search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add phnxdeco with debian patch set (version 0.33-3).
[delutions.git] / tc / crypto / Twofish.c
blob7ba10c659575225c6c2031763e276f73eda8b59c
1 /*
2 ---------------------------------------------------------------------------
3 Copyright (c) 1999, Dr Brian Gladman, Worcester, UK. All rights reserved.
4
5 LICENSE TERMS
6
7 The free distribution and use of this software is allowed (with or without
8 changes) provided that:
9
10 1. source code distributions include the above copyright notice, this
11 list of conditions and the following disclaimer;
12
13 2. binary distributions include the above copyright notice, this list
14 of conditions and the following disclaimer in their documentation;
15
16 3. the name of the copyright holder is not used to endorse products
17 built using this software without specific written permission.
18
19 DISCLAIMER
20
21 This software is provided 'as is' with no explicit or implied warranties
22 in respect of its properties, including, but not limited to, correctness
23 and/or fitness for purpose.
24 ---------------------------------------------------------------------------
25
26 My thanks to Doug Whiting and Niels Ferguson for comments that led
27 to improvements in this implementation.
28
29 Issue Date: 14th January 1999
30 */
31
32 /* Adapted for TrueCrypt by the TrueCrypt Foundation */
33
34
35 #ifdef TC_WINDOWS_BOOT
36 #pragma optimize ("tl", on)
37 #endif
38
39 #include "Twofish.h"
40 #include "Common/Endian.h"
41
42 #define Q_TABLES
43 #define M_TABLE
44
45 #if !defined (TC_MINIMIZE_CODE_SIZE) || defined (TC_WINDOWS_BOOT_TWOFISH)
46 # define MK_TABLE
47 # define ONE_STEP
48 #endif
49
50 /* finite field arithmetic for GF(2**8) with the modular */
51 /* polynomial x^8 + x^6 + x^5 + x^3 + 1 (0x169) */
52
53 #define G_M 0x0169
54
55 static u1byte tab_5b[4] = { 0, G_M >> 2, G_M >> 1, (G_M >> 1) ^ (G_M >> 2) };
56 static u1byte tab_ef[4] = { 0, (G_M >> 1) ^ (G_M >> 2), G_M >> 1, G_M >> 2 };
57
58 #define ffm_01(x) (x)
59 #define ffm_5b(x) ((x) ^ ((x) >> 2) ^ tab_5b[(x) & 3])
60 #define ffm_ef(x) ((x) ^ ((x) >> 1) ^ ((x) >> 2) ^ tab_ef[(x) & 3])
61
62 static u1byte ror4[16] = { 0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15 };
63 static u1byte ashx[16] = { 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7 };
64
65 static u1byte qt0[2][16] =
66 { { 8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4 },
67 { 2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5 }
68 };
69
70 static u1byte qt1[2][16] =
71 { { 14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13 },
72 { 1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8 }
73 };
74
75 static u1byte qt2[2][16] =
76 { { 11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1 },
77 { 4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15 }
78 };
79
80 static u1byte qt3[2][16] =
81 { { 13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10 },
82 { 11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10 }
83 };
84
85 static u1byte qp(const u4byte n, const u1byte x)
86 { u1byte a0, a1, a2, a3, a4, b0, b1, b2, b3, b4;
87
88 a0 = x >> 4; b0 = x & 15;
89 a1 = a0 ^ b0; b1 = ror4[b0] ^ ashx[a0];
90 a2 = qt0[n][a1]; b2 = qt1[n][b1];
91 a3 = a2 ^ b2; b3 = ror4[b2] ^ ashx[a2];
92 a4 = qt2[n][a3]; b4 = qt3[n][b3];
93 return (b4 << 4) | a4;
94 };
95
96 #ifdef Q_TABLES
97
98 static u4byte qt_gen = 0;
99 static u1byte q_tab[2][256];
100
101 #define q(n,x) q_tab[n][x]
102
103 static void gen_qtab(void)
104 { u4byte i;
105
106 for(i = 0; i < 256; ++i)
107 {
108 q(0,i) = qp(0, (u1byte)i);
109 q(1,i) = qp(1, (u1byte)i);
110 }
111 };
112
113 #else
114
115 #define q(n,x) qp(n, x)
116
117 #endif
118
119 #ifdef M_TABLE
120
121 static u4byte mt_gen = 0;
122 static u4byte m_tab[4][256];
123
124 static void gen_mtab(void)
125 { u4byte i, f01, f5b, fef;
126
127 for(i = 0; i < 256; ++i)
128 {
129 f01 = q(1,i); f5b = ffm_5b(f01); fef = ffm_ef(f01);
130 m_tab[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);
131 m_tab[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);
132
133 f01 = q(0,i); f5b = ffm_5b(f01); fef = ffm_ef(f01);
134 m_tab[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);
135 m_tab[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);
136 }
137 };
138
139 #define mds(n,x) m_tab[n][x]
140
141 #else
142
143 #define fm_00 ffm_01
144 #define fm_10 ffm_5b
145 #define fm_20 ffm_ef
146 #define fm_30 ffm_ef
147 #define q_0(x) q(1,x)
148
149 #define fm_01 ffm_ef
150 #define fm_11 ffm_ef
151 #define fm_21 ffm_5b
152 #define fm_31 ffm_01
153 #define q_1(x) q(0,x)
154
155 #define fm_02 ffm_5b
156 #define fm_12 ffm_ef
157 #define fm_22 ffm_01
158 #define fm_32 ffm_ef
159 #define q_2(x) q(1,x)
160
161 #define fm_03 ffm_5b
162 #define fm_13 ffm_01
163 #define fm_23 ffm_ef
164 #define fm_33 ffm_5b
165 #define q_3(x) q(0,x)
166
167 #define f_0(n,x) ((u4byte)fm_0##n(x))
168 #define f_1(n,x) ((u4byte)fm_1##n(x) << 8)
169 #define f_2(n,x) ((u4byte)fm_2##n(x) << 16)
170 #define f_3(n,x) ((u4byte)fm_3##n(x) << 24)
171
172 #define mds(n,x) f_0(n,q_##n(x)) ^ f_1(n,q_##n(x)) ^ f_2(n,q_##n(x)) ^ f_3(n,q_##n(x))
173
174 #endif
175
176 static u4byte h_fun(TwofishInstance *instance, const u4byte x, const u4byte key[])
177 { u4byte b0, b1, b2, b3;
178
179 #ifndef M_TABLE
180 u4byte m5b_b0, m5b_b1, m5b_b2, m5b_b3;
181 u4byte mef_b0, mef_b1, mef_b2, mef_b3;
182 #endif
183
184 b0 = extract_byte(x, 0); b1 = extract_byte(x, 1); b2 = extract_byte(x, 2); b3 = extract_byte(x, 3);
185
186 switch(instance->k_len)
187 {
188 case 4: b0 = q(1, (u1byte) b0) ^ extract_byte(key[3],0);
189 b1 = q(0, (u1byte) b1) ^ extract_byte(key[3],1);
190 b2 = q(0, (u1byte) b2) ^ extract_byte(key[3],2);
191 b3 = q(1, (u1byte) b3) ^ extract_byte(key[3],3);
192 case 3: b0 = q(1, (u1byte) b0) ^ extract_byte(key[2],0);
193 b1 = q(1, (u1byte) b1) ^ extract_byte(key[2],1);
194 b2 = q(0, (u1byte) b2) ^ extract_byte(key[2],2);
195 b3 = q(0, (u1byte) b3) ^ extract_byte(key[2],3);
196 case 2: b0 = q(0, (u1byte) (q(0, (u1byte) b0) ^ extract_byte(key[1],0))) ^ extract_byte(key[0],0);
197 b1 = q(0, (u1byte) (q(1, (u1byte) b1) ^ extract_byte(key[1],1))) ^ extract_byte(key[0],1);
198 b2 = q(1, (u1byte) (q(0, (u1byte) b2) ^ extract_byte(key[1],2))) ^ extract_byte(key[0],2);
199 b3 = q(1, (u1byte) (q(1, (u1byte) b3) ^ extract_byte(key[1],3))) ^ extract_byte(key[0],3);
200 }
201 #ifdef M_TABLE
202
203 return mds(0, b0) ^ mds(1, b1) ^ mds(2, b2) ^ mds(3, b3);
204
205 #else
206
207 b0 = q(1, (u1byte) b0); b1 = q(0, (u1byte) b1); b2 = q(1, (u1byte) b2); b3 = q(0, (u1byte) b3);
208 m5b_b0 = ffm_5b(b0); m5b_b1 = ffm_5b(b1); m5b_b2 = ffm_5b(b2); m5b_b3 = ffm_5b(b3);
209 mef_b0 = ffm_ef(b0); mef_b1 = ffm_ef(b1); mef_b2 = ffm_ef(b2); mef_b3 = ffm_ef(b3);
210 b0 ^= mef_b1 ^ m5b_b2 ^ m5b_b3; b3 ^= m5b_b0 ^ mef_b1 ^ mef_b2;
211 b2 ^= mef_b0 ^ m5b_b1 ^ mef_b3; b1 ^= mef_b0 ^ mef_b2 ^ m5b_b3;
212
213 return b0 | (b3 << 8) | (b2 << 16) | (b1 << 24);
214
215 #endif
216 };
217
218 #ifdef MK_TABLE
219
220 #ifdef ONE_STEP
221 //u4byte mk_tab[4][256];
222 #else
223 static u1byte sb[4][256];
224 #endif
225
226 #define q20(x) q(0,q(0,x) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
227 #define q21(x) q(0,q(1,x) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
228 #define q22(x) q(1,q(0,x) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
229 #define q23(x) q(1,q(1,x) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
230
231 #define q30(x) q(0,q(0,q(1, x) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
232 #define q31(x) q(0,q(1,q(1, x) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
233 #define q32(x) q(1,q(0,q(0, x) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
234 #define q33(x) q(1,q(1,q(0, x) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
235
236 #define q40(x) q(0,q(0,q(1, q(1, x) ^ extract_byte(key[3],0)) ^ extract_byte(key[2],0)) ^ extract_byte(key[1],0)) ^ extract_byte(key[0],0)
237 #define q41(x) q(0,q(1,q(1, q(0, x) ^ extract_byte(key[3],1)) ^ extract_byte(key[2],1)) ^ extract_byte(key[1],1)) ^ extract_byte(key[0],1)
238 #define q42(x) q(1,q(0,q(0, q(0, x) ^ extract_byte(key[3],2)) ^ extract_byte(key[2],2)) ^ extract_byte(key[1],2)) ^ extract_byte(key[0],2)
239 #define q43(x) q(1,q(1,q(0, q(1, x) ^ extract_byte(key[3],3)) ^ extract_byte(key[2],3)) ^ extract_byte(key[1],3)) ^ extract_byte(key[0],3)
240
241 static void gen_mk_tab(TwofishInstance *instance, u4byte key[])
242 { u4byte i;
243 u1byte by;
244
245 u4byte *mk_tab = instance->mk_tab;
246
247 switch(instance->k_len)
248 {
249 case 2: for(i = 0; i < 256; ++i)
250 {
251 by = (u1byte)i;
252 #ifdef ONE_STEP
253 mk_tab[0 + 4*i] = mds(0, q20(by)); mk_tab[1 + 4*i] = mds(1, q21(by));
254 mk_tab[2 + 4*i] = mds(2, q22(by)); mk_tab[3 + 4*i] = mds(3, q23(by));
255 #else
256 sb[0][i] = q20(by); sb[1][i] = q21(by);
257 sb[2][i] = q22(by); sb[3][i] = q23(by);
258 #endif
259 }
260 break;
261
262 case 3: for(i = 0; i < 256; ++i)
263 {
264 by = (u1byte)i;
265 #ifdef ONE_STEP
266 mk_tab[0 + 4*i] = mds(0, q30(by)); mk_tab[1 + 4*i] = mds(1, q31(by));
267 mk_tab[2 + 4*i] = mds(2, q32(by)); mk_tab[3 + 4*i] = mds(3, q33(by));
268 #else
269 sb[0][i] = q30(by); sb[1][i] = q31(by);
270 sb[2][i] = q32(by); sb[3][i] = q33(by);
271 #endif
272 }
273 break;
274
275 case 4: for(i = 0; i < 256; ++i)
276 {
277 by = (u1byte)i;
278 #ifdef ONE_STEP
279 mk_tab[0 + 4*i] = mds(0, q40(by)); mk_tab[1 + 4*i] = mds(1, q41(by));
280 mk_tab[2 + 4*i] = mds(2, q42(by)); mk_tab[3 + 4*i] = mds(3, q43(by));
281 #else
282 sb[0][i] = q40(by); sb[1][i] = q41(by);
283 sb[2][i] = q42(by); sb[3][i] = q43(by);
284 #endif
285 }
286 }
287 };
288
289 # ifdef ONE_STEP
290 # define g0_fun(x) ( mk_tab[0 + 4*extract_byte(x,0)] ^ mk_tab[1 + 4*extract_byte(x,1)] \
291 ^ mk_tab[2 + 4*extract_byte(x,2)] ^ mk_tab[3 + 4*extract_byte(x,3)] )
292 # define g1_fun(x) ( mk_tab[0 + 4*extract_byte(x,3)] ^ mk_tab[1 + 4*extract_byte(x,0)] \
293 ^ mk_tab[2 + 4*extract_byte(x,1)] ^ mk_tab[3 + 4*extract_byte(x,2)] )
294
295
296 # else
297 # define g0_fun(x) ( mds(0, sb[0][extract_byte(x,0)]) ^ mds(1, sb[1][extract_byte(x,1)]) \
298 ^ mds(2, sb[2][extract_byte(x,2)]) ^ mds(3, sb[3][extract_byte(x,3)]) )
299 # define g1_fun(x) ( mds(0, sb[0][extract_byte(x,3)]) ^ mds(1, sb[1][extract_byte(x,0)]) \
300 ^ mds(2, sb[2][extract_byte(x,1)]) ^ mds(3, sb[3][extract_byte(x,2)]) )
301 # endif
302
303 #else
304
305 #define g0_fun(x) h_fun(instance, x, instance->s_key)
306 #define g1_fun(x) h_fun(instance, rotl(x,8), instance->s_key)
307
308 #endif
309
310 /* The (12,8) Reed Soloman code has the generator polynomial
311
312 g(x) = x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1
313
314 where the coefficients are in the finite field GF(2^8) with a
315 modular polynomial a^8 + a^6 + a^3 + a^2 + 1. To generate the
316 remainder we have to start with a 12th order polynomial with our
317 eight input bytes as the coefficients of the 4th to 11th terms.
318 That is:
319
320 m[7] * x^11 + m[6] * x^10 ... + m[0] * x^4 + 0 * x^3 +... + 0
321
322 We then multiply the generator polynomial by m[7] * x^7 and subtract
323 it - xor in GF(2^8) - from the above to eliminate the x^7 term (the
324 artihmetic on the coefficients is done in GF(2^8). We then multiply
325 the generator polynomial by x^6 * coeff(x^10) and use this to remove
326 the x^10 term. We carry on in this way until the x^4 term is removed
327 so that we are left with:
328
329 r[3] * x^3 + r[2] * x^2 + r[1] 8 x^1 + r[0]
330
331 which give the resulting 4 bytes of the remainder. This is equivalent
332 to the matrix multiplication in the Twofish description but much faster
333 to implement.
334
335 */
336
337 #define G_MOD 0x0000014d
338
339 static u4byte mds_rem(u4byte p0, u4byte p1)
340 { u4byte i, t, u;
341
342 for(i = 0; i < 8; ++i)
343 {
344 t = p1 >> 24; // get most significant coefficient
345
346 p1 = (p1 << 8) | (p0 >> 24); p0 <<= 8; // shift others up
347
348 // multiply t by a (the primitive element - i.e. left shift)
349
350 u = (t << 1);
351
352 if(t & 0x80) // subtract modular polynomial on overflow
353
354 u ^= G_MOD;
355
356 p1 ^= t ^ (u << 16); // remove t * (a * x^2 + 1)
357
358 u ^= (t >> 1); // form u = a * t + t / a = t * (a + 1 / a);
359
360 if(t & 0x01) // add the modular polynomial on underflow
361
362 u ^= G_MOD >> 1;
363
364 p1 ^= (u << 24) | (u << 8); // remove t * (a + 1/a) * (x^3 + x)
365 }
366
367 return p1;
368 };
369
370 /* initialise the key schedule from the user supplied key */
371
372 u4byte *twofish_set_key(TwofishInstance *instance, const u4byte in_key[], const u4byte key_len)
373 { u4byte i, a, b, me_key[4], mo_key[4];
374 u4byte *l_key, *s_key;
375
376 l_key = instance->l_key;
377 s_key = instance->s_key;
378
379 #ifdef Q_TABLES
380 if(!qt_gen)
381 {
382 gen_qtab(); qt_gen = 1;
383 }
384 #endif
385
386 #ifdef M_TABLE
387 if(!mt_gen)
388 {
389 gen_mtab(); mt_gen = 1;
390 }
391 #endif
392
393 instance->k_len = key_len / 64; /* 2, 3 or 4 */
394
395 for(i = 0; i < instance->k_len; ++i)
396 {
397 a = LE32(in_key[i + i]); me_key[i] = a;
398 b = LE32(in_key[i + i + 1]); mo_key[i] = b;
399 s_key[instance->k_len - i - 1] = mds_rem(a, b);
400 }
401
402 for(i = 0; i < 40; i += 2)
403 {
404 a = 0x01010101 * i; b = a + 0x01010101;
405 a = h_fun(instance, a, me_key);
406 b = rotl(h_fun(instance, b, mo_key), 8);
407 l_key[i] = a + b;
408 l_key[i + 1] = rotl(a + 2 * b, 9);
409 }
410
411 #ifdef MK_TABLE
412 gen_mk_tab(instance, s_key);
413 #endif
414
415 return l_key;
416 };
417
418 /* encrypt a block of text */
419
420 #ifndef TC_MINIMIZE_CODE_SIZE
421
422 #define f_rnd(i) \
423 t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
424 blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1); \
425 blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]); \
426 t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
427 blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1); \
428 blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11])
429
430 void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
431 { u4byte t0, t1, blk[4];
432
433 u4byte *l_key = instance->l_key;
434 u4byte *mk_tab = instance->mk_tab;
435
436 blk[0] = LE32(in_blk[0]) ^ l_key[0];
437 blk[1] = LE32(in_blk[1]) ^ l_key[1];
438 blk[2] = LE32(in_blk[2]) ^ l_key[2];
439 blk[3] = LE32(in_blk[3]) ^ l_key[3];
440
441 f_rnd(0); f_rnd(1); f_rnd(2); f_rnd(3);
442 f_rnd(4); f_rnd(5); f_rnd(6); f_rnd(7);
443
444 out_blk[0] = LE32(blk[2] ^ l_key[4]);
445 out_blk[1] = LE32(blk[3] ^ l_key[5]);
446 out_blk[2] = LE32(blk[0] ^ l_key[6]);
447 out_blk[3] = LE32(blk[1] ^ l_key[7]);
448 };
449
450 #else // TC_MINIMIZE_CODE_SIZE
451
452 void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[])
453 { u4byte t0, t1, blk[4];
454
455 u4byte *l_key = instance->l_key;
456 #ifdef TC_WINDOWS_BOOT_TWOFISH
457 u4byte *mk_tab = instance->mk_tab;
458 #endif
459 int i;
460
461 blk[0] = LE32(in_blk[0]) ^ l_key[0];
462 blk[1] = LE32(in_blk[1]) ^ l_key[1];
463 blk[2] = LE32(in_blk[2]) ^ l_key[2];
464 blk[3] = LE32(in_blk[3]) ^ l_key[3];
465
466 for (i = 0; i <= 7; ++i)
467 {
468 t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);
469 blk[2] = rotr(blk[2] ^ (t0 + t1 + l_key[4 * (i) + 8]), 1);
470 blk[3] = rotl(blk[3], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]);
471 t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);
472 blk[0] = rotr(blk[0] ^ (t0 + t1 + l_key[4 * (i) + 10]), 1);
473 blk[1] = rotl(blk[1], 1) ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]);
474 }
475
476 out_blk[0] = LE32(blk[2] ^ l_key[4]);
477 out_blk[1] = LE32(blk[3] ^ l_key[5]);
478 out_blk[2] = LE32(blk[0] ^ l_key[6]);
479 out_blk[3] = LE32(blk[1] ^ l_key[7]);
480 };
481
482 #endif // TC_MINIMIZE_CODE_SIZE
483
484 /* decrypt a block of text */
485
486 #ifndef TC_MINIMIZE_CODE_SIZE
487
488 #define i_rnd(i) \
489 t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]); \
490 blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]); \
491 blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1); \
492 t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]); \
493 blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]); \
494 blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1)
495
496 void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
497 { u4byte t0, t1, blk[4];
498
499 u4byte *l_key = instance->l_key;
500 u4byte *mk_tab = instance->mk_tab;
501
502 blk[0] = LE32(in_blk[0]) ^ l_key[4];
503 blk[1] = LE32(in_blk[1]) ^ l_key[5];
504 blk[2] = LE32(in_blk[2]) ^ l_key[6];
505 blk[3] = LE32(in_blk[3]) ^ l_key[7];
506
507 i_rnd(7); i_rnd(6); i_rnd(5); i_rnd(4);
508 i_rnd(3); i_rnd(2); i_rnd(1); i_rnd(0);
509
510 out_blk[0] = LE32(blk[2] ^ l_key[0]);
511 out_blk[1] = LE32(blk[3] ^ l_key[1]);
512 out_blk[2] = LE32(blk[0] ^ l_key[2]);
513 out_blk[3] = LE32(blk[1] ^ l_key[3]);
514 };
515
516 #else // TC_MINIMIZE_CODE_SIZE
517
518 void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4])
519 { u4byte t0, t1, blk[4];
520
521 u4byte *l_key = instance->l_key;
522 #ifdef TC_WINDOWS_BOOT_TWOFISH
523 u4byte *mk_tab = instance->mk_tab;
524 #endif
525 int i;
526
527 blk[0] = LE32(in_blk[0]) ^ l_key[4];
528 blk[1] = LE32(in_blk[1]) ^ l_key[5];
529 blk[2] = LE32(in_blk[2]) ^ l_key[6];
530 blk[3] = LE32(in_blk[3]) ^ l_key[7];
531
532 for (i = 7; i >= 0; --i)
533 {
534 t1 = g1_fun(blk[1]); t0 = g0_fun(blk[0]);
535 blk[2] = rotl(blk[2], 1) ^ (t0 + t1 + l_key[4 * (i) + 10]);
536 blk[3] = rotr(blk[3] ^ (t0 + 2 * t1 + l_key[4 * (i) + 11]), 1);
537 t1 = g1_fun(blk[3]); t0 = g0_fun(blk[2]);
538 blk[0] = rotl(blk[0], 1) ^ (t0 + t1 + l_key[4 * (i) + 8]);
539 blk[1] = rotr(blk[1] ^ (t0 + 2 * t1 + l_key[4 * (i) + 9]), 1);
540 }
541
542 out_blk[0] = LE32(blk[2] ^ l_key[0]);
543 out_blk[1] = LE32(blk[3] ^ l_key[1]);
544 out_blk[2] = LE32(blk[0] ^ l_key[2]);
545 out_blk[3] = LE32(blk[1] ^ l_key[3]);
546 };
547
548 #endif // TC_MINIMIZE_CODE_SIZE
Various Bits of Code