twofish.cpp

00001 // twofish.cpp - modified by Wei Dai from Matthew Skala's twofish.c
00002 // The original code and all modifications are in the public domain.
00003 
00004 #include "pch.h"
00005 #include "twofish.h"
00006 #include "misc.h"
00007 
00008 NAMESPACE_BEGIN(CryptoPP)
00009 
00010 // compute (c * x^4) mod (x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1)
00011 // over GF(256)
00012 static inline unsigned int Mod(unsigned int c)
00013 {
00014         static const unsigned int modulus = 0x14d;
00015         unsigned int c2 = (c<<1) ^ ((c & 0x80) ? modulus : 0);
00016         unsigned int c1 = c2 ^ (c>>1) ^ ((c & 1) ? (modulus>>1) : 0);
00017         return c | (c1 << 8) | (c2 << 16) | (c1 << 24);
00018 }
00019 
00020 // compute RS(12,8) code with the above polynomial as generator
00021 // this is equivalent to multiplying by the RS matrix
00022 static word32 ReedSolomon(word32 high, word32 low)
00023 {
00024         for (unsigned int i=0; i<8; i++)
00025         {
00026                 high = Mod(high>>24) ^ (high<<8) ^ (low>>24);
00027                 low <<= 8;
00028         }
00029         return high;
00030 }
00031 
00032 inline word32 Twofish::Base::h0(word32 x, const word32 *key, unsigned int kLen)
00033 {
00034         x = x | (x<<8) | (x<<16) | (x<<24);
00035         switch(kLen)
00036         {
00037 #define Q(a, b, c, d, t) q[a][GETBYTE(t,0)] ^ (q[b][GETBYTE(t,1)] << 8) ^ (q[c][GETBYTE(t,2)] << 16) ^ (q[d][GETBYTE(t,3)] << 24)
00038         case 4: x = Q(1, 0, 0, 1, x) ^ key[6];
00039         case 3: x = Q(1, 1, 0, 0, x) ^ key[4];
00040         case 2: x = Q(0, 1, 0, 1, x) ^ key[2];
00041                         x = Q(0, 0, 1, 1, x) ^ key[0];
00042         }
00043         return x;
00044 }
00045 
00046 inline word32 Twofish::Base::h(word32 x, const word32 *key, unsigned int kLen)
00047 {
00048         x = h0(x, key, kLen);
00049         return mds[0][GETBYTE(x,0)] ^ mds[1][GETBYTE(x,1)] ^ mds[2][GETBYTE(x,2)] ^ mds[3][GETBYTE(x,3)];
00050 }
00051 
00052 void Twofish::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &)
00053 {
00054         AssertValidKeyLength(keylength);
00055 
00056         unsigned int len = (keylength <= 16 ? 2 : (keylength <= 24 ? 3 : 4));
00057         SecBlock<word32> key(len*2);
00058         GetUserKey(LITTLE_ENDIAN_ORDER, key.begin(), len*2, userKey, keylength);
00059 
00060         unsigned int i;
00061         for (i=0; i<40; i+=2)
00062         {
00063                 word32 a = h(i, key, len);
00064                 word32 b = rotlFixed(h(i+1, key+1, len), 8);
00065                 m_k[i] = a+b;
00066                 m_k[i+1] = rotlFixed(a+2*b, 9);
00067         }
00068 
00069         SecBlock<word32> svec(2*len);
00070         for (i=0; i<len; i++)
00071                 svec[2*(len-i-1)] = ReedSolomon(key[2*i+1], key[2*i]);
00072         for (i=0; i<256; i++)
00073         {
00074                 word32 t = h0(i, svec, len);
00075                 m_s[0][i] = mds[0][GETBYTE(t, 0)];
00076                 m_s[1][i] = mds[1][GETBYTE(t, 1)];
00077                 m_s[2][i] = mds[2][GETBYTE(t, 2)];
00078                 m_s[3][i] = mds[3][GETBYTE(t, 3)];
00079         }
00080 }
00081 
00082 #define G1(x) (m_s[0][GETBYTE(x,0)] ^ m_s[1][GETBYTE(x,1)] ^ m_s[2][GETBYTE(x,2)] ^ m_s[3][GETBYTE(x,3)])
00083 #define G2(x) (m_s[0][GETBYTE(x,3)] ^ m_s[1][GETBYTE(x,0)] ^ m_s[2][GETBYTE(x,1)] ^ m_s[3][GETBYTE(x,2)])
00084 
00085 #define ENCROUND(n, a, b, c, d) \
00086         x = G1 (a); y = G2 (b); \
00087         x += y; y += x + k[2 * (n) + 1]; \
00088         (c) ^= x + k[2 * (n)]; \
00089         (c) = rotrFixed(c, 1); \
00090         (d) = rotlFixed(d, 1) ^ y
00091 
00092 #define ENCCYCLE(n) \
00093         ENCROUND (2 * (n), a, b, c, d); \
00094         ENCROUND (2 * (n) + 1, c, d, a, b)
00095 
00096 #define DECROUND(n, a, b, c, d) \
00097         x = G1 (a); y = G2 (b); \
00098         x += y; y += x; \
00099         (d) ^= y + k[2 * (n) + 1]; \
00100         (d) = rotrFixed(d, 1); \
00101         (c) = rotlFixed(c, 1); \
00102         (c) ^= (x + k[2 * (n)])
00103 
00104 #define DECCYCLE(n) \
00105         DECROUND (2 * (n) + 1, c, d, a, b); \
00106         DECROUND (2 * (n), a, b, c, d)
00107 
00108 typedef BlockGetAndPut<word32, LittleEndian> Block;
00109 
00110 void Twofish::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
00111 {
00112         word32 x, y, a, b, c, d;
00113 
00114         Block::Get(inBlock)(a)(b)(c)(d);
00115 
00116         a ^= m_k[0];
00117         b ^= m_k[1];
00118         c ^= m_k[2];
00119         d ^= m_k[3];
00120 
00121         const word32 *k = m_k+8;
00122         ENCCYCLE (0);
00123         ENCCYCLE (1);
00124         ENCCYCLE (2);
00125         ENCCYCLE (3);
00126         ENCCYCLE (4);
00127         ENCCYCLE (5);
00128         ENCCYCLE (6);
00129         ENCCYCLE (7);
00130 
00131         c ^= m_k[4];
00132         d ^= m_k[5];
00133         a ^= m_k[6];
00134         b ^= m_k[7]; 
00135 
00136         Block::Put(xorBlock, outBlock)(c)(d)(a)(b);
00137 }
00138 
00139 void Twofish::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
00140 {
00141         word32 x, y, a, b, c, d;
00142 
00143         Block::Get(inBlock)(c)(d)(a)(b);
00144 
00145         c ^= m_k[4];
00146         d ^= m_k[5];
00147         a ^= m_k[6];
00148         b ^= m_k[7];
00149 
00150         const word32 *k = m_k+8;
00151         DECCYCLE (7);
00152         DECCYCLE (6);
00153         DECCYCLE (5);
00154         DECCYCLE (4);
00155         DECCYCLE (3);
00156         DECCYCLE (2);
00157         DECCYCLE (1);
00158         DECCYCLE (0);
00159 
00160         a ^= m_k[0];
00161         b ^= m_k[1];
00162         c ^= m_k[2];
00163         d ^= m_k[3];
00164 
00165         Block::Put(xorBlock, outBlock)(a)(b)(c)(d);
00166 }
00167 
00168 NAMESPACE_END
Generated on Sat Dec 23 02:07:11 2006 for Crypto++ by  doxygen 1.5.1-p1