```    1 /*
2 * Serpent SBox Expressions
3 * (C) 1999-2007,2013 Jack Lloyd
4 *
5 * The sbox expressions used here were discovered by Dag Arne Osvik and
6 * are described in his paper "Speeding Up Serpent".
7 *
8 * Botan is released under the Simplified BSD License (see license.txt)
9 */
10
11 #ifndef BOTAN_SERPENT_SBOX_H__
12 #define BOTAN_SERPENT_SBOX_H__
13
14 #define SBoxE1(T, B0, B1, B2, B3)                    \
15    do {                                           \
16       T B4;                                     \
17       B3 ^= B0;                                   \
18       B4 = B1;                               \
19       B1 &= B3;                                   \
20       B4 ^= B2;                                   \
21       B1 ^= B0;                                   \
22       B0 |= B3;                                   \
23       B0 ^= B4;                                   \
24       B4 ^= B3;                                   \
25       B3 ^= B2;                                   \
26       B2 |= B1;                                   \
27       B2 ^= B4;                                   \
28       B4 = ~B4;                                   \
29       B4 |= B1;                                   \
30       B1 ^= B3;                                   \
31       B1 ^= B4;                                   \
32       B3 |= B0;                                   \
33       B1 ^= B3;                                   \
34       B4 ^= B3;                                   \
35       B3 = B0;                                    \
36       B0 = B1;                                    \
37       B1 = B4;                                    \
38    } while(0);
39
40 #define SBoxE2(T, B0, B1, B2, B3)                    \
41    do {                                           \
42       T B4;                                      \
43       B0 = ~B0;                                   \
44       B2 = ~B2;                                   \
45       B4 = B0;                               \
46       B0 &= B1;                                   \
47       B2 ^= B0;                                   \
48       B0 |= B3;                                   \
49       B3 ^= B2;                                   \
50       B1 ^= B0;                                   \
51       B0 ^= B4;                                   \
52       B4 |= B1;                                   \
53       B1 ^= B3;                                   \
54       B2 |= B0;                                   \
55       B2 &= B4;                                   \
56       B0 ^= B1;                                   \
57       B1 &= B2;                                   \
58       B1 ^= B0;                                   \
59       B0 &= B2;                                   \
60       B4 ^= B0;                                   \
61       B0 = B2;                                    \
62       B2 = B3;                                    \
63       B3 = B1;                                    \
64       B1 = B4;                                    \
65    } while(0);
66
67 #define SBoxE3(T, B0, B1, B2, B3)                    \
68    do {                                           \
69       T B4 = B0;                               \
70       B0 &= B2;                                   \
71       B0 ^= B3;                                   \
72       B2 ^= B1;                                   \
73       B2 ^= B0;                                   \
74       B3 |= B4;                                   \
75       B3 ^= B1;                                   \
76       B4 ^= B2;                                   \
77       B1 = B3;                                    \
78       B3 |= B4;                                   \
79       B3 ^= B0;                                   \
80       B0 &= B1;                                   \
81       B4 ^= B0;                                   \
82       B1 ^= B3;                                   \
83       B1 ^= B4;                                   \
84       B0 = B2;                                    \
85       B2 = B1;                                    \
86       B1 = B3;                                    \
87       B3 = ~B4;                                   \
88    } while(0);
89
90 #define SBoxE4(T, B0, B1, B2, B3)                    \
91    do {                                           \
92       T B4 = B0;                               \
93       B0 |= B3;                                   \
94       B3 ^= B1;                                   \
95       B1 &= B4;                                   \
96       B4 ^= B2;                                   \
97       B2 ^= B3;                                   \
98       B3 &= B0;                                   \
99       B4 |= B1;                                   \
100       B3 ^= B4;                                   \
101       B0 ^= B1;                                   \
102       B4 &= B0;                                   \
103       B1 ^= B3;                                   \
104       B4 ^= B2;                                   \
105       B1 |= B0;                                   \
106       B1 ^= B2;                                   \
107       B0 ^= B3;                                   \
108       B2 = B1;                                    \
109       B1 |= B3;                                   \
110       B0 ^= B1;                                   \
111       B1 = B2;                                    \
112       B2 = B3;                                    \
113       B3 = B4;                                    \
114    } while(0);
115
116 #define SBoxE5(T, B0, B1, B2, B3)                    \
117    do {                                           \
118       T B4;                                     \
119       B1 ^= B3;                                   \
120       B3 = ~B3;                                   \
121       B2 ^= B3;                                   \
122       B3 ^= B0;                                   \
123       B4 = B1;                                      \
124       B1 &= B3;                                   \
125       B1 ^= B2;                                   \
126       B4 ^= B3;                                   \
127       B0 ^= B4;                                   \
128       B2 &= B4;                                   \
129       B2 ^= B0;                                   \
130       B0 &= B1;                                   \
131       B3 ^= B0;                                   \
132       B4 |= B1;                                   \
133       B4 ^= B0;                                   \
134       B0 |= B3;                                   \
135       B0 ^= B2;                                   \
136       B2 &= B3;                                   \
137       B0 = ~B0;                                   \
138       B4 ^= B2;                                   \
139       B2 = B0;                                    \
140       B0 = B1;                                    \
141       B1 = B4;                                    \
142    } while(0);
143
144 #define SBoxE6(T, B0, B1, B2, B3)                    \
145    do {                                           \
146       T B4;                                     \
147       B0 ^= B1;                                   \
148       B1 ^= B3;                                   \
149       B3 = ~B3;                                   \
150       B4 = B1;                               \
151       B1 &= B0;                                   \
152       B2 ^= B3;                                   \
153       B1 ^= B2;                                   \
154       B2 |= B4;                                   \
155       B4 ^= B3;                                   \
156       B3 &= B1;                                   \
157       B3 ^= B0;                                   \
158       B4 ^= B1;                                   \
159       B4 ^= B2;                                   \
160       B2 ^= B0;                                   \
161       B0 &= B3;                                   \
162       B2 = ~B2;                                   \
163       B0 ^= B4;                                   \
164       B4 |= B3;                                   \
165       B4 ^= B2;                                   \
166       B2 = B0;                                    \
167       B0 = B1;                                    \
168       B1 = B3;                                    \
169       B3 = B4;                                    \
170    } while(0);
171
172 #define SBoxE7(T, B0, B1, B2, B3)                    \
173    do {                                           \
174       T B4;                                     \
175       B2 = ~B2;                                   \
176       B4 = B3;                               \
177       B3 &= B0;                                   \
178       B0 ^= B4;                                   \
179       B3 ^= B2;                                   \
180       B2 |= B4;                                   \
181       B1 ^= B3;                                   \
182       B2 ^= B0;                                   \
183       B0 |= B1;                                   \
184       B2 ^= B1;                                   \
185       B4 ^= B0;                                   \
186       B0 |= B3;                                   \
187       B0 ^= B2;                                   \
188       B4 ^= B3;                                   \
189       B4 ^= B0;                                   \
190       B3 = ~B3;                                   \
191       B2 &= B4;                                   \
192       B3 ^= B2;                                   \
193       B2 = B4;                                    \
194    } while(0);
195
196 #define SBoxE8(T, B0, B1, B2, B3)                    \
197    do {                                           \
198       T B4 = B1;                               \
199       B1 |= B2;                                   \
200       B1 ^= B3;                                   \
201       B4 ^= B2;                                   \
202       B2 ^= B1;                                   \
203       B3 |= B4;                                   \
204       B3 &= B0;                                   \
205       B4 ^= B2;                                   \
206       B3 ^= B1;                                   \
207       B1 |= B4;                                   \
208       B1 ^= B0;                                   \
209       B0 |= B4;                                   \
210       B0 ^= B2;                                   \
211       B1 ^= B4;                                   \
212       B2 ^= B1;                                   \
213       B1 &= B0;                                   \
214       B1 ^= B4;                                   \
215       B2 = ~B2;                                   \
216       B2 |= B0;                                   \
217       B4 ^= B2;                                   \
218       B2 = B1;                                    \
219       B1 = B3;                                    \
220       B3 = B0;                                    \
221       B0 = B4;                                    \
222    } while(0);
223
224 #define SBoxD1(T, B0, B1, B2, B3)                    \
225    do {                                           \
226       T B4;                                     \
227       B2 = ~B2;                                   \
228       B4 = B1;                               \
229       B1 |= B0;                                   \
230       B4 = ~B4;                                   \
231       B1 ^= B2;                                   \
232       B2 |= B4;                                   \
233       B1 ^= B3;                                   \
234       B0 ^= B4;                                   \
235       B2 ^= B0;                                   \
236       B0 &= B3;                                   \
237       B4 ^= B0;                                   \
238       B0 |= B1;                                   \
239       B0 ^= B2;                                   \
240       B3 ^= B4;                                   \
241       B2 ^= B1;                                   \
242       B3 ^= B0;                                   \
243       B3 ^= B1;                                   \
244       B2 &= B3;                                   \
245       B4 ^= B2;                                   \
246       B2 = B1;                                    \
247       B1 = B4;                                    \
248       } while(0);
249
250 #define SBoxD2(T, B0, B1, B2, B3)                    \
251    do {                                           \
252       T B4 = B1;                               \
253       B1 ^= B3;                                   \
254       B3 &= B1;                                   \
255       B4 ^= B2;                                   \
256       B3 ^= B0;                                   \
257       B0 |= B1;                                   \
258       B2 ^= B3;                                   \
259       B0 ^= B4;                                   \
260       B0 |= B2;                                   \
261       B1 ^= B3;                                   \
262       B0 ^= B1;                                   \
263       B1 |= B3;                                   \
264       B1 ^= B0;                                   \
265       B4 = ~B4;                                   \
266       B4 ^= B1;                                   \
267       B1 |= B0;                                   \
268       B1 ^= B0;                                   \
269       B1 |= B4;                                   \
270       B3 ^= B1;                                   \
271       B1 = B0;                                    \
272       B0 = B4;                                    \
273       B4 = B2;                                    \
274       B2 = B3;                                    \
275       B3 = B4;                                    \
276       } while(0);
277
278 #define SBoxD3(T, B0, B1, B2, B3)                    \
279    do {                                           \
280       T B4;                                     \
281       B2 ^= B3;                                   \
282       B3 ^= B0;                                   \
283       B4 = B3;                               \
284       B3 &= B2;                                   \
285       B3 ^= B1;                                   \
286       B1 |= B2;                                   \
287       B1 ^= B4;                                   \
288       B4 &= B3;                                   \
289       B2 ^= B3;                                   \
290       B4 &= B0;                                   \
291       B4 ^= B2;                                   \
292       B2 &= B1;                                   \
293       B2 |= B0;                                   \
294       B3 = ~B3;                                   \
295       B2 ^= B3;                                   \
296       B0 ^= B3;                                   \
297       B0 &= B1;                                   \
298       B3 ^= B4;                                   \
299       B3 ^= B0;                                   \
300       B0 = B1;                                    \
301       B1 = B4;                                    \
302       } while(0);
303
304 #define SBoxD4(T, B0, B1, B2, B3)                    \
305    do {                                           \
306       T B4 = B2;                               \
307       B2 ^= B1;                                   \
308       B0 ^= B2;                                   \
309       B4 &= B2;                                   \
310       B4 ^= B0;                                   \
311       B0 &= B1;                                   \
312       B1 ^= B3;                                   \
313       B3 |= B4;                                   \
314       B2 ^= B3;                                   \
315       B0 ^= B3;                                   \
316       B1 ^= B4;                                   \
317       B3 &= B2;                                   \
318       B3 ^= B1;                                   \
319       B1 ^= B0;                                   \
320       B1 |= B2;                                   \
321       B0 ^= B3;                                   \
322       B1 ^= B4;                                   \
323       B0 ^= B1;                                   \
324       B4 = B0;                                    \
325       B0 = B2;                                    \
326       B2 = B3;                                    \
327       B3 = B4;                                    \
328       } while(0);
329
330 #define SBoxD5(T, B0, B1, B2, B3)                    \
331    do {                                           \
332       T B4 = B2;                               \
333       B2 &= B3;                                   \
334       B2 ^= B1;                                   \
335       B1 |= B3;                                   \
336       B1 &= B0;                                   \
337       B4 ^= B2;                                   \
338       B4 ^= B1;                                   \
339       B1 &= B2;                                   \
340       B0 = ~B0;                                   \
341       B3 ^= B4;                                   \
342       B1 ^= B3;                                   \
343       B3 &= B0;                                   \
344       B3 ^= B2;                                   \
345       B0 ^= B1;                                   \
346       B2 &= B0;                                   \
347       B3 ^= B0;                                   \
348       B2 ^= B4;                                   \
349       B2 |= B3;                                   \
350       B3 ^= B0;                                   \
351       B2 ^= B1;                                   \
352       B1 = B3;                                    \
353       B3 = B4;                                    \
354       } while(0);
355
356 #define SBoxD6(T, B0, B1, B2, B3)                    \
357    do {                                           \
358       T B4;                                     \
359       B1 = ~B1;                                   \
360       B4 = B3;                               \
361       B2 ^= B1;                                   \
362       B3 |= B0;                                   \
363       B3 ^= B2;                                   \
364       B2 |= B1;                                   \
365       B2 &= B0;                                   \
366       B4 ^= B3;                                   \
367       B2 ^= B4;                                   \
368       B4 |= B0;                                   \
369       B4 ^= B1;                                   \
370       B1 &= B2;                                   \
371       B1 ^= B3;                                   \
372       B4 ^= B2;                                   \
373       B3 &= B4;                                   \
374       B4 ^= B1;                                   \
375       B3 ^= B4;                                   \
376       B4 = ~B4;                                   \
377       B3 ^= B0;                                   \
378       B0 = B1;                                    \
379       B1 = B4;                                    \
380       B4 = B3;                                    \
381       B3 = B2;                                    \
382       B2 = B4;                                    \
383       } while(0);
384
385 #define SBoxD7(T, B0, B1, B2, B3)                    \
386    do {                                           \
387       T B4;                                     \
388       B0 ^= B2;                                   \
389       B4 = B2;                               \
390       B2 &= B0;                                   \
391       B4 ^= B3;                                   \
392       B2 = ~B2;                                   \
393       B3 ^= B1;                                   \
394       B2 ^= B3;                                   \
395       B4 |= B0;                                   \
396       B0 ^= B2;                                   \
397       B3 ^= B4;                                   \
398       B4 ^= B1;                                   \
399       B1 &= B3;                                   \
400       B1 ^= B0;                                   \
401       B0 ^= B3;                                   \
402       B0 |= B2;                                   \
403       B3 ^= B1;                                   \
404       B4 ^= B0;                                   \
405       B0 = B1;                                    \
406       B1 = B2;                                    \
407       B2 = B4;                                    \
408       } while(0);
409
410 #define SBoxD8(T, B0, B1, B2, B3)                    \
411    do {                                           \
412       T B4 = B2;                               \
413       B2 ^= B0;                                   \
414       B0 &= B3;                                   \
415       B4 |= B3;                                   \
416       B2 = ~B2;                                   \
417       B3 ^= B1;                                   \
418       B1 |= B0;                                   \
419       B0 ^= B2;                                   \
420       B2 &= B4;                                   \
421       B3 &= B4;                                   \
422       B1 ^= B2;                                   \
423       B2 ^= B0;                                   \
424       B0 |= B2;                                   \
425       B4 ^= B1;                                   \
426       B0 ^= B3;                                   \
427       B3 ^= B4;                                   \
428       B4 |= B0;                                   \
429       B3 ^= B2;                                   \
430       B4 ^= B2;                                   \
431       B2 = B1;                                    \
432       B1 = B0;                                    \
433       B0 = B3;                                    \
434       B3 = B4;                                    \
435       } while(0);
436
437 #endif
```