📄 twofish2.c
字号:
for (i=0;i<256;i++)
{
m1[0]=P8x8[0][i]; /* compute all the matrix elements */
mX[0]=(BYTE) Mul_X(m1[0]);
mY[0]=(BYTE) Mul_Y(m1[0]);
m1[1]=P8x8[1][i];
mX[1]=(BYTE) Mul_X(m1[1]);
mY[1]=(BYTE) Mul_Y(m1[1]);
#undef Mul_1 /* change what the pre-processor does with Mij */
#undef Mul_X
#undef Mul_Y
#define Mul_1 m1 /* It will now access m01[], m5B[], and mEF[] */
#define Mul_X mX
#define Mul_Y mY
#define SetMDS(N) \
b0(d) = M0##N[P_##N##0]; \
b1(d) = M1##N[P_##N##0]; \
b2(d) = M2##N[P_##N##0]; \
b3(d) = M3##N[P_##N##0]; \
MDStab[N][i] = d;
SetMDS(0); /* fill in the matrix with elements computed above */
SetMDS(1);
SetMDS(2);
SetMDS(3);
}
#undef Mul_1
#undef Mul_X
#undef Mul_Y
#define Mul_1 Mx_1 /* re-enable true multiply */
#define Mul_X Mx_X
#define Mul_Y Mx_Y
#if BIG_TAB
{
int j,k;
BYTE *q0,*q1;
for (i=0;i<4;i++)
{
switch (i)
{
case 0: q0=p8(01); q1=p8(02); break;
case 1: q0=p8(11); q1=p8(12); break;
case 2: q0=p8(21); q1=p8(22); break;
case 3: q0=p8(31); q1=p8(32); break;
}
for (j=0;j<256;j++)
for (k=0;k<256;k++)
bigTab[i][j][k]=q0[q1[k]^j];
}
}
#endif
needToBuildMDS=0; /* NEVER modify the table again! */
}
/*
+*****************************************************************************
*
* Function Name: ReverseRoundSubkeys
*
* Function: Reverse order of round subkeys to switch between encrypt/decrypt
*
* Arguments: key = ptr to keyInstance to be reversed
* newDir = new direction value
*
* Return: None.
*
* Notes:
* This optimization allows both blockEncrypt and blockDecrypt to use the same
* "fallthru" switch statement based on the number of rounds.
* Note that key->numRounds must be even and >= 2 here.
*
-****************************************************************************/
void ReverseRoundSubkeys(keyInstance *key,BYTE newDir)
{
DWORD t0,t1;
register DWORD *r0=key->subKeys+ROUND_SUBKEYS;
register DWORD *r1=r0 + 2*key->numRounds - 2;
for (;r0 < r1;r0+=2,r1-=2)
{
t0=r0[0]; /* swap the order */
t1=r0[1];
r0[0]=r1[0]; /* but keep relative order within pairs */
r0[1]=r1[1];
r1[0]=t0;
r1[1]=t1;
}
key->direction=newDir;
}
/*
+*****************************************************************************
*
* Function Name: Xor256
*
* Function: Copy an 8-bit permutation (256 bytes), xoring with a byte
*
* Arguments: dst = where to put result
* src = where to get data (can be same asa dst)
* b = byte to xor
*
* Return: None
*
* Notes:
* BorlandC's optimization is terrible! When we put the code inline,
* it generates fairly good code in the *following* segment (not in the Xor256
* code itself). If the call is made, the code following the call is awful!
* The penalty is nearly 50%! So we take the code size hit for inlining for
* Borland, while Microsoft happily works with a call.
*
-****************************************************************************/
#if defined(__BORLANDC__) /* do it inline */
#define Xor32(dst,src,i) { ((DWORD *)dst)[i] = ((DWORD *)src)[i] ^ tmpX; }
#define Xor256(dst,src,b) \
{ \
register DWORD tmpX=0x01010101u * b;\
for (i=0;i<64;i+=4) \
{ Xor32(dst,src,i ); Xor32(dst,src,i+1); Xor32(dst,src,i+2); Xor32(dst,src,i+3); } \
}
#else /* do it as a function call */
void Xor256(void *dst,void *src,BYTE b)
{
register DWORD x=b*0x01010101u; /* replicate byte to all four bytes */
register DWORD *d=(DWORD *)dst;
register DWORD *s=(DWORD *)src;
#define X_8(N) { d[N]=s[N] ^ x; d[N+1]=s[N+1] ^ x; }
#define X_32(N) { X_8(N); X_8(N+2); X_8(N+4); X_8(N+6); }
X_32(0 ); X_32( 8); X_32(16); X_32(24); /* all inline */
d+=32; /* keep offsets small! */
s+=32;
X_32(0 ); X_32( 8); X_32(16); X_32(24); /* all inline */
}
#endif
/*
+*****************************************************************************
*
* Function Name: reKey
*
* Function: Initialize the Twofish key schedule from key32
*
* Arguments: key = ptr to keyInstance to be initialized
*
* Return: TRUE on success
*
* Notes:
* Here we precompute all the round subkeys, although that is not actually
* required. For example, on a smartcard, the round subkeys can
* be generated on-the-fly using f32()
*
-****************************************************************************/
int reKey(keyInstance *key)
{
int i,j,k64Cnt,keyLen;
int subkeyCnt;
DWORD A=0,B=0,q;
DWORD sKey[MAX_KEY_BITS/64],k32e[MAX_KEY_BITS/64],k32o[MAX_KEY_BITS/64];
BYTE L0[256],L1[256]; /* small local 8-bit permutations */
#if VALIDATE_PARMS
#if ALIGN32
if (((int)key) & 3)
return BAD_ALIGN32;
if ((key->keyLen % 64) || (key->keyLen < MIN_KEY_BITS))
return BAD_KEY_INSTANCE;
#endif
#endif
if (needToBuildMDS) /* do this one time only */
BuildMDS();
#define F32(res,x,k32) \
{ \
DWORD t=x; \
switch (k64Cnt & 3) \
{ \
case 0: /* same as 4 */ \
b0(t) = p8(04)[b0(t)] ^ b0(k32[3]); \
b1(t) = p8(14)[b1(t)] ^ b1(k32[3]); \
b2(t) = p8(24)[b2(t)] ^ b2(k32[3]); \
b3(t) = p8(34)[b3(t)] ^ b3(k32[3]); \
/* fall thru, having pre-processed t */ \
case 3: b0(t) = p8(03)[b0(t)] ^ b0(k32[2]); \
b1(t) = p8(13)[b1(t)] ^ b1(k32[2]); \
b2(t) = p8(23)[b2(t)] ^ b2(k32[2]); \
b3(t) = p8(33)[b3(t)] ^ b3(k32[2]); \
/* fall thru, having pre-processed t */ \
case 2: /* 128-bit keys (optimize for this case) */ \
res= MDStab[0][p8(01)[p8(02)[b0(t)] ^ b0(k32[1])] ^ b0(k32[0])] ^ \
MDStab[1][p8(11)[p8(12)[b1(t)] ^ b1(k32[1])] ^ b1(k32[0])] ^ \
MDStab[2][p8(21)[p8(22)[b2(t)] ^ b2(k32[1])] ^ b2(k32[0])] ^ \
MDStab[3][p8(31)[p8(32)[b3(t)] ^ b3(k32[1])] ^ b3(k32[0])] ; \
} \
}
#if !CHECK_TABLE
#if defined(USE_ASM) /* only do this if not using assember */
if (!(useAsm & 4))
#endif
#endif
{
subkeyCnt = ROUND_SUBKEYS + 2*key->numRounds;
keyLen=key->keyLen;
k64Cnt=(keyLen+63)/64; /* number of 64-bit key words */
for (i=0,j=k64Cnt-1;i<k64Cnt;i++,j--)
{ /* split into even/odd key dwords */
k32e[i]=key->key32[2*i ];
k32o[i]=key->key32[2*i+1];
/* compute S-box keys using (12,8) Reed-Solomon code over GF(256) */
sKey[j]=key->sboxKeys[j]=RS_MDS_Encode(k32e[i],k32o[i]); /* reverse order */
}
}
#ifdef USE_ASM
if (useAsm & 4)
{
#if defined(COMPILE_KEY) && defined(USE_ASM)
key->keySig = VALID_SIG; /* show that we are initialized */
key->codeSize = sizeof(key->compiledCode); /* set size */
#endif
reKey_86(key);
}
else
#endif
{
for (i=q=0;i<subkeyCnt/2;i++,q+=SK_STEP)
{ /* compute round subkeys for PHT */
F32(A,q ,k32e); /* A uses even key dwords */
F32(B,q+SK_BUMP,k32o); /* B uses odd key dwords */
B = ROL(B,8);
key->subKeys[2*i ] = A+B; /* combine with a PHT */
B = A + 2*B;
key->subKeys[2*i+1] = ROL(B,SK_ROTL);
}
#if !defined(ZERO_KEY)
switch (keyLen) /* case out key length for speed in generating S-boxes */
{
case 128:
#if defined(FULL_KEY) || defined(PART_KEY)
#if BIG_TAB
#define one128(N,J) sbSet(N,i,J,L0[i+J])
#define sb128(N) { \
BYTE *qq=bigTab[N][b##N(sKey[1])]; \
Xor256(L0,qq,b##N(sKey[0])); \
for (i=0;i<256;i+=2) { one128(N,0); one128(N,1); } }
#else
#define one128(N,J) sbSet(N,i,J,p8(N##1)[L0[i+J]]^k0)
#define sb128(N) { \
Xor256(L0,p8(N##2),b##N(sKey[1])); \
{ register DWORD k0=b##N(sKey[0]); \
for (i=0;i<256;i+=2) { one128(N,0); one128(N,1); } } }
#endif
#elif defined(MIN_KEY)
#define sb128(N) Xor256(_sBox8_(N),p8(N##2),b##N(sKey[1]))
#endif
sb128(0); sb128(1); sb128(2); sb128(3);
break;
case 192:
#if defined(FULL_KEY) || defined(PART_KEY)
#define one192(N,J) sbSet(N,i,J,p8(N##1)[p8(N##2)[L0[i+J]]^k1]^k0)
#define sb192(N) { \
Xor256(L0,p8(N##3),b##N(sKey[2])); \
{ register DWORD k0=b##N(sKey[0]); \
register DWORD k1=b##N(sKey[1]); \
for (i=0;i<256;i+=2) { one192(N,0); one192(N,1); } } }
#elif defined(MIN_KEY)
#define one192(N,J) sbSet(N,i,J,p8(N##2)[L0[i+J]]^k1)
#define sb192(N) { \
Xor256(L0,p8(N##3),b##N(sKey[2])); \
{ register DWORD k1=b##N(sKey[1]); \
for (i=0;i<256;i+=2) { one192(N,0); one192(N,1); } } }
#endif
sb192(0); sb192(1); sb192(2); sb192(3);
break;
case 256:
#if defined(FULL_KEY) || defined(PART_KEY)
#define one256(N,J) sbSet(N,i,J,p8(N##1)[p8(N##2)[L0[i+J]]^k1]^k0)
#define sb256(N) { \
Xor256(L1,p8(N##4),b##N(sKey[3])); \
for (i=0;i<256;i+=2) {L0[i ]=p8(N##3)[L1[i]]; \
L0[i+1]=p8(N##3)[L1[i+1]]; } \
Xor256(L0,L0,b##N(sKey[2])); \
{ register DWORD k0=b##N(sKey[0]); \
register DWORD k1=b##N(sKey[1]); \
for (i=0;i<256;i+=2) { one256(N,0); one256(N,1); } } }
#elif defined(MIN_KEY)
#define one256(N,J) sbSet(N,i,J,p8(N##2)[L0[i+J]]^k1)
#define sb256(N) { \
Xor256(L1,p8(N##4),b##N(sKey[3])); \
for (i=0;i<256;i+=2) {L0[i ]=p8(N##3)[L1[i]]; \
L0[i+1]=p8(N##3)[L1[i+1]]; } \
Xor256(L0,L0,b##N(sKey[2])); \
{ register DWORD k1=b##N(sKey[1]); \
for (i=0;i<256;i+=2) { one256(N,0); one256(N,1); } } }
#endif
sb256(0); sb256(1); sb256(2); sb256(3);
break;
}
#endif
}
#if CHECK_TABLE /* sanity check vs. pedagogical code*/
{
GetSboxKey;
for (i=0;i<subkeyCnt/2;i++)
{
A = f32(i*SK_STEP ,k32e,keyLen); /* A uses even key dwords */
B = f32(i*SK_STEP+SK_BUMP,k32o,keyLen); /* B uses odd key dwords */
B = ROL(B,8);
assert(key->subKeys[2*i ] == A+ B);
assert(key->subKeys[2*i+1] == ROL(A+2*B,SK_ROTL));
}
#if !defined(ZERO_KEY) /* any S-boxes to check? */
for (i=q=0;i<256;i++,q+=0x01010101)
assert(f32(q,key->sboxKeys,keyLen) == Fe32_(q,0));
#endif
}
#endif /* CHECK_TABLE */
DebugDumpKey(key);
if (key->direction == DIR_ENCRYPT)
ReverseRoundSubkeys(key,DIR_ENCRYPT); /* reverse the round subkey order */
return TRUE;
}
/*
+*****************************************************************************
*
* Function Name: makeKey
*
* Function: Initialize the Twofish key schedule
*
* Arguments: key = ptr to keyInstance to be initialized
* direction = DIR_ENCRYPT or DIR_DECRYPT
* keyLen = # bits of key text at *keyMaterial
* keyMaterial = ptr to hex ASCII chars representing key bits
*
* Return: TRUE on success
* else error code (e.g., BAD_KEY_DIR)
*
* Notes: This parses the key bits from keyMaterial. Zeroes out unused key bits
*
-****************************************************************************/
int makeKey(keyInstance *key, BYTE direction, int keyLen,CONST char *keyMaterial)
{
#if VALIDATE_PARMS /* first, sanity check on parameters */
if (key == NULL)
return BAD_KEY_INSTANCE;/* must have a keyInstance to initialize */
if ((direction != DIR_ENCRYPT) && (direction != DIR_DECRYPT))
return BAD_KEY_DIR; /* must have valid direction */
if ((keyLen > MAX_KEY_BITS) || (keyLen < 8) || (keyLen & 0x3F))
return BAD_KEY_MAT; /* length must be valid */
key->keySig = VALID_SIG; /* show that we are initialized */
#if ALIGN32
if ((((int)key) & 3) || (((int)key->key32) & 3))
return BAD_ALIGN32;
#endif
#endif
key->direction = direction;/* set our cipher direction */
key->keyLen = (keyLen+63) & ~63; /* round up to multiple of 64 */
key->numRounds = numRounds[(keyLen-1)/64];
memset(key->key32,0,sizeof(key->key32)); /* zero unused bits */
key->keyMaterial[MAX_KEY_SIZE]=0; /* terminate ASCII string */
if ((keyMaterial == NULL) || (keyMaterial[0]==0))
return TRUE; /* allow a "dummy" call */
if (ParseHexDword(keyLen,keyMaterial,key->key32,key->keyMaterial))
return BAD_KEY_MAT;
return reKey(key); /* generate round subkeys */
}
/*
+*****************************************************************************
*
* Function Name: cipherInit
*
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -