, x, y, z) \ 294#define SBOX4_INVERSE(a, b, c, d, w, x, y, z) \
295 { \ 295 { \
296 register unsigned long t02, t03, t04, t05, t06, t07, t09; \ 296 register unsigned long t02, t03, t04, t05, t06, t07, t09; \
297 register unsigned long t10, t11, t12, t13, t15, t01; \ 297 register unsigned long t10, t11, t12, t13, t15, t01; \
298 t01 = b | d ; \ 298 t01 = b | d ; \
299 t02 = c | d ; \ 299 t02 = c | d ; \
300 t03 = a & t01; \ 300 t03 = a & t01; \
301 t04 = b ^ t02; \ 301 t04 = b ^ t02; \
302 t05 = c ^ d ; \ 302 t05 = c ^ d ; \
303 t06 = ~ t03; \ 303 t06 = ~ t03; \
304 t07 = a & t04; \ 304 t07 = a & t04; \
305 x = t05 ^ t07; \ 305 x = t05 ^ t07; \
306 t09 = x | t06; \ 306 t09 = x | t06; \
307 t10 = a ^ t07; \ 307 t10 = a ^ t07; \
308 t11 = t01 ^ t09; \ 308 t11 = t01 ^ t09; \
309 t12 = d ^ t04; \ 309 t12 = d ^ t04; \
310 t13 = c | t10; \ 310 t13 = c | t10; \
311 z = t03 ^ t12; \ 311 z = t03 ^ t12; \
312 t15 = a ^ t04; \ 312 t15 = a ^ t04; \
313 y = t11 ^ t13; \ 313 y = t11 ^ t13; \
314 w = t15 ^ t09; \ 314 w = t15 ^ t09; \
315 } 315 }
316 316
317#define SBOX5(a, b, c, d, w, x, y, z) \ 317#define SBOX5(a, b, c, d, w, x, y, z) \
318 { \ 318 { \
319 register unsigned long t02, t03, t04, t05, t07, t08, t09; \ 319 register unsigned long t02, t03, t04, t05, t07, t08, t09; \
320 register unsigned long t10, t11, t12, t13, t14, t01; \ 320 register unsigned long t10, t11, t12, t13, t14, t01; \
321 t01 = b ^ d ; \ 321 t01 = b ^ d ; \
322 t02 = b | d ; \ 322 t02 = b | d ; \
323 t03 = a & t01; \ 323 t03 = a & t01; \
324 t04 = c ^ t02; \ 324 t04 = c ^ t02; \
325 t05 = t03 ^ t04; \ 325 t05 = t03 ^ t04; \
326 w = ~ t05; \ 326 w = ~ t05; \
327 t07 = a ^ t01; \ 327 t07 = a ^ t01; \
328 t08 = d | w ; \ 328 t08 = d | w ; \
329 t09 = b | t05; \ 329 t09 = b | t05; \
330 t10 = d ^ t08; \ 330 t10 = d ^ t08; \
331 t11 = b | t07; \ 331 t11 = b | t07; \
332 t12 = t03 | w ; \ 332 t12 = t03 | w ; \
333 t13 = t07 | t10; \ 333 t13 = t07 | t10; \
334 t14 = t01 ^ t11; \ 334 t14 = t01 ^ t11; \
335 y = t09 ^ t13; \ 335 y = t09 ^ t13; \
336 x = t07 ^ t08; \ 336 x = t07 ^ t08; \
337 z = t12 ^ t14; \ 337 z = t12 ^ t14; \
338 } 338 }
339 339
340#define SBOX5_INVERSE(a, b, c, d, w, x, y, z) \ 340#define SBOX5_INVERSE(a, b, c, d, w, x, y, z) \
341 { \ 341 { \
342 register unsigned long t02, t03, t04, t05, t07, t08, t09; \ 342 register unsigned long t02, t03, t04, t05, t07, t08, t09; \
343 register unsigned long t10, t12, t13, t15, t16, t01; \ 343 register unsigned long t10, t12, t13, t15, t16, t01; \
344 t01 = a & d ; \ 344 t01 = a & d ; \
345 t02 = c ^ t01; \ 345 t02 = c ^ t01; \
346 t03 = a ^ d ; \ 346 t03 = a ^ d ; \
347 t04 = b & t02; \ 347 t04 = b & t02; \
348 t05 = a & c ; \ 348 t05 = a & c ; \
349 w = t03 ^ t04; \ 349 w = t03 ^ t04; \
350 t07 = a & w ; \ 350 t07 = a & w ; \
351 t08 = t01 ^ w ; \ 351 t08 = t01 ^ w ; \
352 t09 = b | t05; \ 352 t09 = b | t05; \
353 t10 = ~ b ; \ 353 t10 = ~ b ; \
354 x = t08 ^ t09; \ 354 x = t08 ^ t09; \
355 t12 = t10 | t07; \ 355 t12 = t10 | t07; \
356 t13 = w | x ; \ 356 t13 = w | x ; \
357 z = t02 ^ t12; \ 357 z = t02 ^ t12; \
358 t15 = t02 ^ t13; \ 358 t15 = t02 ^ t13; \
359 t16 = b ^ d ; \ 359 t16 = b ^ d ; \
360 y = t16 ^ t15; \ 360 y = t16 ^ t15; \
361 } 361 }
362 362
363#define SBOX6(a, b, c, d, w, x, y, z) \ 363#define SBOX6(a, b, c, d, w, x, y, z) \
364 { \ 364 { \
365 register unsigned long t02, t03, t04, t05, t07, t08, t09, t10; \ 365 register unsigned long t02, t03, t04, t05, t07, t08, t09, t10; \
366 register unsigned long t11, t12, t13, t15, t17, t18, t01; \ 366 register unsigned long t11, t12, t13, t15, t17, t18, t01; \
367 t01 = a & d ; \ 367 t01 = a & d ; \
368 t02 = b ^ c ; \ 368 t02 = b ^ c ; \
369 t03 = a ^ d ; \ 369 t03 = a ^ d ; \
370 t04 = t01 ^ t02; \ 370 t04 = t01 ^ t02; \
371 t05 = b | c ; \ 371 t05 = b | c ; \
372 x = ~ t04; \ 372 x = ~ t04; \
373 t07 = t03 & t05; \ 373 t07 = t03 & t05; \
374 t08 = b & x ; \ 374 t08 = b & x ; \
375 t09 = a | c ; \ 375 t09 = a | c ; \
376 t10 = t07 ^ t08; \ 376 t10 = t07 ^ t08; \
377 t11 = b | d ; \ 377 t11 = b | d ; \
378 t12 = c ^ t11; \ 378 t12 = c ^ t11; \
379 t13 = t09 ^ t10; \ 379 t13 = t09 ^ t10; \
380 y = ~ t13; \ 380 y = ~ t13; \
381 t15 = x & t03; \ 381 t15 = x & t03; \
382 z = t12 ^ t07; \ 382 z = t12 ^ t07; \
383 t17 = a ^ b ; \ 383 t17 = a ^ b ; \
384 t18 = y ^ t15; \ 384 t18 = y ^ t15; \
385 w = t17 ^ t18; \ 385 w = t17 ^ t18; \
386 } 386 }
387 387
388#define SBOX6_INVERSE(a, b, c, d, w, x, y, z) \ 388#define SBOX6_INVERSE(a, b, c, d, w, x, y, z) \
389 { \ 389 { \
390 register unsigned long t02, t03, t04, t05, t06, t07, t08, t09; \ 390 register unsigned long t02, t03, t04, t05, t06, t07, t08, t09; \
391 register unsigned long t12, t13, t14, t15, t16, t17, t01; \ 391 register unsigned long t12, t13, t14, t15, t16, t17, t01; \
392 t01 = a ^ c ; \ 392 t01 = a ^ c ; \
393 t02 = ~ c ; \ 393 t02 = ~ c ; \
394 t03 = b & t01; \ 394 t03 = b & t01; \
395 t04 = b | t02; \ 395 t04 = b | t02; \
396 t05 = d | t03; \ 396 t05 = d | t03; \
397 t06 = b ^ d ; \ 397 t06 = b ^ d ; \
398 t07 = a & t04; \ 398 t07 = a & t04; \
399 t08 = a | t02; \ 399 t08 = a | t02; \
400 t09 = t07 ^ t05; \ 400 t09 = t07 ^ t05; \
401 x = t06 ^ t08; \ 401 x = t06 ^ t08; \
402 w = ~ t09; \ 402 w = ~ t09; \
403 t12 = b & w ; \ 403 t12 = b & w ; \
404 t13 = t01 & t05; \ 404 t13 = t01 & t05; \
405 t14 = t01 ^ t12; \ 405 t14 = t01 ^ t12; \
406 t15 = t07 ^ t13; \ 406 t15 = t07 ^ t13; \
407 t16 = d | t02; \ 407 t16 = d | t02; \
408 t17 = a ^ x ; \ 408 t17 = a ^ x ; \
409 z = t17 ^ t15; \ 409 z = t17 ^ t15; \
410 y = t16 ^ t14; \ 410 y = t16 ^ t14; \
411 } 411 }
412 412
413#define SBOX7(a, b, c, d, w, x, y, z) \ 413#define SBOX7(a, b, c, d, w, x, y, z) \
414 { \ 414 { \
415 register unsigned long t02, t03, t04, t05, t06, t08, t09, t10; \ 415 register unsigned long t02, t03, t04, t05, t06, t08, t09, t10; \
416 register unsigned long t11, t13, t14, t15, t16, t17, t01; \ 416 register unsigned long t11, t13, t14, t15, t16, t17, t01; \
417 t01 = a & c ; \ 417 t01 = a & c ; \
418 t02 = ~ d ; \ 418 t02 = ~ d ; \
419 t03 = a & t02; \ 419 t03 = a & t02; \
420 t04 = b | t01; \ 420 t04 = b | t01; \
421 t05 = a & b ; \ 421 t05 = a & b ; \
422 t06 = c ^ t04; \ 422 t06 = c ^ t04; \
423 z = t03 ^ t06; \ 423 z = t03 ^ t06; \
424 t08 = c | z ; \ 424 t08 = c | z ; \
425 t09 = d | t05; \ 425 t09 = d | t05; \
426 t10 = a ^ t08; \ 426 t10 = a ^ t08; \
427 t11 = t04 & z ; \ 427 t11 = t04 & z ; \
428 x = t09 ^ t10; \ 428 x = t09 ^ t10; \
429 t13 = b ^ x ; \ 429 t13 = b ^ x ; \
430 t14 = t01 ^ x ; \ 430 t14 = t01 ^ x ; \
431 t15 = c ^ t05; \ 431 t15 = c ^ t05; \
432 t16 = t11 | t13; \ 432 t16 = t11 | t13; \
433 t17 = t02 | t14; \ 433 t17 = t02 | t14; \
434 w = t15 ^ t17; \ 434 w = t15 ^ t17; \
435 y = a ^ t16; \ 435 y = a ^ t16; \
436 } 436 }
437 437
438#define SBOX7_INVERSE(a, b, c, d, w, x, y, z) \ 438#define SBOX7_INVERSE(a, b, c, d, w, x, y, z) \
439 { \ 439 { \
440 register unsigned long t02, t03, t04, t06, t07, t08, t09; \ 440 register unsigned long t02, t03, t04, t06, t07, t08, t09; \
441 register unsigned long t10, t11, t13, t14, t15, t16, t01; \ 441 register unsigned long t10, t11, t13, t14, t15, t16, t01; \
442 t01 = a & b ; \ 442 t01 = a & b ; \
443 t02 = a | b ; \ 443 t02 = a | b ; \
444 t03 = c | t01; \ 444 t03 = c | t01; \
445 t04 = d & t02; \ 445 t04 = d & t02; \
446 z = t03 ^ t04; \ 446 z = t03 ^ t04; \
447 t06 = b ^ t04; \ 447 t06 = b ^ t04; \
448 t07 = d ^ z ; \ 448 t07 = d ^ z ; \
449 t08 = ~ t07; \ 449 t08 = ~ t07; \
450 t09 = t06 | t08; \ 450 t09 = t06 | t08; \
451 t10 = b ^ d ; \ 451 t10 = b ^ d ; \
452 t11 = a | d ; \ 452 t11 = a | d ; \
453 x = a ^ t09; \ 453 x = a ^ t09; \
454 t13 = c ^ t06; \ 454 t13 = c ^ t06; \
455 t14 = c & t11; \ 455 t14 = c & t11; \
456 t15 = d | x ; \ 456 t15 = d | x ; \
457 t16 = t01 | t10; \ 457 t16 = t01 | t10; \
458 w = t13 ^ t15; \ 458 w = t13 ^ t15; \
459 y = t14 ^ t16; \ 459 y = t14 ^ t16; \
460 } 460 }
461 461
462/* XOR BLOCK1 into BLOCK0. */ 462/* XOR BLOCK1 into BLOCK0. */
463#define BLOCK_XOR(block0, block1) \ 463#define BLOCK_XOR(block0, block1) \
464 { \ 464 { \
465 block0[0] ^= block1[0]; \ 465 block0[0] ^= block1[0]; \
466 block0[1] ^= block1[1]; \ 466 block0[1] ^= block1[1]; \
467 block0[2] ^= block1[2]; \ 467 block0[2] ^= block1[2]; \
468 block0[3] ^= block1[3]; \ 468 block0[3] ^= block1[3]; \
469 } 469 }
470 470
471/* Copy BLOCK_SRC to BLOCK_DST. */ 471/* Copy BLOCK_SRC to BLOCK_DST. */
472#define BLOCK_COPY(block_dst, block_src) \ 472#define BLOCK_COPY(block_dst, block_src) \
473 { \ 473 { \
474 block_dst[0] = block_src[0]; \ 474 block_dst[0] = block_src[0]; \
475 block_dst[1] = block_src[1]; \ 475 block_dst[1] = block_src[1]; \
476 block_dst[2] = block_src[2]; \ 476 block_dst[2] = block_src[2]; \
477 block_dst[3] = block_src[3]; \ 477 block_dst[3] = block_src[3]; \
478 } 478 }
479 479
480/* Apply SBOX number WHICH to to the block found in ARRAY0 at index 480/* Apply SBOX number WHICH to to the block found in ARRAY0 at index
481 INDEX, writing the output to the block found in ARRAY1 at index 481 INDEX, writing the output to the block found in ARRAY1 at index
482 INDEX. */ 482 INDEX. */
483#define SBOX(which, array0, array1, index) \ 483#define SBOX(which, array0, array1, index) \
484 SBOX##which (array0[index + 0], array0[index + 1], \ 484 SBOX##which (array0[index + 0], array0[index + 1], \
485 array0[index + 2], array0[index + 3], \ 485 array0[index + 2], array0[index + 3], \
486 array1[index + 0], array1[index + 1], \ 486 array1[index + 0], array1[index + 1], \
487 array1[index + 2], array1[index + 3]); 487 array1[index + 2], array1[index + 3]);
488 488
489/* Apply inverse SBOX number WHICH to to the block found in ARRAY0 at 489/* Apply inverse SBOX number WHICH to to the block found in ARRAY0 at
490 index INDEX, writing the output to the block found in ARRAY1 at 490 index INDEX, writing the output to the block found in ARRAY1 at
491 index INDEX. */ 491 index INDEX. */
492#define SBOX_INVERSE(which, array0, array1, index) \ 492#define SBOX_INVERSE(which, array0, array1, index) \
493 SBOX##which##_INVERSE (array0[index + 0], array0[index + 1], \ 493 SBOX##which##_INVERSE (array0[index + 0], array0[index + 1], \
494 array0[index + 2], array0[index + 3], \ 494 array0[index + 2], array0[index + 3], \
495 array1[index + 0], array1[index + 1], \ 495 array1[index + 0], array1[index + 1], \
496 array1[index + 2], array1[index + 3]); 496 array1[index + 2], array1[index + 3]);
497 497
498/* Apply the linear transformation to BLOCK. */ 498/* Apply the linear transformation to BLOCK. */
499#define LINEAR_TRANSFORMATION(block) \ 499#define LINEAR_TRANSFORMATION(block) \
500 { \ 500 { \
501 block[0] = rol (block[0], 13); \ 501 block[0] = rol (block[0], 13); \
502 block[2] = rol (block[2], 3); \ 502 block[2] = rol (block[2], 3); \
503 block[1] = block[1] ^ block[0] ^ block[2]; \ 503 block[1] = block[1] ^ block[0] ^ block[2]; \
504 block[3] = block[3] ^ block[2] ^ (block[0] << 3); \ 504 block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
505 block[1] = rol (block[1], 1); \ 505 block[1] = rol (block[1], 1); \
506 block[3] = rol (block[3], 7); \ 506 block[3] = rol (block[3], 7); \
507 block[0] = block[0] ^ block[1] ^ block[3]; \ 507 block[0] = block[0] ^ block[1] ^ block[3]; \
508 block[2] = block[2] ^ block[3] ^ (block[1] << 7); \ 508 block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
509 block[0] = rol (block[0], 5); \ 509 block[0] = rol (block[0], 5); \
510 block[2] = rol (block[2], 22); \ 510 block[2] = rol (block[2], 22); \
511 } 511 }
512 512
513/* Apply the inverse linear transformation to BLOCK. */ 513/* Apply the inverse linear transformation to BLOCK. */
514#define LINEAR_TRANSFORMATION_INVERSE(block) \ 514#define LINEAR_TRANSFORMATION_INVERSE(block) \
515 { \ 515 { \
516 block[2] = ror (block[2], 22); \ 516 block[2] = ror (block[2], 22); \
517 block[0] = ror (block[0] , 5); \ 517 block[0] = ror (block[0] , 5); \
518 block[2] = block[2] ^ block[3] ^ (block[1] << 7); \ 518 block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
519 block[0] = block[0] ^ block[1] ^ block[3]; \ 519 block[0] = block[0] ^ block[1] ^ block[3]; \
520 block[3] = ror (block[3], 7); \ 520 block[3] = ror (block[3], 7); \
521 block[1] = ror (block[1], 1); \ 521 block[1] = ror (block[1], 1); \
522 block[3] = block[3] ^ block[2] ^ (block[0] << 3); \ 522 block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
523 block[1] = block[1] ^ block[0] ^ block[2]; \ 523 block[1] = block[1] ^ block[0] ^ block[2]; \
524 block[2] = ror (block[2], 3); \ 524 block[2] = ror (block[2], 3); \
525 block[0] = ror (block[0], 13); \ 525 block[0] = ror (block[0], 13); \
526 } 526 }
527 527
528/* Apply a Serpent round to BLOCK, using the SBOX number WHICH and the 528/* Apply a Serpent round to BLOCK, using the SBOX number WHICH and the
529 subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary storage. 529 subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary storage.
530 This macro increments `round'. */ 530 This macro increments `round'. */
531#define ROUND(which, subkeys, block, block_tmp) \ 531#define ROUND(which, subkeys, block, block_tmp) \
532 { \ 532 { \
533 BLOCK_XOR (block, subkeys[round]); \ 533 BLOCK_XOR (block, subkeys[round]); \
534 round++; \ 534 round++; \
535 SBOX (which, block, block_tmp, 0); \ 535 SBOX (which, block, block_tmp, 0); \
536 LINEAR_TRANSFORMATION (block_tmp); \ 536 LINEAR_TRANSFORMATION (block_tmp); \
537 BLOCK_COPY (block, block_tmp); \ 537 BLOCK_COPY (block, block_tmp); \
538 } 538 }
539 539
540/* Apply the last Serpent round to BLOCK, using the SBOX number WHICH 540/* Apply the last Serpent round to BLOCK, using the SBOX number WHICH
541 and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary 541 and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
542 storage. The result will be stored in BLOCK_TMP. This macro 542 storage. The result will be stored in BLOCK_TMP. This macro
543 increments `round'. */ 543 increments `round'. */
544#define ROUND_LAST(which, subkeys, block, block_tmp) \ 544#define ROUND_LAST(which, subkeys, block, block_tmp) \
545 { \ 545 { \
546 BLOCK_XOR (block, subkeys[round]); \ 546 BLOCK_XOR (block, subkeys[round]); \
547 round++; \ 547 round++; \
548 SBOX (which, block, block_tmp, 0); \ 548 SBOX (which, block, block_tmp, 0); \
549 BLOCK_XOR (block_tmp, subkeys[round]); \ 549 BLOCK_XOR (block_tmp, subkeys[round]); \
550 round++; \ 550 round++; \
551 } 551 }
552 552
553/* Apply an inverse Serpent round to BLOCK, using the SBOX number 553/* Apply an inverse Serpent round to BLOCK, using the SBOX number
554 WHICH and the subkeys contained in SUBKEYS. Use BLOCK_TMP as 554 WHICH and the subkeys contained in SUBKEYS. Use BLOCK_TMP as
555 temporary storage. This macro increments `round'. */ 555 temporary storage. This macro increments `round'. */
556#define ROUND_INVERSE(which, subkey, block, block_tmp) \ 556#define ROUND_INVERSE(which, subkey, block, block_tmp) \
557 { \ 557 { \
558 LINEAR_TRANSFORMATION_INVERSE (block); \ 558 LINEAR_TRANSFORMATION_INVERSE (block); \
559 SBOX_INVERSE (which, block, block_tmp, 0); \ 559 SBOX_INVERSE (which, block, block_tmp, 0); \
560 BLOCK_XOR (block_tmp, subkey[round]); \ 560 BLOCK_XOR (block_tmp, subkey[round]); \
561 round--; \ 561 round--; \
562 BLOCK_COPY (block, block_tmp); \ 562 BLOCK_COPY (block, block_tmp); \
563 } 563 }
564 564
565/* Apply the first Serpent round to BLOCK, using the SBOX number WHICH 565/* Apply the first Serpent round to BLOCK, using the SBOX number WHICH
566 and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary 566 and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
567 storage. The result will be stored in BLOCK_TMP. This macro 567 storage. The result will be stored in BLOCK_TMP. This macro
568 increments `round'. */ 568 increments `round'. */
569#define ROUND_FIRST_INVERSE(which, subkeys, block, block_tmp) \ 569#define ROUND_FIRST_INVERSE(which, subkeys, block, block_tmp) \
570 { \ 570 { \
571 BLOCK_XOR (block, subkeys[round]); \ 571 BLOCK_XOR (block, subkeys[round]); \
572 round--; \ 572 round--; \
573 SBOX_INVERSE (which, block, block_tmp, 0); \ 573 SBOX_INVERSE (which, block, block_tmp, 0); \
574 BLOCK_XOR (block_tmp, subkeys[round]); \ 574 BLOCK_XOR (block_tmp, subkeys[round]); \
575 round--; \ 575 round--; \
576 } 576 }
577 577
578/* Convert the user provided key KEY of KEY_LENGTH bytes into the 578/* Convert the user provided key KEY of KEY_LENGTH bytes into the
579 internally used format. */ 579 internally used format. */
580static void 580static void
581serpent_key_prepare (const byte_t *key, unsigned int key_length, 581serpent_key_prepare (const byte_t *key, unsigned int key_length,
582 serpent_key_t key_prepared) 582 serpent_key_t key_prepared)
583{ 583{
584 int i; 584 int i;
585 585
586 /* Copy key. */ 586 /* Copy key. */
587 for (i = 0; i < key_length / 4; i++) 587 for (i = 0; i < key_length / 4; i++)
588 { 588 {
589#ifdef WORDS_BIGENDIAN 589#ifdef WORDS_BIGENDIAN
590 key_prepared[i] = byte_swap_32 (((u32_t *) key)[i]); 590 key_prepared[i] = byte_swap_32 (((u32_t *) key)[i]);
591#else 591#else
592 key_prepared[i] = ((u32_t *) key)[i]; 592 key_prepared[i] = ((u32_t *) key)[i];
593#endif 593#endif
594 } 594 }
595 595
596 if (i < 8) 596 if (i < 8)
597 { 597 {
598 /* Key must be padded according to the Serpent 598 /* Key must be padded according to the Serpent
599 specification. */ 599 specification. */
600 key_prepared[i] = 0x00000001; 600 key_prepared[i] = 0x00000001;
601 601
602 for (i++; i < 8; i++) 602 for (i++; i < 8; i++)
603 key_prepared[i] = 0; 603 key_prepared[i] = 0;
604 } 604 }
605} 605}
606 606
607/* Derive the 33 subkeys from KEY and store them in SUBKEYS. */ 607/* Derive the 33 subkeys from KEY and store them in SUBKEYS. */
608static void 608static void
609serpent_subkeys_generate (serpent_key_t key, serpent_subkeys_t subkeys) 609serpent_subkeys_generate (serpent_key_t key, serpent_subkeys_t subkeys)
610{ 610{
611 u32_t w_real[140]; /* The `prekey'. */ 611 u32_t w_real[140]; /* The `prekey'. */
612 u32_t k[132]; 612 u32_t k[132];
613 u32_t *w = &w_real[8]; 613 u32_t *w = &w_real[8];
614 int i, j; 614 int i, j;
615 615
616 /* Initialize with key values. */ 616 /* Initialize with key values. */
617 for (i = 0; i < 8; i++) 617 for (i = 0; i < 8; i++)
618 w[i - 8] = key[i]; 618 w[i - 8] = key[i];
619 619
620 /* Expand to intermediate key using the affine recurrence. */ 620 /* Expand to intermediate key using the affine recurrence. */
621 for (i = 0; i < 132; i++) 621 for (i = 0; i < 132; i++)
622 w[i] = rol (w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11); 622 w[i] = rol (w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11);
623 623
624 /* Calculate subkeys via S-Boxes, in bitslice mode. */ 624 /* Calculate subkeys via S-Boxes, in bitslice mode. */
625 SBOX (3, w, k, 0); 625 SBOX (3, w, k, 0);
626 SBOX (2, w, k, 4); 626 SBOX (2, w, k, 4);
627 SBOX (1, w, k, 8); 627 SBOX (1, w, k, 8);
628 SBOX (0, w, k, 12); 628 SBOX (0, w, k, 12);
629 SBOX (7, w, k, 16); 629 SBOX (7, w, k, 16);
630 SBOX (6, w, k, 20); 630 SBOX (6, w, k, 20);
631 SBOX (5, w, k, 24); 631 SBOX (5, w, k, 24);
632 SBOX (4, w, k, 28); 632 SBOX (4, w, k, 28);
633 SBOX (3, w, k, 32); 633 SBOX (3, w, k, 32);
634 SBOX (2, w, k, 36); 634 SBOX (2, w, k, 36);
635 SBOX (1, w, k, 40); 635 SBOX (1, w, k, 40);
636 SBOX (0, w, k, 44); 636 SBOX (0, w, k, 44);
637 SBOX (7, w, k, 48); 637 SBOX (7, w, k, 48);
638 SBOX (6, w, k, 52); 638 SBOX (6, w, k, 52);
639 SBOX (5, w, k, 56); 639 SBOX (5, w, k, 56);
640 SBOX (4, w, k, 60); 640 SBOX (4, w, k, 60);
641 SBOX (3, w, k, 64); 641 SBOX (3, w, k, 64);
642 SBOX (2, w, k, 68); 642 SBOX (2, w, k, 68);
643 SBOX (1, w, k, 72); 643 SBOX (1, w, k, 72);
644 SBOX (0, w, k, 76); 644 SBOX (0, w, k, 76);
645 SBOX (7, w, k, 80); 645 SBOX (7, w, k, 80);
646 SBOX (6, w, k, 84); 646 SBOX (6, w, k, 84);
647 SBOX (5, w, k, 88); 647 SBOX (5, w, k, 88);
648 SBOX (4, w, k, 92); 648 SBOX (4, w, k, 92);
649 SBOX (3, w, k, 96); 649 SBOX (3, w, k, 96);
650 SBOX (2, w, k, 100); 650 SBOX (2, w, k, 100);
651 SBOX (1, w, k, 104); 651 SBOX (1, w, k, 104);
652 SBOX (0, w, k, 108); 652 SBOX (0, w, k, 108);
653 SBOX (7, w, k, 112); 653 SBOX (7, w, k, 112);
654 SBOX (6, w, k, 116); 654 SBOX (6, w, k, 116);
655 SBOX (5, w, k, 120); 655 SBOX (5, w, k, 120);
656 SBOX (4, w, k, 124); 656 SBOX (4, w, k, 124);
657 SBOX (3, w, k, 128); 657 SBOX (3, w, k, 128);
658 658
659 /* Renumber subkeys. */ 659 /* Renumber subkeys. */
660 for (i = 0; i < ROUNDS + 1; i++) 660 for (i = 0; i < ROUNDS + 1; i++)
661 for (j = 0; j < 4; j++) 661 for (j = 0; j < 4; j++)
662 subkeys[i][j] = k[4 * i + j]; 662 subkeys[i][j] = k[4 * i + j];
663} 663}
664 664
665/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits. */ 665/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits. */
666static void 666static void
667serpent_setkey_internal (serpent_context_t *context, 667serpent_setkey_internal (serpent_context_t *context,
668 const byte_t *key, unsigned int key_length) 668 const byte_t *key, unsigned int key_length)
669{ 669{
670 serpent_key_t key_prepared; 670 serpent_key_t key_prepared;
671 671
672 serpent_key_prepare (key, key_length, key_prepared); 672 serpent_key_prepare (key, key_length, key_prepared);
673 serpent_subkeys_generate (key_prepared, context->keys); 673 serpent_subkeys_generate (key_prepared, context->keys);
674 _gcry_burn_stack (272 * sizeof (u32_t)); 674 _gcry_burn_stack (272 * sizeof (u32_t));
675} 675}
676 676 static const char *serpent_test (void);
677/* Initialize CTX with the key KEY of KEY_LENGTH bytes. */ 677/* Initialize CTX with the key KEY of KEY_LENGTH bytes. */
678static gcry_err_code_t 678static gcry_err_code_t
679serpent_setkey (void *ctx, 679serpent_setkey (void *ctx,
680 const byte_t *key, unsigned int key_length) 680 const byte_t *key, unsigned int key_length)
681{ 681{
682 serpent_context_t *context = ctx; 682 serpent_context_t *context = ctx;
683 static const char *serpent_test_ret; 683 static const char *serpent_test_ret;
684 static int serpent_init_done; 684 static int serpent_init_done;
685 gcry_err_code_t ret = GPG_ERR_NO_ERROR; 685 gcry_err_code_t ret = GPG_ERR_NO_ERROR;
686 686
687 if (! serpent_init_done) 687 if (! serpent_init_done)
688 { 688 {
689 /* Execute a self-test the first time, Serpent is used. */ 689 /* Execute a self-test the first time, Serpent is used. */
690 static const char *serpent_test (void); 690
691 691
692 serpent_test_ret = serpent_test (); 692 serpent_test_ret = serpent_test ();
693 if (serpent_test_ret) 693 if (serpent_test_ret)
694 log_error ("Serpent test failure: %s\n", serpent_test_ret); 694 log_error ("Serpent test failure: %s\n", serpent_test_ret);
695 serpent_init_done = 1; 695 serpent_init_done = 1;
696 } 696 }
697 697
698 if (serpent_test_ret) 698 if (serpent_test_ret)
699 ret = GPG_ERR_SELFTEST_FAILED; 699 ret = GPG_ERR_SELFTEST_FAILED;
700 else 700 else
701 { 701 {
702 serpent_setkey_internal (context, key, key_length); 702 serpent_setkey_internal (context, key, key_length);
703 _gcry_burn_stack (sizeof (serpent_key_t)); 703 _gcry_burn_stack (sizeof (serpent_key_t));
704 } 704 }
705 705
706 return ret; 706 return ret;
707} 707}
708 708
709static void 709static void
710serpent_encrypt_internal (serpent_context_t *context, 710serpent_encrypt_internal (serpent_context_t *context,
711 const serpent_block_t input, serpent_block_t output) 711 const serpent_block_t input, serpent_block_t output)
712{ 712{
713 serpent_block_t b, b_next; 713 serpent_block_t b, b_next;
714 int round = 0; 714 int round = 0;
715 715
716#ifdef WORDS_BIGENDIAN 716#ifdef WORDS_BIGENDIAN
717 b[0] = byte_swap_32 (input[0]); 717 b[0] = byte_swap_32 (input[0]);
718 b[1] = byte_swap_32 (input[1]); 718 b[1] = byte_swap_32 (input[1]);
719 b[2] = byte_swap_32 (input[2]); 719 b[2] = byte_swap_32 (input[2]);
720 b[3] = byte_swap_32 (input[3]); 720 b[3] = byte_swap_32 (input[3]);
721#else 721#else
722 b[0] = input[0]; 722 b[0] = input[0];
723 b[1] = input[1]; 723 b[1] = input[1];
724 b[2] = input[2]; 724 b[2] = input[2];
725 b[3] = input[3]; 725 b[3] = input[3];
726#endif 726#endif
727 727
728 ROUND (0, context->keys, b, b_next); 728 ROUND (0, context->keys, b, b_next);
729 ROUND (1, context->keys, b, b_next); 729 ROUND (1, context->keys, b, b_next);
730 ROUND (2, context->keys, b, b_next); 730 ROUND (2, context->keys, b, b_next);
731 ROUND (3, context->keys, b, b_next); 731 ROUND (3, context->keys, b, b_next);
732 ROUND (4, context->keys, b, b_next); 732 ROUND (4, context->keys, b, b_next);
733 ROUND (5, context->keys, b, b_next); 733 ROUND (5, context->keys, b, b_next);
734 ROUND (6, context->keys, b, b_next); 734 ROUND (6, context->keys, b, b_next);
735 ROUND (7, context->keys, b, b_next); 735 ROUND (7, context->keys, b, b_next);
736 ROUND (0, context->keys, b, b_next); 736 ROUND (0, context->keys, b, b_next);
737 ROUND (1, context->keys, b, b_next); 737 ROUND (1, context->keys, b, b_next);
738 ROUND (2, context->keys, b, b_next); 738 ROUND (2, context->keys, b, b_next);
739 ROUND (3, context->keys, b, b_next); 739 ROUND (3, context->keys, b, b_next);
740 ROUND (4, context->keys, b, b_next); 740 ROUND (4, context->keys, b, b_next);
741 ROUND (5, context->keys, b, b_next); 741 ROUND (5, context->keys, b, b_next);
742 ROUND (6, context->keys, b, b_next); 742 ROUND (6, context->keys, b, b_next);
743 ROUND (7, context->keys, b, b_next); 743 ROUND (7, context->keys, b, b_next);
744 ROUND (0, context->keys, b, b_next); 744 ROUND (0, context->keys, b, b_next);
745 ROUND (1, context->keys, b, b_next); 745 ROUND (1, context->keys, b, b_next);
746 ROUND (2, context->keys, b, b_next); 746 ROUND (2, context->keys, b, b_next);
747 ROUND (3, context->keys, b, b_next); 747 ROUND (3, context->keys, b, b_next);
748 ROUND (4, context->keys, b, b_next); 748 ROUND (4, context->keys, b, b_next);
749 ROUND (5, context->keys, b, b_next); 749 ROUND (5, context->keys, b, b_next);
750 ROUND (6, context->keys, b, b_next); 750 ROUND (6, context->keys, b, b_next);
751 ROUND (7, context->keys, b, b_next); 751 ROUND (7, context->keys, b, b_next);
752 ROUND (0, context->keys, b, b_next); 752 ROUND (0, context->keys, b, b_next);
753 ROUND (1, context->keys, b, b_next); 753 ROUND (1, context->keys, b, b_next);
754 ROUND (2, context->keys, b, b_next); 754 ROUND (2, context->keys, b, b_next);
755 ROUND (3, context->keys, b, b_next); 755 ROUND (3, context->keys, b, b_next);
756 ROUND (4, context->keys, b, b_next); 756 ROUND (4, context->keys, b, b_next);
757 ROUND (5, context->keys, b, b_next); 757 ROUND (5, context->keys, b, b_next);
758 ROUND (6, context->keys, b, b_next); 758 ROUND (6, context->keys, b, b_next);
759 759
760 ROUND_LAST (7, context->keys, b, b_next); 760 ROUND_LAST (7, context->keys, b, b_next);
761 761
762#ifdef WORDS_BIGENDIAN 762#ifdef WORDS_BIGENDIAN
763 output[0] = byte_swap_32 (b_next[0]); 763 output[0] = byte_swap_32 (b_next[0]);
764 output[1] = byte_swap_32 (b_next[1]); 764 output[1] = byte_swap_32 (b_next[1]);
765 output[2] = byte_swap_32 (b_next[2]); 765 output[2] = byte_swap_32 (b_next[2]);
766 output[3] = byte_swap_32 (b_next[3]); 766 output[3] = byte_swap_32 (b_next[3]);
767#else 767#else
768 output[0] = b_next[0]; 768 output[0] = b_next[0];
769 output[1] = b_next[1]; 769 output[1] = b_next[1];
770 output[2] = b_next[2]; 770 output[2] = b_next[2];
771 output[3] = b_next[3]; 771 output[3] = b_next[3];
772#endif 772#endif
773} 773}
774 774
775static void 775static void
776serpent_decrypt_internal (serpent_context_t *context, 776serpent_decrypt_internal (serpent_context_t *context,
777 const serpent_block_t input, serpent_block_t output) 777 const serpent_block_t input, serpent_block_t output)
778{ 778{
779 serpent_block_t b, b_next; 779 serpent_block_t b, b_next;
780 int round = ROUNDS; 780 int round = ROUNDS;
781 781
782#ifdef WORDS_BIGENDIAN 782#ifdef WORDS_BIGENDIAN
783 b_next[0] = byte_swap_32 (input[0]); 783 b_next[0] = byte_swap_32 (input[0]);
784 b_next[1] = byte_swap_32 (input[1]); 784 b_next[1] = byte_swap_32 (input[1]);
785 b_next[2] = byte_swap_32 (input[2]); 785 b_next[2] = byte_swap_32 (input[2]);
786 b_next[3] = byte_swap_32 (input[3]); 786 b_next[3] = byte_swap_32 (input[3]);
787#else 787#else
788 b_next[0] = input[0]; 788 b_next[0] = input[0];
789 b_next[1] = input[1]; 789 b_next[1] = input[1];
790 b_next[2] = input[2]; 790 b_next[2] = input[2];
791 b_next[3] = input[3]; 791 b_next[3] = input[3];
792#endif 792#endif
793 793
794 ROUND_FIRST_INVERSE (7, context->keys, b_next, b); 794 ROUND_FIRST_INVERSE (7, context->keys, b_next, b);
795 795
796 ROUND_INVERSE (6, context->keys, b, b_next); 796 ROUND_INVERSE (6, context->keys, b, b_next);
797 ROUND_INVERSE (5, context->keys, b, b_next); 797 ROUND_INVERSE (5, context->keys, b, b_next);
798 ROUND_INVERSE (4, context->keys, b, b_next); 798 ROUND_INVERSE (4, context->keys, b, b_next);
799 ROUND_INVERSE (3, context->keys, b, b_next); 799 ROUND_INVERSE (3, context->keys, b, b_next);
800 ROUND_INVERSE (2, context->keys, b, b_next); 800 ROUND_INVERSE (2, context->keys, b, b_next);
801 ROUND_INVERSE (1, context->keys, b, b_next); 801 ROUND_INVERSE (1, context->keys, b, b_next);
802 ROUND_INVERSE (0, context->keys, b, b_next); 802 ROUND_INVERSE (0, context->keys, b, b_next);
803 ROUND_INVERSE (7, context->keys, b, b_next); 803 ROUND_INVERSE (7, context->keys, b, b_next);
804 ROUND_INVERSE (6, context->keys, b, b_next); 804 ROUND_INVERSE (6, context->keys, b, b_next);
805 ROUND_INVERSE (5, context->keys, b, b_next); 805 ROUND_INVERSE (5, context->keys, b, b_next);
806 ROUND_INVERSE (4, context->keys, b, b_next); 806 ROUND_INVERSE (4, context->keys, b, b_next);
807 ROUND_INVERSE (3, context->keys, b, b_next); 807 ROUND_INVERSE (3, context->keys, b, b_next);
808 ROUND_INVERSE (2, context->keys, b, b_next); 808 ROUND_INVERSE (2, context->keys, b, b_next);
809 ROUND_INVERSE (1, context->keys, b, b_next); 809 ROUND_INVERSE (1, context->keys, b, b_next);
810 ROUND_INVERSE (0, context->keys, b, b_next); 810 ROUND_INVERSE (0, context->keys, b, b_next);
811 ROUND_INVERSE (7, context->keys, b, b_next); 811 ROUND_INVERSE (7, context->keys, b, b_next);
812 ROUND_INVERSE (6, context->keys, b, b_next); 812 ROUND_INVERSE (6, context->keys, b, b_next);
813 ROUND_INVERSE (5, context->keys, b, b_next); 813 ROUND_INVERSE (5, context->keys, b, b_next);
814 ROUND_INVERSE (4, context->keys, b, b_next); 814 ROUND_INVERSE (4, context->keys, b, b_next);
815 ROUND_INVERSE (3, context->keys, b, b_next); 815 ROUND_INVERSE (3, context->keys, b, b_next);
816 ROUND_INVERSE (2, context->keys, b, b_next); 816 ROUND_INVERSE (2, context->keys, b, b_next);
817 ROUND_INVERSE (1, context->keys, b, b_next); 817 ROUND_INVERSE (1, context->keys, b, b_next);
818 ROUND_INVERSE (0, context->keys, b, b_next); 818 ROUND_INVERSE (0, context->keys, b, b_next);
819 ROUND_INVERSE (7, context->keys, b, b_next); 819 ROUND_INVERSE (7, context->keys, b, b_next);
820 ROUND_INVERSE (6, context->keys, b, b_next); 820 ROUND_INVERSE (6, context->keys, b, b_next);
821 ROUND_INVERSE (5, context->keys, b, b_next); 821 ROUND_INVERSE (5, context->keys, b, b_next);
822 ROUND_INVERSE (4, context->keys, b, b_next); 822 ROUND_INVERSE (4, context->keys, b, b_next);
823 ROUND_INVERSE (3, context->keys, b, b_next); 823 ROUND_INVERSE (3, context->keys, b, b_next);
824 ROUND_INVERSE (2, context->keys, b, b_next); 824 ROUND_INVERSE (2, context->keys, b, b_next);
825 ROUND_INVERSE (1, context->keys, b, b_next); 825 ROUND_INVERSE (1, context->keys, b, b_next);
826 ROUND_INVERSE (0, context->keys, b, b_next); 826 ROUND_INVERSE (0, context->keys, b, b_next);
827 827
828 828
829#ifdef WORDS_BIGENDIAN 829#ifdef WORDS_BIGENDIAN
830 output[0] = byte_swap_32 (b_next[0]); 830 output[0] = byte_swap_32 (b_next[0]);
831 output[1] = byte_swap_32 (b_next[1]); 831 output[1] = byte_swap_32 (b_next[1]);
832 output[2] = byte_swap_32 (b_next[2]); 832 output[2] = byte_swap_32 (b_next[2]);
833 output[3] = byte_swap_32 (b_next[3]); 833 output[3] = byte_swap_32 (b_next[3]);
834#else 834#else
835 output[0] = b_next[0]; 835 output[0] = b_next[0];
836 output[1] = b_next[1]; 836 output[1] = b_next[1];
837 output[2] = b_next[2]; 837 output[2] = b_next[2];
838 output[3] = b_next[3]; 838 output[3] = b_next[3];
839#endif 839#endif
840} 840}
841 841
842static void 842static void
843serpent_encrypt (void *ctx, byte_t *buffer_out, const byte_t *buffer_in) 843serpent_encrypt (void *ctx, byte_t *buffer_out, const byte_t *buffer_in)
844{ 844{
845 serpent_context_t *context = ctx; 845 serpent_context_t *context = ctx;
846 846
847 serpent_encrypt_internal (context, 847 serpent_encrypt_internal (context,
848 (const u32_t *) buffer_in, (u32_t *) buffer_out); 848 (const u32_t *) buffer_in, (u32_t *) buffer_out);
849 _gcry_burn_stack (2 * sizeof (serpent_block_t)); 849 _gcry_burn_stack (2 * sizeof (serpent_block_t));
850} 850}
851 851
852static void 852static void
853serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in) 853serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
854{ 854{
855 serpent_context_t *context = ctx; 855 serpent_context_t *context = ctx;
856 856
857 serpent_decrypt_internal (context, 857 serpent_decrypt_internal (context,
858 (const u32_t *) buffer_in, 858 (const u32_t *) buffer_in,
859 (u32_t *) buffer_out); 859 (u32_t *) buffer_out);
860 _gcry_burn_stack (2 * sizeof (serpent_block_t)); 860 _gcry_burn_stack (2 * sizeof (serpent_block_t));
861} 861}
862 862
863 863
864 864
865/* Serpent test. */ 865/* Serpent test. */
866 866
867static const char * 867static const char *
868serpent_test (void) 868serpent_test (void)
869{ 869{
870 serpent_context_t context; 870 serpent_context_t context;
871 unsigned char scratch[16]; 871 unsigned char scratch[16];
872 unsigned int i; 872 unsigned int i;
873 873
874 static struct test 874 static struct test
875 { 875 {
876 int key_length; 876 int key_length;
877 unsigned char key[32]; 877 unsigned char key[32];
878 unsigned char text_plain[16]; 878 unsigned char text_plain[16];
879 unsigned char text_cipher[16]; 879 unsigned char text_cipher[16];
880 } test_data[] = 880 } test_data[] =
881 { 881 {
882 { 882 {
883 16, 883 16,
884 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 884 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
885 "\xD2\x9D\x57\x6F\xCE\xA3\xA3\xA7\xED\x90\x99\xF2\x92\x73\xD7\x8E", 885 "\xD2\x9D\x57\x6F\xCE\xA3\xA3\xA7\xED\x90\x99\xF2\x92\x73\xD7\x8E",
886 "\xB2\x28\x8B\x96\x8A\xE8\xB0\x86\x48\xD1\xCE\x96\x06\xFD\x99\x2D" 886 "\xB2\x28\x8B\x96\x8A\xE8\xB0\x86\x48\xD1\xCE\x96\x06\xFD\x99\x2D"
887 }, 887 },
888 { 888 {
889 24, 889 24,
890 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 890 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
891 "\x00\x00\x00\x00\x00\x00\x00\x00", 891 "\x00\x00\x00\x00\x00\x00\x00\x00",
892 "\xD2\x9D\x57\x6F\xCE\xAB\xA3\xA7\xED\x98\x99\xF2\x92\x7B\xD7\x8E", 892 "\xD2\x9D\x57\x6F\xCE\xAB\xA3\xA7\xED\x98\x99\xF2\x92\x7B\xD7\x8E",
893 "\x13\x0E\x35\x3E\x10\x37\xC2\x24\x05\xE8\xFA\xEF\xB2\xC3\xC3\xE9" 893 "\x13\x0E\x35\x3E\x10\x37\xC2\x24\x05\xE8\xFA\xEF\xB2\xC3\xC3\xE9"
894 }, 894 },
895 { 895 {
896 32, 896 32,
897 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 897 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
898 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 898 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
899 "\xD0\x95\x57\x6F\xCE\xA3\xE3\xA7\xED\x98\xD9\xF2\x90\x73\xD7\x8E", 899 "\xD0\x95\x57\x6F\xCE\xA3\xE3\xA7\xED\x98\xD9\xF2\x90\x73\xD7\x8E",
900 "\xB9\x0E\xE5\x86\x2D\xE6\x91\x68\xF2\xBD\xD5\x12\x5B\x45\x47\x2B" 900 "\xB9\x0E\xE5\x86\x2D\xE6\x91\x68\xF2\xBD\xD5\x12\x5B\x45\x47\x2B"
901 }, 901 },
902 { 902 {
903 32, 903 32,
904 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 904 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
905 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 905 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
906 "\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00", 906 "\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00",
907 "\x20\x61\xA4\x27\x82\xBD\x52\xEC\x69\x1E\xC3\x83\xB0\x3B\xA7\x7C" 907 "\x20\x61\xA4\x27\x82\xBD\x52\xEC\x69\x1E\xC3\x83\xB0\x3B\xA7\x7C"
908 }, 908 },
909 { 909 {
910 0 910 0
911 }, 911 },
912 }; 912 };
913 913
914 for (i = 0; test_data[i].key_length; i++) 914 for (i = 0; test_data[i].key_length; i++)
915 { 915 {
916 serpent_setkey_internal (&context, test_data[i].key, 916 serpent_setkey_internal (&context, test_data[i].key,
917 test_data[i].key_length); 917 test_data[i].key_length);
918 serpent_encrypt_internal (&context, 918 serpent_encrypt_internal (&context,
919 (const u32_t *) test_data[i].text_plain, 919 (const u32_t *) test_data[i].text_plain,
920 (u32_t *) scratch); 920 (u32_t *) scratch);
921 921
922 if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t))) 922 if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))
923 switch (test_data[i].key_length) 923 switch (test_data[i].key_length)
924 { 924 {
925 case 16: 925 case 16:
926 return "Serpent-128 test encryption failed."; 926 return "Serpent-128 test encryption failed.";
927 case 24: 927 case 24:
928 return "Serpent-192 test encryption failed."; 928 return "Serpent-192 test encryption failed.";
929 case 32: 929 case 32:
930 return "Serpent-256 test encryption failed."; 930 return "Serpent-256 test encryption failed.";
931 } 931 }
932 932
933 serpent_decrypt_internal (&context, 933 serpent_decrypt_internal (&context,
934 (const u32_t *) test_data[i].text_cipher, 934 (const u32_t *) test_data[i].text_cipher,
935 (u32_t *) scratch); 935 (u32_t *) scratch);
936 if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t))) 936 if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))
937 switch (test_data[i].key_length) 937 switch (test_data[i].key_length)
938 { 938 {
939 case 16: 939 case 16:
940 return "Serpent-128 test decryption failed."; 940 return "Serpent-128 test decryption failed.";
941 case 24: 941 case 24:
942 return "Serpent-192 test decryption failed."; 942 return "Serpent-192 test decryption failed.";
943 case 32: 943 case 32:
944 return "Serpent-256 test decryption failed."; 944 return "Serpent-256 test decryption failed.";
945 } 945 }
946 } 946 }
947 947
948 return NULL; 948 return NULL;
949} 949}
950 950
951 951
952 952
953/* "SERPENT" is an alias for "SERPENT128". */ 953/* "SERPENT" is an alias for "SERPENT128". */
954static const char *cipher_spec_serpent128_aliases[] = 954static const char *cipher_spec_serpent128_aliases[] =
955 { 955 {
956 "SERPENT", 956 "SERPENT",
957 NULL, 957 NULL,
958 }; 958 };
959 959
960gcry_cipher_spec_t _gcry_cipher_spec_serpent128 = 960gcry_cipher_spec_t _gcry_cipher_spec_serpent128 =
961 { 961 {
962 "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128, 962 "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128,
963 sizeof (serpent_context_t), 963 sizeof (serpent_context_t),
964 serpent_setkey, serpent_encrypt, serpent_decrypt, 964 serpent_setkey, serpent_encrypt, serpent_decrypt,
965 }; 965 };
966 966
967gcry_cipher_spec_t _gcry_cipher_spec_serpent192 = 967gcry_cipher_spec_t _gcry_cipher_spec_serpent192 =
968 { 968 {
969 "SERPENT192", NULL, NULL, 16, 192, 969 "SERPENT192", NULL, NULL, 16, 192,
970 sizeof (serpent_context_t), 970 sizeof (serpent_context_t),
971 serpent_setkey, serpent_encrypt, serpent_decrypt, 971 serpent_setkey, serpent_encrypt, serpent_decrypt,
972 }; 972 };
973 973
974gcry_cipher_spec_t _gcry_cipher_spec_serpent256 = 974gcry_cipher_spec_t _gcry_cipher_spec_serpent256 =
975 { 975 {
976 "SERPENT256", NULL, NULL, 16, 256, 976 "SERPENT256", NULL, NULL, 16, 256,
977 sizeof (serpent_context_t), 977 sizeof (serpent_context_t),
978 serpent_setkey, serpent_encrypt, serpent_decrypt, 978 serpent_setkey, serpent_encrypt, serpent_decrypt,
979 }; 979 };