using System;
namespace Renci.SshNet.Security.Cryptography.Ciphers
{
///
/// Implements Serpent cipher algorithm.
///
public sealed class SerpentCipher : BlockCipher
{
private const int Rounds = 32;
private const int Phi = unchecked((int)0x9E3779B9); // (Sqrt(5) - 1) * 2**31
private readonly int[] _workingKey;
// registers
private int _x0;
private int _x1;
private int _x2;
private int _x3;
///
/// Initializes a new instance of the class.
///
/// The key.
/// The mode.
/// The padding.
/// is null.
/// Keysize is not valid for this algorithm.
public SerpentCipher(byte[] key, CipherMode mode, CipherPadding padding)
: base(key, 16, mode, padding)
{
var keySize = key.Length * 8;
if (keySize is not (128 or 192 or 256))
{
throw new ArgumentException(string.Format("KeySize '{0}' is not valid for this algorithm.", keySize));
}
_workingKey = MakeWorkingKey(key);
}
///
/// Encrypts the specified region of the input byte array and copies the encrypted data to the specified region of the output byte array.
///
/// The input data to encrypt.
/// The offset into the input byte array from which to begin using data.
/// The number of bytes in the input byte array to use as data.
/// The output to which to write encrypted data.
/// The offset into the output byte array from which to begin writing data.
///
/// The number of bytes encrypted.
///
public override int EncryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
{
if (inputCount != BlockSize)
{
throw new ArgumentException("inputCount");
}
_x3 = BytesToWord(inputBuffer, inputOffset);
_x2 = BytesToWord(inputBuffer, inputOffset + 4);
_x1 = BytesToWord(inputBuffer, inputOffset + 8);
_x0 = BytesToWord(inputBuffer, inputOffset + 12);
Sb0(_workingKey[0] ^ _x0, _workingKey[1] ^ _x1, _workingKey[2] ^ _x2, _workingKey[3] ^ _x3);
LT();
Sb1(_workingKey[4] ^ _x0, _workingKey[5] ^ _x1, _workingKey[6] ^ _x2, _workingKey[7] ^ _x3);
LT();
Sb2(_workingKey[8] ^ _x0, _workingKey[9] ^ _x1, _workingKey[10] ^ _x2, _workingKey[11] ^ _x3);
LT();
Sb3(_workingKey[12] ^ _x0, _workingKey[13] ^ _x1, _workingKey[14] ^ _x2, _workingKey[15] ^ _x3);
LT();
Sb4(_workingKey[16] ^ _x0, _workingKey[17] ^ _x1, _workingKey[18] ^ _x2, _workingKey[19] ^ _x3);
LT();
Sb5(_workingKey[20] ^ _x0, _workingKey[21] ^ _x1, _workingKey[22] ^ _x2, _workingKey[23] ^ _x3);
LT();
Sb6(_workingKey[24] ^ _x0, _workingKey[25] ^ _x1, _workingKey[26] ^ _x2, _workingKey[27] ^ _x3);
LT();
Sb7(_workingKey[28] ^ _x0, _workingKey[29] ^ _x1, _workingKey[30] ^ _x2, _workingKey[31] ^ _x3);
LT();
Sb0(_workingKey[32] ^ _x0, _workingKey[33] ^ _x1, _workingKey[34] ^ _x2, _workingKey[35] ^ _x3);
LT();
Sb1(_workingKey[36] ^ _x0, _workingKey[37] ^ _x1, _workingKey[38] ^ _x2, _workingKey[39] ^ _x3);
LT();
Sb2(_workingKey[40] ^ _x0, _workingKey[41] ^ _x1, _workingKey[42] ^ _x2, _workingKey[43] ^ _x3);
LT();
Sb3(_workingKey[44] ^ _x0, _workingKey[45] ^ _x1, _workingKey[46] ^ _x2, _workingKey[47] ^ _x3);
LT();
Sb4(_workingKey[48] ^ _x0, _workingKey[49] ^ _x1, _workingKey[50] ^ _x2, _workingKey[51] ^ _x3);
LT();
Sb5(_workingKey[52] ^ _x0, _workingKey[53] ^ _x1, _workingKey[54] ^ _x2, _workingKey[55] ^ _x3);
LT();
Sb6(_workingKey[56] ^ _x0, _workingKey[57] ^ _x1, _workingKey[58] ^ _x2, _workingKey[59] ^ _x3);
LT();
Sb7(_workingKey[60] ^ _x0, _workingKey[61] ^ _x1, _workingKey[62] ^ _x2, _workingKey[63] ^ _x3);
LT();
Sb0(_workingKey[64] ^ _x0, _workingKey[65] ^ _x1, _workingKey[66] ^ _x2, _workingKey[67] ^ _x3);
LT();
Sb1(_workingKey[68] ^ _x0, _workingKey[69] ^ _x1, _workingKey[70] ^ _x2, _workingKey[71] ^ _x3);
LT();
Sb2(_workingKey[72] ^ _x0, _workingKey[73] ^ _x1, _workingKey[74] ^ _x2, _workingKey[75] ^ _x3);
LT();
Sb3(_workingKey[76] ^ _x0, _workingKey[77] ^ _x1, _workingKey[78] ^ _x2, _workingKey[79] ^ _x3);
LT();
Sb4(_workingKey[80] ^ _x0, _workingKey[81] ^ _x1, _workingKey[82] ^ _x2, _workingKey[83] ^ _x3);
LT();
Sb5(_workingKey[84] ^ _x0, _workingKey[85] ^ _x1, _workingKey[86] ^ _x2, _workingKey[87] ^ _x3);
LT();
Sb6(_workingKey[88] ^ _x0, _workingKey[89] ^ _x1, _workingKey[90] ^ _x2, _workingKey[91] ^ _x3);
LT();
Sb7(_workingKey[92] ^ _x0, _workingKey[93] ^ _x1, _workingKey[94] ^ _x2, _workingKey[95] ^ _x3);
LT();
Sb0(_workingKey[96] ^ _x0, _workingKey[97] ^ _x1, _workingKey[98] ^ _x2, _workingKey[99] ^ _x3);
LT();
Sb1(_workingKey[100] ^ _x0, _workingKey[101] ^ _x1, _workingKey[102] ^ _x2, _workingKey[103] ^ _x3);
LT();
Sb2(_workingKey[104] ^ _x0, _workingKey[105] ^ _x1, _workingKey[106] ^ _x2, _workingKey[107] ^ _x3);
LT();
Sb3(_workingKey[108] ^ _x0, _workingKey[109] ^ _x1, _workingKey[110] ^ _x2, _workingKey[111] ^ _x3);
LT();
Sb4(_workingKey[112] ^ _x0, _workingKey[113] ^ _x1, _workingKey[114] ^ _x2, _workingKey[115] ^ _x3);
LT();
Sb5(_workingKey[116] ^ _x0, _workingKey[117] ^ _x1, _workingKey[118] ^ _x2, _workingKey[119] ^ _x3);
LT();
Sb6(_workingKey[120] ^ _x0, _workingKey[121] ^ _x1, _workingKey[122] ^ _x2, _workingKey[123] ^ _x3);
LT();
Sb7(_workingKey[124] ^ _x0, _workingKey[125] ^ _x1, _workingKey[126] ^ _x2, _workingKey[127] ^ _x3);
WordToBytes(_workingKey[131] ^ _x3, outputBuffer, outputOffset);
WordToBytes(_workingKey[130] ^ _x2, outputBuffer, outputOffset + 4);
WordToBytes(_workingKey[129] ^ _x1, outputBuffer, outputOffset + 8);
WordToBytes(_workingKey[128] ^ _x0, outputBuffer, outputOffset + 12);
return BlockSize;
}
///
/// Decrypts the specified region of the input byte array and copies the decrypted data to the specified region of the output byte array.
///
/// The input data to decrypt.
/// The offset into the input byte array from which to begin using data.
/// The number of bytes in the input byte array to use as data.
/// The output to which to write decrypted data.
/// The offset into the output byte array from which to begin writing data.
///
/// The number of bytes decrypted.
///
public override int DecryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
{
if (inputCount != BlockSize)
{
throw new ArgumentException("inputCount");
}
_x3 = _workingKey[131] ^ BytesToWord(inputBuffer, inputOffset);
_x2 = _workingKey[130] ^ BytesToWord(inputBuffer, inputOffset + 4);
_x1 = _workingKey[129] ^ BytesToWord(inputBuffer, inputOffset + 8);
_x0 = _workingKey[128] ^ BytesToWord(inputBuffer, inputOffset + 12);
Ib7(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[124];
_x1 ^= _workingKey[125];
_x2 ^= _workingKey[126];
_x3 ^= _workingKey[127];
InverseLT();
Ib6(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[120];
_x1 ^= _workingKey[121];
_x2 ^= _workingKey[122];
_x3 ^= _workingKey[123];
InverseLT();
Ib5(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[116];
_x1 ^= _workingKey[117];
_x2 ^= _workingKey[118];
_x3 ^= _workingKey[119];
InverseLT();
Ib4(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[112];
_x1 ^= _workingKey[113];
_x2 ^= _workingKey[114];
_x3 ^= _workingKey[115];
InverseLT();
Ib3(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[108];
_x1 ^= _workingKey[109];
_x2 ^= _workingKey[110];
_x3 ^= _workingKey[111];
InverseLT();
Ib2(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[104];
_x1 ^= _workingKey[105];
_x2 ^= _workingKey[106];
_x3 ^= _workingKey[107];
InverseLT();
Ib1(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[100];
_x1 ^= _workingKey[101];
_x2 ^= _workingKey[102];
_x3 ^= _workingKey[103];
InverseLT();
Ib0(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[96];
_x1 ^= _workingKey[97];
_x2 ^= _workingKey[98];
_x3 ^= _workingKey[99];
InverseLT();
Ib7(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[92];
_x1 ^= _workingKey[93];
_x2 ^= _workingKey[94];
_x3 ^= _workingKey[95];
InverseLT();
Ib6(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[88];
_x1 ^= _workingKey[89];
_x2 ^= _workingKey[90];
_x3 ^= _workingKey[91];
InverseLT();
Ib5(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[84];
_x1 ^= _workingKey[85];
_x2 ^= _workingKey[86];
_x3 ^= _workingKey[87];
InverseLT();
Ib4(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[80];
_x1 ^= _workingKey[81];
_x2 ^= _workingKey[82];
_x3 ^= _workingKey[83];
InverseLT();
Ib3(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[76];
_x1 ^= _workingKey[77];
_x2 ^= _workingKey[78];
_x3 ^= _workingKey[79];
InverseLT();
Ib2(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[72];
_x1 ^= _workingKey[73];
_x2 ^= _workingKey[74];
_x3 ^= _workingKey[75];
InverseLT();
Ib1(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[68];
_x1 ^= _workingKey[69];
_x2 ^= _workingKey[70];
_x3 ^= _workingKey[71];
InverseLT();
Ib0(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[64];
_x1 ^= _workingKey[65];
_x2 ^= _workingKey[66];
_x3 ^= _workingKey[67];
InverseLT();
Ib7(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[60];
_x1 ^= _workingKey[61];
_x2 ^= _workingKey[62];
_x3 ^= _workingKey[63];
InverseLT();
Ib6(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[56];
_x1 ^= _workingKey[57];
_x2 ^= _workingKey[58];
_x3 ^= _workingKey[59];
InverseLT();
Ib5(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[52];
_x1 ^= _workingKey[53];
_x2 ^= _workingKey[54];
_x3 ^= _workingKey[55];
InverseLT();
Ib4(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[48];
_x1 ^= _workingKey[49];
_x2 ^= _workingKey[50];
_x3 ^= _workingKey[51];
InverseLT();
Ib3(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[44];
_x1 ^= _workingKey[45];
_x2 ^= _workingKey[46];
_x3 ^= _workingKey[47];
InverseLT();
Ib2(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[40];
_x1 ^= _workingKey[41];
_x2 ^= _workingKey[42];
_x3 ^= _workingKey[43];
InverseLT();
Ib1(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[36];
_x1 ^= _workingKey[37];
_x2 ^= _workingKey[38];
_x3 ^= _workingKey[39];
InverseLT();
Ib0(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[32];
_x1 ^= _workingKey[33];
_x2 ^= _workingKey[34];
_x3 ^= _workingKey[35];
InverseLT();
Ib7(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[28];
_x1 ^= _workingKey[29];
_x2 ^= _workingKey[30];
_x3 ^= _workingKey[31];
InverseLT();
Ib6(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[24];
_x1 ^= _workingKey[25];
_x2 ^= _workingKey[26];
_x3 ^= _workingKey[27];
InverseLT();
Ib5(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[20];
_x1 ^= _workingKey[21];
_x2 ^= _workingKey[22];
_x3 ^= _workingKey[23];
InverseLT();
Ib4(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[16];
_x1 ^= _workingKey[17];
_x2 ^= _workingKey[18];
_x3 ^= _workingKey[19];
InverseLT();
Ib3(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[12];
_x1 ^= _workingKey[13];
_x2 ^= _workingKey[14];
_x3 ^= _workingKey[15];
InverseLT();
Ib2(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[8];
_x1 ^= _workingKey[9];
_x2 ^= _workingKey[10];
_x3 ^= _workingKey[11];
InverseLT();
Ib1(_x0, _x1, _x2, _x3);
_x0 ^= _workingKey[4];
_x1 ^= _workingKey[5];
_x2 ^= _workingKey[6];
_x3 ^= _workingKey[7];
InverseLT();
Ib0(_x0, _x1, _x2, _x3);
WordToBytes(_x3 ^ _workingKey[3], outputBuffer, outputOffset);
WordToBytes(_x2 ^ _workingKey[2], outputBuffer, outputOffset + 4);
WordToBytes(_x1 ^ _workingKey[1], outputBuffer, outputOffset + 8);
WordToBytes(_x0 ^ _workingKey[0], outputBuffer, outputOffset + 12);
return BlockSize;
}
///
/// Expand a user-supplied key material into a session key.
///
/// The user-key bytes to use.
///
/// A session key.
///
/// is not multiple of 4 bytes.
private int[] MakeWorkingKey(byte[] key)
{
// pad key to 256 bits
var kPad = new int[16];
int off;
var length = 0;
for (off = key.Length - 4; off > 0; off -= 4)
{
kPad[length++] = BytesToWord(key, off);
}
if (off == 0)
{
kPad[length++] = BytesToWord(key, 0);
if (length < 8)
{
kPad[length] = 1;
}
}
else
{
throw new ArgumentException("key must be a multiple of 4 bytes");
}
// expand the padded key up to 33 x 128 bits of key material
const int amount = (Rounds + 1) * 4;
var w = new int[amount];
// compute w0 to w7 from w-8 to w-1
for (var i = 8; i < 16; i++)
{
kPad[i] = RotateLeft(kPad[i - 8] ^ kPad[i - 5] ^ kPad[i - 3] ^ kPad[i - 1] ^ Phi ^ (i - 8), 11);
}
Buffer.BlockCopy(kPad, 8, w, 0, 8);
// compute w8 to w136
for (var i = 8; i < amount; i++)
{
w[i] = RotateLeft(w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ Phi ^ i, 11);
}
// create the working keys by processing w with the Sbox and IP
Sb3(w[0], w[1], w[2], w[3]);
w[0] = _x0;
w[1] = _x1;
w[2] = _x2;
w[3] = _x3;
Sb2(w[4], w[5], w[6], w[7]);
w[4] = _x0;
w[5] = _x1;
w[6] = _x2;
w[7] = _x3;
Sb1(w[8], w[9], w[10], w[11]);
w[8] = _x0;
w[9] = _x1;
w[10] = _x2;
w[11] = _x3;
Sb0(w[12], w[13], w[14], w[15]);
w[12] = _x0;
w[13] = _x1;
w[14] = _x2;
w[15] = _x3;
Sb7(w[16], w[17], w[18], w[19]);
w[16] = _x0;
w[17] = _x1;
w[18] = _x2;
w[19] = _x3;
Sb6(w[20], w[21], w[22], w[23]);
w[20] = _x0;
w[21] = _x1;
w[22] = _x2;
w[23] = _x3;
Sb5(w[24], w[25], w[26], w[27]);
w[24] = _x0;
w[25] = _x1;
w[26] = _x2;
w[27] = _x3;
Sb4(w[28], w[29], w[30], w[31]);
w[28] = _x0;
w[29] = _x1;
w[30] = _x2;
w[31] = _x3;
Sb3(w[32], w[33], w[34], w[35]);
w[32] = _x0;
w[33] = _x1;
w[34] = _x2;
w[35] = _x3;
Sb2(w[36], w[37], w[38], w[39]);
w[36] = _x0;
w[37] = _x1;
w[38] = _x2;
w[39] = _x3;
Sb1(w[40], w[41], w[42], w[43]);
w[40] = _x0;
w[41] = _x1;
w[42] = _x2;
w[43] = _x3;
Sb0(w[44], w[45], w[46], w[47]);
w[44] = _x0;
w[45] = _x1;
w[46] = _x2;
w[47] = _x3;
Sb7(w[48], w[49], w[50], w[51]);
w[48] = _x0;
w[49] = _x1;
w[50] = _x2;
w[51] = _x3;
Sb6(w[52], w[53], w[54], w[55]);
w[52] = _x0;
w[53] = _x1;
w[54] = _x2;
w[55] = _x3;
Sb5(w[56], w[57], w[58], w[59]);
w[56] = _x0;
w[57] = _x1;
w[58] = _x2;
w[59] = _x3;
Sb4(w[60], w[61], w[62], w[63]);
w[60] = _x0;
w[61] = _x1;
w[62] = _x2;
w[63] = _x3;
Sb3(w[64], w[65], w[66], w[67]);
w[64] = _x0;
w[65] = _x1;
w[66] = _x2;
w[67] = _x3;
Sb2(w[68], w[69], w[70], w[71]);
w[68] = _x0;
w[69] = _x1;
w[70] = _x2;
w[71] = _x3;
Sb1(w[72], w[73], w[74], w[75]);
w[72] = _x0;
w[73] = _x1;
w[74] = _x2;
w[75] = _x3;
Sb0(w[76], w[77], w[78], w[79]);
w[76] = _x0;
w[77] = _x1;
w[78] = _x2;
w[79] = _x3;
Sb7(w[80], w[81], w[82], w[83]);
w[80] = _x0;
w[81] = _x1;
w[82] = _x2;
w[83] = _x3;
Sb6(w[84], w[85], w[86], w[87]);
w[84] = _x0;
w[85] = _x1;
w[86] = _x2;
w[87] = _x3;
Sb5(w[88], w[89], w[90], w[91]);
w[88] = _x0;
w[89] = _x1;
w[90] = _x2;
w[91] = _x3;
Sb4(w[92], w[93], w[94], w[95]);
w[92] = _x0;
w[93] = _x1;
w[94] = _x2;
w[95] = _x3;
Sb3(w[96], w[97], w[98], w[99]);
w[96] = _x0;
w[97] = _x1;
w[98] = _x2;
w[99] = _x3;
Sb2(w[100], w[101], w[102], w[103]);
w[100] = _x0;
w[101] = _x1;
w[102] = _x2;
w[103] = _x3;
Sb1(w[104], w[105], w[106], w[107]);
w[104] = _x0;
w[105] = _x1;
w[106] = _x2;
w[107] = _x3;
Sb0(w[108], w[109], w[110], w[111]);
w[108] = _x0;
w[109] = _x1;
w[110] = _x2;
w[111] = _x3;
Sb7(w[112], w[113], w[114], w[115]);
w[112] = _x0;
w[113] = _x1;
w[114] = _x2;
w[115] = _x3;
Sb6(w[116], w[117], w[118], w[119]);
w[116] = _x0;
w[117] = _x1;
w[118] = _x2;
w[119] = _x3;
Sb5(w[120], w[121], w[122], w[123]);
w[120] = _x0;
w[121] = _x1;
w[122] = _x2;
w[123] = _x3;
Sb4(w[124], w[125], w[126], w[127]);
w[124] = _x0;
w[125] = _x1;
w[126] = _x2;
w[127] = _x3;
Sb3(w[128], w[129], w[130], w[131]);
w[128] = _x0;
w[129] = _x1;
w[130] = _x2;
w[131] = _x3;
return w;
}
private static int RotateLeft(int x, int bits)
{
return (x << bits) | (int) ((uint) x >> (32 - bits));
}
private static int RotateRight(int x, int bits)
{
return (int) ((uint) x >> bits) | (x << (32 - bits));
}
private static int BytesToWord(byte[] src, int srcOff)
{
return ((src[srcOff] & 0xff) << 24) | ((src[srcOff + 1] & 0xff) << 16) |
((src[srcOff + 2] & 0xff) << 8) | (src[srcOff + 3] & 0xff);
}
private static void WordToBytes(int word, byte[] dst, int dstOff)
{
dst[dstOff + 3] = (byte) word;
dst[dstOff + 2] = (byte) ((uint)word >> 8);
dst[dstOff + 1] = (byte) ((uint)word >> 16);
dst[dstOff] = (byte) ((uint)word >> 24);
}
/*
* The sboxes below are based on the work of Brian Gladman and
* Sam Simpson, whose original notice appears below.
*
* For further details see:
* http://fp.gladman.plus.com/cryptography_technology/serpent/
*
*/
/*
* Partially optimised Serpent S Box bool functions derived
* using a recursive descent analyser but without a full search
* of all subtrees. This set of S boxes is the result of work
* by Sam Simpson and Brian Gladman using the spare time on a
* cluster of high capacity servers to search for S boxes with
* this customised search engine. There are now an average of
* 15.375 terms per S box.
*
* Copyright: Dr B. R Gladman (gladman@seven77.demon.co.uk)
* and Sam Simpson (s.simpson@mia.co.uk)
* 17th December 1998
*
* We hereby give permission for information in this file to be
* used freely subject only to acknowledgement of its origin.
*/
///
/// S0 - { 3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 } - 15 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb0(int a, int b, int c, int d)
{
var t1 = a ^ d;
var t3 = c ^ t1;
var t4 = b ^ t3;
_x3 = (a & d) ^ t4;
var t7 = a ^ (b & t1);
_x2 = t4 ^ (c | t7);
var t12 = _x3 & (t3 ^ t7);
_x1 = (~t3) ^ t12;
_x0 = t12 ^ (~t7);
}
///
/// InvSO - {13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2 } - 15 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib0(int a, int b, int c, int d)
{
var t1 = ~a;
var t2 = a ^ b;
var t4 = d ^ (t1 | t2);
var t5 = c ^ t4;
_x2 = t2 ^ t5;
var t8 = t1 ^ (d & t2);
_x1 = t4 ^ (_x2 & t8);
_x3 = (a & t4) ^ (t5 | _x1);
_x0 = _x3 ^ (t5 ^ t8);
}
///
/// S1 - {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } - 14 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb1(int a, int b, int c, int d)
{
var t2 = b ^ (~a);
var t5 = c ^ (a | t2);
_x2 = d ^ t5;
var t7 = b ^ (d | t2);
var t8 = t2 ^ _x2;
_x3 = t8 ^ (t5 & t7);
var t11 = t5 ^ t7;
_x1 = _x3 ^ t11;
_x0 = t5 ^ (t8 & t11);
}
///
/// InvS1 - { 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0 } - 14 steps.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib1(int a, int b, int c, int d)
{
var t1 = b ^ d;
var t3 = a ^ (b & t1);
var t4 = t1 ^ t3;
_x3 = c ^ t4;
var t7 = b ^ (t1 & t3);
var t8 = _x3 | t7;
_x1 = t3 ^ t8;
var t10 = ~_x1;
var t11 = _x3 ^ t7;
_x0 = t10 ^ t11;
_x2 = t4 ^ (t10 | t11);
}
///
/// S2 - { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } - 16 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb2(int a, int b, int c, int d)
{
var t1 = ~a;
var t2 = b ^ d;
var t3 = c & t1;
_x0 = t2 ^ t3;
var t5 = c ^ t1;
var t6 = c ^ _x0;
var t7 = b & t6;
_x3 = t5 ^ t7;
_x2 = a ^ ((d | t7) & (_x0 | t5));
_x1 = (t2 ^ _x3) ^ (_x2 ^ (d | t1));
}
///
/// InvS2 - {12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7 } - 16 steps.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib2(int a, int b, int c, int d)
{
var t1 = b ^ d;
var t2 = ~t1;
var t3 = a ^ c;
var t4 = c ^ t1;
var t5 = b & t4;
_x0 = t3 ^ t5;
var t7 = a | t2;
var t8 = d ^ t7;
var t9 = t3 | t8;
_x3 = t1 ^ t9;
var t11 = ~t4;
var t12 = _x0 | _x3;
_x1 = t11 ^ t12;
_x2 = (d & t11) ^ (t3 ^ t12);
}
///
/// S3 - { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } - 16 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb3(int a, int b, int c, int d)
{
var t1 = a ^ b;
var t2 = a & c;
var t3 = a | d;
var t4 = c ^ d;
var t5 = t1 & t3;
var t6 = t2 | t5;
_x2 = t4 ^ t6;
var t8 = b ^ t3;
var t9 = t6 ^ t8;
var t10 = t4 & t9;
_x0 = t1 ^ t10;
var t12 = _x2 & _x0;
_x1 = t9 ^ t12;
_x3 = (b | d) ^ (t4 ^ t12);
}
///
/// InvS3 - { 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1 } - 15 terms
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib3(int a, int b, int c, int d)
{
var t1 = a | b;
var t2 = b ^ c;
var t3 = b & t2;
var t4 = a ^ t3;
var t5 = c ^ t4;
var t6 = d | t4;
_x0 = t2 ^ t6;
var t8 = t2 | t6;
var t9 = d ^ t8;
_x2 = t5 ^ t9;
var t11 = t1 ^ t9;
var t12 = _x0 & t11;
_x3 = t4 ^ t12;
_x1 = _x3 ^ (_x0 ^ t11);
}
///
/// S4 - { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } - 15 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb4(int a, int b, int c, int d)
{
var t1 = a ^ d;
var t2 = d & t1;
var t3 = c ^ t2;
var t4 = b | t3;
_x3 = t1 ^ t4;
var t6 = ~b;
var t7 = t1 | t6;
_x0 = t3 ^ t7;
var t9 = a & _x0;
var t10 = t1 ^ t6;
var t11 = t4 & t10;
_x2 = t9 ^ t11;
_x1 = (a ^ t3) ^ (t10 & _x2);
}
///
/// InvS4 - { 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1 } - 15 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib4(int a, int b, int c, int d)
{
var t1 = c | d;
var t2 = a & t1;
var t3 = b ^ t2;
var t4 = a & t3;
var t5 = c ^ t4;
_x1 = d ^ t5;
var t7 = ~a;
var t8 = t5 & _x1;
_x3 = t3 ^ t8;
var t10 = _x1 | t7;
var t11 = d ^ t10;
_x0 = _x3 ^ t11;
_x2 = (t3 & t11) ^ (_x1 ^ t7);
}
///
/// S5 - {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } - 16 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb5(int a, int b, int c, int d)
{
var t1 = ~a;
var t2 = a ^ b;
var t3 = a ^ d;
var t4 = c ^ t1;
var t5 = t2 | t3;
_x0 = t4 ^ t5;
var t7 = d & _x0;
var t8 = t2 ^ _x0;
_x1 = t7 ^ t8;
var t10 = t1 | _x0;
var t11 = t2 | t7;
var t12 = t3 ^ t10;
_x2 = t11 ^ t12;
_x3 = (b ^ t7) ^ (_x1 & t12);
}
///
/// InvS5 - { 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0 } - 16 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib5(int a, int b, int c, int d)
{
var t1 = ~c;
var t2 = b & t1;
var t3 = d ^ t2;
var t4 = a & t3;
var t5 = b ^ t1;
_x3 = t4 ^ t5;
var t7 = b | _x3;
var t8 = a & t7;
_x1 = t3 ^ t8;
var t10 = a | d;
var t11 = t1 ^ t7;
_x0 = t10 ^ t11;
_x2 = (b & t10) ^ (t4 | (a ^ c));
}
///
/// S6 - { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } - 15 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb6(int a, int b, int c, int d)
{
var t1 = ~a;
var t2 = a ^ d;
var t3 = b ^ t2;
var t4 = t1 | t2;
var t5 = c ^ t4;
_x1 = b ^ t5;
var t7 = t2 | _x1;
var t8 = d ^ t7;
var t9 = t5 & t8;
_x2 = t3 ^ t9;
var t11 = t5 ^ t8;
_x0 = _x2 ^ t11;
_x3 = (~t5) ^ (t3 & t11);
}
///
/// InvS6 - {15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11 } - 15 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib6(int a, int b, int c, int d)
{
var t1 = ~a;
var t2 = a ^ b;
var t3 = c ^ t2;
var t4 = c | t1;
var t5 = d ^ t4;
_x1 = t3 ^ t5;
var t7 = t3 & t5;
var t8 = t2 ^ t7;
var t9 = b | t8;
_x3 = t5 ^ t9;
var t11 = b | _x3;
_x0 = t8 ^ t11;
_x2 = (d & t1) ^ (t3 ^ t11);
}
///
/// S7 - { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } - 16 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Sb7(int a, int b, int c, int d)
{
var t1 = b ^ c;
var t2 = c & t1;
var t3 = d ^ t2;
var t4 = a ^ t3;
var t5 = d | t1;
var t6 = t4 & t5;
_x1 = b ^ t6;
var t8 = t3 | _x1;
var t9 = a & t4;
_x3 = t1 ^ t9;
var t11 = t4 ^ t8;
var t12 = _x3 & t11;
_x2 = t3 ^ t12;
_x0 = (~t11) ^ (_x3 & _x2);
}
///
/// InvS7 - { 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2 } - 17 terms.
///
/// A.
/// The b.
/// The c.
/// The d.
private void Ib7(int a, int b, int c, int d)
{
var t3 = c | (a & b);
var t4 = d & (a | b);
_x3 = t3 ^ t4;
var t6 = ~d;
var t7 = b ^ t4;
var t9 = t7 | (_x3 ^ t6);
_x1 = a ^ t9;
_x0 = (c ^ t7) ^ (d | _x1);
_x2 = (t3 ^ _x1) ^ (_x0 ^ (a & _x3));
}
///
/// Apply the linear transformation to the register set.
///
private void LT()
{
var x0 = RotateLeft(_x0, 13);
var x2 = RotateLeft(_x2, 3);
var x1 = _x1 ^ x0 ^ x2;
var x3 = _x3 ^ x2 ^ x0 << 3;
_x1 = RotateLeft(x1, 1);
_x3 = RotateLeft(x3, 7);
_x0 = RotateLeft(x0 ^ _x1 ^ _x3, 5);
_x2 = RotateLeft(x2 ^ _x3 ^ (_x1 << 7), 22);
}
///
/// Apply the inverse of the linear transformation to the register set.
///
private void InverseLT()
{
var x2 = RotateRight(_x2, 22) ^ _x3 ^ (_x1 << 7);
var x0 = RotateRight(_x0, 5) ^ _x1 ^ _x3;
var x3 = RotateRight(_x3, 7);
var x1 = RotateRight(_x1, 1);
_x3 = x3 ^ x2 ^ x0 << 3;
_x1 = x1 ^ x0 ^ x2;
_x2 = RotateRight(x2, 3);
_x0 = RotateRight(x0, 13);
}
}
}