1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package io.github.tonywasher.joceanus.gordianknot.impl.ext.engines;
18
19 import org.bouncycastle.crypto.CipherParameters;
20 import org.bouncycastle.crypto.DataLengthException;
21 import org.bouncycastle.crypto.OutputLengthException;
22 import org.bouncycastle.crypto.StreamCipher;
23 import org.bouncycastle.crypto.params.KeyParameter;
24 import org.bouncycastle.crypto.params.ParametersWithIV;
25 import org.bouncycastle.util.Memoable;
26
27
28
29
30
31
32 @SuppressWarnings("checkstyle:MagicNumber")
33 public class GordianSosemanukEngine
34 implements StreamCipher, Memoable {
35
36
37
38 private static final int STREAM_LEN = 80;
39
40
41
42
43 private int theIndex;
44
45
46
47
48 private final byte[] keyStream = new byte[STREAM_LEN];
49
50
51
52
53 private GordianSosemanukEngine theResetState;
54
55
56
57
58 public GordianSosemanukEngine() {
59 }
60
61
62
63
64
65
66 private GordianSosemanukEngine(final GordianSosemanukEngine pSource) {
67 reset(pSource);
68 }
69
70
71
72
73
74
75
76
77 public void init(final boolean forEncryption,
78 final CipherParameters params) {
79
80
81
82
83
84
85 CipherParameters myParams = params;
86 byte[] newKey = null;
87 byte[] newIV = null;
88 if ((myParams instanceof ParametersWithIV)) {
89 final ParametersWithIV ivParams = (ParametersWithIV) myParams;
90 newIV = ivParams.getIV();
91 myParams = ivParams.getParameters();
92 }
93 if (myParams instanceof KeyParameter) {
94 final KeyParameter keyParam = (KeyParameter) myParams;
95 newKey = keyParam.getKey();
96 }
97
98
99 theIndex = 0;
100 setKey(newKey);
101 setIV(newIV);
102 makeStreamBlock(keyStream, 0);
103
104
105 theResetState = copy();
106 }
107
108 @Override
109 public String getAlgorithmName() {
110 return "Sosemanuk";
111 }
112
113 @Override
114 public int processBytes(final byte[] in,
115 final int inOff,
116 final int len,
117 final byte[] out,
118 final int outOff) {
119
120 if (theResetState == null) {
121 throw new IllegalStateException(getAlgorithmName() + " not initialised");
122 }
123 if ((inOff + len) > in.length) {
124 throw new DataLengthException("input buffer too short");
125 }
126 if ((outOff + len) > out.length) {
127 throw new OutputLengthException("output buffer too short");
128 }
129
130
131 for (int i = 0; i < len; i++) {
132 out[i + outOff] = returnByte(in[i + inOff]);
133 }
134 return len;
135 }
136
137 @Override
138 public void reset() {
139 if (theResetState != null) {
140 reset(theResetState);
141 }
142 }
143
144 @Override
145 public byte returnByte(final byte in) {
146 final byte out = (byte) (keyStream[theIndex] ^ in);
147 theIndex = (theIndex + 1) % STREAM_LEN;
148
149 if (theIndex == 0) {
150 makeStreamBlock(keyStream, 0);
151 }
152 return out;
153 }
154
155
156 @Override
157 public GordianSosemanukEngine copy() {
158 return new GordianSosemanukEngine(this);
159 }
160
161 @Override
162 public void reset(final Memoable pState) {
163 final GordianSosemanukEngine e = (GordianSosemanukEngine) pState;
164 lfsr0 = e.lfsr0;
165 lfsr1 = e.lfsr1;
166 lfsr2 = e.lfsr2;
167 lfsr3 = e.lfsr3;
168 lfsr4 = e.lfsr4;
169 lfsr5 = e.lfsr5;
170 lfsr6 = e.lfsr6;
171 lfsr7 = e.lfsr7;
172 lfsr8 = e.lfsr8;
173 lfsr9 = e.lfsr9;
174 fsmR1 = e.fsmR1;
175 fsmR2 = e.fsmR2;
176 System.arraycopy(e.keyStream, 0, keyStream, 0, STREAM_LEN);
177 theIndex = e.theIndex;
178 }
179
180
181
182
183 private int lfsr0;
184
185
186
187
188 private int lfsr1;
189
190
191
192
193 private int lfsr2;
194
195
196
197
198 private int lfsr3;
199
200
201
202
203 private int lfsr4;
204
205
206
207
208 private int lfsr5;
209
210
211
212
213 private int lfsr6;
214
215
216
217
218 private int lfsr7;
219
220
221
222
223 private int lfsr8;
224
225
226
227
228 private int lfsr9;
229
230
231
232
233 private int fsmR1;
234
235
236
237
238 private int fsmR2;
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255 private static int decode32le(final byte[] buf, final int off) {
256 return (buf[off] & 0xFF)
257 | ((buf[off + 1] & 0xFF) << 8)
258 | ((buf[off + 2] & 0xFF) << 16)
259 | ((buf[off + 3] & 0xFF) << 24);
260 }
261
262
263
264
265
266
267
268
269 private static void encode32le(final int val, final byte[] buf, final int off) {
270 buf[off] = (byte) val;
271 buf[off + 1] = (byte) (val >> 8);
272 buf[off + 2] = (byte) (val >> 16);
273 buf[off + 3] = (byte) (val >> 24);
274 }
275
276
277
278
279
280
281
282
283 private static int rotateLeft(final int val, final int n) {
284 return (val << n) | (val >>> (32 - n));
285 }
286
287
288
289
290 private final int[] serpent24SubKeys = new int[100];
291
292
293
294
295
296
297
298 @SuppressWarnings("checkstyle:MethodLength")
299 public void setKey(final byte[] key) {
300 if (key.length < 1 || key.length > 32) {
301 throw new IllegalArgumentException("bad key length: " + key.length);
302 }
303 final byte[] lkey;
304 if (key.length == 32) {
305 lkey = key;
306 } else {
307 lkey = new byte[32];
308 System.arraycopy(key, 0, lkey, 0, key.length);
309 lkey[key.length] = 0x01;
310 for (int i = key.length + 1; i < lkey.length; i++) {
311 lkey[i] = 0x00;
312 }
313 }
314
315 int i = 0;
316
317 int w0 = decode32le(lkey, 0);
318 int w1 = decode32le(lkey, 4);
319 int w2 = decode32le(lkey, 8);
320 int w3 = decode32le(lkey, 12);
321 int w4 = decode32le(lkey, 16);
322 int w5 = decode32le(lkey, 20);
323 int w6 = decode32le(lkey, 24);
324 int w7 = decode32le(lkey, 28);
325 int tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (0));
326 w0 = rotateLeft(tt, 11);
327 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (0 + 1));
328 w1 = rotateLeft(tt, 11);
329 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (0 + 2));
330 w2 = rotateLeft(tt, 11);
331 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (0 + 3));
332 w3 = rotateLeft(tt, 11);
333 int r0 = w0;
334 int r1 = w1;
335 int r2 = w2;
336 int r3 = w3;
337 int r4 = r0;
338 r0 |= r3;
339 r3 ^= r1;
340 r1 &= r4;
341 r4 ^= r2;
342 r2 ^= r3;
343 r3 &= r0;
344 r4 |= r1;
345 r3 ^= r4;
346 r0 ^= r1;
347 r4 &= r0;
348 r1 ^= r3;
349 r4 ^= r2;
350 r1 |= r0;
351 r1 ^= r2;
352 r0 ^= r3;
353 r2 = r1;
354 r1 |= r3;
355 r1 ^= r0;
356 serpent24SubKeys[i++] = r1;
357 serpent24SubKeys[i++] = r2;
358 serpent24SubKeys[i++] = r3;
359 serpent24SubKeys[i++] = r4;
360 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (4));
361 w4 = rotateLeft(tt, 11);
362 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (4 + 1));
363 w5 = rotateLeft(tt, 11);
364 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (4 + 2));
365 w6 = rotateLeft(tt, 11);
366 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (4 + 3));
367 w7 = rotateLeft(tt, 11);
368 r0 = w4;
369 r1 = w5;
370 r2 = w6;
371 r3 = w7;
372 r4 = r0;
373 r0 &= r2;
374 r0 ^= r3;
375 r2 ^= r1;
376 r2 ^= r0;
377 r3 |= r4;
378 r3 ^= r1;
379 r4 ^= r2;
380 r1 = r3;
381 r3 |= r4;
382 r3 ^= r0;
383 r0 &= r1;
384 r4 ^= r0;
385 r1 ^= r3;
386 r1 ^= r4;
387 r4 = ~r4;
388 serpent24SubKeys[i++] = r2;
389 serpent24SubKeys[i++] = r3;
390 serpent24SubKeys[i++] = r1;
391 serpent24SubKeys[i++] = r4;
392 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (8));
393 w0 = rotateLeft(tt, 11);
394 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (8 + 1));
395 w1 = rotateLeft(tt, 11);
396 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (8 + 2));
397 w2 = rotateLeft(tt, 11);
398 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (8 + 3));
399 w3 = rotateLeft(tt, 11);
400 r0 = w0;
401 r1 = w1;
402 r2 = w2;
403 r3 = w3;
404 r0 = ~r0;
405 r2 = ~r2;
406 r4 = r0;
407 r0 &= r1;
408 r2 ^= r0;
409 r0 |= r3;
410 r3 ^= r2;
411 r1 ^= r0;
412 r0 ^= r4;
413 r4 |= r1;
414 r1 ^= r3;
415 r2 |= r0;
416 r2 &= r4;
417 r0 ^= r1;
418 r1 &= r2;
419 r1 ^= r0;
420 r0 &= r2;
421 r0 ^= r4;
422 serpent24SubKeys[i++] = r2;
423 serpent24SubKeys[i++] = r0;
424 serpent24SubKeys[i++] = r3;
425 serpent24SubKeys[i++] = r1;
426 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (12));
427 w4 = rotateLeft(tt, 11);
428 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (12 + 1));
429 w5 = rotateLeft(tt, 11);
430 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (12 + 2));
431 w6 = rotateLeft(tt, 11);
432 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (12 + 3));
433 w7 = rotateLeft(tt, 11);
434 r0 = w4;
435 r1 = w5;
436 r2 = w6;
437 r3 = w7;
438 r3 ^= r0;
439 r4 = r1;
440 r1 &= r3;
441 r4 ^= r2;
442 r1 ^= r0;
443 r0 |= r3;
444 r0 ^= r4;
445 r4 ^= r3;
446 r3 ^= r2;
447 r2 |= r1;
448 r2 ^= r4;
449 r4 = ~r4;
450 r4 |= r1;
451 r1 ^= r3;
452 r1 ^= r4;
453 r3 |= r0;
454 r1 ^= r3;
455 r4 ^= r3;
456 serpent24SubKeys[i++] = r1;
457 serpent24SubKeys[i++] = r4;
458 serpent24SubKeys[i++] = r2;
459 serpent24SubKeys[i++] = r0;
460 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (16));
461 w0 = rotateLeft(tt, 11);
462 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (16 + 1));
463 w1 = rotateLeft(tt, 11);
464 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (16 + 2));
465 w2 = rotateLeft(tt, 11);
466 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (16 + 3));
467 w3 = rotateLeft(tt, 11);
468 r0 = w0;
469 r1 = w1;
470 r2 = w2;
471 r3 = w3;
472 r4 = r1;
473 r1 |= r2;
474 r1 ^= r3;
475 r4 ^= r2;
476 r2 ^= r1;
477 r3 |= r4;
478 r3 &= r0;
479 r4 ^= r2;
480 r3 ^= r1;
481 r1 |= r4;
482 r1 ^= r0;
483 r0 |= r4;
484 r0 ^= r2;
485 r1 ^= r4;
486 r2 ^= r1;
487 r1 &= r0;
488 r1 ^= r4;
489 r2 = ~r2;
490 r2 |= r0;
491 r4 ^= r2;
492 serpent24SubKeys[i++] = r4;
493 serpent24SubKeys[i++] = r3;
494 serpent24SubKeys[i++] = r1;
495 serpent24SubKeys[i++] = r0;
496 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (20));
497 w4 = rotateLeft(tt, 11);
498 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (20 + 1));
499 w5 = rotateLeft(tt, 11);
500 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (20 + 2));
501 w6 = rotateLeft(tt, 11);
502 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (20 + 3));
503 w7 = rotateLeft(tt, 11);
504 r0 = w4;
505 r1 = w5;
506 r2 = w6;
507 r3 = w7;
508 r2 = ~r2;
509 r4 = r3;
510 r3 &= r0;
511 r0 ^= r4;
512 r3 ^= r2;
513 r2 |= r4;
514 r1 ^= r3;
515 r2 ^= r0;
516 r0 |= r1;
517 r2 ^= r1;
518 r4 ^= r0;
519 r0 |= r3;
520 r0 ^= r2;
521 r4 ^= r3;
522 r4 ^= r0;
523 r3 = ~r3;
524 r2 &= r4;
525 r2 ^= r3;
526 serpent24SubKeys[i++] = r0;
527 serpent24SubKeys[i++] = r1;
528 serpent24SubKeys[i++] = r4;
529 serpent24SubKeys[i++] = r2;
530 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (24));
531 w0 = rotateLeft(tt, 11);
532 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (24 + 1));
533 w1 = rotateLeft(tt, 11);
534 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (24 + 2));
535 w2 = rotateLeft(tt, 11);
536 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (24 + 3));
537 w3 = rotateLeft(tt, 11);
538 r0 = w0;
539 r1 = w1;
540 r2 = w2;
541 r3 = w3;
542 r0 ^= r1;
543 r1 ^= r3;
544 r3 = ~r3;
545 r4 = r1;
546 r1 &= r0;
547 r2 ^= r3;
548 r1 ^= r2;
549 r2 |= r4;
550 r4 ^= r3;
551 r3 &= r1;
552 r3 ^= r0;
553 r4 ^= r1;
554 r4 ^= r2;
555 r2 ^= r0;
556 r0 &= r3;
557 r2 = ~r2;
558 r0 ^= r4;
559 r4 |= r3;
560 r2 ^= r4;
561 serpent24SubKeys[i++] = r1;
562 serpent24SubKeys[i++] = r3;
563 serpent24SubKeys[i++] = r0;
564 serpent24SubKeys[i++] = r2;
565 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (28));
566 w4 = rotateLeft(tt, 11);
567 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (28 + 1));
568 w5 = rotateLeft(tt, 11);
569 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (28 + 2));
570 w6 = rotateLeft(tt, 11);
571 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (28 + 3));
572 w7 = rotateLeft(tt, 11);
573 r0 = w4;
574 r1 = w5;
575 r2 = w6;
576 r3 = w7;
577 r1 ^= r3;
578 r3 = ~r3;
579 r2 ^= r3;
580 r3 ^= r0;
581 r4 = r1;
582 r1 &= r3;
583 r1 ^= r2;
584 r4 ^= r3;
585 r0 ^= r4;
586 r2 &= r4;
587 r2 ^= r0;
588 r0 &= r1;
589 r3 ^= r0;
590 r4 |= r1;
591 r4 ^= r0;
592 r0 |= r3;
593 r0 ^= r2;
594 r2 &= r3;
595 r0 = ~r0;
596 r4 ^= r2;
597 serpent24SubKeys[i++] = r1;
598 serpent24SubKeys[i++] = r4;
599 serpent24SubKeys[i++] = r0;
600 serpent24SubKeys[i++] = r3;
601 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (32));
602 w0 = rotateLeft(tt, 11);
603 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (32 + 1));
604 w1 = rotateLeft(tt, 11);
605 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (32 + 2));
606 w2 = rotateLeft(tt, 11);
607 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (32 + 3));
608 w3 = rotateLeft(tt, 11);
609 r0 = w0;
610 r1 = w1;
611 r2 = w2;
612 r3 = w3;
613 r4 = r0;
614 r0 |= r3;
615 r3 ^= r1;
616 r1 &= r4;
617 r4 ^= r2;
618 r2 ^= r3;
619 r3 &= r0;
620 r4 |= r1;
621 r3 ^= r4;
622 r0 ^= r1;
623 r4 &= r0;
624 r1 ^= r3;
625 r4 ^= r2;
626 r1 |= r0;
627 r1 ^= r2;
628 r0 ^= r3;
629 r2 = r1;
630 r1 |= r3;
631 r1 ^= r0;
632 serpent24SubKeys[i++] = r1;
633 serpent24SubKeys[i++] = r2;
634 serpent24SubKeys[i++] = r3;
635 serpent24SubKeys[i++] = r4;
636 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (36));
637 w4 = rotateLeft(tt, 11);
638 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (36 + 1));
639 w5 = rotateLeft(tt, 11);
640 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (36 + 2));
641 w6 = rotateLeft(tt, 11);
642 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (36 + 3));
643 w7 = rotateLeft(tt, 11);
644 r0 = w4;
645 r1 = w5;
646 r2 = w6;
647 r3 = w7;
648 r4 = r0;
649 r0 &= r2;
650 r0 ^= r3;
651 r2 ^= r1;
652 r2 ^= r0;
653 r3 |= r4;
654 r3 ^= r1;
655 r4 ^= r2;
656 r1 = r3;
657 r3 |= r4;
658 r3 ^= r0;
659 r0 &= r1;
660 r4 ^= r0;
661 r1 ^= r3;
662 r1 ^= r4;
663 r4 = ~r4;
664 serpent24SubKeys[i++] = r2;
665 serpent24SubKeys[i++] = r3;
666 serpent24SubKeys[i++] = r1;
667 serpent24SubKeys[i++] = r4;
668 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (40));
669 w0 = rotateLeft(tt, 11);
670 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (40 + 1));
671 w1 = rotateLeft(tt, 11);
672 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (40 + 2));
673 w2 = rotateLeft(tt, 11);
674 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (40 + 3));
675 w3 = rotateLeft(tt, 11);
676 r0 = w0;
677 r1 = w1;
678 r2 = w2;
679 r3 = w3;
680 r0 = ~r0;
681 r2 = ~r2;
682 r4 = r0;
683 r0 &= r1;
684 r2 ^= r0;
685 r0 |= r3;
686 r3 ^= r2;
687 r1 ^= r0;
688 r0 ^= r4;
689 r4 |= r1;
690 r1 ^= r3;
691 r2 |= r0;
692 r2 &= r4;
693 r0 ^= r1;
694 r1 &= r2;
695 r1 ^= r0;
696 r0 &= r2;
697 r0 ^= r4;
698 serpent24SubKeys[i++] = r2;
699 serpent24SubKeys[i++] = r0;
700 serpent24SubKeys[i++] = r3;
701 serpent24SubKeys[i++] = r1;
702 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (44));
703 w4 = rotateLeft(tt, 11);
704 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (44 + 1));
705 w5 = rotateLeft(tt, 11);
706 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (44 + 2));
707 w6 = rotateLeft(tt, 11);
708 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (44 + 3));
709 w7 = rotateLeft(tt, 11);
710 r0 = w4;
711 r1 = w5;
712 r2 = w6;
713 r3 = w7;
714 r3 ^= r0;
715 r4 = r1;
716 r1 &= r3;
717 r4 ^= r2;
718 r1 ^= r0;
719 r0 |= r3;
720 r0 ^= r4;
721 r4 ^= r3;
722 r3 ^= r2;
723 r2 |= r1;
724 r2 ^= r4;
725 r4 = ~r4;
726 r4 |= r1;
727 r1 ^= r3;
728 r1 ^= r4;
729 r3 |= r0;
730 r1 ^= r3;
731 r4 ^= r3;
732 serpent24SubKeys[i++] = r1;
733 serpent24SubKeys[i++] = r4;
734 serpent24SubKeys[i++] = r2;
735 serpent24SubKeys[i++] = r0;
736 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (48));
737 w0 = rotateLeft(tt, 11);
738 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (48 + 1));
739 w1 = rotateLeft(tt, 11);
740 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (48 + 2));
741 w2 = rotateLeft(tt, 11);
742 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (48 + 3));
743 w3 = rotateLeft(tt, 11);
744 r0 = w0;
745 r1 = w1;
746 r2 = w2;
747 r3 = w3;
748 r4 = r1;
749 r1 |= r2;
750 r1 ^= r3;
751 r4 ^= r2;
752 r2 ^= r1;
753 r3 |= r4;
754 r3 &= r0;
755 r4 ^= r2;
756 r3 ^= r1;
757 r1 |= r4;
758 r1 ^= r0;
759 r0 |= r4;
760 r0 ^= r2;
761 r1 ^= r4;
762 r2 ^= r1;
763 r1 &= r0;
764 r1 ^= r4;
765 r2 = ~r2;
766 r2 |= r0;
767 r4 ^= r2;
768 serpent24SubKeys[i++] = r4;
769 serpent24SubKeys[i++] = r3;
770 serpent24SubKeys[i++] = r1;
771 serpent24SubKeys[i++] = r0;
772 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (52));
773 w4 = rotateLeft(tt, 11);
774 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (52 + 1));
775 w5 = rotateLeft(tt, 11);
776 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (52 + 2));
777 w6 = rotateLeft(tt, 11);
778 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (52 + 3));
779 w7 = rotateLeft(tt, 11);
780 r0 = w4;
781 r1 = w5;
782 r2 = w6;
783 r3 = w7;
784 r2 = ~r2;
785 r4 = r3;
786 r3 &= r0;
787 r0 ^= r4;
788 r3 ^= r2;
789 r2 |= r4;
790 r1 ^= r3;
791 r2 ^= r0;
792 r0 |= r1;
793 r2 ^= r1;
794 r4 ^= r0;
795 r0 |= r3;
796 r0 ^= r2;
797 r4 ^= r3;
798 r4 ^= r0;
799 r3 = ~r3;
800 r2 &= r4;
801 r2 ^= r3;
802 serpent24SubKeys[i++] = r0;
803 serpent24SubKeys[i++] = r1;
804 serpent24SubKeys[i++] = r4;
805 serpent24SubKeys[i++] = r2;
806 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (56));
807 w0 = rotateLeft(tt, 11);
808 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (56 + 1));
809 w1 = rotateLeft(tt, 11);
810 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (56 + 2));
811 w2 = rotateLeft(tt, 11);
812 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (56 + 3));
813 w3 = rotateLeft(tt, 11);
814 r0 = w0;
815 r1 = w1;
816 r2 = w2;
817 r3 = w3;
818 r0 ^= r1;
819 r1 ^= r3;
820 r3 = ~r3;
821 r4 = r1;
822 r1 &= r0;
823 r2 ^= r3;
824 r1 ^= r2;
825 r2 |= r4;
826 r4 ^= r3;
827 r3 &= r1;
828 r3 ^= r0;
829 r4 ^= r1;
830 r4 ^= r2;
831 r2 ^= r0;
832 r0 &= r3;
833 r2 = ~r2;
834 r0 ^= r4;
835 r4 |= r3;
836 r2 ^= r4;
837 serpent24SubKeys[i++] = r1;
838 serpent24SubKeys[i++] = r3;
839 serpent24SubKeys[i++] = r0;
840 serpent24SubKeys[i++] = r2;
841 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (60));
842 w4 = rotateLeft(tt, 11);
843 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (60 + 1));
844 w5 = rotateLeft(tt, 11);
845 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (60 + 2));
846 w6 = rotateLeft(tt, 11);
847 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (60 + 3));
848 w7 = rotateLeft(tt, 11);
849 r0 = w4;
850 r1 = w5;
851 r2 = w6;
852 r3 = w7;
853 r1 ^= r3;
854 r3 = ~r3;
855 r2 ^= r3;
856 r3 ^= r0;
857 r4 = r1;
858 r1 &= r3;
859 r1 ^= r2;
860 r4 ^= r3;
861 r0 ^= r4;
862 r2 &= r4;
863 r2 ^= r0;
864 r0 &= r1;
865 r3 ^= r0;
866 r4 |= r1;
867 r4 ^= r0;
868 r0 |= r3;
869 r0 ^= r2;
870 r2 &= r3;
871 r0 = ~r0;
872 r4 ^= r2;
873 serpent24SubKeys[i++] = r1;
874 serpent24SubKeys[i++] = r4;
875 serpent24SubKeys[i++] = r0;
876 serpent24SubKeys[i++] = r3;
877 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (64));
878 w0 = rotateLeft(tt, 11);
879 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (64 + 1));
880 w1 = rotateLeft(tt, 11);
881 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (64 + 2));
882 w2 = rotateLeft(tt, 11);
883 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (64 + 3));
884 w3 = rotateLeft(tt, 11);
885 r0 = w0;
886 r1 = w1;
887 r2 = w2;
888 r3 = w3;
889 r4 = r0;
890 r0 |= r3;
891 r3 ^= r1;
892 r1 &= r4;
893 r4 ^= r2;
894 r2 ^= r3;
895 r3 &= r0;
896 r4 |= r1;
897 r3 ^= r4;
898 r0 ^= r1;
899 r4 &= r0;
900 r1 ^= r3;
901 r4 ^= r2;
902 r1 |= r0;
903 r1 ^= r2;
904 r0 ^= r3;
905 r2 = r1;
906 r1 |= r3;
907 r1 ^= r0;
908 serpent24SubKeys[i++] = r1;
909 serpent24SubKeys[i++] = r2;
910 serpent24SubKeys[i++] = r3;
911 serpent24SubKeys[i++] = r4;
912 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (68));
913 w4 = rotateLeft(tt, 11);
914 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (68 + 1));
915 w5 = rotateLeft(tt, 11);
916 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (68 + 2));
917 w6 = rotateLeft(tt, 11);
918 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (68 + 3));
919 w7 = rotateLeft(tt, 11);
920 r0 = w4;
921 r1 = w5;
922 r2 = w6;
923 r3 = w7;
924 r4 = r0;
925 r0 &= r2;
926 r0 ^= r3;
927 r2 ^= r1;
928 r2 ^= r0;
929 r3 |= r4;
930 r3 ^= r1;
931 r4 ^= r2;
932 r1 = r3;
933 r3 |= r4;
934 r3 ^= r0;
935 r0 &= r1;
936 r4 ^= r0;
937 r1 ^= r3;
938 r1 ^= r4;
939 r4 = ~r4;
940 serpent24SubKeys[i++] = r2;
941 serpent24SubKeys[i++] = r3;
942 serpent24SubKeys[i++] = r1;
943 serpent24SubKeys[i++] = r4;
944 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (72));
945 w0 = rotateLeft(tt, 11);
946 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (72 + 1));
947 w1 = rotateLeft(tt, 11);
948 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (72 + 2));
949 w2 = rotateLeft(tt, 11);
950 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (72 + 3));
951 w3 = rotateLeft(tt, 11);
952 r0 = w0;
953 r1 = w1;
954 r2 = w2;
955 r3 = w3;
956 r0 = ~r0;
957 r2 = ~r2;
958 r4 = r0;
959 r0 &= r1;
960 r2 ^= r0;
961 r0 |= r3;
962 r3 ^= r2;
963 r1 ^= r0;
964 r0 ^= r4;
965 r4 |= r1;
966 r1 ^= r3;
967 r2 |= r0;
968 r2 &= r4;
969 r0 ^= r1;
970 r1 &= r2;
971 r1 ^= r0;
972 r0 &= r2;
973 r0 ^= r4;
974 serpent24SubKeys[i++] = r2;
975 serpent24SubKeys[i++] = r0;
976 serpent24SubKeys[i++] = r3;
977 serpent24SubKeys[i++] = r1;
978 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (76));
979 w4 = rotateLeft(tt, 11);
980 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (76 + 1));
981 w5 = rotateLeft(tt, 11);
982 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (76 + 2));
983 w6 = rotateLeft(tt, 11);
984 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (76 + 3));
985 w7 = rotateLeft(tt, 11);
986 r0 = w4;
987 r1 = w5;
988 r2 = w6;
989 r3 = w7;
990 r3 ^= r0;
991 r4 = r1;
992 r1 &= r3;
993 r4 ^= r2;
994 r1 ^= r0;
995 r0 |= r3;
996 r0 ^= r4;
997 r4 ^= r3;
998 r3 ^= r2;
999 r2 |= r1;
1000 r2 ^= r4;
1001 r4 = ~r4;
1002 r4 |= r1;
1003 r1 ^= r3;
1004 r1 ^= r4;
1005 r3 |= r0;
1006 r1 ^= r3;
1007 r4 ^= r3;
1008 serpent24SubKeys[i++] = r1;
1009 serpent24SubKeys[i++] = r4;
1010 serpent24SubKeys[i++] = r2;
1011 serpent24SubKeys[i++] = r0;
1012 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (80));
1013 w0 = rotateLeft(tt, 11);
1014 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (80 + 1));
1015 w1 = rotateLeft(tt, 11);
1016 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (80 + 2));
1017 w2 = rotateLeft(tt, 11);
1018 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (80 + 3));
1019 w3 = rotateLeft(tt, 11);
1020 r0 = w0;
1021 r1 = w1;
1022 r2 = w2;
1023 r3 = w3;
1024 r4 = r1;
1025 r1 |= r2;
1026 r1 ^= r3;
1027 r4 ^= r2;
1028 r2 ^= r1;
1029 r3 |= r4;
1030 r3 &= r0;
1031 r4 ^= r2;
1032 r3 ^= r1;
1033 r1 |= r4;
1034 r1 ^= r0;
1035 r0 |= r4;
1036 r0 ^= r2;
1037 r1 ^= r4;
1038 r2 ^= r1;
1039 r1 &= r0;
1040 r1 ^= r4;
1041 r2 = ~r2;
1042 r2 |= r0;
1043 r4 ^= r2;
1044 serpent24SubKeys[i++] = r4;
1045 serpent24SubKeys[i++] = r3;
1046 serpent24SubKeys[i++] = r1;
1047 serpent24SubKeys[i++] = r0;
1048 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (84));
1049 w4 = rotateLeft(tt, 11);
1050 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (84 + 1));
1051 w5 = rotateLeft(tt, 11);
1052 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (84 + 2));
1053 w6 = rotateLeft(tt, 11);
1054 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (84 + 3));
1055 w7 = rotateLeft(tt, 11);
1056 r0 = w4;
1057 r1 = w5;
1058 r2 = w6;
1059 r3 = w7;
1060 r2 = ~r2;
1061 r4 = r3;
1062 r3 &= r0;
1063 r0 ^= r4;
1064 r3 ^= r2;
1065 r2 |= r4;
1066 r1 ^= r3;
1067 r2 ^= r0;
1068 r0 |= r1;
1069 r2 ^= r1;
1070 r4 ^= r0;
1071 r0 |= r3;
1072 r0 ^= r2;
1073 r4 ^= r3;
1074 r4 ^= r0;
1075 r3 = ~r3;
1076 r2 &= r4;
1077 r2 ^= r3;
1078 serpent24SubKeys[i++] = r0;
1079 serpent24SubKeys[i++] = r1;
1080 serpent24SubKeys[i++] = r4;
1081 serpent24SubKeys[i++] = r2;
1082 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (88));
1083 w0 = rotateLeft(tt, 11);
1084 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (88 + 1));
1085 w1 = rotateLeft(tt, 11);
1086 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (88 + 2));
1087 w2 = rotateLeft(tt, 11);
1088 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (88 + 3));
1089 w3 = rotateLeft(tt, 11);
1090 r0 = w0;
1091 r1 = w1;
1092 r2 = w2;
1093 r3 = w3;
1094 r0 ^= r1;
1095 r1 ^= r3;
1096 r3 = ~r3;
1097 r4 = r1;
1098 r1 &= r0;
1099 r2 ^= r3;
1100 r1 ^= r2;
1101 r2 |= r4;
1102 r4 ^= r3;
1103 r3 &= r1;
1104 r3 ^= r0;
1105 r4 ^= r1;
1106 r4 ^= r2;
1107 r2 ^= r0;
1108 r0 &= r3;
1109 r2 = ~r2;
1110 r0 ^= r4;
1111 r4 |= r3;
1112 r2 ^= r4;
1113 serpent24SubKeys[i++] = r1;
1114 serpent24SubKeys[i++] = r3;
1115 serpent24SubKeys[i++] = r0;
1116 serpent24SubKeys[i++] = r2;
1117 tt = w4 ^ w7 ^ w1 ^ w3 ^ (0x9E3779B9 ^ (92));
1118 w4 = rotateLeft(tt, 11);
1119 tt = w5 ^ w0 ^ w2 ^ w4 ^ (0x9E3779B9 ^ (92 + 1));
1120 w5 = rotateLeft(tt, 11);
1121 tt = w6 ^ w1 ^ w3 ^ w5 ^ (0x9E3779B9 ^ (92 + 2));
1122 w6 = rotateLeft(tt, 11);
1123 tt = w7 ^ w2 ^ w4 ^ w6 ^ (0x9E3779B9 ^ (92 + 3));
1124 w7 = rotateLeft(tt, 11);
1125 r0 = w4;
1126 r1 = w5;
1127 r2 = w6;
1128 r3 = w7;
1129 r1 ^= r3;
1130 r3 = ~r3;
1131 r2 ^= r3;
1132 r3 ^= r0;
1133 r4 = r1;
1134 r1 &= r3;
1135 r1 ^= r2;
1136 r4 ^= r3;
1137 r0 ^= r4;
1138 r2 &= r4;
1139 r2 ^= r0;
1140 r0 &= r1;
1141 r3 ^= r0;
1142 r4 |= r1;
1143 r4 ^= r0;
1144 r0 |= r3;
1145 r0 ^= r2;
1146 r2 &= r3;
1147 r0 = ~r0;
1148 r4 ^= r2;
1149 serpent24SubKeys[i++] = r1;
1150 serpent24SubKeys[i++] = r4;
1151 serpent24SubKeys[i++] = r0;
1152 serpent24SubKeys[i++] = r3;
1153 tt = w0 ^ w3 ^ w5 ^ w7 ^ (0x9E3779B9 ^ (96));
1154 w0 = rotateLeft(tt, 11);
1155 tt = w1 ^ w4 ^ w6 ^ w0 ^ (0x9E3779B9 ^ (96 + 1));
1156 w1 = rotateLeft(tt, 11);
1157 tt = w2 ^ w5 ^ w7 ^ w1 ^ (0x9E3779B9 ^ (96 + 2));
1158 w2 = rotateLeft(tt, 11);
1159 tt = w3 ^ w6 ^ w0 ^ w2 ^ (0x9E3779B9 ^ (96 + 3));
1160 w3 = rotateLeft(tt, 11);
1161 r0 = w0;
1162 r1 = w1;
1163 r2 = w2;
1164 r3 = w3;
1165 r4 = r0;
1166 r0 |= r3;
1167 r3 ^= r1;
1168 r1 &= r4;
1169 r4 ^= r2;
1170 r2 ^= r3;
1171 r3 &= r0;
1172 r4 |= r1;
1173 r3 ^= r4;
1174 r0 ^= r1;
1175 r4 &= r0;
1176 r1 ^= r3;
1177 r4 ^= r2;
1178 r1 |= r0;
1179 r1 ^= r2;
1180 r0 ^= r3;
1181 r2 = r1;
1182 r1 |= r3;
1183 r1 ^= r0;
1184 serpent24SubKeys[i++] = r1;
1185 serpent24SubKeys[i++] = r2;
1186 serpent24SubKeys[i++] = r3;
1187 serpent24SubKeys[i++] = r4;
1188 }
1189
1190
1191
1192
1193
1194
1195
1196
1197 @SuppressWarnings("checkstyle:MethodLength")
1198 public void setIV(final byte[] iv) {
1199 byte[] myIV = iv;
1200 if (myIV == null) {
1201 myIV = new byte[0];
1202 }
1203 if (myIV.length > 16) {
1204 throw new IllegalArgumentException("bad IV length: " + myIV.length);
1205 }
1206 final byte[] piv;
1207 if (myIV.length == 16) {
1208 piv = myIV;
1209 } else {
1210 piv = new byte[16];
1211 System.arraycopy(myIV, 0, piv, 0, myIV.length);
1212 for (int i = myIV.length; i < piv.length; i++) {
1213 piv[i] = 0x00;
1214 }
1215 }
1216
1217 int r0 = decode32le(piv, 0);
1218 int r1 = decode32le(piv, 4);
1219 int r2 = decode32le(piv, 8);
1220 int r3 = decode32le(piv, 12);
1221 int r4;
1222
1223 r0 ^= serpent24SubKeys[0];
1224 r1 ^= serpent24SubKeys[0 + 1];
1225 r2 ^= serpent24SubKeys[0 + 2];
1226 r3 ^= serpent24SubKeys[0 + 3];
1227 r3 ^= r0;
1228 r4 = r1;
1229 r1 &= r3;
1230 r4 ^= r2;
1231 r1 ^= r0;
1232 r0 |= r3;
1233 r0 ^= r4;
1234 r4 ^= r3;
1235 r3 ^= r2;
1236 r2 |= r1;
1237 r2 ^= r4;
1238 r4 = ~r4;
1239 r4 |= r1;
1240 r1 ^= r3;
1241 r1 ^= r4;
1242 r3 |= r0;
1243 r1 ^= r3;
1244 r4 ^= r3;
1245 r1 = rotateLeft(r1, 13);
1246 r2 = rotateLeft(r2, 3);
1247 r4 = r4 ^ r1 ^ r2;
1248 r0 = r0 ^ r2 ^ (r1 << 3);
1249 r4 = rotateLeft(r4, 1);
1250 r0 = rotateLeft(r0, 7);
1251 r1 = r1 ^ r4 ^ r0;
1252 r2 = r2 ^ r0 ^ (r4 << 7);
1253 r1 = rotateLeft(r1, 5);
1254 r2 = rotateLeft(r2, 22);
1255 r1 ^= serpent24SubKeys[4];
1256 r4 ^= serpent24SubKeys[4 + 1];
1257 r2 ^= serpent24SubKeys[4 + 2];
1258 r0 ^= serpent24SubKeys[4 + 3];
1259 r1 = ~r1;
1260 r2 = ~r2;
1261 r3 = r1;
1262 r1 &= r4;
1263 r2 ^= r1;
1264 r1 |= r0;
1265 r0 ^= r2;
1266 r4 ^= r1;
1267 r1 ^= r3;
1268 r3 |= r4;
1269 r4 ^= r0;
1270 r2 |= r1;
1271 r2 &= r3;
1272 r1 ^= r4;
1273 r4 &= r2;
1274 r4 ^= r1;
1275 r1 &= r2;
1276 r1 ^= r3;
1277 r2 = rotateLeft(r2, 13);
1278 r0 = rotateLeft(r0, 3);
1279 r1 = r1 ^ r2 ^ r0;
1280 r4 = r4 ^ r0 ^ (r2 << 3);
1281 r1 = rotateLeft(r1, 1);
1282 r4 = rotateLeft(r4, 7);
1283 r2 = r2 ^ r1 ^ r4;
1284 r0 = r0 ^ r4 ^ (r1 << 7);
1285 r2 = rotateLeft(r2, 5);
1286 r0 = rotateLeft(r0, 22);
1287 r2 ^= serpent24SubKeys[8];
1288 r1 ^= serpent24SubKeys[8 + 1];
1289 r0 ^= serpent24SubKeys[8 + 2];
1290 r4 ^= serpent24SubKeys[8 + 3];
1291 r3 = r2;
1292 r2 &= r0;
1293 r2 ^= r4;
1294 r0 ^= r1;
1295 r0 ^= r2;
1296 r4 |= r3;
1297 r4 ^= r1;
1298 r3 ^= r0;
1299 r1 = r4;
1300 r4 |= r3;
1301 r4 ^= r2;
1302 r2 &= r1;
1303 r3 ^= r2;
1304 r1 ^= r4;
1305 r1 ^= r3;
1306 r3 = ~r3;
1307 r0 = rotateLeft(r0, 13);
1308 r1 = rotateLeft(r1, 3);
1309 r4 = r4 ^ r0 ^ r1;
1310 r3 = r3 ^ r1 ^ (r0 << 3);
1311 r4 = rotateLeft(r4, 1);
1312 r3 = rotateLeft(r3, 7);
1313 r0 = r0 ^ r4 ^ r3;
1314 r1 = r1 ^ r3 ^ (r4 << 7);
1315 r0 = rotateLeft(r0, 5);
1316 r1 = rotateLeft(r1, 22);
1317 r0 ^= serpent24SubKeys[12];
1318 r4 ^= serpent24SubKeys[12 + 1];
1319 r1 ^= serpent24SubKeys[12 + 2];
1320 r3 ^= serpent24SubKeys[12 + 3];
1321 r2 = r0;
1322 r0 |= r3;
1323 r3 ^= r4;
1324 r4 &= r2;
1325 r2 ^= r1;
1326 r1 ^= r3;
1327 r3 &= r0;
1328 r2 |= r4;
1329 r3 ^= r2;
1330 r0 ^= r4;
1331 r2 &= r0;
1332 r4 ^= r3;
1333 r2 ^= r1;
1334 r4 |= r0;
1335 r4 ^= r1;
1336 r0 ^= r3;
1337 r1 = r4;
1338 r4 |= r3;
1339 r4 ^= r0;
1340 r4 = rotateLeft(r4, 13);
1341 r3 = rotateLeft(r3, 3);
1342 r1 = r1 ^ r4 ^ r3;
1343 r2 = r2 ^ r3 ^ (r4 << 3);
1344 r1 = rotateLeft(r1, 1);
1345 r2 = rotateLeft(r2, 7);
1346 r4 = r4 ^ r1 ^ r2;
1347 r3 = r3 ^ r2 ^ (r1 << 7);
1348 r4 = rotateLeft(r4, 5);
1349 r3 = rotateLeft(r3, 22);
1350 r4 ^= serpent24SubKeys[16];
1351 r1 ^= serpent24SubKeys[16 + 1];
1352 r3 ^= serpent24SubKeys[16 + 2];
1353 r2 ^= serpent24SubKeys[16 + 3];
1354 r1 ^= r2;
1355 r2 = ~r2;
1356 r3 ^= r2;
1357 r2 ^= r4;
1358 r0 = r1;
1359 r1 &= r2;
1360 r1 ^= r3;
1361 r0 ^= r2;
1362 r4 ^= r0;
1363 r3 &= r0;
1364 r3 ^= r4;
1365 r4 &= r1;
1366 r2 ^= r4;
1367 r0 |= r1;
1368 r0 ^= r4;
1369 r4 |= r2;
1370 r4 ^= r3;
1371 r3 &= r2;
1372 r4 = ~r4;
1373 r0 ^= r3;
1374 r1 = rotateLeft(r1, 13);
1375 r4 = rotateLeft(r4, 3);
1376 r0 = r0 ^ r1 ^ r4;
1377 r2 = r2 ^ r4 ^ (r1 << 3);
1378 r0 = rotateLeft(r0, 1);
1379 r2 = rotateLeft(r2, 7);
1380 r1 = r1 ^ r0 ^ r2;
1381 r4 = r4 ^ r2 ^ (r0 << 7);
1382 r1 = rotateLeft(r1, 5);
1383 r4 = rotateLeft(r4, 22);
1384 r1 ^= serpent24SubKeys[20];
1385 r0 ^= serpent24SubKeys[20 + 1];
1386 r4 ^= serpent24SubKeys[20 + 2];
1387 r2 ^= serpent24SubKeys[20 + 3];
1388 r1 ^= r0;
1389 r0 ^= r2;
1390 r2 = ~r2;
1391 r3 = r0;
1392 r0 &= r1;
1393 r4 ^= r2;
1394 r0 ^= r4;
1395 r4 |= r3;
1396 r3 ^= r2;
1397 r2 &= r0;
1398 r2 ^= r1;
1399 r3 ^= r0;
1400 r3 ^= r4;
1401 r4 ^= r1;
1402 r1 &= r2;
1403 r4 = ~r4;
1404 r1 ^= r3;
1405 r3 |= r2;
1406 r4 ^= r3;
1407 r0 = rotateLeft(r0, 13);
1408 r1 = rotateLeft(r1, 3);
1409 r2 = r2 ^ r0 ^ r1;
1410 r4 = r4 ^ r1 ^ (r0 << 3);
1411 r2 = rotateLeft(r2, 1);
1412 r4 = rotateLeft(r4, 7);
1413 r0 = r0 ^ r2 ^ r4;
1414 r1 = r1 ^ r4 ^ (r2 << 7);
1415 r0 = rotateLeft(r0, 5);
1416 r1 = rotateLeft(r1, 22);
1417 r0 ^= serpent24SubKeys[24];
1418 r2 ^= serpent24SubKeys[24 + 1];
1419 r1 ^= serpent24SubKeys[24 + 2];
1420 r4 ^= serpent24SubKeys[24 + 3];
1421 r1 = ~r1;
1422 r3 = r4;
1423 r4 &= r0;
1424 r0 ^= r3;
1425 r4 ^= r1;
1426 r1 |= r3;
1427 r2 ^= r4;
1428 r1 ^= r0;
1429 r0 |= r2;
1430 r1 ^= r2;
1431 r3 ^= r0;
1432 r0 |= r4;
1433 r0 ^= r1;
1434 r3 ^= r4;
1435 r3 ^= r0;
1436 r4 = ~r4;
1437 r1 &= r3;
1438 r1 ^= r4;
1439 r0 = rotateLeft(r0, 13);
1440 r3 = rotateLeft(r3, 3);
1441 r2 = r2 ^ r0 ^ r3;
1442 r1 = r1 ^ r3 ^ (r0 << 3);
1443 r2 = rotateLeft(r2, 1);
1444 r1 = rotateLeft(r1, 7);
1445 r0 = r0 ^ r2 ^ r1;
1446 r3 = r3 ^ r1 ^ (r2 << 7);
1447 r0 = rotateLeft(r0, 5);
1448 r3 = rotateLeft(r3, 22);
1449 r0 ^= serpent24SubKeys[28];
1450 r2 ^= serpent24SubKeys[28 + 1];
1451 r3 ^= serpent24SubKeys[28 + 2];
1452 r1 ^= serpent24SubKeys[28 + 3];
1453 r4 = r2;
1454 r2 |= r3;
1455 r2 ^= r1;
1456 r4 ^= r3;
1457 r3 ^= r2;
1458 r1 |= r4;
1459 r1 &= r0;
1460 r4 ^= r3;
1461 r1 ^= r2;
1462 r2 |= r4;
1463 r2 ^= r0;
1464 r0 |= r4;
1465 r0 ^= r3;
1466 r2 ^= r4;
1467 r3 ^= r2;
1468 r2 &= r0;
1469 r2 ^= r4;
1470 r3 = ~r3;
1471 r3 |= r0;
1472 r4 ^= r3;
1473 r4 = rotateLeft(r4, 13);
1474 r2 = rotateLeft(r2, 3);
1475 r1 = r1 ^ r4 ^ r2;
1476 r0 = r0 ^ r2 ^ (r4 << 3);
1477 r1 = rotateLeft(r1, 1);
1478 r0 = rotateLeft(r0, 7);
1479 r4 = r4 ^ r1 ^ r0;
1480 r2 = r2 ^ r0 ^ (r1 << 7);
1481 r4 = rotateLeft(r4, 5);
1482 r2 = rotateLeft(r2, 22);
1483 r4 ^= serpent24SubKeys[32];
1484 r1 ^= serpent24SubKeys[32 + 1];
1485 r2 ^= serpent24SubKeys[32 + 2];
1486 r0 ^= serpent24SubKeys[32 + 3];
1487 r0 ^= r4;
1488 r3 = r1;
1489 r1 &= r0;
1490 r3 ^= r2;
1491 r1 ^= r4;
1492 r4 |= r0;
1493 r4 ^= r3;
1494 r3 ^= r0;
1495 r0 ^= r2;
1496 r2 |= r1;
1497 r2 ^= r3;
1498 r3 = ~r3;
1499 r3 |= r1;
1500 r1 ^= r0;
1501 r1 ^= r3;
1502 r0 |= r4;
1503 r1 ^= r0;
1504 r3 ^= r0;
1505 r1 = rotateLeft(r1, 13);
1506 r2 = rotateLeft(r2, 3);
1507 r3 = r3 ^ r1 ^ r2;
1508 r4 = r4 ^ r2 ^ (r1 << 3);
1509 r3 = rotateLeft(r3, 1);
1510 r4 = rotateLeft(r4, 7);
1511 r1 = r1 ^ r3 ^ r4;
1512 r2 = r2 ^ r4 ^ (r3 << 7);
1513 r1 = rotateLeft(r1, 5);
1514 r2 = rotateLeft(r2, 22);
1515 r1 ^= serpent24SubKeys[36];
1516 r3 ^= serpent24SubKeys[36 + 1];
1517 r2 ^= serpent24SubKeys[36 + 2];
1518 r4 ^= serpent24SubKeys[36 + 3];
1519 r1 = ~r1;
1520 r2 = ~r2;
1521 r0 = r1;
1522 r1 &= r3;
1523 r2 ^= r1;
1524 r1 |= r4;
1525 r4 ^= r2;
1526 r3 ^= r1;
1527 r1 ^= r0;
1528 r0 |= r3;
1529 r3 ^= r4;
1530 r2 |= r1;
1531 r2 &= r0;
1532 r1 ^= r3;
1533 r3 &= r2;
1534 r3 ^= r1;
1535 r1 &= r2;
1536 r1 ^= r0;
1537 r2 = rotateLeft(r2, 13);
1538 r4 = rotateLeft(r4, 3);
1539 r1 = r1 ^ r2 ^ r4;
1540 r3 = r3 ^ r4 ^ (r2 << 3);
1541 r1 = rotateLeft(r1, 1);
1542 r3 = rotateLeft(r3, 7);
1543 r2 = r2 ^ r1 ^ r3;
1544 r4 = r4 ^ r3 ^ (r1 << 7);
1545 r2 = rotateLeft(r2, 5);
1546 r4 = rotateLeft(r4, 22);
1547 r2 ^= serpent24SubKeys[40];
1548 r1 ^= serpent24SubKeys[40 + 1];
1549 r4 ^= serpent24SubKeys[40 + 2];
1550 r3 ^= serpent24SubKeys[40 + 3];
1551 r0 = r2;
1552 r2 &= r4;
1553 r2 ^= r3;
1554 r4 ^= r1;
1555 r4 ^= r2;
1556 r3 |= r0;
1557 r3 ^= r1;
1558 r0 ^= r4;
1559 r1 = r3;
1560 r3 |= r0;
1561 r3 ^= r2;
1562 r2 &= r1;
1563 r0 ^= r2;
1564 r1 ^= r3;
1565 r1 ^= r0;
1566 r0 = ~r0;
1567 r4 = rotateLeft(r4, 13);
1568 r1 = rotateLeft(r1, 3);
1569 r3 = r3 ^ r4 ^ r1;
1570 r0 = r0 ^ r1 ^ (r4 << 3);
1571 r3 = rotateLeft(r3, 1);
1572 r0 = rotateLeft(r0, 7);
1573 r4 = r4 ^ r3 ^ r0;
1574 r1 = r1 ^ r0 ^ (r3 << 7);
1575 r4 = rotateLeft(r4, 5);
1576 r1 = rotateLeft(r1, 22);
1577 r4 ^= serpent24SubKeys[44];
1578 r3 ^= serpent24SubKeys[44 + 1];
1579 r1 ^= serpent24SubKeys[44 + 2];
1580 r0 ^= serpent24SubKeys[44 + 3];
1581 r2 = r4;
1582 r4 |= r0;
1583 r0 ^= r3;
1584 r3 &= r2;
1585 r2 ^= r1;
1586 r1 ^= r0;
1587 r0 &= r4;
1588 r2 |= r3;
1589 r0 ^= r2;
1590 r4 ^= r3;
1591 r2 &= r4;
1592 r3 ^= r0;
1593 r2 ^= r1;
1594 r3 |= r4;
1595 r3 ^= r1;
1596 r4 ^= r0;
1597 r1 = r3;
1598 r3 |= r0;
1599 r3 ^= r4;
1600 r3 = rotateLeft(r3, 13);
1601 r0 = rotateLeft(r0, 3);
1602 r1 = r1 ^ r3 ^ r0;
1603 r2 = r2 ^ r0 ^ (r3 << 3);
1604 r1 = rotateLeft(r1, 1);
1605 r2 = rotateLeft(r2, 7);
1606 r3 = r3 ^ r1 ^ r2;
1607 r0 = r0 ^ r2 ^ (r1 << 7);
1608 r3 = rotateLeft(r3, 5);
1609 r0 = rotateLeft(r0, 22);
1610 lfsr9 = r3;
1611 lfsr8 = r1;
1612 lfsr7 = r0;
1613 lfsr6 = r2;
1614 r3 ^= serpent24SubKeys[48];
1615 r1 ^= serpent24SubKeys[48 + 1];
1616 r0 ^= serpent24SubKeys[48 + 2];
1617 r2 ^= serpent24SubKeys[48 + 3];
1618 r1 ^= r2;
1619 r2 = ~r2;
1620 r0 ^= r2;
1621 r2 ^= r3;
1622 r4 = r1;
1623 r1 &= r2;
1624 r1 ^= r0;
1625 r4 ^= r2;
1626 r3 ^= r4;
1627 r0 &= r4;
1628 r0 ^= r3;
1629 r3 &= r1;
1630 r2 ^= r3;
1631 r4 |= r1;
1632 r4 ^= r3;
1633 r3 |= r2;
1634 r3 ^= r0;
1635 r0 &= r2;
1636 r3 = ~r3;
1637 r4 ^= r0;
1638 r1 = rotateLeft(r1, 13);
1639 r3 = rotateLeft(r3, 3);
1640 r4 = r4 ^ r1 ^ r3;
1641 r2 = r2 ^ r3 ^ (r1 << 3);
1642 r4 = rotateLeft(r4, 1);
1643 r2 = rotateLeft(r2, 7);
1644 r1 = r1 ^ r4 ^ r2;
1645 r3 = r3 ^ r2 ^ (r4 << 7);
1646 r1 = rotateLeft(r1, 5);
1647 r3 = rotateLeft(r3, 22);
1648 r1 ^= serpent24SubKeys[52];
1649 r4 ^= serpent24SubKeys[52 + 1];
1650 r3 ^= serpent24SubKeys[52 + 2];
1651 r2 ^= serpent24SubKeys[52 + 3];
1652 r1 ^= r4;
1653 r4 ^= r2;
1654 r2 = ~r2;
1655 r0 = r4;
1656 r4 &= r1;
1657 r3 ^= r2;
1658 r4 ^= r3;
1659 r3 |= r0;
1660 r0 ^= r2;
1661 r2 &= r4;
1662 r2 ^= r1;
1663 r0 ^= r4;
1664 r0 ^= r3;
1665 r3 ^= r1;
1666 r1 &= r2;
1667 r3 = ~r3;
1668 r1 ^= r0;
1669 r0 |= r2;
1670 r3 ^= r0;
1671 r4 = rotateLeft(r4, 13);
1672 r1 = rotateLeft(r1, 3);
1673 r2 = r2 ^ r4 ^ r1;
1674 r3 = r3 ^ r1 ^ (r4 << 3);
1675 r2 = rotateLeft(r2, 1);
1676 r3 = rotateLeft(r3, 7);
1677 r4 = r4 ^ r2 ^ r3;
1678 r1 = r1 ^ r3 ^ (r2 << 7);
1679 r4 = rotateLeft(r4, 5);
1680 r1 = rotateLeft(r1, 22);
1681 r4 ^= serpent24SubKeys[56];
1682 r2 ^= serpent24SubKeys[56 + 1];
1683 r1 ^= serpent24SubKeys[56 + 2];
1684 r3 ^= serpent24SubKeys[56 + 3];
1685 r1 = ~r1;
1686 r0 = r3;
1687 r3 &= r4;
1688 r4 ^= r0;
1689 r3 ^= r1;
1690 r1 |= r0;
1691 r2 ^= r3;
1692 r1 ^= r4;
1693 r4 |= r2;
1694 r1 ^= r2;
1695 r0 ^= r4;
1696 r4 |= r3;
1697 r4 ^= r1;
1698 r0 ^= r3;
1699 r0 ^= r4;
1700 r3 = ~r3;
1701 r1 &= r0;
1702 r1 ^= r3;
1703 r4 = rotateLeft(r4, 13);
1704 r0 = rotateLeft(r0, 3);
1705 r2 = r2 ^ r4 ^ r0;
1706 r1 = r1 ^ r0 ^ (r4 << 3);
1707 r2 = rotateLeft(r2, 1);
1708 r1 = rotateLeft(r1, 7);
1709 r4 = r4 ^ r2 ^ r1;
1710 r0 = r0 ^ r1 ^ (r2 << 7);
1711 r4 = rotateLeft(r4, 5);
1712 r0 = rotateLeft(r0, 22);
1713 r4 ^= serpent24SubKeys[60];
1714 r2 ^= serpent24SubKeys[60 + 1];
1715 r0 ^= serpent24SubKeys[60 + 2];
1716 r1 ^= serpent24SubKeys[60 + 3];
1717 r3 = r2;
1718 r2 |= r0;
1719 r2 ^= r1;
1720 r3 ^= r0;
1721 r0 ^= r2;
1722 r1 |= r3;
1723 r1 &= r4;
1724 r3 ^= r0;
1725 r1 ^= r2;
1726 r2 |= r3;
1727 r2 ^= r4;
1728 r4 |= r3;
1729 r4 ^= r0;
1730 r2 ^= r3;
1731 r0 ^= r2;
1732 r2 &= r4;
1733 r2 ^= r3;
1734 r0 = ~r0;
1735 r0 |= r4;
1736 r3 ^= r0;
1737 r3 = rotateLeft(r3, 13);
1738 r2 = rotateLeft(r2, 3);
1739 r1 = r1 ^ r3 ^ r2;
1740 r4 = r4 ^ r2 ^ (r3 << 3);
1741 r1 = rotateLeft(r1, 1);
1742 r4 = rotateLeft(r4, 7);
1743 r3 = r3 ^ r1 ^ r4;
1744 r2 = r2 ^ r4 ^ (r1 << 7);
1745 r3 = rotateLeft(r3, 5);
1746 r2 = rotateLeft(r2, 22);
1747 r3 ^= serpent24SubKeys[64];
1748 r1 ^= serpent24SubKeys[64 + 1];
1749 r2 ^= serpent24SubKeys[64 + 2];
1750 r4 ^= serpent24SubKeys[64 + 3];
1751 r4 ^= r3;
1752 r0 = r1;
1753 r1 &= r4;
1754 r0 ^= r2;
1755 r1 ^= r3;
1756 r3 |= r4;
1757 r3 ^= r0;
1758 r0 ^= r4;
1759 r4 ^= r2;
1760 r2 |= r1;
1761 r2 ^= r0;
1762 r0 = ~r0;
1763 r0 |= r1;
1764 r1 ^= r4;
1765 r1 ^= r0;
1766 r4 |= r3;
1767 r1 ^= r4;
1768 r0 ^= r4;
1769 r1 = rotateLeft(r1, 13);
1770 r2 = rotateLeft(r2, 3);
1771 r0 = r0 ^ r1 ^ r2;
1772 r3 = r3 ^ r2 ^ (r1 << 3);
1773 r0 = rotateLeft(r0, 1);
1774 r3 = rotateLeft(r3, 7);
1775 r1 = r1 ^ r0 ^ r3;
1776 r2 = r2 ^ r3 ^ (r0 << 7);
1777 r1 = rotateLeft(r1, 5);
1778 r2 = rotateLeft(r2, 22);
1779 r1 ^= serpent24SubKeys[68];
1780 r0 ^= serpent24SubKeys[68 + 1];
1781 r2 ^= serpent24SubKeys[68 + 2];
1782 r3 ^= serpent24SubKeys[68 + 3];
1783 r1 = ~r1;
1784 r2 = ~r2;
1785 r4 = r1;
1786 r1 &= r0;
1787 r2 ^= r1;
1788 r1 |= r3;
1789 r3 ^= r2;
1790 r0 ^= r1;
1791 r1 ^= r4;
1792 r4 |= r0;
1793 r0 ^= r3;
1794 r2 |= r1;
1795 r2 &= r4;
1796 r1 ^= r0;
1797 r0 &= r2;
1798 r0 ^= r1;
1799 r1 &= r2;
1800 r1 ^= r4;
1801 r2 = rotateLeft(r2, 13);
1802 r3 = rotateLeft(r3, 3);
1803 r1 = r1 ^ r2 ^ r3;
1804 r0 = r0 ^ r3 ^ (r2 << 3);
1805 r1 = rotateLeft(r1, 1);
1806 r0 = rotateLeft(r0, 7);
1807 r2 = r2 ^ r1 ^ r0;
1808 r3 = r3 ^ r0 ^ (r1 << 7);
1809 r2 = rotateLeft(r2, 5);
1810 r3 = rotateLeft(r3, 22);
1811 fsmR1 = r2;
1812 lfsr4 = r1;
1813 fsmR2 = r3;
1814 lfsr5 = r0;
1815 r2 ^= serpent24SubKeys[72];
1816 r1 ^= serpent24SubKeys[72 + 1];
1817 r3 ^= serpent24SubKeys[72 + 2];
1818 r0 ^= serpent24SubKeys[72 + 3];
1819 r4 = r2;
1820 r2 &= r3;
1821 r2 ^= r0;
1822 r3 ^= r1;
1823 r3 ^= r2;
1824 r0 |= r4;
1825 r0 ^= r1;
1826 r4 ^= r3;
1827 r1 = r0;
1828 r0 |= r4;
1829 r0 ^= r2;
1830 r2 &= r1;
1831 r4 ^= r2;
1832 r1 ^= r0;
1833 r1 ^= r4;
1834 r4 = ~r4;
1835 r3 = rotateLeft(r3, 13);
1836 r1 = rotateLeft(r1, 3);
1837 r0 = r0 ^ r3 ^ r1;
1838 r4 = r4 ^ r1 ^ (r3 << 3);
1839 r0 = rotateLeft(r0, 1);
1840 r4 = rotateLeft(r4, 7);
1841 r3 = r3 ^ r0 ^ r4;
1842 r1 = r1 ^ r4 ^ (r0 << 7);
1843 r3 = rotateLeft(r3, 5);
1844 r1 = rotateLeft(r1, 22);
1845 r3 ^= serpent24SubKeys[76];
1846 r0 ^= serpent24SubKeys[76 + 1];
1847 r1 ^= serpent24SubKeys[76 + 2];
1848 r4 ^= serpent24SubKeys[76 + 3];
1849 r2 = r3;
1850 r3 |= r4;
1851 r4 ^= r0;
1852 r0 &= r2;
1853 r2 ^= r1;
1854 r1 ^= r4;
1855 r4 &= r3;
1856 r2 |= r0;
1857 r4 ^= r2;
1858 r3 ^= r0;
1859 r2 &= r3;
1860 r0 ^= r4;
1861 r2 ^= r1;
1862 r0 |= r3;
1863 r0 ^= r1;
1864 r3 ^= r4;
1865 r1 = r0;
1866 r0 |= r4;
1867 r0 ^= r3;
1868 r0 = rotateLeft(r0, 13);
1869 r4 = rotateLeft(r4, 3);
1870 r1 = r1 ^ r0 ^ r4;
1871 r2 = r2 ^ r4 ^ (r0 << 3);
1872 r1 = rotateLeft(r1, 1);
1873 r2 = rotateLeft(r2, 7);
1874 r0 = r0 ^ r1 ^ r2;
1875 r4 = r4 ^ r2 ^ (r1 << 7);
1876 r0 = rotateLeft(r0, 5);
1877 r4 = rotateLeft(r4, 22);
1878 r0 ^= serpent24SubKeys[80];
1879 r1 ^= serpent24SubKeys[80 + 1];
1880 r4 ^= serpent24SubKeys[80 + 2];
1881 r2 ^= serpent24SubKeys[80 + 3];
1882 r1 ^= r2;
1883 r2 = ~r2;
1884 r4 ^= r2;
1885 r2 ^= r0;
1886 r3 = r1;
1887 r1 &= r2;
1888 r1 ^= r4;
1889 r3 ^= r2;
1890 r0 ^= r3;
1891 r4 &= r3;
1892 r4 ^= r0;
1893 r0 &= r1;
1894 r2 ^= r0;
1895 r3 |= r1;
1896 r3 ^= r0;
1897 r0 |= r2;
1898 r0 ^= r4;
1899 r4 &= r2;
1900 r0 = ~r0;
1901 r3 ^= r4;
1902 r1 = rotateLeft(r1, 13);
1903 r0 = rotateLeft(r0, 3);
1904 r3 = r3 ^ r1 ^ r0;
1905 r2 = r2 ^ r0 ^ (r1 << 3);
1906 r3 = rotateLeft(r3, 1);
1907 r2 = rotateLeft(r2, 7);
1908 r1 = r1 ^ r3 ^ r2;
1909 r0 = r0 ^ r2 ^ (r3 << 7);
1910 r1 = rotateLeft(r1, 5);
1911 r0 = rotateLeft(r0, 22);
1912 r1 ^= serpent24SubKeys[84];
1913 r3 ^= serpent24SubKeys[84 + 1];
1914 r0 ^= serpent24SubKeys[84 + 2];
1915 r2 ^= serpent24SubKeys[84 + 3];
1916 r1 ^= r3;
1917 r3 ^= r2;
1918 r2 = ~r2;
1919 r4 = r3;
1920 r3 &= r1;
1921 r0 ^= r2;
1922 r3 ^= r0;
1923 r0 |= r4;
1924 r4 ^= r2;
1925 r2 &= r3;
1926 r2 ^= r1;
1927 r4 ^= r3;
1928 r4 ^= r0;
1929 r0 ^= r1;
1930 r1 &= r2;
1931 r0 = ~r0;
1932 r1 ^= r4;
1933 r4 |= r2;
1934 r0 ^= r4;
1935 r3 = rotateLeft(r3, 13);
1936 r1 = rotateLeft(r1, 3);
1937 r2 = r2 ^ r3 ^ r1;
1938 r0 = r0 ^ r1 ^ (r3 << 3);
1939 r2 = rotateLeft(r2, 1);
1940 r0 = rotateLeft(r0, 7);
1941 r3 = r3 ^ r2 ^ r0;
1942 r1 = r1 ^ r0 ^ (r2 << 7);
1943 r3 = rotateLeft(r3, 5);
1944 r1 = rotateLeft(r1, 22);
1945 r3 ^= serpent24SubKeys[88];
1946 r2 ^= serpent24SubKeys[88 + 1];
1947 r1 ^= serpent24SubKeys[88 + 2];
1948 r0 ^= serpent24SubKeys[88 + 3];
1949 r1 = ~r1;
1950 r4 = r0;
1951 r0 &= r3;
1952 r3 ^= r4;
1953 r0 ^= r1;
1954 r1 |= r4;
1955 r2 ^= r0;
1956 r1 ^= r3;
1957 r3 |= r2;
1958 r1 ^= r2;
1959 r4 ^= r3;
1960 r3 |= r0;
1961 r3 ^= r1;
1962 r4 ^= r0;
1963 r4 ^= r3;
1964 r0 = ~r0;
1965 r1 &= r4;
1966 r1 ^= r0;
1967 r3 = rotateLeft(r3, 13);
1968 r4 = rotateLeft(r4, 3);
1969 r2 = r2 ^ r3 ^ r4;
1970 r1 = r1 ^ r4 ^ (r3 << 3);
1971 r2 = rotateLeft(r2, 1);
1972 r1 = rotateLeft(r1, 7);
1973 r3 = r3 ^ r2 ^ r1;
1974 r4 = r4 ^ r1 ^ (r2 << 7);
1975 r3 = rotateLeft(r3, 5);
1976 r4 = rotateLeft(r4, 22);
1977 r3 ^= serpent24SubKeys[92];
1978 r2 ^= serpent24SubKeys[92 + 1];
1979 r4 ^= serpent24SubKeys[92 + 2];
1980 r1 ^= serpent24SubKeys[92 + 3];
1981 r0 = r2;
1982 r2 |= r4;
1983 r2 ^= r1;
1984 r0 ^= r4;
1985 r4 ^= r2;
1986 r1 |= r0;
1987 r1 &= r3;
1988 r0 ^= r4;
1989 r1 ^= r2;
1990 r2 |= r0;
1991 r2 ^= r3;
1992 r3 |= r0;
1993 r3 ^= r4;
1994 r2 ^= r0;
1995 r4 ^= r2;
1996 r2 &= r3;
1997 r2 ^= r0;
1998 r4 = ~r4;
1999 r4 |= r3;
2000 r0 ^= r4;
2001 r0 = rotateLeft(r0, 13);
2002 r2 = rotateLeft(r2, 3);
2003 r1 = r1 ^ r0 ^ r2;
2004 r3 = r3 ^ r2 ^ (r0 << 3);
2005 r1 = rotateLeft(r1, 1);
2006 r3 = rotateLeft(r3, 7);
2007 r0 = r0 ^ r1 ^ r3;
2008 r2 = r2 ^ r3 ^ (r1 << 7);
2009 r0 = rotateLeft(r0, 5);
2010 r2 = rotateLeft(r2, 22);
2011 r0 ^= serpent24SubKeys[96];
2012 r1 ^= serpent24SubKeys[96 + 1];
2013 r2 ^= serpent24SubKeys[96 + 2];
2014 r3 ^= serpent24SubKeys[96 + 3];
2015 lfsr3 = r0;
2016 lfsr2 = r1;
2017 lfsr1 = r2;
2018 lfsr0 = r3;
2019 }
2020
2021
2022
2023
2024
2025 private static final int[] MUL_ALPHA = new int[256];
2026
2027
2028
2029
2030
2031 private static final int[] DIV_ALPHA = new int[256];
2032
2033 static {
2034
2035
2036
2037
2038
2039
2040 final int[] expb = new int[256];
2041 for (int i = 0, x = 0x01; i < 0xFF; i++) {
2042 expb[i] = x;
2043 x <<= 1;
2044 if (x > 0xFF) {
2045 x ^= 0x1A9;
2046 }
2047 }
2048 expb[0xFF] = 0x00;
2049 final int[] logb = new int[256];
2050 for (int i = 0; i < 0x100; i++) {
2051 logb[expb[i]] = i;
2052 }
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067 MUL_ALPHA[0x00] = 0x00000000;
2068 DIV_ALPHA[0x00] = 0x00000000;
2069 for (int x = 1; x < 0x100; x++) {
2070 final int ex = logb[x];
2071 MUL_ALPHA[x] = (expb[(ex + 23) % 255] << 24)
2072 | (expb[(ex + 245) % 255] << 16)
2073 | (expb[(ex + 48) % 255] << 8)
2074 | expb[(ex + 239) % 255];
2075 DIV_ALPHA[x] = (expb[(ex + 16) % 255] << 24)
2076 | (expb[(ex + 39) % 255] << 16)
2077 | (expb[(ex + 6) % 255] << 8)
2078 | expb[(ex + 64) % 255];
2079 }
2080 }
2081
2082
2083
2084
2085
2086
2087
2088 @SuppressWarnings("checkstyle:MethodLength")
2089 private void makeStreamBlock(final byte[] buf, final int off) {
2090 int s0 = lfsr0;
2091 int s1 = lfsr1;
2092 int s2 = lfsr2;
2093 int s3 = lfsr3;
2094 int s4 = lfsr4;
2095 int s5 = lfsr5;
2096 int s6 = lfsr6;
2097 int s7 = lfsr7;
2098 int s8 = lfsr8;
2099 int s9 = lfsr9;
2100 int r1 = fsmR1;
2101 int r2 = fsmR2;
2102
2103 int tt = r1;
2104 r1 = r2 + (s1 ^ ((r1 & 0x01) != 0 ? s8 : 0));
2105 r2 = rotateLeft(tt * 0x54655307, 7);
2106 int v0 = s0;
2107 s0 = ((s0 << 8) ^ MUL_ALPHA[s0 >>> 24])
2108 ^ ((s3 >>> 8) ^ DIV_ALPHA[s3 & 0xFF]) ^ s9;
2109 int f0 = (s9 + r1) ^ r2;
2110
2111 tt = r1;
2112 r1 = r2 + (s2 ^ ((r1 & 0x01) != 0 ? s9 : 0));
2113 r2 = rotateLeft(tt * 0x54655307, 7);
2114 int v1 = s1;
2115 s1 = ((s1 << 8) ^ MUL_ALPHA[s1 >>> 24])
2116 ^ ((s4 >>> 8) ^ DIV_ALPHA[s4 & 0xFF]) ^ s0;
2117 int f1 = (s0 + r1) ^ r2;
2118
2119 tt = r1;
2120 r1 = r2 + (s3 ^ ((r1 & 0x01) != 0 ? s0 : 0));
2121 r2 = rotateLeft(tt * 0x54655307, 7);
2122 int v2 = s2;
2123 s2 = ((s2 << 8) ^ MUL_ALPHA[s2 >>> 24])
2124 ^ ((s5 >>> 8) ^ DIV_ALPHA[s5 & 0xFF]) ^ s1;
2125 int f2 = (s1 + r1) ^ r2;
2126
2127 tt = r1;
2128 r1 = r2 + (s4 ^ ((r1 & 0x01) != 0 ? s1 : 0));
2129 r2 = rotateLeft(tt * 0x54655307, 7);
2130 int v3 = s3;
2131 s3 = ((s3 << 8) ^ MUL_ALPHA[s3 >>> 24])
2132 ^ ((s6 >>> 8) ^ DIV_ALPHA[s6 & 0xFF]) ^ s2;
2133 int f3 = (s2 + r1) ^ r2;
2134
2135
2136
2137
2138 int f4 = f0;
2139 f0 &= f2;
2140 f0 ^= f3;
2141 f2 ^= f1;
2142 f2 ^= f0;
2143 f3 |= f4;
2144 f3 ^= f1;
2145 f4 ^= f2;
2146 f1 = f3;
2147 f3 |= f4;
2148 f3 ^= f0;
2149 f0 &= f1;
2150 f4 ^= f0;
2151 f1 ^= f3;
2152 f1 ^= f4;
2153 f4 = ~f4;
2154
2155
2156
2157
2158 encode32le(f2 ^ v0, buf, off);
2159 encode32le(f3 ^ v1, buf, off + 4);
2160 encode32le(f1 ^ v2, buf, off + 8);
2161 encode32le(f4 ^ v3, buf, off + 12);
2162
2163 tt = r1;
2164 r1 = r2 + (s5 ^ ((r1 & 0x01) != 0 ? s2 : 0));
2165 r2 = rotateLeft(tt * 0x54655307, 7);
2166 v0 = s4;
2167 s4 = ((s4 << 8) ^ MUL_ALPHA[s4 >>> 24])
2168 ^ ((s7 >>> 8) ^ DIV_ALPHA[s7 & 0xFF]) ^ s3;
2169 f0 = (s3 + r1) ^ r2;
2170
2171 tt = r1;
2172 r1 = r2 + (s6 ^ ((r1 & 0x01) != 0 ? s3 : 0));
2173 r2 = rotateLeft(tt * 0x54655307, 7);
2174 v1 = s5;
2175 s5 = ((s5 << 8) ^ MUL_ALPHA[s5 >>> 24])
2176 ^ ((s8 >>> 8) ^ DIV_ALPHA[s8 & 0xFF]) ^ s4;
2177 f1 = (s4 + r1) ^ r2;
2178
2179 tt = r1;
2180 r1 = r2 + (s7 ^ ((r1 & 0x01) != 0 ? s4 : 0));
2181 r2 = rotateLeft(tt * 0x54655307, 7);
2182 v2 = s6;
2183 s6 = ((s6 << 8) ^ MUL_ALPHA[s6 >>> 24])
2184 ^ ((s9 >>> 8) ^ DIV_ALPHA[s9 & 0xFF]) ^ s5;
2185 f2 = (s5 + r1) ^ r2;
2186
2187 tt = r1;
2188 r1 = r2 + (s8 ^ ((r1 & 0x01) != 0 ? s5 : 0));
2189 r2 = rotateLeft(tt * 0x54655307, 7);
2190 v3 = s7;
2191 s7 = ((s7 << 8) ^ MUL_ALPHA[s7 >>> 24])
2192 ^ ((s0 >>> 8) ^ DIV_ALPHA[s0 & 0xFF]) ^ s6;
2193 f3 = (s6 + r1) ^ r2;
2194
2195
2196
2197
2198 f4 = f0;
2199 f0 &= f2;
2200 f0 ^= f3;
2201 f2 ^= f1;
2202 f2 ^= f0;
2203 f3 |= f4;
2204 f3 ^= f1;
2205 f4 ^= f2;
2206 f1 = f3;
2207 f3 |= f4;
2208 f3 ^= f0;
2209 f0 &= f1;
2210 f4 ^= f0;
2211 f1 ^= f3;
2212 f1 ^= f4;
2213 f4 = ~f4;
2214
2215
2216
2217
2218 encode32le(f2 ^ v0, buf, off + 16);
2219 encode32le(f3 ^ v1, buf, off + 20);
2220 encode32le(f1 ^ v2, buf, off + 24);
2221 encode32le(f4 ^ v3, buf, off + 28);
2222
2223 tt = r1;
2224 r1 = r2 + (s9 ^ ((r1 & 0x01) != 0 ? s6 : 0));
2225 r2 = rotateLeft(tt * 0x54655307, 7);
2226 v0 = s8;
2227 s8 = ((s8 << 8) ^ MUL_ALPHA[s8 >>> 24])
2228 ^ ((s1 >>> 8) ^ DIV_ALPHA[s1 & 0xFF]) ^ s7;
2229 f0 = (s7 + r1) ^ r2;
2230
2231 tt = r1;
2232 r1 = r2 + (s0 ^ ((r1 & 0x01) != 0 ? s7 : 0));
2233 r2 = rotateLeft(tt * 0x54655307, 7);
2234 v1 = s9;
2235 s9 = ((s9 << 8) ^ MUL_ALPHA[s9 >>> 24])
2236 ^ ((s2 >>> 8) ^ DIV_ALPHA[s2 & 0xFF]) ^ s8;
2237 f1 = (s8 + r1) ^ r2;
2238
2239 tt = r1;
2240 r1 = r2 + (s1 ^ ((r1 & 0x01) != 0 ? s8 : 0));
2241 r2 = rotateLeft(tt * 0x54655307, 7);
2242 v2 = s0;
2243 s0 = ((s0 << 8) ^ MUL_ALPHA[s0 >>> 24])
2244 ^ ((s3 >>> 8) ^ DIV_ALPHA[s3 & 0xFF]) ^ s9;
2245 f2 = (s9 + r1) ^ r2;
2246
2247 tt = r1;
2248 r1 = r2 + (s2 ^ ((r1 & 0x01) != 0 ? s9 : 0));
2249 r2 = rotateLeft(tt * 0x54655307, 7);
2250 v3 = s1;
2251 s1 = ((s1 << 8) ^ MUL_ALPHA[s1 >>> 24])
2252 ^ ((s4 >>> 8) ^ DIV_ALPHA[s4 & 0xFF]) ^ s0;
2253 f3 = (s0 + r1) ^ r2;
2254
2255
2256
2257
2258 f4 = f0;
2259 f0 &= f2;
2260 f0 ^= f3;
2261 f2 ^= f1;
2262 f2 ^= f0;
2263 f3 |= f4;
2264 f3 ^= f1;
2265 f4 ^= f2;
2266 f1 = f3;
2267 f3 |= f4;
2268 f3 ^= f0;
2269 f0 &= f1;
2270 f4 ^= f0;
2271 f1 ^= f3;
2272 f1 ^= f4;
2273 f4 = ~f4;
2274
2275
2276
2277
2278 encode32le(f2 ^ v0, buf, off + 32);
2279 encode32le(f3 ^ v1, buf, off + 36);
2280 encode32le(f1 ^ v2, buf, off + 40);
2281 encode32le(f4 ^ v3, buf, off + 44);
2282
2283 tt = r1;
2284 r1 = r2 + (s3 ^ ((r1 & 0x01) != 0 ? s0 : 0));
2285 r2 = rotateLeft(tt * 0x54655307, 7);
2286 v0 = s2;
2287 s2 = ((s2 << 8) ^ MUL_ALPHA[s2 >>> 24])
2288 ^ ((s5 >>> 8) ^ DIV_ALPHA[s5 & 0xFF]) ^ s1;
2289 f0 = (s1 + r1) ^ r2;
2290
2291 tt = r1;
2292 r1 = r2 + (s4 ^ ((r1 & 0x01) != 0 ? s1 : 0));
2293 r2 = rotateLeft(tt * 0x54655307, 7);
2294 v1 = s3;
2295 s3 = ((s3 << 8) ^ MUL_ALPHA[s3 >>> 24])
2296 ^ ((s6 >>> 8) ^ DIV_ALPHA[s6 & 0xFF]) ^ s2;
2297 f1 = (s2 + r1) ^ r2;
2298
2299 tt = r1;
2300 r1 = r2 + (s5 ^ ((r1 & 0x01) != 0 ? s2 : 0));
2301 r2 = rotateLeft(tt * 0x54655307, 7);
2302 v2 = s4;
2303 s4 = ((s4 << 8) ^ MUL_ALPHA[s4 >>> 24])
2304 ^ ((s7 >>> 8) ^ DIV_ALPHA[s7 & 0xFF]) ^ s3;
2305 f2 = (s3 + r1) ^ r2;
2306
2307 tt = r1;
2308 r1 = r2 + (s6 ^ ((r1 & 0x01) != 0 ? s3 : 0));
2309 r2 = rotateLeft(tt * 0x54655307, 7);
2310 v3 = s5;
2311 s5 = ((s5 << 8) ^ MUL_ALPHA[s5 >>> 24])
2312 ^ ((s8 >>> 8) ^ DIV_ALPHA[s8 & 0xFF]) ^ s4;
2313 f3 = (s4 + r1) ^ r2;
2314
2315
2316
2317
2318 f4 = f0;
2319 f0 &= f2;
2320 f0 ^= f3;
2321 f2 ^= f1;
2322 f2 ^= f0;
2323 f3 |= f4;
2324 f3 ^= f1;
2325 f4 ^= f2;
2326 f1 = f3;
2327 f3 |= f4;
2328 f3 ^= f0;
2329 f0 &= f1;
2330 f4 ^= f0;
2331 f1 ^= f3;
2332 f1 ^= f4;
2333 f4 = ~f4;
2334
2335
2336
2337
2338 encode32le(f2 ^ v0, buf, off + 48);
2339 encode32le(f3 ^ v1, buf, off + 52);
2340 encode32le(f1 ^ v2, buf, off + 56);
2341 encode32le(f4 ^ v3, buf, off + 60);
2342
2343 tt = r1;
2344 r1 = r2 + (s7 ^ ((r1 & 0x01) != 0 ? s4 : 0));
2345 r2 = rotateLeft(tt * 0x54655307, 7);
2346 v0 = s6;
2347 s6 = ((s6 << 8) ^ MUL_ALPHA[s6 >>> 24])
2348 ^ ((s9 >>> 8) ^ DIV_ALPHA[s9 & 0xFF]) ^ s5;
2349 f0 = (s5 + r1) ^ r2;
2350
2351 tt = r1;
2352 r1 = r2 + (s8 ^ ((r1 & 0x01) != 0 ? s5 : 0));
2353 r2 = rotateLeft(tt * 0x54655307, 7);
2354 v1 = s7;
2355 s7 = ((s7 << 8) ^ MUL_ALPHA[s7 >>> 24])
2356 ^ ((s0 >>> 8) ^ DIV_ALPHA[s0 & 0xFF]) ^ s6;
2357 f1 = (s6 + r1) ^ r2;
2358
2359 tt = r1;
2360 r1 = r2 + (s9 ^ ((r1 & 0x01) != 0 ? s6 : 0));
2361 r2 = rotateLeft(tt * 0x54655307, 7);
2362 v2 = s8;
2363 s8 = ((s8 << 8) ^ MUL_ALPHA[s8 >>> 24])
2364 ^ ((s1 >>> 8) ^ DIV_ALPHA[s1 & 0xFF]) ^ s7;
2365 f2 = (s7 + r1) ^ r2;
2366
2367 tt = r1;
2368 r1 = r2 + (s0 ^ ((r1 & 0x01) != 0 ? s7 : 0));
2369 r2 = rotateLeft(tt * 0x54655307, 7);
2370 v3 = s9;
2371 s9 = ((s9 << 8) ^ MUL_ALPHA[s9 >>> 24])
2372 ^ ((s2 >>> 8) ^ DIV_ALPHA[s2 & 0xFF]) ^ s8;
2373 f3 = (s8 + r1) ^ r2;
2374
2375
2376
2377
2378 f4 = f0;
2379 f0 &= f2;
2380 f0 ^= f3;
2381 f2 ^= f1;
2382 f2 ^= f0;
2383 f3 |= f4;
2384 f3 ^= f1;
2385 f4 ^= f2;
2386 f1 = f3;
2387 f3 |= f4;
2388 f3 ^= f0;
2389 f0 &= f1;
2390 f4 ^= f0;
2391 f1 ^= f3;
2392 f1 ^= f4;
2393 f4 = ~f4;
2394
2395
2396
2397
2398 encode32le(f2 ^ v0, buf, off + 64);
2399 encode32le(f3 ^ v1, buf, off + 68);
2400 encode32le(f1 ^ v2, buf, off + 72);
2401 encode32le(f4 ^ v3, buf, off + 76);
2402
2403 lfsr0 = s0;
2404 lfsr1 = s1;
2405 lfsr2 = s2;
2406 lfsr3 = s3;
2407 lfsr4 = s4;
2408 lfsr5 = s5;
2409 lfsr6 = s6;
2410 lfsr7 = s7;
2411 lfsr8 = s8;
2412 lfsr9 = s9;
2413 fsmR1 = r1;
2414 fsmR2 = r2;
2415 }
2416 }