![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to twofish.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [truecrypt] / truecrypt / crypto|
Return to twofish.c CVS log | Up to [truecrypt] / truecrypt / crypto |
1.1 root 1: /* This is an independent implementation of the encryption algorithm: */
2: /* */
3: /* Twofish by Bruce Schneier and colleagues */
4: /* */
5: /* which is a candidate algorithm in the Advanced Encryption Standard */
6: /* programme of the US National Institute of Standards and Technology. */
7: /* */
8: /* Copyright in this implementation is held by Dr B R Gladman but I */
9: /* hereby give permission for its free direct or derivative use subject */
10: /* to acknowledgment of its origin and compliance with any conditions */
11: /* that the originators of the algorithm place on its exploitation. */
12: /* */
13: /* My thanks to Doug Whiting and Niels Ferguson for comments that led */
14: /* to improvements in this implementation. */
15: /* */
16: /* Dr Brian Gladman ([email protected]) 14th January 1999 */
17:
1.1.1.2 root 18: /* Adapted for TrueCrypt by the TrueCrypt Foundation */
1.1 root 19:
1.1.1.2 root 20: #include "Twofish.h"
1.1.1.4 root 21: #include "Common/Endian.h"
1.1 root 22:
1.1.1.6 ! root 23: #ifndef TC_MINIMIZE_CODE_SIZE
! 24:
1.1 root 25: #define Q_TABLES
26: #define M_TABLE
27: #define MK_TABLE
28: #define ONE_STEP
29:
1.1.1.6 ! root 30: #endif
1.1 root 31:
32: /* finite field arithmetic for GF(2**8) with the modular */
33: /* polynomial x^8 + x^6 + x^5 + x^3 + 1 (0x169) */
34:
35: #define G_M 0x0169
36:
37: u1byte tab_5b[4] = { 0, G_M >> 2, G_M >> 1, (G_M >> 1) ^ (G_M >> 2) };
38: u1byte tab_ef[4] = { 0, (G_M >> 1) ^ (G_M >> 2), G_M >> 1, G_M >> 2 };
39:
40: #define ffm_01(x) (x)
41: #define ffm_5b(x) ((x) ^ ((x) >> 2) ^ tab_5b[(x) & 3])
42: #define ffm_ef(x) ((x) ^ ((x) >> 1) ^ ((x) >> 2) ^ tab_ef[(x) & 3])
43:
44: u1byte ror4[16] = { 0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15 };
45: u1byte ashx[16] = { 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7 };
46:
47: u1byte qt0[2][16] =
48: { { 8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4 },
49: { 2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5 }
50: };
51:
52: u1byte qt1[2][16] =
53: { { 14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13 },
54: { 1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8 }
55: };
56:
57: u1byte qt2[2][16] =
58: { { 11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1 },
59: { 4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15 }
60: };
61:
62: u1byte qt3[2][16] =
63: { { 13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10 },
64: { 11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10 }
65: };
66:
67: static u1byte qp(const u4byte n, const u1byte x)
68: { u1byte a0, a1, a2, a3, a4, b0, b1, b2, b3, b4;
69:
70: a0 = x >> 4; b0 = x & 15;
71: a1 = a0 ^ b0; b1 = ror4[b0] ^ ashx[a0];
72: a2 = qt0[n][a1]; b2 = qt1[n][b1];
73: a3 = a2 ^ b2; b3 = ror4[b2] ^ ashx[a2];
74: a4 = qt2[n][a3]; b4 = qt3[n][b3];
75: return (b4 << 4) | a4;
76: };
77:
78: #ifdef Q_TABLES
79:
80: u4byte qt_gen = 0;
81: u1byte q_tab[2][256];
82:
83: #define q(n,x) q_tab[n][x]
84:
85: static void gen_qtab(void)
86: { u4byte i;
87:
88: for(i = 0; i < 256; ++i)
89: {
90: q(0,i) = qp(0, (u1byte)i);
91: q(1,i) = qp(1, (u1byte)i);
92: }
93: };
94:
95: #else
96:
97: #define q(n,x) qp(n, x)
98:
99: #endif
100:
101: #ifdef M_TABLE
102:
103: u4byte mt_gen = 0;
104: u4byte m_tab[4][256];
105:
106: static void gen_mtab(void)
107: { u4byte i, f01, f5b, fef;
108:
109: for(i = 0; i < 256; ++i)
110: {
111: f01 = q(1,i); f5b = ffm_5b(f01); fef = ffm_ef(f01);
112: m_tab[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);
113: m_tab[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);
114:
115: f01 = q(0,i); f5b = ffm_5b(f01); fef = ffm_ef(f01);
116: m_tab[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);
117: m_tab[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);
118: }
119: };
120:
121: #define mds(n,x) m_tab[n][x]
122:
123: #else
124:
125: #define fm_00 ffm_01
126: #define fm_10 ffm_5b
127: #define fm_20 ffm_ef
128: #define fm_30 ffm_ef
129: #define q_0(x) q(1,x)
130:
131: #define fm_01 ffm_ef
132: #define fm_11 ffm_ef
133: #define fm_21 ffm_5b
134: #define fm_31 ffm_01
135: #define q_1(x) q(0,x)
136:
137: #define fm_02 ffm_5b
138: #define fm_12 ffm_ef
139: #define fm_22 ffm_01
140: #define fm_32 ffm_ef
141: #define q_2(x) q(1,x)
142:
143: #define fm_03 ffm_5b
144: #define fm_13 ffm_01
145: #define fm_23 ffm_ef
146: #define fm_33 ffm_5b
147: #define q_3(x) q(0,x)
148:
149: #define f_0(n,x) ((u4byte)fm_0##n(x))
150: #define f_1(n,x) ((u4byte)fm_1##n(x) << 8)
151: #define f_2(n,x) ((u4byte)fm_2##n(x) << 16)
152: #define f_3(n,x) ((u4byte)fm_3##n(x) << 24)
153:
154: #define mds(n,x) f_0(n,q_##n(x)) ^ f_1(n,q_##n(x)) ^ f_2(n,q_##n(x)) ^ f_3(n,q_##n(x))
155:
156: #endif
157:
158: static u4byte h_fun(TwofishInstance *instance, const u4byte x, const u4byte key[])
159: { u4byte b0, b1, b2, b3;
160:
161: #ifndef M_TABLE
162: u4byte m5b_b0, m5b_b1, m5b_b2, m5b_b3;
163: u4byte mef_b0, mef_b1, mef_b2, mef_b3;
164: #endif
165:
166: b0 = extract_byte(x, 0); b1 = extract_byte(x, 1); b2 = extract_byte(x, 2); b3 = extract_byte(x, 3);
167:
168: switch(instance->k_len)
169: {
1.1.1.6 ! root 170: case 4: b0 = q(1, (u1byte) b0) ^ extract_byte(key[3],0);
! 171: b1 = q(0, (u1byte) b1) ^ extract_byte(key[3],1);
! 172: b2 = q(0, (u1byte) b2) ^ extract_byte(key[3],2);
! 173: b3 = q(1, (u1byte) b3) ^ extract_byte(key[3],3);
! 174: case 3: b0 = q(1, (u1byte) b0) ^ extract_byte(key[2],0);
! 175: b1 = q(1, (u1byte) b1) ^ extract_byte(key[2],1);
! 176: b2 = q(0, (u1byte) b2) ^ extract_byte(key[2],2);
! 177: b3 = q(0, (u1byte) b3) ^ extract_byte(key[2],3);
! 178: case 2: b0 = q(0, (u1byte) (q(0, (u1byte) b0) ^ extract_byte(key[1],0))) ^ extract_byte(key[0],0);
! 179: b1 = q(0, (u1byte) (q(1, (u1byte) b1) ^ extract_byte(key[1],1))) ^ extract_byte(key[0],1);
! 180: b2 = q(1, (u1byte) (q(0, (u1byte) b2) ^ extract_byte(key[1],2))) ^ extract_byte(key[0],2);
! 181: b3 = q(1, (u1byte) (q(1, (u1byte) b3) ^ extract_byte(key[1],3))) ^ extract_byte(key[0],3);
1.1 root 182: }
183: #ifdef M_TABLE
184:
185: return mds(0, b0) ^ mds(1, b1) ^ mds(2, b2) ^ mds(3, b3);
186:
187: #else
188:
1.1.1.6 ! root 189: b0 = q(1, (u1byte) b0); b1 = q(0, (u1byte) b1); b2 = q(1, (u1byte) b2); b3 = q(0, (u1byte) b3);
1.1 root 190: m5b_b0 = ffm_5b(b0); m5b_b1 = ffm_5b(b1); m5b_b2 = ffm_5b(b2); m5b_b3 = ffm_5b(b3);
191: mef_b0 = ffm_ef(b0); mef_b1 = ffm_ef(b1); mef_b2 = ffm_ef(b2); mef_b3 = ffm_ef(b3);
192: b0 ^= mef_b1 ^ m5b_b2 ^ m5b_b3; b3 ^= m5b_b0 ^ mef_b1 ^ mef_b2;
193: b2 ^= mef_b0 ^ m5b_b1 ^ mef_b3; b1 ^= mef_b0 ^ mef_b2 ^ m5b_b3;
194:
195: return b0 | (b3 << 8) | (b2 << 16) | (b1 << 24);
196:
197: #endif
198: };
199:
200: #ifdef MK_TABLE
201:
202: #ifdef ONE_STEP
203: //u4byte mk_tab[4][256];
204: #else
205: u1byte sb[4][256];
206: #endif
207:
208: #define q20(x) q(0,q(0,x) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
209: #define q21(x) q(0,q(1,x) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
210: #define q22(x) q(1,q(0,x) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
211: #define q23(x) q(1,q(1,x) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
212:
213: #define q30(x) q(0,q(0,q(1, x) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
214: #define q31(x) q(0,q(1,q(1, x) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
215: #define q32(x) q(1,q(0,q(0, x) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
216: #define q33(x) q(1,q(1,q(0, x) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
217:
218: #define q40(x) q(0,q(0,q(1, q(1, x) ^ extract_byte(key[3],0)) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
219: #define q41(x) q(0,q(1,q(1, q(0, x) ^ extract_byte(key[3],1)) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
220: #define q42(x) q(1,q(0,q(0, q(0, x) ^ extract_byte(key[3],2)) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
221: #define q43(x) q(1,q(1,q(0, q(1, x) ^ extract_byte(key[3],3)) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
222:
1.1.1.3 root 223: static void gen_mk_tab(TwofishInstance *instance, u4byte key[])
1.1 root 224: { u4byte i;
225: u1byte by;
226:
227: u4byte *mk_tab = instance->mk_tab;
228:
229: switch(instance->k_len)
230: {
231: case 2: for(i = 0; i < 256; ++i)
232: {
233: by = (u1byte)i;
234: #ifdef ONE_STEP
235: mk_tab[0 + 4*i] = mds(0, q20(by)); mk_tab[1 + 4*i] = mds(1, q21(by));
236: mk_tab[2 + 4*i] = mds(2, q22(by)); mk_tab[3 + 4*i] = mds(3, q23(by));
237: #else
238: sb[0][i] = q20(by); sb[1][i] = q21(by);
239: sb[2][i] = q22(by); sb[3][i] = q23(by);
240: #endif
241: }
242: break;
243:
244: case 3: for(i = 0; i < 256; ++i)
245: {
246: by = (u1byte)i;
247: #ifdef ONE_STEP
248: mk_tab[0 + 4*i] = mds(0, q30(by)); mk_tab[1 + 4*i] = mds(1, q31(by));
249: mk_tab[2 + 4*i] = mds(2, q32(by)); mk_tab[3 + 4*i] = mds(3, q33(by));
250: #else
251: sb[0][i] = q30(by); sb[1][i] = q31(by);
252: sb[2][i] = q32(by); sb[3][i] = q33(by);
253: #endif
254: }
255: break;
256:
257: case 4: for(i = 0; i < 256; ++i)
258: {
259: by = (u1byte)i;
260: #ifdef ONE_STEP
261: mk_tab[0 + 4*i] = mds(0, q40(by)); mk_tab[1 + 4*i] = mds(1, q41(by));
262: mk_tab[2 + 4*i] = mds(2, q42(by)); mk_tab[3 + 4*i] = mds(3, q43(by));
263: #else
264: sb[0][i] = q40(by); sb[1][i] = q41(by);
265: sb[2][i] = q42(by); sb[3][i] = q43(by);
266: #endif
267: }
268: }
269: };
270:
271: # ifdef ONE_STEP
272: # define g0_fun(x) ( mk_tab[0 + 4*extract_byte(x,0)] ^ mk_tab[1 + 4*extract_byte(x,1)] \
273: ^ mk_tab[2 + 4*extract_byte(x,2)] ^ mk_tab[3 + 4*extract_byte(x,3)] )
274: # define g1_fun(x) ( mk_tab[0 + 4*extract_byte(x,3)] ^ mk_tab[1 + 4*extract_byte(x,0)] \
275: ^ mk_tab[2 + 4*extract_byte(x,1)] ^ mk_tab[3 + 4*extract_byte(x,2)] )
276:
277:
278: # else
279: # define g0_fun(x) ( mds(0, sb[0][extract_byte(x,0)]) ^ mds(1, sb[1][extract_byte(x,1)]) \
280: ^ mds(2, sb[2][extract_byte(x,2)]) ^ mds(3, sb[3][extract_byte(x,3)]) )
281: # define g1_fun(x) ( mds(0, sb[0][extract_byte(x,3)]) ^ mds(1, sb[1][extract_byte(x,0)]) \
282: ^ mds(2, sb[2][extract_byte(x,1)]) ^ mds(3, sb[3][extract_byte(x,2)]) )
283: # endif
284:
285: #else
286:
1.1.1.6 ! root 287: #define g0_fun(x) h_fun(instance, x, instance->s_key)
! 288: #define g1_fun(x) h_fun(instance, rotl(x,8), instance->s_key)
1.1 root 289:
290: #endif
291:
292: /* The (12,8) Reed Soloman code has the generator polynomial
293:
294: g(x) = x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1
295:
296: where the coefficients are in the finite field GF(2^8) with a
297: modular polynomial a^8 + a^6 + a^3 + a^2 + 1. To generate the
298: remainder we have to start with a 12th order polynomial with our
299: eight input bytes as the coefficients of the 4th to 11th terms.
300: That is:
301:
302: m[7] * x^11 + m[6] * x^10 ... + m[0] * x^4 + 0 * x^3 +... + 0
303:
304: We then multiply the generator polynomial by m[7] * x^7 and subtract
305: it - xor in GF(2^8) - from the above to eliminate the x^7 term (the
306: artihmetic on the coefficients is done in GF(2^8). We then multiply
307: the generator polynomial by x^6 * coeff(x^10) and use this to remove
308: the x^10 term. We carry on in this way until the x^4 term is removed
309: so that we are left with:
310:
311: r[3] * x^3 + r[2] * x^2 + r[1] 8 x^1 + r[0]
312:
313: which give the resulting 4 bytes of the remainder. This is equivalent
314: to the matrix multiplication in the Twofish description but much faster
315: to implement.
316:
317: */
318:
319: #define G_MOD 0x0000014d
320:
321: static u4byte mds_rem(u4byte p0, u4byte p1)
322: { u4byte i, t, u;
323:
324: for(i = 0; i < 8; ++i)
325: {
326: t = p1 >> 24; // get most significant coefficient
327:
328: p1 = (p1 << 8) | (p0 >> 24); p0 <<= 8; // shift others up
329:
330: // multiply t by a (the primitive element - i.e. left shift)
331:
332: u = (t << 1);
333:
334: if(t & 0x80) // subtract modular polynomial on overflow
335:
336: u ^= G_MOD;
337:
338: p1 ^= t ^ (u << 16); // remove t * (a * x^2 + 1)
339:
340: u ^= (t >> 1); // form u = a * t + t / a = t * (a + 1 / a);
341:
342: if(t & 0x01) // add the modular polynomial on underflow
343:
344: u ^= G_MOD >> 1;
345:
346: p1 ^= (u << 24) | (u << 8); // remove t * (a + 1/a) * (x^3 + x)
347: }
348:
349: return p1;
350: };
351:
352: /* initialise the key schedule from the user supplied key */
353:
354: u4byte *twofish_set_key(TwofishInstance *instance, const u4byte in_key[], const u4byte key_len)
355: { u4byte i, a, b, me_key[4], mo_key[4];
356: u4byte *l_key, *s_key;
357:
358: l_key = instance->l_key;
359: s_key = instance->s_key;
360:
361: #ifdef Q_TABLES
362: if(!qt_gen)
363: {
364: gen_qtab(); qt_gen = 1;
365: }
366: #endif
367:
368: #ifdef M_TABLE
369: if(!mt_gen)
370: {
371: gen_mtab(); mt_gen = 1;
372: }
373: #endif
374:
375: instance->k_len = key_len / 64; /* 2, 3 or 4 */
376:
377: for(i = 0; i < instance->k_len; ++i)
378: {
1.1.1.2 root 379: a = LE32(in_key[i + i]); me_key[i] = a;
380: b = LE32(in_key[i + i + 1]); mo_key[i] = b;
1.1 root 381: s_key[instance->k_len - i - 1] = mds_rem(a, b);
382: }
383:
384: for(i = 0; i < 40; i += 2)
385: {
386: a = 0x01010101 * i; b = a + 0x01010101;
387: a = h_fun(instance, a, me_key);
388: b = rotl(h_fun(instance, b, mo_key), 8);
389: l_key[i] = a + b;
390: l_key[i + 1] = rotl(a + 2 * b, 9);
391: }
392:
393: #ifdef MK_TABLE
394: gen_mk_tab(instance, s_key);
395: #endif
396:
397: return l_key;
398: };
399:
400: /* encrypt a block of text */
401:
1.1.1.5 root 402: #ifndef TC_MINIMIZE_CODE_SIZE
403:
1.1 root 404: #define f_rnd(i) \
405: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
406: blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1); \
407: blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]); \
408: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
409: blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1); \
410: blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11])
411:
412: void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
413: { u4byte t0, t1, blk[4];
414:
415: u4byte *l_key = instance->l_key;
416: u4byte *mk_tab = instance->mk_tab;
417:
1.1.1.2 root 418: blk[0] = LE32(in_blk[0]) ^ l_key[0];
419: blk[1] = LE32(in_blk[1]) ^ l_key[1];
420: blk[2] = LE32(in_blk[2]) ^ l_key[2];
421: blk[3] = LE32(in_blk[3]) ^ l_key[3];
1.1 root 422:
423: f_rnd(0); f_rnd(1); f_rnd(2); f_rnd(3);
424: f_rnd(4); f_rnd(5); f_rnd(6); f_rnd(7);
425:
1.1.1.2 root 426: out_blk[0] = LE32(blk[2] ^ l_key[4]);
427: out_blk[1] = LE32(blk[3] ^ l_key[5]);
428: out_blk[2] = LE32(blk[0] ^ l_key[6]);
429: out_blk[3] = LE32(blk[1] ^ l_key[7]);
1.1 root 430: };
431:
1.1.1.5 root 432: #else // TC_MINIMIZE_CODE_SIZE
433:
434: void f_rnd (int i, TwofishInstance *instance, u4byte *t0, u4byte *t1, u4byte *blk)
435: {
436: u4byte *l_key = instance->l_key;
437:
438: *t1 = g1_fun(blk[1]); *t0 = g0_fun(blk[0]);
439: blk[2] = rotr(blk[2] ^ (*t0 + *t1 + l_key[4 * (i) + 8]), 1);
440: blk[3] = rotl(blk[3], 1) ^ (*t0 + 2 * *t1 + l_key[4 * (i) + 9]);
441: *t1 = g1_fun(blk[3]); *t0 = g0_fun(blk[2]);
442: blk[0] = rotr(blk[0] ^ (*t0 + *t1 + l_key[4 * (i) + 10]), 1);
443: blk[1] = rotl(blk[1], 1) ^ (*t0 + 2 * *t1 + l_key[4 * (i) + 11]);
444: }
445:
446: void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
447: { u4byte t0, t1, blk[4];
448:
449: u4byte *l_key = instance->l_key;
450: int i;
451:
452: blk[0] = LE32(in_blk[0]) ^ l_key[0];
453: blk[1] = LE32(in_blk[1]) ^ l_key[1];
454: blk[2] = LE32(in_blk[2]) ^ l_key[2];
455: blk[3] = LE32(in_blk[3]) ^ l_key[3];
456:
457: for (i = 0; i <= 7; ++i)
458: {
459: f_rnd (i, instance, &t0, &t1, blk);
460: }
461:
462: out_blk[0] = LE32(blk[2] ^ l_key[4]);
463: out_blk[1] = LE32(blk[3] ^ l_key[5]);
464: out_blk[2] = LE32(blk[0] ^ l_key[6]);
465: out_blk[3] = LE32(blk[1] ^ l_key[7]);
466: };
467:
468: #endif // TC_MINIMIZE_CODE_SIZE
469:
1.1 root 470: /* decrypt a block of text */
471:
1.1.1.5 root 472: #ifndef TC_MINIMIZE_CODE_SIZE
473:
1.1 root 474: #define i_rnd(i) \
475: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
476: blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]); \
477: blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1); \
478: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
479: blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]); \
480: blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1)
481:
482: void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
483: { u4byte t0, t1, blk[4];
484:
485: u4byte *l_key = instance->l_key;
486: u4byte *mk_tab = instance->mk_tab;
487:
1.1.1.2 root 488: blk[0] = LE32(in_blk[0]) ^ l_key[4];
489: blk[1] = LE32(in_blk[1]) ^ l_key[5];
490: blk[2] = LE32(in_blk[2]) ^ l_key[6];
491: blk[3] = LE32(in_blk[3]) ^ l_key[7];
1.1 root 492:
493: i_rnd(7); i_rnd(6); i_rnd(5); i_rnd(4);
494: i_rnd(3); i_rnd(2); i_rnd(1); i_rnd(0);
495:
1.1.1.2 root 496: out_blk[0] = LE32(blk[2] ^ l_key[0]);
497: out_blk[1] = LE32(blk[3] ^ l_key[1]);
498: out_blk[2] = LE32(blk[0] ^ l_key[2]);
499: out_blk[3] = LE32(blk[1] ^ l_key[3]);
1.1 root 500: };
1.1.1.5 root 501:
502: #else // TC_MINIMIZE_CODE_SIZE
503:
504: void i_rnd (int i, TwofishInstance *instance, u4byte *t0, u4byte *t1, u4byte *blk)
505: {
506: u4byte *l_key = instance->l_key;
507:
508: *t1 = g1_fun(blk[1]); *t0 = g0_fun(blk[0]);
509: blk[2] = rotl(blk[2], 1) ^ (*t0 + *t1 + l_key[4 * (i) + 10]);
510: blk[3] = rotr(blk[3] ^ (*t0 + 2 * *t1 + l_key[4 * (i) + 11]), 1);
511: *t1 = g1_fun(blk[3]); *t0 = g0_fun(blk[2]);
512: blk[0] = rotl(blk[0], 1) ^ (*t0 + *t1 + l_key[4 * (i) + 8]);
513: blk[1] = rotr(blk[1] ^ (*t0 + 2 * *t1 + l_key[4 * (i) + 9]), 1);
514: }
515:
516: void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
517: { u4byte t0, t1, blk[4];
518:
519: u4byte *l_key = instance->l_key;
520: int i;
521:
522: blk[0] = LE32(in_blk[0]) ^ l_key[4];
523: blk[1] = LE32(in_blk[1]) ^ l_key[5];
524: blk[2] = LE32(in_blk[2]) ^ l_key[6];
525: blk[3] = LE32(in_blk[3]) ^ l_key[7];
526:
527: for (i = 7; i >= 0; --i)
528: {
529: i_rnd (i, instance, &t0, &t1, blk);
530: }
531:
532: out_blk[0] = LE32(blk[2] ^ l_key[0]);
533: out_blk[1] = LE32(blk[3] ^ l_key[1]);
534: out_blk[2] = LE32(blk[0] ^ l_key[2]);
535: out_blk[3] = LE32(blk[1] ^ l_key[3]);
536: };
537:
538: #endif // TC_MINIMIZE_CODE_SIZE
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.