1 /* $Id: twofish.h,v 2.0 2002/08/11 22:32:25 fknobbe Exp $ 2 * 3 * 4 * Copyright (C) 1997-2000 The Cryptix Foundation Limited. 5 * Copyright (C) 2000 Farm9. 6 * Copyright (C) 2001 Frank Knobbe. 7 * All rights reserved. 8 * 9 * For Cryptix code: 10 * Use, modification, copying and distribution of this software is subject 11 * the terms and conditions of the Cryptix General Licence. You should have 12 * received a copy of the Cryptix General Licence along with this library; 13 * if not, you can download a copy from http://www.cryptix.org/ . 14 * 15 * For Farm9: 16 * --- jojo@farm9.com, August 2000, converted from Java to C++, added CBC mode and 17 * ciphertext stealing technique, added AsciiTwofish class for easy encryption 18 * decryption of text strings 19 * 20 * Frank Knobbe <frank@knobbe.us>: 21 * --- April 2001, converted from C++ to C, prefixed global variables 22 * with TwoFish, substituted some defines, changed functions to make use of 23 * variables supplied in a struct, modified and added routines for modular calls. 24 * Cleaned up the code so that defines are used instead of fixed 16's and 32's. 25 * Created two general purpose crypt routines for one block and multiple block 26 * encryption using Joh's CBC code. 27 * Added crypt routines that use a header (with a magic and data length). 28 * (Basically a major rewrite). 29 * 30 * Note: Routines labeled _TwoFish are private and should not be used 31 * (or with extreme caution). 32 * 33 */ 34 35 #ifndef __TWOFISH_LIBRARY_HEADER__ 36 #define __TWOFISH_LIBRARY_HEADER__ 37 38 #ifndef FALSE 39 #define FALSE 0 40 #endif 41 #ifndef TRUE 42 #define TRUE !FALSE 43 #endif 44 #ifndef bool 45 #define bool int 46 #endif 47 48 #ifdef WIN32 49 #include "win32/n2n_win32.h" 50 #endif 51 52 #ifndef _MSC_VER 53 /* Not shipped with Visual Studio (as stated by the stdint.h wikipedia page) */ 54 #include <stdint.h> /* defines uintN_t types */ 55 #endif 56 57 #ifdef __sun__ /* Should be HAVE_SYS_TYPES */ 58 /* The following are redefinitions if sys/types.h has been included too.*/ 59 typedef uint32_t uint32_t; 60 typedef uint8_t uint8_t; 61 #endif /* #ifdef __sun__ */ 62 63 /* Constants */ 64 65 #define TwoFish_DEFAULT_PW "SnortHas2FishEncryptionRoutines!" /* default password (not more than 32 chars) */ 66 #define TwoFish_DEFAULT_PW_LEN 32 67 #define TwoFish_MAGIC "TwoFish" /* to indentify a successful decryption */ 68 69 enum 70 { TwoFish_KEY_SIZE = 256, /* Valid values: 64, 128, 192, 256 */ 71 /* User 256, other key sizes have not been tested. */ 72 /* (But should work. I substitutes as much as */ 73 /* I could with this define.) */ 74 TwoFish_ROUNDS = 16, 75 TwoFish_BLOCK_SIZE = 16, /* bytes in a data-block */ 76 TwoFish_KEY_LENGTH = TwoFish_KEY_SIZE/8, /* 32= 256-bit key */ 77 TwoFish_TOTAL_SUBKEYS = 4+4+2*TwoFish_ROUNDS, 78 TwoFish_MAGIC_LEN = TwoFish_BLOCK_SIZE-8, 79 TwoFish_SK_BUMP = 0x01010101, 80 TwoFish_SK_ROTL = 9, 81 TwoFish_P_00 = 1, 82 TwoFish_P_01 = 0, 83 TwoFish_P_02 = 0, 84 TwoFish_P_03 = TwoFish_P_01 ^ 1, 85 TwoFish_P_04 = 1, 86 TwoFish_P_10 = 0, 87 TwoFish_P_11 = 0, 88 TwoFish_P_12 = 1, 89 TwoFish_P_13 = TwoFish_P_11 ^ 1, 90 TwoFish_P_14 = 0, 91 TwoFish_P_20 = 1, 92 TwoFish_P_21 = 1, 93 TwoFish_P_22 = 0, 94 TwoFish_P_23 = TwoFish_P_21 ^ 1, 95 TwoFish_P_24 = 0, 96 TwoFish_P_30 = 0, 97 TwoFish_P_31 = 1, 98 TwoFish_P_32 = 1, 99 TwoFish_P_33 = TwoFish_P_31 ^ 1, 100 TwoFish_P_34 = 1, 101 TwoFish_GF256_FDBK = 0x169, 102 TwoFish_GF256_FDBK_2 = 0x169 / 2, 103 TwoFish_GF256_FDBK_4 = 0x169 / 4, 104 TwoFish_RS_GF_FDBK = 0x14D, /* field generator */ 105 TwoFish_MDS_GF_FDBK = 0x169 /* primitive polynomial for GF(256) */ 106 }; 107 108 109 /* Global data structure for callers */ 110 111 typedef struct 112 { 113 uint32_t sBox[4 * 256]; /* Key dependent S-box */ 114 uint32_t subKeys[TwoFish_TOTAL_SUBKEYS]; /* Subkeys */ 115 uint8_t key[TwoFish_KEY_LENGTH]; /* Encryption Key */ 116 uint8_t *output; /* Pointer to output buffer */ 117 uint8_t qBlockPlain[TwoFish_BLOCK_SIZE]; /* Used by CBC */ 118 uint8_t qBlockCrypt[TwoFish_BLOCK_SIZE]; 119 uint8_t prevCipher[TwoFish_BLOCK_SIZE]; 120 struct /* Header for crypt functions. Has to be at least one block long. */ 121 { uint32_t salt; /* Random salt in first block (will salt the rest through CBC) */ 122 uint8_t length[4]; /* The amount of data following the header */ 123 uint8_t magic[TwoFish_MAGIC_LEN]; /* Magic to identify successful decryption */ 124 } header; 125 bool qBlockDefined; 126 bool dontflush; 127 } TWOFISH; 128 129 /**** Public Functions ****/ 130 131 /* TwoFish Initialization 132 * 133 * This routine generates a global data structure for use with TwoFish, 134 * initializes important values (such as subkeys, sBoxes), generates subkeys 135 * and precomputes the MDS matrix if not already done. 136 * 137 * Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!') 138 * 139 * Output: Pointer to TWOFISH structure. This data structure contains key dependent data. 140 * This pointer is used with all other crypt functions. 141 */ 142 TWOFISH *TwoFishInit(const uint8_t *userkey, uint32_t keysize ); 143 144 145 /* TwoFish Destroy 146 * 147 * Nothing else but a free... 148 * 149 * Input: Pointer to the TwoFish structure. 150 * 151 */ 152 void TwoFishDestroy(TWOFISH *tfdata); 153 154 155 /* TwoFish Alloc 156 * 157 * Allocates enough memory for the output buffer as required. 158 * 159 * Input: Length of the plaintext. 160 * Boolean flag for BinHex Output. 161 * Pointer to the TwoFish structure. 162 * 163 * Output: Returns a pointer to the memory allocated. 164 */ 165 void *TwoFishAlloc(uint32_t len,bool binhex,bool decrypt,TWOFISH *tfdata); 166 167 168 /* TwoFish Free 169 * 170 * Free's the allocated buffer. 171 * 172 * Input: Pointer to the TwoFish structure 173 * 174 * Output: (none) 175 */ 176 void TwoFishFree(TWOFISH *tfdata); 177 178 179 /* TwoFish Set Output 180 * 181 * If you want to allocate the output buffer yourself, 182 * then you can set it with this function. 183 * 184 * Input: Pointer to your output buffer 185 * Pointer to the TwoFish structure 186 * 187 * Output: (none) 188 */ 189 void TwoFishSetOutput(uint8_t *outp,TWOFISH *tfdata); 190 191 192 /* TwoFish Raw Encryption 193 * 194 * Does not use header, but does use CBC (if more than one block has to be encrypted). 195 * 196 * Input: Pointer to the buffer of the plaintext to be encrypted. 197 * Pointer to the buffer receiving the ciphertext. 198 * The length of the plaintext buffer. 199 * The TwoFish structure. 200 * 201 * Output: The amount of bytes encrypted if successful, otherwise 0. 202 */ 203 uint32_t TwoFishEncryptRaw(uint8_t *in,uint8_t *out,uint32_t len,TWOFISH *tfdata); 204 205 /* TwoFish Raw Decryption 206 * 207 * Does not use header, but does use CBC (if more than one block has to be decrypted). 208 * 209 * Input: Pointer to the buffer of the ciphertext to be decrypted. 210 * Pointer to the buffer receiving the plaintext. 211 * The length of the ciphertext buffer (at least one cipher block). 212 * The TwoFish structure. 213 * 214 * Output: The amount of bytes decrypted if successful, otherwise 0. 215 */ 216 uint32_t TwoFishDecryptRaw(uint8_t *in,uint8_t *out,uint32_t len,TWOFISH *tfdata); 217 218 219 /* TwoFish Encryption 220 * 221 * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc, 222 * this routine will alloc the memory. In addition, it will include a small 'header' 223 * containing the magic and some salt. That way the decrypt routine can check if the 224 * packet got decrypted successfully, and return 0 instead of garbage. 225 * 226 * Input: Pointer to the buffer of the plaintext to be encrypted. 227 * Pointer to the pointer to the buffer receiving the ciphertext. 228 * The pointer either points to user allocated output buffer space, or to NULL, in which case 229 * this routine will set the pointer to the buffer allocated through the struct. 230 * The length of the plaintext buffer. 231 * Can be -1 if the input is a null terminated string, in which case we'll count for you. 232 * Boolean flag for BinHex Output (if used, output will be twice as large as input). 233 * Note: BinHex conversion overwrites (converts) input buffer! 234 * The TwoFish structure. 235 * 236 * Output: The amount of bytes encrypted if successful, otherwise 0. 237 */ 238 uint32_t TwoFishEncrypt(uint8_t *in,uint8_t **out,signed long len,bool binhex,TWOFISH *tfdata); 239 240 241 /* TwoFish Decryption 242 * 243 * Uses header and CBC. If the output area has not been intialized with TwoFishAlloc, 244 * this routine will alloc the memory. In addition, it will check the small 'header' 245 * containing the magic. If magic does not match we return 0. Otherwise we return the 246 * amount of bytes decrypted (should be the same as the length in the header). 247 * 248 * Input: Pointer to the buffer of the ciphertext to be decrypted. 249 * Pointer to the pointer to the buffer receiving the plaintext. 250 * The pointer either points to user allocated output buffer space, or to NULL, in which case 251 * this routine will set the pointer to the buffer allocated through the struct. 252 * The length of the ciphertext buffer. 253 * Can be -1 if the input is a null terminated binhex string, in which case we'll count for you. 254 * Boolean flag for BinHex Input (if used, plaintext will be half as large as input). 255 * Note: BinHex conversion overwrites (converts) input buffer! 256 * The TwoFish structure. 257 * 258 * Output: The amount of bytes decrypted if successful, otherwise 0. 259 */ 260 uint32_t TwoFishDecrypt(uint8_t *in,uint8_t **out,signed long len,bool binhex,TWOFISH *tfdata); 261 262 263 /**** Private Functions ****/ 264 265 uint8_t TwoFish__b(uint32_t x,int n); 266 void _TwoFish_BinHex(uint8_t *buf,uint32_t len,bool bintohex); 267 uint32_t _TwoFish_CryptRawCBC(uint8_t *in,uint8_t *out,uint32_t len,bool decrypt,TWOFISH *tfdata); 268 uint32_t _TwoFish_CryptRaw16(uint8_t *in,uint8_t *out,uint32_t len,bool decrypt,TWOFISH *tfdata); 269 uint32_t _TwoFish_CryptRaw(uint8_t *in,uint8_t *out,uint32_t len,bool decrypt,TWOFISH *tfdata); 270 void _TwoFish_PrecomputeMDSmatrix(void); 271 void _TwoFish_MakeSubKeys(TWOFISH *tfdata); 272 void _TwoFish_qBlockPush(uint8_t *p,uint8_t *c,TWOFISH *tfdata); 273 void _TwoFish_qBlockPop(uint8_t *p,uint8_t *c,TWOFISH *tfdata); 274 void _TwoFish_ResetCBC(TWOFISH *tfdata); 275 void _TwoFish_FlushOutput(uint8_t *b,uint32_t len,TWOFISH *tfdata); 276 void _TwoFish_BlockCrypt(uint8_t *in,uint8_t *out,uint32_t size,int decrypt,TWOFISH *tfdata); 277 void _TwoFish_BlockCrypt16(uint8_t *in,uint8_t *out,bool decrypt,TWOFISH *tfdata); 278 uint32_t _TwoFish_RS_MDS_Encode(uint32_t k0,uint32_t k1); 279 uint32_t _TwoFish_F32(uint32_t k64Cnt,uint32_t x,uint32_t *k32); 280 uint32_t _TwoFish_Fe320(uint32_t *lsBox,uint32_t x); 281 uint32_t _TwoFish_Fe323(uint32_t *lsBox,uint32_t x); 282 uint32_t _TwoFish_Fe32(uint32_t *lsBox,uint32_t x,uint32_t R); 283 284 285 #endif 286