API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 4th, 2018
480
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.64 KB | None | 0 0
raw download clone embed print report
  1. package models;
  2.  
  3.  
  4.  
  5. import java.io.PrintWriter;
  6. import java.security.InvalidKeyException;
  7. //...........................................................................
  8. /**
  9. * Twofish is an AES candidate algorithm. It is a balanced 128-bit Feistel
  10. * cipher, consisting of 16 rounds. In each round, a 64-bit S-box value is
  11. * computed from 64 bits of the block, and this value is xored into the other
  12. * half of the block. The two half-blocks are then exchanged, and the next
  13. * round begins. Before the first round, all input bits are xored with key-
  14. * dependent "whitening" subkeys, and after the final round the output bits
  15. * are xored with other key-dependent whitening subkeys; these subkeys are
  16. * not used anywhere else in the algorithm.<p>
  17. *
  18. * Twofish was submitted by Bruce Schneier, Doug Whiting, John Kelsey, Chris
  19. * Hall and David Wagner.<p>
  20. *
  21. * Reference:<ol>
  22. * <li>TWOFISH2.C -- Optimized C API calls for TWOFISH AES submission,
  23. * Version 1.00, April 1998, by Doug Whiting.</ol><p>
  24. *
  25. * <b>Copyright</b> &copy; 1998
  26. * <a href="http://www.systemics.com/">Systemics Ltd</a> on behalf of the
  27. * <a href="http://www.systemics.com/docs/cryptix/">Cryptix Development Team</a>.
  28. * <br>All rights reserved.<p>
  29. *
  30. * <b>$Revision: $</b>
  31. * @author Raif S. Naffah
  32. */
  33. public final class MyFish // implicit no-argument constructor
  34. {
  35. // Debugging methods and variables
  36. //...........................................................................
  37. static final String NAME = "Twofish_Algorithm";
  38. static final boolean IN = true, OUT = false;
  39. static final boolean DEBUG = TwofishProperties.GLOBAL_DEBUG;
  40. static final int debuglevel = DEBUG ? TwofishProperties.getLevel(NAME) : 0;
  41. static final PrintWriter err = DEBUG ? TwofishProperties.getOutput() : null;
  42. static final boolean TRACE = TwofishProperties.isTraceable(NAME);
  43. static void debug (String s) { err.println(">>> "+NAME+": "+s); }
  44. static void trace (boolean in, String s) {
  45. if (TRACE) err.println((in?"==> ":"<== ")+NAME+"."+s);
  46. }
  47. static void trace (String s) { if (TRACE) err.println("<=> "+NAME+"."+s); }
  48. // Constants and variables
  49. //...........................................................................
  50. static final int BLOCK_SIZE = 16; // bytes in a data-block
  51. private static final int ROUNDS = 16;
  52. private static final int MAX_ROUNDS = 16; // max # rounds (for allocating subkeys)
  53.  
  54. /* Subkey array indices */
  55. private static final int INPUT_WHITEN = 0;
  56. private static final int OUTPUT_WHITEN = INPUT_WHITEN + BLOCK_SIZE/4;
  57. private static final int ROUND_SUBKEYS = OUTPUT_WHITEN + BLOCK_SIZE/4; // 2*(# rounds)
  58. private static final int TOTAL_SUBKEYS = ROUND_SUBKEYS + 2*MAX_ROUNDS;
  59. private static final int SK_STEP = 0x02020202;
  60. private static final int SK_BUMP = 0x01010101;
  61. private static final int SK_ROTL = 9;
  62. /** Fixed 8x8 permutation S-boxes */
  63. private static final byte[][] P = new byte[][] {
  64. { // p0
  65. (byte) 0xA9, (byte) 0x67, (byte) 0xB3, (byte) 0xE8,
  66. (byte) 0x04, (byte) 0xFD, (byte) 0xA3, (byte) 0x76,
  67. (byte) 0x9A, (byte) 0x92, (byte) 0x80, (byte) 0x78,
  68. (byte) 0xE4, (byte) 0xDD, (byte) 0xD1, (byte) 0x38,
  69. (byte) 0x0D, (byte) 0xC6, (byte) 0x35, (byte) 0x98,
  70. (byte) 0x18, (byte) 0xF7, (byte) 0xEC, (byte) 0x6C,
  71. (byte) 0x43, (byte) 0x75, (byte) 0x37, (byte) 0x26,
  72. (byte) 0xFA, (byte) 0x13, (byte) 0x94, (byte) 0x48,
  73. (byte) 0xF2, (byte) 0xD0, (byte) 0x8B, (byte) 0x30,
  74. (byte) 0x84, (byte) 0x54, (byte) 0xDF, (byte) 0x23,
  75. (byte) 0x19, (byte) 0x5B, (byte) 0x3D, (byte) 0x59,
  76. (byte) 0xF3, (byte) 0xAE, (byte) 0xA2, (byte) 0x82,
  77. (byte) 0x63, (byte) 0x01, (byte) 0x83, (byte) 0x2E,
  78. (byte) 0xD9, (byte) 0x51, (byte) 0x9B, (byte) 0x7C,
  79. (byte) 0xA6, (byte) 0xEB, (byte) 0xA5, (byte) 0xBE,
  80. (byte) 0x16, (byte) 0x0C, (byte) 0xE3, (byte) 0x61,
  81. (byte) 0xC0, (byte) 0x8C, (byte) 0x3A, (byte) 0xF5,
  82. (byte) 0x73, (byte) 0x2C, (byte) 0x25, (byte) 0x0B,
  83. (byte) 0xBB, (byte) 0x4E, (byte) 0x89, (byte) 0x6B,
  84. (byte) 0x53, (byte) 0x6A, (byte) 0xB4, (byte) 0xF1,
  85. (byte) 0xE1, (byte) 0xE6, (byte) 0xBD, (byte) 0x45,
  86. (byte) 0xE2, (byte) 0xF4, (byte) 0xB6, (byte) 0x66,
  87. (byte) 0xCC, (byte) 0x95, (byte) 0x03, (byte) 0x56,
  88. (byte) 0xD4, (byte) 0x1C, (byte) 0x1E, (byte) 0xD7,
  89. (byte) 0xFB, (byte) 0xC3, (byte) 0x8E, (byte) 0xB5,
  90. (byte) 0xE9, (byte) 0xCF, (byte) 0xBF, (byte) 0xBA,
  91. (byte) 0xEA, (byte) 0x77, (byte) 0x39, (byte) 0xAF,
  92. (byte) 0x33, (byte) 0xC9, (byte) 0x62, (byte) 0x71,
  93. (byte) 0x81, (byte) 0x79, (byte) 0x09, (byte) 0xAD,
  94. (byte) 0x24, (byte) 0xCD, (byte) 0xF9, (byte) 0xD8,
  95. (byte) 0xE5, (byte) 0xC5, (byte) 0xB9, (byte) 0x4D,
  96. (byte) 0x44, (byte) 0x08, (byte) 0x86, (byte) 0xE7,
  97. (byte) 0xA1, (byte) 0x1D, (byte) 0xAA, (byte) 0xED,
  98. (byte) 0x06, (byte) 0x70, (byte) 0xB2, (byte) 0xD2,
  99. (byte) 0x41, (byte) 0x7B, (byte) 0xA0, (byte) 0x11,
  100. (byte) 0x31, (byte) 0xC2, (byte) 0x27, (byte) 0x90,
  101. (byte) 0x20, (byte) 0xF6, (byte) 0x60, (byte) 0xFF,
  102. (byte) 0x96, (byte) 0x5C, (byte) 0xB1, (byte) 0xAB,
  103. (byte) 0x9E, (byte) 0x9C, (byte) 0x52, (byte) 0x1B,
  104. (byte) 0x5F, (byte) 0x93, (byte) 0x0A, (byte) 0xEF,
  105. (byte) 0x91, (byte) 0x85, (byte) 0x49, (byte) 0xEE,
  106. (byte) 0x2D, (byte) 0x4F, (byte) 0x8F, (byte) 0x3B,
  107. (byte) 0x47, (byte) 0x87, (byte) 0x6D, (byte) 0x46,
  108. (byte) 0xD6, (byte) 0x3E, (byte) 0x69, (byte) 0x64,
  109. (byte) 0x2A, (byte) 0xCE, (byte) 0xCB, (byte) 0x2F,
  110. (byte) 0xFC, (byte) 0x97, (byte) 0x05, (byte) 0x7A,
  111. (byte) 0xAC, (byte) 0x7F, (byte) 0xD5, (byte) 0x1A,
  112. (byte) 0x4B, (byte) 0x0E, (byte) 0xA7, (byte) 0x5A,
  113. (byte) 0x28, (byte) 0x14, (byte) 0x3F, (byte) 0x29,
  114. (byte) 0x88, (byte) 0x3C, (byte) 0x4C, (byte) 0x02,
  115. (byte) 0xB8, (byte) 0xDA, (byte) 0xB0, (byte) 0x17,
  116. (byte) 0x55, (byte) 0x1F, (byte) 0x8A, (byte) 0x7D,
  117. (byte) 0x57, (byte) 0xC7, (byte) 0x8D, (byte) 0x74,
  118. (byte) 0xB7, (byte) 0xC4, (byte) 0x9F, (byte) 0x72,
  119. (byte) 0x7E, (byte) 0x15, (byte) 0x22, (byte) 0x12,
  120. (byte) 0x58, (byte) 0x07, (byte) 0x99, (byte) 0x34,
  121. (byte) 0x6E, (byte) 0x50, (byte) 0xDE, (byte) 0x68,
  122. (byte) 0x65, (byte) 0xBC, (byte) 0xDB, (byte) 0xF8,
  123. (byte) 0xC8, (byte) 0xA8, (byte) 0x2B, (byte) 0x40,
  124. (byte) 0xDC, (byte) 0xFE, (byte) 0x32, (byte) 0xA4,
  125. (byte) 0xCA, (byte) 0x10, (byte) 0x21, (byte) 0xF0,
  126. (byte) 0xD3, (byte) 0x5D, (byte) 0x0F, (byte) 0x00,
  127. (byte) 0x6F, (byte) 0x9D, (byte) 0x36, (byte) 0x42,
  128. (byte) 0x4A, (byte) 0x5E, (byte) 0xC1, (byte) 0xE0
  129. },
  130. { // p1
  131. (byte) 0x75, (byte) 0xF3, (byte) 0xC6, (byte) 0xF4,
  132. (byte) 0xDB, (byte) 0x7B, (byte) 0xFB, (byte) 0xC8,
  133. (byte) 0x4A, (byte) 0xD3, (byte) 0xE6, (byte) 0x6B,
  134. (byte) 0x45, (byte) 0x7D, (byte) 0xE8, (byte) 0x4B,
  135. (byte) 0xD6, (byte) 0x32, (byte) 0xD8, (byte) 0xFD,
  136. (byte) 0x37, (byte) 0x71, (byte) 0xF1, (byte) 0xE1,
  137. (byte) 0x30, (byte) 0x0F, (byte) 0xF8, (byte) 0x1B,
  138. (byte) 0x87, (byte) 0xFA, (byte) 0x06, (byte) 0x3F,
  139. (byte) 0x5E, (byte) 0xBA, (byte) 0xAE, (byte) 0x5B,
  140. (byte) 0x8A, (byte) 0x00, (byte) 0xBC, (byte) 0x9D,
  141. (byte) 0x6D, (byte) 0xC1, (byte) 0xB1, (byte) 0x0E,
  142. (byte) 0x80, (byte) 0x5D, (byte) 0xD2, (byte) 0xD5,
  143. (byte) 0xA0, (byte) 0x84, (byte) 0x07, (byte) 0x14,
  144. (byte) 0xB5, (byte) 0x90, (byte) 0x2C, (byte) 0xA3,
  145. (byte) 0xB2, (byte) 0x73, (byte) 0x4C, (byte) 0x54,
  146. (byte) 0x92, (byte) 0x74, (byte) 0x36, (byte) 0x51,
  147. (byte) 0x38, (byte) 0xB0, (byte) 0xBD, (byte) 0x5A,
  148. (byte) 0xFC, (byte) 0x60, (byte) 0x62, (byte) 0x96,
  149. (byte) 0x6C, (byte) 0x42, (byte) 0xF7, (byte) 0x10,
  150. (byte) 0x7C, (byte) 0x28, (byte) 0x27, (byte) 0x8C,
  151. (byte) 0x13, (byte) 0x95, (byte) 0x9C, (byte) 0xC7,
  152. (byte) 0x24, (byte) 0x46, (byte) 0x3B, (byte) 0x70,
  153. (byte) 0xCA, (byte) 0xE3, (byte) 0x85, (byte) 0xCB,
  154. (byte) 0x11, (byte) 0xD0, (byte) 0x93, (byte) 0xB8,
  155. (byte) 0xA6, (byte) 0x83, (byte) 0x20, (byte) 0xFF,
  156. (byte) 0x9F, (byte) 0x77, (byte) 0xC3, (byte) 0xCC,
  157. (byte) 0x03, (byte) 0x6F, (byte) 0x08, (byte) 0xBF,
  158. (byte) 0x40, (byte) 0xE7, (byte) 0x2B, (byte) 0xE2,
  159. (byte) 0x79, (byte) 0x0C, (byte) 0xAA, (byte) 0x82,
  160. (byte) 0x41, (byte) 0x3A, (byte) 0xEA, (byte) 0xB9,
  161. (byte) 0xE4, (byte) 0x9A, (byte) 0xA4, (byte) 0x97,
  162. (byte) 0x7E, (byte) 0xDA, (byte) 0x7A, (byte) 0x17,
  163. (byte) 0x66, (byte) 0x94, (byte) 0xA1, (byte) 0x1D,
  164. (byte) 0x3D, (byte) 0xF0, (byte) 0xDE, (byte) 0xB3,
  165. (byte) 0x0B, (byte) 0x72, (byte) 0xA7, (byte) 0x1C,
  166. (byte) 0xEF, (byte) 0xD1, (byte) 0x53, (byte) 0x3E,
  167. (byte) 0x8F, (byte) 0x33, (byte) 0x26, (byte) 0x5F,
  168. (byte) 0xEC, (byte) 0x76, (byte) 0x2A, (byte) 0x49,
  169. (byte) 0x81, (byte) 0x88, (byte) 0xEE, (byte) 0x21,
  170. (byte) 0xC4, (byte) 0x1A, (byte) 0xEB, (byte) 0xD9,
  171. (byte) 0xC5, (byte) 0x39, (byte) 0x99, (byte) 0xCD,
  172. (byte) 0xAD, (byte) 0x31, (byte) 0x8B, (byte) 0x01,
  173. (byte) 0x18, (byte) 0x23, (byte) 0xDD, (byte) 0x1F,
  174. (byte) 0x4E, (byte) 0x2D, (byte) 0xF9, (byte) 0x48,
  175. (byte) 0x4F, (byte) 0xF2, (byte) 0x65, (byte) 0x8E,
  176. (byte) 0x78, (byte) 0x5C, (byte) 0x58, (byte) 0x19,
  177. (byte) 0x8D, (byte) 0xE5, (byte) 0x98, (byte) 0x57,
  178. (byte) 0x67, (byte) 0x7F, (byte) 0x05, (byte) 0x64,
  179. (byte) 0xAF, (byte) 0x63, (byte) 0xB6, (byte) 0xFE,
  180. (byte) 0xF5, (byte) 0xB7, (byte) 0x3C, (byte) 0xA5,
  181. (byte) 0xCE, (byte) 0xE9, (byte) 0x68, (byte) 0x44,
  182. (byte) 0xE0, (byte) 0x4D, (byte) 0x43, (byte) 0x69,
  183. (byte) 0x29, (byte) 0x2E, (byte) 0xAC, (byte) 0x15,
  184. (byte) 0x59, (byte) 0xA8, (byte) 0x0A, (byte) 0x9E,
  185. (byte) 0x6E, (byte) 0x47, (byte) 0xDF, (byte) 0x34,
  186. (byte) 0x35, (byte) 0x6A, (byte) 0xCF, (byte) 0xDC,
  187. (byte) 0x22, (byte) 0xC9, (byte) 0xC0, (byte) 0x9B,
  188. (byte) 0x89, (byte) 0xD4, (byte) 0xED, (byte) 0xAB,
  189. (byte) 0x12, (byte) 0xA2, (byte) 0x0D, (byte) 0x52,
  190. (byte) 0xBB, (byte) 0x02, (byte) 0x2F, (byte) 0xA9,
  191. (byte) 0xD7, (byte) 0x61, (byte) 0x1E, (byte) 0xB4,
  192. (byte) 0x50, (byte) 0x04, (byte) 0xF6, (byte) 0xC2,
  193. (byte) 0x16, (byte) 0x25, (byte) 0x86, (byte) 0x56,
  194. (byte) 0x55, (byte) 0x09, (byte) 0xBE, (byte) 0x91
  195. }
  196. };
  197. /**
  198. * Define the fixed p0/p1 permutations used in keyed S-box lookup.
  199. * By changing the following constant definitions, the S-boxes will
  200. * automatically get changed in the Twofish engine.
  201. */
  202. private static final int P_00 = 1;
  203. private static final int P_01 = 0;
  204. private static final int P_02 = 0;
  205. private static final int P_03 = P_01 ^ 1;
  206. private static final int P_04 = 1;
  207. private static final int P_10 = 0;
  208. private static final int P_11 = 0;
  209. private static final int P_12 = 1;
  210. private static final int P_13 = P_11 ^ 1;
  211. private static final int P_14 = 0;
  212. private static final int P_20 = 1;
  213. private static final int P_21 = 1;
  214. private static final int P_22 = 0;
  215. private static final int P_23 = P_21 ^ 1;
  216. private static final int P_24 = 0;
  217. private static final int P_30 = 0;
  218. private static final int P_31 = 1;
  219. private static final int P_32 = 1;
  220. private static final int P_33 = P_31 ^ 1;
  221. private static final int P_34 = 1;
  222. /** Primitive polynomial for GF(256) */
  223. private static final int GF256_FDBK = 0x169;
  224. private static final int GF256_FDBK_2 = 0x169 / 2;
  225. private static final int GF256_FDBK_4 = 0x169 / 4;
  226. /** MDS matrix */
  227. private static final int[][] MDS = new int[4][256]; // blank final
  228. private static final int RS_GF_FDBK = 0x14D; // field generator
  229. /** data for hexadecimal visualisation. */
  230. private static final char[] HEX_DIGITS = {
  231. '0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'
  232. };
  233. // Static code - to intialise the MDS matrix
  234. //...........................................................................
  235. static {
  236. long time = System.currentTimeMillis();
  237. if (DEBUG && debuglevel > 6) {
  238. System.out.println("Algorithm Name: "+TwofishProperties.FULL_NAME);
  239. System.out.println("Electronic Codebook (ECB) Mode");
  240. System.out.println();
  241. }
  242. //
  243. // precompute the MDS matrix
  244. //
  245. int[] m1 = new int[2];
  246. int[] mX = new int[2];
  247. int[] mY = new int[2];
  248. int i, j;
  249. for (i = 0; i < 256; i++) {
  250. j = P[0][i] & 0xFF; // compute all the matrix elements
  251. m1[0] = j;
  252. mX[0] = Mx_X( j ) & 0xFF;
  253. mY[0] = Mx_Y( j ) & 0xFF;
  254. j = P[1][i] & 0xFF;
  255. m1[1] = j;
  256. mX[1] = Mx_X( j ) & 0xFF;
  257. mY[1] = Mx_Y( j ) & 0xFF;
  258. MDS[0][i] = m1[P_00] << 0 | // fill matrix w/ above elements
  259. mX[P_00] << 8 |
  260. mY[P_00] << 16 |
  261. mY[P_00] << 24;
  262. MDS[1][i] = mY[P_10] << 0 |
  263. mY[P_10] << 8 |
  264. mX[P_10] << 16 |
  265. m1[P_10] << 24;
  266. MDS[2][i] = mX[P_20] << 0 |
  267. mY[P_20] << 8 |
  268. m1[P_20] << 16 |
  269. mY[P_20] << 24;
  270. MDS[3][i] = mX[P_30] << 0 |
  271. m1[P_30] << 8 |
  272. mY[P_30] << 16 |
  273. mX[P_30] << 24;
  274. }
  275.  
  276. time = System.currentTimeMillis() - time;
  277. if (DEBUG && debuglevel > 8) {
  278. System.out.println("==========");
  279. System.out.println();
  280. System.out.println("Static Data");
  281. System.out.println();
  282. System.out.println("MDS[0][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[0][i*4+j])+", "); System.out.println();}
  283. System.out.println();
  284. System.out.println("MDS[1][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[1][i*4+j])+", "); System.out.println();}
  285. System.out.println();
  286. System.out.println("MDS[2][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[2][i*4+j])+", "); System.out.println();}
  287. System.out.println();
  288. System.out.println("MDS[3][]:"); for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(MDS[3][i*4+j])+", "); System.out.println();}
  289. System.out.println();
  290. System.out.println("Total initialization time: "+time+" ms.");
  291. System.out.println();
  292. }
  293. }
  294. private static final int LFSR1( int x ) {
  295. return (x >> 1) ^
  296. ((x & 0x01) != 0 ? GF256_FDBK_2 : 0);
  297. }
  298. private static final int LFSR2( int x ) {
  299. return (x >> 2) ^
  300. ((x & 0x02) != 0 ? GF256_FDBK_2 : 0) ^
  301. ((x & 0x01) != 0 ? GF256_FDBK_4 : 0);
  302. }
  303. private static final int Mx_1( int x ) { return x; }
  304. private static final int Mx_X( int x ) { return x ^ LFSR2(x); } // 5B
  305. private static final int Mx_Y( int x ) { return x ^ LFSR1(x) ^ LFSR2(x); } // EF
  306. // Basic API methods
  307. //...........................................................................
  308. /**
  309. * Expand a user-supplied key material into a session key.
  310. *
  311. * @param key The 64/128/192/256-bit user-key to use.
  312. * @return This cipher's round keys.
  313. * @exception InvalidKeyException If the key is invalid.
  314. */
  315. public static synchronized Object makeKey (byte[] k)
  316. throws InvalidKeyException {
  317. if (DEBUG) trace(IN, "makeKey("+k+")");
  318. if (k == null)
  319. throw new InvalidKeyException("Empty key");
  320. int length = k.length;
  321. if (!(length == 8 || length == 16 || length == 24 || length == 32))
  322. throw new InvalidKeyException("Incorrect key length");
  323. if (DEBUG && debuglevel > 7) {
  324. System.out.println("Intermediate Session Key Values");
  325. System.out.println();
  326. System.out.println("Raw="+toString(k));
  327. System.out.println();
  328. }
  329. int k64Cnt = length / 8;
  330. int subkeyCnt = ROUND_SUBKEYS + 2*ROUNDS;
  331. int[] k32e = new int[4]; // even 32-bit entities
  332. int[] k32o = new int[4]; // odd 32-bit entities
  333. int[] sBoxKey = new int[4];
  334. //
  335. // split user key material into even and odd 32-bit entities andbitbucket
  336. // compute S-box keys using (12, 8) Reed-Solomon code over GF(256)
  337. //
  338. int i, j, offset = 0;
  339. for (i = 0, j = k64Cnt-1; i < 4 && offset < length; i++, j--) {
  340. k32e[i] = (k[offset++] & 0xFF) |
  341. (k[offset++] & 0xFF) << 8 |
  342. (k[offset++] & 0xFF) << 16 |
  343. (k[offset++] & 0xFF) << 24;
  344. k32o[i] = (k[offset++] & 0xFF) |
  345. (k[offset++] & 0xFF) << 8 |
  346. (k[offset++] & 0xFF) << 16 |
  347. (k[offset++] & 0xFF) << 24;
  348. sBoxKey[j] = RS_MDS_Encode( k32e[i], k32o[i] ); // reverse order
  349. }
  350. // compute the round decryption subkeys for PHT. these same subkeys
  351. // will be used in encryption but will be applied in reverse order.
  352. int q, A, B;
  353. int[] subKeys = new int[subkeyCnt];
  354. for (i = q = 0; i < subkeyCnt/2; i++, q += SK_STEP) {
  355. A = F32( k64Cnt, q , k32e ); // A uses even key entities
  356. B = F32( k64Cnt, q+SK_BUMP, k32o ); // B uses odd key entities
  357. B = B << 8 | B >>> 24;
  358. A += B;
  359. subKeys[2*i ] = A; // combine with a PHT
  360. A += B;
  361. subKeys[2*i + 1] = A << SK_ROTL | A >>> (32-SK_ROTL);
  362. }
  363. //
  364. // fully expand the table for speed
  365. //
  366. int k0 = sBoxKey[0];
  367. int k1 = sBoxKey[1];
  368. int k2 = sBoxKey[2];
  369. int k3 = sBoxKey[3];
  370. int b0, b1, b2, b3;
  371. int[] sBox = new int[4 * 256];
  372. for (i = 0; i < 256; i++) {
  373. b0 = b1 = b2 = b3 = i;
  374. switch (k64Cnt & 3) {
  375. case 1:
  376. sBox[ 2*i ] = MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)];
  377. sBox[ 2*i+1] = MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)];
  378. sBox[0x200+2*i ] = MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)];
  379. sBox[0x200+2*i+1] = MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)];
  380. break;
  381. case 0: // same as 4
  382. b0 = (P[P_04][b0] & 0xFF) ^ b0(k3);
  383. b1 = (P[P_14][b1] & 0xFF) ^ b1(k3);
  384. b2 = (P[P_24][b2] & 0xFF) ^ b2(k3);
  385. b3 = (P[P_34][b3] & 0xFF) ^ b3(k3);
  386. case 3:
  387. b0 = (P[P_03][b0] & 0xFF) ^ b0(k2);
  388. b1 = (P[P_13][b1] & 0xFF) ^ b1(k2);
  389. b2 = (P[P_23][b2] & 0xFF) ^ b2(k2);
  390. b3 = (P[P_33][b3] & 0xFF) ^ b3(k2);
  391. case 2: // 128-bit keys
  392. sBox[ 2*i ] = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) ^ b0(k0)];
  393. sBox[ 2*i+1] = MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) ^ b1(k0)];
  394. sBox[0x200+2*i ] = MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) ^ b2(k0)];
  395. sBox[0x200+2*i+1] = MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) ^ b3(k1)] & 0xFF) ^ b3(k0)];
  396. }
  397. }
  398. Object sessionKey = new Object[] { sBox, subKeys };
  399. if (DEBUG && debuglevel > 7) {
  400. System.out.println("S-box[]:");
  401. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[i*4+j])+", "); System.out.println();}
  402. System.out.println();
  403. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[256+i*4+j])+", "); System.out.println();}
  404. System.out.println();
  405. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[512+i*4+j])+", "); System.out.println();}
  406. System.out.println();
  407. for(i=0;i<64;i++) { for(j=0;j<4;j++) System.out.print("0x"+intToString(sBox[768+i*4+j])+", "); System.out.println();}
  408. System.out.println();
  409. System.out.println("User (odd, even) keys --> S-Box keys:");
  410. for(i=0;i<k64Cnt;i++) { System.out.println("0x"+intToString(k32o[i])+" 0x"+intToString(k32e[i])+" --> 0x"+intToString(sBoxKey[k64Cnt-1-i])); }
  411. System.out.println();
  412. System.out.println("Round keys:");
  413. for(i=0;i<ROUND_SUBKEYS + 2*ROUNDS;i+=2) { System.out.println("0x"+intToString(subKeys[i])+" 0x"+intToString(subKeys[i+1])); }
  414. System.out.println();
  415. }
  416. if (DEBUG) trace(OUT, "makeKey()");
  417. return sessionKey;
  418. }
  419. /**
  420. * Encrypt exactly one block of plaintext.
  421. *
  422. * @param in The plaintext.
  423. * @param inOffset Index of in from which to start considering data.
  424. * @param sessionKey The session key to use for encryption.
  425. * @return The ciphertext generated from a plaintext using the session key.
  426. */
  427. public static byte[]
  428. blockEncrypt (byte[] in, int inOffset, Object sessionKey) {
  429. if (DEBUG) trace(IN, "blockEncrypt("+in+", "+inOffset+", "+sessionKey+")");
  430. Object[] sk = (Object[]) sessionKey; // extract S-box and session key
  431. int[] sBox = (int[]) sk[0];
  432. int[] sKey = (int[]) sk[1];
  433. if (DEBUG && debuglevel > 6) System.out.println("PT="+toString(in, inOffset, BLOCK_SIZE));
  434. int x0 = (in[inOffset++] & 0xFF) |
  435. (in[inOffset++] & 0xFF) << 8 |
  436. (in[inOffset++] & 0xFF) << 16 |
  437. (in[inOffset++] & 0xFF) << 24;
  438. int x1 = (in[inOffset++] & 0xFF) |
  439. (in[inOffset++] & 0xFF) << 8 |
  440. (in[inOffset++] & 0xFF) << 16 |
  441. (in[inOffset++] & 0xFF) << 24;
  442. int x2 = (in[inOffset++] & 0xFF) |
  443. (in[inOffset++] & 0xFF) << 8 |
  444. (in[inOffset++] & 0xFF) << 16 |
  445. (in[inOffset++] & 0xFF) << 24;
  446. int x3 = (in[inOffset++] & 0xFF) |
  447. (in[inOffset++] & 0xFF) << 8 |
  448. (in[inOffset++] & 0xFF) << 16 |
  449. (in[inOffset++] & 0xFF) << 24;
  450. x0 ^= sKey[INPUT_WHITEN ];
  451. x1 ^= sKey[INPUT_WHITEN + 1];
  452. x2 ^= sKey[INPUT_WHITEN + 2];
  453. x3 ^= sKey[INPUT_WHITEN + 3];
  454. if (DEBUG && debuglevel > 6) System.out.println("PTw="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  455. int t0, t1;
  456. int k = ROUND_SUBKEYS;
  457. for (int R = 0; R < ROUNDS; R += 2) {
  458. t0 = Fe32( sBox, x0, 0 );
  459. t1 = Fe32( sBox, x1, 3 );
  460. x2 ^= t0 + t1 + sKey[k++];
  461. x2 = x2 >>> 1 | x2 << 31;
  462. x3 = x3 << 1 | x3 >>> 31;
  463. x3 ^= t0 + 2*t1 + sKey[k++];
  464. if (DEBUG && debuglevel > 6) System.out.println("CT"+(R)+"="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  465. t0 = Fe32( sBox, x2, 0 );
  466. t1 = Fe32( sBox, x3, 3 );
  467. x0 ^= t0 + t1 + sKey[k++];
  468. x0 = x0 >>> 1 | x0 << 31;
  469. x1 = x1 << 1 | x1 >>> 31;
  470. x1 ^= t0 + 2*t1 + sKey[k++];
  471. if (DEBUG && debuglevel > 6) System.out.println("CT"+(R+1)+"="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  472. }
  473. x2 ^= sKey[OUTPUT_WHITEN ];
  474. x3 ^= sKey[OUTPUT_WHITEN + 1];
  475. x0 ^= sKey[OUTPUT_WHITEN + 2];
  476. x1 ^= sKey[OUTPUT_WHITEN + 3];
  477. if (DEBUG && debuglevel > 6) System.out.println("CTw="+intToString(x0)+intToString(x1)+intToString(x2)+intToString(x3));
  478. byte[] result = new byte[] {
  479. (byte) x2, (byte)(x2 >>> 8), (byte)(x2 >>> 16), (byte)(x2 >>> 24),
  480. (byte) x3, (byte)(x3 >>> 8), (byte)(x3 >>> 16), (byte)(x3 >>> 24),
  481. (byte) x0, (byte)(x0 >>> 8), (byte)(x0 >>> 16), (byte)(x0 >>> 24),
  482. (byte) x1, (byte)(x1 >>> 8), (byte)(x1 >>> 16), (byte)(x1 >>> 24),
  483. };
  484. if (DEBUG && debuglevel > 6) {
  485. System.out.println("CT="+toString(result));
  486. System.out.println();
  487. }
  488. if (DEBUG) trace(OUT, "blockEncrypt()");
  489. return result;
  490. }
  491. /**
  492. * Decrypt exactly one block of ciphertext.
  493. *
  494. * @param in The ciphertext.
  495. * @param inOffset Index of in from which to start considering data.
  496. * @param sessionKey The session key to use for decryption.
  497. * @return The plaintext generated from a ciphertext using the session key.
  498. */
  499. public static byte[]
  500. blockDecrypt (byte[] in, int inOffset, Object sessionKey) {
  501. if (DEBUG) trace(IN, "blockDecrypt("+in+", "+inOffset+", "+sessionKey+")");
  502. Object[] sk = (Object[]) sessionKey; // extract S-box and session key
  503. int[] sBox = (int[]) sk[0];
  504. int[] sKey = (int[]) sk[1];
  505. if (DEBUG && debuglevel > 6) System.out.println("CT="+toString(in, inOffset, BLOCK_SIZE));
  506. int x2 = (in[inOffset++] & 0xFF) |
  507. (in[inOffset++] & 0xFF) << 8 |
  508. (in[inOffset++] & 0xFF) << 16 |
  509. (in[inOffset++] & 0xFF) << 24;
  510. int x3 = (in[inOffset++] & 0xFF) |
  511. (in[inOffset++] & 0xFF) << 8 |
  512. (in[inOffset++] & 0xFF) << 16 |
  513. (in[inOffset++] & 0xFF) << 24;
  514. int x0 = (in[inOffset++] & 0xFF) |
  515. (in[inOffset++] & 0xFF) << 8 |
  516. (in[inOffset++] & 0xFF) << 16 |
  517. (in[inOffset++] & 0xFF) << 24;
  518. int x1 = (in[inOffset++] & 0xFF) |
  519. (in[inOffset++] & 0xFF) << 8 |
  520. (in[inOffset++] & 0xFF) << 16 |
  521. (in[inOffset++] & 0xFF) << 24;
  522. x2 ^= sKey[OUTPUT_WHITEN ];
  523. x3 ^= sKey[OUTPUT_WHITEN + 1];
  524. x0 ^= sKey[OUTPUT_WHITEN + 2];
  525. x1 ^= sKey[OUTPUT_WHITEN + 3];
  526. if (DEBUG && debuglevel > 6) System.out.println("CTw="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  527. int k = ROUND_SUBKEYS + 2*ROUNDS - 1;
  528. int t0, t1;
  529. for (int R = 0; R < ROUNDS; R += 2) {
  530. t0 = Fe32( sBox, x2, 0 );
  531. t1 = Fe32( sBox, x3, 3 );
  532. x1 ^= t0 + 2*t1 + sKey[k--];
  533. x1 = x1 >>> 1 | x1 << 31;
  534. x0 = x0 << 1 | x0 >>> 31;
  535. x0 ^= t0 + t1 + sKey[k--];
  536. if (DEBUG && debuglevel > 6) System.out.println("PT"+(ROUNDS-R)+"="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  537. t0 = Fe32( sBox, x0, 0 );
  538. t1 = Fe32( sBox, x1, 3 );
  539. x3 ^= t0 + 2*t1 + sKey[k--];
  540. x3 = x3 >>> 1 | x3 << 31;
  541. x2 = x2 << 1 | x2 >>> 31;
  542. x2 ^= t0 + t1 + sKey[k--];
  543. if (DEBUG && debuglevel > 6) System.out.println("PT"+(ROUNDS-R-1)+"="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  544. }
  545. x0 ^= sKey[INPUT_WHITEN ];
  546. x1 ^= sKey[INPUT_WHITEN + 1];
  547. x2 ^= sKey[INPUT_WHITEN + 2];
  548. x3 ^= sKey[INPUT_WHITEN + 3];
  549. if (DEBUG && debuglevel > 6) System.out.println("PTw="+intToString(x2)+intToString(x3)+intToString(x0)+intToString(x1));
  550. byte[] result = new byte[] {
  551. (byte) x0, (byte)(x0 >>> 8), (byte)(x0 >>> 16), (byte)(x0 >>> 24),
  552. (byte) x1, (byte)(x1 >>> 8), (byte)(x1 >>> 16), (byte)(x1 >>> 24),
  553. (byte) x2, (byte)(x2 >>> 8), (byte)(x2 >>> 16), (byte)(x2 >>> 24),
  554. (byte) x3, (byte)(x3 >>> 8), (byte)(x3 >>> 16), (byte)(x3 >>> 24),
  555. };
  556. if (DEBUG && debuglevel > 6) {
  557. System.out.println("PT="+toString(result));
  558. System.out.println();
  559. }
  560. if (DEBUG) trace(OUT, "blockDecrypt()");
  561. return result;
  562. }
  563. /** A basic symmetric encryption/decryption test. */
  564. public static boolean self_test() { return self_test(BLOCK_SIZE); }
  565. // own methods
  566. //...........................................................................
  567. private static final int b0( int x ) { return x & 0xFF; }
  568. private static final int b1( int x ) { return (x >>> 8) & 0xFF; }
  569. private static final int b2( int x ) { return (x >>> 16) & 0xFF; }
  570. private static final int b3( int x ) { return (x >>> 24) & 0xFF; }
  571. /**
  572. * Use (12, 8) Reed-Solomon code over GF(256) to produce a key S-box
  573. * 32-bit entity from two key material 32-bit entities.
  574. *
  575. * @param k0 1st 32-bit entity.
  576. * @param k1 2nd 32-bit entity.
  577. * @return Remainder polynomial generated using RS code
  578. */
  579. private static final int RS_MDS_Encode( int k0, int k1) {
  580. int r = k1;
  581. for (int i = 0; i < 4; i++) // shift 1 byte at a time
  582. r = RS_rem( r );
  583. r ^= k0;
  584. for (int i = 0; i < 4; i++)
  585. r = RS_rem( r );
  586. return r;
  587. }
  588. /*
  589. * Reed-Solomon code parameters: (12, 8) reversible code:<p>
  590. * <pre>
  591. * g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1
  592. * </pre>
  593. * where a = primitive root of field generator 0x14D
  594. */
  595. private static final int RS_rem( int x ) {
  596. int b = (x >>> 24) & 0xFF;
  597. int g2 = ((b << 1) ^ ( (b & 0x80) != 0 ? RS_GF_FDBK : 0 )) & 0xFF;
  598. int g3 = (b >>> 1) ^ ( (b & 0x01) != 0 ? (RS_GF_FDBK >>> 1) : 0 ) ^ g2 ;
  599. int result = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b;
  600. return result;
  601. }
  602. private static final int F32( int k64Cnt, int x, int[] k32 ) {
  603. int b0 = b0(x);
  604. int b1 = b1(x);
  605. int b2 = b2(x);
  606. int b3 = b3(x);
  607. int k0 = k32[0];
  608. int k1 = k32[1];
  609. int k2 = k32[2];
  610. int k3 = k32[3];
  611. int result = 0;
  612. switch (k64Cnt & 3) {
  613. case 1:
  614. result =
  615. MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)] ^
  616. MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)] ^
  617. MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)] ^
  618. MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)];
  619. break;
  620. case 0: // same as 4
  621. b0 = (P[P_04][b0] & 0xFF) ^ b0(k3);
  622. b1 = (P[P_14][b1] & 0xFF) ^ b1(k3);
  623. b2 = (P[P_24][b2] & 0xFF) ^ b2(k3);
  624. b3 = (P[P_34][b3] & 0xFF) ^ b3(k3);
  625. case 3:
  626. b0 = (P[P_03][b0] & 0xFF) ^ b0(k2);
  627. b1 = (P[P_13][b1] & 0xFF) ^ b1(k2);
  628. b2 = (P[P_23][b2] & 0xFF) ^ b2(k2);
  629. b3 = (P[P_33][b3] & 0xFF) ^ b3(k2);
  630. case 2: // 128-bit keys (optimize for this case)
  631. result =
  632. MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) ^ b0(k0)] ^
  633. MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) ^ b1(k0)] ^
  634. MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) ^ b2(k0)] ^
  635. MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) ^ b3(k1)] & 0xFF) ^ b3(k0)];
  636. break;
  637. }
  638. return result;
  639. }
  640. private static final int Fe32( int[] sBox, int x, int R ) {
  641. return sBox[ 2*_b(x, R ) ] ^
  642. sBox[ 2*_b(x, R+1) + 1] ^
  643. sBox[0x200 + 2*_b(x, R+2) ] ^
  644. sBox[0x200 + 2*_b(x, R+3) + 1];
  645. }
  646. private static final int _b( int x, int N) {
  647. int result = 0;
  648. switch (N%4) {
  649. case 0: result = b0(x); break;
  650. case 1: result = b1(x); break;
  651. case 2: result = b2(x); break;
  652. case 3: result = b3(x); break;
  653. }
  654. return result;
  655. }
  656.  
  657. /** @return The length in bytes of the Algorithm input block. */
  658. public static int blockSize() { return BLOCK_SIZE; }
  659. /** A basic symmetric encryption/decryption test for a given key size. */
  660. private static boolean self_test (int keysize) {
  661. if (DEBUG) trace(IN, "self_test("+keysize+")");
  662. boolean ok = false;
  663. try {
  664. byte[] kb = new byte[keysize];
  665. byte[] pt = new byte[BLOCK_SIZE];
  666. int i;
  667. for (i = 0; i < keysize; i++)
  668. kb[i] = (byte) i;
  669. for (i = 0; i < BLOCK_SIZE; i++)
  670. pt[i] = (byte) i;
  671. if (DEBUG && debuglevel > 6) {
  672. System.out.println("==========");
  673. System.out.println();
  674. System.out.println("KEYSIZE="+(8*keysize));
  675. System.out.println("KEY="+toString(kb));
  676. System.out.println();
  677. }
  678. Object key = makeKey(kb);
  679. if (DEBUG && debuglevel > 6) {
  680. System.out.println("Intermediate Ciphertext Values (Encryption)");
  681. System.out.println();
  682. }
  683. byte[] ct = blockEncrypt(pt, 0, key);
  684. if (DEBUG && debuglevel > 6) {
  685. System.out.println("Intermediate Plaintext Values (Decryption)");
  686. System.out.println();
  687. }
  688. byte[] cpt = blockDecrypt(ct, 0, key);
  689. ok = areEqual(pt, cpt);
  690. if (!ok)
  691. throw new RuntimeException("Symmetric operation failed");
  692. } catch (Exception x) {
  693. if (DEBUG && debuglevel > 0) {
  694. debug("Exception encountered during self-test: " + x.getMessage());
  695. x.printStackTrace();
  696. }
  697. }
  698. if (DEBUG && debuglevel > 0) debug("Self-test OK? " + ok);
  699. if (DEBUG) trace(OUT, "self_test()");
  700. return ok;
  701. }
  702. // utility static methods (from cryptix.util.core ArrayUtil and Hex classes)
  703. //...........................................................................
  704.  
  705. /** @return True iff the arrays have identical contents. */
  706. private static boolean areEqual (byte[] a, byte[] b) {
  707. int aLength = a.length;
  708. if (aLength != b.length)
  709. return false;
  710. for (int i = 0; i < aLength; i++)
  711. if (a[i] != b[i])
  712. return false;
  713. return true;
  714. }
  715. /**
  716. * Returns a string of 8 hexadecimal digits (most significant
  717. * digit first) corresponding to the integer <i>n</i>, which is
  718. * treated as unsigned.
  719. */
  720. private static String intToString (int n) {
  721. char[] buf = new char[8];
  722. for (int i = 7; i >= 0; i--) {
  723. buf[i] = HEX_DIGITS[n & 0x0F];
  724. n >>>= 4;
  725. }
  726. return new String(buf);
  727. }
  728. /**
  729. * Returns a string of hexadecimal digits from a byte array. Each
  730. * byte is converted to 2 hex symbols.
  731. */
  732. private static String toString (byte[] ba) {
  733. return toString(ba, 0, ba.length);
  734. }
  735. private static String toString (byte[] ba, int offset, int length) {
  736. char[] buf = new char[length * 2];
  737. for (int i = offset, j = 0, k; i < offset+length; ) {
  738. k = ba[i++];
  739. buf[j++] = HEX_DIGITS[(k >>> 4) & 0x0F];
  740. buf[j++] = HEX_DIGITS[ k & 0x0F];
  741. }
  742. return new String(buf);
  743. }
  744. // main(): use to generate the Intermediate Values KAT
  745. //...........................................................................
  746. public static void main (String[] args) {
  747.  
  748. //self_test(16);
  749. // self_test(24);
  750. self_test(32);
  751. }
  752. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!