1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package io.github.tonywasher.joceanus.gordianknot.impl.ext.engines;
18
19 import org.bouncycastle.crypto.CipherParameters;
20 import org.bouncycastle.crypto.DataLengthException;
21 import org.bouncycastle.crypto.OutputLengthException;
22 import org.bouncycastle.crypto.StreamCipher;
23 import org.bouncycastle.crypto.params.KeyParameter;
24 import org.bouncycastle.crypto.params.ParametersWithIV;
25 import org.bouncycastle.util.Memoable;
26
27
28
29
30
31
32 @SuppressWarnings("checkstyle:MagicNumber")
33 public class GordianSosemanukEngine
34 implements StreamCipher, Memoable {
35
36
37
38 private static final int STREAM_LEN = 80;
39
40
41
42
43 private int theIndex;
44
45
46
47
48 private final byte[] keyStream = new byte[STREAM_LEN];
49
50
51
52
53 private GordianSosemanukEngine theResetState;
54
55
56
57
58 public GordianSosemanukEngine() {
59 }
60
61
62
63
64
65
66 private GordianSosemanukEngine(final GordianSosemanukEngine pSource) {
67 reset(pSource);
68 }
69
70
71
72
73
74
75
76
77 public void init(final boolean forEncryption,
78 final CipherParameters params) {
79
80
81
82
83
84
85 CipherParameters myParams = params;
86 byte[] newKey = null;
87 byte[] newIV = null;
88 if ((myParams instanceof ParametersWithIV ivParams)) {
89 newIV = ivParams.getIV();
90 myParams = ivParams.getParameters();
91 }
92 if (myParams instanceof KeyParameter keyParam) {
93 newKey = keyParam.getKey();
94 }
95
96
97 theIndex = 0;
98 setKey(newKey);
99 setIV(newIV);
100 makeStreamBlock(keyStream, 0);
101
102
103 theResetState = copy();
104 }
105
106 @Override
107 public String getAlgorithmName() {
108 return "Sosemanuk";
109 }
110
111 @Override
112 public int processBytes(final byte[] in,
113 final int inOff,
114 final int len,
115 final byte[] out,
116 final int outOff) {
117
118 if (theResetState == null) {
119 throw new IllegalStateException(getAlgorithmName() + " not initialised");
120 }
121 if ((inOff + len) > in.length) {
122 throw new DataLengthException("input buffer too short");
123 }
124 if ((outOff + len) > out.length) {
125 throw new OutputLengthException("output buffer too short");
126 }
127
128
129 for (int i = 0; i < len; i++) {
130 out[i + outOff] = returnByte(in[i + inOff]);
131 }
132 return len;
133 }
134
135 @Override
136 public void reset() {
137 if (theResetState != null) {
138 reset(theResetState);
139 }
140 }
141
142 @Override
143 public byte returnByte(final byte in) {
144 final byte out = (byte) (keyStream[theIndex] ^ in);
145 theIndex = (theIndex + 1) % STREAM_LEN;
146
147 if (theIndex == 0) {
148 makeStreamBlock(keyStream, 0);
149 }
150 return out;
151 }
152
153
154 @Override
155 public GordianSosemanukEngine copy() {
156 return new GordianSosemanukEngine(this);
157 }
158
159 @Override
160 public void reset(final Memoable pState) {
161 final GordianSosemanukEngine e = (GordianSosemanukEngine) pState;
162 lfsr0 = e.lfsr0;
163 lfsr1 = e.lfsr1;
164 lfsr2 = e.lfsr2;
165 lfsr3 = e.lfsr3;
166 lfsr4 = e.lfsr4;
167 lfsr5 = e.lfsr5;
168 lfsr6 = e.lfsr6;
169 lfsr7 = e.lfsr7;
170 lfsr8 = e.lfsr8;
171 lfsr9 = e.lfsr9;
172 fsmR1 = e.fsmR1;
173 fsmR2 = e.fsmR2;
174 System.arraycopy(e.keyStream, 0, keyStream, 0, STREAM_LEN);
175 theIndex = e.theIndex;
176 }
177
178
179
180
181 private int lfsr0;
182
183
184
185
186 private int lfsr1;
187
188
189
190
191 private int lfsr2;
192
193
194
195
196 private int lfsr3;
197
198
199
200
201 private int lfsr4;
202
203
204
205
206 private int lfsr5;
207
208
209
210
211 private int lfsr6;
212
213
214
215
216 private int lfsr7;
217
218
219
220
221 private int lfsr8;
222
223
224
225
226 private int lfsr9;
227
228
229
230
231 private int fsmR1;
232
233
234
235
236 private int fsmR2;
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253 private static int decode32le(final byte[] buf, final int off) {
254 return (buf[off] & 0xFF)
255 | ((buf[off + 1] & 0xFF) << 8)
256 | ((buf[off + 2] & 0xFF) << 16)
257 | ((buf[off + 3] & 0xFF) << 24);
258 }
259
260
261
262
263
264
265
266
267 private static void encode32le(final int val, final byte[] buf, final int off) {
268 buf[off] = (byte) val;
269 buf[off + 1] = (byte) (val >> 8);
270 buf[off + 2] = (byte) (val >> 16);
271 buf[off + 3] = (byte) (val >> 24);
272 }
273
274
275
276
277
278
279
280
281 private static int rotateLeft(final int val, final int n) {
282 return (val << n) | (val >>> (32 - n));
283 }
284
285
286
287
288 private final int[] serpent24SubKeys = new int[100];
289
290
291
292
293
294
295
296 @SuppressWarnings("checkstyle:MethodLength")
297 public void setKey(final byte[] key) {
298 if (key.length < 1 || key.length > 32) {
299 throw new IllegalArgumentException("bad key length: " + key.length);
300 }
301 final byte[] lkey;
302 if (key.length == 32) {
303 lkey = key;
304 } else {
305 lkey = new byte[32];
306 System.arraycopy(key, 0, lkey, 0, key.length);
307 lkey[key.length] = 0x01;
308 for (int i = key.length + 1; i < lkey.length; i++) {
309 lkey[i] = 0x00;
310 }
311 }
312
313 int i = 0;
314
315 int w0 = decode32le(lkey, 0);
316 int w1 = decode32le(lkey, 4);
317 int w2 = decode32le(lkey, 8);
318 int w3 = decode32le(lkey, 12);
319 int w4 = decode32le(lkey, 16);
320 int w5 = decode32le(lkey, 20);
321 int w6 = decode32le(lkey, 24);
322 int w7 = decode32le(lkey, 28);
323 int tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (0));
324 w0 = rotateLeft(tt, 11);
325 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (0 + 1));
326 w1 = rotateLeft(tt, 11);
327 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (0 + 2));
328 w2 = rotateLeft(tt, 11);
329 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (0 + 3));
330 w3 = rotateLeft(tt, 11);
331 int r0 = w0;
332 int r1 = w1;
333 int r2 = w2;
334 int r3 = w3;
335 int r4 = r0;
336 r0 |= r3;
337 r3 ^= r1;
338 r1 &= r4;
339 r4 ^= r2;
340 r2 ^= r3;
341 r3 &= r0;
342 r4 |= r1;
343 r3 ^= r4;
344 r0 ^= r1;
345 r4 &= r0;
346 r1 ^= r3;
347 r4 ^= r2;
348 r1 |= r0;
349 r1 ^= r2;
350 r0 ^= r3;
351 r2 = r1;
352 r1 |= r3;
353 r1 ^= r0;
354 serpent24SubKeys[i++] = r1;
355 serpent24SubKeys[i++] = r2;
356 serpent24SubKeys[i++] = r3;
357 serpent24SubKeys[i++] = r4;
358 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (4));
359 w4 = rotateLeft(tt, 11);
360 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (4 + 1));
361 w5 = rotateLeft(tt, 11);
362 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (4 + 2));
363 w6 = rotateLeft(tt, 11);
364 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (4 + 3));
365 w7 = rotateLeft(tt, 11);
366 r0 = w4;
367 r1 = w5;
368 r2 = w6;
369 r3 = w7;
370 r4 = r0;
371 r0 &= r2;
372 r0 ^= r3;
373 r2 ^= r1;
374 r2 ^= r0;
375 r3 |= r4;
376 r3 ^= r1;
377 r4 ^= r2;
378 r1 = r3;
379 r3 |= r4;
380 r3 ^= r0;
381 r0 &= r1;
382 r4 ^= r0;
383 r1 ^= r3;
384 r1 ^= r4;
385 r4 = ~r4;
386 serpent24SubKeys[i++] = r2;
387 serpent24SubKeys[i++] = r3;
388 serpent24SubKeys[i++] = r1;
389 serpent24SubKeys[i++] = r4;
390 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (8));
391 w0 = rotateLeft(tt, 11);
392 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (8 + 1));
393 w1 = rotateLeft(tt, 11);
394 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (8 + 2));
395 w2 = rotateLeft(tt, 11);
396 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (8 + 3));
397 w3 = rotateLeft(tt, 11);
398 r0 = w0;
399 r1 = w1;
400 r2 = w2;
401 r3 = w3;
402 r0 = ~r0;
403 r2 = ~r2;
404 r4 = r0;
405 r0 &= r1;
406 r2 ^= r0;
407 r0 |= r3;
408 r3 ^= r2;
409 r1 ^= r0;
410 r0 ^= r4;
411 r4 |= r1;
412 r1 ^= r3;
413 r2 |= r0;
414 r2 &= r4;
415 r0 ^= r1;
416 r1 &= r2;
417 r1 ^= r0;
418 r0 &= r2;
419 r0 ^= r4;
420 serpent24SubKeys[i++] = r2;
421 serpent24SubKeys[i++] = r0;
422 serpent24SubKeys[i++] = r3;
423 serpent24SubKeys[i++] = r1;
424 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (12));
425 w4 = rotateLeft(tt, 11);
426 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (12 + 1));
427 w5 = rotateLeft(tt, 11);
428 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (12 + 2));
429 w6 = rotateLeft(tt, 11);
430 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (12 + 3));
431 w7 = rotateLeft(tt, 11);
432 r0 = w4;
433 r1 = w5;
434 r2 = w6;
435 r3 = w7;
436 r3 ^= r0;
437 r4 = r1;
438 r1 &= r3;
439 r4 ^= r2;
440 r1 ^= r0;
441 r0 |= r3;
442 r0 ^= r4;
443 r4 ^= r3;
444 r3 ^= r2;
445 r2 |= r1;
446 r2 ^= r4;
447 r4 = ~r4;
448 r4 |= r1;
449 r1 ^= r3;
450 r1 ^= r4;
451 r3 |= r0;
452 r1 ^= r3;
453 r4 ^= r3;
454 serpent24SubKeys[i++] = r1;
455 serpent24SubKeys[i++] = r4;
456 serpent24SubKeys[i++] = r2;
457 serpent24SubKeys[i++] = r0;
458 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (16));
459 w0 = rotateLeft(tt, 11);
460 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (16 + 1));
461 w1 = rotateLeft(tt, 11);
462 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (16 + 2));
463 w2 = rotateLeft(tt, 11);
464 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (16 + 3));
465 w3 = rotateLeft(tt, 11);
466 r0 = w0;
467 r1 = w1;
468 r2 = w2;
469 r3 = w3;
470 r4 = r1;
471 r1 |= r2;
472 r1 ^= r3;
473 r4 ^= r2;
474 r2 ^= r1;
475 r3 |= r4;
476 r3 &= r0;
477 r4 ^= r2;
478 r3 ^= r1;
479 r1 |= r4;
480 r1 ^= r0;
481 r0 |= r4;
482 r0 ^= r2;
483 r1 ^= r4;
484 r2 ^= r1;
485 r1 &= r0;
486 r1 ^= r4;
487 r2 = ~r2;
488 r2 |= r0;
489 r4 ^= r2;
490 serpent24SubKeys[i++] = r4;
491 serpent24SubKeys[i++] = r3;
492 serpent24SubKeys[i++] = r1;
493 serpent24SubKeys[i++] = r0;
494 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (20));
495 w4 = rotateLeft(tt, 11);
496 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (20 + 1));
497 w5 = rotateLeft(tt, 11);
498 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (20 + 2));
499 w6 = rotateLeft(tt, 11);
500 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (20 + 3));
501 w7 = rotateLeft(tt, 11);
502 r0 = w4;
503 r1 = w5;
504 r2 = w6;
505 r3 = w7;
506 r2 = ~r2;
507 r4 = r3;
508 r3 &= r0;
509 r0 ^= r4;
510 r3 ^= r2;
511 r2 |= r4;
512 r1 ^= r3;
513 r2 ^= r0;
514 r0 |= r1;
515 r2 ^= r1;
516 r4 ^= r0;
517 r0 |= r3;
518 r0 ^= r2;
519 r4 ^= r3;
520 r4 ^= r0;
521 r3 = ~r3;
522 r2 &= r4;
523 r2 ^= r3;
524 serpent24SubKeys[i++] = r0;
525 serpent24SubKeys[i++] = r1;
526 serpent24SubKeys[i++] = r4;
527 serpent24SubKeys[i++] = r2;
528 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (24));
529 w0 = rotateLeft(tt, 11);
530 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (24 + 1));
531 w1 = rotateLeft(tt, 11);
532 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (24 + 2));
533 w2 = rotateLeft(tt, 11);
534 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (24 + 3));
535 w3 = rotateLeft(tt, 11);
536 r0 = w0;
537 r1 = w1;
538 r2 = w2;
539 r3 = w3;
540 r0 ^= r1;
541 r1 ^= r3;
542 r3 = ~r3;
543 r4 = r1;
544 r1 &= r0;
545 r2 ^= r3;
546 r1 ^= r2;
547 r2 |= r4;
548 r4 ^= r3;
549 r3 &= r1;
550 r3 ^= r0;
551 r4 ^= r1;
552 r4 ^= r2;
553 r2 ^= r0;
554 r0 &= r3;
555 r2 = ~r2;
556 r0 ^= r4;
557 r4 |= r3;
558 r2 ^= r4;
559 serpent24SubKeys[i++] = r1;
560 serpent24SubKeys[i++] = r3;
561 serpent24SubKeys[i++] = r0;
562 serpent24SubKeys[i++] = r2;
563 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (28));
564 w4 = rotateLeft(tt, 11);
565 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (28 + 1));
566 w5 = rotateLeft(tt, 11);
567 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (28 + 2));
568 w6 = rotateLeft(tt, 11);
569 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (28 + 3));
570 w7 = rotateLeft(tt, 11);
571 r0 = w4;
572 r1 = w5;
573 r2 = w6;
574 r3 = w7;
575 r1 ^= r3;
576 r3 = ~r3;
577 r2 ^= r3;
578 r3 ^= r0;
579 r4 = r1;
580 r1 &= r3;
581 r1 ^= r2;
582 r4 ^= r3;
583 r0 ^= r4;
584 r2 &= r4;
585 r2 ^= r0;
586 r0 &= r1;
587 r3 ^= r0;
588 r4 |= r1;
589 r4 ^= r0;
590 r0 |= r3;
591 r0 ^= r2;
592 r2 &= r3;
593 r0 = ~r0;
594 r4 ^= r2;
595 serpent24SubKeys[i++] = r1;
596 serpent24SubKeys[i++] = r4;
597 serpent24SubKeys[i++] = r0;
598 serpent24SubKeys[i++] = r3;
599 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (32));
600 w0 = rotateLeft(tt, 11);
601 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (32 + 1));
602 w1 = rotateLeft(tt, 11);
603 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (32 + 2));
604 w2 = rotateLeft(tt, 11);
605 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (32 + 3));
606 w3 = rotateLeft(tt, 11);
607 r0 = w0;
608 r1 = w1;
609 r2 = w2;
610 r3 = w3;
611 r4 = r0;
612 r0 |= r3;
613 r3 ^= r1;
614 r1 &= r4;
615 r4 ^= r2;
616 r2 ^= r3;
617 r3 &= r0;
618 r4 |= r1;
619 r3 ^= r4;
620 r0 ^= r1;
621 r4 &= r0;
622 r1 ^= r3;
623 r4 ^= r2;
624 r1 |= r0;
625 r1 ^= r2;
626 r0 ^= r3;
627 r2 = r1;
628 r1 |= r3;
629 r1 ^= r0;
630 serpent24SubKeys[i++] = r1;
631 serpent24SubKeys[i++] = r2;
632 serpent24SubKeys[i++] = r3;
633 serpent24SubKeys[i++] = r4;
634 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (36));
635 w4 = rotateLeft(tt, 11);
636 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (36 + 1));
637 w5 = rotateLeft(tt, 11);
638 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (36 + 2));
639 w6 = rotateLeft(tt, 11);
640 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (36 + 3));
641 w7 = rotateLeft(tt, 11);
642 r0 = w4;
643 r1 = w5;
644 r2 = w6;
645 r3 = w7;
646 r4 = r0;
647 r0 &= r2;
648 r0 ^= r3;
649 r2 ^= r1;
650 r2 ^= r0;
651 r3 |= r4;
652 r3 ^= r1;
653 r4 ^= r2;
654 r1 = r3;
655 r3 |= r4;
656 r3 ^= r0;
657 r0 &= r1;
658 r4 ^= r0;
659 r1 ^= r3;
660 r1 ^= r4;
661 r4 = ~r4;
662 serpent24SubKeys[i++] = r2;
663 serpent24SubKeys[i++] = r3;
664 serpent24SubKeys[i++] = r1;
665 serpent24SubKeys[i++] = r4;
666 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (40));
667 w0 = rotateLeft(tt, 11);
668 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (40 + 1));
669 w1 = rotateLeft(tt, 11);
670 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (40 + 2));
671 w2 = rotateLeft(tt, 11);
672 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (40 + 3));
673 w3 = rotateLeft(tt, 11);
674 r0 = w0;
675 r1 = w1;
676 r2 = w2;
677 r3 = w3;
678 r0 = ~r0;
679 r2 = ~r2;
680 r4 = r0;
681 r0 &= r1;
682 r2 ^= r0;
683 r0 |= r3;
684 r3 ^= r2;
685 r1 ^= r0;
686 r0 ^= r4;
687 r4 |= r1;
688 r1 ^= r3;
689 r2 |= r0;
690 r2 &= r4;
691 r0 ^= r1;
692 r1 &= r2;
693 r1 ^= r0;
694 r0 &= r2;
695 r0 ^= r4;
696 serpent24SubKeys[i++] = r2;
697 serpent24SubKeys[i++] = r0;
698 serpent24SubKeys[i++] = r3;
699 serpent24SubKeys[i++] = r1;
700 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (44));
701 w4 = rotateLeft(tt, 11);
702 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (44 + 1));
703 w5 = rotateLeft(tt, 11);
704 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (44 + 2));
705 w6 = rotateLeft(tt, 11);
706 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (44 + 3));
707 w7 = rotateLeft(tt, 11);
708 r0 = w4;
709 r1 = w5;
710 r2 = w6;
711 r3 = w7;
712 r3 ^= r0;
713 r4 = r1;
714 r1 &= r3;
715 r4 ^= r2;
716 r1 ^= r0;
717 r0 |= r3;
718 r0 ^= r4;
719 r4 ^= r3;
720 r3 ^= r2;
721 r2 |= r1;
722 r2 ^= r4;
723 r4 = ~r4;
724 r4 |= r1;
725 r1 ^= r3;
726 r1 ^= r4;
727 r3 |= r0;
728 r1 ^= r3;
729 r4 ^= r3;
730 serpent24SubKeys[i++] = r1;
731 serpent24SubKeys[i++] = r4;
732 serpent24SubKeys[i++] = r2;
733 serpent24SubKeys[i++] = r0;
734 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (48));
735 w0 = rotateLeft(tt, 11);
736 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (48 + 1));
737 w1 = rotateLeft(tt, 11);
738 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (48 + 2));
739 w2 = rotateLeft(tt, 11);
740 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (48 + 3));
741 w3 = rotateLeft(tt, 11);
742 r0 = w0;
743 r1 = w1;
744 r2 = w2;
745 r3 = w3;
746 r4 = r1;
747 r1 |= r2;
748 r1 ^= r3;
749 r4 ^= r2;
750 r2 ^= r1;
751 r3 |= r4;
752 r3 &= r0;
753 r4 ^= r2;
754 r3 ^= r1;
755 r1 |= r4;
756 r1 ^= r0;
757 r0 |= r4;
758 r0 ^= r2;
759 r1 ^= r4;
760 r2 ^= r1;
761 r1 &= r0;
762 r1 ^= r4;
763 r2 = ~r2;
764 r2 |= r0;
765 r4 ^= r2;
766 serpent24SubKeys[i++] = r4;
767 serpent24SubKeys[i++] = r3;
768 serpent24SubKeys[i++] = r1;
769 serpent24SubKeys[i++] = r0;
770 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (52));
771 w4 = rotateLeft(tt, 11);
772 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (52 + 1));
773 w5 = rotateLeft(tt, 11);
774 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (52 + 2));
775 w6 = rotateLeft(tt, 11);
776 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (52 + 3));
777 w7 = rotateLeft(tt, 11);
778 r0 = w4;
779 r1 = w5;
780 r2 = w6;
781 r3 = w7;
782 r2 = ~r2;
783 r4 = r3;
784 r3 &= r0;
785 r0 ^= r4;
786 r3 ^= r2;
787 r2 |= r4;
788 r1 ^= r3;
789 r2 ^= r0;
790 r0 |= r1;
791 r2 ^= r1;
792 r4 ^= r0;
793 r0 |= r3;
794 r0 ^= r2;
795 r4 ^= r3;
796 r4 ^= r0;
797 r3 = ~r3;
798 r2 &= r4;
799 r2 ^= r3;
800 serpent24SubKeys[i++] = r0;
801 serpent24SubKeys[i++] = r1;
802 serpent24SubKeys[i++] = r4;
803 serpent24SubKeys[i++] = r2;
804 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (56));
805 w0 = rotateLeft(tt, 11);
806 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (56 + 1));
807 w1 = rotateLeft(tt, 11);
808 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (56 + 2));
809 w2 = rotateLeft(tt, 11);
810 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (56 + 3));
811 w3 = rotateLeft(tt, 11);
812 r0 = w0;
813 r1 = w1;
814 r2 = w2;
815 r3 = w3;
816 r0 ^= r1;
817 r1 ^= r3;
818 r3 = ~r3;
819 r4 = r1;
820 r1 &= r0;
821 r2 ^= r3;
822 r1 ^= r2;
823 r2 |= r4;
824 r4 ^= r3;
825 r3 &= r1;
826 r3 ^= r0;
827 r4 ^= r1;
828 r4 ^= r2;
829 r2 ^= r0;
830 r0 &= r3;
831 r2 = ~r2;
832 r0 ^= r4;
833 r4 |= r3;
834 r2 ^= r4;
835 serpent24SubKeys[i++] = r1;
836 serpent24SubKeys[i++] = r3;
837 serpent24SubKeys[i++] = r0;
838 serpent24SubKeys[i++] = r2;
839 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (60));
840 w4 = rotateLeft(tt, 11);
841 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (60 + 1));
842 w5 = rotateLeft(tt, 11);
843 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (60 + 2));
844 w6 = rotateLeft(tt, 11);
845 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (60 + 3));
846 w7 = rotateLeft(tt, 11);
847 r0 = w4;
848 r1 = w5;
849 r2 = w6;
850 r3 = w7;
851 r1 ^= r3;
852 r3 = ~r3;
853 r2 ^= r3;
854 r3 ^= r0;
855 r4 = r1;
856 r1 &= r3;
857 r1 ^= r2;
858 r4 ^= r3;
859 r0 ^= r4;
860 r2 &= r4;
861 r2 ^= r0;
862 r0 &= r1;
863 r3 ^= r0;
864 r4 |= r1;
865 r4 ^= r0;
866 r0 |= r3;
867 r0 ^= r2;
868 r2 &= r3;
869 r0 = ~r0;
870 r4 ^= r2;
871 serpent24SubKeys[i++] = r1;
872 serpent24SubKeys[i++] = r4;
873 serpent24SubKeys[i++] = r0;
874 serpent24SubKeys[i++] = r3;
875 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (64));
876 w0 = rotateLeft(tt, 11);
877 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (64 + 1));
878 w1 = rotateLeft(tt, 11);
879 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (64 + 2));
880 w2 = rotateLeft(tt, 11);
881 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (64 + 3));
882 w3 = rotateLeft(tt, 11);
883 r0 = w0;
884 r1 = w1;
885 r2 = w2;
886 r3 = w3;
887 r4 = r0;
888 r0 |= r3;
889 r3 ^= r1;
890 r1 &= r4;
891 r4 ^= r2;
892 r2 ^= r3;
893 r3 &= r0;
894 r4 |= r1;
895 r3 ^= r4;
896 r0 ^= r1;
897 r4 &= r0;
898 r1 ^= r3;
899 r4 ^= r2;
900 r1 |= r0;
901 r1 ^= r2;
902 r0 ^= r3;
903 r2 = r1;
904 r1 |= r3;
905 r1 ^= r0;
906 serpent24SubKeys[i++] = r1;
907 serpent24SubKeys[i++] = r2;
908 serpent24SubKeys[i++] = r3;
909 serpent24SubKeys[i++] = r4;
910 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (68));
911 w4 = rotateLeft(tt, 11);
912 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (68 + 1));
913 w5 = rotateLeft(tt, 11);
914 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (68 + 2));
915 w6 = rotateLeft(tt, 11);
916 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (68 + 3));
917 w7 = rotateLeft(tt, 11);
918 r0 = w4;
919 r1 = w5;
920 r2 = w6;
921 r3 = w7;
922 r4 = r0;
923 r0 &= r2;
924 r0 ^= r3;
925 r2 ^= r1;
926 r2 ^= r0;
927 r3 |= r4;
928 r3 ^= r1;
929 r4 ^= r2;
930 r1 = r3;
931 r3 |= r4;
932 r3 ^= r0;
933 r0 &= r1;
934 r4 ^= r0;
935 r1 ^= r3;
936 r1 ^= r4;
937 r4 = ~r4;
938 serpent24SubKeys[i++] = r2;
939 serpent24SubKeys[i++] = r3;
940 serpent24SubKeys[i++] = r1;
941 serpent24SubKeys[i++] = r4;
942 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (72));
943 w0 = rotateLeft(tt, 11);
944 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (72 + 1));
945 w1 = rotateLeft(tt, 11);
946 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (72 + 2));
947 w2 = rotateLeft(tt, 11);
948 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (72 + 3));
949 w3 = rotateLeft(tt, 11);
950 r0 = w0;
951 r1 = w1;
952 r2 = w2;
953 r3 = w3;
954 r0 = ~r0;
955 r2 = ~r2;
956 r4 = r0;
957 r0 &= r1;
958 r2 ^= r0;
959 r0 |= r3;
960 r3 ^= r2;
961 r1 ^= r0;
962 r0 ^= r4;
963 r4 |= r1;
964 r1 ^= r3;
965 r2 |= r0;
966 r2 &= r4;
967 r0 ^= r1;
968 r1 &= r2;
969 r1 ^= r0;
970 r0 &= r2;
971 r0 ^= r4;
972 serpent24SubKeys[i++] = r2;
973 serpent24SubKeys[i++] = r0;
974 serpent24SubKeys[i++] = r3;
975 serpent24SubKeys[i++] = r1;
976 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (76));
977 w4 = rotateLeft(tt, 11);
978 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (76 + 1));
979 w5 = rotateLeft(tt, 11);
980 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (76 + 2));
981 w6 = rotateLeft(tt, 11);
982 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (76 + 3));
983 w7 = rotateLeft(tt, 11);
984 r0 = w4;
985 r1 = w5;
986 r2 = w6;
987 r3 = w7;
988 r3 ^= r0;
989 r4 = r1;
990 r1 &= r3;
991 r4 ^= r2;
992 r1 ^= r0;
993 r0 |= r3;
994 r0 ^= r4;
995 r4 ^= r3;
996 r3 ^= r2;
997 r2 |= r1;
998 r2 ^= r4;
999 r4 = ~r4;
1000 r4 |= r1;
1001 r1 ^= r3;
1002 r1 ^= r4;
1003 r3 |= r0;
1004 r1 ^= r3;
1005 r4 ^= r3;
1006 serpent24SubKeys[i++] = r1;
1007 serpent24SubKeys[i++] = r4;
1008 serpent24SubKeys[i++] = r2;
1009 serpent24SubKeys[i++] = r0;
1010 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (80));
1011 w0 = rotateLeft(tt, 11);
1012 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (80 + 1));
1013 w1 = rotateLeft(tt, 11);
1014 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (80 + 2));
1015 w2 = rotateLeft(tt, 11);
1016 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (80 + 3));
1017 w3 = rotateLeft(tt, 11);
1018 r0 = w0;
1019 r1 = w1;
1020 r2 = w2;
1021 r3 = w3;
1022 r4 = r1;
1023 r1 |= r2;
1024 r1 ^= r3;
1025 r4 ^= r2;
1026 r2 ^= r1;
1027 r3 |= r4;
1028 r3 &= r0;
1029 r4 ^= r2;
1030 r3 ^= r1;
1031 r1 |= r4;
1032 r1 ^= r0;
1033 r0 |= r4;
1034 r0 ^= r2;
1035 r1 ^= r4;
1036 r2 ^= r1;
1037 r1 &= r0;
1038 r1 ^= r4;
1039 r2 = ~r2;
1040 r2 |= r0;
1041 r4 ^= r2;
1042 serpent24SubKeys[i++] = r4;
1043 serpent24SubKeys[i++] = r3;
1044 serpent24SubKeys[i++] = r1;
1045 serpent24SubKeys[i++] = r0;
1046 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (84));
1047 w4 = rotateLeft(tt, 11);
1048 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (84 + 1));
1049 w5 = rotateLeft(tt, 11);
1050 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (84 + 2));
1051 w6 = rotateLeft(tt, 11);
1052 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (84 + 3));
1053 w7 = rotateLeft(tt, 11);
1054 r0 = w4;
1055 r1 = w5;
1056 r2 = w6;
1057 r3 = w7;
1058 r2 = ~r2;
1059 r4 = r3;
1060 r3 &= r0;
1061 r0 ^= r4;
1062 r3 ^= r2;
1063 r2 |= r4;
1064 r1 ^= r3;
1065 r2 ^= r0;
1066 r0 |= r1;
1067 r2 ^= r1;
1068 r4 ^= r0;
1069 r0 |= r3;
1070 r0 ^= r2;
1071 r4 ^= r3;
1072 r4 ^= r0;
1073 r3 = ~r3;
1074 r2 &= r4;
1075 r2 ^= r3;
1076 serpent24SubKeys[i++] = r0;
1077 serpent24SubKeys[i++] = r1;
1078 serpent24SubKeys[i++] = r4;
1079 serpent24SubKeys[i++] = r2;
1080 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (88));
1081 w0 = rotateLeft(tt, 11);
1082 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (88 + 1));
1083 w1 = rotateLeft(tt, 11);
1084 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (88 + 2));
1085 w2 = rotateLeft(tt, 11);
1086 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (88 + 3));
1087 w3 = rotateLeft(tt, 11);
1088 r0 = w0;
1089 r1 = w1;
1090 r2 = w2;
1091 r3 = w3;
1092 r0 ^= r1;
1093 r1 ^= r3;
1094 r3 = ~r3;
1095 r4 = r1;
1096 r1 &= r0;
1097 r2 ^= r3;
1098 r1 ^= r2;
1099 r2 |= r4;
1100 r4 ^= r3;
1101 r3 &= r1;
1102 r3 ^= r0;
1103 r4 ^= r1;
1104 r4 ^= r2;
1105 r2 ^= r0;
1106 r0 &= r3;
1107 r2 = ~r2;
1108 r0 ^= r4;
1109 r4 |= r3;
1110 r2 ^= r4;
1111 serpent24SubKeys[i++] = r1;
1112 serpent24SubKeys[i++] = r3;
1113 serpent24SubKeys[i++] = r0;
1114 serpent24SubKeys[i++] = r2;
1115 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (92));
1116 w4 = rotateLeft(tt, 11);
1117 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (92 + 1));
1118 w5 = rotateLeft(tt, 11);
1119 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (92 + 2));
1120 w6 = rotateLeft(tt, 11);
1121 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (92 + 3));
1122 w7 = rotateLeft(tt, 11);
1123 r0 = w4;
1124 r1 = w5;
1125 r2 = w6;
1126 r3 = w7;
1127 r1 ^= r3;
1128 r3 = ~r3;
1129 r2 ^= r3;
1130 r3 ^= r0;
1131 r4 = r1;
1132 r1 &= r3;
1133 r1 ^= r2;
1134 r4 ^= r3;
1135 r0 ^= r4;
1136 r2 &= r4;
1137 r2 ^= r0;
1138 r0 &= r1;
1139 r3 ^= r0;
1140 r4 |= r1;
1141 r4 ^= r0;
1142 r0 |= r3;
1143 r0 ^= r2;
1144 r2 &= r3;
1145 r0 = ~r0;
1146 r4 ^= r2;
1147 serpent24SubKeys[i++] = r1;
1148 serpent24SubKeys[i++] = r4;
1149 serpent24SubKeys[i++] = r0;
1150 serpent24SubKeys[i++] = r3;
1151 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (96));
1152 w0 = rotateLeft(tt, 11);
1153 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (96 + 1));
1154 w1 = rotateLeft(tt, 11);
1155 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (96 + 2));
1156 w2 = rotateLeft(tt, 11);
1157 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (96 + 3));
1158 w3 = rotateLeft(tt, 11);
1159 r0 = w0;
1160 r1 = w1;
1161 r2 = w2;
1162 r3 = w3;
1163 r4 = r0;
1164 r0 |= r3;
1165 r3 ^= r1;
1166 r1 &= r4;
1167 r4 ^= r2;
1168 r2 ^= r3;
1169 r3 &= r0;
1170 r4 |= r1;
1171 r3 ^= r4;
1172 r0 ^= r1;
1173 r4 &= r0;
1174 r1 ^= r3;
1175 r4 ^= r2;
1176 r1 |= r0;
1177 r1 ^= r2;
1178 r0 ^= r3;
1179 r2 = r1;
1180 r1 |= r3;
1181 r1 ^= r0;
1182 serpent24SubKeys[i++] = r1;
1183 serpent24SubKeys[i++] = r2;
1184 serpent24SubKeys[i++] = r3;
1185 serpent24SubKeys[i++] = r4;
1186 }
1187
1188
1189
1190
1191
1192
1193
1194
1195 @SuppressWarnings("checkstyle:MethodLength")
1196 public void setIV(final byte[] iv) {
1197 byte[] myIV = iv;
1198 if (myIV == null) {
1199 myIV = new byte[0];
1200 }
1201 if (myIV.length > 16) {
1202 throw new IllegalArgumentException("bad IV length: " + myIV.length);
1203 }
1204 final byte[] piv;
1205 if (myIV.length == 16) {
1206 piv = myIV;
1207 } else {
1208 piv = new byte[16];
1209 System.arraycopy(myIV, 0, piv, 0, myIV.length);
1210 for (int i = myIV.length; i < piv.length; i++) {
1211 piv[i] = 0x00;
1212 }
1213 }
1214
1215 int r0 = decode32le(piv, 0);
1216 int r1 = decode32le(piv, 4);
1217 int r2 = decode32le(piv, 8);
1218 int r3 = decode32le(piv, 12);
1219 int r4;
1220
1221 r0 ^= serpent24SubKeys[0];
1222 r1 ^= serpent24SubKeys[0 + 1];
1223 r2 ^= serpent24SubKeys[0 + 2];
1224 r3 ^= serpent24SubKeys[0 + 3];
1225 r3 ^= r0;
1226 r4 = r1;
1227 r1 &= r3;
1228 r4 ^= r2;
1229 r1 ^= r0;
1230 r0 |= r3;
1231 r0 ^= r4;
1232 r4 ^= r3;
1233 r3 ^= r2;
1234 r2 |= r1;
1235 r2 ^= r4;
1236 r4 = ~r4;
1237 r4 |= r1;
1238 r1 ^= r3;
1239 r1 ^= r4;
1240 r3 |= r0;
1241 r1 ^= r3;
1242 r4 ^= r3;
1243 r1 = rotateLeft(r1, 13);
1244 r2 = rotateLeft(r2, 3);
1245 r4 = r4 ^ r1 ^ r2;
1246 r0 = r0 ^ r2 ^ (r1 << 3);
1247 r4 = rotateLeft(r4, 1);
1248 r0 = rotateLeft(r0, 7);
1249 r1 = r1 ^ r4 ^ r0;
1250 r2 = r2 ^ r0 ^ (r4 << 7);
1251 r1 = rotateLeft(r1, 5);
1252 r2 = rotateLeft(r2, 22);
1253 r1 ^= serpent24SubKeys[4];
1254 r4 ^= serpent24SubKeys[4 + 1];
1255 r2 ^= serpent24SubKeys[4 + 2];
1256 r0 ^= serpent24SubKeys[4 + 3];
1257 r1 = ~r1;
1258 r2 = ~r2;
1259 r3 = r1;
1260 r1 &= r4;
1261 r2 ^= r1;
1262 r1 |= r0;
1263 r0 ^= r2;
1264 r4 ^= r1;
1265 r1 ^= r3;
1266 r3 |= r4;
1267 r4 ^= r0;
1268 r2 |= r1;
1269 r2 &= r3;
1270 r1 ^= r4;
1271 r4 &= r2;
1272 r4 ^= r1;
1273 r1 &= r2;
1274 r1 ^= r3;
1275 r2 = rotateLeft(r2, 13);
1276 r0 = rotateLeft(r0, 3);
1277 r1 = r1 ^ r2 ^ r0;
1278 r4 = r4 ^ r0 ^ (r2 << 3);
1279 r1 = rotateLeft(r1, 1);
1280 r4 = rotateLeft(r4, 7);
1281 r2 = r2 ^ r1 ^ r4;
1282 r0 = r0 ^ r4 ^ (r1 << 7);
1283 r2 = rotateLeft(r2, 5);
1284 r0 = rotateLeft(r0, 22);
1285 r2 ^= serpent24SubKeys[8];
1286 r1 ^= serpent24SubKeys[8 + 1];
1287 r0 ^= serpent24SubKeys[8 + 2];
1288 r4 ^= serpent24SubKeys[8 + 3];
1289 r3 = r2;
1290 r2 &= r0;
1291 r2 ^= r4;
1292 r0 ^= r1;
1293 r0 ^= r2;
1294 r4 |= r3;
1295 r4 ^= r1;
1296 r3 ^= r0;
1297 r1 = r4;
1298 r4 |= r3;
1299 r4 ^= r2;
1300 r2 &= r1;
1301 r3 ^= r2;
1302 r1 ^= r4;
1303 r1 ^= r3;
1304 r3 = ~r3;
1305 r0 = rotateLeft(r0, 13);
1306 r1 = rotateLeft(r1, 3);
1307 r4 = r4 ^ r0 ^ r1;
1308 r3 = r3 ^ r1 ^ (r0 << 3);
1309 r4 = rotateLeft(r4, 1);
1310 r3 = rotateLeft(r3, 7);
1311 r0 = r0 ^ r4 ^ r3;
1312 r1 = r1 ^ r3 ^ (r4 << 7);
1313 r0 = rotateLeft(r0, 5);
1314 r1 = rotateLeft(r1, 22);
1315 r0 ^= serpent24SubKeys[12];
1316 r4 ^= serpent24SubKeys[12 + 1];
1317 r1 ^= serpent24SubKeys[12 + 2];
1318 r3 ^= serpent24SubKeys[12 + 3];
1319 r2 = r0;
1320 r0 |= r3;
1321 r3 ^= r4;
1322 r4 &= r2;
1323 r2 ^= r1;
1324 r1 ^= r3;
1325 r3 &= r0;
1326 r2 |= r4;
1327 r3 ^= r2;
1328 r0 ^= r4;
1329 r2 &= r0;
1330 r4 ^= r3;
1331 r2 ^= r1;
1332 r4 |= r0;
1333 r4 ^= r1;
1334 r0 ^= r3;
1335 r1 = r4;
1336 r4 |= r3;
1337 r4 ^= r0;
1338 r4 = rotateLeft(r4, 13);
1339 r3 = rotateLeft(r3, 3);
1340 r1 = r1 ^ r4 ^ r3;
1341 r2 = r2 ^ r3 ^ (r4 << 3);
1342 r1 = rotateLeft(r1, 1);
1343 r2 = rotateLeft(r2, 7);
1344 r4 = r4 ^ r1 ^ r2;
1345 r3 = r3 ^ r2 ^ (r1 << 7);
1346 r4 = rotateLeft(r4, 5);
1347 r3 = rotateLeft(r3, 22);
1348 r4 ^= serpent24SubKeys[16];
1349 r1 ^= serpent24SubKeys[16 + 1];
1350 r3 ^= serpent24SubKeys[16 + 2];
1351 r2 ^= serpent24SubKeys[16 + 3];
1352 r1 ^= r2;
1353 r2 = ~r2;
1354 r3 ^= r2;
1355 r2 ^= r4;
1356 r0 = r1;
1357 r1 &= r2;
1358 r1 ^= r3;
1359 r0 ^= r2;
1360 r4 ^= r0;
1361 r3 &= r0;
1362 r3 ^= r4;
1363 r4 &= r1;
1364 r2 ^= r4;
1365 r0 |= r1;
1366 r0 ^= r4;
1367 r4 |= r2;
1368 r4 ^= r3;
1369 r3 &= r2;
1370 r4 = ~r4;
1371 r0 ^= r3;
1372 r1 = rotateLeft(r1, 13);
1373 r4 = rotateLeft(r4, 3);
1374 r0 = r0 ^ r1 ^ r4;
1375 r2 = r2 ^ r4 ^ (r1 << 3);
1376 r0 = rotateLeft(r0, 1);
1377 r2 = rotateLeft(r2, 7);
1378 r1 = r1 ^ r0 ^ r2;
1379 r4 = r4 ^ r2 ^ (r0 << 7);
1380 r1 = rotateLeft(r1, 5);
1381 r4 = rotateLeft(r4, 22);
1382 r1 ^= serpent24SubKeys[20];
1383 r0 ^= serpent24SubKeys[20 + 1];
1384 r4 ^= serpent24SubKeys[20 + 2];
1385 r2 ^= serpent24SubKeys[20 + 3];
1386 r1 ^= r0;
1387 r0 ^= r2;
1388 r2 = ~r2;
1389 r3 = r0;
1390 r0 &= r1;
1391 r4 ^= r2;
1392 r0 ^= r4;
1393 r4 |= r3;
1394 r3 ^= r2;
1395 r2 &= r0;
1396 r2 ^= r1;
1397 r3 ^= r0;
1398 r3 ^= r4;
1399 r4 ^= r1;
1400 r1 &= r2;
1401 r4 = ~r4;
1402 r1 ^= r3;
1403 r3 |= r2;
1404 r4 ^= r3;
1405 r0 = rotateLeft(r0, 13);
1406 r1 = rotateLeft(r1, 3);
1407 r2 = r2 ^ r0 ^ r1;
1408 r4 = r4 ^ r1 ^ (r0 << 3);
1409 r2 = rotateLeft(r2, 1);
1410 r4 = rotateLeft(r4, 7);
1411 r0 = r0 ^ r2 ^ r4;
1412 r1 = r1 ^ r4 ^ (r2 << 7);
1413 r0 = rotateLeft(r0, 5);
1414 r1 = rotateLeft(r1, 22);
1415 r0 ^= serpent24SubKeys[24];
1416 r2 ^= serpent24SubKeys[24 + 1];
1417 r1 ^= serpent24SubKeys[24 + 2];
1418 r4 ^= serpent24SubKeys[24 + 3];
1419 r1 = ~r1;
1420 r3 = r4;
1421 r4 &= r0;
1422 r0 ^= r3;
1423 r4 ^= r1;
1424 r1 |= r3;
1425 r2 ^= r4;
1426 r1 ^= r0;
1427 r0 |= r2;
1428 r1 ^= r2;
1429 r3 ^= r0;
1430 r0 |= r4;
1431 r0 ^= r1;
1432 r3 ^= r4;
1433 r3 ^= r0;
1434 r4 = ~r4;
1435 r1 &= r3;
1436 r1 ^= r4;
1437 r0 = rotateLeft(r0, 13);
1438 r3 = rotateLeft(r3, 3);
1439 r2 = r2 ^ r0 ^ r3;
1440 r1 = r1 ^ r3 ^ (r0 << 3);
1441 r2 = rotateLeft(r2, 1);
1442 r1 = rotateLeft(r1, 7);
1443 r0 = r0 ^ r2 ^ r1;
1444 r3 = r3 ^ r1 ^ (r2 << 7);
1445 r0 = rotateLeft(r0, 5);
1446 r3 = rotateLeft(r3, 22);
1447 r0 ^= serpent24SubKeys[28];
1448 r2 ^= serpent24SubKeys[28 + 1];
1449 r3 ^= serpent24SubKeys[28 + 2];
1450 r1 ^= serpent24SubKeys[28 + 3];
1451 r4 = r2;
1452 r2 |= r3;
1453 r2 ^= r1;
1454 r4 ^= r3;
1455 r3 ^= r2;
1456 r1 |= r4;
1457 r1 &= r0;
1458 r4 ^= r3;
1459 r1 ^= r2;
1460 r2 |= r4;
1461 r2 ^= r0;
1462 r0 |= r4;
1463 r0 ^= r3;
1464 r2 ^= r4;
1465 r3 ^= r2;
1466 r2 &= r0;
1467 r2 ^= r4;
1468 r3 = ~r3;
1469 r3 |= r0;
1470 r4 ^= r3;
1471 r4 = rotateLeft(r4, 13);
1472 r2 = rotateLeft(r2, 3);
1473 r1 = r1 ^ r4 ^ r2;
1474 r0 = r0 ^ r2 ^ (r4 << 3);
1475 r1 = rotateLeft(r1, 1);
1476 r0 = rotateLeft(r0, 7);
1477 r4 = r4 ^ r1 ^ r0;
1478 r2 = r2 ^ r0 ^ (r1 << 7);
1479 r4 = rotateLeft(r4, 5);
1480 r2 = rotateLeft(r2, 22);
1481 r4 ^= serpent24SubKeys[32];
1482 r1 ^= serpent24SubKeys[32 + 1];
1483 r2 ^= serpent24SubKeys[32 + 2];
1484 r0 ^= serpent24SubKeys[32 + 3];
1485 r0 ^= r4;
1486 r3 = r1;
1487 r1 &= r0;
1488 r3 ^= r2;
1489 r1 ^= r4;
1490 r4 |= r0;
1491 r4 ^= r3;
1492 r3 ^= r0;
1493 r0 ^= r2;
1494 r2 |= r1;
1495 r2 ^= r3;
1496 r3 = ~r3;
1497 r3 |= r1;
1498 r1 ^= r0;
1499 r1 ^= r3;
1500 r0 |= r4;
1501 r1 ^= r0;
1502 r3 ^= r0;
1503 r1 = rotateLeft(r1, 13);
1504 r2 = rotateLeft(r2, 3);
1505 r3 = r3 ^ r1 ^ r2;
1506 r4 = r4 ^ r2 ^ (r1 << 3);
1507 r3 = rotateLeft(r3, 1);
1508 r4 = rotateLeft(r4, 7);
1509 r1 = r1 ^ r3 ^ r4;
1510 r2 = r2 ^ r4 ^ (r3 << 7);
1511 r1 = rotateLeft(r1, 5);
1512 r2 = rotateLeft(r2, 22);
1513 r1 ^= serpent24SubKeys[36];
1514 r3 ^= serpent24SubKeys[36 + 1];
1515 r2 ^= serpent24SubKeys[36 + 2];
1516 r4 ^= serpent24SubKeys[36 + 3];
1517 r1 = ~r1;
1518 r2 = ~r2;
1519 r0 = r1;
1520 r1 &= r3;
1521 r2 ^= r1;
1522 r1 |= r4;
1523 r4 ^= r2;
1524 r3 ^= r1;
1525 r1 ^= r0;
1526 r0 |= r3;
1527 r3 ^= r4;
1528 r2 |= r1;
1529 r2 &= r0;
1530 r1 ^= r3;
1531 r3 &= r2;
1532 r3 ^= r1;
1533 r1 &= r2;
1534 r1 ^= r0;
1535 r2 = rotateLeft(r2, 13);
1536 r4 = rotateLeft(r4, 3);
1537 r1 = r1 ^ r2 ^ r4;
1538 r3 = r3 ^ r4 ^ (r2 << 3);
1539 r1 = rotateLeft(r1, 1);
1540 r3 = rotateLeft(r3, 7);
1541 r2 = r2 ^ r1 ^ r3;
1542 r4 = r4 ^ r3 ^ (r1 << 7);
1543 r2 = rotateLeft(r2, 5);
1544 r4 = rotateLeft(r4, 22);
1545 r2 ^= serpent24SubKeys[40];
1546 r1 ^= serpent24SubKeys[40 + 1];
1547 r4 ^= serpent24SubKeys[40 + 2];
1548 r3 ^= serpent24SubKeys[40 + 3];
1549 r0 = r2;
1550 r2 &= r4;
1551 r2 ^= r3;
1552 r4 ^= r1;
1553 r4 ^= r2;
1554 r3 |= r0;
1555 r3 ^= r1;
1556 r0 ^= r4;
1557 r1 = r3;
1558 r3 |= r0;
1559 r3 ^= r2;
1560 r2 &= r1;
1561 r0 ^= r2;
1562 r1 ^= r3;
1563 r1 ^= r0;
1564 r0 = ~r0;
1565 r4 = rotateLeft(r4, 13);
1566 r1 = rotateLeft(r1, 3);
1567 r3 = r3 ^ r4 ^ r1;
1568 r0 = r0 ^ r1 ^ (r4 << 3);
1569 r3 = rotateLeft(r3, 1);
1570 r0 = rotateLeft(r0, 7);
1571 r4 = r4 ^ r3 ^ r0;
1572 r1 = r1 ^ r0 ^ (r3 << 7);
1573 r4 = rotateLeft(r4, 5);
1574 r1 = rotateLeft(r1, 22);
1575 r4 ^= serpent24SubKeys[44];
1576 r3 ^= serpent24SubKeys[44 + 1];
1577 r1 ^= serpent24SubKeys[44 + 2];
1578 r0 ^= serpent24SubKeys[44 + 3];
1579 r2 = r4;
1580 r4 |= r0;
1581 r0 ^= r3;
1582 r3 &= r2;
1583 r2 ^= r1;
1584 r1 ^= r0;
1585 r0 &= r4;
1586 r2 |= r3;
1587 r0 ^= r2;
1588 r4 ^= r3;
1589 r2 &= r4;
1590 r3 ^= r0;
1591 r2 ^= r1;
1592 r3 |= r4;
1593 r3 ^= r1;
1594 r4 ^= r0;
1595 r1 = r3;
1596 r3 |= r0;
1597 r3 ^= r4;
1598 r3 = rotateLeft(r3, 13);
1599 r0 = rotateLeft(r0, 3);
1600 r1 = r1 ^ r3 ^ r0;
1601 r2 = r2 ^ r0 ^ (r3 << 3);
1602 r1 = rotateLeft(r1, 1);
1603 r2 = rotateLeft(r2, 7);
1604 r3 = r3 ^ r1 ^ r2;
1605 r0 = r0 ^ r2 ^ (r1 << 7);
1606 r3 = rotateLeft(r3, 5);
1607 r0 = rotateLeft(r0, 22);
1608 lfsr9 = r3;
1609 lfsr8 = r1;
1610 lfsr7 = r0;
1611 lfsr6 = r2;
1612 r3 ^= serpent24SubKeys[48];
1613 r1 ^= serpent24SubKeys[48 + 1];
1614 r0 ^= serpent24SubKeys[48 + 2];
1615 r2 ^= serpent24SubKeys[48 + 3];
1616 r1 ^= r2;
1617 r2 = ~r2;
1618 r0 ^= r2;
1619 r2 ^= r3;
1620 r4 = r1;
1621 r1 &= r2;
1622 r1 ^= r0;
1623 r4 ^= r2;
1624 r3 ^= r4;
1625 r0 &= r4;
1626 r0 ^= r3;
1627 r3 &= r1;
1628 r2 ^= r3;
1629 r4 |= r1;
1630 r4 ^= r3;
1631 r3 |= r2;
1632 r3 ^= r0;
1633 r0 &= r2;
1634 r3 = ~r3;
1635 r4 ^= r0;
1636 r1 = rotateLeft(r1, 13);
1637 r3 = rotateLeft(r3, 3);
1638 r4 = r4 ^ r1 ^ r3;
1639 r2 = r2 ^ r3 ^ (r1 << 3);
1640 r4 = rotateLeft(r4, 1);
1641 r2 = rotateLeft(r2, 7);
1642 r1 = r1 ^ r4 ^ r2;
1643 r3 = r3 ^ r2 ^ (r4 << 7);
1644 r1 = rotateLeft(r1, 5);
1645 r3 = rotateLeft(r3, 22);
1646 r1 ^= serpent24SubKeys[52];
1647 r4 ^= serpent24SubKeys[52 + 1];
1648 r3 ^= serpent24SubKeys[52 + 2];
1649 r2 ^= serpent24SubKeys[52 + 3];
1650 r1 ^= r4;
1651 r4 ^= r2;
1652 r2 = ~r2;
1653 r0 = r4;
1654 r4 &= r1;
1655 r3 ^= r2;
1656 r4 ^= r3;
1657 r3 |= r0;
1658 r0 ^= r2;
1659 r2 &= r4;
1660 r2 ^= r1;
1661 r0 ^= r4;
1662 r0 ^= r3;
1663 r3 ^= r1;
1664 r1 &= r2;
1665 r3 = ~r3;
1666 r1 ^= r0;
1667 r0 |= r2;
1668 r3 ^= r0;
1669 r4 = rotateLeft(r4, 13);
1670 r1 = rotateLeft(r1, 3);
1671 r2 = r2 ^ r4 ^ r1;
1672 r3 = r3 ^ r1 ^ (r4 << 3);
1673 r2 = rotateLeft(r2, 1);
1674 r3 = rotateLeft(r3, 7);
1675 r4 = r4 ^ r2 ^ r3;
1676 r1 = r1 ^ r3 ^ (r2 << 7);
1677 r4 = rotateLeft(r4, 5);
1678 r1 = rotateLeft(r1, 22);
1679 r4 ^= serpent24SubKeys[56];
1680 r2 ^= serpent24SubKeys[56 + 1];
1681 r1 ^= serpent24SubKeys[56 + 2];
1682 r3 ^= serpent24SubKeys[56 + 3];
1683 r1 = ~r1;
1684 r0 = r3;
1685 r3 &= r4;
1686 r4 ^= r0;
1687 r3 ^= r1;
1688 r1 |= r0;
1689 r2 ^= r3;
1690 r1 ^= r4;
1691 r4 |= r2;
1692 r1 ^= r2;
1693 r0 ^= r4;
1694 r4 |= r3;
1695 r4 ^= r1;
1696 r0 ^= r3;
1697 r0 ^= r4;
1698 r3 = ~r3;
1699 r1 &= r0;
1700 r1 ^= r3;
1701 r4 = rotateLeft(r4, 13);
1702 r0 = rotateLeft(r0, 3);
1703 r2 = r2 ^ r4 ^ r0;
1704 r1 = r1 ^ r0 ^ (r4 << 3);
1705 r2 = rotateLeft(r2, 1);
1706 r1 = rotateLeft(r1, 7);
1707 r4 = r4 ^ r2 ^ r1;
1708 r0 = r0 ^ r1 ^ (r2 << 7);
1709 r4 = rotateLeft(r4, 5);
1710 r0 = rotateLeft(r0, 22);
1711 r4 ^= serpent24SubKeys[60];
1712 r2 ^= serpent24SubKeys[60 + 1];
1713 r0 ^= serpent24SubKeys[60 + 2];
1714 r1 ^= serpent24SubKeys[60 + 3];
1715 r3 = r2;
1716 r2 |= r0;
1717 r2 ^= r1;
1718 r3 ^= r0;
1719 r0 ^= r2;
1720 r1 |= r3;
1721 r1 &= r4;
1722 r3 ^= r0;
1723 r1 ^= r2;
1724 r2 |= r3;
1725 r2 ^= r4;
1726 r4 |= r3;
1727 r4 ^= r0;
1728 r2 ^= r3;
1729 r0 ^= r2;
1730 r2 &= r4;
1731 r2 ^= r3;
1732 r0 = ~r0;
1733 r0 |= r4;
1734 r3 ^= r0;
1735 r3 = rotateLeft(r3, 13);
1736 r2 = rotateLeft(r2, 3);
1737 r1 = r1 ^ r3 ^ r2;
1738 r4 = r4 ^ r2 ^ (r3 << 3);
1739 r1 = rotateLeft(r1, 1);
1740 r4 = rotateLeft(r4, 7);
1741 r3 = r3 ^ r1 ^ r4;
1742 r2 = r2 ^ r4 ^ (r1 << 7);
1743 r3 = rotateLeft(r3, 5);
1744 r2 = rotateLeft(r2, 22);
1745 r3 ^= serpent24SubKeys[64];
1746 r1 ^= serpent24SubKeys[64 + 1];
1747 r2 ^= serpent24SubKeys[64 + 2];
1748 r4 ^= serpent24SubKeys[64 + 3];
1749 r4 ^= r3;
1750 r0 = r1;
1751 r1 &= r4;
1752 r0 ^= r2;
1753 r1 ^= r3;
1754 r3 |= r4;
1755 r3 ^= r0;
1756 r0 ^= r4;
1757 r4 ^= r2;
1758 r2 |= r1;
1759 r2 ^= r0;
1760 r0 = ~r0;
1761 r0 |= r1;
1762 r1 ^= r4;
1763 r1 ^= r0;
1764 r4 |= r3;
1765 r1 ^= r4;
1766 r0 ^= r4;
1767 r1 = rotateLeft(r1, 13);
1768 r2 = rotateLeft(r2, 3);
1769 r0 = r0 ^ r1 ^ r2;
1770 r3 = r3 ^ r2 ^ (r1 << 3);
1771 r0 = rotateLeft(r0, 1);
1772 r3 = rotateLeft(r3, 7);
1773 r1 = r1 ^ r0 ^ r3;
1774 r2 = r2 ^ r3 ^ (r0 << 7);
1775 r1 = rotateLeft(r1, 5);
1776 r2 = rotateLeft(r2, 22);
1777 r1 ^= serpent24SubKeys[68];
1778 r0 ^= serpent24SubKeys[68 + 1];
1779 r2 ^= serpent24SubKeys[68 + 2];
1780 r3 ^= serpent24SubKeys[68 + 3];
1781 r1 = ~r1;
1782 r2 = ~r2;
1783 r4 = r1;
1784 r1 &= r0;
1785 r2 ^= r1;
1786 r1 |= r3;
1787 r3 ^= r2;
1788 r0 ^= r1;
1789 r1 ^= r4;
1790 r4 |= r0;
1791 r0 ^= r3;
1792 r2 |= r1;
1793 r2 &= r4;
1794 r1 ^= r0;
1795 r0 &= r2;
1796 r0 ^= r1;
1797 r1 &= r2;
1798 r1 ^= r4;
1799 r2 = rotateLeft(r2, 13);
1800 r3 = rotateLeft(r3, 3);
1801 r1 = r1 ^ r2 ^ r3;
1802 r0 = r0 ^ r3 ^ (r2 << 3);
1803 r1 = rotateLeft(r1, 1);
1804 r0 = rotateLeft(r0, 7);
1805 r2 = r2 ^ r1 ^ r0;
1806 r3 = r3 ^ r0 ^ (r1 << 7);
1807 r2 = rotateLeft(r2, 5);
1808 r3 = rotateLeft(r3, 22);
1809 fsmR1 = r2;
1810 lfsr4 = r1;
1811 fsmR2 = r3;
1812 lfsr5 = r0;
1813 r2 ^= serpent24SubKeys[72];
1814 r1 ^= serpent24SubKeys[72 + 1];
1815 r3 ^= serpent24SubKeys[72 + 2];
1816 r0 ^= serpent24SubKeys[72 + 3];
1817 r4 = r2;
1818 r2 &= r3;
1819 r2 ^= r0;
1820 r3 ^= r1;
1821 r3 ^= r2;
1822 r0 |= r4;
1823 r0 ^= r1;
1824 r4 ^= r3;
1825 r1 = r0;
1826 r0 |= r4;
1827 r0 ^= r2;
1828 r2 &= r1;
1829 r4 ^= r2;
1830 r1 ^= r0;
1831 r1 ^= r4;
1832 r4 = ~r4;
1833 r3 = rotateLeft(r3, 13);
1834 r1 = rotateLeft(r1, 3);
1835 r0 = r0 ^ r3 ^ r1;
1836 r4 = r4 ^ r1 ^ (r3 << 3);
1837 r0 = rotateLeft(r0, 1);
1838 r4 = rotateLeft(r4, 7);
1839 r3 = r3 ^ r0 ^ r4;
1840 r1 = r1 ^ r4 ^ (r0 << 7);
1841 r3 = rotateLeft(r3, 5);
1842 r1 = rotateLeft(r1, 22);
1843 r3 ^= serpent24SubKeys[76];
1844 r0 ^= serpent24SubKeys[76 + 1];
1845 r1 ^= serpent24SubKeys[76 + 2];
1846 r4 ^= serpent24SubKeys[76 + 3];
1847 r2 = r3;
1848 r3 |= r4;
1849 r4 ^= r0;
1850 r0 &= r2;
1851 r2 ^= r1;
1852 r1 ^= r4;
1853 r4 &= r3;
1854 r2 |= r0;
1855 r4 ^= r2;
1856 r3 ^= r0;
1857 r2 &= r3;
1858 r0 ^= r4;
1859 r2 ^= r1;
1860 r0 |= r3;
1861 r0 ^= r1;
1862 r3 ^= r4;
1863 r1 = r0;
1864 r0 |= r4;
1865 r0 ^= r3;
1866 r0 = rotateLeft(r0, 13);
1867 r4 = rotateLeft(r4, 3);
1868 r1 = r1 ^ r0 ^ r4;
1869 r2 = r2 ^ r4 ^ (r0 << 3);
1870 r1 = rotateLeft(r1, 1);
1871 r2 = rotateLeft(r2, 7);
1872 r0 = r0 ^ r1 ^ r2;
1873 r4 = r4 ^ r2 ^ (r1 << 7);
1874 r0 = rotateLeft(r0, 5);
1875 r4 = rotateLeft(r4, 22);
1876 r0 ^= serpent24SubKeys[80];
1877 r1 ^= serpent24SubKeys[80 + 1];
1878 r4 ^= serpent24SubKeys[80 + 2];
1879 r2 ^= serpent24SubKeys[80 + 3];
1880 r1 ^= r2;
1881 r2 = ~r2;
1882 r4 ^= r2;
1883 r2 ^= r0;
1884 r3 = r1;
1885 r1 &= r2;
1886 r1 ^= r4;
1887 r3 ^= r2;
1888 r0 ^= r3;
1889 r4 &= r3;
1890 r4 ^= r0;
1891 r0 &= r1;
1892 r2 ^= r0;
1893 r3 |= r1;
1894 r3 ^= r0;
1895 r0 |= r2;
1896 r0 ^= r4;
1897 r4 &= r2;
1898 r0 = ~r0;
1899 r3 ^= r4;
1900 r1 = rotateLeft(r1, 13);
1901 r0 = rotateLeft(r0, 3);
1902 r3 = r3 ^ r1 ^ r0;
1903 r2 = r2 ^ r0 ^ (r1 << 3);
1904 r3 = rotateLeft(r3, 1);
1905 r2 = rotateLeft(r2, 7);
1906 r1 = r1 ^ r3 ^ r2;
1907 r0 = r0 ^ r2 ^ (r3 << 7);
1908 r1 = rotateLeft(r1, 5);
1909 r0 = rotateLeft(r0, 22);
1910 r1 ^= serpent24SubKeys[84];
1911 r3 ^= serpent24SubKeys[84 + 1];
1912 r0 ^= serpent24SubKeys[84 + 2];
1913 r2 ^= serpent24SubKeys[84 + 3];
1914 r1 ^= r3;
1915 r3 ^= r2;
1916 r2 = ~r2;
1917 r4 = r3;
1918 r3 &= r1;
1919 r0 ^= r2;
1920 r3 ^= r0;
1921 r0 |= r4;
1922 r4 ^= r2;
1923 r2 &= r3;
1924 r2 ^= r1;
1925 r4 ^= r3;
1926 r4 ^= r0;
1927 r0 ^= r1;
1928 r1 &= r2;
1929 r0 = ~r0;
1930 r1 ^= r4;
1931 r4 |= r2;
1932 r0 ^= r4;
1933 r3 = rotateLeft(r3, 13);
1934 r1 = rotateLeft(r1, 3);
1935 r2 = r2 ^ r3 ^ r1;
1936 r0 = r0 ^ r1 ^ (r3 << 3);
1937 r2 = rotateLeft(r2, 1);
1938 r0 = rotateLeft(r0, 7);
1939 r3 = r3 ^ r2 ^ r0;
1940 r1 = r1 ^ r0 ^ (r2 << 7);
1941 r3 = rotateLeft(r3, 5);
1942 r1 = rotateLeft(r1, 22);
1943 r3 ^= serpent24SubKeys[88];
1944 r2 ^= serpent24SubKeys[88 + 1];
1945 r1 ^= serpent24SubKeys[88 + 2];
1946 r0 ^= serpent24SubKeys[88 + 3];
1947 r1 = ~r1;
1948 r4 = r0;
1949 r0 &= r3;
1950 r3 ^= r4;
1951 r0 ^= r1;
1952 r1 |= r4;
1953 r2 ^= r0;
1954 r1 ^= r3;
1955 r3 |= r2;
1956 r1 ^= r2;
1957 r4 ^= r3;
1958 r3 |= r0;
1959 r3 ^= r1;
1960 r4 ^= r0;
1961 r4 ^= r3;
1962 r0 = ~r0;
1963 r1 &= r4;
1964 r1 ^= r0;
1965 r3 = rotateLeft(r3, 13);
1966 r4 = rotateLeft(r4, 3);
1967 r2 = r2 ^ r3 ^ r4;
1968 r1 = r1 ^ r4 ^ (r3 << 3);
1969 r2 = rotateLeft(r2, 1);
1970 r1 = rotateLeft(r1, 7);
1971 r3 = r3 ^ r2 ^ r1;
1972 r4 = r4 ^ r1 ^ (r2 << 7);
1973 r3 = rotateLeft(r3, 5);
1974 r4 = rotateLeft(r4, 22);
1975 r3 ^= serpent24SubKeys[92];
1976 r2 ^= serpent24SubKeys[92 + 1];
1977 r4 ^= serpent24SubKeys[92 + 2];
1978 r1 ^= serpent24SubKeys[92 + 3];
1979 r0 = r2;
1980 r2 |= r4;
1981 r2 ^= r1;
1982 r0 ^= r4;
1983 r4 ^= r2;
1984 r1 |= r0;
1985 r1 &= r3;
1986 r0 ^= r4;
1987 r1 ^= r2;
1988 r2 |= r0;
1989 r2 ^= r3;
1990 r3 |= r0;
1991 r3 ^= r4;
1992 r2 ^= r0;
1993 r4 ^= r2;
1994 r2 &= r3;
1995 r2 ^= r0;
1996 r4 = ~r4;
1997 r4 |= r3;
1998 r0 ^= r4;
1999 r0 = rotateLeft(r0, 13);
2000 r2 = rotateLeft(r2, 3);
2001 r1 = r1 ^ r0 ^ r2;
2002 r3 = r3 ^ r2 ^ (r0 << 3);
2003 r1 = rotateLeft(r1, 1);
2004 r3 = rotateLeft(r3, 7);
2005 r0 = r0 ^ r1 ^ r3;
2006 r2 = r2 ^ r3 ^ (r1 << 7);
2007 r0 = rotateLeft(r0, 5);
2008 r2 = rotateLeft(r2, 22);
2009 r0 ^= serpent24SubKeys[96];
2010 r1 ^= serpent24SubKeys[96 + 1];
2011 r2 ^= serpent24SubKeys[96 + 2];
2012 r3 ^= serpent24SubKeys[96 + 3];
2013 lfsr3 = r0;
2014 lfsr2 = r1;
2015 lfsr1 = r2;
2016 lfsr0 = r3;
2017 }
2018
2019
2020
2021
2022
2023 private static final int[] MUL_ALPHA = new int[256];
2024
2025
2026
2027
2028
2029 private static final int[] DIV_ALPHA = new int[256];
2030
2031 static {
2032
2033
2034
2035
2036
2037
2038 final int[] expb = new int[256];
2039 for (int i = 0, x = 0x01; i < 0xFF; i++) {
2040 expb[i] = x;
2041 x <<= 1;
2042 if (x > 0xFF) {
2043 x ^= 0x1A9;
2044 }
2045 }
2046 expb[0xFF] = 0x00;
2047 final int[] logb = new int[256];
2048 for (int i = 0; i < 0x100; i++) {
2049 logb[expb[i]] = i;
2050 }
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065 MUL_ALPHA[0x00] = 0x00000000;
2066 DIV_ALPHA[0x00] = 0x00000000;
2067 for (int x = 1; x < 0x100; x++) {
2068 final int ex = logb[x];
2069 MUL_ALPHA[x] = (expb[(ex + 23) % 255] << 24)
2070 | (expb[(ex + 245) % 255] << 16)
2071 | (expb[(ex + 48) % 255] << 8)
2072 | expb[(ex + 239) % 255];
2073 DIV_ALPHA[x] = (expb[(ex + 16) % 255] << 24)
2074 | (expb[(ex + 39) % 255] << 16)
2075 | (expb[(ex + 6) % 255] << 8)
2076 | expb[(ex + 64) % 255];
2077 }
2078 }
2079
2080
2081
2082
2083
2084
2085
2086 @SuppressWarnings("checkstyle:MethodLength")
2087 private void makeStreamBlock(final byte[] buf, final int off) {
2088 int s0 = lfsr0;
2089 int s1 = lfsr1;
2090 int s2 = lfsr2;
2091 int s3 = lfsr3;
2092 int s4 = lfsr4;
2093 int s5 = lfsr5;
2094 int s6 = lfsr6;
2095 int s7 = lfsr7;
2096 int s8 = lfsr8;
2097 int s9 = lfsr9;
2098 int r1 = fsmR1;
2099 int r2 = fsmR2;
2100
2101 int tt = r1;
2102 r1 = r2 + (s1 ^ ((r1 & 0x01) != 0 ? s8 : 0));
2103 r2 = rotateLeft(tt * 0x54655307, 7);
2104 int v0 = s0;
2105 s0 = ((s0 << 8) ^ MUL_ALPHA[s0 >>> 24])
2106 ^ ((s3 >>> 8) ^ DIV_ALPHA[s3 & 0xFF]) ^ s9;
2107 int f0 = (s9 + r1) ^ r2;
2108
2109 tt = r1;
2110 r1 = r2 + (s2 ^ ((r1 & 0x01) != 0 ? s9 : 0));
2111 r2 = rotateLeft(tt * 0x54655307, 7);
2112 int v1 = s1;
2113 s1 = ((s1 << 8) ^ MUL_ALPHA[s1 >>> 24])
2114 ^ ((s4 >>> 8) ^ DIV_ALPHA[s4 & 0xFF]) ^ s0;
2115 int f1 = (s0 + r1) ^ r2;
2116
2117 tt = r1;
2118 r1 = r2 + (s3 ^ ((r1 & 0x01) != 0 ? s0 : 0));
2119 r2 = rotateLeft(tt * 0x54655307, 7);
2120 int v2 = s2;
2121 s2 = ((s2 << 8) ^ MUL_ALPHA[s2 >>> 24])
2122 ^ ((s5 >>> 8) ^ DIV_ALPHA[s5 & 0xFF]) ^ s1;
2123 int f2 = (s1 + r1) ^ r2;
2124
2125 tt = r1;
2126 r1 = r2 + (s4 ^ ((r1 & 0x01) != 0 ? s1 : 0));
2127 r2 = rotateLeft(tt * 0x54655307, 7);
2128 int v3 = s3;
2129 s3 = ((s3 << 8) ^ MUL_ALPHA[s3 >>> 24])
2130 ^ ((s6 >>> 8) ^ DIV_ALPHA[s6 & 0xFF]) ^ s2;
2131 int f3 = (s2 + r1) ^ r2;
2132
2133
2134
2135
2136 int f4 = f0;
2137 f0 &= f2;
2138 f0 ^= f3;
2139 f2 ^= f1;
2140 f2 ^= f0;
2141 f3 |= f4;
2142 f3 ^= f1;
2143 f4 ^= f2;
2144 f1 = f3;
2145 f3 |= f4;
2146 f3 ^= f0;
2147 f0 &= f1;
2148 f4 ^= f0;
2149 f1 ^= f3;
2150 f1 ^= f4;
2151 f4 = ~f4;
2152
2153
2154
2155
2156 encode32le(f2 ^ v0, buf, off);
2157 encode32le(f3 ^ v1, buf, off + 4);
2158 encode32le(f1 ^ v2, buf, off + 8);
2159 encode32le(f4 ^ v3, buf, off + 12);
2160
2161 tt = r1;
2162 r1 = r2 + (s5 ^ ((r1 & 0x01) != 0 ? s2 : 0));
2163 r2 = rotateLeft(tt * 0x54655307, 7);
2164 v0 = s4;
2165 s4 = ((s4 << 8) ^ MUL_ALPHA[s4 >>> 24])
2166 ^ ((s7 >>> 8) ^ DIV_ALPHA[s7 & 0xFF]) ^ s3;
2167 f0 = (s3 + r1) ^ r2;
2168
2169 tt = r1;
2170 r1 = r2 + (s6 ^ ((r1 & 0x01) != 0 ? s3 : 0));
2171 r2 = rotateLeft(tt * 0x54655307, 7);
2172 v1 = s5;
2173 s5 = ((s5 << 8) ^ MUL_ALPHA[s5 >>> 24])
2174 ^ ((s8 >>> 8) ^ DIV_ALPHA[s8 & 0xFF]) ^ s4;
2175 f1 = (s4 + r1) ^ r2;
2176
2177 tt = r1;
2178 r1 = r2 + (s7 ^ ((r1 & 0x01) != 0 ? s4 : 0));
2179 r2 = rotateLeft(tt * 0x54655307, 7);
2180 v2 = s6;
2181 s6 = ((s6 << 8) ^ MUL_ALPHA[s6 >>> 24])
2182 ^ ((s9 >>> 8) ^ DIV_ALPHA[s9 & 0xFF]) ^ s5;
2183 f2 = (s5 + r1) ^ r2;
2184
2185 tt = r1;
2186 r1 = r2 + (s8 ^ ((r1 & 0x01) != 0 ? s5 : 0));
2187 r2 = rotateLeft(tt * 0x54655307, 7);
2188 v3 = s7;
2189 s7 = ((s7 << 8) ^ MUL_ALPHA[s7 >>> 24])
2190 ^ ((s0 >>> 8) ^ DIV_ALPHA[s0 & 0xFF]) ^ s6;
2191 f3 = (s6 + r1) ^ r2;
2192
2193
2194
2195
2196 f4 = f0;
2197 f0 &= f2;
2198 f0 ^= f3;
2199 f2 ^= f1;
2200 f2 ^= f0;
2201 f3 |= f4;
2202 f3 ^= f1;
2203 f4 ^= f2;
2204 f1 = f3;
2205 f3 |= f4;
2206 f3 ^= f0;
2207 f0 &= f1;
2208 f4 ^= f0;
2209 f1 ^= f3;
2210 f1 ^= f4;
2211 f4 = ~f4;
2212
2213
2214
2215
2216 encode32le(f2 ^ v0, buf, off + 16);
2217 encode32le(f3 ^ v1, buf, off + 20);
2218 encode32le(f1 ^ v2, buf, off + 24);
2219 encode32le(f4 ^ v3, buf, off + 28);
2220
2221 tt = r1;
2222 r1 = r2 + (s9 ^ ((r1 & 0x01) != 0 ? s6 : 0));
2223 r2 = rotateLeft(tt * 0x54655307, 7);
2224 v0 = s8;
2225 s8 = ((s8 << 8) ^ MUL_ALPHA[s8 >>> 24])
2226 ^ ((s1 >>> 8) ^ DIV_ALPHA[s1 & 0xFF]) ^ s7;
2227 f0 = (s7 + r1) ^ r2;
2228
2229 tt = r1;
2230 r1 = r2 + (s0 ^ ((r1 & 0x01) != 0 ? s7 : 0));
2231 r2 = rotateLeft(tt * 0x54655307, 7);
2232 v1 = s9;
2233 s9 = ((s9 << 8) ^ MUL_ALPHA[s9 >>> 24])
2234 ^ ((s2 >>> 8) ^ DIV_ALPHA[s2 & 0xFF]) ^ s8;
2235 f1 = (s8 + r1) ^ r2;
2236
2237 tt = r1;
2238 r1 = r2 + (s1 ^ ((r1 & 0x01) != 0 ? s8 : 0));
2239 r2 = rotateLeft(tt * 0x54655307, 7);
2240 v2 = s0;
2241 s0 = ((s0 << 8) ^ MUL_ALPHA[s0 >>> 24])
2242 ^ ((s3 >>> 8) ^ DIV_ALPHA[s3 & 0xFF]) ^ s9;
2243 f2 = (s9 + r1) ^ r2;
2244
2245 tt = r1;
2246 r1 = r2 + (s2 ^ ((r1 & 0x01) != 0 ? s9 : 0));
2247 r2 = rotateLeft(tt * 0x54655307, 7);
2248 v3 = s1;
2249 s1 = ((s1 << 8) ^ MUL_ALPHA[s1 >>> 24])
2250 ^ ((s4 >>> 8) ^ DIV_ALPHA[s4 & 0xFF]) ^ s0;
2251 f3 = (s0 + r1) ^ r2;
2252
2253
2254
2255
2256 f4 = f0;
2257 f0 &= f2;
2258 f0 ^= f3;
2259 f2 ^= f1;
2260 f2 ^= f0;
2261 f3 |= f4;
2262 f3 ^= f1;
2263 f4 ^= f2;
2264 f1 = f3;
2265 f3 |= f4;
2266 f3 ^= f0;
2267 f0 &= f1;
2268 f4 ^= f0;
2269 f1 ^= f3;
2270 f1 ^= f4;
2271 f4 = ~f4;
2272
2273
2274
2275
2276 encode32le(f2 ^ v0, buf, off + 32);
2277 encode32le(f3 ^ v1, buf, off + 36);
2278 encode32le(f1 ^ v2, buf, off + 40);
2279 encode32le(f4 ^ v3, buf, off + 44);
2280
2281 tt = r1;
2282 r1 = r2 + (s3 ^ ((r1 & 0x01) != 0 ? s0 : 0));
2283 r2 = rotateLeft(tt * 0x54655307, 7);
2284 v0 = s2;
2285 s2 = ((s2 << 8) ^ MUL_ALPHA[s2 >>> 24])
2286 ^ ((s5 >>> 8) ^ DIV_ALPHA[s5 & 0xFF]) ^ s1;
2287 f0 = (s1 + r1) ^ r2;
2288
2289 tt = r1;
2290 r1 = r2 + (s4 ^ ((r1 & 0x01) != 0 ? s1 : 0));
2291 r2 = rotateLeft(tt * 0x54655307, 7);
2292 v1 = s3;
2293 s3 = ((s3 << 8) ^ MUL_ALPHA[s3 >>> 24])
2294 ^ ((s6 >>> 8) ^ DIV_ALPHA[s6 & 0xFF]) ^ s2;
2295 f1 = (s2 + r1) ^ r2;
2296
2297 tt = r1;
2298 r1 = r2 + (s5 ^ ((r1 & 0x01) != 0 ? s2 : 0));
2299 r2 = rotateLeft(tt * 0x54655307, 7);
2300 v2 = s4;
2301 s4 = ((s4 << 8) ^ MUL_ALPHA[s4 >>> 24])
2302 ^ ((s7 >>> 8) ^ DIV_ALPHA[s7 & 0xFF]) ^ s3;
2303 f2 = (s3 + r1) ^ r2;
2304
2305 tt = r1;
2306 r1 = r2 + (s6 ^ ((r1 & 0x01) != 0 ? s3 : 0));
2307 r2 = rotateLeft(tt * 0x54655307, 7);
2308 v3 = s5;
2309 s5 = ((s5 << 8) ^ MUL_ALPHA[s5 >>> 24])
2310 ^ ((s8 >>> 8) ^ DIV_ALPHA[s8 & 0xFF]) ^ s4;
2311 f3 = (s4 + r1) ^ r2;
2312
2313
2314
2315
2316 f4 = f0;
2317 f0 &= f2;
2318 f0 ^= f3;
2319 f2 ^= f1;
2320 f2 ^= f0;
2321 f3 |= f4;
2322 f3 ^= f1;
2323 f4 ^= f2;
2324 f1 = f3;
2325 f3 |= f4;
2326 f3 ^= f0;
2327 f0 &= f1;
2328 f4 ^= f0;
2329 f1 ^= f3;
2330 f1 ^= f4;
2331 f4 = ~f4;
2332
2333
2334
2335
2336 encode32le(f2 ^ v0, buf, off + 48);
2337 encode32le(f3 ^ v1, buf, off + 52);
2338 encode32le(f1 ^ v2, buf, off + 56);
2339 encode32le(f4 ^ v3, buf, off + 60);
2340
2341 tt = r1;
2342 r1 = r2 + (s7 ^ ((r1 & 0x01) != 0 ? s4 : 0));
2343 r2 = rotateLeft(tt * 0x54655307, 7);
2344 v0 = s6;
2345 s6 = ((s6 << 8) ^ MUL_ALPHA[s6 >>> 24])
2346 ^ ((s9 >>> 8) ^ DIV_ALPHA[s9 & 0xFF]) ^ s5;
2347 f0 = (s5 + r1) ^ r2;
2348
2349 tt = r1;
2350 r1 = r2 + (s8 ^ ((r1 & 0x01) != 0 ? s5 : 0));
2351 r2 = rotateLeft(tt * 0x54655307, 7);
2352 v1 = s7;
2353 s7 = ((s7 << 8) ^ MUL_ALPHA[s7 >>> 24])
2354 ^ ((s0 >>> 8) ^ DIV_ALPHA[s0 & 0xFF]) ^ s6;
2355 f1 = (s6 + r1) ^ r2;
2356
2357 tt = r1;
2358 r1 = r2 + (s9 ^ ((r1 & 0x01) != 0 ? s6 : 0));
2359 r2 = rotateLeft(tt * 0x54655307, 7);
2360 v2 = s8;
2361 s8 = ((s8 << 8) ^ MUL_ALPHA[s8 >>> 24])
2362 ^ ((s1 >>> 8) ^ DIV_ALPHA[s1 & 0xFF]) ^ s7;
2363 f2 = (s7 + r1) ^ r2;
2364
2365 tt = r1;
2366 r1 = r2 + (s0 ^ ((r1 & 0x01) != 0 ? s7 : 0));
2367 r2 = rotateLeft(tt * 0x54655307, 7);
2368 v3 = s9;
2369 s9 = ((s9 << 8) ^ MUL_ALPHA[s9 >>> 24])
2370 ^ ((s2 >>> 8) ^ DIV_ALPHA[s2 & 0xFF]) ^ s8;
2371 f3 = (s8 + r1) ^ r2;
2372
2373
2374
2375
2376 f4 = f0;
2377 f0 &= f2;
2378 f0 ^= f3;
2379 f2 ^= f1;
2380 f2 ^= f0;
2381 f3 |= f4;
2382 f3 ^= f1;
2383 f4 ^= f2;
2384 f1 = f3;
2385 f3 |= f4;
2386 f3 ^= f0;
2387 f0 &= f1;
2388 f4 ^= f0;
2389 f1 ^= f3;
2390 f1 ^= f4;
2391 f4 = ~f4;
2392
2393
2394
2395
2396 encode32le(f2 ^ v0, buf, off + 64);
2397 encode32le(f3 ^ v1, buf, off + 68);
2398 encode32le(f1 ^ v2, buf, off + 72);
2399 encode32le(f4 ^ v3, buf, off + 76);
2400
2401 lfsr0 = s0;
2402 lfsr1 = s1;
2403 lfsr2 = s2;
2404 lfsr3 = s3;
2405 lfsr4 = s4;
2406 lfsr5 = s5;
2407 lfsr6 = s6;
2408 lfsr7 = s7;
2409 lfsr8 = s8;
2410 lfsr9 = s9;
2411 fsmR1 = r1;
2412 fsmR2 = r2;
2413 }
2414 }