📄 twofish.c
字号:
(c) = (((c) << 1)+((c) >> 31)); \ (c) ^= (x + ctx->k[2 * (n)])/* Encryption and decryption cycles; each one is simply two Feistel rounds * with the 32-bit chunks re-ordered to simulate the "swap" */#define ENCCYCLE(n) \ ENCROUND (2 * (n), a, b, c, d); \ ENCROUND (2 * (n) + 1, c, d, a, b)#define DECCYCLE(n) \ DECROUND (2 * (n) + 1, c, d, a, b); \ DECROUND (2 * (n), a, b, c, d)/* Macros to convert the input and output bytes into 32-bit words, * and simultaneously perform the whitening step. INPACK packs word * number n into the variable named by x, using whitening subkey number m. * OUTUNPACK unpacks word number n from the variable named by x, using * whitening subkey number m. */#define INPACK(n, x, m) \ x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \ ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]#define OUTUNPACK(n, x, m) \ x ^= ctx->w[m]; \ out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \ out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24#define TF_MIN_KEY_SIZE 16#define TF_MAX_KEY_SIZE 32#define TF_BLOCK_SIZE 16/* Structure for an expanded Twofish key. s contains the key-dependent * S-boxes composed with the MDS matrix; w contains the eight "whitening" * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note * that k[i] corresponds to what the Twofish paper calls K[i+8]. */struct twofish_ctx { u32 s[4][256], w[8], k[32];};/* Perform the key setup. */static int twofish_setkey(void *cx, const u8 *key, unsigned int key_len, u32 *flags){ struct twofish_ctx *ctx = cx; int i, j, k; /* Temporaries for CALC_K. */ u32 x, y; /* The S vector used to key the S-boxes, split up into individual bytes. * 128-bit keys use only sa through sh; 256-bit use all of them. */ u8 sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0; u8 si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0; /* Temporary for CALC_S. */ u8 tmp; /* Check key length. */ if (key_len != 16 && key_len != 24 && key_len != 32) { *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; return -EINVAL; /* unsupported key length */ } /* Compute the first two words of the S vector. The magic numbers are * the entries of the RS matrix, preprocessed through poly_to_exp. The * numbers in the comments are the original (polynomial form) matrix * entries. */ CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ if (key_len == 24 || key_len == 32) { /* 192- or 256-bit key */ /* Calculate the third word of the S vector */ CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ } if (key_len == 32) { /* 256-bit key */ /* Calculate the fourth word of the S vector */ CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ /* Compute the S-boxes. */ for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); } /* Calculate whitening and round subkeys. The constants are * indices of subkeys, preprocessed through q0 and q1. */ CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3); CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B); CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD); CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71); CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F); CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B); CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA); CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F); CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00); CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); } else if (key_len == 24) { /* 192-bit key */ /* Compute the S-boxes. */ for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); } /* Calculate whitening and round subkeys. The constants are * indices of subkeys, preprocessed through q0 and q1. */ CALC_K192 (w, 0, 0xA9, 0x75, 0x67, 0xF3); CALC_K192 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); CALC_K192 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); CALC_K192 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); CALC_K192 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); CALC_K192 (k, 2, 0x80, 0xE6, 0x78, 0x6B); CALC_K192 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); CALC_K192 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); CALC_K192 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); CALC_K192 (k, 10, 0x35, 0xD8, 0x98, 0xFD); CALC_K192 (k, 12, 0x18, 0x37, 0xF7, 0x71); CALC_K192 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); CALC_K192 (k, 16, 0x43, 0x30, 0x75, 0x0F); CALC_K192 (k, 18, 0x37, 0xF8, 0x26, 0x1B); CALC_K192 (k, 20, 0xFA, 0x87, 0x13, 0xFA); CALC_K192 (k, 22, 0x94, 0x06, 0x48, 0x3F); CALC_K192 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); CALC_K192 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); CALC_K192 (k, 28, 0x84, 0x8A, 0x54, 0x00); CALC_K192 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); } else { /* 128-bit key */ /* Compute the S-boxes. */ for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); } /* Calculate whitening and round subkeys. The constants are * indices of subkeys, preprocessed through q0 and q1. */ CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3); CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B); CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8); CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3); CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B); CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D); CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B); CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32); CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD); CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71); CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F); CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B); CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA); CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F); CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B); CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00); CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D); } return 0;}/* Encrypt one block. in and out may be the same. */static void twofish_encrypt(void *cx, u8 *out, const u8 *in){ struct twofish_ctx *ctx = cx; /* The four 32-bit chunks of the text. */ u32 a, b, c, d; /* Temporaries used by the round function. */ u32 x, y; /* Input whitening and packing. */ INPACK (0, a, 0); INPACK (1, b, 1); INPACK (2, c, 2); INPACK (3, d, 3); /* Encryption Feistel cycles. */ ENCCYCLE (0); ENCCYCLE (1); ENCCYCLE (2); ENCCYCLE (3); ENCCYCLE (4); ENCCYCLE (5); ENCCYCLE (6); ENCCYCLE (7); /* Output whitening and unpacking. */ OUTUNPACK (0, c, 4); OUTUNPACK (1, d, 5); OUTUNPACK (2, a, 6); OUTUNPACK (3, b, 7); }/* Decrypt one block. in and out may be the same. */static void twofish_decrypt(void *cx, u8 *out, const u8 *in){ struct twofish_ctx *ctx = cx; /* The four 32-bit chunks of the text. */ u32 a, b, c, d; /* Temporaries used by the round function. */ u32 x, y; /* Input whitening and packing. */ INPACK (0, c, 4); INPACK (1, d, 5); INPACK (2, a, 6); INPACK (3, b, 7); /* Encryption Feistel cycles. */ DECCYCLE (7); DECCYCLE (6); DECCYCLE (5); DECCYCLE (4); DECCYCLE (3); DECCYCLE (2); DECCYCLE (1); DECCYCLE (0); /* Output whitening and unpacking. */ OUTUNPACK (0, a, 0); OUTUNPACK (1, b, 1); OUTUNPACK (2, c, 2); OUTUNPACK (3, d, 3);}static struct crypto_alg alg = { .cra_name = "twofish", .cra_flags = CRYPTO_ALG_TYPE_CIPHER, .cra_blocksize = TF_BLOCK_SIZE, .cra_ctxsize = sizeof(struct twofish_ctx), .cra_module = THIS_MODULE, .cra_list = LIST_HEAD_INIT(alg.cra_list), .cra_u = { .cipher = { .cia_min_keysize = TF_MIN_KEY_SIZE, .cia_max_keysize = TF_MAX_KEY_SIZE, .cia_setkey = twofish_setkey, .cia_encrypt = twofish_encrypt, .cia_decrypt = twofish_decrypt } }};static int __init init(void){ return crypto_register_alg(&alg);}static void __exit fini(void){ crypto_unregister_alg(&alg);}module_init(init);module_exit(fini);MODULE_LICENSE("GPL");MODULE_DESCRIPTION ("Twofish Cipher Algorithm");⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -