Blame view
crypto/twofish_generic.c
5.64 KB
1ccea77e2 treewide: Replace... |
1 |
// SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4c Linux-2.6.12-rc2 |
2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
/* * Twofish for CryptoAPI * * Originally Twofish for GPG * By Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998 * 256-bit key length added March 20, 1999 * Some modifications to reduce the text size by Werner Koch, April, 1998 * Ported to the kerneli patch by Marc Mutz <Marc@Mutz.com> * Ported to CryptoAPI by Colin Slater <hoho@tacomeat.net> * * The original author has disclaimed all copyright interest in this * code and thus put it in the public domain. The subsequent authors * have put this under the GNU General Public License. * |
1da177e4c Linux-2.6.12-rc2 |
16 17 18 19 20 21 22 23 24 25 |
* This code is a "clean room" implementation, written from the paper * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey, * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available * through http://www.counterpane.com/twofish.html * * For background information on multiplication in finite fields, used for * the matrix operations in the key schedule, see the book _Contemporary * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the * Third Edition. */ |
06ace7a9b [CRYPTO] Use stan... |
26 27 |
#include <asm/byteorder.h> |
2729bb427 [CRYPTO] twofish:... |
28 |
#include <crypto/twofish.h> |
1da177e4c Linux-2.6.12-rc2 |
29 30 31 32 33 |
#include <linux/module.h> #include <linux/init.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/crypto.h> |
a5f8c4730 [CRYPTO] twofish:... |
34 |
#include <linux/bitops.h> |
1da177e4c Linux-2.6.12-rc2 |
35 |
|
1da177e4c Linux-2.6.12-rc2 |
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
/* Macros to compute the g() function in the encryption and decryption * rounds. G1 is the straight g() function; G2 includes the 8-bit * rotation for the high 32-bit word. */ #define G1(a) \ (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \ ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24]) #define G2(b) \ (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \ ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24]) /* Encryption and decryption Feistel rounds. Each one calls the two g() * macros, does the PHT, and performs the XOR and the appropriate bit * rotations. The parameters are the round number (used to select subkeys), * and the four 32-bit chunks of the text. */ #define ENCROUND(n, a, b, c, d) \ x = G1 (a); y = G2 (b); \ x += y; y += x + ctx->k[2 * (n) + 1]; \ (c) ^= x + ctx->k[2 * (n)]; \ |
a5f8c4730 [CRYPTO] twofish:... |
57 58 |
(c) = ror32((c), 1); \ (d) = rol32((d), 1) ^ y |
1da177e4c Linux-2.6.12-rc2 |
59 60 61 62 63 |
#define DECROUND(n, a, b, c, d) \ x = G1 (a); y = G2 (b); \ x += y; y += x; \ (d) ^= y + ctx->k[2 * (n) + 1]; \ |
a5f8c4730 [CRYPTO] twofish:... |
64 65 |
(d) = ror32((d), 1); \ (c) = rol32((c), 1); \ |
1da177e4c Linux-2.6.12-rc2 |
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
(c) ^= (x + ctx->k[2 * (n)]) /* Encryption and decryption cycles; each one is simply two Feistel rounds * with the 32-bit chunks re-ordered to simulate the "swap" */ #define ENCCYCLE(n) \ ENCROUND (2 * (n), a, b, c, d); \ ENCROUND (2 * (n) + 1, c, d, a, b) #define DECCYCLE(n) \ DECROUND (2 * (n) + 1, c, d, a, b); \ DECROUND (2 * (n), a, b, c, d) /* Macros to convert the input and output bytes into 32-bit words, * and simultaneously perform the whitening step. INPACK packs word * number n into the variable named by x, using whitening subkey number m. * OUTUNPACK unpacks word number n from the variable named by x, using * whitening subkey number m. */ #define INPACK(n, x, m) \ |
06ace7a9b [CRYPTO] Use stan... |
86 |
x = le32_to_cpu(src[n]) ^ ctx->w[m] |
1da177e4c Linux-2.6.12-rc2 |
87 88 89 |
#define OUTUNPACK(n, x, m) \ x ^= ctx->w[m]; \ |
06ace7a9b [CRYPTO] Use stan... |
90 |
dst[n] = cpu_to_le32(x) |
1da177e4c Linux-2.6.12-rc2 |
91 |
|
1da177e4c Linux-2.6.12-rc2 |
92 |
|
1da177e4c Linux-2.6.12-rc2 |
93 94 |
/* Encrypt one block. in and out may be the same. */ |
6c2bb98bc [CRYPTO] all: Pas... |
95 |
static void twofish_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4c Linux-2.6.12-rc2 |
96 |
{ |
6c2bb98bc [CRYPTO] all: Pas... |
97 |
struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); |
06ace7a9b [CRYPTO] Use stan... |
98 99 |
const __le32 *src = (const __le32 *)in; __le32 *dst = (__le32 *)out; |
1da177e4c Linux-2.6.12-rc2 |
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
/* The four 32-bit chunks of the text. */ u32 a, b, c, d; /* Temporaries used by the round function. */ u32 x, y; /* Input whitening and packing. */ INPACK (0, a, 0); INPACK (1, b, 1); INPACK (2, c, 2); INPACK (3, d, 3); /* Encryption Feistel cycles. */ ENCCYCLE (0); ENCCYCLE (1); ENCCYCLE (2); ENCCYCLE (3); ENCCYCLE (4); ENCCYCLE (5); ENCCYCLE (6); ENCCYCLE (7); /* Output whitening and unpacking. */ OUTUNPACK (0, c, 4); OUTUNPACK (1, d, 5); OUTUNPACK (2, a, 6); OUTUNPACK (3, b, 7); } /* Decrypt one block. in and out may be the same. */ |
6c2bb98bc [CRYPTO] all: Pas... |
132 |
static void twofish_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4c Linux-2.6.12-rc2 |
133 |
{ |
6c2bb98bc [CRYPTO] all: Pas... |
134 |
struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); |
06ace7a9b [CRYPTO] Use stan... |
135 136 |
const __le32 *src = (const __le32 *)in; __le32 *dst = (__le32 *)out; |
1da177e4c Linux-2.6.12-rc2 |
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 |
/* The four 32-bit chunks of the text. */ u32 a, b, c, d; /* Temporaries used by the round function. */ u32 x, y; /* Input whitening and packing. */ INPACK (0, c, 4); INPACK (1, d, 5); INPACK (2, a, 6); INPACK (3, b, 7); /* Encryption Feistel cycles. */ DECCYCLE (7); DECCYCLE (6); DECCYCLE (5); DECCYCLE (4); DECCYCLE (3); DECCYCLE (2); DECCYCLE (1); DECCYCLE (0); /* Output whitening and unpacking. */ OUTUNPACK (0, a, 0); OUTUNPACK (1, b, 1); OUTUNPACK (2, c, 2); OUTUNPACK (3, d, 3); } static struct crypto_alg alg = { .cra_name = "twofish", |
758f570ea [CRYPTO] twofish:... |
170 171 |
.cra_driver_name = "twofish-generic", .cra_priority = 100, |
1da177e4c Linux-2.6.12-rc2 |
172 173 174 |
.cra_flags = CRYPTO_ALG_TYPE_CIPHER, .cra_blocksize = TF_BLOCK_SIZE, .cra_ctxsize = sizeof(struct twofish_ctx), |
a429d2609 [CRYPTO] cipher: ... |
175 |
.cra_alignmask = 3, |
1da177e4c Linux-2.6.12-rc2 |
176 |
.cra_module = THIS_MODULE, |
1da177e4c Linux-2.6.12-rc2 |
177 178 179 180 181 182 183 |
.cra_u = { .cipher = { .cia_min_keysize = TF_MIN_KEY_SIZE, .cia_max_keysize = TF_MAX_KEY_SIZE, .cia_setkey = twofish_setkey, .cia_encrypt = twofish_encrypt, .cia_decrypt = twofish_decrypt } } }; |
3af5b90bd [CRYPTO] all: Cle... |
184 |
static int __init twofish_mod_init(void) |
1da177e4c Linux-2.6.12-rc2 |
185 186 187 |
{ return crypto_register_alg(&alg); } |
3af5b90bd [CRYPTO] all: Cle... |
188 |
static void __exit twofish_mod_fini(void) |
1da177e4c Linux-2.6.12-rc2 |
189 190 191 |
{ crypto_unregister_alg(&alg); } |
c4741b230 crypto: run initc... |
192 |
subsys_initcall(twofish_mod_init); |
3af5b90bd [CRYPTO] all: Cle... |
193 |
module_exit(twofish_mod_fini); |
1da177e4c Linux-2.6.12-rc2 |
194 195 196 |
MODULE_LICENSE("GPL"); MODULE_DESCRIPTION ("Twofish Cipher Algorithm"); |
5d26a105b crypto: prefix mo... |
197 |
MODULE_ALIAS_CRYPTO("twofish"); |
3e14dcf7c crypto: add missi... |
198 |
MODULE_ALIAS_CRYPTO("twofish-generic"); |