![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to twofish.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [truecrypt] / truecrypt / crypto|
Return to twofish.c CVS log | Up to [truecrypt] / truecrypt / crypto |
1.1.1.7 root 1: /*
2: ---------------------------------------------------------------------------
3: Copyright (c) 1999, Dr Brian Gladman, Worcester, UK. All rights reserved.
4:
5: LICENSE TERMS
6:
7: The free distribution and use of this software is allowed (with or without
8: changes) provided that:
9:
10: 1. source code distributions include the above copyright notice, this
11: list of conditions and the following disclaimer;
12:
13: 2. binary distributions include the above copyright notice, this list
14: of conditions and the following disclaimer in their documentation;
15:
16: 3. the name of the copyright holder is not used to endorse products
17: built using this software without specific written permission.
18:
19: DISCLAIMER
20:
21: This software is provided 'as is' with no explicit or implied warranties
22: in respect of its properties, including, but not limited to, correctness
23: and/or fitness for purpose.
24: ---------------------------------------------------------------------------
25:
26: My thanks to Doug Whiting and Niels Ferguson for comments that led
27: to improvements in this implementation.
28:
29: Issue Date: 14th January 1999
30: */
1.1 root 31:
1.1.1.8 ! root 32: /* Adapted for TrueCrypt */
1.1 root 33:
1.1.1.7 root 34:
35: #ifdef TC_WINDOWS_BOOT
36: #pragma optimize ("tl", on)
37: #endif
38:
1.1.1.2 root 39: #include "Twofish.h"
1.1.1.4 root 40: #include "Common/Endian.h"
1.1 root 41:
42: #define Q_TABLES
43: #define M_TABLE
44:
1.1.1.7 root 45: #if !defined (TC_MINIMIZE_CODE_SIZE) || defined (TC_WINDOWS_BOOT_TWOFISH)
46: # define MK_TABLE
47: # define ONE_STEP
1.1.1.6 root 48: #endif
1.1 root 49:
50: /* finite field arithmetic for GF(2**8) with the modular */
51: /* polynomial x^8 + x^6 + x^5 + x^3 + 1 (0x169) */
52:
53: #define G_M 0x0169
54:
1.1.1.7 root 55: static u1byte tab_5b[4] = { 0, G_M >> 2, G_M >> 1, (G_M >> 1) ^ (G_M >> 2) };
56: static u1byte tab_ef[4] = { 0, (G_M >> 1) ^ (G_M >> 2), G_M >> 1, G_M >> 2 };
1.1 root 57:
58: #define ffm_01(x) (x)
59: #define ffm_5b(x) ((x) ^ ((x) >> 2) ^ tab_5b[(x) & 3])
60: #define ffm_ef(x) ((x) ^ ((x) >> 1) ^ ((x) >> 2) ^ tab_ef[(x) & 3])
61:
1.1.1.7 root 62: static u1byte ror4[16] = { 0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15 };
63: static u1byte ashx[16] = { 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7 };
1.1 root 64:
1.1.1.7 root 65: static u1byte qt0[2][16] =
1.1 root 66: { { 8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4 },
67: { 2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5 }
68: };
69:
1.1.1.7 root 70: static u1byte qt1[2][16] =
1.1 root 71: { { 14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13 },
72: { 1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8 }
73: };
74:
1.1.1.7 root 75: static u1byte qt2[2][16] =
1.1 root 76: { { 11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1 },
77: { 4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15 }
78: };
79:
1.1.1.7 root 80: static u1byte qt3[2][16] =
1.1 root 81: { { 13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10 },
82: { 11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10 }
83: };
84:
85: static u1byte qp(const u4byte n, const u1byte x)
86: { u1byte a0, a1, a2, a3, a4, b0, b1, b2, b3, b4;
87:
88: a0 = x >> 4; b0 = x & 15;
89: a1 = a0 ^ b0; b1 = ror4[b0] ^ ashx[a0];
90: a2 = qt0[n][a1]; b2 = qt1[n][b1];
91: a3 = a2 ^ b2; b3 = ror4[b2] ^ ashx[a2];
92: a4 = qt2[n][a3]; b4 = qt3[n][b3];
93: return (b4 << 4) | a4;
94: };
95:
96: #ifdef Q_TABLES
97:
1.1.1.7 root 98: static u4byte qt_gen = 0;
99: static u1byte q_tab[2][256];
1.1 root 100:
101: #define q(n,x) q_tab[n][x]
102:
103: static void gen_qtab(void)
104: { u4byte i;
105:
106: for(i = 0; i < 256; ++i)
107: {
108: q(0,i) = qp(0, (u1byte)i);
109: q(1,i) = qp(1, (u1byte)i);
110: }
111: };
112:
113: #else
114:
115: #define q(n,x) qp(n, x)
116:
117: #endif
118:
119: #ifdef M_TABLE
120:
1.1.1.7 root 121: static u4byte mt_gen = 0;
122: static u4byte m_tab[4][256];
1.1 root 123:
124: static void gen_mtab(void)
125: { u4byte i, f01, f5b, fef;
126:
127: for(i = 0; i < 256; ++i)
128: {
129: f01 = q(1,i); f5b = ffm_5b(f01); fef = ffm_ef(f01);
130: m_tab[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);
131: m_tab[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);
132:
133: f01 = q(0,i); f5b = ffm_5b(f01); fef = ffm_ef(f01);
134: m_tab[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);
135: m_tab[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);
136: }
137: };
138:
139: #define mds(n,x) m_tab[n][x]
140:
141: #else
142:
143: #define fm_00 ffm_01
144: #define fm_10 ffm_5b
145: #define fm_20 ffm_ef
146: #define fm_30 ffm_ef
147: #define q_0(x) q(1,x)
148:
149: #define fm_01 ffm_ef
150: #define fm_11 ffm_ef
151: #define fm_21 ffm_5b
152: #define fm_31 ffm_01
153: #define q_1(x) q(0,x)
154:
155: #define fm_02 ffm_5b
156: #define fm_12 ffm_ef
157: #define fm_22 ffm_01
158: #define fm_32 ffm_ef
159: #define q_2(x) q(1,x)
160:
161: #define fm_03 ffm_5b
162: #define fm_13 ffm_01
163: #define fm_23 ffm_ef
164: #define fm_33 ffm_5b
165: #define q_3(x) q(0,x)
166:
167: #define f_0(n,x) ((u4byte)fm_0##n(x))
168: #define f_1(n,x) ((u4byte)fm_1##n(x) << 8)
169: #define f_2(n,x) ((u4byte)fm_2##n(x) << 16)
170: #define f_3(n,x) ((u4byte)fm_3##n(x) << 24)
171:
172: #define mds(n,x) f_0(n,q_##n(x)) ^ f_1(n,q_##n(x)) ^ f_2(n,q_##n(x)) ^ f_3(n,q_##n(x))
173:
174: #endif
175:
176: static u4byte h_fun(TwofishInstance *instance, const u4byte x, const u4byte key[])
177: { u4byte b0, b1, b2, b3;
178:
179: #ifndef M_TABLE
180: u4byte m5b_b0, m5b_b1, m5b_b2, m5b_b3;
181: u4byte mef_b0, mef_b1, mef_b2, mef_b3;
182: #endif
183:
184: b0 = extract_byte(x, 0); b1 = extract_byte(x, 1); b2 = extract_byte(x, 2); b3 = extract_byte(x, 3);
185:
186: switch(instance->k_len)
187: {
1.1.1.6 root 188: case 4: b0 = q(1, (u1byte) b0) ^ extract_byte(key[3],0);
189: b1 = q(0, (u1byte) b1) ^ extract_byte(key[3],1);
190: b2 = q(0, (u1byte) b2) ^ extract_byte(key[3],2);
191: b3 = q(1, (u1byte) b3) ^ extract_byte(key[3],3);
192: case 3: b0 = q(1, (u1byte) b0) ^ extract_byte(key[2],0);
193: b1 = q(1, (u1byte) b1) ^ extract_byte(key[2],1);
194: b2 = q(0, (u1byte) b2) ^ extract_byte(key[2],2);
195: b3 = q(0, (u1byte) b3) ^ extract_byte(key[2],3);
196: case 2: b0 = q(0, (u1byte) (q(0, (u1byte) b0) ^ extract_byte(key[1],0))) ^ extract_byte(key[0],0);
197: b1 = q(0, (u1byte) (q(1, (u1byte) b1) ^ extract_byte(key[1],1))) ^ extract_byte(key[0],1);
198: b2 = q(1, (u1byte) (q(0, (u1byte) b2) ^ extract_byte(key[1],2))) ^ extract_byte(key[0],2);
199: b3 = q(1, (u1byte) (q(1, (u1byte) b3) ^ extract_byte(key[1],3))) ^ extract_byte(key[0],3);
1.1 root 200: }
201: #ifdef M_TABLE
202:
203: return mds(0, b0) ^ mds(1, b1) ^ mds(2, b2) ^ mds(3, b3);
204:
205: #else
206:
1.1.1.6 root 207: b0 = q(1, (u1byte) b0); b1 = q(0, (u1byte) b1); b2 = q(1, (u1byte) b2); b3 = q(0, (u1byte) b3);
1.1 root 208: m5b_b0 = ffm_5b(b0); m5b_b1 = ffm_5b(b1); m5b_b2 = ffm_5b(b2); m5b_b3 = ffm_5b(b3);
209: mef_b0 = ffm_ef(b0); mef_b1 = ffm_ef(b1); mef_b2 = ffm_ef(b2); mef_b3 = ffm_ef(b3);
210: b0 ^= mef_b1 ^ m5b_b2 ^ m5b_b3; b3 ^= m5b_b0 ^ mef_b1 ^ mef_b2;
211: b2 ^= mef_b0 ^ m5b_b1 ^ mef_b3; b1 ^= mef_b0 ^ mef_b2 ^ m5b_b3;
212:
213: return b0 | (b3 << 8) | (b2 << 16) | (b1 << 24);
214:
215: #endif
216: };
217:
218: #ifdef MK_TABLE
219:
220: #ifdef ONE_STEP
221: //u4byte mk_tab[4][256];
222: #else
1.1.1.7 root 223: static u1byte sb[4][256];
1.1 root 224: #endif
225:
226: #define q20(x) q(0,q(0,x) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
227: #define q21(x) q(0,q(1,x) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
228: #define q22(x) q(1,q(0,x) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
229: #define q23(x) q(1,q(1,x) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
230:
231: #define q30(x) q(0,q(0,q(1, x) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
232: #define q31(x) q(0,q(1,q(1, x) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
233: #define q32(x) q(1,q(0,q(0, x) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
234: #define q33(x) q(1,q(1,q(0, x) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
235:
236: #define q40(x) q(0,q(0,q(1, q(1, x) ^ extract_byte(key[3],0)) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
237: #define q41(x) q(0,q(1,q(1, q(0, x) ^ extract_byte(key[3],1)) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
238: #define q42(x) q(1,q(0,q(0, q(0, x) ^ extract_byte(key[3],2)) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
239: #define q43(x) q(1,q(1,q(0, q(1, x) ^ extract_byte(key[3],3)) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
240:
1.1.1.3 root 241: static void gen_mk_tab(TwofishInstance *instance, u4byte key[])
1.1 root 242: { u4byte i;
243: u1byte by;
244:
245: u4byte *mk_tab = instance->mk_tab;
246:
247: switch(instance->k_len)
248: {
249: case 2: for(i = 0; i < 256; ++i)
250: {
251: by = (u1byte)i;
252: #ifdef ONE_STEP
253: mk_tab[0 + 4*i] = mds(0, q20(by)); mk_tab[1 + 4*i] = mds(1, q21(by));
254: mk_tab[2 + 4*i] = mds(2, q22(by)); mk_tab[3 + 4*i] = mds(3, q23(by));
255: #else
256: sb[0][i] = q20(by); sb[1][i] = q21(by);
257: sb[2][i] = q22(by); sb[3][i] = q23(by);
258: #endif
259: }
260: break;
261:
262: case 3: for(i = 0; i < 256; ++i)
263: {
264: by = (u1byte)i;
265: #ifdef ONE_STEP
266: mk_tab[0 + 4*i] = mds(0, q30(by)); mk_tab[1 + 4*i] = mds(1, q31(by));
267: mk_tab[2 + 4*i] = mds(2, q32(by)); mk_tab[3 + 4*i] = mds(3, q33(by));
268: #else
269: sb[0][i] = q30(by); sb[1][i] = q31(by);
270: sb[2][i] = q32(by); sb[3][i] = q33(by);
271: #endif
272: }
273: break;
274:
275: case 4: for(i = 0; i < 256; ++i)
276: {
277: by = (u1byte)i;
278: #ifdef ONE_STEP
279: mk_tab[0 + 4*i] = mds(0, q40(by)); mk_tab[1 + 4*i] = mds(1, q41(by));
280: mk_tab[2 + 4*i] = mds(2, q42(by)); mk_tab[3 + 4*i] = mds(3, q43(by));
281: #else
282: sb[0][i] = q40(by); sb[1][i] = q41(by);
283: sb[2][i] = q42(by); sb[3][i] = q43(by);
284: #endif
285: }
286: }
287: };
288:
289: # ifdef ONE_STEP
290: # define g0_fun(x) ( mk_tab[0 + 4*extract_byte(x,0)] ^ mk_tab[1 + 4*extract_byte(x,1)] \
291: ^ mk_tab[2 + 4*extract_byte(x,2)] ^ mk_tab[3 + 4*extract_byte(x,3)] )
292: # define g1_fun(x) ( mk_tab[0 + 4*extract_byte(x,3)] ^ mk_tab[1 + 4*extract_byte(x,0)] \
293: ^ mk_tab[2 + 4*extract_byte(x,1)] ^ mk_tab[3 + 4*extract_byte(x,2)] )
294:
295:
296: # else
297: # define g0_fun(x) ( mds(0, sb[0][extract_byte(x,0)]) ^ mds(1, sb[1][extract_byte(x,1)]) \
298: ^ mds(2, sb[2][extract_byte(x,2)]) ^ mds(3, sb[3][extract_byte(x,3)]) )
299: # define g1_fun(x) ( mds(0, sb[0][extract_byte(x,3)]) ^ mds(1, sb[1][extract_byte(x,0)]) \
300: ^ mds(2, sb[2][extract_byte(x,1)]) ^ mds(3, sb[3][extract_byte(x,2)]) )
301: # endif
302:
303: #else
304:
1.1.1.6 root 305: #define g0_fun(x) h_fun(instance, x, instance->s_key)
306: #define g1_fun(x) h_fun(instance, rotl(x,8), instance->s_key)
1.1 root 307:
308: #endif
309:
310: /* The (12,8) Reed Soloman code has the generator polynomial
311:
312: g(x) = x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1
313:
314: where the coefficients are in the finite field GF(2^8) with a
315: modular polynomial a^8 + a^6 + a^3 + a^2 + 1. To generate the
316: remainder we have to start with a 12th order polynomial with our
317: eight input bytes as the coefficients of the 4th to 11th terms.
318: That is:
319:
320: m[7] * x^11 + m[6] * x^10 ... + m[0] * x^4 + 0 * x^3 +... + 0
321:
322: We then multiply the generator polynomial by m[7] * x^7 and subtract
323: it - xor in GF(2^8) - from the above to eliminate the x^7 term (the
324: artihmetic on the coefficients is done in GF(2^8). We then multiply
325: the generator polynomial by x^6 * coeff(x^10) and use this to remove
326: the x^10 term. We carry on in this way until the x^4 term is removed
327: so that we are left with:
328:
329: r[3] * x^3 + r[2] * x^2 + r[1] 8 x^1 + r[0]
330:
331: which give the resulting 4 bytes of the remainder. This is equivalent
332: to the matrix multiplication in the Twofish description but much faster
333: to implement.
334:
335: */
336:
337: #define G_MOD 0x0000014d
338:
339: static u4byte mds_rem(u4byte p0, u4byte p1)
340: { u4byte i, t, u;
341:
342: for(i = 0; i < 8; ++i)
343: {
344: t = p1 >> 24; // get most significant coefficient
345:
346: p1 = (p1 << 8) | (p0 >> 24); p0 <<= 8; // shift others up
347:
348: // multiply t by a (the primitive element - i.e. left shift)
349:
350: u = (t << 1);
351:
352: if(t & 0x80) // subtract modular polynomial on overflow
353:
354: u ^= G_MOD;
355:
356: p1 ^= t ^ (u << 16); // remove t * (a * x^2 + 1)
357:
358: u ^= (t >> 1); // form u = a * t + t / a = t * (a + 1 / a);
359:
360: if(t & 0x01) // add the modular polynomial on underflow
361:
362: u ^= G_MOD >> 1;
363:
364: p1 ^= (u << 24) | (u << 8); // remove t * (a + 1/a) * (x^3 + x)
365: }
366:
367: return p1;
368: };
369:
370: /* initialise the key schedule from the user supplied key */
371:
372: u4byte *twofish_set_key(TwofishInstance *instance, const u4byte in_key[], const u4byte key_len)
373: { u4byte i, a, b, me_key[4], mo_key[4];
374: u4byte *l_key, *s_key;
375:
376: l_key = instance->l_key;
377: s_key = instance->s_key;
378:
379: #ifdef Q_TABLES
380: if(!qt_gen)
381: {
382: gen_qtab(); qt_gen = 1;
383: }
384: #endif
385:
386: #ifdef M_TABLE
387: if(!mt_gen)
388: {
389: gen_mtab(); mt_gen = 1;
390: }
391: #endif
392:
393: instance->k_len = key_len / 64; /* 2, 3 or 4 */
394:
395: for(i = 0; i < instance->k_len; ++i)
396: {
1.1.1.2 root 397: a = LE32(in_key[i + i]); me_key[i] = a;
398: b = LE32(in_key[i + i + 1]); mo_key[i] = b;
1.1 root 399: s_key[instance->k_len - i - 1] = mds_rem(a, b);
400: }
401:
402: for(i = 0; i < 40; i += 2)
403: {
404: a = 0x01010101 * i; b = a + 0x01010101;
405: a = h_fun(instance, a, me_key);
406: b = rotl(h_fun(instance, b, mo_key), 8);
407: l_key[i] = a + b;
408: l_key[i + 1] = rotl(a + 2 * b, 9);
409: }
410:
411: #ifdef MK_TABLE
412: gen_mk_tab(instance, s_key);
413: #endif
414:
415: return l_key;
416: };
417:
418: /* encrypt a block of text */
419:
1.1.1.5 root 420: #ifndef TC_MINIMIZE_CODE_SIZE
421:
1.1 root 422: #define f_rnd(i) \
423: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
424: blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1); \
425: blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]); \
426: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
427: blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1); \
428: blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11])
429:
430: void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
431: { u4byte t0, t1, blk[4];
432:
433: u4byte *l_key = instance->l_key;
434: u4byte *mk_tab = instance->mk_tab;
435:
1.1.1.2 root 436: blk[0] = LE32(in_blk[0]) ^ l_key[0];
437: blk[1] = LE32(in_blk[1]) ^ l_key[1];
438: blk[2] = LE32(in_blk[2]) ^ l_key[2];
439: blk[3] = LE32(in_blk[3]) ^ l_key[3];
1.1 root 440:
441: f_rnd(0); f_rnd(1); f_rnd(2); f_rnd(3);
442: f_rnd(4); f_rnd(5); f_rnd(6); f_rnd(7);
443:
1.1.1.2 root 444: out_blk[0] = LE32(blk[2] ^ l_key[4]);
445: out_blk[1] = LE32(blk[3] ^ l_key[5]);
446: out_blk[2] = LE32(blk[0] ^ l_key[6]);
447: out_blk[3] = LE32(blk[1] ^ l_key[7]);
1.1 root 448: };
449:
1.1.1.5 root 450: #else // TC_MINIMIZE_CODE_SIZE
451:
452: void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
453: { u4byte t0, t1, blk[4];
454:
455: u4byte *l_key = instance->l_key;
1.1.1.7 root 456: #ifdef TC_WINDOWS_BOOT_TWOFISH
457: u4byte *mk_tab = instance->mk_tab;
458: #endif
1.1.1.5 root 459: int i;
460:
461: blk[0] = LE32(in_blk[0]) ^ l_key[0];
462: blk[1] = LE32(in_blk[1]) ^ l_key[1];
463: blk[2] = LE32(in_blk[2]) ^ l_key[2];
464: blk[3] = LE32(in_blk[3]) ^ l_key[3];
465:
466: for (i = 0; i <= 7; ++i)
467: {
1.1.1.7 root 468: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);
469: blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1);
470: blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]);
471: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);
472: blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1);
473: blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]);
1.1.1.5 root 474: }
475:
476: out_blk[0] = LE32(blk[2] ^ l_key[4]);
477: out_blk[1] = LE32(blk[3] ^ l_key[5]);
478: out_blk[2] = LE32(blk[0] ^ l_key[6]);
479: out_blk[3] = LE32(blk[1] ^ l_key[7]);
480: };
481:
482: #endif // TC_MINIMIZE_CODE_SIZE
483:
1.1 root 484: /* decrypt a block of text */
485:
1.1.1.5 root 486: #ifndef TC_MINIMIZE_CODE_SIZE
487:
1.1 root 488: #define i_rnd(i) \
489: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
490: blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]); \
491: blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1); \
492: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
493: blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]); \
494: blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1)
495:
496: void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
497: { u4byte t0, t1, blk[4];
498:
499: u4byte *l_key = instance->l_key;
500: u4byte *mk_tab = instance->mk_tab;
501:
1.1.1.2 root 502: blk[0] = LE32(in_blk[0]) ^ l_key[4];
503: blk[1] = LE32(in_blk[1]) ^ l_key[5];
504: blk[2] = LE32(in_blk[2]) ^ l_key[6];
505: blk[3] = LE32(in_blk[3]) ^ l_key[7];
1.1 root 506:
507: i_rnd(7); i_rnd(6); i_rnd(5); i_rnd(4);
508: i_rnd(3); i_rnd(2); i_rnd(1); i_rnd(0);
509:
1.1.1.2 root 510: out_blk[0] = LE32(blk[2] ^ l_key[0]);
511: out_blk[1] = LE32(blk[3] ^ l_key[1]);
512: out_blk[2] = LE32(blk[0] ^ l_key[2]);
513: out_blk[3] = LE32(blk[1] ^ l_key[3]);
1.1 root 514: };
1.1.1.5 root 515:
516: #else // TC_MINIMIZE_CODE_SIZE
517:
518: void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
519: { u4byte t0, t1, blk[4];
520:
521: u4byte *l_key = instance->l_key;
1.1.1.7 root 522: #ifdef TC_WINDOWS_BOOT_TWOFISH
523: u4byte *mk_tab = instance->mk_tab;
524: #endif
1.1.1.5 root 525: int i;
526:
527: blk[0] = LE32(in_blk[0]) ^ l_key[4];
528: blk[1] = LE32(in_blk[1]) ^ l_key[5];
529: blk[2] = LE32(in_blk[2]) ^ l_key[6];
530: blk[3] = LE32(in_blk[3]) ^ l_key[7];
531:
532: for (i = 7; i >= 0; --i)
533: {
1.1.1.7 root 534: t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);
535: blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]);
536: blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1);
537: t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);
538: blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]);
539: blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1);
1.1.1.5 root 540: }
541:
542: out_blk[0] = LE32(blk[2] ^ l_key[0]);
543: out_blk[1] = LE32(blk[3] ^ l_key[1]);
544: out_blk[2] = LE32(blk[0] ^ l_key[2]);
545: out_blk[3] = LE32(blk[1] ^ l_key[3]);
546: };
547:
548: #endif // TC_MINIMIZE_CODE_SIZE
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.