/src/cryptopp/kalyna.cpp

Line

Count

Source (jump to first uncovered line)

// kalyna.cpp - written and placed in the public domain by Jeffrey Walton

//              This code relied upon three sources. First was Oliynykov, Gorbenko, Kazymyrov, Ruzhentsev,

//              Kuznetsov, Gorbenko, Dyrda, Dolgov, Pushkaryov, Mordvinov and Kaidalov's "A New Encryption

//              Standard of Ukraine: The Kalyna Block Cipher" (http://eprint.iacr.org/2015/650.pdf). Second

//              was Roman Oliynykov and Oleksandr Kazymyrov's GitHub with the reference implementation

//              (http://github.com/Roman-Oliynykov/Kalyna-reference). The third and most utilized resource

//              was Keru Kuro's public domain implementation of Kalyna in CppCrypto

//              (http://sourceforge.net/projects/cppcrypto/). Kuro has an outstanding implementation that

//              performed better than the reference implementation and our initial attempts. The only downside

//              was the missing big endian port.

#include "pch.h"

#include "config.h"

#include "kalyna.h"

#include "argnames.h"

#include "misc.h"

#include "cpu.h"

NAMESPACE_BEGIN(CryptoPP)

NAMESPACE_BEGIN(KalynaTab)

// T can be shared between Kupyna and Kalyna; IT, S and IS are Kalyna specific

extern const word64 T[8][256];  // Columns

extern const word64 IT[8][256]; // Inverse

extern const byte S[4][256];    // Substitution

extern const byte IS[4][256];   // Inverse

NAMESPACE_END

NAMESPACE_END

ANONYMOUS_NAMESPACE_BEGIN

// The typedef here is to sidestep problems with byte in the global namespace

typedef unsigned char byte;

using CryptoPP::word64;

using CryptoPP::KalynaTab::T;

using CryptoPP::KalynaTab::S;

using CryptoPP::KalynaTab::IT;

using CryptoPP::KalynaTab::IS;

template <unsigned int NB>

inline void MakeOddKey(const word64 evenkey[NB], word64 oddkey[NB])

#if (CRYPTOPP_BIG_ENDIAN)

    if (NB == 2)

        oddkey[0] = (evenkey[1] << 8) | (evenkey[0] >> 56);

        oddkey[1] = (evenkey[0] << 8) | (evenkey[1] >> 56);

    else if (NB == 4)

        oddkey[0] = (evenkey[2] << 40) | (evenkey[1] >> 24);

        oddkey[1] = (evenkey[3] << 40) | (evenkey[2] >> 24);

        oddkey[2] = (evenkey[0] << 40) | (evenkey[3] >> 24);

        oddkey[3] = (evenkey[1] << 40) | (evenkey[0] >> 24);

    else if (NB == 8)

        oddkey[0] = (evenkey[3] << 40) | (evenkey[2] >> 24);

        oddkey[1] = (evenkey[4] << 40) | (evenkey[3] >> 24);

        oddkey[2] = (evenkey[5] << 40) | (evenkey[4] >> 24);

        oddkey[3] = (evenkey[6] << 40) | (evenkey[5] >> 24);

        oddkey[4] = (evenkey[7] << 40) | (evenkey[6] >> 24);

        oddkey[5] = (evenkey[0] << 40) | (evenkey[7] >> 24);

        oddkey[6] = (evenkey[1] << 40) | (evenkey[0] >> 24);

        oddkey[7] = (evenkey[2] << 40) | (evenkey[1] >> 24);

    else

        CRYPTOPP_ASSERT(0);

#else

    static const unsigned int U = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1;

    static const unsigned int V = (NB == 2) ?  7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1;

    const byte* even = reinterpret_cast<const byte*>(evenkey);

    byte* odd = reinterpret_cast<byte*>(oddkey);

    std::memcpy(odd, even + V, U - V);

    std::memcpy(odd + U - V, even, V);

#endif

kalyna.cpp:void (anonymous namespace)::MakeOddKey<2u>(unsigned long const*, unsigned long*)

Line	Count	Source
45	15	{
46		#if (CRYPTOPP_BIG_ENDIAN)
47		if (NB == 2)
48		{
49		oddkey[0] = (evenkey[1] << 8) \| (evenkey[0] >> 56);
50		oddkey[1] = (evenkey[0] << 8) \| (evenkey[1] >> 56);
51		}
52		else if (NB == 4)
53		{
54		oddkey[0] = (evenkey[2] << 40) \| (evenkey[1] >> 24);
55		oddkey[1] = (evenkey[3] << 40) \| (evenkey[2] >> 24);
56		oddkey[2] = (evenkey[0] << 40) \| (evenkey[3] >> 24);
57		oddkey[3] = (evenkey[1] << 40) \| (evenkey[0] >> 24);
58		}
59		else if (NB == 8)
60		{
61		oddkey[0] = (evenkey[3] << 40) \| (evenkey[2] >> 24);
62		oddkey[1] = (evenkey[4] << 40) \| (evenkey[3] >> 24);
63		oddkey[2] = (evenkey[5] << 40) \| (evenkey[4] >> 24);
64		oddkey[3] = (evenkey[6] << 40) \| (evenkey[5] >> 24);
65
66		oddkey[4] = (evenkey[7] << 40) \| (evenkey[6] >> 24);
67		oddkey[5] = (evenkey[0] << 40) \| (evenkey[7] >> 24);
68		oddkey[6] = (evenkey[1] << 40) \| (evenkey[0] >> 24);
69		oddkey[7] = (evenkey[2] << 40) \| (evenkey[1] >> 24);
70		}
71		else
72		{
73		CRYPTOPP_ASSERT(0);
74		}
75		#else
76	15	static const unsigned int U = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1;
77	15	static const unsigned int V = (NB == 2) ? 7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1;
78
79	15	const byte* even = reinterpret_cast<const byte*>(evenkey);
80	15	byte* odd = reinterpret_cast<byte*>(oddkey);
81
82	15	std::memcpy(odd, even + V, U - V);
83	15	std::memcpy(odd + U - V, even, V);
84	15	#endif
85	15	}

kalyna.cpp:void (anonymous namespace)::MakeOddKey<4u>(unsigned long const*, unsigned long*)

Line	Count	Source
45	7	{
46		#if (CRYPTOPP_BIG_ENDIAN)
47		if (NB == 2)
48		{
49		oddkey[0] = (evenkey[1] << 8) \| (evenkey[0] >> 56);
50		oddkey[1] = (evenkey[0] << 8) \| (evenkey[1] >> 56);
51		}
52		else if (NB == 4)
53		{
54		oddkey[0] = (evenkey[2] << 40) \| (evenkey[1] >> 24);
55		oddkey[1] = (evenkey[3] << 40) \| (evenkey[2] >> 24);
56		oddkey[2] = (evenkey[0] << 40) \| (evenkey[3] >> 24);
57		oddkey[3] = (evenkey[1] << 40) \| (evenkey[0] >> 24);
58		}
59		else if (NB == 8)
60		{
61		oddkey[0] = (evenkey[3] << 40) \| (evenkey[2] >> 24);
62		oddkey[1] = (evenkey[4] << 40) \| (evenkey[3] >> 24);
63		oddkey[2] = (evenkey[5] << 40) \| (evenkey[4] >> 24);
64		oddkey[3] = (evenkey[6] << 40) \| (evenkey[5] >> 24);
65
66		oddkey[4] = (evenkey[7] << 40) \| (evenkey[6] >> 24);
67		oddkey[5] = (evenkey[0] << 40) \| (evenkey[7] >> 24);
68		oddkey[6] = (evenkey[1] << 40) \| (evenkey[0] >> 24);
69		oddkey[7] = (evenkey[2] << 40) \| (evenkey[1] >> 24);
70		}
71		else
72		{
73		CRYPTOPP_ASSERT(0);
74		}
75		#else
76	7	static const unsigned int U = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1;
77	7	static const unsigned int V = (NB == 2) ? 7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1;
78
79	7	const byte* even = reinterpret_cast<const byte*>(evenkey);
80	7	byte* odd = reinterpret_cast<byte*>(oddkey);
81
82	7	std::memcpy(odd, even + V, U - V);
83	7	std::memcpy(odd + U - V, even, V);
84	7	#endif
85	7	}

kalyna.cpp:void (anonymous namespace)::MakeOddKey<8u>(unsigned long const*, unsigned long*)

Line	Count	Source
45	27	{
46		#if (CRYPTOPP_BIG_ENDIAN)
47		if (NB == 2)
48		{
49		oddkey[0] = (evenkey[1] << 8) \| (evenkey[0] >> 56);
50		oddkey[1] = (evenkey[0] << 8) \| (evenkey[1] >> 56);
51		}
52		else if (NB == 4)
53		{
54		oddkey[0] = (evenkey[2] << 40) \| (evenkey[1] >> 24);
55		oddkey[1] = (evenkey[3] << 40) \| (evenkey[2] >> 24);
56		oddkey[2] = (evenkey[0] << 40) \| (evenkey[3] >> 24);
57		oddkey[3] = (evenkey[1] << 40) \| (evenkey[0] >> 24);
58		}
59		else if (NB == 8)
60		{
61		oddkey[0] = (evenkey[3] << 40) \| (evenkey[2] >> 24);
62		oddkey[1] = (evenkey[4] << 40) \| (evenkey[3] >> 24);
63		oddkey[2] = (evenkey[5] << 40) \| (evenkey[4] >> 24);
64		oddkey[3] = (evenkey[6] << 40) \| (evenkey[5] >> 24);
65
66		oddkey[4] = (evenkey[7] << 40) \| (evenkey[6] >> 24);
67		oddkey[5] = (evenkey[0] << 40) \| (evenkey[7] >> 24);
68		oddkey[6] = (evenkey[1] << 40) \| (evenkey[0] >> 24);
69		oddkey[7] = (evenkey[2] << 40) \| (evenkey[1] >> 24);
70		}
71		else
72		{
73		CRYPTOPP_ASSERT(0);
74		}
75		#else
76	27	static const unsigned int U = (NB == 2) ? 16 : (NB == 4) ? 32 : (NB == 8) ? 64 : -1;
77	27	static const unsigned int V = (NB == 2) ? 7 : (NB == 4) ? 11 : (NB == 8) ? 19 : -1;
78
79	27	const byte* even = reinterpret_cast<const byte*>(evenkey);
80	27	byte* odd = reinterpret_cast<byte*>(oddkey);
81
82	27	std::memcpy(odd, even + V, U - V);
83	27	std::memcpy(odd + U - V, even, V);
84	27	#endif
85	27	}

template <unsigned int NB>

inline void SwapBlocks(word64 k[NB])

    const word64 t = k[0];

    k[0] = k[1];

    if (NB > 2)

        k[1] = k[2];

        k[2] = k[3];

    if (NB > 4)

        k[3] = k[4];

        k[4] = k[5];

        k[5] = k[6];

        k[6] = k[7];

    k[NB - 1] = t;

kalyna.cpp:void (anonymous namespace)::SwapBlocks<4u>(unsigned long*)

Line	Count	Source
89	7	{
90	7	const word64 t = k[0];
91	7	k[0] = k[1];
92
93	7	if (NB > 2)
94	7	{
95	7	k[1] = k[2];
96	7	k[2] = k[3];
97	7	}
98
99	7	if (NB > 4)
100	0	{
101	0	k[3] = k[4];
102	0	k[4] = k[5];
103	0	k[5] = k[6];
104	0	k[6] = k[7];
105	0	}
106
107	7	k[NB - 1] = t;
108	7	}

kalyna.cpp:void (anonymous namespace)::SwapBlocks<8u>(unsigned long*)

Line	Count	Source
89	27	{
90	27	const word64 t = k[0];
91	27	k[0] = k[1];
92
93	27	if (NB > 2)
94	27	{
95	27	k[1] = k[2];
96	27	k[2] = k[3];
97	27	}
98
99	27	if (NB > 4)
100	27	{
101	27	k[3] = k[4];
102	27	k[4] = k[5];
103	27	k[5] = k[6];
104	27	k[6] = k[7];
105	27	}
106
107	27	k[NB - 1] = t;
108	27	}

template <unsigned int NB>

inline void AddKey(const word64 x[NB], word64 y[NB], const word64 k[NB])

    y[0] = x[0] + k[0];

    y[1] = x[1] + k[1];

    if (NB > 2)

        y[2] = x[2] + k[2];

        y[3] = x[3] + k[3];

    if (NB > 4)

        y[4] = x[4] + k[4];

        y[5] = x[5] + k[5];

        y[6] = x[6] + k[6];

        y[7] = x[7] + k[7];

kalyna.cpp:void (anonymous namespace)::AddKey<2u>(unsigned long const*, unsigned long*, unsigned long const*)

Line	Count	Source
112	21	{
113	21	y[0] = x[0] + k[0];
114	21	y[1] = x[1] + k[1];
115
116	21	if (NB > 2)
117	0	{
118	0	y[2] = x[2] + k[2];
119	0	y[3] = x[3] + k[3];
120	0	}
121
122	21	if (NB > 4)
123	0	{
124	0	y[4] = x[4] + k[4];
125	0	y[5] = x[5] + k[5];
126	0	y[6] = x[6] + k[6];
127	0	y[7] = x[7] + k[7];
128	0	}
129	21	}

kalyna.cpp:void (anonymous namespace)::AddKey<4u>(unsigned long const*, unsigned long*, unsigned long const*)

Line	Count	Source
112	9	{
113	9	y[0] = x[0] + k[0];
114	9	y[1] = x[1] + k[1];
115
116	9	if (NB > 2)
117	9	{
118	9	y[2] = x[2] + k[2];
119	9	y[3] = x[3] + k[3];
120	9	}
121
122	9	if (NB > 4)
123	0	{
124	0	y[4] = x[4] + k[4];
125	0	y[5] = x[5] + k[5];
126	0	y[6] = x[6] + k[6];
127	0	y[7] = x[7] + k[7];
128	0	}
129	9	}

kalyna.cpp:void (anonymous namespace)::AddKey<8u>(unsigned long const*, unsigned long*, unsigned long const*)

Line	Count	Source
112	33	{
113	33	y[0] = x[0] + k[0];
114	33	y[1] = x[1] + k[1];
115
116	33	if (NB > 2)
117	33	{
118	33	y[2] = x[2] + k[2];
119	33	y[3] = x[3] + k[3];
120	33	}
121
122	33	if (NB > 4)
123	33	{
124	33	y[4] = x[4] + k[4];
125	33	y[5] = x[5] + k[5];
126	33	y[6] = x[6] + k[6];
127	33	y[7] = x[7] + k[7];
128	33	}
129	33	}

template <unsigned int NB>

inline void SubKey(const word64 x[NB], word64 y[NB], const word64 k[NB])

    y[0] = x[0] - k[0];

    y[1] = x[1] - k[1];

    if (NB > 2)

        y[2] = x[2] - k[2];

        y[3] = x[3] - k[3];

    if (NB > 4)

        y[4] = x[4] - k[4];

        y[5] = x[5] - k[5];

        y[6] = x[6] - k[6];

        y[7] = x[7] - k[7];

kalyna.cpp:void (anonymous namespace)::SubKey<2u>(unsigned long const*, unsigned long*, unsigned long const*)

Line	Count	Source
133	1	{
134	1	y[0] = x[0] - k[0];
135	1	y[1] = x[1] - k[1];
136
137	1	if (NB > 2)
138	0	{
139	0	y[2] = x[2] - k[2];
140	0	y[3] = x[3] - k[3];
141	0	}
142
143	1	if (NB > 4)
144	0	{
145	0	y[4] = x[4] - k[4];
146	0	y[5] = x[5] - k[5];
147	0	y[6] = x[6] - k[6];
148	0	y[7] = x[7] - k[7];
149	0	}
150	1	}

Unexecuted instantiation: kalyna.cpp:void (anonymous namespace)::SubKey<4u>(unsigned long const*, unsigned long*, unsigned long const*)

kalyna.cpp:void (anonymous namespace)::SubKey<8u>(unsigned long const*, unsigned long*, unsigned long const*)

Line	Count	Source
133	13	{
134	13	y[0] = x[0] - k[0];
135	13	y[1] = x[1] - k[1];
136
137	13	if (NB > 2)
138	13	{
139	13	y[2] = x[2] - k[2];
140	13	y[3] = x[3] - k[3];
141	13	}
142
143	13	if (NB > 4)
144	13	{
145	13	y[4] = x[4] - k[4];
146	13	y[5] = x[5] - k[5];
147	13	y[6] = x[6] - k[6];
148	13	y[7] = x[7] - k[7];
149	13	}
150	13	}

template <unsigned int NB>

static inline void AddConstant(word64 src[NB], word64 dst[NB], word64 constant)

    dst[0] = src[0] + constant;

    dst[1] = src[1] + constant;

    if (NB > 2)

        dst[2] = src[2] + constant;

        dst[3] = src[3] + constant;

    if (NB > 4)

        dst[4] = src[4] + constant;

        dst[5] = src[5] + constant;

        dst[6] = src[6] + constant;

        dst[7] = src[7] + constant;

kalyna.cpp:void (anonymous namespace)::AddConstant<2u>(unsigned long*, unsigned long*, unsigned long)

Source
{
    dst[0] = src[0] + constant;
    dst[1] = src[1] + constant;

    if (NB > 2)
    {
        dst[2] = src[2] + constant;
        dst[3] = src[3] + constant;
    }

    if (NB > 4)
    {
        dst[4] = src[4] + constant;
        dst[5] = src[5] + constant;
        dst[6] = src[6] + constant;
        dst[7] = src[7] + constant;
    }
}

kalyna.cpp:void (anonymous namespace)::AddConstant<4u>(unsigned long*, unsigned long*, unsigned long)

Source
{
    dst[0] = src[0] + constant;
    dst[1] = src[1] + constant;

    if (NB > 2)
    {
        dst[2] = src[2] + constant;
        dst[3] = src[3] + constant;
    }

    if (NB > 4)
    {
        dst[4] = src[4] + constant;
        dst[5] = src[5] + constant;
        dst[6] = src[6] + constant;
        dst[7] = src[7] + constant;
    }
}

kalyna.cpp:void (anonymous namespace)::AddConstant<8u>(unsigned long*, unsigned long*, unsigned long)

Source
{
    dst[0] = src[0] + constant;
    dst[1] = src[1] + constant;

    if (NB > 2)
    {
        dst[2] = src[2] + constant;
        dst[3] = src[3] + constant;
    }

    if (NB > 4)
    {
        dst[4] = src[4] + constant;
        dst[5] = src[5] + constant;
        dst[6] = src[6] + constant;
        dst[7] = src[7] + constant;
    }
}

inline void G0128(const word64 x[2], word64 y[2])

    y[0] = T[0][(byte)x[0]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[1] >> 56)];

    y[1] = T[0][(byte)x[1]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[0] >> 56)];

inline void G0256(const word64 x[4], word64 y[4])

    y[0] = T[0][(byte)x[0]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[3] >> 16)] ^ T[3][(byte)(x[3] >> 24)] ^

        T[4][(byte)(x[2] >> 32)] ^ T[5][(byte)(x[2] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[1] >> 56)];

    y[1] = T[0][(byte)x[1]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[3] >> 32)] ^ T[5][(byte)(x[3] >> 40)] ^ T[6][(byte)(x[2] >> 48)] ^ T[7][(byte)(x[2] >> 56)];

    y[2] = T[0][(byte)x[2]] ^ T[1][(byte)(x[2] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[3] >> 48)] ^ T[7][(byte)(x[3] >> 56)];

    y[3] = T[0][(byte)x[3]] ^ T[1][(byte)(x[3] >> 8)] ^ T[2][(byte)(x[2] >> 16)] ^ T[3][(byte)(x[2] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[0] >> 56)];

inline void G0512(const word64 x[8], word64 y[8])

    y[0] = T[0][(byte)x[0]] ^ T[1][(byte)(x[7] >> 8)] ^ T[2][(byte)(x[6] >> 16)] ^ T[3][(byte)(x[5] >> 24)] ^

        T[4][(byte)(x[4] >> 32)] ^ T[5][(byte)(x[3] >> 40)] ^ T[6][(byte)(x[2] >> 48)] ^ T[7][(byte)(x[1] >> 56)];

    y[1] = T[0][(byte)x[1]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[7] >> 16)] ^ T[3][(byte)(x[6] >> 24)] ^

        T[4][(byte)(x[5] >> 32)] ^ T[5][(byte)(x[4] >> 40)] ^ T[6][(byte)(x[3] >> 48)] ^ T[7][(byte)(x[2] >> 56)];

    y[2] = T[0][(byte)x[2]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[7] >> 24)] ^

        T[4][(byte)(x[6] >> 32)] ^ T[5][(byte)(x[5] >> 40)] ^ T[6][(byte)(x[4] >> 48)] ^ T[7][(byte)(x[3] >> 56)];

    y[3] = T[0][(byte)x[3]] ^ T[1][(byte)(x[2] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[7] >> 32)] ^ T[5][(byte)(x[6] >> 40)] ^ T[6][(byte)(x[5] >> 48)] ^ T[7][(byte)(x[4] >> 56)];

    y[4] = T[0][(byte)x[4]] ^ T[1][(byte)(x[3] >> 8)] ^ T[2][(byte)(x[2] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[7] >> 40)] ^ T[6][(byte)(x[6] >> 48)] ^ T[7][(byte)(x[5] >> 56)];

    y[5] = T[0][(byte)x[5]] ^ T[1][(byte)(x[4] >> 8)] ^ T[2][(byte)(x[3] >> 16)] ^ T[3][(byte)(x[2] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[7] >> 48)] ^ T[7][(byte)(x[6] >> 56)];

    y[6] = T[0][(byte)x[6]] ^ T[1][(byte)(x[5] >> 8)] ^ T[2][(byte)(x[4] >> 16)] ^ T[3][(byte)(x[3] >> 24)] ^

        T[4][(byte)(x[2] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[7] >> 56)];

    y[7] = T[0][(byte)x[7]] ^ T[1][(byte)(x[6] >> 8)] ^ T[2][(byte)(x[5] >> 16)] ^ T[3][(byte)(x[4] >> 24)] ^

        T[4][(byte)(x[3] >> 32)] ^ T[5][(byte)(x[2] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[0] >> 56)];

inline void GL128(const word64 x[2], word64 y[2], const word64 k[2])

    y[0] = k[0] + (T[0][(byte)x[0]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[1] >> 56)]);

    y[1] = k[1] + (T[0][(byte)x[1]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[0] >> 56)]);

inline void GL256(const word64 x[4], word64 y[4], const word64 k[4])

    y[0] = k[0] + (T[0][(byte)x[0]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[3] >> 16)] ^ T[3][(byte)(x[3] >> 24)] ^

        T[4][(byte)(x[2] >> 32)] ^ T[5][(byte)(x[2] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[1] >> 56)]);

    y[1] = k[1] + (T[0][(byte)x[1]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[3] >> 32)] ^ T[5][(byte)(x[3] >> 40)] ^ T[6][(byte)(x[2] >> 48)] ^ T[7][(byte)(x[2] >> 56)]);

    y[2] = k[2] + (T[0][(byte)x[2]] ^ T[1][(byte)(x[2] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[3] >> 48)] ^ T[7][(byte)(x[3] >> 56)]);

    y[3] = k[3] + (T[0][(byte)x[3]] ^ T[1][(byte)(x[3] >> 8)] ^ T[2][(byte)(x[2] >> 16)] ^ T[3][(byte)(x[2] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[0] >> 56)]);

inline void GL512(const word64 x[8], word64 y[8], const word64 k[8])

    y[0] = k[0] + (T[0][(byte)x[0]] ^ T[1][(byte)(x[7] >> 8)] ^ T[2][(byte)(x[6] >> 16)] ^ T[3][(byte)(x[5] >> 24)] ^

        T[4][(byte)(x[4] >> 32)] ^ T[5][(byte)(x[3] >> 40)] ^ T[6][(byte)(x[2] >> 48)] ^ T[7][(byte)(x[1] >> 56)]);

    y[1] = k[1] + (T[0][(byte)x[1]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[7] >> 16)] ^ T[3][(byte)(x[6] >> 24)] ^

        T[4][(byte)(x[5] >> 32)] ^ T[5][(byte)(x[4] >> 40)] ^ T[6][(byte)(x[3] >> 48)] ^ T[7][(byte)(x[2] >> 56)]);

    y[2] = k[2] + (T[0][(byte)x[2]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[7] >> 24)] ^

        T[4][(byte)(x[6] >> 32)] ^ T[5][(byte)(x[5] >> 40)] ^ T[6][(byte)(x[4] >> 48)] ^ T[7][(byte)(x[3] >> 56)]);

    y[3] = k[3] + (T[0][(byte)x[3]] ^ T[1][(byte)(x[2] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[7] >> 32)] ^ T[5][(byte)(x[6] >> 40)] ^ T[6][(byte)(x[5] >> 48)] ^ T[7][(byte)(x[4] >> 56)]);

    y[4] = k[4] + (T[0][(byte)x[4]] ^ T[1][(byte)(x[3] >> 8)] ^ T[2][(byte)(x[2] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[7] >> 40)] ^ T[6][(byte)(x[6] >> 48)] ^ T[7][(byte)(x[5] >> 56)]);

    y[5] = k[5] + (T[0][(byte)x[5]] ^ T[1][(byte)(x[4] >> 8)] ^ T[2][(byte)(x[3] >> 16)] ^ T[3][(byte)(x[2] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[7] >> 48)] ^ T[7][(byte)(x[6] >> 56)]);

    y[6] = k[6] + (T[0][(byte)x[6]] ^ T[1][(byte)(x[5] >> 8)] ^ T[2][(byte)(x[4] >> 16)] ^ T[3][(byte)(x[3] >> 24)] ^

        T[4][(byte)(x[2] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[7] >> 56)]);

    y[7] = k[7] + (T[0][(byte)x[7]] ^ T[1][(byte)(x[6] >> 8)] ^ T[2][(byte)(x[5] >> 16)] ^ T[3][(byte)(x[4] >> 24)] ^

        T[4][(byte)(x[3] >> 32)] ^ T[5][(byte)(x[2] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[0] >> 56)]);

inline void IMC128(word64 x[2])

    x[0] = IT[0][S[0][(byte)x[0]]] ^ IT[1][S[1][(byte)(x[0] >> 8)]] ^ IT[2][S[2][(byte)(x[0] >> 16)]] ^ IT[3][S[3][(byte)(x[0] >> 24)]] ^

        IT[4][S[0][(byte)(x[0] >> 32)]] ^ IT[5][S[1][(byte)(x[0] >> 40)]] ^ IT[6][S[2][(byte)(x[0] >> 48)]] ^ IT[7][S[3][(byte)(x[0] >> 56)]];

    x[1] = IT[0][S[0][(byte)x[1]]] ^ IT[1][S[1][(byte)(x[1] >> 8)]] ^ IT[2][S[2][(byte)(x[1] >> 16)]] ^ IT[3][S[3][(byte)(x[1] >> 24)]] ^

        IT[4][S[0][(byte)(x[1] >> 32)]] ^ IT[5][S[1][(byte)(x[1] >> 40)]] ^ IT[6][S[2][(byte)(x[1] >> 48)]] ^ IT[7][S[3][(byte)(x[1] >> 56)]];

inline void IMC256(word64 x[4])

    x[0] = IT[0][S[0][(byte)x[0]]] ^ IT[1][S[1][(byte)(x[0] >> 8)]] ^ IT[2][S[2][(byte)(x[0] >> 16)]] ^ IT[3][S[3][(byte)(x[0] >> 24)]] ^

        IT[4][S[0][(byte)(x[0] >> 32)]] ^ IT[5][S[1][(byte)(x[0] >> 40)]] ^ IT[6][S[2][(byte)(x[0] >> 48)]] ^ IT[7][S[3][(byte)(x[0] >> 56)]];

    x[1] = IT[0][S[0][(byte)x[1]]] ^ IT[1][S[1][(byte)(x[1] >> 8)]] ^ IT[2][S[2][(byte)(x[1] >> 16)]] ^ IT[3][S[3][(byte)(x[1] >> 24)]] ^

        IT[4][S[0][(byte)(x[1] >> 32)]] ^ IT[5][S[1][(byte)(x[1] >> 40)]] ^ IT[6][S[2][(byte)(x[1] >> 48)]] ^ IT[7][S[3][(byte)(x[1] >> 56)]];

    x[2] = IT[0][S[0][(byte)x[2]]] ^ IT[1][S[1][(byte)(x[2] >> 8)]] ^ IT[2][S[2][(byte)(x[2] >> 16)]] ^ IT[3][S[3][(byte)(x[2] >> 24)]] ^

        IT[4][S[0][(byte)(x[2] >> 32)]] ^ IT[5][S[1][(byte)(x[2] >> 40)]] ^ IT[6][S[2][(byte)(x[2] >> 48)]] ^ IT[7][S[3][(byte)(x[2] >> 56)]];

    x[3] = IT[0][S[0][(byte)x[3]]] ^ IT[1][S[1][(byte)(x[3] >> 8)]] ^ IT[2][S[2][(byte)(x[3] >> 16)]] ^ IT[3][S[3][(byte)(x[3] >> 24)]] ^

        IT[4][S[0][(byte)(x[3] >> 32)]] ^ IT[5][S[1][(byte)(x[3] >> 40)]] ^ IT[6][S[2][(byte)(x[3] >> 48)]] ^ IT[7][S[3][(byte)(x[3] >> 56)]];

inline void IMC512(word64 x[8])

    x[0] = IT[0][S[0][(byte)x[0]]] ^ IT[1][S[1][(byte)(x[0] >> 8)]] ^ IT[2][S[2][(byte)(x[0] >> 16)]] ^ IT[3][S[3][(byte)(x[0] >> 24)]] ^

        IT[4][S[0][(byte)(x[0] >> 32)]] ^ IT[5][S[1][(byte)(x[0] >> 40)]] ^ IT[6][S[2][(byte)(x[0] >> 48)]] ^ IT[7][S[3][(byte)(x[0] >> 56)]];

    x[1] = IT[0][S[0][(byte)x[1]]] ^ IT[1][S[1][(byte)(x[1] >> 8)]] ^ IT[2][S[2][(byte)(x[1] >> 16)]] ^ IT[3][S[3][(byte)(x[1] >> 24)]] ^

        IT[4][S[0][(byte)(x[1] >> 32)]] ^ IT[5][S[1][(byte)(x[1] >> 40)]] ^ IT[6][S[2][(byte)(x[1] >> 48)]] ^ IT[7][S[3][(byte)(x[1] >> 56)]];

    x[2] = IT[0][S[0][(byte)x[2]]] ^ IT[1][S[1][(byte)(x[2] >> 8)]] ^ IT[2][S[2][(byte)(x[2] >> 16)]] ^ IT[3][S[3][(byte)(x[2] >> 24)]] ^

        IT[4][S[0][(byte)(x[2] >> 32)]] ^ IT[5][S[1][(byte)(x[2] >> 40)]] ^ IT[6][S[2][(byte)(x[2] >> 48)]] ^ IT[7][S[3][(byte)(x[2] >> 56)]];

    x[3] = IT[0][S[0][(byte)x[3]]] ^ IT[1][S[1][(byte)(x[3] >> 8)]] ^ IT[2][S[2][(byte)(x[3] >> 16)]] ^ IT[3][S[3][(byte)(x[3] >> 24)]] ^

        IT[4][S[0][(byte)(x[3] >> 32)]] ^ IT[5][S[1][(byte)(x[3] >> 40)]] ^ IT[6][S[2][(byte)(x[3] >> 48)]] ^ IT[7][S[3][(byte)(x[3] >> 56)]];

    x[4] = IT[0][S[0][(byte)x[4]]] ^ IT[1][S[1][(byte)(x[4] >> 8)]] ^ IT[2][S[2][(byte)(x[4] >> 16)]] ^ IT[3][S[3][(byte)(x[4] >> 24)]] ^

        IT[4][S[0][(byte)(x[4] >> 32)]] ^ IT[5][S[1][(byte)(x[4] >> 40)]] ^ IT[6][S[2][(byte)(x[4] >> 48)]] ^ IT[7][S[3][(byte)(x[4] >> 56)]];

    x[5] = IT[0][S[0][(byte)x[5]]] ^ IT[1][S[1][(byte)(x[5] >> 8)]] ^ IT[2][S[2][(byte)(x[5] >> 16)]] ^ IT[3][S[3][(byte)(x[5] >> 24)]] ^

        IT[4][S[0][(byte)(x[5] >> 32)]] ^ IT[5][S[1][(byte)(x[5] >> 40)]] ^ IT[6][S[2][(byte)(x[5] >> 48)]] ^ IT[7][S[3][(byte)(x[5] >> 56)]];

    x[6] = IT[0][S[0][(byte)x[6]]] ^ IT[1][S[1][(byte)(x[6] >> 8)]] ^ IT[2][S[2][(byte)(x[6] >> 16)]] ^ IT[3][S[3][(byte)(x[6] >> 24)]] ^

        IT[4][S[0][(byte)(x[6] >> 32)]] ^ IT[5][S[1][(byte)(x[6] >> 40)]] ^ IT[6][S[2][(byte)(x[6] >> 48)]] ^ IT[7][S[3][(byte)(x[6] >> 56)]];

    x[7] = IT[0][S[0][(byte)x[7]]] ^ IT[1][S[1][(byte)(x[7] >> 8)]] ^ IT[2][S[2][(byte)(x[7] >> 16)]] ^ IT[3][S[3][(byte)(x[7] >> 24)]] ^

        IT[4][S[0][(byte)(x[7] >> 32)]] ^ IT[5][S[1][(byte)(x[7] >> 40)]] ^ IT[6][S[2][(byte)(x[7] >> 48)]] ^ IT[7][S[3][(byte)(x[7] >> 56)]];

inline void IG128(const word64 x[2], word64 y[2], const word64 k[2])

    y[0] = k[0] ^ IT[0][(byte)x[0]] ^ IT[1][(byte)(x[0] >> 8)] ^ IT[2][(byte)(x[0] >> 16)] ^ IT[3][(byte)(x[0] >> 24)] ^

        IT[4][(byte)(x[1] >> 32)] ^ IT[5][(byte)(x[1] >> 40)] ^ IT[6][(byte)(x[1] >> 48)] ^ IT[7][(byte)(x[1] >> 56)];

    y[1] = k[1] ^ IT[0][(byte)x[1]] ^ IT[1][(byte)(x[1] >> 8)] ^ IT[2][(byte)(x[1] >> 16)] ^ IT[3][(byte)(x[1] >> 24)] ^

        IT[4][(byte)(x[0] >> 32)] ^ IT[5][(byte)(x[0] >> 40)] ^ IT[6][(byte)(x[0] >> 48)] ^ IT[7][(byte)(x[0] >> 56)];

inline void IG256(const word64 x[4], word64 y[4], const word64 k[4])

    y[0] = k[0] ^ IT[0][(byte)x[0]] ^ IT[1][(byte)(x[0] >> 8)] ^ IT[2][(byte)(x[1] >> 16)] ^ IT[3][(byte)(x[1] >> 24)] ^

        IT[4][(byte)(x[2] >> 32)] ^ IT[5][(byte)(x[2] >> 40)] ^ IT[6][(byte)(x[3] >> 48)] ^ IT[7][(byte)(x[3] >> 56)];

    y[1] = k[1] ^ IT[0][(byte)x[1]] ^ IT[1][(byte)(x[1] >> 8)] ^ IT[2][(byte)(x[2] >> 16)] ^ IT[3][(byte)(x[2] >> 24)] ^

        IT[4][(byte)(x[3] >> 32)] ^ IT[5][(byte)(x[3] >> 40)] ^ IT[6][(byte)(x[0] >> 48)] ^ IT[7][(byte)(x[0] >> 56)];

    y[2] = k[2] ^ IT[0][(byte)x[2]] ^ IT[1][(byte)(x[2] >> 8)] ^ IT[2][(byte)(x[3] >> 16)] ^ IT[3][(byte)(x[3] >> 24)] ^

        IT[4][(byte)(x[0] >> 32)] ^ IT[5][(byte)(x[0] >> 40)] ^ IT[6][(byte)(x[1] >> 48)] ^ IT[7][(byte)(x[1] >> 56)];

    y[3] = k[3] ^ IT[0][(byte)x[3]] ^ IT[1][(byte)(x[3] >> 8)] ^ IT[2][(byte)(x[0] >> 16)] ^ IT[3][(byte)(x[0] >> 24)] ^

        IT[4][(byte)(x[1] >> 32)] ^ IT[5][(byte)(x[1] >> 40)] ^ IT[6][(byte)(x[2] >> 48)] ^ IT[7][(byte)(x[2] >> 56)];

inline void IG512(const word64 x[8], word64 y[8], const word64 k[8])

    y[0] = k[0] ^ IT[0][(byte)x[0]] ^ IT[1][(byte)(x[1] >> 8)] ^ IT[2][(byte)(x[2] >> 16)] ^ IT[3][(byte)(x[3] >> 24)] ^

        IT[4][(byte)(x[4] >> 32)] ^ IT[5][(byte)(x[5] >> 40)] ^ IT[6][(byte)(x[6] >> 48)] ^ IT[7][(byte)(x[7] >> 56)];

    y[1] = k[1] ^ IT[0][(byte)x[1]] ^ IT[1][(byte)(x[2] >> 8)] ^ IT[2][(byte)(x[3] >> 16)] ^ IT[3][(byte)(x[4] >> 24)] ^

        IT[4][(byte)(x[5] >> 32)] ^ IT[5][(byte)(x[6] >> 40)] ^ IT[6][(byte)(x[7] >> 48)] ^ IT[7][(byte)(x[0] >> 56)];

    y[2] = k[2] ^ IT[0][(byte)x[2]] ^ IT[1][(byte)(x[3] >> 8)] ^ IT[2][(byte)(x[4] >> 16)] ^ IT[3][(byte)(x[5] >> 24)] ^

        IT[4][(byte)(x[6] >> 32)] ^ IT[5][(byte)(x[7] >> 40)] ^ IT[6][(byte)(x[0] >> 48)] ^ IT[7][(byte)(x[1] >> 56)];

    y[3] = k[3] ^ IT[0][(byte)x[3]] ^ IT[1][(byte)(x[4] >> 8)] ^ IT[2][(byte)(x[5] >> 16)] ^ IT[3][(byte)(x[6] >> 24)] ^

        IT[4][(byte)(x[7] >> 32)] ^ IT[5][(byte)(x[0] >> 40)] ^ IT[6][(byte)(x[1] >> 48)] ^ IT[7][(byte)(x[2] >> 56)];

    y[4] = k[4] ^ IT[0][(byte)x[4]] ^ IT[1][(byte)(x[5] >> 8)] ^ IT[2][(byte)(x[6] >> 16)] ^ IT[3][(byte)(x[7] >> 24)] ^

        IT[4][(byte)(x[0] >> 32)] ^ IT[5][(byte)(x[1] >> 40)] ^ IT[6][(byte)(x[2] >> 48)] ^ IT[7][(byte)(x[3] >> 56)];

    y[5] = k[5] ^ IT[0][(byte)x[5]] ^ IT[1][(byte)(x[6] >> 8)] ^ IT[2][(byte)(x[7] >> 16)] ^ IT[3][(byte)(x[0] >> 24)] ^

        IT[4][(byte)(x[1] >> 32)] ^ IT[5][(byte)(x[2] >> 40)] ^ IT[6][(byte)(x[3] >> 48)] ^ IT[7][(byte)(x[4] >> 56)];

    y[6] = k[6] ^ IT[0][(byte)x[6]] ^ IT[1][(byte)(x[7] >> 8)] ^ IT[2][(byte)(x[0] >> 16)] ^ IT[3][(byte)(x[1] >> 24)] ^

        IT[4][(byte)(x[2] >> 32)] ^ IT[5][(byte)(x[3] >> 40)] ^ IT[6][(byte)(x[4] >> 48)] ^ IT[7][(byte)(x[5] >> 56)];

    y[7] = k[7] ^ IT[0][(byte)x[7]] ^ IT[1][(byte)(x[0] >> 8)] ^ IT[2][(byte)(x[1] >> 16)] ^ IT[3][(byte)(x[2] >> 24)] ^

        IT[4][(byte)(x[3] >> 32)] ^ IT[5][(byte)(x[4] >> 40)] ^ IT[6][(byte)(x[5] >> 48)] ^ IT[7][(byte)(x[6] >> 56)];

inline void IGL128(const word64 x[2], word64 y[2], const word64 k[2])

    y[0] = (word64(IS[0][(byte)x[0]]) ^ word64(IS[1][(byte)(x[0] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[0] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[0] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[1] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[1] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[1] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[1] >> 56)]) << 56) - k[0];

    y[1] = (word64(IS[0][(byte)x[1]]) ^ word64(IS[1][(byte)(x[1] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[1] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[1] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[0] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[0] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[0] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[0] >> 56)]) << 56) - k[1];

inline void IGL256(const word64 x[4], word64 y[4], const word64 k[4])

    y[0] = (word64(IS[0][(byte)x[0]]) ^ word64(IS[1][(byte)(x[0] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[1] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[1] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[2] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[2] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[3] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[3] >> 56)]) << 56) - k[0];

    y[1] = (word64(IS[0][(byte)x[1]]) ^ word64(IS[1][(byte)(x[1] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[2] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[2] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[3] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[3] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[0] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[0] >> 56)]) << 56) - k[1];

    y[2] = (word64(IS[0][(byte)x[2]]) ^ word64(IS[1][(byte)(x[2] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[3] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[3] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[0] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[0] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[1] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[1] >> 56)]) << 56) - k[2];

    y[3] = (word64(IS[0][(byte)x[3]]) ^ word64(IS[1][(byte)(x[3] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[0] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[0] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[1] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[1] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[2] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[2] >> 56)]) << 56) - k[3];

inline void IGL512(const word64 x[8], word64 y[8], const word64 k[8])

    y[0] = (word64(IS[0][(byte)x[0]]) ^ word64(IS[1][(byte)(x[1] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[2] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[3] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[4] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[5] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[6] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[7] >> 56)]) << 56) - k[0];

    y[1] = (word64(IS[0][(byte)x[1]]) ^ word64(IS[1][(byte)(x[2] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[3] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[4] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[5] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[6] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[7] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[0] >> 56)]) << 56) - k[1];

    y[2] = (word64(IS[0][(byte)x[2]]) ^ word64(IS[1][(byte)(x[3] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[4] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[5] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[6] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[7] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[0] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[1] >> 56)]) << 56) - k[2];

    y[3] = (word64(IS[0][(byte)x[3]]) ^ word64(IS[1][(byte)(x[4] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[5] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[6] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[7] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[0] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[1] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[2] >> 56)]) << 56) - k[3];

    y[4] = (word64(IS[0][(byte)x[4]]) ^ word64(IS[1][(byte)(x[5] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[6] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[7] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[0] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[1] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[2] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[3] >> 56)]) << 56) - k[4];

    y[5] = (word64(IS[0][(byte)x[5]]) ^ word64(IS[1][(byte)(x[6] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[7] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[0] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[1] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[2] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[3] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[4] >> 56)]) << 56) - k[5];

    y[6] = (word64(IS[0][(byte)x[6]]) ^ word64(IS[1][(byte)(x[7] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[0] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[1] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[2] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[3] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[4] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[5] >> 56)]) << 56) - k[6];

    y[7] = (word64(IS[0][(byte)x[7]]) ^ word64(IS[1][(byte)(x[0] >> 8)]) << 8 ^ word64(IS[2][(byte)(x[1] >> 16)]) << 16 ^ word64(IS[3][(byte)(x[2] >> 24)]) << 24 ^

        word64(IS[0][(byte)(x[3] >> 32)]) << 32 ^ word64(IS[1][(byte)(x[4] >> 40)]) << 40 ^ word64(IS[2][(byte)(x[5] >> 48)]) << 48 ^ word64(IS[3][(byte)(x[6] >> 56)]) << 56) - k[7];

inline void G128(const word64 x[2], word64 y[2], const word64 k[2])

    y[0] = k[0] ^ T[0][(byte)x[0]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[1] >> 56)];

    y[1] = k[1] ^ T[0][(byte)x[1]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[0] >> 56)];

inline void G256(const word64 x[4], word64 y[4], const word64 k[4])

    y[0] = k[0] ^ T[0][(byte)x[0]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[3] >> 16)] ^ T[3][(byte)(x[3] >> 24)] ^

        T[4][(byte)(x[2] >> 32)] ^ T[5][(byte)(x[2] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[1] >> 56)];

    y[1] = k[1] ^ T[0][(byte)x[1]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[3] >> 32)] ^ T[5][(byte)(x[3] >> 40)] ^ T[6][(byte)(x[2] >> 48)] ^ T[7][(byte)(x[2] >> 56)];

    y[2] = k[2] ^ T[0][(byte)x[2]] ^ T[1][(byte)(x[2] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[3] >> 48)] ^ T[7][(byte)(x[3] >> 56)];

    y[3] = k[3] ^ T[0][(byte)x[3]] ^ T[1][(byte)(x[3] >> 8)] ^ T[2][(byte)(x[2] >> 16)] ^ T[3][(byte)(x[2] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[0] >> 56)];

inline void G512(const word64 x[8], word64 y[8], const word64 k[8])

    y[0] = k[0] ^ T[0][(byte)x[0]] ^ T[1][(byte)(x[7] >> 8)] ^ T[2][(byte)(x[6] >> 16)] ^ T[3][(byte)(x[5] >> 24)] ^

        T[4][(byte)(x[4] >> 32)] ^ T[5][(byte)(x[3] >> 40)] ^ T[6][(byte)(x[2] >> 48)] ^ T[7][(byte)(x[1] >> 56)];

    y[1] = k[1] ^ T[0][(byte)x[1]] ^ T[1][(byte)(x[0] >> 8)] ^ T[2][(byte)(x[7] >> 16)] ^ T[3][(byte)(x[6] >> 24)] ^

        T[4][(byte)(x[5] >> 32)] ^ T[5][(byte)(x[4] >> 40)] ^ T[6][(byte)(x[3] >> 48)] ^ T[7][(byte)(x[2] >> 56)];

    y[2] = k[2] ^ T[0][(byte)x[2]] ^ T[1][(byte)(x[1] >> 8)] ^ T[2][(byte)(x[0] >> 16)] ^ T[3][(byte)(x[7] >> 24)] ^

        T[4][(byte)(x[6] >> 32)] ^ T[5][(byte)(x[5] >> 40)] ^ T[6][(byte)(x[4] >> 48)] ^ T[7][(byte)(x[3] >> 56)];

    y[3] = k[3] ^ T[0][(byte)x[3]] ^ T[1][(byte)(x[2] >> 8)] ^ T[2][(byte)(x[1] >> 16)] ^ T[3][(byte)(x[0] >> 24)] ^

        T[4][(byte)(x[7] >> 32)] ^ T[5][(byte)(x[6] >> 40)] ^ T[6][(byte)(x[5] >> 48)] ^ T[7][(byte)(x[4] >> 56)];

    y[4] = k[4] ^ T[0][(byte)x[4]] ^ T[1][(byte)(x[3] >> 8)] ^ T[2][(byte)(x[2] >> 16)] ^ T[3][(byte)(x[1] >> 24)] ^

        T[4][(byte)(x[0] >> 32)] ^ T[5][(byte)(x[7] >> 40)] ^ T[6][(byte)(x[6] >> 48)] ^ T[7][(byte)(x[5] >> 56)];

    y[5] = k[5] ^ T[0][(byte)x[5]] ^ T[1][(byte)(x[4] >> 8)] ^ T[2][(byte)(x[3] >> 16)] ^ T[3][(byte)(x[2] >> 24)] ^

        T[4][(byte)(x[1] >> 32)] ^ T[5][(byte)(x[0] >> 40)] ^ T[6][(byte)(x[7] >> 48)] ^ T[7][(byte)(x[6] >> 56)];

    y[6] = k[6] ^ T[0][(byte)x[6]] ^ T[1][(byte)(x[5] >> 8)] ^ T[2][(byte)(x[4] >> 16)] ^ T[3][(byte)(x[3] >> 24)] ^

        T[4][(byte)(x[2] >> 32)] ^ T[5][(byte)(x[1] >> 40)] ^ T[6][(byte)(x[0] >> 48)] ^ T[7][(byte)(x[7] >> 56)];

    y[7] = k[7] ^ T[0][(byte)x[7]] ^ T[1][(byte)(x[6] >> 8)] ^ T[2][(byte)(x[5] >> 16)] ^ T[3][(byte)(x[4] >> 24)] ^

        T[4][(byte)(x[3] >> 32)] ^ T[5][(byte)(x[2] >> 40)] ^ T[6][(byte)(x[1] >> 48)] ^ T[7][(byte)(x[0] >> 56)];

ANONYMOUS_NAMESPACE_END

NAMESPACE_BEGIN(CryptoPP)

// *********************** UncheckedSetKey specializations *********************** //

void Kalyna128::Base::SetKey_22(const word64 key[2])

    word64 *ks = m_wspace+0, *ksc = m_wspace+2, *t1 = m_wspace+4;

    word64 *t2 = m_wspace+6, *k = m_wspace+8, *kswapped = m_wspace+10;

    std::memset(t1, 0, 2*8);

    t1[0] = (128 + 128 + 64) / 64;

    AddKey<2>(t1, t2, key);

    G128(t2, t1, key);

    GL128(t1, t2, key);

    G0128(t2, ks);

    word64 constant = W64LIT(0x0001000100010001);

    // round 0

    std::memcpy(k, key, 16);

    kswapped[1] = k[0];

    kswapped[0] = k[1];

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[0], ksc);

    MakeOddKey<2>(&m_rkeys[0], &m_rkeys[2]);

    // round 2

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(kswapped, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[4], ksc);

    MakeOddKey<2>(&m_rkeys[4], &m_rkeys[6]);

    // round 4

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[8], ksc);

    MakeOddKey<2>(&m_rkeys[8], &m_rkeys[10]);

    // round 6

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(kswapped, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[12], ksc);

    MakeOddKey<2>(&m_rkeys[12], &m_rkeys[14]);

    // round 8

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[16], ksc);

    MakeOddKey<2>(&m_rkeys[16], &m_rkeys[18]);

    // round 10

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(kswapped, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[20], ksc);

    if (!IsForwardTransformation())

        IMC128(&m_rkeys[18]); IMC128(&m_rkeys[16]);

        IMC128(&m_rkeys[14]); IMC128(&m_rkeys[12]);

        IMC128(&m_rkeys[10]); IMC128(&m_rkeys[ 8]);

        IMC128(&m_rkeys[ 6]); IMC128(&m_rkeys[ 4]);

        IMC128(&m_rkeys[ 2]);

void Kalyna128::Base::SetKey_24(const word64 key[4])

    word64 *ks = m_wspace+0, *ksc = m_wspace+2, *t1 = m_wspace+4, *t2 = m_wspace+6;

    word64 *k = m_wspace+8, *ka = m_wspace+12, *ko = m_wspace+14;

    std::memset(t1, 0, 2*8);

    t1[0] = (128 + 256 + 64) / 64;

    std::memcpy(ka, key, 16);

    std::memcpy(ko, key + 2, 16);

    AddKey<2>(t1, t2, ka);

    G128(t2, t1, ko);

    GL128(t1, t2, ka);

    G0128(t2, ks);

    word64 constant = W64LIT(0x0001000100010001);

    // round 0

    std::memcpy(k, key, 256 / 8);

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[0], ksc);

    MakeOddKey<2>(&m_rkeys[0], &m_rkeys[2]);

    // round 2

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k + 2, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[4], ksc);

    MakeOddKey<2>(&m_rkeys[4], &m_rkeys[6]);

    // round 4

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[8], ksc);

    MakeOddKey<2>(&m_rkeys[8], &m_rkeys[10]);

    // round 6

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k + 2, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[12], ksc);

    MakeOddKey<2>(&m_rkeys[12], &m_rkeys[14]);

    // round 8

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[16], ksc);

    MakeOddKey<2>(&m_rkeys[16], &m_rkeys[18]);

    // round 10

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k + 2, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[20], ksc);

    MakeOddKey<2>(&m_rkeys[20], &m_rkeys[22]);

    // round 12

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[24], ksc);

    MakeOddKey<2>(&m_rkeys[24], &m_rkeys[26]);

    // round 14

    constant <<= 1;

    AddConstant<2>(ks, ksc, constant);

    AddKey<2>(k + 2, t2, ksc);

    G128(t2, t1, ksc);

    GL128(t1, &m_rkeys[28], ksc);

    if (!IsForwardTransformation())

        IMC128(&m_rkeys[26]);

        IMC128(&m_rkeys[24]);

        IMC128(&m_rkeys[22]);

        IMC128(&m_rkeys[20]);

        IMC128(&m_rkeys[18]);

        IMC128(&m_rkeys[16]);

        IMC128(&m_rkeys[14]);

        IMC128(&m_rkeys[12]);

        IMC128(&m_rkeys[10]);

        IMC128(&m_rkeys[8]);

        IMC128(&m_rkeys[6]);

        IMC128(&m_rkeys[4]);

        IMC128(&m_rkeys[2]);

void Kalyna256::Base::SetKey_44(const word64 key[4])

    word64 *ks = m_wspace+0, *ksc = m_wspace+4, *t1 = m_wspace+8;

    word64 *t2 = m_wspace+12, *k = m_wspace+16;

    std::memset(t1, 0, 32);

    t1[0] = (256 + 256 + 64) / 64;

    AddKey<4>(t1, t2, key);

    G256(t2, t1, key);

    GL256(t1, t2, key);

    G0256(t2, ks);

    word64 constant = W64LIT(0x0001000100010001);

    // round 0

    std::memcpy(k, key, 32);

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[0], ksc);

    MakeOddKey<4>(&m_rkeys[0], &m_rkeys[4]);

    // round 2

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[8], ksc);

    MakeOddKey<4>(&m_rkeys[8], &m_rkeys[12]);

    // round 4

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[16], ksc);

    MakeOddKey<4>(&m_rkeys[16], &m_rkeys[20]);

    // round 6

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[24], ksc);

    MakeOddKey<4>(&m_rkeys[24], &m_rkeys[28]);

    // round 8

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[32], ksc);

    MakeOddKey<4>(&m_rkeys[32], &m_rkeys[36]);

    // round 10

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[40], ksc);

    MakeOddKey<4>(&m_rkeys[40], &m_rkeys[44]);

    // round 12

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[48], ksc);

    MakeOddKey<4>(&m_rkeys[48], &m_rkeys[52]);

    // round 14

    SwapBlocks<4>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[56], ksc);

    if (!IsForwardTransformation())

        IMC256(&m_rkeys[52]);

        IMC256(&m_rkeys[48]);

        IMC256(&m_rkeys[44]);

        IMC256(&m_rkeys[40]);

        IMC256(&m_rkeys[36]);

        IMC256(&m_rkeys[32]);

        IMC256(&m_rkeys[28]);

        IMC256(&m_rkeys[24]);

        IMC256(&m_rkeys[20]);

        IMC256(&m_rkeys[16]);

        IMC256(&m_rkeys[12]);

        IMC256(&m_rkeys[8]);

        IMC256(&m_rkeys[4]);

void Kalyna256::Base::SetKey_48(const word64 key[8])

    word64 *ks = m_wspace+0, *ksc = m_wspace+4, *t1 = m_wspace+8, *t2 = m_wspace+12;

    word64 *k = m_wspace+16, *ka = m_wspace+24, *ko = m_wspace+28;

    std::memset(t1, 0, 4*8);

    t1[0] = (512 + 256 + 64) / 64;

    std::memcpy(ka, key, 32);

    std::memcpy(ko, key+4, 32);

    AddKey<4>(t1, t2, ka);

    G256(t2, t1, ko);

    GL256(t1, t2, ka);

    G0256(t2, ks);

    word64 constant = W64LIT(0x0001000100010001);

    // round 0

    std::memcpy(k, key, 512 / 8);

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[0], ksc);

    MakeOddKey<4>(&m_rkeys[0], &m_rkeys[4]);

    // round 2

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k+4, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[8], ksc);

    MakeOddKey<4>(&m_rkeys[8], &m_rkeys[12]);

    // round 4

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[16], ksc);

    MakeOddKey<4>(&m_rkeys[16], &m_rkeys[20]);

    // round 6

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k+4, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[24], ksc);

    MakeOddKey<4>(&m_rkeys[24], &m_rkeys[28]);

    // round 8

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[32], ksc);

    MakeOddKey<4>(&m_rkeys[32], &m_rkeys[36]);

    // round 10

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k+4, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[40], ksc);

    MakeOddKey<4>(&m_rkeys[40], &m_rkeys[44]);

    // round 12

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[48], ksc);

    MakeOddKey<4>(&m_rkeys[48], &m_rkeys[52]);

    // round 14

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k+4, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[56], ksc);

    MakeOddKey<4>(&m_rkeys[56], &m_rkeys[60]);

    // round 16

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[64], ksc);

    MakeOddKey<4>(&m_rkeys[64], &m_rkeys[68]);

    // round 18

    constant <<= 1;

    AddConstant<4>(ks, ksc, constant);

    AddKey<4>(k+4, t2, ksc);

    G256(t2, t1, ksc);

    GL256(t1, &m_rkeys[72], ksc);

    if (!IsForwardTransformation())

        IMC256(&m_rkeys[68]);

        IMC256(&m_rkeys[64]);

        IMC256(&m_rkeys[60]);

        IMC256(&m_rkeys[56]);

        IMC256(&m_rkeys[52]);

        IMC256(&m_rkeys[48]);

        IMC256(&m_rkeys[44]);

        IMC256(&m_rkeys[40]);

        IMC256(&m_rkeys[36]);

        IMC256(&m_rkeys[32]);

        IMC256(&m_rkeys[28]);

        IMC256(&m_rkeys[24]);

        IMC256(&m_rkeys[20]);

        IMC256(&m_rkeys[16]);

        IMC256(&m_rkeys[12]);

        IMC256(&m_rkeys[8]);

        IMC256(&m_rkeys[4]);

void Kalyna512::Base::SetKey_88(const word64 key[8])

    word64 *ks = m_wspace+0, *ksc = m_wspace+8, *t1 = m_wspace+16;

    word64 *t2 = m_wspace+24, *k = m_wspace+32;

    std::memset(t1, 0, 8*8);

    t1[0] = (512 + 512 + 64) / 64;

    AddKey<8>(t1, t2, key);

    G512(t2, t1, key);

    GL512(t1, t2, key);

    G0512(t2, ks);

    word64 constant = W64LIT(0x0001000100010001);

    // round 0

    std::memcpy(k, key, 512 / 8);

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[0], ksc);

    MakeOddKey<8>(&m_rkeys[0], &m_rkeys[8]);

    // round 2

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[16], ksc);

    MakeOddKey<8>(&m_rkeys[16], &m_rkeys[24]);

    // round 4

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[32], ksc);

    MakeOddKey<8>(&m_rkeys[32], &m_rkeys[40]);

    // round 6

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[48], ksc);

    MakeOddKey<8>(&m_rkeys[48], &m_rkeys[56]);

    // round 8

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[64], ksc);

    MakeOddKey<8>(&m_rkeys[64], &m_rkeys[72]);

    // round 10

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[80], ksc);

    MakeOddKey<8>(&m_rkeys[80], &m_rkeys[88]);

    // round 12

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[96], ksc);

    MakeOddKey<8>(&m_rkeys[96], &m_rkeys[104]);

    // round 14

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[112], ksc);

    MakeOddKey<8>(&m_rkeys[112], &m_rkeys[120]);

    // round 16

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[128], ksc);

    MakeOddKey<8>(&m_rkeys[128], &m_rkeys[136]);

    // round 18

    SwapBlocks<8>(k);

    constant <<= 1;

    AddConstant<8>(ks, ksc, constant);

    AddKey<8>(k, t2, ksc);

    G512(t2, t1, ksc);

    GL512(t1, &m_rkeys[144], ksc);

    if (!IsForwardTransformation())

        IMC512(&m_rkeys[136]); IMC512(&m_rkeys[128]); IMC512(&m_rkeys[120]); IMC512(&m_rkeys[112]);

        IMC512(&m_rkeys[104]); IMC512(&m_rkeys[ 96]); IMC512(&m_rkeys[ 88]); IMC512(&m_rkeys[ 80]);

        IMC512(&m_rkeys[ 72]); IMC512(&m_rkeys[ 64]); IMC512(&m_rkeys[ 56]); IMC512(&m_rkeys[ 48]);

        IMC512(&m_rkeys[ 40]); IMC512(&m_rkeys[ 32]); IMC512(&m_rkeys[ 24]); IMC512(&m_rkeys[ 16]);

        IMC512(&m_rkeys[  8]);

// *********************** ProcessAndXorBlock specializations *********************** //

void Kalyna128::Base::ProcessBlock_22(const byte* inBlock, const byte* xorBlock, byte* outBlock) const

    word64 *t1 = m_wspace+0, *t2 = m_wspace+2, *msg = m_wspace+4;

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef GetBlock<word64, LittleEndian, false> InBlock;

    InBlock iblk(inBlock);

    iblk(msg[0])(msg[1]);

    if (IsForwardTransformation())

        AddKey<2>(msg, t1, m_rkeys);

        G128(t1, t2, &m_rkeys[2]);   // 1

        G128(t2, t1, &m_rkeys[4]);   // 2

        G128(t1, t2, &m_rkeys[6]);   // 3

        G128(t2, t1, &m_rkeys[8]);   // 4

        G128(t1, t2, &m_rkeys[10]);  // 5

        G128(t2, t1, &m_rkeys[12]);  // 6

        G128(t1, t2, &m_rkeys[14]);  // 7

        G128(t2, t1, &m_rkeys[16]);  // 8

        G128(t1, t2, &m_rkeys[18]);  // 9

        GL128(t2, t1, &m_rkeys[20]); // 10

    else

        SubKey<2>(msg, t1, &m_rkeys[20]);

        IMC128(t1);

        IG128(t1, t2, &m_rkeys[18]);

        IG128(t2, t1, &m_rkeys[16]);

        IG128(t1, t2, &m_rkeys[14]);

        IG128(t2, t1, &m_rkeys[12]);

        IG128(t1, t2, &m_rkeys[10]);

        IG128(t2, t1, &m_rkeys[8]);

        IG128(t1, t2, &m_rkeys[6]);

        IG128(t2, t1, &m_rkeys[4]);

        IG128(t1, t2, &m_rkeys[2]);

        IGL128(t2, t1, &m_rkeys[0]);

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef PutBlock<word64, LittleEndian, false> OutBlock;

    OutBlock oblk(xorBlock, outBlock);

    oblk(t1[0])(t1[1]);

void Kalyna128::Base::ProcessBlock_24(const byte *inBlock, const byte *xorBlock, byte *outBlock) const

    word64 *t1 = m_wspace+0, *t2 = m_wspace+2, *msg = m_wspace+4;

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef GetBlock<word64, LittleEndian, false> InBlock;

    InBlock iblk(inBlock);

    iblk(msg[0])(msg[1]);

    if (IsForwardTransformation())

        AddKey<2>(msg, t1, m_rkeys);

        G128(t1, t2, &m_rkeys[ 2]); // 1

        G128(t2, t1, &m_rkeys[ 4]); // 2

        G128(t1, t2, &m_rkeys[ 6]); // 3

        G128(t2, t1, &m_rkeys[ 8]); // 4

        G128(t1, t2, &m_rkeys[10]); // 5

        G128(t2, t1, &m_rkeys[12]); // 6

        G128(t1, t2, &m_rkeys[14]); // 7

        G128(t2, t1, &m_rkeys[16]); // 8

        G128(t1, t2, &m_rkeys[18]); // 9

        G128(t2, t1, &m_rkeys[20]); // 10

        G128(t1, t2, &m_rkeys[22]); // 11

        G128(t2, t1, &m_rkeys[24]); // 12

        G128(t1, t2, &m_rkeys[26]); // 13

        GL128(t2, t1, &m_rkeys[28]); // 14

    else

        SubKey<2>(msg, t1, &m_rkeys[28]);

        IMC128(t1);

        IG128(t1, t2, &m_rkeys[26]);

        IG128(t2, t1, &m_rkeys[24]);

        IG128(t1, t2, &m_rkeys[22]);

        IG128(t2, t1, &m_rkeys[20]);

        IG128(t1, t2, &m_rkeys[18]);

        IG128(t2, t1, &m_rkeys[16]);

        IG128(t1, t2, &m_rkeys[14]);

        IG128(t2, t1, &m_rkeys[12]);

        IG128(t1, t2, &m_rkeys[10]);

        IG128(t2, t1, &m_rkeys[8]);

        IG128(t1, t2, &m_rkeys[6]);

        IG128(t2, t1, &m_rkeys[4]);

        IG128(t1, t2, &m_rkeys[2]);

        IGL128(t2, t1, &m_rkeys[0]);

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef PutBlock<word64, LittleEndian, false> OutBlock;

    OutBlock oblk(xorBlock, outBlock);

    oblk(t1[0])(t1[1]);

void Kalyna256::Base::ProcessBlock_44(const byte *inBlock, const byte *xorBlock, byte *outBlock) const

    word64 *t1 = m_wspace+0, *t2 = m_wspace+4, *msg = m_wspace+8;

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef GetBlock<word64, LittleEndian, false> InBlock;

    InBlock iblk(inBlock);

    iblk(msg[0])(msg[1])(msg[2])(msg[3]);

    if (IsForwardTransformation())

        AddKey<4>(msg, t1, m_rkeys);

        G256(t1, t2, &m_rkeys[4]); // 1

        G256(t2, t1, &m_rkeys[8]); // 2

        G256(t1, t2, &m_rkeys[12]); // 3

        G256(t2, t1, &m_rkeys[16]); // 4

        G256(t1, t2, &m_rkeys[20]); // 5

        G256(t2, t1, &m_rkeys[24]); // 6

        G256(t1, t2, &m_rkeys[28]); // 7

        G256(t2, t1, &m_rkeys[32]); // 8

        G256(t1, t2, &m_rkeys[36]); // 9

        G256(t2, t1, &m_rkeys[40]); // 10

        G256(t1, t2, &m_rkeys[44]); // 11

        G256(t2, t1, &m_rkeys[48]); // 12

        G256(t1, t2, &m_rkeys[52]); // 13

        GL256(t2, t1, &m_rkeys[56]); // 14

    else

        SubKey<4>(msg, t1, &m_rkeys[56]);

        IMC256(t1);

        IG256(t1, t2, &m_rkeys[52]);

        IG256(t2, t1, &m_rkeys[48]);

        IG256(t1, t2, &m_rkeys[44]);

        IG256(t2, t1, &m_rkeys[40]);

        IG256(t1, t2, &m_rkeys[36]);

        IG256(t2, t1, &m_rkeys[32]);

        IG256(t1, t2, &m_rkeys[28]);

        IG256(t2, t1, &m_rkeys[24]);

        IG256(t1, t2, &m_rkeys[20]);

        IG256(t2, t1, &m_rkeys[16]);

        IG256(t1, t2, &m_rkeys[12]);

        IG256(t2, t1, &m_rkeys[8]);

        IG256(t1, t2, &m_rkeys[4]);

        IGL256(t2, t1, &m_rkeys[0]);

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef PutBlock<word64, LittleEndian, false> OutBlock;

    OutBlock oblk(xorBlock, outBlock);

    oblk(t1[0])(t1[1])(t1[2])(t1[3]);

void Kalyna256::Base::ProcessBlock_48(const byte *inBlock, const byte *xorBlock, byte *outBlock) const

    word64 *t1 = m_wspace+0, *t2 = m_wspace+4, *msg = m_wspace+8;

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef GetBlock<word64, LittleEndian, false> InBlock;

    InBlock iblk(inBlock);

    iblk(msg[0])(msg[1])(msg[2])(msg[3]);

    if (IsForwardTransformation())

        AddKey<4>(msg, t1, m_rkeys);

        G256(t1, t2, &m_rkeys[4]); // 1

        G256(t2, t1, &m_rkeys[8]); // 2

        G256(t1, t2, &m_rkeys[12]); // 3

        G256(t2, t1, &m_rkeys[16]); // 4

        G256(t1, t2, &m_rkeys[20]); // 5

        G256(t2, t1, &m_rkeys[24]); // 6

        G256(t1, t2, &m_rkeys[28]); // 7

        G256(t2, t1, &m_rkeys[32]); // 8

        G256(t1, t2, &m_rkeys[36]); // 9

        G256(t2, t1, &m_rkeys[40]); // 10

        G256(t1, t2, &m_rkeys[44]); // 11

        G256(t2, t1, &m_rkeys[48]); // 12

        G256(t1, t2, &m_rkeys[52]); // 13

        G256(t2, t1, &m_rkeys[56]); // 14

        G256(t1, t2, &m_rkeys[60]); // 15

        G256(t2, t1, &m_rkeys[64]); // 16

        G256(t1, t2, &m_rkeys[68]); // 17

        GL256(t2, t1, &m_rkeys[72]); // 18

    else

        SubKey<4>(msg, t1, &m_rkeys[72]);

        IMC256(t1);

        IG256(t1, t2, &m_rkeys[68]);

        IG256(t2, t1, &m_rkeys[64]);

        IG256(t1, t2, &m_rkeys[60]);

        IG256(t2, t1, &m_rkeys[56]);

        IG256(t1, t2, &m_rkeys[52]);

        IG256(t2, t1, &m_rkeys[48]);

        IG256(t1, t2, &m_rkeys[44]);

        IG256(t2, t1, &m_rkeys[40]);

        IG256(t1, t2, &m_rkeys[36]);

        IG256(t2, t1, &m_rkeys[32]);

        IG256(t1, t2, &m_rkeys[28]);

        IG256(t2, t1, &m_rkeys[24]);

        IG256(t1, t2, &m_rkeys[20]);

        IG256(t2, t1, &m_rkeys[16]);

        IG256(t1, t2, &m_rkeys[12]);

        IG256(t2, t1, &m_rkeys[8]);

        IG256(t1, t2, &m_rkeys[4]);

        IGL256(t2, t1, &m_rkeys[0]);

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef PutBlock<word64, LittleEndian, false> OutBlock;

    OutBlock oblk(xorBlock, outBlock);

    oblk(t1[0])(t1[1])(t1[2])(t1[3]);

void Kalyna512::Base::ProcessBlock_88(const byte *inBlock, const byte *xorBlock, byte *outBlock) const

    word64 *t1 = m_wspace+0, *t2 = m_wspace+8, *msg = m_wspace+16;

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef GetBlock<word64, LittleEndian, false> InBlock;

    InBlock iblk(inBlock);

    iblk(msg[0])(msg[1])(msg[2])(msg[3])(msg[4])(msg[5])(msg[6])(msg[7]);

    if (IsForwardTransformation())

        AddKey<8>(msg, t1, m_rkeys);

        G512(t1, t2, &m_rkeys[8]); // 1

        G512(t2, t1, &m_rkeys[16]); // 2

        G512(t1, t2, &m_rkeys[24]); // 3

        G512(t2, t1, &m_rkeys[32]); // 4

        G512(t1, t2, &m_rkeys[40]); // 5

        G512(t2, t1, &m_rkeys[48]); // 6

        G512(t1, t2, &m_rkeys[56]); // 7

        G512(t2, t1, &m_rkeys[64]); // 8

        G512(t1, t2, &m_rkeys[72]); // 9

        G512(t2, t1, &m_rkeys[80]); // 10

        G512(t1, t2, &m_rkeys[88]); // 11

        G512(t2, t1, &m_rkeys[96]); // 12

        G512(t1, t2, &m_rkeys[104]); // 13

        G512(t2, t1, &m_rkeys[112]); // 14

        G512(t1, t2, &m_rkeys[120]); // 15

        G512(t2, t1, &m_rkeys[128]); // 16

        G512(t1, t2, &m_rkeys[136]); // 17

        GL512(t2, t1, &m_rkeys[144]); // 18

    else

        SubKey<8>(msg, t1, &m_rkeys[144]);

        IMC512(t1);

        IG512(t1, t2, &m_rkeys[136]);

        IG512(t2, t1, &m_rkeys[128]);

        IG512(t1, t2, &m_rkeys[120]);

        IG512(t2, t1, &m_rkeys[112]);

        IG512(t1, t2, &m_rkeys[104]);

        IG512(t2, t1, &m_rkeys[96]);

        IG512(t1, t2, &m_rkeys[88]);

        IG512(t2, t1, &m_rkeys[80]);

        IG512(t1, t2, &m_rkeys[72]);

        IG512(t2, t1, &m_rkeys[64]);

        IG512(t1, t2, &m_rkeys[56]);

        IG512(t2, t1, &m_rkeys[48]);

        IG512(t1, t2, &m_rkeys[40]);

        IG512(t2, t1, &m_rkeys[32]);

        IG512(t1, t2, &m_rkeys[24]);

        IG512(t2, t1, &m_rkeys[16]);

        IG512(t1, t2, &m_rkeys[8]);

        IGL512(t2, t1, &m_rkeys[0]);

    // Reverse bytes on BigEndian; Align pointer on LittleEndian

    typedef PutBlock<word64, LittleEndian, false> OutBlock;

    OutBlock oblk(xorBlock, outBlock);

    oblk(t1[0])(t1[1])(t1[2])(t1[3])(t1[4])(t1[5])(t1[6])(t1[7]);

// *********************** Library routines *********************** //

void Kalyna128::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params)

    CRYPTOPP_UNUSED(params);

    m_nb = static_cast<unsigned int>(16U / sizeof(word64));

    m_nk = static_cast<unsigned int>(keylen / sizeof(word64));

    switch (keylen)

    case 16:  // 128

        m_kl = 16;

        m_mkey.New(2);

        m_rkeys.New(11*2);

        m_wspace.New(2*6);

        GetUserKey(LITTLE_ENDIAN_ORDER, m_mkey.begin(), 2, key, 16);

        SetKey_22(m_mkey.begin());

        break;

    case 32:  // 256

        m_kl = 32;

        m_mkey.New(4);

        m_rkeys.New(15*2);

        m_wspace.New(6*2+4);

        GetUserKey(LITTLE_ENDIAN_ORDER, m_mkey.begin(), 4, key, 32);

        SetKey_24(m_mkey.begin());

        break;

    default:

        CRYPTOPP_ASSERT(0);

void Kalyna128::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const

    // Timing attack countermeasure. see comments in Rijndael for more details

    const int cacheLineSize = GetCacheLineSize();

    volatile word64 _u = 0;

    word64 u = _u;

    const byte* p = reinterpret_cast<const byte*>(KalynaTab::S);

    for (unsigned int i=0; i<256; i+=cacheLineSize)

        u ^= *reinterpret_cast<const word64*>(p+i);

    m_wspace[0] = u;

    switch ((m_nb << 8) | m_nk)

    case (2 << 8) | 2:

        ProcessBlock_22(inBlock, xorBlock, outBlock);

        break;

    case (2 << 8) | 4:

        ProcessBlock_24(inBlock, xorBlock, outBlock);

        break;

    default:

        CRYPTOPP_ASSERT(0);

void Kalyna256::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params)

    CRYPTOPP_UNUSED(params);

    m_nb = static_cast<unsigned int>(32U / sizeof(word64));

    m_nk = static_cast<unsigned int>(keylen / sizeof(word64));

    switch (keylen)

    case 32:  // 256

        m_kl = 32;

        m_mkey.New(4);

        m_rkeys.New(15*4);

        m_wspace.New(5*4);

        GetUserKey(LITTLE_ENDIAN_ORDER, m_mkey.begin(), 4, key, 32);

        SetKey_44(m_mkey.begin());

        break;

    case 64:  // 512

        m_kl = 64;

        m_mkey.New(8);

        m_rkeys.New(19*4);

        m_wspace.New(6*4+8);

        GetUserKey(LITTLE_ENDIAN_ORDER, m_mkey.begin(), 8, key, 64);

        SetKey_48(m_mkey.begin());

        break;

    default:

        CRYPTOPP_ASSERT(0);

void Kalyna256::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const

    // Timing attack countermeasure. see comments in Rijndael for more details

    const int cacheLineSize = GetCacheLineSize();

    volatile word64 _u = 0;

    word64 u = _u;

    const byte* p = reinterpret_cast<const byte*>(KalynaTab::S);

    for (unsigned int i=0; i<256; i+=cacheLineSize)

        u ^= *reinterpret_cast<const word64*>(p+i);

    m_wspace[0] = u;

    switch ((m_nb << 8) | m_nk)

    case (4 << 8) | 4:

        ProcessBlock_44(inBlock, xorBlock, outBlock);

        break;

    case (4 << 8) | 8:

        ProcessBlock_48(inBlock, xorBlock, outBlock);

        break;

    default:

        CRYPTOPP_ASSERT(0);

void Kalyna512::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs &params)

    CRYPTOPP_UNUSED(params);

    m_nb = static_cast<unsigned int>(64U / sizeof(word64));

    m_nk = static_cast<unsigned int>(keylen / sizeof(word64));

    switch (keylen)

    case 64:  // 512

        m_kl = 64;

        m_nb = static_cast<unsigned int>(64U / sizeof(word64));

        m_nk = static_cast<unsigned int>(keylen / sizeof(word64));

        m_mkey.New(8);

        m_rkeys.New(19*8);

        m_wspace.New(5*8);

        GetUserKey(LITTLE_ENDIAN_ORDER, m_mkey.begin(), 8, key, 64);

        SetKey_88(m_mkey.begin());

        break;

    default:

        CRYPTOPP_ASSERT(0);

void Kalyna512::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const

    // Timing attack countermeasure. see comments in Rijndael for more details

    const int cacheLineSize = GetCacheLineSize();

    volatile word64 _u = 0;

    word64 u = _u;

    const byte* p = reinterpret_cast<const byte*>(KalynaTab::S);

    for (unsigned int i=0; i<256; i+=cacheLineSize)

        u ^= *reinterpret_cast<const word64*>(p+i);

    m_wspace[0] = u;

    ProcessBlock_88(inBlock, xorBlock, outBlock);

NAMESPACE_END

Coverage Report

Created: 2024-11-21 07:03