Crypt-Twofish2
view release on metacpan or search on metacpan
/***************************************************************************
TABLE.H -- Tables, macros, constants for Twofish S-boxes and MDS matrix
Submitters:
Bruce Schneier, Counterpane Systems
Doug Whiting, Hi/fn
John Kelsey, Counterpane Systems
Chris Hall, Counterpane Systems
David Wagner, UC Berkeley
Code Author: Doug Whiting, Hi/fn
Version 1.00 April 1998
Copyright 1998, Hi/fn and Counterpane Systems. All rights reserved.
Notes:
* Tab size is set to 4 characters in this file
* These definitions should be used in optimized and unoptimized
versions to insure consistency.
***************************************************************************/
/* for computing subkeys */
#define SK_STEP 0x02020202u
#define SK_BUMP 0x01010101u
#define SK_ROTL 9
/* Reed-Solomon code parameters: (12,8) reversible code
g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1
where a = primitive root of field generator 0x14D */
#define RS_GF_FDBK 0x14D /* field generator */
#define RS_rem(x) \
{ BYTE b = (BYTE) (x >> 24); \
DWORD g2 = ((b << 1) ^ ((b & 0x80) ? RS_GF_FDBK : 0 )) & 0xFF; \
DWORD g3 = ((b >> 1) & 0x7F) ^ ((b & 1) ? RS_GF_FDBK >> 1 : 0 ) ^ g2 ; \
x = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b; \
}
/* Macros for the MDS matrix
* The MDS matrix is (using primitive polynomial 169):
* 01 EF 5B 5B
* 5B EF EF 01
* EF 5B 01 EF
* EF 01 EF 5B
*----------------------------------------------------------------
* More statistical properties of this matrix (from MDS.EXE output):
*
* Min Hamming weight (one byte difference) = 8. Max=26. Total = 1020.
* Prob[8]: 7 23 42 20 52 95 88 94 121 128 91
* 102 76 41 24 8 4 1 3 0 0 0
* Runs[8]: 2 4 5 6 7 8 9 11
* MSBs[8]: 1 4 15 8 18 38 40 43
* HW= 8: 05040705 0A080E0A 14101C14 28203828 50407050 01499101 A080E0A0
* HW= 9: 04050707 080A0E0E 10141C1C 20283838 40507070 80A0E0E0 C6432020 07070504
* 0E0E0A08 1C1C1410 38382820 70705040 E0E0A080 202043C6 05070407 0A0E080E
* 141C101C 28382038 50704070 A0E080E0 4320C620 02924B02 089A4508
* Min Hamming weight (two byte difference) = 3. Max=28. Total = 390150.
* Prob[3]: 7 18 55 149 270 914 2185 5761 11363 20719 32079
* 43492 51612 53851 52098 42015 31117 20854 11538 6223 2492 1033
* MDS OK, ROR: 6+ 7+ 8+ 9+ 10+ 11+ 12+ 13+ 14+ 15+ 16+
* 17+ 18+ 19+ 20+ 21+ 22+ 23+ 24+ 25+ 26+
*/
#define MDS_GF_FDBK 0x169 /* primitive polynomial for GF(256) */
#define LFSR1(x) ( ((x) >> 1) ^ (((x) & 0x01) ? MDS_GF_FDBK/2 : 0))
#define LFSR2(x) ( ((x) >> 2) ^ (((x) & 0x02) ? MDS_GF_FDBK/2 : 0) \
^ (((x) & 0x01) ? MDS_GF_FDBK/4 : 0))
#define Mx_1(x) ((DWORD) (x)) /* force result to dword so << will work */
#define Mx_X(x) ((DWORD) ((x) ^ LFSR2(x))) /* 5B */
#define Mx_Y(x) ((DWORD) ((x) ^ LFSR1(x) ^ LFSR2(x))) /* EF */
#define M00 Mul_1
#define M01 Mul_Y
#define M02 Mul_X
#define M03 Mul_X
#define M10 Mul_X
#define M11 Mul_Y
#define M12 Mul_Y
#define M13 Mul_1
#define M20 Mul_Y
#define M21 Mul_X
#define M22 Mul_1
#define M23 Mul_Y
#define M30 Mul_Y
#define M31 Mul_1
#define M32 Mul_Y
#define M33 Mul_X
#define Mul_1 Mx_1
#define Mul_X Mx_X
#define Mul_Y Mx_Y
/* Define the fixed p0/p1 permutations used in keyed S-box lookup.
By changing the following constant definitions for P_ij, the S-boxes will
automatically get changed in all the Twofish source code. Note that P_i0 is
the "outermost" 8x8 permutation applied. See the f32() function to see
( run in 0.992 second using v1.01-cache-2.11-cpan-99c4e6809bf )