Crypto++  5.6.3 Free C++ class library of cryptographic schemes
twofish.cpp
1 // twofish.cpp - modified by Wei Dai from Matthew Skala's twofish.c
2 // The original code and all modifications are in the public domain.
3
4 #include "pch.h"
5 #include "twofish.h"
6 #include "secblock.h"
7 #include "misc.h"
8
9 NAMESPACE_BEGIN(CryptoPP)
10
11 // compute (c * x^4) mod (x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1)
12 // over GF(256)
13 static inline unsigned int Mod(unsigned int c)
14 {
15  static const unsigned int modulus = 0x14d;
16  unsigned int c2 = (c<<1) ^ ((c & 0x80) ? modulus : 0);
17  unsigned int c1 = c2 ^ (c>>1) ^ ((c & 1) ? (modulus>>1) : 0);
18  return c | (c1 << 8) | (c2 << 16) | (c1 << 24);
19 }
20
21 // compute RS(12,8) code with the above polynomial as generator
22 // this is equivalent to multiplying by the RS matrix
23 static word32 ReedSolomon(word32 high, word32 low)
24 {
25  for (unsigned int i=0; i<8; i++)
26  {
27  high = Mod(high>>24) ^ (high<<8) ^ (low>>24);
28  low <<= 8;
29  }
30  return high;
31 }
32
33 inline word32 Twofish::Base::h0(word32 x, const word32 *key, unsigned int kLen)
34 {
35  x = x | (x<<8) | (x<<16) | (x<<24);
36  switch(kLen)
37  {
38 #define Q(a, b, c, d, t) q[a][GETBYTE(t,0)] ^ (q[b][GETBYTE(t,1)] << 8) ^ (q[c][GETBYTE(t,2)] << 16) ^ (q[d][GETBYTE(t,3)] << 24)
39  case 4: x = Q(1, 0, 0, 1, x) ^ key[6];
40  case 3: x = Q(1, 1, 0, 0, x) ^ key[4];
41  case 2: x = Q(0, 1, 0, 1, x) ^ key[2];
42  x = Q(0, 0, 1, 1, x) ^ key[0];
43  }
44  return x;
45 }
46
47 inline word32 Twofish::Base::h(word32 x, const word32 *key, unsigned int kLen)
48 {
49  x = h0(x, key, kLen);
50  return mds[0][GETBYTE(x,0)] ^ mds[1][GETBYTE(x,1)] ^ mds[2][GETBYTE(x,2)] ^ mds[3][GETBYTE(x,3)];
51 }
52
53 void Twofish::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &)
54 {
55  AssertValidKeyLength(keylength);
56
57  unsigned int len = (keylength <= 16 ? 2 : (keylength <= 24 ? 3 : 4));
58  SecBlock<word32> key(len*2);
59  GetUserKey(LITTLE_ENDIAN_ORDER, key.begin(), len*2, userKey, keylength);
60
61  unsigned int i;
62  for (i=0; i<40; i+=2)
63  {
64  word32 a = h(i, key, len);
65  word32 b = rotlFixed(h(i+1, key+1, len), 8);
66  m_k[i] = a+b;
67  m_k[i+1] = rotlFixed(a+2*b, 9);
68  }
69
70  SecBlock<word32> svec(2*len);
71  for (i=0; i<len; i++)
72  svec[2*(len-i-1)] = ReedSolomon(key[2*i+1], key[2*i]);
73  for (i=0; i<256; i++)
74  {
75  word32 t = h0(i, svec, len);
76  m_s[0*256+i] = mds[0][GETBYTE(t, 0)];
77  m_s[1*256+i] = mds[1][GETBYTE(t, 1)];
78  m_s[2*256+i] = mds[2][GETBYTE(t, 2)];
79  m_s[3*256+i] = mds[3][GETBYTE(t, 3)];
80  }
81 }
82
83 #define G1(x) (m_s[0*256+GETBYTE(x,0)] ^ m_s[1*256+GETBYTE(x,1)] ^ m_s[2*256+GETBYTE(x,2)] ^ m_s[3*256+GETBYTE(x,3)])
84 #define G2(x) (m_s[0*256+GETBYTE(x,3)] ^ m_s[1*256+GETBYTE(x,0)] ^ m_s[2*256+GETBYTE(x,1)] ^ m_s[3*256+GETBYTE(x,2)])
85
86 #define ENCROUND(n, a, b, c, d) \
87  x = G1 (a); y = G2 (b); \
88  x += y; y += x + k[2 * (n) + 1]; \
89  (c) ^= x + k[2 * (n)]; \
90  (c) = rotrFixed(c, 1); \
91  (d) = rotlFixed(d, 1) ^ y
92
93 #define ENCCYCLE(n) \
94  ENCROUND (2 * (n), a, b, c, d); \
95  ENCROUND (2 * (n) + 1, c, d, a, b)
96
97 #define DECROUND(n, a, b, c, d) \
98  x = G1 (a); y = G2 (b); \
99  x += y; y += x; \
100  (d) ^= y + k[2 * (n) + 1]; \
101  (d) = rotrFixed(d, 1); \
102  (c) = rotlFixed(c, 1); \
103  (c) ^= (x + k[2 * (n)])
104
105 #define DECCYCLE(n) \
106  DECROUND (2 * (n) + 1, c, d, a, b); \
107  DECROUND (2 * (n), a, b, c, d)
108
110
111 void Twofish::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
112 {
113  word32 x, y, a, b, c, d;
114
115  Block::Get(inBlock)(a)(b)(c)(d);
116
117  a ^= m_k[0];
118  b ^= m_k[1];
119  c ^= m_k[2];
120  d ^= m_k[3];
121
122  const word32 *k = m_k+8;
123  ENCCYCLE (0);
124  ENCCYCLE (1);
125  ENCCYCLE (2);
126  ENCCYCLE (3);
127  ENCCYCLE (4);
128  ENCCYCLE (5);
129  ENCCYCLE (6);
130  ENCCYCLE (7);
131
132  c ^= m_k[4];
133  d ^= m_k[5];
134  a ^= m_k[6];
135  b ^= m_k[7];
136
137  Block::Put(xorBlock, outBlock)(c)(d)(a)(b);
138 }
139
140 void Twofish::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
141 {
142  word32 x, y, a, b, c, d;
143
144  Block::Get(inBlock)(c)(d)(a)(b);
145
146  c ^= m_k[4];
147  d ^= m_k[5];
148  a ^= m_k[6];
149  b ^= m_k[7];
150
151  const word32 *k = m_k+8;
152  DECCYCLE (7);
153  DECCYCLE (6);
154  DECCYCLE (5);
155  DECCYCLE (4);
156  DECCYCLE (3);
157  DECCYCLE (2);
158  DECCYCLE (1);
159  DECCYCLE (0);
160
161  a ^= m_k[0];
162  b ^= m_k[1];
163  c ^= m_k[2];
164  d ^= m_k[3];
165
166  Block::Put(xorBlock, outBlock)(a)(b)(c)(d);
167 }
168
169 NAMESPACE_END
Utility functions for the Crypto++ library.
T rotlFixed(T x, unsigned int y)
Performs a left rotate.
Definition: misc.h:1178
Access a block of memory.
Definition: misc.h:2102
byte order is little-endian
Definition: cryptlib.h:125
Classes for the Twofish block cipher.
Classes and functions for secure memory allocations.
Access a block of memory.
Definition: misc.h:2064
Crypto++ library namespace.
Interface for retrieving values given their names.
Definition: cryptlib.h:277