📄 twofish.c
字号:
{
by = (u1byte)i;
#ifdef ONE_STEP
mk_tab[0 + 4*i] = mds(0, q40(by)); mk_tab[1 + 4*i] = mds(1, q41(by));
mk_tab[2 + 4*i] = mds(2, q42(by)); mk_tab[3 + 4*i] = mds(3, q43(by));
#else
sb[0][i] = q40(by); sb[1][i] = q41(by);
sb[2][i] = q42(by); sb[3][i] = q43(by);
#endif
}
}
};
# ifdef ONE_STEP
# define g0_fun(x) ( mk_tab[0 + 4*extract_byte(x,0)] ^ mk_tab[1 + 4*extract_byte(x,1)] \
^ mk_tab[2 + 4*extract_byte(x,2)] ^ mk_tab[3 + 4*extract_byte(x,3)] )
# define g1_fun(x) ( mk_tab[0 + 4*extract_byte(x,3)] ^ mk_tab[1 + 4*extract_byte(x,0)] \
^ mk_tab[2 + 4*extract_byte(x,1)] ^ mk_tab[3 + 4*extract_byte(x,2)] )
# else
# define g0_fun(x) ( mds(0, sb[0][extract_byte(x,0)]) ^ mds(1, sb[1][extract_byte(x,1)]) \
^ mds(2, sb[2][extract_byte(x,2)]) ^ mds(3, sb[3][extract_byte(x,3)]) )
# define g1_fun(x) ( mds(0, sb[0][extract_byte(x,3)]) ^ mds(1, sb[1][extract_byte(x,0)]) \
^ mds(2, sb[2][extract_byte(x,1)]) ^ mds(3, sb[3][extract_byte(x,2)]) )
# endif
#else
#define g0_fun(x) h_fun(instance, x, instance->s_key)
#define g1_fun(x) h_fun(instance, rotl(x,8), instance->s_key)
#endif
/* The (12,8) Reed Soloman code has the generator polynomial
g(x) = x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1
where the coefficients are in the finite field GF(2^8) with a
modular polynomial a^8 + a^6 + a^3 + a^2 + 1. To generate the
remainder we have to start with a 12th order polynomial with our
eight input bytes as the coefficients of the 4th to 11th terms.
That is:
m[7] * x^11 + m[6] * x^10 ... + m[0] * x^4 + 0 * x^3 +... + 0
We then multiply the generator polynomial by m[7] * x^7 and subtract
it - xor in GF(2^8) - from the above to eliminate the x^7 term (the
artihmetic on the coefficients is done in GF(2^8). We then multiply
the generator polynomial by x^6 * coeff(x^10) and use this to remove
the x^10 term. We carry on in this way until the x^4 term is removed
so that we are left with:
r[3] * x^3 + r[2] * x^2 + r[1] 8 x^1 + r[0]
which give the resulting 4 bytes of the remainder. This is equivalent
to the matrix multiplication in the Twofish description but much faster
to implement.
*/
#define G_MOD 0x0000014d
static u4byte mds_rem(u4byte p0, u4byte p1)
{ u4byte i, t, u;
for(i = 0; i < 8; ++i)
{
t = p1 >> 24; // get most significant coefficient
p1 = (p1 << 8) | (p0 >> 24); p0 <<= 8; // shift others up
// multiply t by a (the primitive element - i.e. left shift)
u = (t << 1);
if(t & 0x80) // subtract modular polynomial on overflow
u ^= G_MOD;
p1 ^= t ^ (u << 16); // remove t * (a * x^2 + 1)
u ^= (t >> 1); // form u = a * t + t / a = t * (a + 1 / a);
if(t & 0x01) // add the modular polynomial on underflow
u ^= G_MOD >> 1;
p1 ^= (u << 24) | (u << 8); // remove t * (a + 1/a) * (x^3 + x)
}
return p1;
};
/* initialise the key schedule from the user supplied key */
u4byte *twofish_set_key(TwofishInstance *instance, const u4byte in_key[], const u4byte key_len)
{ u4byte i, a, b, me_key[4], mo_key[4];
u4byte *l_key, *s_key;
l_key = instance->l_key;
s_key = instance->s_key;
#ifdef Q_TABLES
if(!qt_gen)
{
gen_qtab(); qt_gen = 1;
}
#endif
#ifdef M_TABLE
if(!mt_gen)
{
gen_mtab(); mt_gen = 1;
}
#endif
instance->k_len = key_len / 64; /* 2, 3 or 4 */
for(i = 0; i < instance->k_len; ++i)
{
a = LE32(in_key[i + i]); me_key[i] = a;
b = LE32(in_key[i + i + 1]); mo_key[i] = b;
s_key[instance->k_len - i - 1] = mds_rem(a, b);
}
for(i = 0; i < 40; i += 2)
{
a = 0x01010101 * i; b = a + 0x01010101;
a = h_fun(instance, a, me_key);
b = rotl(h_fun(instance, b, mo_key), 8);
l_key[i] = a + b;
l_key[i + 1] = rotl(a + 2 * b, 9);
}
#ifdef MK_TABLE
gen_mk_tab(instance, s_key);
#endif
return l_key;
};
/* encrypt a block of text */
#ifndef TC_MINIMIZE_CODE_SIZE
#define f_rnd(i) \
t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1); \
blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]); \
t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1); \
blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11])
void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
{ u4byte t0, t1, blk[4];
u4byte *l_key = instance->l_key;
u4byte *mk_tab = instance->mk_tab;
blk[0] = LE32(in_blk[0]) ^ l_key[0];
blk[1] = LE32(in_blk[1]) ^ l_key[1];
blk[2] = LE32(in_blk[2]) ^ l_key[2];
blk[3] = LE32(in_blk[3]) ^ l_key[3];
f_rnd(0); f_rnd(1); f_rnd(2); f_rnd(3);
f_rnd(4); f_rnd(5); f_rnd(6); f_rnd(7);
out_blk[0] = LE32(blk[2] ^ l_key[4]);
out_blk[1] = LE32(blk[3] ^ l_key[5]);
out_blk[2] = LE32(blk[0] ^ l_key[6]);
out_blk[3] = LE32(blk[1] ^ l_key[7]);
};
#else // TC_MINIMIZE_CODE_SIZE
void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
{ u4byte t0, t1, blk[4];
u4byte *l_key = instance->l_key;
#ifdef TC_WINDOWS_BOOT_TWOFISH
u4byte *mk_tab = instance->mk_tab;
#endif
int i;
blk[0] = LE32(in_blk[0]) ^ l_key[0];
blk[1] = LE32(in_blk[1]) ^ l_key[1];
blk[2] = LE32(in_blk[2]) ^ l_key[2];
blk[3] = LE32(in_blk[3]) ^ l_key[3];
for (i = 0; i <= 7; ++i)
{
t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);
blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1);
blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]);
t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);
blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1);
blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]);
}
out_blk[0] = LE32(blk[2] ^ l_key[4]);
out_blk[1] = LE32(blk[3] ^ l_key[5]);
out_blk[2] = LE32(blk[0] ^ l_key[6]);
out_blk[3] = LE32(blk[1] ^ l_key[7]);
};
#endif // TC_MINIMIZE_CODE_SIZE
/* decrypt a block of text */
#ifndef TC_MINIMIZE_CODE_SIZE
#define i_rnd(i) \
t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]); \
blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1); \
t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]); \
blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1)
void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
{ u4byte t0, t1, blk[4];
u4byte *l_key = instance->l_key;
u4byte *mk_tab = instance->mk_tab;
blk[0] = LE32(in_blk[0]) ^ l_key[4];
blk[1] = LE32(in_blk[1]) ^ l_key[5];
blk[2] = LE32(in_blk[2]) ^ l_key[6];
blk[3] = LE32(in_blk[3]) ^ l_key[7];
i_rnd(7); i_rnd(6); i_rnd(5); i_rnd(4);
i_rnd(3); i_rnd(2); i_rnd(1); i_rnd(0);
out_blk[0] = LE32(blk[2] ^ l_key[0]);
out_blk[1] = LE32(blk[3] ^ l_key[1]);
out_blk[2] = LE32(blk[0] ^ l_key[2]);
out_blk[3] = LE32(blk[1] ^ l_key[3]);
};
#else // TC_MINIMIZE_CODE_SIZE
void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
{ u4byte t0, t1, blk[4];
u4byte *l_key = instance->l_key;
#ifdef TC_WINDOWS_BOOT_TWOFISH
u4byte *mk_tab = instance->mk_tab;
#endif
int i;
blk[0] = LE32(in_blk[0]) ^ l_key[4];
blk[1] = LE32(in_blk[1]) ^ l_key[5];
blk[2] = LE32(in_blk[2]) ^ l_key[6];
blk[3] = LE32(in_blk[3]) ^ l_key[7];
for (i = 7; i >= 0; --i)
{
t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);
blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]);
blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1);
t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);
blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]);
blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1);
}
out_blk[0] = LE32(blk[2] ^ l_key[0]);
out_blk[1] = LE32(blk[3] ^ l_key[1]);
out_blk[2] = LE32(blk[0] ^ l_key[2]);
out_blk[3] = LE32(blk[1] ^ l_key[3]);
};
#endif // TC_MINIMIZE_CODE_SIZE
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -