Guest User

Untitled

a guest
Aug 4th, 2018
133
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. package models;
  2.  
  3.  
  4.  
  5. import java.io.PrintWriter;
  6. import java.security.InvalidKeyException;
  7. //...........................................................................
  8. /**
  9. * Twofish is an AES candidate algorithm. It is a balanced 128-bit Feistel
  10. * cipher, consisting of 16 rounds. In each round, a 64-bit S-box value is
  11. * computed from 64 bits of the block, and this value is xored into the other
  12. * half of the block. The two half-blocks are then exchanged, and the next
  13. * round begins. Before the first round, all input bits are xored with key-
  14. * dependent "whitening" subkeys, and after the final round the output bits
  15. * are xored with other key-dependent whitening subkeys; these subkeys are
  16. * not used anywhere else in the algorithm.<p>
  17. *
  18. * Twofish was submitted by Bruce Schneier, Doug Whiting, John Kelsey, Chris
  19. * Hall and David Wagner.<p>
  20. *
  21. * Reference:<ol>
  22. * <li>TWOFISH2.C -- Optimized C API calls for TWOFISH AES submission,
  23. * Version 1.00, April 1998, by Doug Whiting.</ol><p>
  24. *
  25. * <b>Copyright</b> &copy; 1998
  26. * <a href="http://www.systemics.com/">Systemics Ltd</a> on behalf of the
  27. * <a href="http://www.systemics.com/docs/cryptix/">Cryptix Development Team</a>.
  28. * <br>All rights reserved.<p>
  29. *
  30. * <b>$Revision: $</b>
  31. * @author Raif S. Naffah
  32. */
  33. public final class MyFish // implicit no-argument constructor
  34. {
  35. // Debugging methods and variables
  36. //...........................................................................
  37. static final String NAME = "Twofish_Algorithm";
  38. static final boolean IN = true, OUT = false;
  39. static final boolean DEBUG = TwofishProperties.GLOBAL_DEBUG;
  40. static final int debuglevel = DEBUG ? TwofishProperties.getLevel(NAME) : 0;
  41. static final PrintWriter err = DEBUG ? TwofishProperties.getOutput() : null;
  42. static final boolean TRACE = TwofishProperties.isTraceable(NAME);
  43. static void debug (String s) { err.println(">>> "+NAME+": "+s); }
  44. static void trace (boolean in, String s) {
  45. if (TRACE) err.println((in?"==> ":"<== ")+NAME+"."+s);
  46. }
  47. static void trace (String s) { if (TRACE) err.println("<=> "+NAME+"."+s); }
  48. // Constants and variables
  49. //...........................................................................
  50. static final int BLOCK_SIZE = 16; // bytes in a data-block
  51. private static final int ROUNDS = 16;
  52. private static final int MAX_ROUNDS = 16; // max # rounds (for allocating subkeys)
  53.  
  54. /* Subkey array indices */
  55. private static final int INPUT_WHITEN = 0;
  56. private static final int OUTPUT_WHITEN = INPUT_WHITEN + BLOCK_SIZE/4;
  57. private static final int ROUND_SUBKEYS = OUTPUT_WHITEN + BLOCK_SIZE/4; // 2*(# rounds)
  58. private static final int TOTAL_SUBKEYS = ROUND_SUBKEYS + 2*MAX_ROUNDS;
  59. private static final int SK_STEP = 0x02020202;
  60. private static final int SK_BUMP = 0x01010101;
  61. private static final int SK_ROTL = 9;
  62. /** Fixed 8x8 permutation S-boxes */
  63. private static final byte[][] P = new byte[][] {
  64. { // p0
  65. (byte) 0xA9, (byte) 0x67, (byte) 0xB3, (byte) 0xE8,
  66. (byte) 0x04, (byte) 0xFD, (byte) 0xA3, (byte) 0x76,
  67. (byte) 0x9A, (byte) 0x92, (byte) 0x80, (byte) 0x78,
  68. (byte) 0xE4, (byte) 0xDD, (byte) 0xD1, (byte) 0x38,
  69. (byte) 0x0D, (byte) 0xC6, (byte) 0x35, (byte) 0x98,
  70. (byte) 0x18, (byte) 0xF7, (byte) 0xEC, (byte) 0x6C,
  71. (byte) 0x43, (byte) 0x75, (byte) 0x37, (byte) 0x26,
  72. (byte) 0xFA, (byte) 0x13, (byte) 0x94, (byte) 0x48,
  73. (byte) 0xF2, (byte) 0xD0, (byte) 0x8B, (byte) 0x30,
  74. (byte) 0x84, (byte) 0x54, (byte) 0xDF, (byte) 0x23,
  75. (byte) 0x19, (byte) 0x5B, (byte) 0x3D, (byte) 0x59,
  76. (byte) 0xF3, (byte) 0xAE, (byte) 0xA2, (byte) 0x82,
  77. (byte) 0x63, (byte) 0x01, (byte) 0x83, (byte) 0x2E,
  78. (byte) 0xD9, (byte) 0x51, (byte) 0x9B, (byte) 0x7C,
  79. (byte) 0xA6, (byte) 0xEB, (byte) 0xA5, (byte) 0xBE,
  80. (byte) 0x16, (byte) 0x0C, (byte) 0xE3, (byte) 0x61,
  81. (byte) 0xC0, (byte) 0x8C, (byte) 0x3A, (byte) 0xF5,
  82. (byte) 0x73, (byte) 0x2C, (byte) 0x25, (byte) 0x0B,
  83. (byte) 0xBB, (byte) 0x4E, (byte) 0x89, (byte) 0x6B,
  84. (byte) 0x53, (byte) 0x6A, (byte) 0xB4, (byte) 0xF1,
  85. (byte) 0xE1, (byte) 0xE6, (byte) 0xBD, (byte) 0x45,
  86. (byte) 0xE2, (byte) 0xF4, (byte) 0xB6, (byte) 0x66,
  87. (byte) 0xCC, (byte) 0x95, (byte) 0x03, (byte) 0x56,
  88. (byte) 0xD4, (byte) 0x1C, (byte) 0x1E, (byte) 0xD7,
  89. (byte) 0xFB, (byte) 0xC3, (byte) 0x8E, (byte) 0xB5,
  90. (byte) 0xE9, (byte) 0xCF, (byte) 0xBF, (byte) 0xBA,
  91. (byte) 0xEA, (byte) 0x77, (byte) 0x39, (byte) 0xAF,
  92. (byte) 0x33, (byte) 0xC9, (byte) 0x62, (byte) 0x71,
  93. (byte) 0x81, (byte) 0x79, (byte) 0x09, (byte) 0xAD,
  94. (byte) 0x24, (byte) 0xCD, (byte) 0xF9, (byte) 0xD8,
  95. (byte) 0xE5, (byte) 0xC5, (byte) 0xB9, (byte) 0x4D,
  96. (byte) 0x44, (byte) 0x08, (byte) 0x86, (byte) 0xE7,
  97. (byte) 0xA1, (byte) 0x1D, (byte) 0xAA, (byte) 0xED,
  98. (byte) 0x06, (byte) 0x70, (byte) 0xB2, (byte) 0xD2,
  99. (byte) 0x41, (byte) 0x7B, (byte) 0xA0, (byte) 0x11,
  100. (byte) 0x31, (byte) 0xC2, (byte) 0x27, (byte) 0x90,
  101. (byte) 0x20, (byte) 0xF6, (byte) 0x60, (byte) 0xFF,
  102. (byte) 0x96, (byte) 0x5C, (byte) 0xB1, (byte) 0xAB,
  103. (byte) 0x9E, (byte) 0x9C, (byte) 0x52, (byte) 0x1B,
  104. (byte) 0x5F, (byte) 0x93, (byte) 0x0A, (byte) 0xEF,
  105. (byte) 0x91, (byte) 0x85, (byte) 0x49, (byte) 0xEE,
  106. (byte) 0x2D, (byte) 0x4F, (byte) 0x8F, (byte) 0x3B,
  107. (byte) 0x47, (byte) 0x87, (byte) 0x6D, (byte) 0x46,
  108. (byte) 0xD6, (byte) 0x3E, (byte) 0x69, (byte) 0x64,
  109. (byte) 0x2A, (byte) 0xCE, (byte) 0xCB, (byte) 0x2F,
  110. (byte) 0xFC, (byte) 0x97, (byte) 0x05, (byte) 0x7A,
  111. (byte) 0xAC, (byte) 0x7F, (byte) 0xD5, (byte) 0x1A,
  112. (byte) 0x4B, (byte) 0x0E, (byte) 0xA7, (byte) 0x5A,
  113. (byte) 0x28, (byte) 0x14, (byte) 0x3F, (byte) 0x29,
  114. (byte) 0x88, (byte) 0x3C, (byte) 0x4C, (byte) 0x02,
  115. (byte) 0xB8, (byte) 0xDA, (byte) 0xB0, (byte) 0x17,
  116. (byte) 0x55, (byte) 0x1F, (byte) 0x8A, (byte) 0x7D,
  117. (byte) 0x57, (byte) 0xC7, (byte) 0x8D, (byte) 0x74,
  118. (byte) 0xB7, (byte) 0xC4, (byte) 0x9F, (byte) 0x72,
  119. (byte) 0x7E, (byte) 0x15, (byte) 0x22, (byte) 0x12,
  120. (byte) 0x58, (byte) 0x07, (byte) 0x99, (byte) 0x34,
  121. (byte) 0x6E, (byte) 0x50, (byte) 0xDE, (byte) 0x68,
  122. (byte) 0x65, (byte) 0xBC, (byte) 0xDB, (byte) 0xF8,
  123. (byte) 0xC8, (byte) 0xA8, (byte) 0x2B, (byte) 0x40,
  124. (byte) 0xDC, (byte) 0xFE, (byte) 0x32, (byte) 0xA4,
  125. (byte) 0xCA, (byte) 0x10, (byte) 0x21, (byte) 0xF0,
  126. (byte) 0xD3, (byte) 0x5D, (byte) 0x0F, (byte) 0x00,
  127. (byte) 0x6F, (byte) 0x9D, (byte) 0x36, (byte) 0x42,
  128. (byte) 0x4A, (byte) 0x5E, (byte) 0xC1, (byte) 0xE0
  129. },
  130. { // p1
  131. (byte) 0x75, (byte) 0xF3, (byte) 0xC6, (byte) 0xF4,
  132. (byte) 0xDB, (byte) 0x7B, (byte) 0xFB, (byte) 0xC8,
  133. (byte) 0x4A, (byte) 0xD3, (byte) 0xE6, (byte) 0x6B,
  134. (byte) 0x45, (byte) 0x7D, (byte) 0xE8, (byte) 0x4B,
  135. (byte) 0xD6, (byte) 0x32, (byte) 0xD8, (byte) 0xFD,
  136. (byte) 0x37, (byte) 0x71, (byte) 0xF1, (byte) 0xE1,
  137. (byte) 0x30, (byte) 0x0F, (byte) 0xF8, (byte) 0x1B,
  138. (byte) 0x87, (byte) 0xFA, (byte) 0x06, (byte) 0x3F,
  139. (byte) 0x5E, (byte) 0xBA, (byte) 0xAE, (byte) 0x5B,
  140. (byte) 0x8A, (byte) 0x00, (byte) 0xBC, (byte) 0x9D,
  141. (byte) 0x6D, (byte) 0xC1, (byte) 0xB1, (byte) 0x0E,
  142. (byte) 0x80, (byte) 0x5D, (byte) 0xD2, (byte) 0xD5,
  143. (byte) 0xA0, (byte) 0x84, (byte) 0x07, (byte) 0x14,
  144. (byte) 0xB5, (byte) 0x90, (byte) 0x2C, (byte) 0xA3,
  145. (byte) 0xB2, (byte) 0x73, (byte) 0x4C, (byte) 0x54,
  146. (byte) 0x92, (byte) 0x74, (byte) 0x36, (byte) 0x51,
  147. (byte) 0x38, (byte) 0xB0, (byte) 0xBD, (byte) 0x5A,
  148. (byte) 0xFC, (byte) 0x60, (byte) 0x62, (byte) 0x96,
  149. (byte) 0x6C, (byte) 0x42, (byte) 0xF7, (byte) 0x10,
  150. (byte) 0x7C, (byte) 0x28, (byte) 0x27, (byte) 0x8C,
  151. (byte) 0x13, (byte) 0x95, (byte) 0x9C, (byte) 0xC7,
  152. (byte) 0x24, (byte) 0x46, (byte) 0x3B, (byte) 0x70,
  153. (byte) 0xCA, (byte) 0xE3, (byte) 0x85, (byte) 0xCB,
  154. (byte) 0x11, (byte) 0xD0, (byte) 0x93, (byte) 0xB8,
  155. (byte) 0xA6, (byte) 0x83, (byte) 0x20, (byte) 0xFF,
  156. (byte) 0x9F, (byte) 0x77, (byte) 0xC3, (byte) 0xCC,
  157. (byte) 0x03, (byte) 0x6F, (byte) 0x08, (byte) 0xBF,
  158. (byte) 0x40, (byte) 0xE7, (byte) 0x2B, (byte) 0xE2,
  159. (byte) 0x79, (byte) 0x0C, (byte) 0xAA, (byte) 0x82,
  160. (byte) 0x41, (byte) 0x3A, (byte) 0xEA, (byte) 0xB9,
  161. (byte) 0xE4, (byte) 0x9A, (byte) 0xA4, (byte) 0x97,
  162. (byte) 0x7E, (byte) 0xDA, (byte) 0x7A, (byte) 0x17,
  163. (byte) 0x66, (byte) 0x94, (byte) 0xA1, (byte) 0x1D,
  164. (byte) 0x3D, (byte) 0xF0, (byte) 0xDE, (byte) 0xB3,
  165. (byte) 0x0B, (byte) 0x72, (byte) 0xA7, (byte) 0x1C,
  166. (byte) 0xEF, (byte) 0xD1, (byte) 0x53, (byte) 0x3E,
  167. (byte) 0x8F, (byte) 0x33, (byte) 0x26, (byte) 0x5F,
  168. (byte) 0xEC, (byte) 0x76, (byte) 0x2A, (byte) 0x49,
  169. (byte) 0x81, (byte) 0x88, (byte) 0xEE, (byte) 0x21,
  170. (byte) 0xC4, (byte) 0x1A, (byte) 0xEB, (byte) 0xD9,
  171. (byte) 0xC5, (byte) 0x39, (byte) 0x99, (byte) 0xCD,
  172. (byte) 0xAD, (byte) 0x31, (byte) 0x8B, (byte) 0x01,
  173. (byte) 0x18, (byte) 0x23, (byte) 0xDD, (byte) 0x1F,
  174. (byte) 0x4E, (byte) 0x2D, (byte) 0xF9, (byte) 0x48,
  175. (byte) 0x4F, (byte) 0xF2, (byte) 0x65, (byte) 0x8E,
  176. (byte) 0x78, (byte) 0x5C, (byte) 0x58, (byte) 0x19,
  177. (byte) 0x8D, (byte) 0xE5, (byte) 0x98, (byte) 0x57,
  178. (byte) 0x67, (byte) 0x7F, (byte) 0x05, (byte) 0x64,
  179. (byte) 0xAF, (byte) 0x63, (byte) 0xB6, (byte) 0xFE,
  180. (byte) 0xF5, (byte) 0xB7, (byte) 0x3C, (byte) 0xA5,
  181. (byte) 0xCE, (byte) 0xE9, (byte) 0x68, (byte) 0x44,
  182. (byte) 0xE0, (byte) 0x4D, (byte) 0x43, (byte) 0x69,
  183. (byte) 0x29, (byte) 0x2E, (byte) 0xAC, (byte) 0x15,
  184. (byte) 0x59, (byte) 0xA8, (byte) 0x0A, (byte) 0x9E,
  185. (byte) 0x6E, (byte) 0x47, (byte) 0xDF, (byte) 0x34,
  186. (byte) 0x35, (byte) 0x6A, (byte) 0xCF, (byte) 0xDC,
  187. (byte) 0x22, (byte) 0xC9, (byte) 0xC0, (byte) 0x9B,
  188. (byte) 0x89, (byte) 0xD4, (byte) 0xED, (byte) 0xAB,
  189. (byte) 0x12, (byte) 0xA2, (byte) 0x0D, (byte) 0x52,
  190. (byte) 0xBB, (byte) 0x02, (byte) 0x2F, (byte) 0xA9,
  191. (byte) 0xD7, (byte) 0x61, (byte) 0x1E, (byte) 0xB4,
  192. (byte) 0x50, (byte) 0x04, (byte) 0xF6, (byte) 0xC2,
  193. (byte) 0x16, (byte) 0x25, (byte) 0x86, (byte) 0x56,
  194. (byte) 0x55, (byte) 0x09, (byte) 0xBE, (byte) 0x91
  195. }
  196. };
  197. /**
  198. * Define the fixed p0/p1 permutations used in keyed S-box lookup.
  199. * By changing the following constant definitions, the S-boxes will
  200. * automatically get changed in the Twofish engine.
  201. */
  202. private static final int P_00 = 1;
  203. private static final int P_01 = 0;
  204. private static final int P_02 = 0;
  205. private static final int P_03 = P_01 ^ 1;
  206. private static final int P_04 = 1;
  207. private static final int P_10 = 0;
  208. private static final int P_11 = 0;
  209. private static final int P_12 = 1;
  210. private static final int P_13 = P_11 ^ 1;
  211. private static final int P_14 = 0;
  212. private static final int P_20 = 1;
  213. private static final int P_21 = 1;
  214. private static final int P_22 = 0;
  215. private static final int P_23 = P_21 ^ 1;
  216. private static final int P_24 = 0;
  217. private static final int P_30 = 0;
  218. private static final int P_31 = 1;
  219. private static final int P_32 = 1;
  220. private static final int P_33 = P_31 ^ 1;
  221. private static final int P_34 = 1;
  222. /** Primitive polynomial for GF(256) */
  223. private static final int GF256_FDBK = 0x169;
  224. private static final int GF256_FDBK_2 = 0x169 / 2;
  225. private static final int GF256_FDBK_4 = 0x169 / 4;
  226. /** MDS matrix */
  227. private static final int[][] MDS = new int[4][256]; // blank final
  228. private static final int RS_GF_FDBK = 0x14D; // field generator
  229. /** data for hexadecimal visualisation. */
  230. private static final char[] HEX_DIGITS = {
  231. '0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'
  232. };
  233. // Static code - to intialise the MDS matrix
  234. //...........................................................................
  235. static {
  236. long time = System.currentTimeMillis();
  237. if (DEBUG && debuglevel > 6) {
  238. System.out.println("Algorithm Name: "+TwofishProperties.FULL_NAME);
  239. System.out.println("Electronic Codebook (ECB) Mode");
  240. System.out.println();
  241. }
  242. //
  243. // precompute the MDS matrix
  244. //
  245. int[] m1 = new int[2];
  246. int[] mX = new int[2];
  247. int[] mY = new int[2];
  248. int i, j;
  249. for (i = 0; i < 256; i++) {
  250. j = P[0][i] & 0xFF; // compute all the matrix elements
  251. m1[0] = j;
  252. mX[0] = Mx_X( j ) & 0xFF;
  253. mY[0] = Mx_Y( j ) & 0xFF;
  254. j = P[1][i] & 0xFF;
  255. m1[1] = j;
  256. mX[1] = Mx_X( j ) & 0xFF;
  257. mY[1] = Mx_Y( j ) & 0xFF;
  258. MDS[0][i] = m1[P_00] << 0 | // fill matrix w/ above elements
  259. mX[P_00] << 8 |
  260. mY[P_00] << 16 |
  261. mY[P_00] << 24;
  262. MDS[1][i] = mY[P_10] << 0 |
  263. mY[P_10] << 8 |
  264. mX[P_10] << 16 |
  265. m1[P_10] << 24;
  266. MDS[2][i] = mX[P_20] << 0 |
  267. mY[P_20] << 8 |
  268. m1[P_20] << 16 |
  269. mY[P_20] << 24;
  270. MDS[3][i] = mX[P_30] << 0 |
  271. m1[P_30] << 8 |
  272. mY[P_30] << 16 |
  273. mX[P_30] << 24;
  274. }
  275.  
  276. time = System.currentTimeMillis() - time;
  277. if (DEBUG && debuglevel > 8) {
  278. System.out.println("==========");
  279. System.out.println();
  280. System.out.println("Static Data");
  281. System.out.println();
  282. System.out.println("MDS[0][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[0][i*4+j])+", "); System.out.println();}
  283. System.out.println();
  284. System.out.println("MDS[1][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[1][i*4+j])+", "); System.out.println();}
  285. System.out.println();
  286. System.out.println("MDS[2][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[2][i*4+j])+", "); System.out.println();}
  287. System.out.println();
  288. System.out.println("MDS[3][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[3][i*4+j])+", "); System.out.println();}
  289. System.out.println();
  290. System.out.println("Total initialization time: "+time+" ms.");
  291. System.out.println();
  292. }
  293. }
  294. private static final int LFSR1( int x ) {
  295. return (x >> 1) ^
  296. ((x & 0x01) != 0 ? GF256_FDBK_2 : 0);
  297. }
  298. private static final int LFSR2( int x ) {
  299. return (x >> 2) ^
  300. ((x & 0x02) != 0 ? GF256_FDBK_2 : 0) ^
  301. ((x & 0x01) != 0 ? GF256_FDBK_4 : 0);
  302. }
  303. private static final int Mx_1( int x ) { return x; }
  304. private static final int Mx_X( int x ) { return x ^ LFSR2(x); } // 5B
  305. private static final int Mx_Y( int x ) { return x ^ LFSR1(x) ^ LFSR2(x); } // EF
  306. // Basic API methods
  307. //...........................................................................
  308. /**
  309. * Expand a user-supplied key material into a session key.
  310. *
  311. * @param key The 64/128/192/256-bit user-key to use.
  312. * @return This cipher's round keys.
  313. * @exception InvalidKeyException If the key is invalid.
  314. */
  315. public static synchronized Object makeKey (byte[] k)
  316. throws InvalidKeyException {
  317. if (DEBUG) trace(IN, "makeKey("+k+")");
  318. if (k == null)
  319. throw new InvalidKeyException("Empty key");
  320. int length = k.length;
  321. if (!(length == 8 || length == 16 || length == 24 || length == 32))
  322. throw new InvalidKeyException("Incorrect key length");
  323. if (DEBUG && debuglevel > 7) {
  324. System.out.println("Intermediate Session Key Values");
  325. System.out.println();
  326. System.out.println("Raw="+toString(k));
  327. System.out.println();
  328. }
  329. int k64Cnt = length / 8;
  330. int subkeyCnt = ROUND_SUBKEYS + 2*ROUNDS;
  331. int[] k32e = new int[4]; // even 32-bit entities
  332. int[] k32o = new int[4]; // odd 32-bit entities
  333. int[] sBoxKey = new int[4];
  334. //
  335. // split user key material into even and odd 32-bit entities andbitbucket
  336. // compute S-box keys using (12, 8) Reed-Solomon code over GF(256)
  337. //
  338. int i, j, offset = 0;
  339. for (i = 0, j = k64Cnt-1; i < 4 && offset < length; i++, j--) {
  340. k32e[i] = (k[offset++] & 0xFF) |
  341. (k[offset++] & 0xFF) << 8 |
  342. (k[offset++] & 0xFF) << 16 |
  343. (k[offset++] & 0xFF) << 24;
  344. k32o[i] = (k[offset++] & 0xFF) |
  345. (k[offset++] & 0xFF) << 8 |
  346. (k[offset++] & 0xFF) << 16 |
  347. (k[offset++] & 0xFF) << 24;
  348. sBoxKey[j] = RS_MDS_Encode( k32e[i], k32o[i] ); // reverse order
  349. }
  350. // compute the round decryption subkeys for PHT. these same subkeys
  351. // will be used in encryption but will be applied in reverse order.
  352. int q, A, B;
  353. int[] subKeys = new int[subkeyCnt];
  354. for (i = q = 0; i < subkeyCnt/2; i++, q += SK_STEP) {
  355. A = F32( k64Cnt, q , k32e ); // A uses even key entities
  356. B = F32( k64Cnt, q+SK_BUMP, k32o ); // B uses odd key entities
  357. B = B << 8 | B >>> 24;
  358. A += B;
  359. subKeys[2*i ] = A; // combine with a PHT
  360. A += B;
  361. subKeys[2*i + 1] = A << SK_ROTL | A >>> (32-SK_ROTL);
  362. }
  363. //
  364. // fully expand the table for speed
  365. //
  366. int k0 = sBoxKey[0];
  367. int k1 = sBoxKey[1];
  368. int k2 = sBoxKey[2];
  369. int k3 = sBoxKey[3];
  370. int b0, b1, b2, b3;
  371. int[] sBox = new int[4 * 256];
  372. for (i = 0; i < 256; i++) {
  373. b0 = b1 = b2 = b3 = i;
  374. switch (k64Cnt & 3) {
  375. case 1:
  376. sBox[ 2*i ] = MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)];
  377. sBox[ 2*i+1] = MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)];
  378. sBox[0x200+2*i ] = MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)];
  379. sBox[0x200+2*i+1] = MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)];
  380. break;
  381. case 0: // same as 4
  382. b0 = (P[P_04][b0] & 0xFF) ^ b0(k3);
  383. b1 = (P[P_14][b1] & 0xFF) ^ b1(k3);
  384. b2 = (P[P_24][b2] & 0xFF) ^ b2(k3);
  385. b3 = (P[P_34][b3] & 0xFF) ^ b3(k3);
  386. case 3:
  387. b0 = (P[P_03][b0] & 0xFF) ^ b0(k2);
  388. b1 = (P[P_13][b1] & 0xFF) ^ b1(k2);
  389. b2 = (P[P_23][b2] & 0xFF) ^ b2(k2);
  390. b3 = (P[P_33][b3] & 0xFF) ^ b3(k2);
  391. case 2: // 128-bit keys
  392. sBox[ 2*i ] = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) ^ b0(k0)];
  393. sBox[ 2*i+1] = MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) ^ b1(k0)];
  394. sBox[0x200+2*i ] = MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) ^ b2(k0)];
  395. sBox[0x200+2*i+1] = MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) ^ b3(k1)] & 0xFF) ^ b3(k0)];
  396. }
  397. }
  398. Object sessionKey = new Object[] { sBox, subKeys };
  399. if (DEBUG && debuglevel > 7) {
  400. System.out.println("S-box[]:");
  401. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[i*4+j])+", "); System.out.println();}
  402. System.out.println();
  403. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[256+i*4+j])+", "); System.out.println();}
  404. System.out.println();
  405. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[512+i*4+j])+", "); System.out.println();}
  406. System.out.println();
  407. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[768+i*4+j])+", "); System.out.println();}
  408. System.out.println();
  409. System.out.println("User (odd, even) keys --> S-Box keys:");
  410. for(i=0;i<k64Cnt;i++) { System.out.println("0x"+intToString(k32o[i])+" 0x"+intToString(k32e[i])+" --> 0x"+intToString(sBoxKey[k64Cnt-1-i])); }
  411. System.out.println();
  412. System.out.println("Round keys:");
  413. for(i=0;i<ROUND_SUBKEYS + 2*ROUNDS;i+=2) { System.out.println("0x"+intToString(subKeys[i])+" 0x"+intToString(subKeys[i+1])); }
  414. System.out.println();
  415. }
  416. if (DEBUG) trace(OUT, "makeKey()");
  417. return sessionKey;
  418. }
  419. /**
  420. * Encrypt exactly one block of plaintext.
  421. *
  422. * @param in The plaintext.
  423. * @param inOffset Index of in from which to start considering data.
  424. * @param sessionKey The session key to use for encryption.
  425. * @return The ciphertext generated from a plaintext using the session key.
  426. */
  427. public static byte[]
  428. blockEncrypt (byte[] in, int inOffset, Object sessionKey) {
  429. if (DEBUG) trace(IN, "blockEncrypt("+in+", "+inOffset+", "+sessionKey+")");
  430. Object[] sk = (Object[]) sessionKey; // extract S-box and session key
  431. int[] sBox = (int[]) sk[0];
  432. int[] sKey = (int[]) sk[1];
  433. if (DEBUG && debuglevel > 6) System.out.println("PT="+toString(in, inOffset, BLOCK_SIZE));
  434. int x0 = (in[inOffset++] & 0xFF) |
  435. (in[inOffset++] & 0xFF) << 8 |
  436. (in[inOffset++] & 0xFF) << 16 |
  437. (in[inOffset++] & 0xFF) << 24;
  438. int x1 = (in[inOffset++] & 0xFF) |
  439. (in[inOffset++] & 0xFF) << 8 |
  440. (in[inOffset++] & 0xFF) << 16 |
  441. (in[inOffset++] & 0xFF) << 24;
  442. int x2 = (in[inOffset++] & 0xFF) |
  443. (in[inOffset++] & 0xFF) << 8 |
  444. (in[inOffset++] & 0xFF) << 16 |
  445. (in[inOffset++] & 0xFF) << 24;
  446. int x3 = (in[inOffset++] & 0xFF) |
  447. (in[inOffset++] & 0xFF) << 8 |
  448. (in[inOffset++] & 0xFF) << 16 |
  449. (in[inOffset++] & 0xFF) << 24;
  450. x0 ^= sKey[INPUT_WHITEN ];
  451. x1 ^= sKey[INPUT_WHITEN + 1];
  452. x2 ^= sKey[INPUT_WHITEN + 2];
  453. x3 ^= sKey[INPUT_WHITEN + 3];
  454. if (DEBUG && debuglevel > 6) System.out.println("PTw="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  455. int t0, t1;
  456. int k = ROUND_SUBKEYS;
  457. for (int R = 0; R < ROUNDS; R += 2) {
  458. t0 = Fe32( sBox, x0, 0 );
  459. t1 = Fe32( sBox, x1, 3 );
  460. x2 ^= t0 + t1 + sKey[k++];
  461. x2 = x2 >>> 1 | x2 << 31;
  462. x3 = x3 << 1 | x3 >>> 31;
  463. x3 ^= t0 + 2*t1 + sKey[k++];
  464. if (DEBUG && debuglevel > 6) System.out.println("CT"+(R)+"="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  465. t0 = Fe32( sBox, x2, 0 );
  466. t1 = Fe32( sBox, x3, 3 );
  467. x0 ^= t0 + t1 + sKey[k++];
  468. x0 = x0 >>> 1 | x0 << 31;
  469. x1 = x1 << 1 | x1 >>> 31;
  470. x1 ^= t0 + 2*t1 + sKey[k++];
  471. if (DEBUG && debuglevel > 6) System.out.println("CT"+(R+1)+"="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  472. }
  473. x2 ^= sKey[OUTPUT_WHITEN ];
  474. x3 ^= sKey[OUTPUT_WHITEN + 1];
  475. x0 ^= sKey[OUTPUT_WHITEN + 2];
  476. x1 ^= sKey[OUTPUT_WHITEN + 3];
  477. if (DEBUG && debuglevel > 6) System.out.println("CTw="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  478. byte[] result = new byte[] {
  479. (byte) x2, (byte)(x2 >>> 8), (byte)(x2 >>> 16), (byte)(x2 >>> 24),
  480. (byte) x3, (byte)(x3 >>> 8), (byte)(x3 >>> 16), (byte)(x3 >>> 24),
  481. (byte) x0, (byte)(x0 >>> 8), (byte)(x0 >>> 16), (byte)(x0 >>> 24),
  482. (byte) x1, (byte)(x1 >>> 8), (byte)(x1 >>> 16), (byte)(x1 >>> 24),
  483. };
  484. if (DEBUG && debuglevel > 6) {
  485. System.out.println("CT="+toString(result));
  486. System.out.println();
  487. }
  488. if (DEBUG) trace(OUT, "blockEncrypt()");
  489. return result;
  490. }
  491. /**
  492. * Decrypt exactly one block of ciphertext.
  493. *
  494. * @param in The ciphertext.
  495. * @param inOffset Index of in from which to start considering data.
  496. * @param sessionKey The session key to use for decryption.
  497. * @return The plaintext generated from a ciphertext using the session key.
  498. */
  499. public static byte[]
  500. blockDecrypt (byte[] in, int inOffset, Object sessionKey) {
  501. if (DEBUG) trace(IN, "blockDecrypt("+in+", "+inOffset+", "+sessionKey+")");
  502. Object[] sk = (Object[]) sessionKey; // extract S-box and session key
  503. int[] sBox = (int[]) sk[0];
  504. int[] sKey = (int[]) sk[1];
  505. if (DEBUG && debuglevel > 6) System.out.println("CT="+toString(in, inOffset, BLOCK_SIZE));
  506. int x2 = (in[inOffset++] & 0xFF) |
  507. (in[inOffset++] & 0xFF) << 8 |
  508. (in[inOffset++] & 0xFF) << 16 |
  509. (in[inOffset++] & 0xFF) << 24;
  510. int x3 = (in[inOffset++] & 0xFF) |
  511. (in[inOffset++] & 0xFF) << 8 |
  512. (in[inOffset++] & 0xFF) << 16 |
  513. (in[inOffset++] & 0xFF) << 24;
  514. int x0 = (in[inOffset++] & 0xFF) |
  515. (in[inOffset++] & 0xFF) << 8 |
  516. (in[inOffset++] & 0xFF) << 16 |
  517. (in[inOffset++] & 0xFF) << 24;
  518. int x1 = (in[inOffset++] & 0xFF) |
  519. (in[inOffset++] & 0xFF) << 8 |
  520. (in[inOffset++] & 0xFF) << 16 |
  521. (in[inOffset++] & 0xFF) << 24;
  522. x2 ^= sKey[OUTPUT_WHITEN ];
  523. x3 ^= sKey[OUTPUT_WHITEN + 1];
  524. x0 ^= sKey[OUTPUT_WHITEN + 2];
  525. x1 ^= sKey[OUTPUT_WHITEN + 3];
  526. if (DEBUG && debuglevel > 6) System.out.println("CTw="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  527. int k = ROUND_SUBKEYS + 2*ROUNDS - 1;
  528. int t0, t1;
  529. for (int R = 0; R < ROUNDS; R += 2) {
  530. t0 = Fe32( sBox, x2, 0 );
  531. t1 = Fe32( sBox, x3, 3 );
  532. x1 ^= t0 + 2*t1 + sKey[k--];
  533. x1 = x1 >>> 1 | x1 << 31;
  534. x0 = x0 << 1 | x0 >>> 31;
  535. x0 ^= t0 + t1 + sKey[k--];
  536. if (DEBUG && debuglevel > 6) System.out.println("PT"+(ROUNDS-R)+"="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  537. t0 = Fe32( sBox, x0, 0 );
  538. t1 = Fe32( sBox, x1, 3 );
  539. x3 ^= t0 + 2*t1 + sKey[k--];
  540. x3 = x3 >>> 1 | x3 << 31;
  541. x2 = x2 << 1 | x2 >>> 31;
  542. x2 ^= t0 + t1 + sKey[k--];
  543. if (DEBUG && debuglevel > 6) System.out.println("PT"+(ROUNDS-R-1)+"="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  544. }
  545. x0 ^= sKey[INPUT_WHITEN ];
  546. x1 ^= sKey[INPUT_WHITEN + 1];
  547. x2 ^= sKey[INPUT_WHITEN + 2];
  548. x3 ^= sKey[INPUT_WHITEN + 3];
  549. if (DEBUG && debuglevel > 6) System.out.println("PTw="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  550. byte[] result = new byte[] {
  551. (byte) x0, (byte)(x0 >>> 8), (byte)(x0 >>> 16), (byte)(x0 >>> 24),
  552. (byte) x1, (byte)(x1 >>> 8), (byte)(x1 >>> 16), (byte)(x1 >>> 24),
  553. (byte) x2, (byte)(x2 >>> 8), (byte)(x2 >>> 16), (byte)(x2 >>> 24),
  554. (byte) x3, (byte)(x3 >>> 8), (byte)(x3 >>> 16), (byte)(x3 >>> 24),
  555. };
  556. if (DEBUG && debuglevel > 6) {
  557. System.out.println("PT="+toString(result));
  558. System.out.println();
  559. }
  560. if (DEBUG) trace(OUT, "blockDecrypt()");
  561. return result;
  562. }
  563. /** A basic symmetric encryption/decryption test. */
  564. public static boolean self_test() { return self_test(BLOCK_SIZE); }
  565. // own methods
  566. //...........................................................................
  567. private static final int b0( int x ) { return x & 0xFF; }
  568. private static final int b1( int x ) { return (x >>> 8) & 0xFF; }
  569. private static final int b2( int x ) { return (x >>> 16) & 0xFF; }
  570. private static final int b3( int x ) { return (x >>> 24) & 0xFF; }
  571. /**
  572. * Use (12, 8) Reed-Solomon code over GF(256) to produce a key S-box
  573. * 32-bit entity from two key material 32-bit entities.
  574. *
  575. * @param k0 1st 32-bit entity.
  576. * @param k1 2nd 32-bit entity.
  577. * @return Remainder polynomial generated using RS code
  578. */
  579. private static final int RS_MDS_Encode( int k0, int k1) {
  580. int r = k1;
  581. for (int i = 0; i < 4; i++) // shift 1 byte at a time
  582. r = RS_rem( r );
  583. r ^= k0;
  584. for (int i = 0; i < 4; i++)
  585. r = RS_rem( r );
  586. return r;
  587. }
  588. /*
  589. * Reed-Solomon code parameters: (12, 8) reversible code:<p>
  590. * <pre>
  591. * g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1
  592. * </pre>
  593. * where a = primitive root of field generator 0x14D
  594. */
  595. private static final int RS_rem( int x ) {
  596. int b = (x >>> 24) & 0xFF;
  597. int g2 = ((b << 1) ^ ( (b & 0x80) != 0 ? RS_GF_FDBK : 0 )) & 0xFF;
  598. int g3 = (b >>> 1) ^ ( (b & 0x01) != 0 ? (RS_GF_FDBK >>> 1) : 0 ) ^ g2 ;
  599. int result = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b;
  600. return result;
  601. }
  602. private static final int F32( int k64Cnt, int x, int[] k32 ) {
  603. int b0 = b0(x);
  604. int b1 = b1(x);
  605. int b2 = b2(x);
  606. int b3 = b3(x);
  607. int k0 = k32[0];
  608. int k1 = k32[1];
  609. int k2 = k32[2];
  610. int k3 = k32[3];
  611. int result = 0;
  612. switch (k64Cnt & 3) {
  613. case 1:
  614. result =
  615. MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)] ^
  616. MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)] ^
  617. MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)] ^
  618. MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)];
  619. break;
  620. case 0: // same as 4
  621. b0 = (P[P_04][b0] & 0xFF) ^ b0(k3);
  622. b1 = (P[P_14][b1] & 0xFF) ^ b1(k3);
  623. b2 = (P[P_24][b2] & 0xFF) ^ b2(k3);
  624. b3 = (P[P_34][b3] & 0xFF) ^ b3(k3);
  625. case 3:
  626. b0 = (P[P_03][b0] & 0xFF) ^ b0(k2);
  627. b1 = (P[P_13][b1] & 0xFF) ^ b1(k2);
  628. b2 = (P[P_23][b2] & 0xFF) ^ b2(k2);
  629. b3 = (P[P_33][b3] & 0xFF) ^ b3(k2);
  630. case 2: // 128-bit keys (optimize for this case)
  631. result =
  632. MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) ^ b0(k0)] ^
  633. MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) ^ b1(k0)] ^
  634. MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) ^ b2(k0)] ^
  635. MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) ^ b3(k1)] & 0xFF) ^ b3(k0)];
  636. break;
  637. }
  638. return result;
  639. }
  640. private static final int Fe32( int[] sBox, int x, int R ) {
  641. return sBox[ 2*_b(x, R ) ] ^
  642. sBox[ 2*_b(x, R+1) + 1] ^
  643. sBox[0x200 + 2*_b(x, R+2) ] ^
  644. sBox[0x200 + 2*_b(x, R+3) + 1];
  645. }
  646. private static final int _b( int x, int N) {
  647. int result = 0;
  648. switch (N%4) {
  649. case 0: result = b0(x); break;
  650. case 1: result = b1(x); break;
  651. case 2: result = b2(x); break;
  652. case 3: result = b3(x); break;
  653. }
  654. return result;
  655. }
  656.  
  657. /** @return The length in bytes of the Algorithm input block. */
  658. public static int blockSize() { return BLOCK_SIZE; }
  659. /** A basic symmetric encryption/decryption test for a given key size. */
  660. private static boolean self_test (int keysize) {
  661. if (DEBUG) trace(IN, "self_test("+keysize+")");
  662. boolean ok = false;
  663. try {
  664. byte[] kb = new byte[keysize];
  665. byte[] pt = new byte[BLOCK_SIZE];
  666. int i;
  667. for (i = 0; i < keysize; i++)
  668. kb[i] = (byte) i;
  669. for (i = 0; i < BLOCK_SIZE; i++)
  670. pt[i] = (byte) i;
  671. if (DEBUG && debuglevel > 6) {
  672. System.out.println("==========");
  673. System.out.println();
  674. System.out.println("KEYSIZE="+(8*keysize));
  675. System.out.println("KEY="+toString(kb));
  676. System.out.println();
  677. }
  678. Object key = makeKey(kb);
  679. if (DEBUG && debuglevel > 6) {
  680. System.out.println("Intermediate Ciphertext Values (Encryption)");
  681. System.out.println();
  682. }
  683. byte[] ct = blockEncrypt(pt, 0, key);
  684. if (DEBUG && debuglevel > 6) {
  685. System.out.println("Intermediate Plaintext Values (Decryption)");
  686. System.out.println();
  687. }
  688. byte[] cpt = blockDecrypt(ct, 0, key);
  689. ok = areEqual(pt, cpt);
  690. if (!ok)
  691. throw new RuntimeException("Symmetric operation failed");
  692. } catch (Exception x) {
  693. if (DEBUG && debuglevel > 0) {
  694. debug("Exception encountered during self-test: " + x.getMessage());
  695. x.printStackTrace();
  696. }
  697. }
  698. if (DEBUG && debuglevel > 0) debug("Self-test OK? " + ok);
  699. if (DEBUG) trace(OUT, "self_test()");
  700. return ok;
  701. }
  702. // utility static methods (from cryptix.util.core ArrayUtil and Hex classes)
  703. //...........................................................................
  704.  
  705. /** @return True iff the arrays have identical contents. */
  706. private static boolean areEqual (byte[] a, byte[] b) {
  707. int aLength = a.length;
  708. if (aLength != b.length)
  709. return false;
  710. for (int i = 0; i < aLength; i++)
  711. if (a[i] != b[i])
  712. return false;
  713. return true;
  714. }
  715. /**
  716. * Returns a string of 8 hexadecimal digits (most significant
  717. * digit first) corresponding to the integer <i>n</i>, which is
  718. * treated as unsigned.
  719. */
  720. private static String intToString (int n) {
  721. char[] buf = new char[8];
  722. for (int i = 7; i >= 0; i--) {
  723. buf[i] = HEX_DIGITS[n & 0x0F];
  724. n >>>= 4;
  725. }
  726. return new String(buf);
  727. }
  728. /**
  729. * Returns a string of hexadecimal digits from a byte array. Each
  730. * byte is converted to 2 hex symbols.
  731. */
  732. private static String toString (byte[] ba) {
  733. return toString(ba, 0, ba.length);
  734. }
  735. private static String toString (byte[] ba, int offset, int length) {
  736. char[] buf = new char[length * 2];
  737. for (int i = offset, j = 0, k; i < offset+length; ) {
  738. k = ba[i++];
  739. buf[j++] = HEX_DIGITS[(k >>> 4) & 0x0F];
  740. buf[j++] = HEX_DIGITS[ k & 0x0F];
  741. }
  742. return new String(buf);
  743. }
  744. // main(): use to generate the Intermediate Values KAT
  745. //...........................................................................
  746. public static void main (String[] args) {
  747.  
  748. //self_test(16);
  749. // self_test(24);
  750. self_test(32);
  751. }
  752. }
RAW Paste Data