twofish.c

文件驱动加密,功能强大,可产生加密分区,支持AES,MD2,MD4,MD5MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1, SHA-224, SHA-256,

#ifdef  MK_TABLE

#ifdef  ONE_STEP
STATIC u4byte  mk_tab[4][256];
#else
STATIC u1byte  sb[4][256];
#endif

#define q2(x,n) q8(q8(x, 2, n), 1, n)
#define q3(x,n) q8(q8(q8(x, 3, n), 2, n), 1, n)
#define q4(x,n) q8(q8(q8(q8(x, 4, n), 3 ,n), 2, n), 1, n)

STATIC void gen_mk_tab(u4byte key[], u4byte k_len)
{   u4byte  i;
    u1byte  by;

    switch(k_len)
    {
    case 2: for(i = 0; i < 256; ++i)
            {
                by = (u1byte)i;
#ifdef ONE_STEP
                mk_tab[0][i] = mds(0, q2(by, 0)); mk_tab[1][i] = mds(1, q2(by, 1));
                mk_tab[2][i] = mds(2, q2(by, 2)); mk_tab[3][i] = mds(3, q2(by, 3));
#else
                sb[0][i] = q2(by, 0); sb[1][i] = q2(by, 1);
                sb[2][i] = q2(by, 2); sb[3][i] = q2(by, 3);
#endif
            }
            break;

    case 3: for(i = 0; i < 256; ++i)
            {
                by = (u1byte)i;
#ifdef ONE_STEP
                mk_tab[0][i] = mds(0, q3(by, 0)); mk_tab[1][i] = mds(1, q3(by, 1));
                mk_tab[2][i] = mds(2, q3(by, 2)); mk_tab[3][i] = mds(3, q3(by, 3));
#else
                sb[0][i] = q3(by, 0); sb[1][i] = q3(by, 1);
                sb[2][i] = q3(by, 2); sb[3][i] = q3(by, 3);
#endif
            }
            break;

    case 4: for(i = 0; i < 256; ++i)
            {
                by = (u1byte)i;
#ifdef ONE_STEP
                mk_tab[0][i] = mds(0, q4(by, 0)); mk_tab[1][i] = mds(1, q4(by, 1));
                mk_tab[2][i] = mds(2, q4(by, 2)); mk_tab[3][i] = mds(3, q4(by, 3));
#else
                sb[0][i] = q4(by, 0); sb[1][i] = q4(by, 1);
                sb[2][i] = q4(by, 2); sb[3][i] = q4(by, 3);
#endif
            }
    }
}

#  ifdef ONE_STEP
#    define g0_fun(x) ( mk_tab[0][byte(x,0)] ^ mk_tab[1][byte(x,1)] \
                      ^ mk_tab[2][byte(x,2)] ^ mk_tab[3][byte(x,3)] )
#    define g1_fun(x) ( mk_tab[1][byte(x,0)] ^ mk_tab[2][byte(x,1)] \
                      ^ mk_tab[3][byte(x,2)] ^ mk_tab[0][byte(x,3)] )
#  else
#    define g0_fun(x) ( mds(0, sb[0][byte(x,0)]) ^ mds(1, sb[1][byte(x,1)]) \
                      ^ mds(2, sb[2][byte(x,2)]) ^ mds(3, sb[3][byte(x,3)]) )
#    define g1_fun(x) ( mds(1, sb[1][byte(x,0)]) ^ mds(2, sb[2][byte(x,1)]) \
                      ^ mds(3, sb[3][byte(x,2)]) ^ mds(0, sb[0][byte(x,3)]) )
#  endif

#else

#define g0_fun(x)   h_fun(x, TWOFISH(s_key), TWOFISH(k_len))
#define g1_fun(x)   h_fun(rotl(x,8), TWOFISH(s_key), TWOFISH(k_len))

#endif

// The (12,8) Reed Soloman code has the generator polynomial
//
//  g(x) = x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1
//
// where the coefficients are in the finite field GF(2^8) with a
// modular polynomial a^8 + a^6 + a^3 + a^2 + 1. To generate the
// remainder we have to start with a 12th order polynomial with our
// eight input bytes as the coefficients of the 4th to 11th terms.
// That is:
//
//  m[7] * x^11 + m[6] * x^10 ... + m[0] * x^4 + 0 * x^3 +... + 0
//
// We then multiply the generator polynomial by m[7] * x^7 and subtract
// it - xor in GF(2^8) - from the above to eliminate the x^7 term (the
// artihmetic on the coefficients is done in GF(2^8). We then multiply
// the generator polynomial by x^6 * coeff(x^10) and use this to remove
// the x^10 term. We carry on in this way until the x^4 term is removed
// so that we are left with:
//
//  r[3] * x^3 + r[2] * x^2 + r[1] 8 x^1 + r[0]
//
// which give the resulting 4 bytes of the remainder. This is equivalent
// to the matrix multiplication in the Twofish description but much faster
// to implement.

#define G_MOD   0x0000014d

STATIC u4byte mds_rem(u4byte p0, u4byte p1)
{   u4byte  i, t, u;

    for(i = 0; i < 8; ++i)
    {
        t = p1 >> 24;   // get most significant coefficient

        p1 = (p1 << 8) | (p0 >> 24); p0 <<= 8;  // shift others up

        // multiply t by a (the primitive element - i.e. left shift)

        u = (t << 1);

        if(t & 0x80)            // subtract modular polynomial on overflow

            u ^= G_MOD;

        p1 ^= t ^ (u << 16);    // remove t * (a * x^2 + 1)

        u ^= (t >> 1);          // form u = a * t + t / a = t * (a + 1 / a);

        if(t & 0x01)            // add the modular polynomial on underflow

            u ^= G_MOD >> 1;

        p1 ^= (u << 24) | (u << 8); // remove t * (a + 1/a) * (x^3 + x)
    }

    return p1;
}

#ifdef  __cplusplus
    } // end of anonymous namespace
#endif

char* TWOFISH(name(void))
{
    return "twofish";
}

// initialise the key schedule from the user supplied key

void TWOFISH(set_key(const u1byte in_key[], const u4byte key_len, const enum dir_flag f))
{   u4byte  i, a, b, me_key[4], mo_key[4];

#ifdef  Q_TABLE
    if(!qt_gen)
    {
        gen_qtab(); qt_gen = 1;
    }
#endif

#ifdef M_TABLE
    if(!mt_gen)
    {
        gen_mtab(); mt_gen = 1;
    }
#endif

    TWOFISH(k_len) = key_len / 64;   // 2, 3 or 4

    for(i = 0; i < TWOFISH(k_len); ++i)
    {
        a = u4byte_in(in_key + 8 * i);     me_key[i] = a;
        b = u4byte_in(in_key + 8 * i + 4); mo_key[i] = b;
        TWOFISH(s_key)[TWOFISH(k_len) - i - 1] = mds_rem(a, b);
    }

    for(i = 0; i < 40; i += 2)
    {
#ifdef  Q_TABLE
        a = i; b = i + 1;
#else

        a = 0x01010101 * i; b = a + 0x01010101;
#endif
        a = h_fun(a, me_key, TWOFISH(k_len));
        b = rotl(h_fun(b, mo_key, TWOFISH(k_len)), 8);
        TWOFISH(l_key)[i] = a + b;
        TWOFISH(l_key)[i + 1] = rotl(a + 2 * b, 9);
    }

#ifdef MK_TABLE
    gen_mk_tab(TWOFISH(s_key), TWOFISH(k_len));
#endif

    return;
}

// encrypt a block of text

#define f_rnd(i)                                \
    t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);   \
    blk[2] = rotr(blk[2] ^ (t0 + t1 + TWOFISH(l_key)[4 * (i) + 8]), 1);      \
    blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + TWOFISH(l_key)[4 * (i) + 9]);  \
    t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);   \
    blk[0] = rotr(blk[0] ^ (t0 + t1 + TWOFISH(l_key)[4 * (i) + 10]), 1);     \
    blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + TWOFISH(l_key)[4 * (i) + 11])

void TWOFISH(encrypt(const u1byte in_blk[16], u1byte out_blk[16]))
{   u4byte  t0, t1, blk[4];

    blk[0] = u4byte_in(in_blk     ) ^ TWOFISH(l_key)[0];
    blk[1] = u4byte_in(in_blk +  4) ^ TWOFISH(l_key)[1];
    blk[2] = u4byte_in(in_blk +  8) ^ TWOFISH(l_key)[2];
    blk[3] = u4byte_in(in_blk + 12) ^ TWOFISH(l_key)[3];

    f_rnd(0); f_rnd(1); f_rnd(2); f_rnd(3);
    f_rnd(4); f_rnd(5); f_rnd(6); f_rnd(7);

    u4byte_out(out_blk,      blk[2] ^ TWOFISH(l_key)[4]);
    u4byte_out(out_blk +  4, blk[3] ^ TWOFISH(l_key)[5]);
    u4byte_out(out_blk +  8, blk[0] ^ TWOFISH(l_key)[6]);
    u4byte_out(out_blk + 12, blk[1] ^ TWOFISH(l_key)[7]);
}

// decrypt a block of text

#define i_rnd(i)                                    \
        t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);   \
        blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + TWOFISH(l_key)[4 * (i) + 10]);     \
        blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + TWOFISH(l_key)[4 * (i) + 11]), 1); \
        t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);   \
        blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + TWOFISH(l_key)[4 * (i) +  8]);     \
        blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + TWOFISH(l_key)[4 * (i) +  9]), 1)

void TWOFISH(decrypt(const u1byte in_blk[16], u1byte out_blk[16]))
{   u4byte  t0, t1, blk[4];

    blk[0] = u4byte_in(in_blk     ) ^ TWOFISH(l_key)[4];
    blk[1] = u4byte_in(in_blk +  4) ^ TWOFISH(l_key)[5];
    blk[2] = u4byte_in(in_blk +  8) ^ TWOFISH(l_key)[6];
    blk[3] = u4byte_in(in_blk + 12) ^ TWOFISH(l_key)[7];

    i_rnd(7); i_rnd(6); i_rnd(5); i_rnd(4);
    i_rnd(3); i_rnd(2); i_rnd(1); i_rnd(0);

    u4byte_out(out_blk,      blk[2] ^ TWOFISH(l_key)[0]);
    u4byte_out(out_blk +  4, blk[3] ^ TWOFISH(l_key)[1]);
    u4byte_out(out_blk +  8, blk[0] ^ TWOFISH(l_key)[2]);
    u4byte_out(out_blk + 12, blk[1] ^ TWOFISH(l_key)[3]);
}