Halaman utama Jelajahi Bantuan
Daftar Masuk
oberon
/
A2OS
cermin dari https://github.com/yarrom/A2OS.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: 38473b9849
Ranting Tag
A2OS
/
source
/
CryptoTwofish.Mod

CryptoTwofish.Mod 11 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303 
  1. MODULE CryptoTwofish;   (** Twofish en/decryption *)
    2. 

  2. 

  3. (*	Oberon port, based on twofish.c (vers. 1.0, Apr. 1998),
    4. 

  4. 		2002.07.22	g.f.
    5. 

  5.  *)
    6. 

  6. 

  7. IMPORT S := SYSTEM, Ciphers := CryptoCiphers, U := CryptoUtils;
    8. 

  8. 

  9. CONST
    10. 

  10. 	N = 16;
    11. 

  11. 

  12. TYPE
    13. 

  13. 	Block = ARRAY 4 OF SET32;
    14. 

  14. 	SKey = ARRAY 4 OF SET32;
    15. 

  15. 

  16. VAR
    17. 

  17. 	tab0: ARRAY 256 OF SET32;
    18. 

  18. 	tab1: ARRAY 256 OF SET32;
    19. 

  19. 

  20. TYPE
    21. 

  21. 	Cipher* = OBJECT (Ciphers.Cipher)
    22. 

  22. 			VAR keybits: LONGINT;
    23. 

  23. 				sbox: ARRAY 4 OF LONGINT;
    24. 

  24. 				subkeys: ARRAY 8 + 2*N OF LONGINT;
    25. 

  25. 				iv: Block;
    26. 

  26. 

  27. 				PROCEDURE InitKey*( CONST src: ARRAY OF CHAR; keybits: LONGINT );
    28. 

  28. 				CONST step = 02020202H;  bump = 01010101H;
    29. 

  29. 				VAR
    30. 

  30. 					i, A, B, m, nsub: LONGINT;
    31. 

  31. 					k32e, k32o: ARRAY 4 OF LONGINT;   (* even/odd key dwords *)
    32. 

  32. 				BEGIN
    33. 

  33. 					InitKey^( src, keybits );  SELF.keybits := keybits;
    34. 

  34. 					FOR i := 0 TO keybits DIV 32 - 1 DO
    35. 

  35. 						IF ODD( i ) THEN  k32o[i DIV 2] := U.IntFromBufferLE( src, i*4 )
    36. 

  36. 						ELSE  k32e[i DIV 2] := U.IntFromBufferLE( src, i*4 )
    37. 

  37. 						END
    38. 

  38. 					END;
    39. 

  39. 					m := keybits DIV 64 - 1;
    40. 

  40. 					FOR i := 0 TO m DO
    41. 

  41. 						(* compute S-box keys using (12,8) Reed-Solomon code over GF(256) *)
    42. 

  42. 						sbox[m - i] := Encode( k32e[i], k32o[i] );   (* reverse order *)
    43. 

  43. 					END;
    44. 

  44. 					nsub := 8 + N*2;
    45. 

  45. 					FOR i := 0 TO nsub DIV 2 - 1 DO
    46. 

  46. 						(* compute round subkeys for PHT *)
    47. 

  47. 						A := F32( S.VAL( SET32, i*step ), k32e, keybits );  			 (* A uses even key dwords *)
    48. 

  48. 						B := ROT( F32( S.VAL( SET32, i*step + bump ), k32o, keybits ), 8 );   (* B uses odd  key dwords *)
    49. 

  49. 						subkeys[i*2] := A + B;   							(* combine with a PHT *)
    50. 

  50. 						subkeys[i*2 + 1] := ROT( A + 2*B, 9 );
    51. 

  51. 					END
    52. 

  52. 				END InitKey;
    53. 

  53. 

  54. 				PROCEDURE SetIV*( CONST src: ARRAY OF CHAR; mode: SHORTINT );
    55. 

  55. 				VAR i: INTEGER;
    56. 

  56. 				BEGIN
    57. 

  57. 					SetIV^( src, mode );   (* set mode *)
    58. 

  58. 					FOR i := 0 TO 3 DO  iv[i] := U.SetFromBufferLE( src, 4*i )  END;
    59. 

  59. 				END SetIV;
    60. 

  60. 

  61. 				PROCEDURE Encrypt*( VAR buf: ARRAY OF CHAR;  ofs, len: LONGINT );
    62. 

  62. 				VAR i: LONGINT;
    63. 

  63. 				BEGIN
    64. 

  64. 					ASSERT( isKeyInitialized & (mode IN {Ciphers.ECB, Ciphers.CBC}) );
    65. 

  65. 					ASSERT( len MOD blockSize = 0 );   (* padding must have been added *)
    66. 

  66. 					i := 0;
    67. 

  67. 					WHILE i < len DO  EncryptBlock( buf, ofs + i );  INC( i, blockSize );   END
    68. 

  68. 				END Encrypt;
    69. 

  69. 

  70. 				PROCEDURE Decrypt*( VAR buf: ARRAY OF CHAR;  ofs, len: LONGINT );
    71. 

  71. 				VAR i: LONGINT;
    72. 

  72. 				BEGIN
    73. 

  73. 					ASSERT( isKeyInitialized );
    74. 

  74. 					ASSERT( len MOD blockSize = 0 );   (* padding must have been added *)
    75. 

  75. 					i := 0;
    76. 

  76. 					WHILE i < len DO  DecryptBlock( buf, ofs + i );  INC( i, blockSize );   END
    77. 

  77. 				END Decrypt;
    78. 

  78. 

  79. 				PROCEDURE EncryptBlock( VAR buf: ARRAY OF CHAR;  pos: LONGINT );
    80. 

  80. 				VAR x: Block;  t0, t1, i, r: LONGINT;  s0, s1: SET32;
    81. 

  81. 				BEGIN
    82. 

  82. 					(* copy in the block, add whitening *)
    83. 

  83. 					FOR i := 0 TO 3 DO
    84. 

  84. 						x[i] := U.SetFromBufferLE( buf, pos + i*4 ) / S.VAL( SET32, subkeys[i] );
    85. 

  85. 						IF mode = Ciphers.CBC THEN  x[i] := x[i] / iv[i]  END
    86. 

  86. 					END;
    87. 

  87. 					(* main Twofish encryption loop *)
    88. 

  88. 					FOR r := 0 TO N - 1 DO
    89. 

  89. 						t0 := F32( x[0], sbox, keybits );
    90. 

  90. 						t1 := F32( ROT( x[1], 8 ), sbox, keybits );
    91. 

  91. 						x[2] := ROT( x[2] / S.VAL( SET32, t0 + t1 + subkeys[8 + 2*r] ), -1 );
    92. 

  92. 						x[3] := ROT( x[3], 1 ) / S.VAL( SET32, t0 + t1*2 + subkeys[8 + 2*r + 1] );
    93. 

  93. 						IF r < N - 1 THEN  (* unswap, except for last round *)
    94. 

  94. 							s0 := x[0];  x[0] := x[2];  x[2] := s0;  s1 := x[1];  x[1] := x[3];  x[3] := s1;
    95. 

  95. 						END
    96. 

  96. 					END;
    97. 

  97. 					(* copy out, with whitening *)
    98. 

  98. 					FOR i := 0 TO 3 DO
    99. 

  99. 						x[i] := x[i] / S.VAL( SET32, subkeys[4 + i] );  U.SetToBufferLE( x[i], buf, pos + i*4 );
    100. 

  100. 						IF mode = Ciphers.CBC THEN  iv[i] := x[i]  END
    101. 

  101. 					END;
    102. 

  102. 				END EncryptBlock;
    103. 

  103. 

  104. 				PROCEDURE DecryptBlock( VAR buf: ARRAY OF CHAR;  pos: LONGINT );
    105. 

  105. 				VAR x0, x: Block;  t0, t1, i, r: LONGINT;  s0, s1: SET32;
    106. 

  106. 				BEGIN
    107. 

  107. 					(* copy in the block, add whitening *)
    108. 

  108. 					FOR i := 0 TO 3 DO
    109. 

  109. 						x0[i] := U.SetFromBufferLE( buf, pos + i*4 );
    110. 

  110. 						x[i] := x0[i] / S.VAL( SET32, subkeys[4 + i] );
    111. 

  111. 					END;
    112. 

  112. 					(* main Twofish decryption loop *)
    113. 

  113. 					FOR r := N - 1 TO 0 BY -1 DO
    114. 

  114. 						t0 := F32( x[0], sbox, keybits );
    115. 

  115. 						t1 := F32( ROT( x[1], 8 ), sbox, keybits );
    116. 

  116. 						x[2] := ROT( x[2], 1 );  x[2] := x[2] / S.VAL( SET32, t0 + t1 + subkeys[8 + 2*r] );
    117. 

  117. 						x[3] := ROT( x[3] / S.VAL( SET32, t0 + t1*2 + subkeys[8 + 2*r + 1] ), -1 );
    118. 

  118. 						IF r > 0 THEN  (* unswap, except for last round *)
    119. 

  119. 							s0 := x[0];  x[0] := x[2];  x[2] := s0;
    120. 

  120. 							s1 := x[1];  x[1] := x[3];  x[3] := s1;
    121. 

  121. 						END
    122. 

  122. 					END;
    123. 

  123. 					(* copy out, with whitening *)
    124. 

  124. 					FOR i := 0 TO 3 DO
    125. 

  125. 						x[i] := x[i] / S.VAL( SET32, subkeys[i] );
    126. 

  126. 						IF mode = Ciphers.CBC THEN  x[i] := x[i] / iv[i];  iv[i] := x0[i]  END;
    127. 

  127. 						U.SetToBufferLE( x[i], buf, pos + i*4 );
    128. 

  128. 					END;
    129. 

  129. 				END DecryptBlock;
    130. 

  130. 

  131. 				PROCEDURE & Init*;
    132. 

  132. 				BEGIN
    133. 

  133. 					SetNameAndBlocksize( "twofish", 16 )
    134. 

  134. 				END Init;
    135. 

  135. 

  136. 			END Cipher;
    137. 

  137. 

  138. 	PROCEDURE NewCipher*(): Ciphers.Cipher;
    139. 

  139. 	VAR cipher: Cipher;
    140. 

  140. 	BEGIN
    141. 

  141. 		NEW( cipher );  RETURN cipher
    142. 

  142. 	END NewCipher;
    143. 

  143. 

  144. (*-------------------------------------------------------------------------------*)
    145. 

  145. 

  146. CONST
    147. 

  147. 	FDBK = 169H;
    148. 

  148. 	Fdbk2 = S.VAL( SET32, FDBK DIV 2 );
    149. 

  149. 	Fdbk4 = S.VAL( SET32, FDBK DIV 4 );
    150. 

  150. 	Byte0 = S.VAL( SET32, 0FFH );
    151. 

  151. 	S14d = S.VAL( SET32, 14DH );
    152. 

  152. 	S0a6 = S.VAL( SET32, 0A6H );
    153. 

  153. 

  154. 

  155. 	PROCEDURE m1( x: LONGINT ): SET32;
    156. 

  156. 	BEGIN
    157. 

  157. 		RETURN S.VAL( SET32, x )
    158. 

  158. 	END m1;
    159. 

  159. 

  160. 	PROCEDURE mx( x: LONGINT ): SET32;
    161. 

  161. 	VAR t: SET32;
    162. 

  162. 	BEGIN
    163. 

  163. 		t := S.VAL( SET32, x DIV 4 );
    164. 

  164. 		IF ODD( x DIV 2 ) THEN  t := t / Fdbk2  END;
    165. 

  165. 		IF ODD( x ) THEN  t := t / Fdbk4  END;
    166. 

  166. 		RETURN S.VAL( SET32, x ) / t
    167. 

  167. 	END mx;
    168. 

  168. 

  169. 	PROCEDURE my( x: LONGINT ): SET32;
    170. 

  170. 	VAR t1, t2: SET32;
    171. 

  171. 	BEGIN
    172. 

  172. 		t1 := S.VAL( SET32, x DIV 2 );  t2 := S.VAL( SET32, x DIV 4 );
    173. 

  173. 		IF ODD( x DIV 2 ) THEN  t2 := t2 / Fdbk2  END;
    174. 

  174. 		IF ODD( x ) THEN  t1 := t1 / Fdbk2;  t2 := t2 / Fdbk4  END;
    175. 

  175. 		RETURN S.VAL( SET32, x ) / t1 / t2
    176. 

  176. 	END my;
    177. 

  177. 

  178. 	PROCEDURE split( x: LONGINT;  VAR v: SKey );
    179. 

  179. 	BEGIN
    180. 

  180. 		v[3] := S.VAL( SET32, x DIV 1000000H MOD 100H );
    181. 

  181. 		v[2] := S.VAL( SET32, x DIV 10000H MOD 100H );
    182. 

  182. 		v[1] := S.VAL( SET32, x DIV 100H MOD 100H );
    183. 

  183. 		v[0] := S.VAL( SET32, x MOD 100H );
    184. 

  184. 	END split;
    185. 

  185. 

  186. 	PROCEDURE -Int( x: SET32 ): LONGINT;
    187. 

  187. 	BEGIN
    188. 

  188. 		RETURN S.VAL( LONGINT, x )
    189. 

  189. 	END Int;
    190. 

  190. 

  191. 

  192. 	PROCEDURE F32( x: SET32;  CONST k32: ARRAY OF LONGINT;  keybits: LONGINT ): LONGINT;
    193. 

  193. 	VAR a, b, c, d, l: LONGINT;  k, k1: SKey;
    194. 

  194. 	BEGIN
    195. 

  195. 		(* Run each byte thru 8x8 S-boxes, xoring with key byte at each stage. *)
    196. 

  196. 		(* Note that each byte goes through a different combination of S-boxes.*)
    197. 

  197. 		d := Int( x ) DIV 1000000H MOD 100H;
    198. 

  198. 		c := Int( x ) DIV 10000H MOD 100H;
    199. 

  199. 		b := Int( x ) DIV 100H MOD 100H;
    200. 

  200. 		a := Int( x ) MOD 100H;
    201. 

  201. 

  202. 		l := ((keybits + 63) DIV 64) MOD 4;
    203. 

  203. 		IF l = 0 THEN  (* 256 bits of key *)
    204. 

  204. 			split( k32[3], k );
    205. 

  205. 			a := Int( tab1[a] / k[0] );
    206. 

  206. 			b := Int( tab0[b] / k[1] );
    207. 

  207. 			c := Int( tab0[c] / k[2] );
    208. 

  208. 			d := Int( tab1[d] / k[3] );
    209. 

  209. 		END;
    210. 

  210. 		IF l IN {0, 3} THEN  (* 192 <= bits of key *)
    211. 

  211. 			split( k32[2], k );
    212. 

  212. 			a := Int( tab1[a] / k[0] );
    213. 

  213. 			b := Int( tab1[b] / k[1] );
    214. 

  214. 			c := Int( tab0[c] / k[2] );
    215. 

  215. 			d := Int( tab0[d] / k[3] )
    216. 

  216. 		END;
    217. 

  217. 		(* 128 <= bits of key *)
    218. 

  218. 		split( k32[1], k1 );  split( k32[0], k );
    219. 

  219. 		a := Int( tab1[Int( tab0[Int( tab0[a] / k1[0] )] / k[0] )] );
    220. 

  220. 		b := Int( tab0[Int( tab0[Int( tab1[b] / k1[1] )] / k[1] )] );
    221. 

  221. 		c := Int( tab1[Int( tab1[Int( tab0[c] / k1[2] )] / k[2] )] );
    222. 

  222. 		d := Int( tab0[Int( tab1[Int( tab1[d] / k1[3] )] / k[3] )] );
    223. 

  223. 

  224. 		(* Now perform the MDS matrix multiply  *)
    225. 

  225. 		RETURN Int( m1( a ) / my( b ) / mx( c ) / mx( d ) ) +
    226. 

  226. 				ASH( Int( mx( a ) / my( b ) / my( c ) / m1( d ) ), 8 ) +
    227. 

  227. 				ASH( Int( my( a ) / mx( b ) / m1( c ) / my( d ) ), 16 ) +
    228. 

  228. 				ASH( Int( my( a ) / m1( b ) / my( c ) / mx( d ) ), 24 )
    229. 

  229. 	END F32;
    230. 

  230. 

  231. 	(* RS_MDS_Encode *)
    232. 

  232. 	PROCEDURE Encode( k0, k1: LONGINT ): LONGINT;
    233. 

  233. 	VAR i, j, b: LONGINT;  r, g2, g2s16, g3, g3s8, g3s24: SET32;
    234. 

  234. 	BEGIN
    235. 

  235. 		r := S.VAL( SET32, k1 );
    236. 

  236. 		FOR i := 0 TO 1 DO
    237. 

  237. 			IF i # 0 THEN  r := r / S.VAL( SET32, k0 )  END;
    238. 

  238. 			FOR j := 0 TO 3 DO
    239. 

  239. 				b := S.VAL( LONGINT, LSH( r, -24 ) );
    240. 

  240. 

  241. 				g2 := S.VAL( SET32, b*2 );
    242. 

  242. 				IF b > 7FH THEN  g2 := (g2 / S14d) * Byte0  END;
    243. 

  243. 				g2s16 := LSH( g2, 16 );
    244. 

  244. 

  245. 				g3 := S.VAL( SET32, b DIV 2 ) / g2;
    246. 

  246. 				IF ODD( b ) THEN  g3 := g3 / S0a6  END;
    247. 

  247. 				g3s8 := LSH( g3, 8 );
    248. 

  248. 				g3s24 := LSH( g3s8, 16 );
    249. 

  249. 

  250. 				r := LSH( r, 8 ) / g3s24 / g2s16 / g3s8 / S.VAL( SET32, b )
    251. 

  251. 			END
    252. 

  252. 		END;
    253. 

  253. 		RETURN S.VAL( LONGINT, r )
    254. 

  254. 	END Encode;
    255. 

  255. 

  256. 

  257. 

  258. 	PROCEDURE Init0;
    259. 

  259. 	VAR
    260. 

  260. 		buf: U.InitBuffer;  i: LONGINT;
    261. 

  261. 	BEGIN
    262. 

  262. 		NEW( buf, 2048 );
    263. 

  263. 		buf.Add( "0A9 067 0B3 0E8 004 0FD 0A3 076 09A 092 080 078 0E4 0DD 0D1 038 " );
    264. 

  264. 		buf.Add( "00D 0C6 035 098 018 0F7 0EC 06C 043 075 037 026 0FA 013 094 048 " );
    265. 

  265. 		buf.Add( "0F2 0D0 08B 030 084 054 0DF 023 019 05B 03D 059 0F3 0AE 0A2 082 " );
    266. 

  266. 		buf.Add( "063 001 083 02E 0D9 051 09B 07C 0A6 0EB 0A5 0BE 016 00C 0E3 061 " );
    267. 

  267. 		buf.Add( "0C0 08C 03A 0F5 073 02C 025 00B 0BB 04E 089 06B 053 06A 0B4 0F1 " );
    268. 

  268. 		buf.Add( "0E1 0E6 0BD 045 0E2 0F4 0B6 066 0CC 095 003 056 0D4 01C 01E 0D7 " );
    269. 

  269. 		buf.Add( "0FB 0C3 08E 0B5 0E9 0CF 0BF 0BA 0EA 077 039 0AF 033 0C9 062 071 " );
    270. 

  270. 		buf.Add( "081 079 009 0AD 024 0CD 0F9 0D8 0E5 0C5 0B9 04D 044 008 086 0E7 " );
    271. 

  271. 		buf.Add( "0A1 01D 0AA 0ED 006 070 0B2 0D2 041 07B 0A0 011 031 0C2 027 090 " );
    272. 

  272. 		buf.Add( "020 0F6 060 0FF 096 05C 0B1 0AB 09E 09C 052 01B 05F 093 00A 0EF " );
    273. 

  273. 		buf.Add( "091 085 049 0EE 02D 04F 08F 03B 047 087 06D 046 0D6 03E 069 064 " );
    274. 

  274. 		buf.Add( "02A 0CE 0CB 02F 0FC 097 005 07A 0AC 07F 0D5 01A 04B 00E 0A7 05A " );
    275. 

  275. 		buf.Add( "028 014 03F 029 088 03C 04C 002 0B8 0DA 0B0 017 055 01F 08A 07D " );
    276. 

  276. 		buf.Add( "057 0C7 08D 074 0B7 0C4 09F 072 07E 015 022 012 058 007 099 034 " );
    277. 

  277. 		buf.Add( "06E 050 0DE 068 065 0BC 0DB 0F8 0C8 0A8 02B 040 0DC 0FE 032 0A4 " );
    278. 

  278. 		buf.Add( "0CA 010 021 0F0 0D3 05D 00F 000 06F 09D 036 042 04A 05E 0C1 0E0 " );
    279. 

  279. 		FOR i := 0 TO 255 DO  tab0[i] :=  buf.GetSet()  END;
    280. 

  280. 

  281. 		buf.Init( 2048 );
    282. 

  282. 		buf.Add( "075 0F3 0C6 0F4 0DB 07B 0FB 0C8 04A 0D3 0E6 06B 045 07D 0E8 04B " );
    283. 

  283. 		buf.Add( "0D6 032 0D8 0FD 037 071 0F1 0E1 030 00F 0F8 01B 087 0FA 006 03F " );
    284. 

  284. 		buf.Add( "05E 0BA 0AE 05B 08A 000 0BC 09D 06D 0C1 0B1 00E 080 05D 0D2 0D5 " );
    285. 

  285. 		buf.Add( "0A0 084 007 014 0B5 090 02C 0A3 0B2 073 04C 054 092 074 036 051 " );
    286. 

  286. 		buf.Add( "038 0B0 0BD 05A 0FC 060 062 096 06C 042 0F7 010 07C 028 027 08C " );
    287. 

  287. 		buf.Add( "013 095 09C 0C7 024 046 03B 070 0CA 0E3 085 0CB 011 0D0 093 0B8 " );
    288. 

  288. 		buf.Add( "0A6 083 020 0FF 09F 077 0C3 0CC 003 06F 008 0BF 040 0E7 02B 0E2 " );
    289. 

  289. 		buf.Add( "079 00C 0AA 082 041 03A 0EA 0B9 0E4 09A 0A4 097 07E 0DA 07A 017 " );
    290. 

  290. 		buf.Add( "066 094 0A1 01D 03D 0F0 0DE 0B3 00B 072 0A7 01C 0EF 0D1 053 03E " );
    291. 

  291. 		buf.Add( "08F 033 026 05F 0EC 076 02A 049 081 088 0EE 021 0C4 01A 0EB 0D9 " );
    292. 

  292. 		buf.Add( "0C5 039 099 0CD 0AD 031 08B 001 018 023 0DD 01F 04E 02D 0F9 048 " );
    293. 

  293. 		buf.Add( "04F 0F2 065 08E 078 05C 058 019 08D 0E5 098 057 067 07F 005 064 " );
    294. 

  294. 		buf.Add( "0AF 063 0B6 0FE 0F5 0B7 03C 0A5 0CE 0E9 068 044 0E0 04D 043 069 " );
    295. 

  295. 		buf.Add( "029 02E 0AC 015 059 0A8 00A 09E 06E 047 0DF 034 035 06A 0CF 0DC " );
    296. 

  296. 		buf.Add( "022 0C9 0C0 09B 089 0D4 0ED 0AB 012 0A2 00D 052 0BB 002 02F 0A9 " );
    297. 

  297. 		buf.Add( "0D7 061 01E 0B4 050 004 0F6 0C2 016 025 086 056 055 009 0BE 091 " );
    298. 

  298. 		FOR i := 0 TO 255 DO  tab1[i] :=  buf.GetSet()  END;
    299. 

  299. 	END Init0;
    300. 

  300. 

  301. BEGIN
    302. 

  302. 	Init0
    303. 

  303. END CryptoTwofish.
    304.