![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to twofish.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [truecrypt] / truecrypt / crypto|
Return to twofish.c CVS log | Up to [truecrypt] / truecrypt / crypto |
1.1.1.7 ! root 1: /* ! 2: --------------------------------------------------------------------------- ! 3: Copyright (c) 1999, Dr Brian Gladman, Worcester, UK. All rights reserved. ! 4: ! 5: LICENSE TERMS ! 6: ! 7: The free distribution and use of this software is allowed (with or without ! 8: changes) provided that: ! 9: ! 10: 1. source code distributions include the above copyright notice, this ! 11: list of conditions and the following disclaimer; ! 12: ! 13: 2. binary distributions include the above copyright notice, this list ! 14: of conditions and the following disclaimer in their documentation; ! 15: ! 16: 3. the name of the copyright holder is not used to endorse products ! 17: built using this software without specific written permission. ! 18: ! 19: DISCLAIMER ! 20: ! 21: This software is provided 'as is' with no explicit or implied warranties ! 22: in respect of its properties, including, but not limited to, correctness ! 23: and/or fitness for purpose. ! 24: --------------------------------------------------------------------------- ! 25: ! 26: My thanks to Doug Whiting and Niels Ferguson for comments that led ! 27: to improvements in this implementation. ! 28: ! 29: Issue Date: 14th January 1999 ! 30: */ 1.1 root 31: 1.1.1.2 root 32: /* Adapted for TrueCrypt by the TrueCrypt Foundation */ 1.1 root 33: 1.1.1.7 ! root 34: ! 35: #ifdef TC_WINDOWS_BOOT ! 36: #pragma optimize ("tl", on) ! 37: #endif ! 38: 1.1.1.2 root 39: #include "Twofish.h" 1.1.1.4 root 40: #include "Common/Endian.h" 1.1 root 41: 42: #define Q_TABLES 43: #define M_TABLE 44: 1.1.1.7 ! root 45: #if !defined (TC_MINIMIZE_CODE_SIZE) || defined (TC_WINDOWS_BOOT_TWOFISH) ! 46: # define MK_TABLE ! 47: # define ONE_STEP 1.1.1.6 root 48: #endif 1.1 root 49: 50: /* finite field arithmetic for GF(2**8) with the modular */ 51: /* polynomial x^8 + x^6 + x^5 + x^3 + 1 (0x169) */ 52: 53: #define G_M 0x0169 54: 1.1.1.7 ! root 55: static u1byte tab_5b[4] = { 0, G_M >> 2, G_M >> 1, (G_M >> 1) ^ (G_M >> 2) }; ! 56: static u1byte tab_ef[4] = { 0, (G_M >> 1) ^ (G_M >> 2), G_M >> 1, G_M >> 2 }; 1.1 root 57: 58: #define ffm_01(x) (x) 59: #define ffm_5b(x) ((x) ^ ((x) >> 2) ^ tab_5b[(x) & 3]) 60: #define ffm_ef(x) ((x) ^ ((x) >> 1) ^ ((x) >> 2) ^ tab_ef[(x) & 3]) 61: 1.1.1.7 ! root 62: static u1byte ror4[16] = { 0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15 }; ! 63: static u1byte ashx[16] = { 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7 }; 1.1 root 64: 1.1.1.7 ! root 65: static u1byte qt0[2][16] = 1.1 root 66: { { 8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4 }, 67: { 2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5 } 68: }; 69: 1.1.1.7 ! root 70: static u1byte qt1[2][16] = 1.1 root 71: { { 14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13 }, 72: { 1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8 } 73: }; 74: 1.1.1.7 ! root 75: static u1byte qt2[2][16] = 1.1 root 76: { { 11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1 }, 77: { 4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15 } 78: }; 79: 1.1.1.7 ! root 80: static u1byte qt3[2][16] = 1.1 root 81: { { 13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10 }, 82: { 11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10 } 83: }; 84: 85: static u1byte qp(const u4byte n, const u1byte x) 86: { u1byte a0, a1, a2, a3, a4, b0, b1, b2, b3, b4; 87: 88: a0 = x >> 4; b0 = x & 15; 89: a1 = a0 ^ b0; b1 = ror4[b0] ^ ashx[a0]; 90: a2 = qt0[n][a1]; b2 = qt1[n][b1]; 91: a3 = a2 ^ b2; b3 = ror4[b2] ^ ashx[a2]; 92: a4 = qt2[n][a3]; b4 = qt3[n][b3]; 93: return (b4 << 4) | a4; 94: }; 95: 96: #ifdef Q_TABLES 97: 1.1.1.7 ! root 98: static u4byte qt_gen = 0; ! 99: static u1byte q_tab[2][256]; 1.1 root 100: 101: #define q(n,x) q_tab[n][x] 102: 103: static void gen_qtab(void) 104: { u4byte i; 105: 106: for(i = 0; i < 256; ++i) 107: { 108: q(0,i) = qp(0, (u1byte)i); 109: q(1,i) = qp(1, (u1byte)i); 110: } 111: }; 112: 113: #else 114: 115: #define q(n,x) qp(n, x) 116: 117: #endif 118: 119: #ifdef M_TABLE 120: 1.1.1.7 ! root 121: static u4byte mt_gen = 0; ! 122: static u4byte m_tab[4][256]; 1.1 root 123: 124: static void gen_mtab(void) 125: { u4byte i, f01, f5b, fef; 126: 127: for(i = 0; i < 256; ++i) 128: { 129: f01 = q(1,i); f5b = ffm_5b(f01); fef = ffm_ef(f01); 130: m_tab[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); 131: m_tab[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); 132: 133: f01 = q(0,i); f5b = ffm_5b(f01); fef = ffm_ef(f01); 134: m_tab[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); 135: m_tab[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); 136: } 137: }; 138: 139: #define mds(n,x) m_tab[n][x] 140: 141: #else 142: 143: #define fm_00 ffm_01 144: #define fm_10 ffm_5b 145: #define fm_20 ffm_ef 146: #define fm_30 ffm_ef 147: #define q_0(x) q(1,x) 148: 149: #define fm_01 ffm_ef 150: #define fm_11 ffm_ef 151: #define fm_21 ffm_5b 152: #define fm_31 ffm_01 153: #define q_1(x) q(0,x) 154: 155: #define fm_02 ffm_5b 156: #define fm_12 ffm_ef 157: #define fm_22 ffm_01 158: #define fm_32 ffm_ef 159: #define q_2(x) q(1,x) 160: 161: #define fm_03 ffm_5b 162: #define fm_13 ffm_01 163: #define fm_23 ffm_ef 164: #define fm_33 ffm_5b 165: #define q_3(x) q(0,x) 166: 167: #define f_0(n,x) ((u4byte)fm_0##n(x)) 168: #define f_1(n,x) ((u4byte)fm_1##n(x) << 8) 169: #define f_2(n,x) ((u4byte)fm_2##n(x) << 16) 170: #define f_3(n,x) ((u4byte)fm_3##n(x) << 24) 171: 172: #define mds(n,x) f_0(n,q_##n(x)) ^ f_1(n,q_##n(x)) ^ f_2(n,q_##n(x)) ^ f_3(n,q_##n(x)) 173: 174: #endif 175: 176: static u4byte h_fun(TwofishInstance *instance, const u4byte x, const u4byte key[]) 177: { u4byte b0, b1, b2, b3; 178: 179: #ifndef M_TABLE 180: u4byte m5b_b0, m5b_b1, m5b_b2, m5b_b3; 181: u4byte mef_b0, mef_b1, mef_b2, mef_b3; 182: #endif 183: 184: b0 = extract_byte(x, 0); b1 = extract_byte(x, 1); b2 = extract_byte(x, 2); b3 = extract_byte(x, 3); 185: 186: switch(instance->k_len) 187: { 1.1.1.6 root 188: case 4: b0 = q(1, (u1byte) b0) ^ extract_byte(key[3],0); 189: b1 = q(0, (u1byte) b1) ^ extract_byte(key[3],1); 190: b2 = q(0, (u1byte) b2) ^ extract_byte(key[3],2); 191: b3 = q(1, (u1byte) b3) ^ extract_byte(key[3],3); 192: case 3: b0 = q(1, (u1byte) b0) ^ extract_byte(key[2],0); 193: b1 = q(1, (u1byte) b1) ^ extract_byte(key[2],1); 194: b2 = q(0, (u1byte) b2) ^ extract_byte(key[2],2); 195: b3 = q(0, (u1byte) b3) ^ extract_byte(key[2],3); 196: case 2: b0 = q(0, (u1byte) (q(0, (u1byte) b0) ^ extract_byte(key[1],0))) ^ extract_byte(key[0],0); 197: b1 = q(0, (u1byte) (q(1, (u1byte) b1) ^ extract_byte(key[1],1))) ^ extract_byte(key[0],1); 198: b2 = q(1, (u1byte) (q(0, (u1byte) b2) ^ extract_byte(key[1],2))) ^ extract_byte(key[0],2); 199: b3 = q(1, (u1byte) (q(1, (u1byte) b3) ^ extract_byte(key[1],3))) ^ extract_byte(key[0],3); 1.1 root 200: } 201: #ifdef M_TABLE 202: 203: return mds(0, b0) ^ mds(1, b1) ^ mds(2, b2) ^ mds(3, b3); 204: 205: #else 206: 1.1.1.6 root 207: b0 = q(1, (u1byte) b0); b1 = q(0, (u1byte) b1); b2 = q(1, (u1byte) b2); b3 = q(0, (u1byte) b3); 1.1 root 208: m5b_b0 = ffm_5b(b0); m5b_b1 = ffm_5b(b1); m5b_b2 = ffm_5b(b2); m5b_b3 = ffm_5b(b3); 209: mef_b0 = ffm_ef(b0); mef_b1 = ffm_ef(b1); mef_b2 = ffm_ef(b2); mef_b3 = ffm_ef(b3); 210: b0 ^= mef_b1 ^ m5b_b2 ^ m5b_b3; b3 ^= m5b_b0 ^ mef_b1 ^ mef_b2; 211: b2 ^= mef_b0 ^ m5b_b1 ^ mef_b3; b1 ^= mef_b0 ^ mef_b2 ^ m5b_b3; 212: 213: return b0 | (b3 << 8) | (b2 << 16) | (b1 << 24); 214: 215: #endif 216: }; 217: 218: #ifdef MK_TABLE 219: 220: #ifdef ONE_STEP 221: //u4byte mk_tab[4][256]; 222: #else 1.1.1.7 ! root 223: static u1byte sb[4][256]; 1.1 root 224: #endif 225: 226: #define q20(x) q(0,q(0,x) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0) 227: #define q21(x) q(0,q(1,x) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1) 228: #define q22(x) q(1,q(0,x) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2) 229: #define q23(x) q(1,q(1,x) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3) 230: 231: #define q30(x) q(0,q(0,q(1, x) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0) 232: #define q31(x) q(0,q(1,q(1, x) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1) 233: #define q32(x) q(1,q(0,q(0, x) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2) 234: #define q33(x) q(1,q(1,q(0, x) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3) 235: 236: #define q40(x) q(0,q(0,q(1, q(1, x) ^ extract_byte(key[3],0)) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0) 237: #define q41(x) q(0,q(1,q(1, q(0, x) ^ extract_byte(key[3],1)) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1) 238: #define q42(x) q(1,q(0,q(0, q(0, x) ^ extract_byte(key[3],2)) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2) 239: #define q43(x) q(1,q(1,q(0, q(1, x) ^ extract_byte(key[3],3)) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3) 240: 1.1.1.3 root 241: static void gen_mk_tab(TwofishInstance *instance, u4byte key[]) 1.1 root 242: { u4byte i; 243: u1byte by; 244: 245: u4byte *mk_tab = instance->mk_tab; 246: 247: switch(instance->k_len) 248: { 249: case 2: for(i = 0; i < 256; ++i) 250: { 251: by = (u1byte)i; 252: #ifdef ONE_STEP 253: mk_tab[0 + 4*i] = mds(0, q20(by)); mk_tab[1 + 4*i] = mds(1, q21(by)); 254: mk_tab[2 + 4*i] = mds(2, q22(by)); mk_tab[3 + 4*i] = mds(3, q23(by)); 255: #else 256: sb[0][i] = q20(by); sb[1][i] = q21(by); 257: sb[2][i] = q22(by); sb[3][i] = q23(by); 258: #endif 259: } 260: break; 261: 262: case 3: for(i = 0; i < 256; ++i) 263: { 264: by = (u1byte)i; 265: #ifdef ONE_STEP 266: mk_tab[0 + 4*i] = mds(0, q30(by)); mk_tab[1 + 4*i] = mds(1, q31(by)); 267: mk_tab[2 + 4*i] = mds(2, q32(by)); mk_tab[3 + 4*i] = mds(3, q33(by)); 268: #else 269: sb[0][i] = q30(by); sb[1][i] = q31(by); 270: sb[2][i] = q32(by); sb[3][i] = q33(by); 271: #endif 272: } 273: break; 274: 275: case 4: for(i = 0; i < 256; ++i) 276: { 277: by = (u1byte)i; 278: #ifdef ONE_STEP 279: mk_tab[0 + 4*i] = mds(0, q40(by)); mk_tab[1 + 4*i] = mds(1, q41(by)); 280: mk_tab[2 + 4*i] = mds(2, q42(by)); mk_tab[3 + 4*i] = mds(3, q43(by)); 281: #else 282: sb[0][i] = q40(by); sb[1][i] = q41(by); 283: sb[2][i] = q42(by); sb[3][i] = q43(by); 284: #endif 285: } 286: } 287: }; 288: 289: # ifdef ONE_STEP 290: # define g0_fun(x) ( mk_tab[0 + 4*extract_byte(x,0)] ^ mk_tab[1 + 4*extract_byte(x,1)] \ 291: ^ mk_tab[2 + 4*extract_byte(x,2)] ^ mk_tab[3 + 4*extract_byte(x,3)] ) 292: # define g1_fun(x) ( mk_tab[0 + 4*extract_byte(x,3)] ^ mk_tab[1 + 4*extract_byte(x,0)] \ 293: ^ mk_tab[2 + 4*extract_byte(x,1)] ^ mk_tab[3 + 4*extract_byte(x,2)] ) 294: 295: 296: # else 297: # define g0_fun(x) ( mds(0, sb[0][extract_byte(x,0)]) ^ mds(1, sb[1][extract_byte(x,1)]) \ 298: ^ mds(2, sb[2][extract_byte(x,2)]) ^ mds(3, sb[3][extract_byte(x,3)]) ) 299: # define g1_fun(x) ( mds(0, sb[0][extract_byte(x,3)]) ^ mds(1, sb[1][extract_byte(x,0)]) \ 300: ^ mds(2, sb[2][extract_byte(x,1)]) ^ mds(3, sb[3][extract_byte(x,2)]) ) 301: # endif 302: 303: #else 304: 1.1.1.6 root 305: #define g0_fun(x) h_fun(instance, x, instance->s_key) 306: #define g1_fun(x) h_fun(instance, rotl(x,8), instance->s_key) 1.1 root 307: 308: #endif 309: 310: /* The (12,8) Reed Soloman code has the generator polynomial 311: 312: g(x) = x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1 313: 314: where the coefficients are in the finite field GF(2^8) with a 315: modular polynomial a^8 + a^6 + a^3 + a^2 + 1. To generate the 316: remainder we have to start with a 12th order polynomial with our 317: eight input bytes as the coefficients of the 4th to 11th terms. 318: That is: 319: 320: m[7] * x^11 + m[6] * x^10 ... + m[0] * x^4 + 0 * x^3 +... + 0 321: 322: We then multiply the generator polynomial by m[7] * x^7 and subtract 323: it - xor in GF(2^8) - from the above to eliminate the x^7 term (the 324: artihmetic on the coefficients is done in GF(2^8). We then multiply 325: the generator polynomial by x^6 * coeff(x^10) and use this to remove 326: the x^10 term. We carry on in this way until the x^4 term is removed 327: so that we are left with: 328: 329: r[3] * x^3 + r[2] * x^2 + r[1] 8 x^1 + r[0] 330: 331: which give the resulting 4 bytes of the remainder. This is equivalent 332: to the matrix multiplication in the Twofish description but much faster 333: to implement. 334: 335: */ 336: 337: #define G_MOD 0x0000014d 338: 339: static u4byte mds_rem(u4byte p0, u4byte p1) 340: { u4byte i, t, u; 341: 342: for(i = 0; i < 8; ++i) 343: { 344: t = p1 >> 24; // get most significant coefficient 345: 346: p1 = (p1 << 8) | (p0 >> 24); p0 <<= 8; // shift others up 347: 348: // multiply t by a (the primitive element - i.e. left shift) 349: 350: u = (t << 1); 351: 352: if(t & 0x80) // subtract modular polynomial on overflow 353: 354: u ^= G_MOD; 355: 356: p1 ^= t ^ (u << 16); // remove t * (a * x^2 + 1) 357: 358: u ^= (t >> 1); // form u = a * t + t / a = t * (a + 1 / a); 359: 360: if(t & 0x01) // add the modular polynomial on underflow 361: 362: u ^= G_MOD >> 1; 363: 364: p1 ^= (u << 24) | (u << 8); // remove t * (a + 1/a) * (x^3 + x) 365: } 366: 367: return p1; 368: }; 369: 370: /* initialise the key schedule from the user supplied key */ 371: 372: u4byte *twofish_set_key(TwofishInstance *instance, const u4byte in_key[], const u4byte key_len) 373: { u4byte i, a, b, me_key[4], mo_key[4]; 374: u4byte *l_key, *s_key; 375: 376: l_key = instance->l_key; 377: s_key = instance->s_key; 378: 379: #ifdef Q_TABLES 380: if(!qt_gen) 381: { 382: gen_qtab(); qt_gen = 1; 383: } 384: #endif 385: 386: #ifdef M_TABLE 387: if(!mt_gen) 388: { 389: gen_mtab(); mt_gen = 1; 390: } 391: #endif 392: 393: instance->k_len = key_len / 64; /* 2, 3 or 4 */ 394: 395: for(i = 0; i < instance->k_len; ++i) 396: { 1.1.1.2 root 397: a = LE32(in_key[i + i]); me_key[i] = a; 398: b = LE32(in_key[i + i + 1]); mo_key[i] = b; 1.1 root 399: s_key[instance->k_len - i - 1] = mds_rem(a, b); 400: } 401: 402: for(i = 0; i < 40; i += 2) 403: { 404: a = 0x01010101 * i; b = a + 0x01010101; 405: a = h_fun(instance, a, me_key); 406: b = rotl(h_fun(instance, b, mo_key), 8); 407: l_key[i] = a + b; 408: l_key[i + 1] = rotl(a + 2 * b, 9); 409: } 410: 411: #ifdef MK_TABLE 412: gen_mk_tab(instance, s_key); 413: #endif 414: 415: return l_key; 416: }; 417: 418: /* encrypt a block of text */ 419: 1.1.1.5 root 420: #ifndef TC_MINIMIZE_CODE_SIZE 421: 1.1 root 422: #define f_rnd(i) \ 423: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \ 424: blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1); \ 425: blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]); \ 426: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \ 427: blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1); \ 428: blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]) 429: 430: void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[]) 431: { u4byte t0, t1, blk[4]; 432: 433: u4byte *l_key = instance->l_key; 434: u4byte *mk_tab = instance->mk_tab; 435: 1.1.1.2 root 436: blk[0] = LE32(in_blk[0]) ^ l_key[0]; 437: blk[1] = LE32(in_blk[1]) ^ l_key[1]; 438: blk[2] = LE32(in_blk[2]) ^ l_key[2]; 439: blk[3] = LE32(in_blk[3]) ^ l_key[3]; 1.1 root 440: 441: f_rnd(0); f_rnd(1); f_rnd(2); f_rnd(3); 442: f_rnd(4); f_rnd(5); f_rnd(6); f_rnd(7); 443: 1.1.1.2 root 444: out_blk[0] = LE32(blk[2] ^ l_key[4]); 445: out_blk[1] = LE32(blk[3] ^ l_key[5]); 446: out_blk[2] = LE32(blk[0] ^ l_key[6]); 447: out_blk[3] = LE32(blk[1] ^ l_key[7]); 1.1 root 448: }; 449: 1.1.1.5 root 450: #else // TC_MINIMIZE_CODE_SIZE 451: 452: void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[]) 453: { u4byte t0, t1, blk[4]; 454: 455: u4byte *l_key = instance->l_key; 1.1.1.7 ! root 456: #ifdef TC_WINDOWS_BOOT_TWOFISH ! 457: u4byte *mk_tab = instance->mk_tab; ! 458: #endif 1.1.1.5 root 459: int i; 460: 461: blk[0] = LE32(in_blk[0]) ^ l_key[0]; 462: blk[1] = LE32(in_blk[1]) ^ l_key[1]; 463: blk[2] = LE32(in_blk[2]) ^ l_key[2]; 464: blk[3] = LE32(in_blk[3]) ^ l_key[3]; 465: 466: for (i = 0; i <= 7; ++i) 467: { 1.1.1.7 ! root 468: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); ! 469: blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1); ! 470: blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]); ! 471: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); ! 472: blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1); ! 473: blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]); 1.1.1.5 root 474: } 475: 476: out_blk[0] = LE32(blk[2] ^ l_key[4]); 477: out_blk[1] = LE32(blk[3] ^ l_key[5]); 478: out_blk[2] = LE32(blk[0] ^ l_key[6]); 479: out_blk[3] = LE32(blk[1] ^ l_key[7]); 480: }; 481: 482: #endif // TC_MINIMIZE_CODE_SIZE 483: 1.1 root 484: /* decrypt a block of text */ 485: 1.1.1.5 root 486: #ifndef TC_MINIMIZE_CODE_SIZE 487: 1.1 root 488: #define i_rnd(i) \ 489: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \ 490: blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]); \ 491: blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1); \ 492: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \ 493: blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]); \ 494: blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1) 495: 496: void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4]) 497: { u4byte t0, t1, blk[4]; 498: 499: u4byte *l_key = instance->l_key; 500: u4byte *mk_tab = instance->mk_tab; 501: 1.1.1.2 root 502: blk[0] = LE32(in_blk[0]) ^ l_key[4]; 503: blk[1] = LE32(in_blk[1]) ^ l_key[5]; 504: blk[2] = LE32(in_blk[2]) ^ l_key[6]; 505: blk[3] = LE32(in_blk[3]) ^ l_key[7]; 1.1 root 506: 507: i_rnd(7); i_rnd(6); i_rnd(5); i_rnd(4); 508: i_rnd(3); i_rnd(2); i_rnd(1); i_rnd(0); 509: 1.1.1.2 root 510: out_blk[0] = LE32(blk[2] ^ l_key[0]); 511: out_blk[1] = LE32(blk[3] ^ l_key[1]); 512: out_blk[2] = LE32(blk[0] ^ l_key[2]); 513: out_blk[3] = LE32(blk[1] ^ l_key[3]); 1.1 root 514: }; 1.1.1.5 root 515: 516: #else // TC_MINIMIZE_CODE_SIZE 517: 518: void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4]) 519: { u4byte t0, t1, blk[4]; 520: 521: u4byte *l_key = instance->l_key; 1.1.1.7 ! root 522: #ifdef TC_WINDOWS_BOOT_TWOFISH ! 523: u4byte *mk_tab = instance->mk_tab; ! 524: #endif 1.1.1.5 root 525: int i; 526: 527: blk[0] = LE32(in_blk[0]) ^ l_key[4]; 528: blk[1] = LE32(in_blk[1]) ^ l_key[5]; 529: blk[2] = LE32(in_blk[2]) ^ l_key[6]; 530: blk[3] = LE32(in_blk[3]) ^ l_key[7]; 531: 532: for (i = 7; i >= 0; --i) 533: { 1.1.1.7 ! root 534: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); ! 535: blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]); ! 536: blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1); ! 537: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); ! 538: blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]); ! 539: blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1); 1.1.1.5 root 540: } 541: 542: out_blk[0] = LE32(blk[2] ^ l_key[0]); 543: out_blk[1] = LE32(blk[3] ^ l_key[1]); 544: out_blk[2] = LE32(blk[0] ^ l_key[2]); 545: out_blk[3] = LE32(blk[1] ^ l_key[3]); 546: }; 547: 548: #endif // TC_MINIMIZE_CODE_SIZE
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.